diff --git a/.dnsmasq.metadata b/.dnsmasq.metadata new file mode 100644 index 0000000..dfeefcb --- /dev/null +++ b/.dnsmasq.metadata @@ -0,0 +1 @@ +fb6b1690de53014a8e6c8bfa6f1653062b965741 SOURCES/dnsmasq-2.66.tar.gz diff --git a/README.md b/README.md deleted file mode 100644 index 0e7897f..0000000 --- a/README.md +++ /dev/null @@ -1,5 +0,0 @@ -The master branch has no content - -Look at the c7 branch if you are working with CentOS-7, or the c4/c5/c6 branch for CentOS-4, 5 or 6 - -If you find this file in a distro specific branch, it means that no content has been checked in yet diff --git a/SOURCES/dnsmasq-2.66-Allow-constructed-ranges-from-interface-address-at-end-of-range.patch b/SOURCES/dnsmasq-2.66-Allow-constructed-ranges-from-interface-address-at-end-of-range.patch new file mode 100644 index 0000000..6eda494 --- /dev/null +++ b/SOURCES/dnsmasq-2.66-Allow-constructed-ranges-from-interface-address-at-end-of-range.patch @@ -0,0 +1,51 @@ +From 429805dbbc3888abc0d472c45935e92057964384 Mon Sep 17 00:00:00 2001 +From: Simon Kelley +Date: Fri, 31 May 2013 13:47:26 +0100 +Subject: [PATCH 1/1] Allow constructed ranges from interface address at end of range. + +Also make man page on this clearer, as it's been confusing many. +--- + man/dnsmasq.8 | 11 ++++++++++- + src/dhcp6.c | 4 +++- + 2 files changed, 13 insertions(+), 2 deletions(-) + +diff --git a/man/dnsmasq.8 b/man/dnsmasq.8 +index d2e3d18..1c3dfeb 100644 +--- a/man/dnsmasq.8 ++++ b/man/dnsmasq.8 +@@ -649,7 +649,16 @@ This forms a template which describes how to create ranges, based on the address + + .B --dhcp-range=::1,::400,constructor:eth0 + +-will look for addresses of the form ::1 on eth0 and then create a range from ::1 to ::400. If the interface is assigned more than one network, then the corresponding ranges will be automatically created, and then deprecated and finally removed again as the address is deprecated and then deleted. The interface name may have a final "*" wildcard. ++will look for addresses of the form ::1 or :400 on ++eth0 and then create a range from ::1 to ::400. If ++the interface is assigned more than one network, then the ++corresponding ranges will be automatically created, and then ++deprecated and finally removed again as the address is deprecated and ++then deleted. The interface name may have a final "*" wildcard. Note ++that just any address on eth0 will not do: the non-prefix part must be ++equal either the start or end address given in the dhcp-range. This is ++to prevent prefixes becoming perpetual if the interface ++gains a SLAAC address for the prefix when it is advertised by dnsmasq. + + The optional + .B set: +diff --git a/src/dhcp6.c b/src/dhcp6.c +index a827b2f..6cd30b5 100644 +--- a/src/dhcp6.c ++++ b/src/dhcp6.c +@@ -538,7 +538,9 @@ static int construct_worker(struct in6_addr *local, int prefix, + } + + } +- else if (addr6part(local) == addr6part(&template->start6) && wildcard_match(template->template_interface, ifrn_name)) ++ else if ((addr6part(local) == addr6part(&template->start6) || ++ addr6part(local) == addr6part(&template->end6)) && ++ wildcard_match(template->template_interface, ifrn_name)) + { + start6 = *local; + setaddr6part(&start6, addr6part(&template->start6)); +-- +1.7.2.5 + diff --git a/SOURCES/dnsmasq-2.66-Allow-option_number_zero_in_encapsulated_DHCP_options.patch b/SOURCES/dnsmasq-2.66-Allow-option_number_zero_in_encapsulated_DHCP_options.patch new file mode 100644 index 0000000..4acc08d --- /dev/null +++ b/SOURCES/dnsmasq-2.66-Allow-option_number_zero_in_encapsulated_DHCP_options.patch @@ -0,0 +1,142 @@ +From bd08ae67f9a0cae2ce15be885254cad9449d4551 Mon Sep 17 00:00:00 2001 +From: Simon Kelley +Date: Fri, 19 Apr 2013 10:22:06 +0100 +Subject: [PATCH] Allow option number zero in encapsulated DHCP options. + +--- + src/dhcp-common.c | 6 +++--- + src/dnsmasq.h | 4 ++-- + src/option.c | 33 ++++++++++++++++++++------------- + 3 files changed, 25 insertions(+), 18 deletions(-) + +diff --git a/src/dhcp-common.c b/src/dhcp-common.c +index f4fd088..8de4268 100644 +--- a/src/dhcp-common.c ++++ b/src/dhcp-common.c +@@ -512,7 +512,7 @@ void display_opts6(void) + } + #endif + +-u16 lookup_dhcp_opt(int prot, char *name) ++int lookup_dhcp_opt(int prot, char *name) + { + const struct opttab_t *t; + int i; +@@ -528,10 +528,10 @@ u16 lookup_dhcp_opt(int prot, char *name) + if (strcasecmp(t[i].name, name) == 0) + return t[i].val; + +- return 0; ++ return -1; + } + +-u16 lookup_dhcp_len(int prot, u16 val) ++int lookup_dhcp_len(int prot, int val) + { + const struct opttab_t *t; + int i; +diff --git a/src/dnsmasq.h b/src/dnsmasq.h +index 69ae7a7..41e2798 100644 +--- a/src/dnsmasq.h ++++ b/src/dnsmasq.h +@@ -1216,8 +1216,8 @@ void log_tags(struct dhcp_netid *netid, u32 xid); + int match_bytes(struct dhcp_opt *o, unsigned char *p, int len); + void dhcp_update_configs(struct dhcp_config *configs); + void display_opts(void); +-u16 lookup_dhcp_opt(int prot, char *name); +-u16 lookup_dhcp_len(int prot, u16 val); ++int lookup_dhcp_opt(int prot, char *name); ++int lookup_dhcp_len(int prot, int val); + char *option_string(int prot, unsigned int opt, unsigned char *val, + int opt_len, char *buf, int buf_len); + #ifdef HAVE_LINUX_NETWORK +diff --git a/src/option.c b/src/option.c +index b2596ec..2a61017 100644 +--- a/src/option.c ++++ b/src/option.c +@@ -750,6 +750,7 @@ static int parse_dhcp_opt(char *errstr, char *arg, int flags) + struct dhcp_netid *np = NULL; + u16 opt_len = 0; + int is6 = 0; ++ int option_ok = 0; + + new->len = 0; + new->flags = flags; +@@ -769,16 +770,19 @@ static int parse_dhcp_opt(char *errstr, char *arg, int flags) + { + new->opt = atoi(arg); + opt_len = 0; ++ option_ok = 1; + break; + } + + if (strstr(arg, "option:") == arg) + { +- new->opt = lookup_dhcp_opt(AF_INET, arg+7); +- opt_len = lookup_dhcp_len(AF_INET, new->opt); +- /* option: must follow tag and vendor string. */ +- if ((opt_len & OT_INTERNAL) && flags != DHOPT_MATCH) +- new->opt = 0; ++ if ((new->opt = lookup_dhcp_opt(AF_INET, arg+7)) != -1) ++ { ++ opt_len = lookup_dhcp_len(AF_INET, new->opt); ++ /* option: must follow tag and vendor string. */ ++ if (!(opt_len & OT_INTERNAL) || flags == DHOPT_MATCH) ++ option_ok = 1; ++ } + break; + } + #ifdef HAVE_DHCP6 +@@ -792,13 +796,16 @@ static int parse_dhcp_opt(char *errstr, char *arg, int flags) + { + new->opt = atoi(arg+8); + opt_len = 0; ++ option_ok = 1; + } + else + { +- new->opt = lookup_dhcp_opt(AF_INET6, arg+8); +- opt_len = lookup_dhcp_len(AF_INET6, new->opt); +- if ((opt_len & OT_INTERNAL) && flags != DHOPT_MATCH) +- new->opt = 0; ++ if ((new->opt = lookup_dhcp_opt(AF_INET6, arg+8)) != -1) ++ { ++ opt_len = lookup_dhcp_len(AF_INET6, new->opt); ++ if (!(opt_len & OT_INTERNAL) || flags == DHOPT_MATCH) ++ option_ok = 1; ++ } + } + /* option6:| must follow tag and vendor string. */ + is6 = 1; +@@ -821,7 +828,7 @@ static int parse_dhcp_opt(char *errstr, char *arg, int flags) + new->flags |= DHOPT_RFC3925; + if (flags == DHOPT_MATCH) + { +- new->opt = 1; /* avoid error below */ ++ option_ok = 1; + break; + } + } +@@ -848,16 +855,16 @@ static int parse_dhcp_opt(char *errstr, char *arg, int flags) + + if (opt_len == 0 && + !(new->flags & DHOPT_RFC3925)) +- opt_len = lookup_dhcp_len(AF_INET6 ,new->opt); ++ opt_len = lookup_dhcp_len(AF_INET6, new->opt); + } + else + #endif + if (opt_len == 0 && + !(new->flags & (DHOPT_VENDOR | DHOPT_ENCAPSULATE | DHOPT_RFC3925))) +- opt_len = lookup_dhcp_len(AF_INET ,new->opt); ++ opt_len = lookup_dhcp_len(AF_INET, new->opt); + + /* option may be missing with rfc3925 match */ +- if (new->opt == 0) ++ if (!option_ok) + ret_err(_("bad dhcp-option")); + + if (comma) +-- +1.8.1.4 + diff --git a/SOURCES/dnsmasq-2.66-Dont-BIND-DHCP-socket-if-more-interfaces-may-come.patch b/SOURCES/dnsmasq-2.66-Dont-BIND-DHCP-socket-if-more-interfaces-may-come.patch new file mode 100644 index 0000000..638c67a --- /dev/null +++ b/SOURCES/dnsmasq-2.66-Dont-BIND-DHCP-socket-if-more-interfaces-may-come.patch @@ -0,0 +1,51 @@ +From e2ba0df2d4798e52e188c2f7f74613867d5aa82a Mon Sep 17 00:00:00 2001 +From: Simon Kelley +Date: Fri, 31 May 2013 17:04:25 +0100 +Subject: [PATCH 1/1] Don't BIND DHCP socket if more interfaces may come along later. + +--- + src/dhcp-common.c | 20 +++++++++++++------- + 1 file changed, 13 insertions(+), 7 deletions(-) + +diff --git a/src/dhcp-common.c b/src/dhcp-common.c +index 8de4268..9321e92 100644 +--- a/src/dhcp-common.c ++++ b/src/dhcp-common.c +@@ -347,21 +347,27 @@ void bindtodevice(int fd) + to that device. This is for the use case of (eg) OpenStack, which runs a new + dnsmasq instance for each VLAN interface it creates. Without the BINDTODEVICE, + individual processes don't always see the packets they should. +- SO_BINDTODEVICE is only available Linux. */ ++ SO_BINDTODEVICE is only available Linux. ++ ++ Note that if wildcards are used in --interface, or a configured interface doesn't ++ yet exist, then more interfaces may arrive later, so we can't safely assert there ++ is only one interface and proceed. ++*/ + + struct irec *iface, *found; +- ++ struct iname *if_tmp; ++ ++ for (if_tmp = daemon->if_names; if_tmp; if_tmp = if_tmp->next) ++ if (if_tmp->name && (!if_tmp->used || strchr(if_tmp->name, '*'))) ++ return; ++ + for (found = NULL, iface = daemon->interfaces; iface; iface = iface->next) + if (iface->dhcp_ok) + { + if (!found) + found = iface; + else if (strcmp(found->name, iface->name) != 0) +- { +- /* more than one. */ +- found = NULL; +- break; +- } ++ return; /* more than one. */ + } + + if (found) +-- +1.7.2.5 + diff --git a/SOURCES/dnsmasq-2.66-Fix-crash-on-SERVFAIL-when-using-conntrack.patch b/SOURCES/dnsmasq-2.66-Fix-crash-on-SERVFAIL-when-using-conntrack.patch new file mode 100644 index 0000000..d3f0341 --- /dev/null +++ b/SOURCES/dnsmasq-2.66-Fix-crash-on-SERVFAIL-when-using-conntrack.patch @@ -0,0 +1,50 @@ +From 797a7afba477390bc016c647cfb792c85ee6102d Mon Sep 17 00:00:00 2001 +From: Giacomo Tazzari +Date: Mon, 22 Apr 2013 13:16:37 +0100 +Subject: [PATCH] Fix crash on SERVFAIL when --conntrack in use. + +--- + CHANGELOG | 5 ++++++ + src/forward.c | 6 +++--- + 2 files changed, 9 insertions(+), 3 deletions(-) + +diff --git a/CHANGELOG b/CHANGELOG +index 93aaf18..6cb1b51 100644 +--- a/CHANGELOG ++++ b/CHANGELOG +@@ -1,3 +1,8 @@ ++ Fix crash if upstream server returns SERVFAIL when ++ --conntrack in use. Thanks to Giacomo Tazzari for finding ++ this and supplying the patch. ++ ++ + version 2.66 + Add the ability to act as an authoritative DNS + server. Dnsmasq can now answer queries from the wider 'net +diff --git a/src/forward.c b/src/forward.c +index 77d6849..78495ca 100644 +--- a/src/forward.c ++++ b/src/forward.c +@@ -328,8 +328,8 @@ static int forward_query(int udpfd, union mysockaddr *udpaddr, + struct server *firstsentto = start; + int forwarded = 0; + +- if (udpaddr && option_bool(OPT_ADD_MAC)) +- plen = add_mac(header, plen, ((char *) header) + PACKETSZ, udpaddr); ++ if (option_bool(OPT_ADD_MAC)) ++ plen = add_mac(header, plen, ((char *) header) + PACKETSZ, &forward->source); + + while (1) + { +@@ -372,7 +372,7 @@ static int forward_query(int udpfd, union mysockaddr *udpaddr, + if (option_bool(OPT_CONNTRACK)) + { + unsigned int mark; +- if (get_incoming_mark(udpaddr, dst_addr, 0, &mark)) ++ if (get_incoming_mark(&forward->source, &forward->dest, 0, &mark)) + setsockopt(fd, SOL_SOCKET, SO_MARK, &mark, sizeof(unsigned int)); + } + #endif +-- +1.8.1.4 + diff --git a/SOURCES/dnsmasq-2.66-Fix-option-parsing-for-dhcp-host.patch b/SOURCES/dnsmasq-2.66-Fix-option-parsing-for-dhcp-host.patch new file mode 100644 index 0000000..d3c0a96 --- /dev/null +++ b/SOURCES/dnsmasq-2.66-Fix-option-parsing-for-dhcp-host.patch @@ -0,0 +1,34 @@ +From 3e8ed78bf1b2649b13129327700d5d55bd2040e2 Mon Sep 17 00:00:00 2001 +From: Simon Kelley +Date: Wed, 29 May 2013 14:31:33 +0100 +Subject: [PATCH 1/1] Fix option parsing for --dhcp-host. + +--- + src/option.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/option.c b/src/option.c +index eb71102..ac54c31 100644 +--- a/src/option.c ++++ b/src/option.c +@@ -2510,7 +2510,7 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma + case 'G': /* --dhcp-host */ + { + int j, k = 0; +- char *a[6] = { NULL, NULL, NULL, NULL, NULL, NULL }; ++ char *a[7] = { NULL, NULL, NULL, NULL, NULL, NULL, NULL }; + struct dhcp_config *new; + struct in_addr in; + +@@ -2522,7 +2522,7 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma + new->netid = NULL; + + if ((a[0] = arg)) +- for (k = 1; k < 6; k++) ++ for (k = 1; k < 7; k++) + if (!(a[k] = split(a[k-1]))) + break; + +-- +1.7.2.5 + diff --git a/SOURCES/dnsmasq-2.66-Fix-regression-in-dhcp_lease_time-utility.patch b/SOURCES/dnsmasq-2.66-Fix-regression-in-dhcp_lease_time-utility.patch new file mode 100644 index 0000000..d523603 --- /dev/null +++ b/SOURCES/dnsmasq-2.66-Fix-regression-in-dhcp_lease_time-utility.patch @@ -0,0 +1,103 @@ +From aa63a21ce0b20dfe988e0bcdf14b8b930de20311 Mon Sep 17 00:00:00 2001 +From: Simon Kelley +Date: Mon, 22 Apr 2013 15:01:52 +0100 +Subject: [PATCH] Fix regression in dhcp_lease_time utility. + +--- + CHANGELOG | 9 +++++++++ + contrib/wrt/dhcp_lease_time.c | 9 ++++++++- + src/rfc2131.c | 17 ++++++++++++++++- + 3 files changed, 33 insertions(+), 2 deletions(-) + +diff --git a/CHANGELOG b/CHANGELOG +index 6cb1b51..268b64d 100644 +--- a/CHANGELOG ++++ b/CHANGELOG +@@ -2,6 +2,15 @@ version 2.67 + Fix crash if upstream server returns SERVFAIL when + --conntrack in use. Thanks to Giacomo Tazzari for finding + this and supplying the patch. ++ ++ Repair regression in 2.64. That release stopped sending ++ lease-time information in the reply to DHCPINFORM ++ requests, on the correct grounds that it was a standards ++ violation. However, this broke the dnsmasq-specific ++ dhcp_lease_time utility. Now, DHCPINFORM returns ++ lease-time only if it's specifically requested ++ (maintaining standards) and the dhcp_lease_time utility ++ has been taught to ask for it (restoring functionality). + + + version 2.66 +diff --git a/contrib/wrt/dhcp_lease_time.c b/contrib/wrt/dhcp_lease_time.c +index 2866bb5..b438ef7 100644 +--- a/contrib/wrt/dhcp_lease_time.c ++++ b/contrib/wrt/dhcp_lease_time.c +@@ -20,7 +20,7 @@ + nothing is sent to stdout a message is sent to stderr and a + non-zero error code is returned. + +- Requires dnsmasq 2.40 or later. ++ This version requires dnsmasq 2.66 or later. + */ + + #include +@@ -46,6 +46,7 @@ + #define OPTION_LEASE_TIME 51 + #define OPTION_OVERLOAD 52 + #define OPTION_MESSAGE_TYPE 53 ++#define OPTION_REQUESTED_OPTIONS 55 + #define OPTION_END 255 + #define DHCPINFORM 8 + #define DHCP_SERVER_PORT 67 +@@ -167,6 +168,12 @@ int main(int argc, char **argv) + *(p++) = 1; + *(p++) = DHCPINFORM; + ++ /* Explicity request the lease time, it won't be sent otherwise: ++ this is a dnsmasq extension, not standard. */ ++ *(p++) = OPTION_REQUESTED_OPTIONS; ++ *(p++) = 1; ++ *(p++) = OPTION_LEASE_TIME; ++ + *(p++) = OPTION_END; + + dest.sin_family = AF_INET; +diff --git a/src/rfc2131.c b/src/rfc2131.c +index 92974c0..013a446 100644 +--- a/src/rfc2131.c ++++ b/src/rfc2131.c +@@ -39,6 +39,7 @@ static unsigned char *option_find(struct dhcp_packet *mess, size_t size, int opt + static unsigned char *option_find1(unsigned char *p, unsigned char *end, int opt, int minsize); + static size_t dhcp_packet_size(struct dhcp_packet *mess, unsigned char *agent_id, unsigned char *real_end); + static void clear_packet(struct dhcp_packet *mess, unsigned char *end); ++static int in_list(unsigned char *list, int opt); + static void do_options(struct dhcp_context *context, + struct dhcp_packet *mess, + unsigned char *real_end, +@@ -1410,7 +1411,21 @@ size_t dhcp_reply(struct dhcp_context *context, char *iface_name, int int_index, + clear_packet(mess, end); + option_put(mess, end, OPTION_MESSAGE_TYPE, 1, DHCPACK); + option_put(mess, end, OPTION_SERVER_IDENTIFIER, INADDRSZ, ntohl(server_id(context, override, fallback).s_addr)); +- ++ ++ /* RFC 2131 says that DHCPINFORM shouldn't include lease-time parameters, but ++ we supply a utility which makes DHCPINFORM requests to get this information. ++ Only include lease time if OPTION_LEASE_TIME is in the parameter request list, ++ which won't be true for ordinary clients, but will be true for the ++ dhcp_lease_time utility. */ ++ if (lease && in_list(req_options, OPTION_LEASE_TIME)) ++ { ++ if (lease->expires == 0) ++ time = 0xffffffff; ++ else ++ time = (unsigned int)difftime(lease->expires, now); ++ option_put(mess, end, OPTION_LEASE_TIME, 4, time); ++ } ++ + do_options(context, mess, end, req_options, hostname, get_domain(mess->ciaddr), + netid, subnet_addr, fqdn_flags, borken_opt, pxearch, uuid, vendor_class_len, now); + +-- +1.8.1.4 + diff --git a/SOURCES/dnsmasq-2.66-Fix-wrong_size_in_memset_call.patch b/SOURCES/dnsmasq-2.66-Fix-wrong_size_in_memset_call.patch new file mode 100644 index 0000000..f5103bc --- /dev/null +++ b/SOURCES/dnsmasq-2.66-Fix-wrong_size_in_memset_call.patch @@ -0,0 +1,26 @@ +From 4582c0efe7d7af93517b1f3bcc7af67685ab3e5c Mon Sep 17 00:00:00 2001 +From: Dave Reisner +Date: Thu, 18 Apr 2013 09:47:49 +0100 +Subject: [PATCH] Fix wrong size in memset() call. + +Thanks to Dave Reisner. +--- + src/ipset.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/ipset.c b/src/ipset.c +index a34ed96..f175fa4 100644 +--- a/src/ipset.c ++++ b/src/ipset.c +@@ -110,7 +110,7 @@ static int new_add_to_ipset(const char *setname, const struct all_addr *ipaddr, + return -1; + } + +- memset(buffer, 0, sizeof(buffer)); ++ memset(buffer, 0, BUFF_SZ); + + nlh = (struct nlmsghdr *)buffer; + nlh->nlmsg_len = NL_ALIGN(sizeof(struct nlmsghdr)); +-- +1.8.1.4 + diff --git a/SOURCES/dnsmasq-2.66-Fix_crash_with_empty_DHCP_string_options.patch b/SOURCES/dnsmasq-2.66-Fix_crash_with_empty_DHCP_string_options.patch new file mode 100644 index 0000000..f20b113 --- /dev/null +++ b/SOURCES/dnsmasq-2.66-Fix_crash_with_empty_DHCP_string_options.patch @@ -0,0 +1,26 @@ +From 625ac28c61b0a5e6a252db00d72fbac6d88718fd Mon Sep 17 00:00:00 2001 +From: Simon Kelley +Date: Tue, 2 Jul 2013 21:19:32 +0100 +Subject: [PATCH] Fix crash with empty DHCP string options. + +--- + src/rfc2131.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletions(-) + +diff --git a/src/rfc2131.c b/src/rfc2131.c +index 499f5c4..e7fa75f 100644 +--- a/src/rfc2131.c ++++ b/src/rfc2131.c +@@ -1833,7 +1833,8 @@ static int do_opt(struct dhcp_opt *opt, unsigned char *p, struct dhcp_context *c + } + } + else +- memcpy(p, opt->val, len); ++ /* empty string may be extended to "\0" by null_term */ ++ memcpy(p, opt->val ? opt->val : (unsigned char *)"", len); + } + return len; + } +-- +1.7.2.5 + diff --git a/SOURCES/dnsmasq-2.66-Fix_failure_to_start_with_ENOTSOCK.patch b/SOURCES/dnsmasq-2.66-Fix_failure_to_start_with_ENOTSOCK.patch new file mode 100644 index 0000000..26b2795 --- /dev/null +++ b/SOURCES/dnsmasq-2.66-Fix_failure_to_start_with_ENOTSOCK.patch @@ -0,0 +1,44 @@ +From cfcad42ff1ddee8e64d120f18016a654152d0215 Mon Sep 17 00:00:00 2001 +From: Simon Kelley +Date: Fri, 17 May 2013 11:32:03 +0100 +Subject: [PATCH] Fix failure to start with ENOTSOCK + +--- + CHANGELOG | 6 ++++++ + src/dnsmasq.c | 2 +- + 2 files changed, 7 insertions(+), 1 deletion(-) + +diff --git a/CHANGELOG b/CHANGELOG +index 7aa0024..48b6070 100644 +--- a/CHANGELOG ++++ b/CHANGELOG +@@ -31,7 +31,13 @@ version 2.67 + want to continue to bind the aliases too, you need to add + eg. --interface=eth0:0 to the config. + ++ Fix "failed to set SO_BINDTODEVICE on DHCP socket: Socket ++ operation on non-socket" error on startup with ++ configurations which have exactly one --interface option ++ and do RA but _not_ DHCPv6. Thanks to Trever Adams for the ++ bug report. + ++ + version 2.66 + Add the ability to act as an authoritative DNS + server. Dnsmasq can now answer queries from the wider 'net +diff --git a/src/dnsmasq.c b/src/dnsmasq.c +index 43b8cb1..b0f984d 100644 +--- a/src/dnsmasq.c ++++ b/src/dnsmasq.c +@@ -248,7 +248,7 @@ int main (int argc, char **argv) + #endif + + #if defined(HAVE_LINUX_NETWORK) && defined(HAVE_DHCP6) +- if (daemon->dhcp6) ++ if (daemon->doing_dhcp6) + bindtodevice(daemon->dhcp6fd); + #endif + } +-- +1.8.1.4 + diff --git a/SOURCES/dnsmasq-2.66-Handle_IPv4_interface_address_labels_in_Linux.patch b/SOURCES/dnsmasq-2.66-Handle_IPv4_interface_address_labels_in_Linux.patch new file mode 100644 index 0000000..1434467 --- /dev/null +++ b/SOURCES/dnsmasq-2.66-Handle_IPv4_interface_address_labels_in_Linux.patch @@ -0,0 +1,283 @@ +From 