Sync from SUSE:SLFO:Main dnsmasq revision 0237bfabcdc9255c5a8966576d9c63f0
This commit is contained in:
commit
ec5f7e589c
23
.gitattributes
vendored
Normal file
23
.gitattributes
vendored
Normal file
@ -0,0 +1,23 @@
|
||||
## Default LFS
|
||||
*.7z filter=lfs diff=lfs merge=lfs -text
|
||||
*.bsp filter=lfs diff=lfs merge=lfs -text
|
||||
*.bz2 filter=lfs diff=lfs merge=lfs -text
|
||||
*.gem filter=lfs diff=lfs merge=lfs -text
|
||||
*.gz filter=lfs diff=lfs merge=lfs -text
|
||||
*.jar filter=lfs diff=lfs merge=lfs -text
|
||||
*.lz filter=lfs diff=lfs merge=lfs -text
|
||||
*.lzma filter=lfs diff=lfs merge=lfs -text
|
||||
*.obscpio filter=lfs diff=lfs merge=lfs -text
|
||||
*.oxt filter=lfs diff=lfs merge=lfs -text
|
||||
*.pdf filter=lfs diff=lfs merge=lfs -text
|
||||
*.png filter=lfs diff=lfs merge=lfs -text
|
||||
*.rpm filter=lfs diff=lfs merge=lfs -text
|
||||
*.tbz filter=lfs diff=lfs merge=lfs -text
|
||||
*.tbz2 filter=lfs diff=lfs merge=lfs -text
|
||||
*.tgz filter=lfs diff=lfs merge=lfs -text
|
||||
*.ttf filter=lfs diff=lfs merge=lfs -text
|
||||
*.txz filter=lfs diff=lfs merge=lfs -text
|
||||
*.whl filter=lfs diff=lfs merge=lfs -text
|
||||
*.xz filter=lfs diff=lfs merge=lfs -text
|
||||
*.zip filter=lfs diff=lfs merge=lfs -text
|
||||
*.zst filter=lfs diff=lfs merge=lfs -text
|
BIN
dnsmasq-2.89.tar.xz
(Stored with Git LFS)
Normal file
BIN
dnsmasq-2.89.tar.xz
(Stored with Git LFS)
Normal file
Binary file not shown.
16
dnsmasq-2.89.tar.xz.asc
Normal file
16
dnsmasq-2.89.tar.xz.asc
Normal file
@ -0,0 +1,16 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQIzBAABCAAdFiEE1urL1u5GuDQkjRESFc3aauGRNaIFAmPe36kACgkQFc3aauGR
|
||||
NaLJZg/+K/gk5uLUH48BCNAVNtffC1jGLIxQ2usJbXvJ02n9WcidN3dX6MlVBYNq
|
||||
s5ouNuDZdIgydJjFWgIIqxtsVdeYhJ6sd9fSDX+8iT4zDLw0N1puDE5YZvvqHxFD
|
||||
0gYuIcu4ukr5tsBL5ClWoVtTDGEi8NZ+PaGCZrnPVuZWPAnNrf3MbiUqPaJxCgA6
|
||||
GNnfqm9LKEL5sPwQlErhf1GLFG7UOPXyjfIQilI6+ShCajDmDjvsPs8Y3JqC66rt
|
||||
6OEFDKbNVoZQDVA53PswLa1mb5gryB6r7gU5ofwS6jr34BNFfkBGFk6wjhZfZenu
|
||||
OGU3Adk36l5HykAH5fjDs95bVBLoq+N+gG1Yor4qgUmdgSlLvh8lwArXwweWW2Q5
|
||||
k/Nkk/MZaIEL+3nqdIMptfGG82rhCuS1jse2DyYcTmJiJdew2Mv+AQAVIm/Km7oa
|
||||
3HrpxQJ88LLRtWwfKbW9yRipt+JkzrrZun5VftQ85Xn9nELgU5n5rdHUCzXrpu0r
|
||||
/dFw5JoTfcIsPGQ8a2IIMW6SyWOEkv8EWAq+10mNokpnQMv5RFHmZoGQhx1PmHWy
|
||||
+mqHh9T2B9KYGHKRjP4apQkX+JSuqmsdLt1sNfzcnwjQQ0nEq0FMub2hNJ8V0S/4
|
||||
h/QpdO6qLn9RYSx0Be31BTAZNq71ow6HPjV62i4l+xTpYq9q1Ik=
|
||||
=yXEY
|
||||
-----END PGP SIGNATURE-----
|
54
dnsmasq-CVE-2023-28450.patch
Normal file
54
dnsmasq-CVE-2023-28450.patch
Normal file
@ -0,0 +1,54 @@
|
||||
From eb92fb32b746f2104b0f370b5b295bb8dd4bd5e5 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Tue, 7 Mar 2023 22:07:46 +0000
|
||||
Subject: [PATCH] Set the default maximum DNS UDP packet size to 1232.
