From 5136d32b73d1aca8a8be6777b0accef3ce370b11 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Nov 02 2021 19:32:29 +0000 Subject: import dnsmasq-2.85-2.el9 --- diff --git a/.dnsmasq.metadata b/.dnsmasq.metadata new file mode 100644 index 0000000..32e2f4f --- /dev/null +++ b/.dnsmasq.metadata @@ -0,0 +1 @@ +256ec628587ab2b20bba3fc2773046dab8f2874c SOURCES/dnsmasq-2.85.tar.xz diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..102106a --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/dnsmasq-2.85.tar.xz diff --git a/SOURCES/dnsmasq-2.77-underflow.patch b/SOURCES/dnsmasq-2.77-underflow.patch new file mode 100644 index 0000000..2a04039 --- /dev/null +++ b/SOURCES/dnsmasq-2.77-underflow.patch @@ -0,0 +1,64 @@ +From 684bede049a006a0a47ce88f017ada9f73bf4430 Mon Sep 17 00:00:00 2001 +From: Doran Moppert +Date: Tue, 26 Sep 2017 14:48:20 +0930 +Subject: [PATCH] google patch hand-applied + +--- + src/edns0.c | 10 +++++----- + src/forward.c | 4 ++++ + src/rfc1035.c | 3 +++ + 3 files changed, 12 insertions(+), 5 deletions(-) + +diff --git a/src/edns0.c b/src/edns0.c +index d75d3cc..7d8cf7f 100644 +--- a/src/edns0.c ++++ b/src/edns0.c +@@ -212,11 +212,11 @@ size_t add_pseudoheader(struct dns_header *header, size_t plen, unsigned char *l + /* Copy back any options */ + if (buff) + { +- if (p + rdlen > limit) +- { +- free(buff); +- return plen; /* Too big */ +- } ++ if (p + rdlen > limit) ++ { ++ free(buff); ++ return plen; /* Too big */ ++ } + memcpy(p, buff, rdlen); + free(buff); + p += rdlen; +diff --git a/src/forward.c b/src/forward.c +index ed9c8f6..77059ed 100644 +--- a/src/forward.c ++++ b/src/forward.c +@@ -1542,6 +1542,10 @@ void receive_query(struct listener *listen, time_t now) + udp_size = PACKETSZ; /* Sanity check - can't reduce below default. RFC 6891 6.2.3 */ + } + ++ // Make sure the udp size is not smaller than the incoming message so that we ++ // do not underflow ++ if (udp_size < n) udp_size = n; ++ + #ifdef HAVE_AUTH + if (auth_dns) + { +diff --git a/src/rfc1035.c b/src/rfc1035.c +index f1edc45..15041cc 100644 +--- a/src/rfc1035.c ++++ b/src/rfc1035.c +@@ -1326,6 +1326,9 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen, + size_t len; + int rd_bit = (header->hb3 & HB3_RD); + ++ // Make sure we do not underflow here too. ++ if (qlen > (limit - ((char *)header))) return 0; ++ + /* never answer queries with RD unset, to avoid cache snooping. */ + if (ntohs(header->ancount) != 0 || + ntohs(header->nscount) != 0 || +-- +2.21.1 + diff --git a/SOURCES/dnsmasq-2.78-fips.patch b/SOURCES/dnsmasq-2.78-fips.patch new file mode 100644 index 0000000..1b77981 --- /dev/null +++ b/SOURCES/dnsmasq-2.78-fips.patch @@ -0,0 +1,37 @@ +From 7b1cce1d0bdb61c09946978d4bdeb05a3cd4202a Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= +Date: Fri, 2 Mar 2018 13:17:04 +0100 +Subject: [PATCH] Print warning on FIPS machine with dnssec enabled. Dnsmasq + has no proper FIPS 140-2 compliant implementation. + +--- + src/dnsmasq.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/src/dnsmasq.c b/src/dnsmasq.c +index 480c5f9..5fd229e 100644 +--- a/src/dnsmasq.c ++++ b/src/dnsmasq.c +@@ -187,6 +187,7 @@ int main (int argc, char **argv) + + if (daemon->cachesize < CACHESIZ) + die(_("cannot reduce cache size from default when DNSSEC enabled"), NULL, EC_BADCONF); ++ + #else + die(_("DNSSEC not available: set HAVE_DNSSEC in src/config.h"), NULL, EC_BADCONF); + #endif +@@ -786,7 +787,10 @@ int main (int argc, char **argv) + my_syslog(LOG_INFO, _("DNSSEC validation enabled but all unsigned answers are trusted")); + else + my_syslog(LOG_INFO, _("DNSSEC validation enabled")); +- ++ ++ if (access("/etc/system-fips", F_OK) == 0) ++ my_syslog(LOG_WARNING, _("DNSSEC support is not FIPS 140-2 compliant")); ++ + daemon->dnssec_no_time_check = option_bool(OPT_DNSSEC_TIME); + if (option_bool(OPT_DNSSEC_TIME) && !daemon->back_to_the_future) + my_syslog(LOG_INFO, _("DNSSEC signature timestamps not checked until receipt of SIGINT")); +-- +2.14.4 + diff --git a/SOURCES/dnsmasq-2.81-configuration.patch b/SOURCES/dnsmasq-2.81-configuration.patch new file mode 100644 index 0000000..3b3cadd --- /dev/null +++ b/SOURCES/dnsmasq-2.81-configuration.patch @@ -0,0 +1,92 @@ +From 3a593d133f91c5126105efd03246b3f61f103dd4 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= +Date: Tue, 30 Jun 2020 18:06:29 +0200 +Subject: [PATCH] Modify upstream configuration to safe defaults + +Most important change would be to listen only on localhost. Default +configuration should not listen to request from remote hosts. Match also +user and paths to directories shipped in Fedora. +--- + dnsmasq.conf.example | 24 +++++++++++++++++++----- + 1 file changed, 19 insertions(+), 5 deletions(-) + +diff --git a/dnsmasq.conf.example b/dnsmasq.conf.example +index bf19424..36fba33 100644 +--- a/dnsmasq.conf.example ++++ b/dnsmasq.conf.example +@@ -22,7 +22,7 @@ + + # Uncomment these to enable DNSSEC validation and caching: + # (Requires dnsmasq to be built with DNSSEC option.) +-#conf-file=%%PREFIX%%/share/dnsmasq/trust-anchors.conf ++#conf-file=/usr/share/dnsmasq/trust-anchors.conf + #dnssec + + # Replies which are not DNSSEC signed may be legitimate, because the domain +@@ -96,14 +96,16 @@ + + # If you want dnsmasq to change uid and gid to something other + # than the default, edit the following lines. +-#user= +-#group= ++user=dnsmasq ++group=dnsmasq + + # If you want dnsmasq to listen for DHCP and DNS requests only on + # specified interfaces (and the loopback) give the name of the + # interface (eg eth0) here. + # Repeat the line for more than one interface. + #interface= ++# Listen only on localhost by default ++interface=lo + # Or you can specify which interface _not_ to listen on + #except-interface= + # Or which to listen on by address (remember to include 127.0.0.1 if +@@ -114,6 +116,10 @@ + # disable DHCP and TFTP on it. + #no-dhcp-interface= + ++# Serve DNS and DHCP only to networks directly connected to this machine. ++# Any interface= line will override it. ++#local-service ++ + # On systems which support it, dnsmasq binds the wildcard address, + # even when it is listening on only some interfaces. It then discards + # requests that it shouldn't reply to. This has the advantage of +@@ -121,7 +127,11 @@ + # want dnsmasq to really bind only the interfaces it is listening on, + # uncomment this option. About the only time you may need this is when + # running another nameserver on the same machine. +-#bind-interfaces ++# ++# To listen only on localhost and do not receive packets on other ++# interfaces, bind only to lo device. Comment out to bind on single ++# wildcard socket. ++bind-interfaces + + # If you don't want dnsmasq to read /etc/hosts, uncomment the + # following line. +@@ -535,7 +545,7 @@ + # The DHCP server needs somewhere on disk to keep its lease database. + # This defaults to a sane location, but if you want to change it, use + # the line below. +-#dhcp-leasefile=/var/lib/misc/dnsmasq.leases ++#dhcp-leasefile=/var/lib/dnsmasq/dnsmasq.leases + + # Set the DHCP server to authoritative mode. In this mode it will barge in + # and take over the lease for any client which broadcasts on the network, +@@ -673,7 +683,11 @@ + # Include all files in a directory which end in .conf + #conf-dir=/etc/dnsmasq.d/,*.conf + ++# Include all files in /etc/dnsmasq.d except RPM backup files ++conf-dir=/etc/dnsmasq.d,.rpmnew,.rpmsave,.rpmorig ++ + # If a DHCP client claims that its name is "wpad", ignore that. + # This fixes a security hole. see CERT Vulnerability VU#598349 + #dhcp-name-match=set:wpad-ignore,wpad + #dhcp-ignore-names=tag:wpad-ignore ++ +-- +2.26.2 + diff --git a/SOURCES/dnsmasq-2.85.tar.xz.asc b/SOURCES/dnsmasq-2.85.tar.xz.asc new file mode 100644 index 0000000..a7ff111 --- /dev/null +++ b/SOURCES/dnsmasq-2.85.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEE1urL1u5GuDQkjRESFc3aauGRNaIFAmBuGPsACgkQFc3aauGR +NaIg6A//Xfcu62aItiHf/jTeFHUSqHrdqanDqLRWSpgdeKO2adk+s66p5CqVHC8K +JfxPo6eTUj8uX53Idy5oiwUz4d40iiOjfxHs4Nme0ozyIAHGw/Tfwx7/+NV882vi ++rtqhjF83dRsnqIR95FD17tVI+cR0sq6XKzwBtPicjmPt79sQ2UtkBo7I+IS9B5g +o+i21gGYm34EgY6EavveWfGkKgJLz+cF59h4i16lc1eRGNsy5clURDxiJ65Zz0zb +ZARLudEclbFNdoUu/4idmOUhZCGWrqf9o+rQDYW3vN85saxCPbTChqqy1VC6OBnX +VLN3cAJlk1hS5X0HzewhXkOqulzjg81KWRQ8EYATdOQP7u6apv4q87hnmr+uL9E8 +0VZ3ECyhH7n6qNXfqNS2Fp3Yp0sm1hgRy+6bu/IgVTPs/Ro22HqTiw5YXZQkPMbe +A4acAep59nIV9dEB5DYF1N0S0P6OcVtUsZAFlGS1cD0owFuI44W/lg8w9xA9gyJv +uqZvZqkQDM8bi9zJ2d7fjf65pjS+7S9ISxDoPHp34lLMB7D/rAuW8GVBkL1KxMWb +sRHIBDKM01CXZeRBlbxAYHlH7s2QehRk/t57ksTmPtT3IAVMSajEG0+1YElUGg8s +2gqLtCLdmB6Lwl4RFripSERvPzYOAsd8DiqDL9wYOECBStUGuEw= +=W3WM +-----END PGP SIGNATURE----- diff --git a/SOURCES/dnsmasq-systemd-sysusers.conf b/SOURCES/dnsmasq-systemd-sysusers.conf new file mode 100644 index 0000000..2106ae5 --- /dev/null +++ b/SOURCES/dnsmasq-systemd-sysusers.conf @@ -0,0 +1 @@ +u dnsmasq - "Dnsmasq DHCP and DNS server" /var/lib/dnsmasq diff --git a/SOURCES/dnsmasq.service b/SOURCES/dnsmasq.service new file mode 100644 index 0000000..08faf75 --- /dev/null +++ b/SOURCES/dnsmasq.service @@ -0,0 +1,11 @@ +[Unit] +Description=DNS caching server. +After=network.target + +[Service] +ExecStart=/usr/sbin/dnsmasq +Type=forking +PIDFile=/run/dnsmasq.pid + +[Install] +WantedBy=multi-user.target diff --git a/SOURCES/srkgpg.txt b/SOURCES/srkgpg.txt new file mode 100644 index 0000000..be1f1f2 --- /dev/null +++ b/SOURCES/srkgpg.txt @@ -0,0 +1,117 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v2.0.22 (GNU/Linux) + +mQINBFMbjUMBEACsU1Xk8+uu/EsGVJTh9Tn31C2e0ycd0voBVT7cTdtXpzeiNR+o +/zUAi95ds7FiecpZJp1nRO4vNzvaaAPZhFsFVLzZYyIVABgTXsskT88xbZvzb4W5 +KKRWVhoTQxVDgj1+dXLUXULTB6rg02WEhqnix/qf/zFdM9I4/3pRHJn9k+3XKygR +on+nYtljfn3AKBelCo1y28istC6wCncoH11b/qdQtlfxVXaJY4HF27V0MqFFmDMg +cuhOHR7DnhymeDh7GmLfTHJ4LUFG+TecqCjiYhyWcuv2wuSb0EPXUKHJQVViQ8qg +KyPm1ly6uFP0CYdVavO7/oJwKFBIChECrj7BQ4GsImMHeuSzfWno7qy6Fxoxx2+g +0F9cdXWvcxFDGPQsL5vXp8KYNwBrzmijRzQ2ZAnrbG+ilFCkJCbxXcrhzpd4tKwE +0dgcyPL1Ma/lrznhL4ZuOzjVMgLNne7WiPpBNRqI1GoT0pUn6as4pU3En8B+K7zy +MLVfHvI1+iH45fP5bZwYSbXCa85v4+xqljYrzs9giaROEsXe/tsXvuc6JPCcmJXk +CUO3c3QVxqDFt9OYuTHIR8hqehDPLgFgzKqVuoAwMkhTf/zZNGlsy4jvKXQNcZ50 +uD4mWO3e+gykNW/OH+88IoCR0rgjQ6trMLOceZFnrtvxwRL//lMndGCTYQARAQAB +tCZTaW1vbiBLZWxsZXkgPHNpbW9uQHRoZWtlbGxleXMub3JnLnVrPokCOgQTAQgA +JAIbAwULCQgHAwUVCgkICwUWAgMBAAIeAQIXgAUCUyDDjgIZAQAKCRAVzdpq4ZE1 +otpmD/49HjUnc/uiYa/pcP5OIBd8lChHlF/NCh4s1RASeKv9cG6WDjnbTdxgcS6t +yESFJOfZ/hZW0WDEmuAh3tcZh1/yghkiMF3zZ+nB0zCFt9y//qKrNYvT7a9o+YGo +TuLANNq0jzzyrlPJemkZ7wvn9WNfRoG+ZUg/IQT0EVBqz6+/lvJSRTnjYXE8Ckay +/RbQ/WkppsuXQXsi08U+5oPT4rWTAGtZu4aEEoxX2MYcHip1f/bUUFzOAB/cn3In +ba+bqisLDCGm3F174NKfu+pk2MO0cauRRYPMoBAHLWDgGZOXoihWBgplcBUEYy1h +SNL7zRVX5AT2Z5Wqa1fVokkSd/T8FF2/0J4PjqFkCvBfCL8BYWzfTSkR/PBwL71P +nFzeOVJ1h1bF5ANXtfArZUI6HGMWpOb56E/YaHXhZ+lzfiM32Mwnc6jDHM3mJnEZ +jOQcsWEz7QgoR5YSPFFY6gmBXk+Y28bsgFvO3w73GjnnSHsmZdlWx9KmQWnMk/LQ ++7PUl7If+eIJ4PAqSEQddBOT/g74Q4NHGu4lvAhgZ47aU18+fYdxvVoe9JyXHsYY +5gPMjiM3RRxiugmm8dlT7RfYKWkJMBbkiyGAeQ6R1RDVztL7nM9N4ttb6nFOVtYK +UDQ1gxtKfrz/+L8Myy3IETC1NZgkuaDlXcdbNF3/oHApl8NK64hGBBARCAAGBQJT +G43BAAoJECj8hpoom4K3QrUAn1VftUxazQQJ/j6HJ/p3Soa60fJyAJ4xLJCBpov9 +duJRuE9rF1OBaMZDeIhGBBARCAAGBQJTIekzAAoJECnhT5k5GzkoyOgAnjreKaWc +cEpEZSZnjlnc7DEnHuS+AJ4+Xq87WVKj9cJ05o8TRSkKxJYlEIkCHAQQAQgABgUC +UyHp8gAKCRAC0CBFCPsO9yHSD/9xYHSECwwneMFAO4nEGHyAQnhvyDzX3RutZeX1 +9pc+qOm5iLUD+1EVx8+AvjTw0337yIHOa5nZI3CpgmBhmj18Q9vEgmtZn6EMXaRE +CvedsRjUSd3Q5+CF0AUbo1JQqZhVUdYLEZYcvfNgEmKl6IoVHwP8moH/cxDFc5Y6 +GdlFAeJylynPdZ3Lb94DEya8VQc2mSG8L6y6ZDW8yf6M8npQG7f1cyJb9lPJJqlH +ZaFnpK2Df1DvOJXB88FQH1qW++w9uIoszdWjDOSGmwOuazO3GMmpfZPJPkH5lXoF +XKN5BO/l/gvEQ1jsmp14VZHJqdcO7HRHksLQLvNDQSi3am4ok2xm3Kn2NryJ1K2Q +mUBGrWu4CtwabgvhoKGxr0GADCQJVlLqRCC+UIp97J0kOsZj8FYjwA3I1U5w8wJi +SUqw8u+8OCCFGm1rS6XQy/wbGDPwZjCZnaNHICSj8zeXE9YkhTf2fMs/S8NLQUPy +u1g3/IoIGNnadETzEmAd02FJncUlUo05yDAcVg/IqwgM8atJQqEWLYE0QHrcqOWi +eaCCJ9+fx2KhxKnRqpKAXSov+M0KYDkIV9OQE+KioGzxdlrN2ZFmbfIKLLYMwH0s +xMkgJjbbhP8KhfxDIUoSky9gUTwwyrpJVjKkXZ6yNFpSo+Mtn8OHL12nLqzyQONT +waerx4hGBBARCAAGBQJTL0SDAAoJEBbi9PX8geFZBbUAnR3I/MdzG4kBtCecwePz +MvKdKS1SAJ9CyGUhzb8coURtMzbIlH9F7jm6L4kCHAQQAQgABgUCUy9EpAAKCRBj +ziC6xJxBSLhYD/9qBBxVex2nxavrMV4Vd0AhYJa5iI148NbqD7EZLnuCDWwi+wrq +nfMi0ToUHlh1Lp36vXd06W8JySHIiAxL0zDpq6tdT65f6iOTRZ6W6xuebxKgqC3k +ZsxcEzceYR1dOCKlRhQAsZ7Q9BJP/ZafSD/NOm2sxdPOneYm8IA4QXwWDVOayrV8 +FOIDBkBLmPhm1BGNErdhCBCYsvqYSN7gFJBNszXciNMJtBmXWNyTsHtNAeKIQuzE +RgYCC2/LuTOIloeI6z6mM7mVZuPsraqRa5iGITvGI4qeQziTp+xqIu8YPQrE67iQ +MqSZZCxv3aheiiJd06l4FFpEYEg5H4FMD9JW4rvnaxLwXc8x1/ZVQQhylughetE9 +j7oPQbA353oyUCCAukd4UiNYtULNCbZzfKdKCFCajnIfIY8IqNGuWvmujKViDAk2 +7bIlKQeyNKExIx8Jkr4WPQBLFmXCkT+jYQMJx/R6SoNwrpa50SofTT+y+43GpSQ5 +5e3Kffky0SZk+O/m7oW7gKPjwzh/UmLsOb9INXJ3gYS/CDT3fwA+UsAA+gXneT3I +ygYqfU8dnk2umV20gIm8q/SQYiyhMM+PZCkKXeHyoeU/SbO72DWKw/ZtZI/1b9xX +ruc1HBKJ/UXNPJRyoHIi4dZ/ARQ/zk839beBMnGm0AsB1y1+leTlrNZM5rQdU2lt +b24gS2VsbGV5IDxzcmtAZGViaWFuLm9yZz6JAjcEEwEIACEFAlMgw3QCGwMFCwkI +BwMFFQoJCAsFFgIDAQACHgECF4AACgkQFc3aauGRNaKhRg//S5G2RYoHNY22ecyG +5hpBr354lqdZiYRHKYCjX29jDIrtZSlC3HCL31ciGOVg666aD5xy54WAPTlx3MFQ +AxgWsqFTkICHj6zFdFduLmI1IffvcxkcEKwi6NK5f5dOxih9EtXcQ1HsoSUWGRmB +Kltvt1wyaiG37A80pjzQso1b6kr5JLdGMrjWx9PnFRKCdUNh5nxIb4HeC5R2Q8oT +FaipSppZwmvA5ocCvhMsyYCyiE6o8QTtzTqj5mGZafIqy18hwB9bA2n2gcEY1fXD +V9ky08J98A3VJqAMDM9Y6KYv+tQNJBIJRDWGmvjR/1J6n1jqO64l7mTcBlT/xfyp +TFfiXVzGN+H3EiEDFpPXKcc4abjiY8IaCu4P8qvKvee/EF7+FUep3R/i3hw0a5th +bZ4of1LfLp6qg7XjCZ3d2MUitxKe/FoFQS/ctkKNwsimOlUl5bIVmaJMMq8FUvLi +6iBgFMy8LCk2ItZ5rA2+5kGalGzwcWDdpq66A+z69f1wFfKDccOpfOJ838zmxCrz +WSxbVnLTaRSV4VobZvwHkAXZGCnDMk68ELfUNFzGClBhNOVPqAHbU74AkSS5bas5 +recjKUz53DZl1aAOWLxFXQlOvxsaZ9wHmvHJAZiKscUGNUBXRK9p78TzQEm5Lxwz +Q6/V1JSkA6o4Xq7qygSARIigjJyIRgQQEQgABgUCUyHpMwAKCRAp4U+ZORs5KI+v +AKC2OnBT8TZ5cnTQwleYshUsxJddkQCgpecrsb8ysVtau7lXBgrA/X/Wef2JAhwE +EAEIAAYFAlMh6fIACgkQAtAgRQj7DvcWsQ//SF+g3zMRYeZ+qNC3m7slibJNCPdM +Cied05owZfN6oHhfBaRDc7nAC6mSdwFF76ird5/bSg2HzR6Tp4hIy/5M5WXFv4jt +m+0KXYKnDjHv1297sSALFoYKlm4K4lnE7T/qJknc/mGlLWfWm5Y5jV/QfV9Zwxvy +kT5Oh5xxzeNiOdvkmV4pCCk+bt15tGD0pII2n/TMPVfDVADLlhrWBrBp7laKyn6Q +5VvI4GiVBnHSiKsGVEaX0yUuDYzGZSU2RLaJG4BPNHqlHqSQYvsyo6QHPpHg0K6v +WWZFpgFOXHlLYMNJ91NS+DX7BqlEib2ndWQqCYzZtgRUJK/Dd6G6r2e60/5CPn6H +CwqQZr1MRdY6vEJS9Lpd5uGIOeQFTEDBZ22pcUAb20cZNdK1J+BgilfVuMvLAs2W +7fANxLtAHsXdNCvlkqr68odMI8C6w3Zd4R6XL4tfoYXl9emOKiN5SiCpK9HHJNxS +AuX6vH3lTyR+/sG1haxntu4Tn1T2zBJRgh2DiKuJLH6hnn7F7pf1fZEUUE/A6VSf +bmp+a6CXfn9mvgnF51QylKkFCauXhV5WsusEtWlNACeJjKXBg+d8LkA6FmJecMbY +ZzBTdcaN5OwLfXRpAkCsODWk2lXJNlhOntmVfa6MLDnll64S/3j+1wnKOHihf+c2 +exRMy5eQCUKwqVSIRgQQEQgABgUCUy9EgwAKCRAW4vT1/IHhWZwLAJwLPSUf/VMW +NUJ1hRwNo+7kpUGLdQCeMzNtz3H0smfUn84CSRBFYIJDIhCJAhwEEAEIAAYFAlMv +RKoACgkQY84gusScQUiSfxAAuNSMXCUGs02xdJvnQRc10HkJxm/wg7YngVa4WZfd +eqyP2tQOjTdf65OMSIOCIrfpWHPDscJfsP3fjbHojFfx81iJnFmOdxx9aqB9KD15 +FD4Whgq+Eyk8TiPZUEHiVU9RR8N6T/7mIe+lVNJ6GZ1iSk29D1g6+oM56Gox2d3y +0c8FnCK1Ts6D1peRiIiMq+gjGccdVJyim/yZI3WqzHvul//WmdEFzwgXqh03wbx3 +iQS2zXdvwgyB+gBbVpk+6axOIbYupAvTNXYQV9Hz4imWoDFlXGdYzCMzb6QyH46R +NgfElAb8UcCknQjLwnawAjXPEHgrH6yaruYR9H1LBLxYIHA4oBYQCUxmn4ArDLOF +6kZ68eM8efBxVu4uAtklil9X8NUynhyI9DDWJoQET52ekojtOr31NCXHCtUmTkYb +PEwJxAORMBf3JEPlz2brGRgcSbacJG5RE4Qw2hfKJTOQTiNk4DpLwYrChLK8Ctmn +RS7jAZth3U2W7Fqc7OFfKs3zuo/2RRRCG3fjOVX7aIOp4Cnobvk0NxXDhEtUpMeP +0o7qPW8OdxrFyQ3YCoxu94ix1S6da3m143OujdmlM0Gs7Acyeq4bN3FokLzrMxci +oO6swXzgh9RGCzMkRrBztWgEpXQf8PbcBliF+sDV2aYerGBN9qmbN9FX30IKGaWn +QsK5Ag0EUyDDoQEQAMfQfa2tw3+OJFGMQEzLJSoXYN8/HnZEgKNlcMuYzhheQLgu +/MfcQJ7mnCIdn6xdPaalfLmYx63tM47/NGEM1+MSEvovPiRG0OLxzSgwei9DiGeN +EgsPTLXSZ5EVSXCM1+e9mT1ExT9aGLNnpCd6kIyWIcKCVMot+XC70R9prWLeyKSh +0FAZ0Pwv9i23osJVGOtJjND+WZ0uCeN29ocfN0b64yF4nPRc9IbcmYIDgNU3RybK +2Z/dupbthTisRjHRI3iX3/tiymXF3J0sSvsCluWIJWmyltS3Xyk/wfKVJz6OouiJ +jTj5utXVnCGptCDw+DCcj89vx1N0+0Dhm1cQcNZvXjMbVDTsuU+eVpJbxU6y8N+n +XpAXjEw4jMi3zNpqKtkyv2YpoqY5HhGLybgrY0zwSQOyMNf9lZ5J7znq5gEmiMXn +G9OPEw7PPSvm6QfbHPY/jAOgxsu7Fme7k303D5KkyGkkbzQiYyEtMZvbOMH/uECi +2uHGB72qiGpEYjMtHhihaRCBl+0bY8sH83He690qNQHSdStjaKXcecduE/v5iO0m +OYIHdsEHhKlWsE1GXXVLofBr68UBhYV6/AGXko4Pr+dXLzauN4kALDx6WltFu3qU +voD+uEoLq7IXULMo5Pyd7bO4qGQMKykaXTb5o6dqdu4GzWIUw1fr9kLEmo29ABEB +AAGJAh8EGAEIAAkFAlMgw6ECGwwACgkQFc3aauGRNaIjqA/+PXuaM6JHuudLycmB +0iKAwyB5csOFGpF3b9FgMR68TC4jzi5J5hJZASl0cO/e0ytQsrDUBbH74y+WaA4l +dwBVYr0j/2hqzIjrnGMtgWeHFPLV3sKw8DGuNx1/cOoljJXzi1WWSHIwDvaj3uZ9 +CwHt+4/abR7kdvMcnFhQVA4zuzZWFqpp+CDkkJNVwB9zxtAQwGTGF4cQ0IvTkhCo +6DQhZZVTeyn+nBKxzzWijniWc0LyRsum03MxZ6E7UVIInCTjdXTalnO8wColwIx5 +FV4nTMxdsKKgnIXmLexBdd03bW9TkowWf2C2XfDN+pDS8X3MzO6zAyogqJhAiBFj +nRzkOw0cw1VTL00o8uiWdMeu7OKOKeQbUilMAn4MweKB57mc582kjeGmwdZgWFA4 +BJ2eiH7HwjxiynwMdZwQEBdOTNLbggHk3/mScF8U1KcJhjAFf7Ne+Z0feG/8GgKl +5aj3ucl821+dfpzB79lLo+kmd1qkDyDiUR5yN6P8l8k6IAUJz2KUe0BjtO6VFFw0 +xni05dkrXdfo7IO79ictHmEn+g3QO8ZLUGRwdtZ1cMhTkm7FhH8Bdby0y4Soqluv +Hbri++cC91i1I3a92kHi/8O45rnLhVt+sOfxY1QnSIYh5OFwGMqMCNDTEL7ESiFa +FhSXkmzzVntlyvOBMlgz3IGh2hA= +=TM0e +-----END PGP PUBLIC KEY BLOCK----- diff --git a/SPECS/dnsmasq.spec b/SPECS/dnsmasq.spec new file mode 100644 index 0000000..ea86868 --- /dev/null +++ b/SPECS/dnsmasq.spec @@ -0,0 +1,710 @@ +%define testrelease 0 +%define releasecandidate 0 +%if 0%{testrelease} + %define extrapath test-releases/ + %define extraversion test%{testrelease} +%endif +%if 0%{releasecandidate} + %define extrapath release-candidates/ + %define extraversion rc%{releasecandidate} +%endif + +%define _hardened_build 1 +# path to upstream git repository +%global git_upstream git://thekelleys.org.uk/dnsmasq.git +# tag of selected version +%global gittag v%{version}%{?extraversion} + +# Attempt to prepare source-git with downstream repos +%bcond_with sourcegit + +Name: dnsmasq +Version: 2.85 +Release: 2%{?extraversion:.%{extraversion}}%{?dist} +Summary: A lightweight DHCP/caching DNS server + +License: GPLv2 or GPLv3 +URL: http://www.thekelleys.org.uk/dnsmasq/ +Source0: %{url}%{?extrapath}%{name}-%{version}%{?extraversion}.tar.xz +Source1: %{name}.service +Source2: dnsmasq-systemd-sysusers.conf +Source3: %{url}%{?extrapath}%{name}-%{version}%{?extraversion}.tar.xz.asc +# GPG public key +%if 0%{?testrelease} || 0%{?releasecandidate} +Source4: %{url}%{?extrapath}test-release-public-key +%else +Source4: http://www.thekelleys.org.uk/srkgpg.txt +%endif + +# https://bugzilla.redhat.com/show_bug.cgi?id=1495409 +Patch1: dnsmasq-2.77-underflow.patch +# https://bugzilla.redhat.com/show_bug.cgi?id=1852373 +Patch2: dnsmasq-2.81-configuration.patch +Patch3: dnsmasq-2.78-fips.patch + +# This is workaround to nettle bug #1549190 +# https://bugzilla.redhat.com/show_bug.cgi?id=1549190 +Requires: nettle >= 3.4 + +BuildRequires: dbus-devel +BuildRequires: pkgconfig +BuildRequires: libidn2-devel +BuildRequires: nettle-devel +Buildrequires: gcc +BuildRequires: gnupg2 + +BuildRequires: systemd +BuildRequires: systemd-rpm-macros +%{?systemd_requires} +%if %{with sourcegit} +BuildRequires: git-core +%endif +BuildRequires: make + +%description +Dnsmasq is lightweight, easy to configure DNS forwarder and DHCP server. +It is designed to provide DNS and, optionally, DHCP, to a small network. +It can serve the names of local machines which are not in the global +DNS. The DHCP server integrates with the DNS server and allows machines +with DHCP-allocated addresses to appear in the DNS with names configured +either in each host or in a central configuration file. Dnsmasq supports +static and dynamic DHCP leases and BOOTP for network booting of diskless +machines. + +%package utils +Summary: Utilities for manipulating DHCP server leases + +%description utils +Utilities that use the standard DHCP protocol to query/remove a DHCP +server's leases. + + +%prep +%if 0%{?fedora} +%gpgverify -k 4 -s 3 -d 0 +%endif +%if %{with sourcegit} +%autosetup -n %{name}-%{version}%{?extraversion} -N -S git_am +# If preparing with sourcegit, drop again source directory +# and clone git repository +# FIXME: deleting just unpacked sources is dangerous +# But using %%setup changes used directories in %%build and %%install +rm -rf %{_builddir}/%{name}-%{version}%{?extraversion} +cd %{_builddir} +git clone -b %{gittag} %{git_upstream} %{name}-%{version}%{?extraversion} +cd %{name}-%{version}%{?extraversion} +git checkout -b rpmbuild +%else +%autosetup -n %{name}-%{version}%{?extraversion} -N +%endif +# Apply patches on top +%autopatch -p1 + +# use /var/lib/dnsmasq instead of /var/lib/misc +for file in dnsmasq.conf.example man/dnsmasq.8 man/es/dnsmasq.8 src/config.h; do + sed -i 's|/var/lib/misc/dnsmasq.leases|/var/lib/dnsmasq/dnsmasq.leases|g' "$file" +done + +#set default user /group in src/config.h +sed -i 's|#define CHUSER "nobody"|#define CHUSER "dnsmasq"|' src/config.h +sed -i 's|#define CHGRP "dip"|#define CHGRP "dnsmasq"|' src/config.h +sed -i "s|\(#\s*define RUNFILE\) \"/var/run/dnsmasq.pid\"|\1 \"%{_rundir}/dnsmasq.pid\"|" src/config.h + +# optional parts +sed -i 's|^COPTS[[:space:]]*=|\0 -DHAVE_DBUS -DHAVE_LIBIDN2 -DHAVE_DNSSEC|' Makefile + +%build +%make_build CFLAGS="$RPM_OPT_FLAGS" LDFLAGS="$RPM_LD_FLAGS" +%make_build -C contrib/lease-tools CFLAGS="$RPM_OPT_FLAGS" LDFLAGS="$RPM_LD_FLAGS" + + +%install +# normally i'd do 'make install'...it's a bit messy, though +mkdir -p $RPM_BUILD_ROOT%{_sbindir} \ + $RPM_BUILD_ROOT%{_mandir}/man8 \ + $RPM_BUILD_ROOT%{_var}/lib/dnsmasq \ + $RPM_BUILD_ROOT%{_sysconfdir}/dnsmasq.d \ + $RPM_BUILD_ROOT%{_sysconfdir}/dbus-1/system.d +install src/dnsmasq $RPM_BUILD_ROOT%{_sbindir}/dnsmasq +install dnsmasq.conf.example $RPM_BUILD_ROOT%{_sysconfdir}/dnsmasq.conf +install dbus/dnsmasq.conf $RPM_BUILD_ROOT%{_sysconfdir}/dbus-1/system.d/ +install -m 644 man/dnsmasq.8 $RPM_BUILD_ROOT%{_mandir}/man8/ +install -D trust-anchors.conf $RPM_BUILD_ROOT%{_datadir}/%{name}/trust-anchors.conf + +# utils sub package +mkdir -p $RPM_BUILD_ROOT%{_bindir} \ + $RPM_BUILD_ROOT%{_mandir}/man1 +install -m 755 contrib/lease-tools/dhcp_release $RPM_BUILD_ROOT%{_bindir}/dhcp_release +install -m 644 contrib/lease-tools/dhcp_release.1 $RPM_BUILD_ROOT%{_mandir}/man1/dhcp_release.1 +install -m 755 contrib/lease-tools/dhcp_release6 $RPM_BUILD_ROOT%{_bindir}/dhcp_release6 +install -m 644 contrib/lease-tools/dhcp_release6.1 $RPM_BUILD_ROOT%{_mandir}/man1/dhcp_release6.1 +install -m 755 contrib/lease-tools/dhcp_lease_time $RPM_BUILD_ROOT%{_bindir}/dhcp_lease_time +install -m 644 contrib/lease-tools/dhcp_lease_time.1 $RPM_BUILD_ROOT%{_mandir}/man1/dhcp_lease_time.1 + +# Systemd +mkdir -p %{buildroot}%{_unitdir} +install -m644 %{SOURCE1} %{buildroot}%{_unitdir} +rm -rf %{buildroot}%{_initrddir} + +#install systemd sysuser file +install -Dpm 644 %{SOURCE2} %{buildroot}%{_sysusersdir}/%{name}.conf + +%pre +#precreate users so that rpm can install files owned by that user +%sysusers_create_compat %{SOURCE2} + +%post +%systemd_post dnsmasq.service + +%preun +%systemd_preun dnsmasq.service + +%postun +%systemd_postun_with_restart dnsmasq.service + +%files +%doc CHANGELOG FAQ doc.html setup.html dbus/DBus-interface +%license COPYING COPYING-v3 +%defattr(0644,root,dnsmasq,0755) +%config(noreplace) %{_sysconfdir}/dnsmasq.conf +%dir %{_sysconfdir}/dnsmasq.d +%dir %{_var}/lib/dnsmasq +%defattr(-,root,root,-) +%config(noreplace) %{_sysconfdir}/dbus-1/system.d/dnsmasq.conf +%{_unitdir}/%{name}.service +%{_sbindir}/dnsmasq +%{_mandir}/man8/dnsmasq* +%dir %{_datadir}/%{name} +%{_datadir}/%{name}/trust-anchors.conf +%{_sysusersdir}/dnsmasq.conf + +%files utils +%license COPYING COPYING-v3 +%{_bindir}/dhcp_* +%{_mandir}/man1/dhcp_* + +%changelog +* Mon Aug 09 2021 Mohan Boddu - 2.85-2 +- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags + Related: rhbz#1991688 + +* Thu Apr 15 2021 Petr Menšík - 2.85-1 +- Update to 2.85 (#1978728) +- Switch systemd unit to forking, reports error on startup (#1774028) + +* Thu Apr 15 2021 Mohan Boddu - 2.84-2 +- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 + +* Tue Jan 26 2021 Petr Menšík - 2.84-1 +- Update to 2.84 + +* Tue Jan 26 2021 Fedora Release Engineering - 2.83-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Tue Jan 19 2021 Petr Menšík - 2.83-1 +- Update to 2.83, fix CVE-2020-25681-7 + +* Fri Oct 09 2020 Petr Menšík - 2.82-4 +- Remove uninitialized condition from downstream patch + +* Wed Sep 30 2020 Petr Menšík - 2.82-3 +- Listen only on localhost interface, return port unreachable on all others + (#1852373) + +* Mon Jul 27 2020 Fedora Release Engineering - 2.82-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Mon Jul 20 2020 Petr Menšík - 2.82-1 +- Update to 2.82 + +* Tue Jun 30 2020 Petr Menšík - 2.81-4 +- Accept queries only from localhost (CVE-2020-14312) + +* Mon May 11 2020 Petr Menšík - 2.81-3 +- Correct multiple entries with the same mac address (#1834454) + +* Thu Apr 16 2020 Petr Menšík - 2.81-2 +- Update to 2.81 (#1823139) + +* Mon Mar 23 2020 Petr Menšík - 2.81-1.rc3 +- Update to 2.81rc3 + +* Mon Mar 23 2020 Petr Menšík - 2.80-14 +- Fix last build breakage of DNS (#1814468) + +* Tue Mar 10 2020 Petr Menšík - 2.80-13 +- Respond to any local name also withou rd bit set (#1647464) + +* Wed Mar 04 2020 Petr Menšík - 2.80-12 +- Support multiple static leases for single mac on IPv6 (#1810172) + +* Tue Jan 28 2020 Fedora Release Engineering - 2.80-11 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Wed Aug 28 2019 Petr Menšík - 2.80-10 +- Fix CPU intensive RA flood (#1739797) + +* Fri Aug 09 2019 Petr Menšík - 2.80-9 +- Remove SO_TIMESTAMP support, DHCP