3f2873d42c4d7e7dba32b6e64a3687d43928bc8e Mon Sep 17 00:00:00 2001 +From: Simon Kelley +Date: Tue, 14 May 2013 11:28:47 +0100 +Subject: [PATCH] Handle IPv4 interface-address labels in Linux. + +--- + CHANGELOG | 9 +++++++++ + src/bpf.c | 2 +- + src/dhcp.c | 14 +++++++++----- + src/dnsmasq.h | 1 + + src/forward.c | 3 ++- + src/lease.c | 3 ++- + src/netlink.c | 7 +++++-- + src/network.c | 39 +++++++++++++++++++++++++++++++-------- + src/tftp.c | 3 ++- + 9 files changed, 62 insertions(+), 19 deletions(-) + +diff --git a/CHANGELOG b/CHANGELOG +index f6ce80e..7aa0024 100644 +--- a/CHANGELOG ++++ b/CHANGELOG +@@ -21,6 +21,15 @@ version 2.67 + Fix --dhcp-match, --dhcp-vendorclass and --dhcp-userclass + to work with BOOTP and well as DHCP. Thanks to Peter + Korsgaard for spotting the problem. ++ ++ Handle IPv4 interface-address labels in Linux. These are ++ often used to emulate the old IP-alias addresses. Before, ++ using --interface=eth0 would service all the addresses of ++ eth0, including ones configured as aliases, which appear ++ in ifconfig as eth0:0. Now, only addresses with the label ++ eth0 are active. This is not backwards compatible: if you ++ want to continue to bind the aliases too, you need to add ++ eg. --interface=eth0:0 to the config. + + + version 2.66 +diff --git a/src/bpf.c b/src/bpf.c +index 02a3abb..e75b0c6 100644 +--- a/src/bpf.c ++++ b/src/bpf.c +@@ -123,7 +123,7 @@ int iface_enumerate(int family, void *parm, int (*callback)()) + broadcast = ((struct sockaddr_in *) addrs->ifa_broadaddr)->sin_addr; + else + broadcast.s_addr = 0; +- if (!((*callback)(addr, iface_index, netmask, broadcast, parm))) ++ if (!((*callback)(addr, iface_index, NULL, netmask, broadcast, parm))) + goto err; + } + #ifdef HAVE_IPV6 +diff --git a/src/dhcp.c b/src/dhcp.c +index dd25632..333a327 100644 +--- a/src/dhcp.c ++++ b/src/dhcp.c +@@ -28,9 +28,9 @@ struct match_param { + struct in_addr netmask, broadcast, addr; + }; + +-static int complete_context(struct in_addr local, int if_index, ++static int complete_context(struct in_addr local, int if_index, char *label, + struct in_addr netmask, struct in_addr broadcast, void *vparam); +-static int check_listen_addrs(struct in_addr local, int if_index, ++static int check_listen_addrs(struct in_addr local, int if_index, char *label, + struct in_addr netmask, struct in_addr broadcast, void *vparam); + + static int make_fd(int port) +@@ -287,7 +287,7 @@ void dhcp_packet(time_t now, int pxe_fd) + iface_addr = match.addr; + /* make sure secondary address gets priority in case + there is more than one address on the interface in the same subnet */ +- complete_context(match.addr, iface_index, match.netmask, match.broadcast, &parm); ++ complete_context(match.addr, iface_index, NULL, match.netmask, match.broadcast, &parm); + } + + if (!iface_enumerate(AF_INET, &parm, complete_context)) +@@ -411,12 +411,14 @@ void dhcp_packet(time_t now, int pxe_fd) + } + + /* check against secondary interface addresses */ +-static int check_listen_addrs(struct in_addr local, int if_index, ++static int check_listen_addrs(struct in_addr local, int if_index, char *label, + struct in_addr netmask, struct in_addr broadcast, void *vparam) + { + struct match_param *param = vparam; + struct iname *tmp; + ++ (void) label; ++ + if (if_index == param->ind) + { + for (tmp = daemon->if_addrs; tmp; tmp = tmp->next) +@@ -444,11 +446,13 @@ static int check_listen_addrs(struct in_addr local, int if_index, + + Note that the current chain may be superceded later for configured hosts or those coming via gateways. */ + +-static int complete_context(struct in_addr local, int if_index, ++static int complete_context(struct in_addr local, int if_index, char *label, + struct in_addr netmask, struct in_addr broadcast, void *vparam) + { + struct dhcp_context *context; + struct iface_param *param = vparam; ++ ++ (void)label; + + for (context = daemon->dhcp; context; context = context->next) + { +diff --git a/src/dnsmasq.h b/src/dnsmasq.h +index e177cea..8866dd8 100644 +--- a/src/dnsmasq.h ++++ b/src/dnsmasq.h +@@ -1030,6 +1030,7 @@ void create_bound_listeners(int die); + int is_dad_listeners(void); + int iface_check(int family, struct all_addr *addr, char *name, int *auth_dns); + int loopback_exception(int fd, int family, struct all_addr *addr, char *name); ++int label_exception(int index, int family, struct all_addr *addr); + int fix_fd(int fd); + int tcp_interface(int fd, int af); + struct in_addr get_ifaddr(char *intr); +diff --git a/src/forward.c b/src/forward.c +index 78495ca..28fe9eb 100644 +--- a/src/forward.c ++++ b/src/forward.c +@@ -789,7 +789,8 @@ void receive_query(struct listener *listen, time_t now) + { + if (!option_bool(OPT_CLEVERBIND)) + enumerate_interfaces(); +- if (!loopback_exception(listen->fd, listen->family, &dst_addr, ifr.ifr_name)) ++ if (!loopback_exception(listen->fd, listen->family, &dst_addr, ifr.ifr_name) && ++ !label_exception(if_index, listen->family, &dst_addr)) + return; + } + +diff --git a/src/lease.c b/src/lease.c +index a4560ba..b85cf57 100644 +--- a/src/lease.c ++++ b/src/lease.c +@@ -345,11 +345,12 @@ void lease_update_file(time_t now) + } + + +-static int find_interface_v4(struct in_addr local, int if_index, ++static int find_interface_v4(struct in_addr local, int if_index, char *label, + struct in_addr netmask, struct in_addr broadcast, void *vparam) + { + struct dhcp_lease *lease; + ++ (void) label; + (void) broadcast; + (void) vparam; + +diff --git a/src/netlink.c b/src/netlink.c +index 0881b71..78d0926 100644 +--- a/src/netlink.c ++++ b/src/netlink.c +@@ -215,7 +215,8 @@ int iface_enumerate(int family, void *parm, int (*callback)()) + if (ifa->ifa_family == AF_INET) + { + struct in_addr netmask, addr, broadcast; +- ++ char *label = NULL; ++ + netmask.s_addr = htonl(0xffffffff << (32 - ifa->ifa_prefixlen)); + addr.s_addr = 0; + broadcast.s_addr = 0; +@@ -226,12 +227,14 @@ int iface_enumerate(int family, void *parm, int (*callback)()) + addr = *((struct in_addr *)(rta+1)); + else if (rta->rta_type == IFA_BROADCAST) + broadcast = *((struct in_addr *)(rta+1)); ++ else if (rta->rta_type == IFA_LABEL) ++ label = RTA_DATA(rta); + + rta = RTA_NEXT(rta, len1); + } + + if (addr.s_addr && callback_ok) +- if (!((*callback)(addr, ifa->ifa_index, netmask, broadcast, parm))) ++ if (!((*callback)(addr, ifa->ifa_index, label, netmask, broadcast, parm))) + callback_ok = 0; + } + #ifdef HAVE_IPV6 +diff --git a/src/network.c b/src/network.c +index 792914b..473e85f 100644 +--- a/src/network.c ++++ b/src/network.c +@@ -204,7 +204,27 @@ int loopback_exception(int fd, int family, struct all_addr *addr, char *name) + return 0; + } + +-static int iface_allowed(struct irec **irecp, int if_index, ++/* If we're configured with something like --interface=eth0:0 then we'll listen correctly ++ on the relevant address, but the name of the arrival interface, derived from the ++ index won't match the config. Check that we found an interface address for the arrival ++ interface: daemon->interfaces must be up-to-date. */ ++int label_exception(int index, int family, struct all_addr *addr) ++{ ++ struct irec *iface; ++ ++ /* labels only supported on IPv4 addresses. */ ++ if (family != AF_INET) ++ return 0; ++ ++ for (iface = daemon->interfaces; iface; iface = iface->next) ++ if (iface->index == index && iface->addr.sa.sa_family == AF_INET && ++ iface->addr.in.sin_addr.s_addr == addr->addr.addr4.s_addr) ++ return 1; ++ ++ return 0; ++} ++ ++static int iface_allowed(struct irec **irecp, int if_index, char *label, + union mysockaddr *addr, struct in_addr netmask, int dad) + { + struct irec *iface; +@@ -242,8 +262,8 @@ static int iface_allowed(struct irec **irecp, int if_index, + loopback = ifr.ifr_flags & IFF_LOOPBACK; + + if (loopback) +- dhcp_ok = 0; +- ++ dhcp_ok = 0; ++ + if (ioctl(fd, SIOCGIFMTU, &ifr) != -1) + mtu = ifr.ifr_mtu; + +@@ -272,13 +292,16 @@ static int iface_allowed(struct irec **irecp, int if_index, + } + } + ++ if (!label) ++ label = ifr.ifr_name; ++ + if (addr->sa.sa_family == AF_INET && +- !iface_check(AF_INET, (struct all_addr *)&addr->in.sin_addr, ifr.ifr_name, &auth_dns)) ++ !iface_check(AF_INET, (struct all_addr *)&addr->in.sin_addr, label, &auth_dns)) + return 1; + + #ifdef HAVE_IPV6 + if (addr->sa.sa_family == AF_INET6 && +- !iface_check(AF_INET6, (struct all_addr *)&addr->in6.sin6_addr, ifr.ifr_name, &auth_dns)) ++ !iface_check(AF_INET6, (struct all_addr *)&addr->in6.sin6_addr, label, &auth_dns)) + return 1; + #endif + +@@ -348,11 +371,11 @@ static int iface_allowed_v6(struct in6_addr *local, int prefix, + addr.in6.sin6_port = htons(daemon->port); + addr.in6.sin6_scope_id = if_index; + +- return iface_allowed((struct irec **)vparam, if_index, &addr, netmask, !!(flags & IFACE_TENTATIVE)); ++ return iface_allowed((struct irec **)vparam, if_index, NULL, &addr, netmask, !!