|
||||
|
||||
http://www.dnsflagday.net/2020/ refers.
|
||||
|
||||
Thanks to Xiang Li for the prompt.
|
||||
---
|
||||
CHANGELOG | 9 ++++++++-
|
||||
man/dnsmasq.8 | 3 ++-
|
||||
src/config.h | 2 +-
|
||||
3 files changed, 11 insertions(+), 3 deletions(-)
|
||||
|
||||
--- CHANGELOG.orig
|
||||
+++ CHANGELOG
|
||||
@@ -11,7 +11,14 @@ version 2.89
|
||||
for reporting the bug and for his great efforts in chasing
|
||||
it down.
|
||||
|
||||
+ Set the default maximum DNS UDP packet sice to 1232. This
|
||||
+ has been the recommended value since 2020 because it's the
|
||||
+ largest value that avoid fragmentation, and fragmentation
|
||||
+ is just not reliable on the modern internet, especially
|
||||
+ for IPv6. It's still possible to override this with
|
||||
+ --edns-packet-max for special circumstances.
|
||||
|
||||
+
|
||||
version 2.88
|
||||
Fix bug in --dynamic-host when an interface has /16 IPv4
|
||||
address. Thanks to Mark Dietzer for spotting this.
|
||||
--- man/dnsmasq.8.orig
|
||||
+++ man/dnsmasq.8
|
||||
@@ -183,7 +183,8 @@ to zero completely disables DNS function
|
||||
.TP
|
||||
.B \-P, --edns-packet-max=<size>
|
||||
Specify the largest EDNS.0 UDP packet which is supported by the DNS
|
||||
-forwarder. Defaults to 4096, which is the RFC5625-recommended size.
|
||||
+forwarder. Defaults to 1232, which is the recommended size following the
|
||||
+DNS flag day in 2020. Only increase if you know what you are doing.
|
||||
.TP
|
||||
.B \-Q, --query-port=<query_port>
|
||||
Send outbound DNS queries from, and listen for their replies on, the
|
||||
--- src/config.h.orig
|
||||
+++ src/config.h
|
||||
@@ -19,7 +19,7 @@
|
||||
#define CHILD_LIFETIME 150 /* secs 'till terminated (RFC1035 suggests > 120s) */
|
||||
#define TCP_MAX_QUERIES 100 /* Maximum number of queries per incoming TCP connection */
|
||||
#define TCP_BACKLOG 32 /* kernel backlog limit for TCP connections */
|
||||
-#define EDNS_PKTSZ 4096 /* default max EDNS.0 UDP packet from RFC5625 */