was broken (#1739081) + +* Wed Jul 31 2019 Petr Menšík - 2.80-8 +- Compile with nettle 3.5 +- Support missing SIOCGSTAMP ioctl + +* Wed Jul 31 2019 Petr Menšík - 2.80-7 +- Fix TCP listener after interface recreated (#1728701) + +* Wed Jul 24 2019 Petr Menšík - 2.80-6 +- Do not return NXDOMAIN on empty non-terminals (#1674067) + +* Wed Jul 24 2019 Fedora Release Engineering - 2.80-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Mon Apr 08 2019 Petr Menšík - 2.80-4 +- Use more recent macro to create dnsmasq user + +* Fri Feb 15 2019 Petr Menšík - 2.80-3 +- Apply patches by autosetup + +* Thu Jan 31 2019 Fedora Release Engineering - 2.80-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + +* Mon Aug 20 2018 Petr Menšík - 2.80-1 +- Update to 2.80 + +* Thu Aug 09 2018 Petr Menšík - 2.79-8 +- Better randomize ports + +* Tue Jul 31 2018 Florian Weimer - 2.79-7 +- Rebuild with fixed binutils + +* Fri Jul 27 2018 Igor Gnatenko - 2.79-6 +- Rebuild for new binutils + +* Thu Jul 26 2018 Zbigniew Jędrzejewski-Szmek - 2.79-5 +- Fix %%pre scriptlet (#1548050) + +* Thu Jul 12 2018 Fedora Release Engineering - 2.79-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Mon Jul 02 2018 Petr Menšík - 2.79-3 +- Make dnsmasq leases writeable by root again (#1554390) + +* Mon Jul 02 2018 Petr Menšík - 2.79-2 +- Fix passing of dnssec enabled queries (#1597309) + +* Thu Mar 15 2018 Petr Menšík - 2.79-1 +- Rebase to 2.79 +- Stop using nettle_hashes directly, use access function (#1548060) +- Do not break on cname with spaces (#1498667) +- Require nettle 3.4+ +- Do not own sysusers.d directory, already depends on systemd providing it + +* Fri Mar 02 2018 Petr Menšík - 2.78-7 +- Emit warning with dnssec enabled on FIPS system (#1549507) + +* Sun Feb 25 2018 Zbigniew Jędrzejewski-Szmek - 2.78-6 +- Create user before installing files (#1548050) + +* Fri Feb 23 2018 Petr Menšík - 2.78-5 +- Create user first and then restart service + +* Thu Feb 22 2018 Itamar Reis Peixoto - 2.78-4 +- add gcc into buildrequires +- deliver an extra sysusers.d file to create dnsmasq user/group +- set CHUSER and CHGRP to dnsmasq in src/config.h + +* Wed Feb 07 2018 Fedora Release Engineering - 2.78-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Mon Jan 22 2018 Petr Menšík - 2.78-2 +- DNSSEC fix for wildcard NSEC records (CVE-2017-15107) + +* Tue Oct 03 2017 Petr Menšík - 2.78-1 +- Rebase to 2.78 + +* Tue Oct 03 2017 Petr Menšík - 2.77-9 +- More patches related to CVE-2017-14491 + +* Mon Oct 02 2017 Petr Menšík - 2.77-8 +- Security fix, CVE-2017-14491, DNS heap buffer overflow +- Security fix, CVE-2017-14492, DHCPv6 RA heap overflow +- Security fix, CVE-2017-14493, DHCPv6 - Stack buffer overflow +- Security fix, CVE-2017-14494, Infoleak handling DHCPv6 +- Security fix, CVE-2017-14496, Integer underflow in DNS response creation +- Security fix, CVE-2017-14495, OOM in DNS response creation +- Misc code cleanups arising from Google analysis +- Do not include stdio.h before dnsmasq.h + +* Thu Sep 14 2017 Petr Menšík - 2.77-7 +- Fix CVE-2017-13704 + +* Mon Aug 14 2017 Petr Menšík - 2.77-6 +- Own the /usr/share/dnsmasq dir (#1480856) + +* Wed Aug 02 2017 Fedora Release Engineering - 2.77-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Wed Jul 26 2017 Fedora Release Engineering - 2.77-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Wed Jun 07 2017 Petr Menšík - 2.77-3 +- Update to 2.77 + +* Fri May 12 2017 Petr Menšík - 2.77-2.rc2 +- Fix dhcp + +* Thu May 11 2017 Petr Menšík - 2.77-1 +- Update to 2.77rc2 + +* Thu May 11 2017 Petr Menšík +- Include dhcp_release6 tool and license in utils +- Support for IDN 2008 (#1449150) + +* Fri Feb 10 2017 Fedora Release Engineering - 2.76-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Wed Oct 19 2016 Pavel Šimerda - 2.76-2 +- Resolves: #1373485 - dns not updated after sleep and resume laptop + +* Fri Jul 15 2016 Pavel Šimerda - 2.76-1 +- New version 2.76 + +* Wed Feb 03 2016 Fedora Release Engineering - 2.75-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Mon Jan 25 2016 Tomas Hozza - 2.75-3 +- Fixed minor bug in dnsmasq.conf (#1295143) + +* Fri Oct 02 2015 Pavel Šimerda - 2.75-2 +- Resolves: #1239256 - install trust-anchors.conf + +* Wed Aug 05 2015 Pavel Šimerda - 2.75-1 +- new version 2.75 + +* Wed Jun 17 2015 Fedora Release Engineering - 2.72-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Mon Oct 06 2014 Nils Philippsen - 2.72-3 +- don't include /etc/dnsmasq.d in triplicate, ignore RPM backup files instead +- package is dual-licensed GPL v2 or v3 +- drop %%triggerun, we're not supposed to automatically migrate from SysV to + systemd anyway + +* Mon Oct 06 2014 Tomas Hozza - 2.72-2 +- Fix typo in default configuration (#1149459) + +* Thu Sep 25 2014 Tomas Hozza - 2.72-1 +- Update to 2.72 stable + +* Sat Aug 16 2014 Fedora Release Engineering - 2.71-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Sat Jun 07 2014 Fedora Release Engineering - 2.71-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Tue May 20 2014 Tomas Hozza - 2.71-1 +- Update to 2.71 stable + +* Fri Apr 25 2014 Tomas Hozza - 2.70-1 +- Update to 2.70 stable + +* Fri Apr 11 2014 Tomas Hozza - 2.69-1 +- Update to 2.69 stable + +* Mon Mar 24 2014 Tomas Hozza - 2.69-0.1.rc1 +- Update to 2.69rc1 +- enable DNSSEC implementation + +* Mon Dec 09 2013 Tomas Hozza - 2.68-1 +- Update to 2.68 stable + +* Tue Nov 26 2013 Tomas Hozza - 2.68-0.1.rc3 +- Update to 2.68rc3 + +* Fri Nov 01 2013 Tomas Hozza - 2.67-1 +- Update to 2.67 stable +- Include one post release upstream fix for CNAME + +* Fri Oct 18 2013 Tomas Hozza - 2.67-0.9.rc4 +- update to 2.67rc4 + +* Wed Oct 02 2013 Tomas Hozza - 2.67-0.8.rc2 +- update to 2.67rc2 + +* Thu Sep 12 2013 Tomas Hozza - 2.67-0.7.test13 +- update to 2.67test13 +- use .tar.xz upstream archives + +* Thu Aug 15 2013 Tomas Hozza - 2.67-0.6.test7 +- Use SO_REUSEPORT and SO_REUSEADDR if possible for DHCPv4/6 (#981973) + +* Mon Aug 12 2013 Tomas Hozza - 2.67-0.5.test7 +- Don't use SO_REUSEPORT on DHCPv4 socket to prevent conflicts with ISC DHCP (#981973) + +* Sat Aug 03 2013 Fedora Release Engineering - 2.67-0.4.test7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Tue Jun 11 2013 Tomas Hozza - 2.67-0.3.test7 +- update to 2.67test7 +- drop merged patch +- use _hardened_build macro instead of hardcoded flags + +* Fri May 17 2013 Tomas Hozza - 2.67-0.2.test4 +- Fix failure to start with ENOTSOCK (#962874) + +* Wed May 15 2013 Tomas Hozza - 2.67-0.1.test4 +- update to the latest testing release 2.67test4 (#962246) +- drop mergerd patches + +* Tue Apr 30 2013 Tomas Hozza - 2.66-5 +- dnsmasq unit file cleanup + - drop forking Type and PIDfile and rather start dnsmasq with "-k" option + - drop After syslog.target as this is by default + +* Thu Apr 25 2013 Tomas Hozza - 2.66-4 +- include several fixes from upstream repo: + - Send TCP DNS messages in one packet + - Fix crash on SERVFAIL when using --conntrack option + - Fix regression in dhcp_lease_time utility + - Man page typos fixes + - Note that dhcp_lease_time and dhcp_release work only for IPv4 + - Fix for --dhcp-match option to work also with BOOTP protocol + +* Sat Apr 20 2013 Tomas Hozza - 2.66-3 +- Use Full RELRO when linking the daemon +- compile the daemon with PIE +- include two fixes from upstream git repo + +* Thu Apr 18 2013 Tomas Hozza - 2.66-2 +- New stable version dnsmasq-2.66 +- Drop of merged patch + +* Fri Apr 12 2013 Tomas Hozza - 2.66-1.rc5 +- Update to latest dnsmasq-2.66rc5 +- Include fix for segfault when lease limit is reached + +* Fri Mar 22 2013 Tomas Hozza - 2.66-1.rc1 +- Update to latest dnsmasq-2.66rc1 +- Dropping unneeded patches +- Enable IDN support + +* Fri Mar 15 2013 Tomas Hozza - 2.65-5 +- Allocate dhcp_buff-ers also if daemon->ra_contexts to prevent SIGSEGV (#920300) + +* Thu Jan 31 2013 Tomas Hozza - 2.65-4 +- Handle locally-routed DNS Queries (#904940) + +* Thu Jan 24 2013 Tomas Hozza - 2.65-3 +- build dnsmasq with $RPM_OPT_FLAGS, $RPM_LD_FLAGS explicitly (#903362) + +* Tue Jan 22 2013 Tomas Hozza - 2.65-2 +- Fix for CVE-2013-0198 (checking of TCP connection interfaces) (#901555) + +* Sat Dec 15 2012 Tomas Hozza - 2.65-1 +- new version 2.65 + +* Wed Dec 05 2012 Tomas Hozza - 2.64-1 +- New version 2.64 +- Merged patches dropped + +* Tue Nov 20 2012 Tomas Hozza - 2.63-4 +- Remove EnvironmentFile from service file (#878343) + +* Mon Nov 19 2012 Tomas Hozza - 2.63-3 +- dhcp6 support fixes (#867054) +- removed "-s $HOSTNAME" from .service file (#753656, #822797) + +* Tue Oct 23 2012 Tomas Hozza - 2.63-2 +- Introduce new systemd-rpm macros in dnsmasq spec file (#850096) + +* Thu Aug 23 2012 Douglas Schilling Landgraf - 2.63-1 +- Use .tar.gz compression, in upstream site there is no .lzma anymore +- New version 2.63 + +* Sat Feb 11 2012 Pádraig Brady - 2.59-5 +- Compile DHCP lease management utils with RPM_OPT_FLAGS + +* Thu Feb 9 2012 Pádraig Brady - 2.59-4 +- Include DHCP lease management utils in a subpackage + +* Fri Jan 13 2012 Fedora Release Engineering - 2.59-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Fri Aug 26 2011 Douglas Schilling Landgraf - 2.59-2 +- do not enable service by default + +* Fri Aug 26 2011 Douglas Schilling Landgraf - 2.59-1 +- New version 2.59 +- Fix regression in 2.58 (IPv6 issue) - bz 744814 + +* Fri Aug 26 2011 Douglas Schilling Landgraf - 2.58-1 +- Fixed License +- New version 2.58 + +* Mon Aug 08 2011 Patrick "Jima" Laughton - 2.52-5 +- Include systemd unit file + +* Mon Aug 08 2011 Patrick "Jima" Laughton - 2.52-3 +- Applied Jóhann's patch, minor cleanup + +* Tue Jul 26 2011 Jóhann B. Guðmundsson - 2.52-3 +- Introduce systemd unit file, drop SysV support + +* Tue Feb 08 2011 Fedora Release Engineering - 2.52-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Tue Jan 26 2010 Itamar Reis Peixoto - 2.52-1 +- New Version 2.52 +- fix condrestart() in initscript bz 547605 +- fix sed to enable DBUS(the '*' need some escaping) bz 553161 + +* Sun Nov 22 2009 Itamar Reis Peixoto - 2.51-2 +- fix bz 512664 + +* Sat Oct 17 2009 Itamar Reis Peixoto - 2.51-1 +- move initscript from patch to a plain text file +- drop (dnsmasq-configuration.patch) and