(flags & IFACE_TENTATIVE)); + } + #endif + +-static int iface_allowed_v4(struct in_addr local, int if_index, ++static int iface_allowed_v4(struct in_addr local, int if_index, char *label, + struct in_addr netmask, struct in_addr broadcast, void *vparam) + { + union mysockaddr addr; +@@ -366,7 +389,7 @@ static int iface_allowed_v4(struct in_addr local, int if_index, + addr.in.sin_addr = local; + addr.in.sin_port = htons(daemon->port); + +- return iface_allowed((struct irec **)vparam, if_index, &addr, netmask, 0); ++ return iface_allowed((struct irec **)vparam, if_index, label, &addr, netmask, 0); + } + + int enumerate_interfaces(void) +diff --git a/src/tftp.c b/src/tftp.c +index 960b1ee..d7d050f 100644 +--- a/src/tftp.c ++++ b/src/tftp.c +@@ -202,7 +202,8 @@ void tftp_request(struct listener *listen, time_t now) + { + if (!option_bool(OPT_CLEVERBIND)) + enumerate_interfaces(); +- if (!loopback_exception(listen->tftpfd, listen->family, &addra, name)) ++ if (!loopback_exception(listen->tftpfd, listen->family, &addra, name) && ++ !label_exception(if_index, listen->family, &addra) ) + return; + } + +-- +1.8.1.4 + diff --git a/SOURCES/dnsmasq-2.66-Log-forwarding-table-overflows.patch b/SOURCES/dnsmasq-2.66-Log-forwarding-table-overflows.patch new file mode 100644 index 0000000..99dedce --- /dev/null +++ b/SOURCES/dnsmasq-2.66-Log-forwarding-table-overflows.patch @@ -0,0 +1,34 @@ +From 0da5e8979b5e5466d0f7bb836f2716cbcf1d4589 Mon Sep 17 00:00:00 2001 +From: Marcelo Salhab Brogliato +Date: Fri, 31 May 2013 11:49:06 +0100 +Subject: [PATCH 1/1] Log forwarding table overflows. + +--- + src/forward.c | 9 +++++++++ + 1 file changed, 9 insertions(+), 0 deletions(-) + +diff --git a/src/forward.c b/src/forward.c +index 33a68a0..6c9f646 100644 +--- a/src/forward.c ++++ b/src/forward.c +@@ -1205,8 +1205,17 @@ struct frec *get_new_frec(time_t now, int *wait) + /* none available, calculate time 'till oldest record expires */ + if (count > daemon->ftabsize) + { ++ static time_t last_log = 0; ++ + if (oldest && wait) + *wait = oldest->time + (time_t)TIMEOUT - now; ++ ++ if ((int)difftime(now, last_log) > 5) ++ { ++ last_log = now; ++ my_syslog(LOG_WARNING, _("Maximum number of concurrent DNS queries reached (max: %d)"), daemon->ftabsize); ++ } ++ + return NULL; + } + +-- +1.7.2.5 + diff --git a/SOURCES/dnsmasq-2.66-Manpage-typos.patch b/SOURCES/dnsmasq-2.66-Manpage-typos.patch new file mode 100644 index 0000000..de7c44a --- /dev/null +++ b/SOURCES/dnsmasq-2.66-Manpage-typos.patch @@ -0,0 +1,97 @@ +From a66d36ea1112c861ad2f11ed40cc26973873e5be Mon Sep 17 00:00:00 2001 +From: Tomas Hozza +Date: Mon, 22 Apr 2013 15:08:07 +0100 +Subject: [PATCH] Manpage typos. + +--- + man/dnsmasq.8 | 18 +++++++++--------- + 1 file changed, 9 insertions(+), 9 deletions(-) + +diff --git a/man/dnsmasq.8 b/man/dnsmasq.8 +index 96d8938..fc12b1c 100644 +--- a/man/dnsmasq.8 ++++ b/man/dnsmasq.8 +@@ -559,7 +559,7 @@ needed for a client to do validation itself. + .B --auth-zone=[,[,.....]] + Define a DNS zone for which dnsmasq acts as authoritative server. Locally defined DNS records which are in the domain + will be served, except that A and AAAA records must be in one of the +-specified subnets, or in a subnet corresponding to a contructed DHCP ++specified subnets, or in a subnet corresponding to a constructed DHCP + range. The subnet(s) are also used to define in-addr.arpa and + ipv6.arpa domains which are served for reverse-DNS queries. For IPv4 + subnets, the prefix length is limited to the values 8, 16 or 24. +@@ -763,7 +763,7 @@ This is + useful when there is another DHCP server on the network which should + be used by some machines. + +-The set: contruct sets the tag ++The set: construct sets the tag + whenever this dhcp-host directive is in use. This can be used to + selectively send DHCP options just for this host. More than one tag + can be set in a dhcp-host directive (but not in other places where +@@ -978,7 +978,7 @@ agent ID and one provided by a relay agent, the tag is set. + (IPv4 only) A normal DHCP relay agent is only used to forward the initial parts of + a DHCP interaction to the DHCP server. Once a client is configured, it + communicates directly with the server. This is undesirable if the +-relay agent is addding extra information to the DHCP packets, such as ++relay agent is adding extra information to the DHCP packets, such as + that used by + .B dhcp-circuitid + and +@@ -995,7 +995,7 @@ relays at those addresses are affected. + Without a value, set the tag if the client sends a DHCP + option of the given number or name. When a value is given, set the tag only if + the option is sent and matches the value. The value may be of the form +-"01:ff:*:02" in which case the value must match (apart from widcards) ++"01:ff:*:02" in which case the value must match (apart from wildcards) + but the option sent may have unmatched data past the end of the + value. The value may also be of the same form as in + .B dhcp-option +@@ -1008,7 +1008,7 @@ will set the tag "efi-ia32" if the the number 6 appears in the list of + architectures sent by the client in option 93. (See RFC 4578 for + details.) If the value is a string, substring matching is used. + +-The special form with vi-encap: matches against ++The special form with vi-encap: matches against + vendor-identifying vendor classes for the specified enterprise. Please + see RFC 3925 for more details of these rare and interesting beasts. + .TP +@@ -1036,7 +1036,7 @@ dhcp-host configuration in dnsmasq and the contents of /etc/hosts and + .TP + .B --dhcp-generate-names=tag:[,tag:] + (IPv4 only) Generate a name for DHCP clients which do not otherwise have one, +-using the MAC address expressed in hex, seperated by dashes. Note that ++using the MAC address expressed in hex, separated by dashes. Note that + if a host provides a name, it will be used by preference to this, + unless + .B --dhcp-ignore-names +@@ -1113,7 +1113,7 @@ timeout has elapsed with no keyboard input, the first available menu + option will be automatically executed. If the timeout is zero then the first available menu + item will be executed immediately. If + .B pxe-prompt +-is ommitted the system will wait for user input if there are multiple ++is omitted the system will wait for user input if there are multiple + items in the menu, but boot immediately if + there is only one. See + .B pxe-service +@@ -1412,7 +1412,7 @@ In the default mode, dnsmasq inserts the unqualified names of + DHCP clients into the DNS. For this reason, the names must be unique, + even if two clients which have the same name are in different + domains. If a second DHCP client appears which has the same name as an +-existing client, the name is transfered to the new client. If ++existing client, the name is transferred to the new client. If + .B --dhcp-fqdn + is set, this behaviour changes: the unqualified name is no longer + put in the DNS, only the qualified name. Two DHCP clients with the +@@ -1666,7 +1666,7 @@ used to allocate the address, one from any matching + The tag "bootp" is set for BOOTP requests, and a tag whose name is the + name of the interface on which the request arrived is also set. + +-Any configuration lines which includes one or more tag: contructs ++Any configuration lines which include one or more tag: constructs + will only be valid if all that tags are matched in the set derived + above. Typically this is dhcp-option. + .B dhcp-option +-- +1.8.1.4 + diff --git a/SOURCES/dnsmasq-2.66-Note-that-dhcp_lease_time-and-dhcp_release-work-for-IPv4.patch b/SOURCES/dnsmasq-2.66-Note-that-dhcp_lease_time-and-dhcp_release-work-for-IPv4.patch new file mode 100644 index 0000000..9da0a80 --- /dev/null +++ b/SOURCES/dnsmasq-2.66-Note-that-dhcp_lease_time-and-dhcp_release-work-for-IPv4.patch @@ -0,0 +1,45 @@ +From 1c10b9de118c951a5aedc130e55101987dcc3feb Mon Sep 17 00:00:00 2001 +From: Simon Kelley +Date: Tue, 23 Apr 2013 10:58:35 +0100 +Subject: [PATCH] Note that dhcp_lease_time and dhcp_release only work for + IPv4. + +--- + contrib/wrt/dhcp_lease_time.1 | 6 ++++-- + contrib/wrt/dhcp_release.1 | 2 ++ + 2 files changed, 6 insertions(+), 2 deletions(-) + +diff --git a/contrib/wrt/dhcp_lease_time.1 b/contrib/wrt/dhcp_lease_time.1 +index 2720b71..2fa78d3 100644 +--- a/contrib/wrt/dhcp_lease_time.1 ++++ b/contrib/wrt/dhcp_lease_time.1 +@@ -12,9 +12,11 @@ If an error occurs or no lease exists for the given address, + nothing is sent to stdout a message is sent to stderr and a + non-zero error code is returned. + +-Requires dnsmasq 2.40 or later and may not work with other DHCP servers. ++Requires dnsmasq 2.66 or later and may not work with other DHCP servers. + +-The address argument is a dotted-quad IP addresses and mandatory. ++The address argument is a dotted-quad IP addresses and mandatory. ++.SH LIMITATIONS ++Only works with IPv4 addresses and DHCP leases. + .SH SEE ALSO + .BR dnsmasq (8) + .SH AUTHOR +diff --git a/contrib/wrt/dhcp_release.1 b/contrib/wrt/dhcp_release.1 +index eb5307a..e71aba0 100644 +--- a/contrib/wrt/dhcp_release.1 ++++ b/contrib/wrt/dhcp_release.1 +@@ -27,6 +27,8 @@ for ethernet. This encoding is the one used in dnsmasq lease files. + The client-id is optional. If it is "*" then it treated as being missing. + .SH NOTES + MUST be run as root - will fail otherwise. ++.SH LIMITATIONS ++Only usable on IPv4 DHCP leases. + .SH SEE ALSO + .BR dnsmasq (8) + .SH AUTHOR +-- +1.8.1.4 + diff --git a/SOURCES/dnsmasq-2.66-Remove-limit-in-prefix-length-in-auth-zone.patch b/SOURCES/dnsmasq-2.66-Remove-limit-in-prefix-length-in-auth-zone.patch new file mode 100644 index 0000000..cc4bd45 --- /dev/null +++ b/SOURCES/dnsmasq-2.66-Remove-limit-in-prefix-length-in-auth-zone.patch @@ -0,0 +1,68 @@ +From baa80ae5125beabd49edae2cdfaf3817a88a2ab6 Mon Sep 17 00:00:00 2001 +From: Simon Kelley +Date: Wed, 29 May 2013 16:32:07 +0100 +Subject: [PATCH 1/1] Remove limit in prefix length in --auth-zone. + +--- + man/dnsmasq.8 | 9 ++++++--- + src/auth.c | 4 ++-- + src/option.c | 2 -- + 3 files changed, 8 insertions(+), 7 deletions(-) + +diff --git a/man/dnsmasq.8 b/man/dnsmasq.8 +index 2638930..d2e3d18 100644 +--- a/man/dnsmasq.8 ++++ b/man/dnsmasq.8 +@@ -572,13 +572,16 @@ If you use the first DNSSEC mode, validating resolvers in clients, + this option is not required. Dnsmasq always returns all the data + needed for a client to do validation itself. + .TP +-.B --auth-zone=[,[,.....]] ++.B --auth-zone=[,[/][,[/].....]] + Define a DNS zone for which dnsmasq acts as authoritative server. Locally defined DNS records which are in the domain + will be served, except that A and AAAA records must be in one of the + specified subnets, or in a subnet corresponding to a constructed DHCP + range. The subnet(s) are also used to define in-addr.arpa and +-ipv6.arpa domains which are served for reverse-DNS queries. For IPv4 +-subnets, the prefix length is limited to the values 8, 16 or 24. ++ipv6.arpa domains which are served for reverse-DNS queries. If not ++specified, the prefix length defaults to 24 for IPv4 and 64 for IPv6. ++For IPv4 subnets, the prefix length should be have the value 8, 16 or 24 ++unless you are familiar with RFC 2317 and have arranged the ++in-addr.arpa delegation accordingly. + .TP + .B --auth-soa=[,[,[,[,]]]] + Specify fields in the SOA record associated with authoritative +diff --git a/src/auth.c b/src/auth.c +index 2a3f323..b08f85c 100644 +--- a/src/auth.c ++++ b/src/auth.c +@@ -520,10 +520,10 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n + in_addr_t a = ntohl(subnet->addr4.s_addr) >> 8; + char *p = name; + +- if (subnet->prefixlen == 24) ++ if (subnet->prefixlen >= 24) + p += sprintf(p, "%d.", a & 0xff); + a = a >> 8; +- if (subnet->prefixlen != 8) ++ if (subnet->prefixlen >= 16 ) + p += sprintf(p, "%d.", a & 0xff); + a = a >> 8; + p += sprintf(p, "%d.in-addr.arpa", a & 0xff); +diff --git a/src/option.c b/src/option.c +index ac54c31..25bbf48 100644 +--- a/src/option.c ++++ b/src/option.c +@@ -1637,8 +1637,6 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma + + if (inet_pton(AF_INET, arg, &subnet->addr4)) + { +- if ((prefixlen & 0x07) != 0 || prefixlen > 24) +- ret_err(_("bad prefix")); + subnet->prefixlen = (prefixlen == 0) ? 