|
||||
+#define EDNS_PKTSZ 1232 /* default max EDNS.0 UDP packet from from /dnsflagday.net/2020 */
|
||||
#define SAFE_PKTSZ 1232 /* "go anywhere" UDP packet size, see https://dnsflagday.net/2020/ */
|
||||
#define KEYBLOCK_LEN 40 /* choose to minimise fragmentation when storing DNSSEC keys */
|
||||
#define DNSSEC_WORK 50 /* Max number of queries to validate one question */
|
16
dnsmasq-groups.patch
Normal file
16
dnsmasq-groups.patch
Normal file
@ -0,0 +1,16 @@
|
||||
--- src/dnsmasq.c.orig
|
||||
+++ src/dnsmasq.c
|
||||
@@ -731,11 +731,10 @@ int main (int argc, char **argv)
|
||||
if (!option_bool(OPT_DEBUG) && getuid() == 0)
|
||||
{
|
||||
int bad_capabilities = 0;
|
||||
- gid_t dummy;
|
||||
|
||||
- /* remove all supplementary groups */
|
||||
+ /* set the supplementary groups of the daemon user */
|
||||
if (gp &&
|
||||
- (setgroups(0, &dummy) == -1 ||
|
||||
+ (initgroups(daemon->username, gp->gr_gid) == -1 ||
|
||||
setgid(gp->gr_gid) == -1))
|
||||
{
|
||||
send_event(err_pipe[1], EVENT_GROUP_ERR, errno, daemon->groupname);
|
2026
dnsmasq.changes
Normal file
2026
dnsmasq.changes
Normal file
File diff suppressed because it is too large
Load Diff
116
dnsmasq.keyring
Normal file
116
dnsmasq.keyring
Normal file
@ -0,0 +1,116 @@
|
||||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||
|
||||
mQINBFMbjUMBEACsU1Xk8+uu/EsGVJTh9Tn31C2e0ycd0voBVT7cTdtXpzeiNR+o
|
||||
/zUAi95ds7FiecpZJp1nRO4vNzvaaAPZhFsFVLzZYyIVABgTXsskT88xbZvzb4W5
|
||||
KKRWVhoTQxVDgj1+dXLUXULTB6rg02WEhqnix/qf/zFdM9I4/3pRHJn9k+3XKygR
|
||||
on+nYtljfn3AKBelCo1y28istC6wCncoH11b/qdQtlfxVXaJY4HF27V0MqFFmDMg
|
||||
cuhOHR7DnhymeDh7GmLfTHJ4LUFG+TecqCjiYhyWcuv2wuSb0EPXUKHJQVViQ8qg
|
||||
KyPm1ly6uFP0CYdVavO7/oJwKFBIChECrj7BQ4GsImMHeuSzfWno7qy6Fxoxx2+g
|
||||
0F9cdXWvcxFDGPQsL5vXp8KYNwBrzmijRzQ2ZAnrbG+ilFCkJCbxXcrhzpd4tKwE
|
||||
0dgcyPL1Ma/lrznhL4ZuOzjVMgLNne7WiPpBNRqI1GoT0pUn6as4pU3En8B+K7zy
|
||||
MLVfHvI1+iH45fP5bZwYSbXCa85v4+xqljYrzs9giaROEsXe/tsXvuc6JPCcmJXk
