- Update from version 10.0.4 to 10.0.6
- Update of rootfile not required.
- In version 10.0.4 a bug was found
https://github.com/NetworkConfiguration/dhcpcd/issues/260
which was fixed in version 10.0.5. From the community forum it looks like some people
have experienced this issue with the update to 10.0.4 in CU182
https://community.ipfire.org/t/core-update-182-aarch64-red0-interface-stops/10827
- According to the dhcpcd issue report this problem can affect both x86_64 and aarch64
but it seems to affect aarch64 systems much more often and the reports in the community
forum are related to aarch64.
- This patch updates to version 10.0.6 because that is the current latest version and
includes the fix commits for the above issue that were built into 10.0.5
- Changelog
10.0.6
privsep: Stop proxying stderr to console and fix some detachment issues
non-privsep: Fix launcher hangup
DHCP6: Allow the invalid interface name - to mean don't assign an address
from a delegated prefix
DHCP6: Load the configuration for the interface being activated from prefix
delegation
10.0.5
DHCP: re-enter DISCOVER phase if server doesn't reply to our REQUEST
privsep: Allow __NR_dup3 syscall as some libc's use that instead of the dup2
dhcpcd uses
dev: Fix an issue where not opening the dev plugin folder if configured
returned the wrong fd
privsep: Harden the launcher process detecting daemonisation.
compat: arc4random uses explicit_bzero if available
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 10.0.2 to 10.0.4
- Update of rootfile not required
- Two patches removed as the fixes have been included in the source tarball
- Changelog
10.0.4
privsep: allow __NR_mmap2 call by @olegartys in #253
privsep: allow __NR_clock_gettime32 syscall by @olegartys in #254
compat/arc4random.c: use memset instead of explicit_bzero by
@ffontaine in #252
privsep: avoid SIGPIPE errors when scripts write to stderr/stdout after
dhcpcd is daemonised
10.0.3
Do not crash on dhcpcd test run by @pemensik in #231
Add automated CI builds for Ubuntu, OpenBSD, FreeBSD and NetBSD by
@tobhe in #229
dhcpcd: Fix off-by-one overflow when read() writes full BUFSIZ by
@tobhe in #236
privsep: fix strlcpy overflow in psp_ifname by @tobhe in #239
ci: execute tests after successful build by @tobhe in #243
compat: update arc4random() to newer chacha20 based version from OpenBSD by
@tobhe in #227
Support libcrypto for hmac and sha256 by @tobhe in #223
Use a local variable instead of the optind by @gotthardp in #86
Send correct amount of used buffer for prefix exclude option by
@ctomahogh in #250
compat: use OpenSSL RAND_priv_bytes() for entropy by @tobhe in #248
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from version 10.0.1 to 10.0.2
- Update of rootfile not required
- Changelog
10.0.2
Major changes listed as:-
chore: Link to GitHub for the updated commit log by @frazar in #203
Additional DHCP options by @rrobgill in #214
risc-v fix vendor error by @Im-0xea in #213
compat sync by @tobhe in #226
Commit list can be seen at
https://github.com/NetworkConfiguration/dhcpcd/compare/v10.0.1...v10.0.2
This includes two bug fixes for two situations causing segfaults
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Historically, the MD5 checksums in our LFS files serve as a protection
against broken downloads, or accidentally corrupted source files.
While the sources are nowadays downloaded via HTTPS, it make sense to
beef up integrity protection for them, since transparently intercepting
TLS is believed to be feasible for more powerful actors, and the state
of the public PKI ecosystem is clearly not helping.
Therefore, this patch switches from MD5 to BLAKE2, updating all LFS
files as well as make.sh to deal with this checksum algorithm. BLAKE2 is
notably faster (and more secure) than SHA2, so the performance penalty
introduced by this patch is negligible, if noticeable at all.
In preparation of this patch, the toolchain files currently used have
been supplied with BLAKE2 checksums as well on
https://source.ipfire.org/.
Cc: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Acked-by: Michael Tremer <michael.tremeripfire.org>
This reverts commit d96d979e2a.
Arne requested to revert this commit as well since dhcpcd still does not
run without any problems on i586 systems.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
For details (9.1.2 => 9.1.3 => 9.1.4) see:
https://roy.marples.name/blog/dhcpcd-9-1-3-released.html
"configure: Fix fallout with disabling embedded config
inet6: Add support for reporting Mobile IPv6 RA's
inet6: Report RA Proxy flag if set
BSD: Allow non NetBSD and OpenBSD to set IN6_IFF_AUTOCONF
privsep: Don't handle any signals meant for the main process
eloop: Try and survive a signal storm
configure: add --with-eghook=foo
dhcpcd: Add an option to poll the interface carrier state
script: Make visible some link level parameters to lease dumping
Linux: ignore unsupported interfaces by default, such as sit0
Linux: support aarch64 for reading cpu info
Linux: keep the generic netlink socket around to get ssid with privsep
Linux: restore fix when no address is returned by getifaddrs(3)
inet6: Don't regen temp addresses we didn't add
privsep: Don't limit file writes if logging to a file
DHCP6: Fix lease timings with nodelay option"
https://roy.marples.name/blog/dhcpcd-9-1-4-released.html
"Fix SMALL builds
Ensure DBDIR exists at startup"
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
For details see:
https://roy.marples.name/blog/dhcpcd-9-1-2-released.html
"Fix installing dhcpcd-definitions.conf rather than embedding it
NetBSD: free ARP state once IPv4LL address announced
Linux: fix compile for older distros
udev: disable plugin for non Linux OS's
BSD: Mark RA dervied addresses as AUTOCONF on NetBSD-current
BSD: Only mark static routes from dhcpcd.conf as static
DHCP6: Ensure requested addresses are requested
DHCP6: Fix prefix length calculation when no prefix specified
privsep: Implement a resource limited sandbox [1]
privsep: Remove inet and dns pledges from master process
privsep: call getifaddrs when the BSD lacks SIOCGIFALIAS
privsep: free getifaddrs the right way if from privsep or not
[1] You will see a control proxy process now. This is for the resource
limited sandbox so that we can isolate requests over the control socket.