24 : prefixlen; + subnet->is6 = 0; + } +-- +1.7.2.5 + diff --git a/SOURCES/dnsmasq-2.66-Send-TCP-DNS-messages-in-one-write-call.patch b/SOURCES/dnsmasq-2.66-Send-TCP-DNS-messages-in-one-write-call.patch new file mode 100644 index 0000000..ffeafb5 --- /dev/null +++ b/SOURCES/dnsmasq-2.66-Send-TCP-DNS-messages-in-one-write-call.patch @@ -0,0 +1,90 @@ +From 4b5ea12e90024ade5033b3b83a8b2620035952ba Mon Sep 17 00:00:00 2001 +From: Simon Kelley +Date: Mon, 22 Apr 2013 10:18:26 +0100 +Subject: [PATCH] Send TCP DNS messages in one write() call. Stops TCP stream + fragmenting. + +This is an optimisation, not a bugfix. Thanks to Jim Bos for spotting it. +--- + src/forward.c | 31 +++++++++++++------------------ + 1 file changed, 13 insertions(+), 18 deletions(-) + +diff --git a/src/forward.c b/src/forward.c +index 1ea25dd..77d6849 100644 +--- a/src/forward.c ++++ b/src/forward.c +@@ -880,9 +880,12 @@ unsigned char *tcp_request(int confd, time_t now, + unsigned short qtype; + unsigned int gotname; + unsigned char c1, c2; +- /* Max TCP packet + slop */ +- unsigned char *packet = whine_malloc(65536 + MAXDNAME + RRFIXEDSZ); +- struct dns_header *header; ++ /* Max TCP packet + slop + size */ ++ unsigned char *packet = whine_malloc(65536 + MAXDNAME + RRFIXEDSZ + sizeof(u16)); ++ unsigned char *payload = &packet[2]; ++ /* largest field in header is 16-bits, so this is still sufficiently aligned */ ++ struct dns_header *header = (struct dns_header *)payload; ++ u16 *length = (u16 *)packet; + struct server *last_server; + struct in_addr dst_addr_4; + union mysockaddr peer_addr; +@@ -896,14 +899,12 @@ unsigned char *tcp_request(int confd, time_t now, + if (!packet || + !read_write(confd, &c1, 1, 1) || !read_write(confd, &c2, 1, 1) || + !(size = c1 << 8 | c2) || +- !read_write(confd, packet, size, 1)) ++ !read_write(confd, payload, size, 1)) + return packet; + + if (size < (int)sizeof(struct dns_header)) + continue; + +- header = (struct dns_header *)packet; +- + /* save state of "cd" flag in query */ + checking_disabled = header->hb4 & HB4_CD; + +@@ -1020,12 +1021,9 @@ unsigned char *tcp_request(int confd, time_t now, + #endif + } + +- c1 = size >> 8; +- c2 = size; ++ *length = htons(size); + +- if (!read_write(last_server->tcpfd, &c1, 1, 0) || +- !read_write(last_server->tcpfd, &c2, 1, 0) || +- !read_write(last_server->tcpfd, packet, size, 0) || ++ if (!read_write(last_server->tcpfd, packet, size + sizeof(u16), 0) || + !read_write(last_server->tcpfd, &c1, 1, 1) || + !read_write(last_server->tcpfd, &c2, 1, 1)) + { +@@ -1035,7 +1033,7 @@ unsigned char *tcp_request(int confd, time_t now, + } + + m = (c1 << 8) | c2; +- if (!read_write(last_server->tcpfd, packet, m, 1)) ++ if (!read_write(last_server->tcpfd, payload, m, 1)) + return packet; + + if (!gotname) +@@ -1071,12 +1069,9 @@ unsigned char *tcp_request(int confd, time_t now, + + check_log_writer(NULL); + +- c1 = m>>8; +- c2 = m; +- if (m == 0 || +- !read_write(confd, &c1, 1, 0) || +- !read_write(confd, &c2, 1, 0) || +- !read_write(confd, packet, m, 0)) ++ *length = htons(m); ++ ++ if (m == 0 || !read_write(confd, packet, m + sizeof(u16), 0)) + return packet; + } + } +-- +1.8.1.4 + diff --git a/SOURCES/dnsmasq-2.66-Set-SOREUSEADDR-as-well-as-SOREUSEPORT-on-DHCP-socke.patch b/SOURCES/dnsmasq-2.66-Set-SOREUSEADDR-as-well-as-SOREUSEPORT-on-DHCP-socke.patch new file mode 100644 index 0000000..3d05210 --- /dev/null +++ b/SOURCES/dnsmasq-2.66-Set-SOREUSEADDR-as-well-as-SOREUSEPORT-on-DHCP-socke.patch @@ -0,0 +1,63 @@ +From ffbad34b310ab2db6a686c85f5c0a0e52c0680c8 Mon Sep 17 00:00:00 2001 +From: Simon Kelley +Date: Wed, 14 Aug 2013 15:53:57 +0100 +Subject: [PATCH] Set SOREUSEADDR as well as SOREUSEPORT on DHCP sockets when + both available. + +Signed-off-by: Tomas Hozza +--- + src/dhcp.c | 8 ++++---- + src/dhcp6.c | 8 ++++---- + 2 files changed, 8 insertions(+), 8 deletions(-) + +diff --git a/src/dhcp.c b/src/dhcp.c +index 333a327..b95a4ba 100644 +--- a/src/dhcp.c ++++ b/src/dhcp.c +@@ -70,15 +70,15 @@ static int make_fd(int port) + support it. This handles the introduction of REUSEPORT on Linux. */ + if (option_bool(OPT_NOWILD) || option_bool(OPT_CLEVERBIND)) + { +- int rc = -1, porterr = 0; ++ int rc = 0; + + #ifdef SO_REUSEPORT + if ((rc = setsockopt(fd, SOL_SOCKET, SO_REUSEPORT, &oneopt, sizeof(oneopt))) == -1 && +- errno != ENOPROTOOPT) +- porterr = 1; ++ errno == ENOPROTOOPT) ++ rc = 0; + #endif + +- if (rc == -1 && !porterr) ++ if (rc != -1) + rc = setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &oneopt, sizeof(oneopt)); + + if (rc == -1) +diff --git a/src/dhcp6.c b/src/dhcp6.c +index 17e03e5..89af7dd 100644 +--- a/src/dhcp6.c ++++ b/src/dhcp6.c +@@ -55,15 +55,15 @@ void dhcp6_init(void) + support it. This handles the introduction of REUSEPORT on Linux. */ + if (option_bool(OPT_NOWILD) || option_bool(OPT_CLEVERBIND)) + { +- int rc = -1, porterr = 0; ++ int rc = 0; + + #ifdef SO_REUSEPORT + if ((rc = setsockopt(fd, SOL_SOCKET, SO_REUSEPORT, &oneopt, sizeof(oneopt))) == -1 && +- errno != ENOPROTOOPT) +- porterr = 1; ++ errno == ENOPROTOOPT) ++ rc = 0; + #endif + +- if (rc == -1 && !porterr) ++ if (rc != -1) + rc = setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &oneopt, sizeof(oneopt)); + + if (rc == -1) +-- +1.8.3.1 + diff --git a/SOURCES/dnsmasq-2.66-Tighten_checks_in_legal_hostname.patch b/SOURCES/dnsmasq-2.66-Tighten_checks_in_legal_hostname.patch new file mode 100644 index 0000000..cc6f603 --- /dev/null +++ b/SOURCES/dnsmasq-2.66-Tighten_checks_in_legal_hostname.patch @@ -0,0 +1,45 @@ +From 7abb69b5dc8dbe369be36bd7bf23c039b036acd1 Mon Sep 17 00:00:00 2001 +From: Simon Kelley +Date: Mon, 29 Apr 2013 10:52:16 +0100 +Subject: [PATCH] Tighten checks in legal_hostname(). + +--- + src/util.c | 14 +++++++++----- + 1 file changed, 9 insertions(+), 5 deletions(-) + +diff --git a/src/util.c b/src/util.c +index 848e01b..af4031c 100644 +--- a/src/util.c ++++ b/src/util.c +@@ -142,19 +142,23 @@ static int check_name(char *in) + int legal_hostname(char *name) + { + char c; ++ int first; + + if (!check_name(name)) + return 0; + +- for (; (c = *name); name++) ++ for (first = 1; (c = *name); name++, first = 0) + /* check for legal char a-z A-Z 0-9 - _ . */ + { + if ((c >= 'A' && c <= 'Z') || +- (c >= 'a' && c <= 'z') || +- (c >= '0' && c <= '9') || +- c == '-' || c == '_') ++ (c >= 'a' && c <= 'z')) + continue; +- ++ ++ if (!first && ++ ((c >= '0' && c <= '9') || ++ c == '-' || c == '_')) ++ continue; ++ + /* end of hostname part */ + if (c == '.') + return 1; +-- +1.8.1.4 + diff --git a/SOURCES/dnsmasq-2.66-Use-dnsmasq-as-default-DNS-server-for-RA-only-if-it-is-doing-DNS.patch b/SOURCES/dnsmasq-2.66-Use-dnsmasq-as-default-DNS-server-for-RA-only-if-it-is-doing-DNS.patch new file mode 100644 index 0000000..22139ee --- /dev/null +++ b/SOURCES/dnsmasq-2.66-Use-dnsmasq-as-default-DNS-server-for-RA-only-if-it-is-doing-DNS.patch @@ -0,0 +1,30 @@ +From ab915f837c1db9b8b095158b41028ea71246d68d Mon Sep 17 00:00:00 2001 +From: Simon Kelley +Date: Tue, 30 Apr 2013 10:41:28 +0100 +Subject: [PATCH] Only use ourselves as default DNS server for RA if we're + doing DNS. + +This makes RA the same as DHCP4/6 +--- + src/radv.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/radv.c b/src/radv.c +index a708758..72a93cb 100644 +--- a/src/radv.c ++++ b/src/radv.c +@@ -300,9 +300,9 @@ static void send_ra(time_t now, int iface, char *iface_name, struct in6_addr *de + } + } + +- if (!done_dns) ++ if (daemon->port == NAMESERVER_PORT && !done_dns) + { +- /* default == us. */ ++ /* default == us, as long as we are supplying DNS service. */ + put_opt6_char(ICMP6_OPT_RDNSS); + put_opt6_char(3); + put_opt6_short(0); +-- +1.8.1.4 + diff --git a/SOURCES/dnsmasq-2.66-dhcp-match-now-work-with-BOOTP.patch b/SOURCES/dnsmasq-2.66-dhcp-match-now-work-with-BOOTP.patch new file mode 100644 index 0000000..c452e96 --- /dev/null +++ b/SOURCES/dnsmasq-2.66-dhcp-match-now-work-with-BOOTP.patch @@ -0,0 +1,282 @@ +From 86e92f998379d219e10517dfa2c42f544ba164ce Mon Sep 17 00:00:00 2001 +From: Simon Kelley +Date: Tue, 23 Apr 2013 11:31:39 +0100 +Subject: [PATCH] --dhcp-match et al now work with BOOTP as well as DHCP. + +--- + CHANGELOG | 4 ++ + src/rfc2131.c | 227 +++++++++++++++++++++++++++++----------------------------- + 2 files changed, 117 insertions(+), 114 deletions(-) + +diff --git a/CHANGELOG b/CHANGELOG +index 268b64d..0a34b64 100644 +--- a/CHANGELOG ++++ b/CHANGELOG +@@ -11,6 +11,10 @@ version 2.67 + lease-time only if it's specifically requested + (maintaining standards) and the dhcp_lease_time utility + has been taught to ask for it (restoring functionality). ++ ++ Fix --dhcp-match, --dhcp-vendorclass and --dhcp-userclass ++ to work with BOOTP and well as DHCP. Thanks to Peter ++ Korsgaard for spotting the problem. + + + version 2.66 +diff --git a/src/rfc2131.c b/src/rfc2131.c +index 013a446..54e444b 100644 +--- a/src/rfc2131.c ++++ b/src/rfc2131.c +@@ -355,6 +355,117 @@ size_t dhcp_reply(struct dhcp_context *context, char *iface_name, int int_index, + ntohl(mess->xid), daemon->namebuff, inet_ntoa(context_tmp->end)); + } + } ++ ++ /* dhcp-match. If we have hex-and-wildcards, look for a left-anchored match. ++ Otherwise assume the option is an array, and look for a matching element. ++ If no data given, existance of the option is enough. This code handles ++ rfc3925 V-I classes too. */ ++ for (o = daemon->dhcp_match; o; o = o->next) ++ { ++ unsigned int len, elen, match = 0; ++ size_t offset, o2; ++ ++ if (o->flags & DHOPT_RFC3925) ++ { ++ if (!