|
||||
CUO3c3QVxqDFt9OYuTHIR8hqehDPLgFgzKqVuoAwMkhTf/zZNGlsy4jvKXQNcZ50
|
||||
uD4mWO3e+gykNW/OH+88IoCR0rgjQ6trMLOceZFnrtvxwRL//lMndGCTYQARAQAB
|
||||
tB1TaW1vbiBLZWxsZXkgPHNya0BkZWJpYW4ub3JnPohGBBARCAAGBQJTIekzAAoJ
|
||||
ECnhT5k5Gzkoj68AoLY6cFPxNnlydNDCV5iyFSzEl12RAKCl5yuxvzKxW1q7uVcG
|
||||
CsD9f9Z5/YhGBBARCAAGBQJTL0SDAAoJEBbi9PX8geFZnAsAnAs9JR/9UxY1QnWF
|
||||
HA2j7uSlQYt1AJ4zM23PcfSyZ9SfzgJJEEVggkMiEIkCHAQQAQgABgUCUyHp8gAK
|
||||
CRAC0CBFCPsO9xaxD/9IX6DfMxFh5n6o0LebuyWJsk0I90wKJ53TmjBl83qgeF8F
|
||||
pENzucALqZJ3AUXvqKt3n9tKDYfNHpOniEjL/kzlZcW/iO2b7QpdgqcOMe/Xb3ux
|
||||
IAsWhgqWbgriWcTtP+omSdz+YaUtZ9abljmNX9B9X1nDG/KRPk6HnHHN42I52+SZ
|
||||
XikIKT5u3Xm0YPSkgjaf9Mw9V8NUAMuWGtYGsGnuVorKfpDlW8jgaJUGcdKIqwZU
|
||||
RpfTJS4NjMZlJTZEtokbgE80eqUepJBi+zKjpAc+keDQrq9ZZkWmAU5ceUtgw0n3
|
||||
U1L4NfsGqUSJvad1ZCoJjNm2BFQkr8N3obqvZ7rT/kI+focLCpBmvUxF1jq8QlL0
|
||||
ul3m4Yg55AVMQMFnbalxQBvbRxk10rUn4GCKV9W4y8sCzZbt8A3Eu0Aexd00K+WS
|
||||
qvryh0wjwLrDdl3hHpcvi1+hheX16Y4qI3lKIKkr0cck3FIC5fq8feVPJH7+wbWF
|
||||
rGe27hOfVPbMElGCHYOIq4ksfqGefsXul/V9kRRQT8DpVJ9uan5roJd+f2a+CcXn
|
||||
VDKUqQUJq5eFXlay6wS1aU0AJ4mMpcGD53wuQDoWYl5wxthnMFN1xo3k7At9dGkC
|
||||
QKw4NaTaVck2WE6e2ZV9rowsOeWXrhL/eP7XCco4eKF/5zZ7FEzLl5AJQrCpVIkC
|
||||
HAQQAQgABgUCUy9EqgAKCRBjziC6xJxBSJJ/EAC41IxcJQazTbF0m+dBFzXQeQnG
|
||||
b/CDtieBVrhZl916rI/a1A6NN1/rk4xIg4Iit+lYc8Oxwl+w/d+NseiMV/HzWImc
|
||||
WY53HH1qoH0oPXkUPhaGCr4TKTxOI9lQQeJVT1FHw3pP/uYh76VU0noZnWJKTb0P
|
||||
WDr6gznoajHZ3fLRzwWcIrVOzoPWl5GIiIyr6CMZxx1UnKKb/JkjdarMe+6X/9aZ
|
||||
0QXPCBeqHTfBvHeJBLbNd2/CDIH6AFtWmT7prE4hti6kC9M1dhBX0fPiKZagMWVc
|
||||
Z1jMIzNvpDIfjpE2B8SUBvxRwKSdCMvCdrACNc8QeCsfrJqu5hH0fUsEvFggcDig
|
||||
FhAJTGafgCsMs4XqRnrx4zx58HFW7i4C2SWKX1fw1TKeHIj0MNYmhARPnZ6SiO06
|
||||
vfU0JccK1SZORhs8TAnEA5EwF/ckQ+XPZusZGBxJtpwkblEThDDaF8olM5BOI2Tg
|
||||
OkvBisKEsrwK2adFLuMBm2HdTZbsWpzs4V8qzfO6j/ZFFEIbd+M5Vftog6ngKehu
|
||||
+TQ3FcOES1Skx4/Sjuo9bw53GsXJDdgKjG73iLHVLp1rebXjc66N2aUzQazsBzJ6
|
||||