For NetBSD, FreeBSD and derivatives such as DragonFlyBSD this is
a massive win as these OS now enjoy a similar level of protection
as Capsicum or Pledge, but without the syscall filtering."
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
For details see:
https://roy.marples.name/archives/dhcpcd-discuss/0002941.html
"* Control sockets are not opened in test mode
* privsep: no longer aborts if protocol not available
* inet6: Don't regen temporary addresses without a state
* inet6: Reduce RA log spam
* dhcp6: Don't log when things consitently fail
* inet6: Add temporary directive to slaac option [1]
* Ensure current interface flags persist when setting a flag
* DHCP via BPF is now aligned correctly
* CMSG buffers are now aligned correctly
* hostnames are no longer clobbered when being forced and a RA is recieved"
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
For details see:
https://roy.marples.name/blog/dhcpcd-8-1-0-released
"DragonFlyBSD: Improved rc.d handling
Fix carrier status after a route socket overflow
Allow domain spaced options
DHCP: Allow not sending Force Renew Nonce or Reconf Accept
IPv4LL: Now passes Apple Bonjour test versions 1.4 and 1.5
ARP: Fix a typo and remove pragma (thus working with old gcc)
DHCP6: Fix a cosmetic issue with infinite leases
DHCP6: SLA 0 and Prefix Len 0 will now add a delegated /64 address
Ignore some virtual interfaces such as Tap and Bridge by default
BPF: Move validation logic out of BPF and back into dhcpcd"
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
For details see:
https://roy.marples.name/blog/dhcpcd-8-0-6-released
"inet6: Fix default route not being installed
DHCP: If root fs is network mounted, enable last lease extend
man: Fix lint errors.
BSD: avoid RTF_WASCLONED routes
DHCP: Give a better message when packet validation fails
DHCP: Ensure we have enough data to checksum IP and UDP
The last change fixes a potential DoS attack introduced in dhcpcd-8.0.3
when the checksuming code was changed to accomodate variable length
IP headers. The commit says since 7.2.0, but I've now decided that's not
the case."
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
https://roy.marples.name/blog/dhcpcd-8-0-3-released
"DHCP: Work with IP headers with options
script: Assert that env string are correctly terminated
script: Terminate env strings with no value
script: Don't attempt to use an invalid env string
route: Fix NULL deference error when using static routes
ARP: Respect IFF_NOARP
DHCP: Add support for ARPHRD_NONE interfaces
DHCP: Allow full DHCP support for PtP interfaces, but not by default
DragonFlyBSD: 500704 announces IPv6 address flag changes
control: sends correct buffer to listeners"
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
For details see:
https://roy.marples.name/
"NetBSD: Can be build without ARP support but listen to kernel DaD
ND6: Removed NA support from SMALL builds
ND6: Remove and warn about NA issues on OS's other than NetBSD and Linux
script: /tmp files are now cleaned up for systems without open_memstream(3)
configure: open_memstream(3) detected on recent glibc
DHCP: Avoid duplicate read of UDP socket when BPF is also open
IP: Avoid adding address if already exists on OS other than Linux
IP6: Avoid adding address is already exists on Solaris
route: Fixed a NULL de-reference error on statically configured routes
DHCP6: Move to REQUEST when any IA has error no-binding in RENEW/REBIND
DragonFlyBSD: Now compiles and works for
IP: Accept packets with IP header options"
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
For details see:
https://roy.marples.name/blog/dhcpcd-7-1-1-released
"A minor update, highlights include:
IPv4LL: Fixed build with this disabled
IPv4LL: Remember last address between carrier resets
BSD: Fixed initial link infos reported as LINK_STATE_UNKNOWN
FreeBSD: Avoid panicing kernel when RTA_IFP is set for IPv6 prefix routes"
Best,
Matthias
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
For some informations about this update see:
https://roy.marples.name/blog/dhcpcd-7-1-0-released
"dhcpcd-7.1.0 has been released with the following changes:
- OpenBSD: works alongside slaacd(8)
- NetBSD: sets SO_RERROR on to detect receive socket overflow
- BSD: route improvements to avoid listening for own changes
- Linux: use NETLINK_BROADCAST_ERROR
- BSD: avoid late address deletion messages by testing address existance
- IP6: implement IP6 address sharing
- BSD: catch UP/DOWN events when interfaces does support media changes
- IPv4LL: remember old address when carrier is lost
Many other minor fixes and documenation updates have been submitted by various
community members for this release..."
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Most of these files still used old dates and/or domain names for contact
mail addresses. This is now replaced by an up-to-date copyright line.
Just some housekeeping... :-)
Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Normally 576 is the smallest valid mtu but some cable provider set this
also if they support much higher mtu's. Fedora does not accept
this to prevent speed problems with such isp connections so we do the same.
If you really need mtu=576 you can still force at at the setup.