(opt = option_find(mess, sz, OPTION_VENDOR_IDENT, 5))) ++ continue; ++ ++ for (offset = 0; offset < (option_len(opt) - 5u); offset += len + 5) ++ { ++ len = option_uint(opt, offset + 4 , 1); ++ /* Need to take care that bad data can't run us off the end of the packet */ ++ if ((offset + len + 5 <= (option_len(opt))) && ++ (option_uint(opt, offset, 4) == (unsigned int)o->u.encap)) ++ for (o2 = offset + 5; o2 < offset + len + 5; o2 += elen + 1) ++ { ++ elen = option_uint(opt, o2, 1); ++ if ((o2 + elen + 1 <= option_len(opt)) && ++ (match = match_bytes(o, option_ptr(opt, o2 + 1), elen))) ++ break; ++ } ++ if (match) ++ break; ++ } ++ } ++ else ++ { ++ if (!(opt = option_find(mess, sz, o->opt, 1))) ++ continue; ++ ++ match = match_bytes(o, option_ptr(opt, 0), option_len(opt)); ++ } ++ ++ if (match) ++ { ++ o->netid->next = netid; ++ netid = o->netid; ++ } ++ } ++ ++ /* user-class options are, according to RFC3004, supposed to contain ++ a set of counted strings. Here we check that this is so (by seeing ++ if the counts are consistent with the overall option length) and if ++ so zero the counts so that we don't get spurious matches between ++ the vendor string and the counts. If the lengths don't add up, we ++ assume that the option is a single string and non RFC3004 compliant ++ and just do the substring match. dhclient provides these broken options. ++ The code, later, which sends user-class data to the lease-change script ++ relies on the transformation done here. ++ */ ++ ++ if ((opt = option_find(mess, sz, OPTION_USER_CLASS, 1))) ++ { ++ unsigned char *ucp = option_ptr(opt, 0); ++ int tmp, j; ++ for (j = 0; j < option_len(opt); j += ucp[j] + 1); ++ if (j == option_len(opt)) ++ for (j = 0; j < option_len(opt); j = tmp) ++ { ++ tmp = j + ucp[j] + 1; ++ ucp[j] = 0; ++ } ++ } ++ ++ for (vendor = daemon->dhcp_vendors; vendor; vendor = vendor->next) ++ { ++ int mopt; ++ ++ if (vendor->match_type == MATCH_VENDOR) ++ mopt = OPTION_VENDOR_ID; ++ else if (vendor->match_type == MATCH_USER) ++ mopt = OPTION_USER_CLASS; ++ else ++ continue; ++ ++ if ((opt = option_find(mess, sz, mopt, 1))) ++ { ++ int i; ++ for (i = 0; i <= (option_len(opt) - vendor->len); i++) ++ if (memcmp(vendor->data, option_ptr(opt, i), vendor->len) == 0) ++ { ++ vendor->netid.next = netid; ++ netid = &vendor->netid; ++ break; ++ } ++ } ++ } ++ ++ /* mark vendor-encapsulated options which match the client-supplied vendor class, ++ save client-supplied vendor class */ ++ if ((opt = option_find(mess, sz, OPTION_VENDOR_ID, 1))) ++ { ++ memcpy(daemon->dhcp_buff3, option_ptr(opt, 0), option_len(opt)); ++ vendor_class_len = option_len(opt); ++ } ++ match_vendor_opts(opt, daemon->dhcp_opts); ++ ++ if (option_bool(OPT_LOG_OPTS)) ++ { ++ if (sanitise(opt, daemon->namebuff)) ++ my_syslog(MS_DHCP | LOG_INFO, _("%u vendor class: %s"), ntohl(mess->xid), daemon->namebuff); ++ if (sanitise(option_find(mess, sz, OPTION_USER_CLASS, 1), daemon->namebuff)) ++ my_syslog(MS_DHCP | LOG_INFO, _("%u user class: %s"), ntohl(mess->xid), daemon->namebuff); ++ } + + mess->op = BOOTREPLY; + +@@ -494,9 +605,8 @@ size_t dhcp_reply(struct dhcp_context *context, char *iface_name, int int_index, + lease_set_interface(lease, int_index, now); + + clear_packet(mess, end); +- match_vendor_opts(NULL, daemon->dhcp_opts); /* clear flags */ + do_options(context, mess, end, NULL, hostname, get_domain(mess->yiaddr), +- netid, subnet_addr, 0, 0, -1, NULL, 0, now); ++ netid, subnet_addr, 0, 0, -1, NULL, vendor_class_len, now); + } + } + +@@ -623,119 +733,8 @@ size_t dhcp_reply(struct dhcp_context *context, char *iface_name, int int_index, + } + } + +- /* dhcp-match. If we have hex-and-wildcards, look for a left-anchored match. +- Otherwise assume the option is an array, and look for a matching element. +- If no data given, existance of the option is enough. This code handles +- rfc3925 V-I classes too. */ +- for (o = daemon->dhcp_match; o; o = o->next) +- { +- unsigned int len, elen, match = 0; +- size_t offset, o2; +- +- if (o->flags & DHOPT_RFC3925) +- { +- if (!(opt = option_find(mess, sz, OPTION_VENDOR_IDENT, 5))) +- continue; +- +- for (offset = 0; offset < (option_len(opt) - 5u); offset += len + 5) +- { +- len = option_uint(opt, offset + 4 , 1); +- /* Need to take care that bad data can't run us off the end of the packet */ +- if ((offset + len + 5 <= (option_len(opt))) && +- (option_uint(opt, offset, 4) == (unsigned int)o->u.encap)) +- for (o2 = offset + 5; o2 < offset + len + 5; o2 += elen + 1) +- { +- elen = option_uint(opt, o2, 1); +- if ((o2 + elen + 1 <= option_len(opt)) && +- (match = match_bytes(o, option_ptr(opt, o2 + 1), elen))) +- break; +- } +- if (match) +- break; +- } +- } +- else +- { +- if (!(opt = option_find(mess, sz, o->opt, 1))) +- continue; +- +- match = match_bytes(o, option_ptr(opt, 0), option_len(opt)); +- } +- +- if (match) +- { +- o->netid->next = netid; +- netid = o->netid; +- } +- } +- +- /* user-class options are, according to RFC3004, supposed to contain +- a set of counted strings. Here we check that this is so (by seeing +- if the counts are consistent with the overall option length) and if +- so zero the counts so that we don't get spurious matches between +- the vendor string and the counts. If the lengths don't add up, we +- assume that the option is a single string and non RFC3004 compliant +- and just do the substring match. dhclient provides these broken options. +- The code, later, which sends user-class data to the lease-change script +- relies on the transformation done here. +- */ +- +- if ((opt = option_find(mess, sz, OPTION_USER_CLASS, 1))) +- { +- unsigned char *ucp = option_ptr(opt, 0); +- int tmp, j; +- for (j = 0; j < option_len(opt); j += ucp[j] + 1); +- if (j == option_len(opt)) +- for (j = 0; j < option_len(opt); j = tmp) +- { +- tmp = j + ucp[j] + 1; +- ucp[j] = 0; +- } +- } +- +- for (vendor = daemon->dhcp_vendors; vendor; vendor = vendor->next) +- { +- int mopt; +- +- if (vendor->match_type == MATCH_VENDOR) +- mopt = OPTION_VENDOR_ID; +- else if (vendor->match_type == MATCH_USER) +- mopt = OPTION_USER_CLASS; +- else +- continue; +- +- if ((opt = option_find(mess, sz, mopt, 1))) +- { +- int i; +- for (i = 0; i <= (option_len(opt) - vendor->len); i++) +- if (memcmp(vendor->data, option_ptr(opt, i), vendor->len) == 0) +- { +- vendor->netid.next = netid; +- netid = &vendor->netid; +- break; +- } +- } +- } +- +- /* mark vendor-encapsulated options which match the client-supplied vendor class, +- save client-supplied vendor class */ +- if ((opt = option_find(mess, sz, OPTION_VENDOR_ID, 1))) +- { +- memcpy(daemon->dhcp_buff3, option_ptr(opt, 0), option_len(opt)); +- vendor_class_len = option_len(opt); +- } +- match_vendor_opts(opt, daemon->dhcp_opts); +- +- if (option_bool(OPT_LOG_OPTS)) +- { +- if (sanitise(opt, daemon->namebuff)) +- my_syslog(MS_DHCP | LOG_INFO, _("%u vendor class: %s"), ntohl(mess->xid), daemon->namebuff); +- if (sanitise(option_find(mess, sz, OPTION_USER_CLASS, 1), daemon->namebuff)) +- my_syslog(MS_DHCP | LOG_INFO, _("%u user class: %s"), ntohl(mess->xid), daemon->namebuff); +- } +- + tagif_netid = run_tag_if(netid); +- ++ + /* if all the netids in the ignore list are present, ignore this client */ + for (id_list = daemon->dhcp_ignore; id_list; id_list = id_list->next) + if (match_netid(id_list->list, tagif_netid, 0)) +-- +1.8.1.4 + diff --git a/SOURCES/dnsmasq-2.66-replace-inet_addr-with-inet_pton-in-option-c.patch b/SOURCES/dnsmasq-2.66-replace-inet_addr-with-inet_pton-in-option-c.patch new file mode 100644 index 0000000..d21a776 --- /dev/null +++ b/SOURCES/dnsmasq-2.66-replace-inet_addr-with-inet_pton-in-option-c.patch @@ -0,0 +1,164 @@ +From ddd9a6b499ae601231070854c562611a79e004c0 Mon Sep 17 00:00:00 2001 +From: Simon Kelley +Date: Mon, 29 Apr 2013 17:00:21 +0100 +Subject: [PATCH] replace inet_addr with inet_pton() in src/option.c + +--- + src/option.c | 52 ++++++++++++++++++++++++++-------------------------- + 1 file changed, 26 insertions(+), 26 deletions(-) + +diff --git a/src/option.c b/src/option.c +index 20a8668..d2ab689 100644 +--- a/src/option.c ++++ b/src/option.c +@@ -660,7 +660,7 @@ char *parse_server(char *arg, union mysockaddr *addr, union mysockaddr *source_a + scope_id = split_chr(arg, '%'); + #endif + +- if ((addr->in.sin_addr.s_addr = inet_addr(arg)) != (in_addr_t) -1) ++ if (inet_pton(AF_INET, arg, &addr->in.sin_addr) > 0) + { + addr->in.sin_port = htons(serv_port); + addr->sa.sa_family = source_addr->sa.sa_family = AF_INET; +@@ -675,7 +675,7 @@ char *parse_server(char *arg, union mysockaddr *addr, union mysockaddr *source_a + if (flags) + *flags |= SERV_HAS_SOURCE; + source_addr->in.sin_port = htons(source_port); +- if ((source_addr->in.sin_addr.s_addr = inet_addr(source)) == (in_addr_t) -1) ++ if (!(inet_pton(AF_INET, source, &source_addr->in.sin_addr) > 0)) + { + #if defined(SO_BINDTODEVICE) + source_addr->in.sin_addr.s_addr = INADDR_ANY; +@@ -1031,7 +1031,7 @@ static int parse_dhcp_opt(char *errstr, char *arg, int flags) + cp = comma; + comma = split(cp); + slash = split_chr(cp, '/'); +- in.s_addr = inet_addr(cp); ++ inet_pton(AF_INET, cp, &in); + if (!slash) + { + memcpy(op, &in, INADDRSZ); +@@ -1576,7 +1576,7 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma + comma = split(arg); + new->name = NULL; + unhide_metas(arg); +- if ((new->addr.in.sin_addr.s_addr = inet_addr(arg)) != (in_addr_t)-1) ++ if (inet_pton(AF_INET, arg, &new->addr.in.sin_addr) > 0) + new->addr.sa.sa_family = AF_INET; + #ifdef HAVE_IPV6 + else if (inet_pton(AF_INET6, arg, &new->addr.in6.sin6_addr) > 0) +@@ -1927,7 +1927,7 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma + { + struct in_addr addr; + unhide_metas(arg); +- if (arg && (addr.s_addr = inet_addr(arg)) != (in_addr_t)-1) ++ if (arg && (inet_pton(AF_INET, arg, &addr) > 0)) + { + struct bogus_addr *baddr = opt_malloc(sizeof(struct bogus_addr)); + baddr->next = daemon->bogus_addr; +@@ -1945,7 +1945,7 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma + struct iname *new = opt_malloc(sizeof(struct iname)); + comma = split(arg); + unhide_metas(arg); +- if (arg && (new->addr.in.sin_addr.s_addr = inet_addr(arg)) != (in_addr_t)-1) ++ if (arg && (inet_pton(AF_INET, arg, &new->addr.in.sin_addr) > 0)) + { + new->addr.sa.sa_family = AF_INET; + new->addr.in.sin_port = 0; +@@ -2369,7 +2369,7 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma + } + + if (k >= 3 && strchr(a[2], '.') && +- ((new->netmask.s_addr = inet_addr(a[2])) != (in_addr_t)-1)) ++ (inet_pton(AF_INET, a[2], &new->netmask) > 0)) + { + new->flags |= CONTEXT_NETMASK; + leasepos = 3; +@@ -2378,7 +2378,7 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma + } + + if (k >= 4 && strchr(a[3], '.') && +- ((new->broadcast.s_addr = inet_addr(a[3])) != (in_addr_t)-1)) ++ (inet_pton(AF_INET, a[3], &new->broadcast) > 0)) + { + new->flags |= CONTEXT_BRDCAST; + leasepos = 4; +@@ -2608,7 +2608,7 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma + } + } + } +- else if (strchr(a[j], '.') && (in.s_addr = inet_addr(a[j])) != (in_addr_t)-1) ++ else if (strchr(a[j], '.') && (inet_pton(AF_INET, a[j], &in) > 0)) + { + struct dhcp_config *configs; + +@@ -2805,17 +2805,17 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma + if (comma) + { + unhide_metas(comma); +- if ((dhcp_next_server.s_addr = inet_addr(comma)) == (in_addr_t)-1) { +- +- /* +- * The user may have specified the tftp hostname here. +- * save it so that it can be resolved/looked up during +- * actual dhcp_reply(). +- */ +- +- tftp_sname = opt_string_alloc(comma); +- dhcp_next_server.s_addr = 0; +- } ++ if (!