rhs3cWiQvOszFyKg7qzBfOCH1EYLMyRGsHO1aASldB/w9twGWIX6wNXZph6sYE32
|
||||
qZs30VffQgoZpadCwokCNwQTAQgAIQUCUyDDdAIbAwULCQgHAwUVCgkICwUWAgMB
|
||||
AAIeAQIXgAAKCRAVzdpq4ZE1oqFGD/9LkbZFigc1jbZ5zIbmGkGvfniWp1mJhEcp
|
||||
gKNfb2MMiu1lKULccIvfVyIY5WDrrpoPnHLnhYA9OXHcwVADGBayoVOQgIePrMV0
|
||||
V24uYjUh9+9zGRwQrCLo0rl/l07GKH0S1dxDUeyhJRYZGYEqW2+3XDJqIbfsDzSm
|
||||
PNCyjVvqSvkkt0YyuNbH0+cVEoJ1Q2HmfEhvgd4LlHZDyhMVqKlKmlnCa8DmhwK+
|
||||
EyzJgLKITqjxBO3NOqPmYZlp8irLXyHAH1sDafaBwRjV9cNX2TLTwn3wDdUmoAwM
|
||||
z1jopi/61A0kEglENYaa+NH/UnqfWOo7riXuZNwGVP/F/KlMV+JdXMY34fcSIQMW
|
||||
k9cpxzhpuOJjwhoK7g/yq8q9578QXv4VR6ndH+LeHDRrm2Ftnih/Ut8unqqDteMJ
|
||||
nd3YxSK3Ep78WgVBL9y2Qo3CyKY6VSXlshWZokwyrwVS8uLqIGAUzLwsKTYi1nms
|
||||
Db7mQZqUbPBxYN2mrroD7Pr1/XAV8oNxw6l84nzfzObEKvNZLFtWctNpFJXhWhtm
|
||||
/AeQBdkYKcMyTrwQt9Q0XMYKUGE05U+oAdtTvgCRJLltqzmt5yMpTPncNmXVoA5Y
|
||||
vEVdCU6/Gxpn3Aea8ckBmIqxxQY1QFdEr2nvxPNASbkvHDNDr9XUlKQDqjherurK
|
||||
BIBEiKCMnLQmU2ltb24gS2VsbGV5IDxzaW1vbkB0aGVrZWxsZXlzLm9yZy51az6I
|
||||
RgQQEQgABgUCUxuNwQAKCRAo/IaaKJuCt0K1AJ9VX7VMWs0ECf4+hyf6d0qGutHy
|
||||
cgCeMSyQgaaL/XbiUbhPaxdTgWjGQ3iIRgQQEQgABgUCUyHpMwAKCRAp4U+ZORs5
|
||||
KMjoAJ463imlnHBKRGUmZ45Z3OwxJx7kvgCePl6vO1lSo/XCdOaPE0UpCsSWJRCI
|
||||
RgQQEQgABgUCUy9EgwAKCRAW4vT1/IHhWQW1AJ0dyPzHcxuJAbQnnMHj8zLynSkt
|
||||
UgCfQshlIc2/HKFEbTM2yJR/Re45ui+JAhwEEAEIAAYFAlMh6fIACgkQAtAgRQj7
|
||||
Dvch0g//cWB0hAsMJ3jBQDuJxBh8gEJ4b8g8190brWXl9faXPqjpuYi1A/tRFcfP
|
||||
gL408NN9+8iBzmuZ2SNwqYJgYZo9fEPbxIJrWZ+hDF2kRAr3nbEY1End0OfghdAF
|
||||
G6NSUKmYVVHWCxGWHL3zYBJipeiKFR8D/JqB/3MQxXOWOhnZRQHicpcpz3Wdy2/e
|
||||
AxMmvFUHNpkhvC+sumQ1vMn+jPJ6UBu39XMiW/ZTySapR2WhZ6Stg39Q7ziVwfPB
|
||||
UB9alvvsPbiKLM3VowzkhpsDrmsztxjJqX2TyT5B+ZV6BVyjeQTv5f4LxENY7Jqd
|
||||
eFWRyanXDux0R5LC0C7zQ0Eot2puKJNsZtyp9ja8idStkJlARq1ruArcGm4L4aCh
|
||||
sa9BgAwkCVZS6kQgvlCKfeydJDrGY/BWI8ANyNVOcPMCYklKsPLvvDgghRpta0ul
|
||||
0Mv8Gxgz8GYwmZ2jRyAko/M3lxPWJIU39nzLP0vDS0FD8rtYN/yKCBjZ2nRE8xJg
|
||||
HdNhSZ3FJVKNOcgwHFYPyKsIDPGrSUKhFi2BNEB63Kjlonmggiffn8diocSp0aqS