use sed instead +- enable /etc/dnsmasq.d fix bz 526703 +- change requires to package name instead of file +- new version 2.51 + +* Mon Oct 5 2009 Mark McLoughlin - 2.48-4 +- Fix multiple TFTP server vulnerabilities (CVE-2009-2957, CVE-2009-2958) + +* Wed Aug 12 2009 Ville Skyttä - 2.48-3 +- Use lzma compressed upstream tarball. + +* Fri Jul 24 2009 Fedora Release Engineering - 2.48-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Wed Jun 10 2009 Patrick "Jima" Laughton 2.48-1 +- Bugfix/feature enhancement update +- Fixing BZ#494094 + +* Fri May 29 2009 Patrick "Jima" Laughton 2.47-1 +- Bugfix/feature enhancement update + +* Tue Feb 24 2009 Fedora Release Engineering - 2.46-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Mon Dec 29 2008 Matěj Cepl - 2.45-2 +- rebuilt + +* Mon Jul 21 2008 Patrick "Jima" Laughton 2.45-1 +- Upstream release (bugfixes) + +* Wed Jul 16 2008 Patrick "Jima" Laughton 2.43-2 +- New upstream release, contains fixes for CVE-2008-1447/CERT VU#800113 +- Dropped patch for newer glibc (merged upstream) + +* Wed Feb 13 2008 Patrick "Jima" Laughton 2.41-0.8 +- Added upstream-authored patch for newer glibc (thanks Simon!) + +* Wed Feb 13 2008 Patrick "Jima" Laughton 2.41-0.7 +- New upstream release + +* Wed Jan 30 2008 Patrick "Jima" Laughton 2.41-0.6.rc1 +- Release candidate +- Happy Birthday Isaac! + +* Wed Jan 23 2008 Patrick "Jima" Laughton 2.41-0.5.test30 +- Bugfix update + +* Mon Dec 31 2007 Patrick "Jima" Laughton 2.41-0.4.test26 +- Bugfix/feature enhancement update + +* Thu Dec 13 2007 Patrick "Jima" Laughton 2.41-0.3.test24 +- Upstream fix for fairly serious regression + +* Tue Dec 04 2007 Patrick "Jima" Laughton 2.41-0.2.test20 +- New upstream test release +- Moving dnsmasq.leases to /var/lib/dnsmasq/ as per BZ#407901 +- Ignoring dangerous-command-in-%%post rpmlint warning (as per above fix) +- Patch consolidation/cleanup +- Removed conditionals for Fedora <= 3 and Aurora 2.0 + +* Tue Sep 18 2007 Patrick "Jima" Laughton 2.40-1 +- Finalized upstream release +- Removing URLs from patch lines (CVS is the authoritative source) +- Added more magic to make spinning rc/test packages more seamless + +* Sun Aug 26 2007 Patrick "Jima" Laughton 2.40-0.1.rc2 +- New upstream release candidate (feature-frozen), thanks Simon! +- License clarification + +* Tue May 29 2007 Patrick "Jima" Laughton 2.39-1 +- New upstream version (bugfixes, enhancements) + +* Mon Feb 12 2007 Patrick "Jima" Laughton 2.38-1 +- New upstream version with bugfix for potential hang + +* Tue Feb 06 2007 Patrick "Jima" Laughton 2.37-1 +- New upstream version + +* Wed Jan 24 2007 Patrick "Jima" Laughton 2.36-1 +- New upstream version + +* Mon Nov 06 2006 Patrick "Jima" Laughton 2.35-2 +- Stop creating /etc/sysconfig on %%install +- Create /etc/dnsmasq.d on %%install + +* Mon Nov 06 2006 Patrick "Jima" Laughton 2.35-1 +- Update to 2.35 +- Removed UPGRADING_to_2.0 from %%doc as per upstream change +- Enabled conf-dir in default config as per RFE BZ#214220 (thanks Chris!) +- Added %%dir /etc/dnsmasq.d to %%files as per above RFE + +* Tue Oct 24 2006 Patrick "Jima" Laughton 2.34-2 +- Fixed BZ#212005 +- Moved %%postun scriptlet to %%post, where it made more sense +- Render scriptlets safer +- Minor cleanup for consistency + +* Thu Oct 19 2006 Patrick "Jima" Laughton 2.34-1 +- Hardcoded version in patches, as I'm getting tired of updating them +- Update to 2.34 + +* Mon Aug 28 2006 Patrick "Jima" Laughton 2.33-2 +- Rebuild for FC6 + +* Tue Aug 15 2006 Patrick "Jima" Laughton 2.33-1 +- Update + +* Sat Jul 22 2006 Patrick "Jima" Laughton 2.32-3 +- Added pkgconfig BuildReq due to reduced buildroot + +* Thu Jul 20 2006 Patrick "Jima" Laughton 2.32-2 +- Forced update due to dbus version bump + +* Mon Jun 12 2006 Patrick "Jima" Laughton 2.32-1 +- Update from upstream +- Patch from Dennis Gilmore fixed the conditionals to detect Aurora Linux + +* Mon May 8 2006 Patrick "Jima" Laughton 2.31-1 +- Removed dbus config patch (now provided upstream) +- Patched in init script (no longer provided upstream) +- Added DBus-interface to docs + +* Tue May 2 2006 Patrick "Jima" Laughton 2.30-4.2 +- More upstream-recommended cleanups :) +- Killed sysconfig file (provides unneeded functionality) +- Tweaked init script a little more + +* Tue May 2 2006 Patrick "Jima" Laughton 2.30-4 +- Moved options out of init script and into /etc/sysconfig/dnsmasq +- Disabled DHCP_LEASE in sysconfig file, fixing bug #190379 +- Simon Kelley provided dbus/dnsmasq.conf, soon to be part of the tarball + +* Thu Apr 27 2006 Patrick "Jima" Laughton 2.30-3 +- Un-enabled HAVE_ISC_READER, a hack to enable a deprecated feature (request) +- Split initscript & enable-dbus patches, conditionalized dbus for FC3 +- Tweaked name field in changelog entries (trying to be consistent) + +* Mon Apr 24 2006 Patrick "Jima" Laughton 2.30-2 +- Disabled stripping of binary while installing (oops) +- Enabled HAVE_ISC_READER/HAVE_DBUS via patch +- Added BuildReq for dbus-devel + +* Mon Apr 24 2006 Patrick "Jima" Laughton 2.30-1 +- Initial Fedora Extras RPM