(inet_pton(AF_INET, comma, &dhcp_next_server) > 0)) ++ { ++ /* ++ * The user may have specified the tftp hostname here. ++ * save it so that it can be resolved/looked up during ++ * actual dhcp_reply(). ++ */ ++ ++ tftp_sname = opt_string_alloc(comma); ++ dhcp_next_server.s_addr = 0; ++ } + } + } + +@@ -2828,7 +2828,7 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma + new->next = daemon->boot_config; + daemon->boot_config = new; + } +- ++ + break; + } + +@@ -3144,7 +3144,7 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma + while (arg) { + struct addr_list *new = opt_malloc(sizeof(struct addr_list)); + comma = split(arg); +- if ((new->addr.s_addr = inet_addr(arg)) == (in_addr_t)-1) ++ if (!(inet_pton(AF_INET, arg, &new->addr) > 0)) + ret_err(_("bad dhcp-proxy address")); + new->next = daemon->override_relays; + daemon->override_relays = new; +@@ -3187,15 +3187,15 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma + dash = split_chr(a[0], '-'); + + if ((k < 2) || +- ((new->in.s_addr = inet_addr(a[0])) == (in_addr_t)-1) || +- ((new->out.s_addr = inet_addr(a[1])) == (in_addr_t)-1)) ++ (!(inet_pton(AF_INET, a[0], &new->in) > 0)) || ++ (!(inet_pton(AF_INET, a[1], &new->out) > 0))) + option = '?'; + + if (k == 3) +- new->mask.s_addr = inet_addr(a[2]); ++ inet_pton(AF_INET, a[2], &new->mask); + + if (dash && +- ((new->end.s_addr = inet_addr(dash)) == (in_addr_t)-1 || ++ (!(inet_pton(AF_INET, dash, &new->end) > 0) || + !is_same_net(new->in, new->end, new->mask) || + ntohl(new->in.s_addr) > ntohl(new->end.s_addr))) + ret_err(_("invalid alias range")); +-- +1.8.1.4 + diff --git a/SOURCES/dnsmasq.service b/SOURCES/dnsmasq.service new file mode 100644 index 0000000..07fa92e --- /dev/null +++ b/SOURCES/dnsmasq.service @@ -0,0 +1,9 @@ +[Unit] +Description=DNS caching server. +After=network.target + +[Service] +ExecStart=/usr/sbin/dnsmasq -k + +[Install] +WantedBy=multi-user.target diff --git a/SPECS/dnsmasq.spec b/SPECS/dnsmasq.spec new file mode 100644 index 0000000..f519aa5 --- /dev/null +++ b/SPECS/dnsmasq.spec @@ -0,0 +1,478 @@ +%define testrelease 0 +%define releasecandidate 0 +%if 0%{testrelease} + %define extrapath test-releases/ + %define extraversion test30 +%endif +%if 0%{releasecandidate} + %define extrapath release-candidates/ + %define extraversion rc5 +%endif + +%define _hardened_build 1 + +Name: dnsmasq +Version: 2.66 +Release: 10%{?extraversion}%{?dist} +Summary: A lightweight DHCP/caching DNS server + +Group: System Environment/Daemons +License: GPLv2 +URL: http://www.thekelleys.org.uk/dnsmasq/ +Source0: http://www.thekelleys.org.uk/dnsmasq/%{?extrapath}%{name}-%{version}%{?extraversion}.tar.gz +Source1: %{name}.service + +#include upstream bug fix patches committed after stable release +# commit 4582c0efe7d7af93517b1f3bcc7af67685ab3e5c +Patch0: %{name}-2.66-Fix-wrong_size_in_memset_call.patch +# commit bd08ae67f9a0cae2ce15be885254cad9449d4551 +Patch1: %{name}-2.66-Allow-option_number_zero_in_encapsulated_DHCP_options.patch +# commit 4b5ea12e90024ade5033b3b83a8b2620035952ba +Patch2: %{name}-2.66-Send-TCP-DNS-messages-in-one-write-call.patch +# commit 797a7afba477390bc016c647cfb792c85ee6102d +Patch3: %{name}-2.66-Fix-crash-on-SERVFAIL-when-using-conntrack.patch +# commit aa63a21ce0b20dfe988e0bcdf14b8b930de20311 +Patch4: %{name}-2.66-Fix-regression-in-dhcp_lease_time-utility.patch +# commit a66d36ea1112c861ad2f11ed40cc26973873e5be +Patch5: %{name}-2.66-Manpage-typos.patch +# commit 1c10b9de118c951a5aedc130e55101987dcc3feb +Patch6: %{name}-2.66-Note-that-dhcp_lease_time-and-dhcp_release-work-for-IPv4.patch +# commit 86e92f998379d219e10517dfa2c42f544ba164ce +Patch7: %{name}-2.66-dhcp-match-now-work-with-BOOTP.patch +# commit 7abb69b5dc8dbe369be36bd7bf23c039b036acd1 +Patch8: %{name}-2.66-Tighten_checks_in_legal_hostname.patch +# commit ddd9a6b499ae601231070854c562611a79e004c0 +Patch9: %{name}-2.66-replace-inet_addr-with-inet_pton-in-option-c.patch +# commit b915f837c1db9b8b095158b41028ea71246d68d +Patch10: %{name}-2.66-Use-dnsmasq-as-default-DNS-server-for-RA-only-if-it-is-doing-DNS.patch +# commit 3f2873d42c4d7e7dba32b6e64a3687d43928bc8e - Bug #962246 +Patch11: %{name}-2.66-Handle_IPv4_interface_address_labels_in_Linux.patch +# commit cfcad42ff1ddee8e64d120f18016a654152d0215 - Bug #962874 +Patch12: %{name}-2.66-Fix_failure_to_start_with_ENOTSOCK.patch +# commit 3e8ed78bf1b2649b13129327700d5d55bd2040e2 +Patch13: %{name}-2.66-Fix-option-parsing-for-dhcp-host.patch +# commit baa80ae5125beabd49edae2cdfaf3817a88a2ab6 +Patch14: %{name}-2.66-Remove-limit-in-prefix-length-in-auth-zone.patch +# commit 0da5e8979b5e5466d0f7bb836f2716cbcf1d4589 +Patch15: %{name}-2.66-Log-forwarding-table-overflows.patch +# commit 429805dbbc3888abc0d472c45935e92057964384 +Patch16: %{name}-2.66-Allow-constructed-ranges-from-interface-address-at-end-of-range.patch +# commit e2ba0df2d4798e52e188c2f7f74613867d5aa82a +Patch17: %{name}-2.66-Dont-BIND-DHCP-socket-if-more-interfaces-may-come.patch +# commit 625ac28c61b0a5e6a252db00d72fbac6d88718fd +Patch18: %{name}-2.66-Fix_crash_with_empty_DHCP_string_options.patch +# commit ffbad34b310ab2db6a686c85f5c0a0e52c0680c8 +Patch19: %{name}-2.66-Set-SOREUSEADDR-as-well-as-SOREUSEPORT-on-DHCP-socke.patch + + +BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) + +BuildRequires: dbus-devel +BuildRequires: pkgconfig +BuildRequires: libidn-devel + +BuildRequires: systemd +Requires(post): systemd systemd-sysv chkconfig +Requires(preun): systemd +Requires(postun): systemd + + +%description +Dnsmasq is lightweight, easy to configure DNS forwarder and DHCP server. +It is designed to provide DNS and, optionally, DHCP, to a small network. +It can serve the names of local machines which are not in the global +DNS. The DHCP server integrates with the DNS server and allows machines +with DHCP-allocated addresses to appear in the DNS with names configured +either in each host or in a central configuration file. Dnsmasq supports +static and dynamic DHCP leases and BOOTP for network booting of diskless +machines. + +%package utils +Summary: Utilities for manipulating DHCP server leases +Group: System Environment/Daemons + +%description utils +Utilities that use the standard DHCP protocol to +query/remove a DHCP server's leases. + + +%prep +%setup -q -n %{name}-%{version}%{?extraversion} + +%patch0 -p1 -b .wrong_size +%patch1 -p1 -b .zero_DHCP_option +%patch2 -p1 -b .tcp_dns_in_one_packet +%patch3 -p1 -b .SERVFAIL_crash +%patch4 -p1 -b .dhcp_lease_time-regression +%patch5 -p1 +%patch6 -p1 -b .utils_work_only_ipv4 +%patch7 -p1 -b .dhcp-match_bootp +%patch8 -p1 -b .hosname_checks +%patch9 -p1 -b .inet_pton +%patch10 -p1 -b .default_dns_server +%patch11 -p1 -b .interface_aliases +%patch12 -p1 -b .enotsock_failure +%patch13 -p1 -b .option_parsing +%patch14 -p1 -b .auth_zone_limit +%patch15 -p1 -b .log_overflow +%patch16 -p1 -b .constr_range +%patch17 -p1 -b .bindtodevice +%patch18 -p1 -b .empty_dhcp_opts +%patch19 -p1 -b .reuseport + +# use /var/lib/dnsmasq instead of /var/lib/misc +for file in dnsmasq.conf.example man/dnsmasq.8 man/es/dnsmasq.8 src/config.h; do + sed -i 's|/var/lib/misc/dnsmasq.leases|/var/lib/dnsmasq/dnsmasq.leases|g' "$file" +done + +#enable dbus +sed -i 's|/\* #define HAVE_DBUS \*/|#define HAVE_DBUS|g' src/config.h + +#enable IDN support +sed -i 's|/\* #define HAVE_IDN \*/|#define HAVE_IDN|g' src/config.h + +#enable /etc/dnsmasq.d fix bz 526703 +sed -i 's|#conf-dir=/etc/dnsmasq.d|conf-dir=/etc/dnsmasq.d|g' dnsmasq.conf.example + + +%build +make %{?_smp_mflags} CFLAGS="$RPM_OPT_FLAGS" LDFLAGS="$RPM_LD_FLAGS" +make -C contrib/wrt %{?_smp_mflags} CFLAGS="$RPM_OPT_FLAGS" LDFLAGS="$RPM_LD_FLAGS" + + +%install +rm -rf $RPM_BUILD_ROOT +# normally i'd do 'make install'...it's a bit messy, though +mkdir -p $RPM_BUILD_ROOT%{_sbindir} \ + $RPM_BUILD_ROOT%{_mandir}/man8 \ + $RPM_BUILD_ROOT%{_var}/lib/dnsmasq \ + $RPM_BUILD_ROOT%{_sysconfdir}/dnsmasq.d \ + $RPM_BUILD_ROOT%{_sysconfdir}/dbus-1/system.d +install src/dnsmasq $RPM_BUILD_ROOT%{_sbindir}/dnsmasq +install dnsmasq.conf.example $RPM_BUILD_ROOT%{_sysconfdir}/dnsmasq.conf +install dbus/dnsmasq.conf $RPM_BUILD_ROOT%{_sysconfdir}/dbus-1/system.d/ +install -m 644 man/dnsmasq.8 $RPM_BUILD_ROOT%{_mandir}/man8/ + +# utils sub package +mkdir -p $RPM_BUILD_ROOT%{_bindir} \ + $RPM_BUILD_ROOT%{_mandir}/man1 +install -m 755 contrib/wrt/dhcp_release $RPM_BUILD_ROOT%{_bindir}/dhcp_release +install -m 644 contrib/wrt/dhcp_release.1 $RPM_BUILD_ROOT%{_mandir}/man1/dhcp_release.1 +install -m 755 contrib/wrt/dhcp_lease_time $RPM_BUILD_ROOT%{_bindir}/dhcp_lease_time +install -m 644 contrib/wrt/dhcp_lease_time.1 $RPM_BUILD_ROOT%{_mandir}/man1/dhcp_lease_time.1 + +# Systemd +mkdir -p %{buildroot}%{_unitdir} +install -m644 %{SOURCE1} %{buildroot}%{_unitdir} +rm -rf %{buildroot}%{_initrddir} + +%clean +rm -rf $RPM_BUILD_ROOT + +%post +%systemd_post dnsmasq.service + +%preun +%systemd_preun dnsmasq.service + +%postun +%systemd_postun_with_restart dnsmasq.service + +%triggerun -- dnsmasq < 2.52-3 +%{_bindir}/systemd-sysv-convert --save dnsmasq >/dev/null 2>&1 ||: +/sbin/chkconfig --del dnsmasq >/dev/null 2>&1 || : +/bin/systemctl