|
||||
gF0qL/jNCmA5CFfTkBPioqBs8XZazdmRZm3yCiy2DMB9LMTJICY224T/CoX8QyFK
|
||||
EpMvYFE8MMq6SVYypF2esjRaUqPjLZ/Dhy9dpy6s8kDjU8Gnq8eJAhwEEAEIAAYF
|
||||
AlMvRKQACgkQY84gusScQUi4WA//agQcVXsdp8Wr6zFeFXdAIWCWuYiNePDW6g+x
|
||||
GS57gg1sIvsK6p3zItE6FB5YdS6d+r13dOlvCckhyIgMS9Mw6aurXU+uX+ojk0We
|
||||
lusbnm8SoKgt5GbMXBM3HmEdXTgipUYUALGe0PQST/2Wn0g/zTptrMXTzp3mJvCA
|
||||
OEF8Fg1Tmsq1fBTiAwZAS5j4ZtQRjRK3YQgQmLL6mEje4BSQTbM13IjTCbQZl1jc
|
||||
k7B7TQHiiELsxEYGAgtvy7kziJaHiOs+pjO5lWbj7K2qkWuYhiE7xiOKnkM4k6fs
|
||||
aiLvGD0KxOu4kDKkmWQsb92oXooiXdOpeBRaRGBIOR+BTA/SVuK752sS8F3PMdf2
|
||||
VUEIcpboIXrRPY+6D0GwN+d6MlAggLpHeFIjWLVCzQm2c3ynSghQmo5yHyGPCKjR
|
||||
rlr5roylYgwJNu2yJSkHsjShMSMfCZK+Fj0ASxZlwpE/o2EDCcf0ekqDcK6WudEq
|
||||
H00/svuNxqUkOeXtyn35MtEmZPjv5u6Fu4Cj48M4f1Ji7Dm/SDVyd4GEvwg0938A
|
||||
PlLAAPoF53k9yMoGKn1PHZ5NrpldtICJvKv0kGIsoTDPj2QpCl3h8qHlP0mzu9g1
|
||||
isP2bWSP9W/cV67nNRwSif1FzTyUcqByIuHWfwEUP85PN/W3gTJxptALAdctfpXk
|
||||
5azWTOaJAjoEEwEIACQCGwMFCwkIBwMFFQoJCAsFFgIDAQACHgECF4AFAlMgw44C
|
||||
GQEACgkQFc3aauGRNaLaZg/+PR41J3P7omGv6XD+TiAXfJQoR5RfzQoeLNUQEnir
|
||||
/XBulg45203cYHEurchEhSTn2f4WVtFgxJrgId7XGYdf8oIZIjBd82fpwdMwhbfc
|
||||
v/6iqzWL0+2vaPmBqE7iwDTatI888q5TyXppGe8L5/VjX0aBvmVIPyEE9BFQas+v
|
||||
v5byUkU542FxPApGsv0W0P1pKabLl0F7ItPFPuaD0+K1kwBrWbuGhBKMV9jGHB4q
|
||||
dX/21FBczgAf3J9yJ22vm6orCwwhptxde+DSn7vqZNjDtHGrkUWDzKAQBy1g4BmT
|
||||
l6IoVgYKZXAVBGMtYUjS+80VV+QE9meVqmtX1aJJEnf0/BRdv9CeD46hZArwXwi/
|
||||
AWFs300pEfzwcC+9T5xc3jlSdYdWxeQDV7XwK2VCOhxjFqTm+ehP2Gh14Wfpc34j
|
||||
N9jMJ3OowxzN5iZxGYzkHLFhM+0IKEeWEjxRWOoJgV5PmNvG7IBbzt8O9xo550h7
|
||||
JmXZVsfSpkFpzJPy0Puz1JeyH/niCeDwKkhEHXQTk/4O+EODRxruJbwIYGeO2lNf
|
||||
Pn2Hcb1aHvSclx7GGOYDzI4jN0UcYroJpvHZU+0X2ClpCTAW5IshgHkOkdUQ1c7S
|
||||
+5zPTeLbW+pxTlbWClA0NYMbSn68//i/DMstyBEwtTWYJLmg5V3HWzRd/6BwKZfD
|
||||
Suu5Ag0EUyDDoQEQAMfQfa2tw3+OJFGMQEzLJSoXYN8/HnZEgKNlcMuYzhheQLgu
|
||||
/MfcQJ7mnCIdn6xdPaalfLmYx63tM47/NGEM1+MSEvovPiRG0OLxzSgwei9DiGeN
|
||||