try-restart dnsmasq.service >/dev/null 2>&1 || : + +%files +%defattr(-,root,root,-) +%doc CHANGELOG COPYING FAQ doc.html setup.html dbus/DBus-interface +%config(noreplace) %attr(644,root,root) %{_sysconfdir}/dnsmasq.conf +%dir /etc/dnsmasq.d +%dir %{_var}/lib/dnsmasq +%config(noreplace) %attr(644,root,root) %{_sysconfdir}/dbus-1/system.d/dnsmasq.conf +%{_unitdir}/%{name}.service +%{_sbindir}/dnsmasq +%{_mandir}/man8/dnsmasq* + +%files utils +%{_bindir}/dhcp_* +%{_mandir}/man1/dhcp_* + +%changelog +* Thu Aug 15 2013 Tomas Hozza - 2.66-10 +- Use SO_REUSEPORT and SO_REUSEADDR if possible for DHCPv4/6 (#981973) + +* Mon Aug 12 2013 Tomas Hozza - 2.66-9 +- Don't use SO_REUSEPORT on DHCPv4 socket to prevent conflicts with ISC DHCP (#981973) + +* Tue Jul 23 2013 Tomas Hozza - 2.66-8 +- Fix crash when specified empty DHCP option + +* Tue Jun 11 2013 Tomas Hozza - 2.66-7 +- use _hardened_build macro instead of hardcoded flags +- include several fixies from upstream repo: + - Allow constructed ranges from interface address at end of range + - Dont BINDTODEVICE DHCP socket if more interfaces may come + - Fix option parsing for dhcp host + - Log forwarding table overflows + - Remove limit in prefix length in auth zone + +* Fri May 17 2013 Tomas Hozza - 2.66-6 +- include several fixies from upstream repo: + - Tighten hostname checks in legal hostname() function + - Replace inet_addr() with inet_pton() in src/option.c + - Use dnsmasq as default DNS server for RA only if it's doing DNS + - Handle IPv4 interface address labels (aliases) in Linux (#962246) + - Fix failure to start with ENOTSOCK (#962874) + +* Tue Apr 30 2013 Tomas Hozza - 2.66-5 +- dnsmasq unit file cleanup + - drop forking Type and PIDfile and rather start dnsmasq with "-k" option + - drop After syslog.target as this is by default + +* Thu Apr 25 2013 Tomas Hozza - 2.66-4 +- include several fixes from upstream repo: + - Send TCP DNS messages in one packet + - Fix crash on SERVFAIL when using --conntrack option + - Fix regression in dhcp_lease_time utility + - Man page typos fixes + - Note that dhcp_lease_time and dhcp_release work only for IPv4 + - Fix for --dhcp-match option to work also with BOOTP protocol + +* Sat Apr 20 2013 Tomas Hozza - 2.66-3 +- Use Full RELRO when linking the daemon +- compile the daemon with PIE +- include two fixes from upstream git repo + +* Thu Apr 18 2013 Tomas Hozza - 2.66-2 +- New stable version dnsmasq-2.66 +- Drop of merged patch + +* Fri Apr 12 2013 Tomas Hozza - 2.66-1.rc5 +- Update to latest dnsmasq-2.66rc5 +- Include fix for segfault when lease limit is reached + +* Fri Mar 22 2013 Tomas Hozza - 2.66-1.rc1 +- Update to latest dnsmasq-2.66rc1 +- Dropping unneeded patches +- Enable IDN support + +* Fri Mar 15 2013 Tomas Hozza - 2.65-5 +- Allocate dhcp_buff-ers also if daemon->ra_contexts to prevent SIGSEGV (#920300) + +* Thu Jan 31 2013 Tomas Hozza - 2.65-4 +- Handle locally-routed DNS Queries (#904940) + +* Thu Jan 24 2013 Tomas Hozza - 2.65-3 +- build dnsmasq with $RPM_OPT_FLAGS, $RPM_LD_FLAGS explicitly (#903362) + +* Tue Jan 22 2013 Tomas Hozza - 2.65-2 +- Fix for CVE-2013-0198 (checking of TCP connection interfaces) (#901555) + +* Sat Dec 15 2012 Tomas Hozza - 2.65-1 +- new version 2.65 + +* Wed Dec 05 2012 Tomas Hozza - 2.64-1 +- New version 2.64 +- Merged patches dropped + +* Tue Nov 20 2012 Tomas Hozza - 2.63-4 +- Remove EnvironmentFile from service file (#878343) + +* Mon Nov 19 2012 Tomas Hozza - 2.63-3 +- dhcp6 support fixes (#867054) +- removed "-s $HOSTNAME" from .service file (#753656, #822797) + +* Tue Oct 23 2012 Tomas Hozza - 2.63-2 +- Introduce new systemd-rpm macros in dnsmasq spec file (#850096) + +* Thu Aug 23 2012 Douglas Schilling Landgraf - 2.63-1 +- Use .tar.gz compression, in upstream site there is no .lzma anymore +- New version 2.63 + +* Sat Feb 11 2012 Pádraig Brady - 2.59-5 +- Compile DHCP lease management utils with RPM_OPT_FLAGS + +* Thu Feb 9 2012 Pádraig Brady - 2.59-4 +- Include DHCP lease management utils in a subpackage + +* Fri Jan 13 2012 Fedora Release Engineering - 2.59-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Fri Aug 26 2011 Douglas Schilling Landgraf - 2.59-2 +- do not enable service by default + +* Fri Aug 26 2011 Douglas Schilling Landgraf - 2.59-1 +- New version 2.59 +- Fix regression in 2.58 (IPv6 issue) - bz 744814 + +* Fri Aug 26 2011 Douglas Schilling Landgraf - 2.58-1 +- Fixed License +- New version 2.58 + +* Mon Aug 08 2011 Patrick "Jima" Laughton - 2.52-5 +- Include systemd unit file + +* Mon Aug 08 2011 Patrick "Jima" Laughton - 2.52-3 +- Applied Jóhann's patch, minor cleanup + +* Tue Jul 26 2011 Jóhann B. Guðmundsson - 2.52-3 +- Introduce systemd unit file, drop SysV support + +* Tue Feb 08 2011 Fedora Release Engineering - 2.52-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Tue Jan 26 2010 Itamar Reis Peixoto - 2.52-1 +- New Version 2.52 +- fix condrestart() in initscript bz 547605 +- fix sed to enable DBUS(the '*' need some escaping) bz 553161 + +* Sun Nov 22 2009 Itamar Reis Peixoto - 2.51-2 +- fix bz 512664 + +* Sat Oct 17 2009 Itamar Reis Peixoto - 2.51-1 +- move initscript from patch to a plain text file +- drop (dnsmasq-configuration.patch) and use sed instead +- enable /etc/dnsmasq.d fix bz 526703 +- change requires to package name instead of file +- new version 2.51 + +* Mon Oct 5 2009 Mark McLoughlin - 2.48-4 +- Fix multiple TFTP server vulnerabilities (CVE-2009-2957, CVE-2009-2958) + +* Wed Aug 12 2009 Ville Skyttä - 2.48-3 +- Use lzma compressed upstream tarball. + +* Fri Jul 24 2009 Fedora Release Engineering - 2.48-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Wed Jun 10 2009 Patrick "Jima" Laughton 2.48-1 +- Bugfix/feature enhancement update +- Fixing BZ#494094 + +* Fri May 29 2009 Patrick "Jima" Laughton 2.47-1 +- Bugfix/feature enhancement update + +* Tue Feb 24 2009 Fedora Release Engineering - 2.46-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Mon Dec 29 2008 Matěj Cepl - 2.45-2 +- rebuilt + +* Mon Jul 21 2008 Patrick "Jima" Laughton 2.45-1 +- Upstream release (bugfixes) + +* Wed Jul 16 2008 Patrick "Jima" Laughton 2.43-2 +- New upstream release, contains fixes for CVE-2008-1447/CERT VU#800113 +- Dropped patch for newer glibc (merged upstream) + +* Wed Feb 13 2008 Patrick "Jima" Laughton 2.41-0.8 +- Added upstream-authored patch for newer glibc (thanks Simon!) + +* Wed Feb 13 2008 Patrick "Jima" Laughton 2.41-0.7 +- New upstream release + +* Wed Jan 30 2008 Patrick "Jima" Laughton 2.41-0.6.rc1 +- Release candidate +- Happy Birthday Isaac! + +* Wed Jan 23 2008 Patrick "Jima" Laughton 2.41-0.5.test30 +- Bugfix update + +* Mon Dec 31 2007 Patrick "Jima" Laughton 2.41-0.4.test26 +- Bugfix/feature enhancement update + +* Thu Dec 13 2007 Patrick "Jima" Laughton 2.41-0.3.test24 +- Upstream fix for fairly serious regression + +* Tue Dec 04 2007 Patrick "Jima" Laughton 2.41-0.2.test20 +- New upstream test release +- Moving dnsmasq.leases to /var/lib/dnsmasq/ as per BZ#407901 +- Ignoring dangerous-command-in-%%post rpmlint warning (as per above fix) +- Patch consolidation/cleanup +- Removed conditionals for Fedora <= 3 and Aurora 2.0 + +* Tue Sep 18 2007 Patrick "Jima" Laughton 2.40-1 +- Finalized upstream release +- Removing URLs from patch lines (CVS is the authoritative source) +- Added more magic to make spinning rc/test packages more seamless + +* Sun Aug 26 2007 Patrick "Jima" Laughton 2.40-0.1.rc2 +- New upstream release candidate (feature-frozen), thanks Simon! +- License clarification + +* Tue May 29 2007 Patrick "Jima" Laughton 2.39-1 +- New upstream version (bugfixes, enhancements) + +* Mon Feb 12 2007 Patrick "Jima" Laughton 2.38-1 +- New upstream version with bugfix for potential hang + +* Tue Feb 06 2007 Patrick "Jima" Laughton 2.37-1 +- New upstream version + +* Wed Jan 24 2007 Patrick "Jima" Laughton 2.36-1 +- New upstream version + +* Mon Nov 06 2006 Patrick "Jima" Laughton 2.35-2 +- Stop creating /etc/sysconfig on %%install +- Create /etc/dnsmasq.d on %%install + +* Mon Nov 06 2006 Patrick "Jima" Laughton 2.35-1 +- Update to 2.35 +- Removed UPGRADING_to_2.0 from %%doc as per upstream change +- Enabled conf-dir in default config as per RFE BZ#214220 (thanks Chris!) +- Added %%dir /etc/dnsmasq.d to %%files as per above RFE + +* Tue Oct 24 2006 Patrick "Jima" Laughton 2.34-2 +- Fixed BZ#212005 +- Moved %%postun scriptlet to %%post, where it made more sense +- Render scriptlets safer +- Minor cleanup for consistency + +* Thu Oct 19 2006 Patrick "Jima" Laughton 2.34-1 +- Hardcoded version in patches, as I'm getting tired of updating them +- Update to 2.34 + +* Mon Aug 28 2006 Patrick "Jima" Laughton 2.33-2 +- Rebuild for FC6 + +* Tue Aug 15 2006 Patrick "Jima" Laughton 2.33-1 +- Update + +* Sat Jul 22 2006 Patrick "Jima" Laughton 2.32-3 +- Added pkgconfig BuildReq due to reduced buildroot + +* Thu Jul 20 2006 Patrick "Jima" Laughton 2.32-2 +- Forced update due to dbus version bump + +* Mon Jun 12 2006 Patrick "Jima" Laughton 2.32-1 +- Update from upstream +- Patch from Dennis Gilmore fixed the conditionals to detect Aurora Linux + +* Mon May 8 2006 Patrick "Jima" Laughton 2.31-1 +- Removed dbus config patch (now provided upstream) +- Patched in init script (no longer provided upstream) +- Added DBus-interface to docs + +* Tue May 2 2006 Patrick "Jima" Laughton 2.30-4.2 +- More upstream-recommended cleanups :) +- Killed sysconfig file (provides unneeded functionality) +- Tweaked init script a little more + +* Tue May 2 2006 Patrick "Jima" Laughton 2.30-4 +- Moved options out of init script and into /etc/sysconfig/dnsmasq +- Disabled DHCP_LEASE in sysconfig file, fixing bug #190379 +- Simon Kelley provided dbus/dnsmasq.conf, soon to be part of the tarball + +* Thu Apr 27 2006 Patrick "Jima" Laughton 2.30-3 +- Un-enabled HAVE_ISC_READER, a hack to enable a deprecated feature (request) +- Split initscript & enable-dbus patches, conditionalized dbus for FC3 +- Tweaked name field in changelog entries (trying to be consistent) + +* Mon Apr 24 2006 Patrick "Jima" Laughton 2.30-2 +- Disabled stripping of binary while installing (oops) +- Enabled HAVE_ISC_READER/HAVE_DBUS via patch +- Added BuildReq for dbus-devel + +* Mon Apr 24 2006 Patrick "Jima" Laughton 2.30-1 +- Initial Fedora Extras RPM