EgsPTLXSZ5EVSXCM1+e9mT1ExT9aGLNnpCd6kIyWIcKCVMot+XC70R9prWLeyKSh
|
||||
0FAZ0Pwv9i23osJVGOtJjND+WZ0uCeN29ocfN0b64yF4nPRc9IbcmYIDgNU3RybK
|
||||
2Z/dupbthTisRjHRI3iX3/tiymXF3J0sSvsCluWIJWmyltS3Xyk/wfKVJz6OouiJ
|
||||
jTj5utXVnCGptCDw+DCcj89vx1N0+0Dhm1cQcNZvXjMbVDTsuU+eVpJbxU6y8N+n
|
||||
XpAXjEw4jMi3zNpqKtkyv2YpoqY5HhGLybgrY0zwSQOyMNf9lZ5J7znq5gEmiMXn
|
||||
G9OPEw7PPSvm6QfbHPY/jAOgxsu7Fme7k303D5KkyGkkbzQiYyEtMZvbOMH/uECi
|
||||
2uHGB72qiGpEYjMtHhihaRCBl+0bY8sH83He690qNQHSdStjaKXcecduE/v5iO0m
|
||||
OYIHdsEHhKlWsE1GXXVLofBr68UBhYV6/AGXko4Pr+dXLzauN4kALDx6WltFu3qU
|
||||
voD+uEoLq7IXULMo5Pyd7bO4qGQMKykaXTb5o6dqdu4GzWIUw1fr9kLEmo29ABEB
|
||||
AAGJAh8EGAEIAAkFAlMgw6ECGwwACgkQFc3aauGRNaIjqA/+PXuaM6JHuudLycmB
|
||||
0iKAwyB5csOFGpF3b9FgMR68TC4jzi5J5hJZASl0cO/e0ytQsrDUBbH74y+WaA4l
|
||||
dwBVYr0j/2hqzIjrnGMtgWeHFPLV3sKw8DGuNx1/cOoljJXzi1WWSHIwDvaj3uZ9
|
||||
CwHt+4/abR7kdvMcnFhQVA4zuzZWFqpp+CDkkJNVwB9zxtAQwGTGF4cQ0IvTkhCo
|
||||
6DQhZZVTeyn+nBKxzzWijniWc0LyRsum03MxZ6E7UVIInCTjdXTalnO8wColwIx5
|
||||
FV4nTMxdsKKgnIXmLexBdd03bW9TkowWf2C2XfDN+pDS8X3MzO6zAyogqJhAiBFj
|
||||
nRzkOw0cw1VTL00o8uiWdMeu7OKOKeQbUilMAn4MweKB57mc582kjeGmwdZgWFA4
|
||||
BJ2eiH7HwjxiynwMdZwQEBdOTNLbggHk3/mScF8U1KcJhjAFf7Ne+Z0feG/8GgKl
|
||||
5aj3ucl821+dfpzB79lLo+kmd1qkDyDiUR5yN6P8l8k6IAUJz2KUe0BjtO6VFFw0
|
||||
xni05dkrXdfo7IO79ictHmEn+g3QO8ZLUGRwdtZ1cMhTkm7FhH8Bdby0y4Soqluv
|
||||
Hbri++cC91i1I3a92kHi/8O45rnLhVt+sOfxY1QnSIYh5OFwGMqMCNDTEL7ESiFa
|
||||
FhSXkmzzVntlyvOBMlgz3IGh2hA=
|
||||
=00xm
|
||||
-----END PGP PUBLIC KEY BLOCK-----
|
12
dnsmasq.reg
Normal file
12
dnsmasq.reg
Normal file
@ -0,0 +1,12 @@
|
||||
#############################################################################
|
||||
#
|
||||
# OpenSLP registration file
|
||||
#
|
||||
# register domain name service (DNS) daemon
|
||||
#
|
||||
#############################################################################
|
||||
|
||||
service:domain://$HOSTNAME:53,en,65535
|
||||
watch-port-udp=53
|
||||
description=Domain Name Service
|
||||
|
30
dnsmasq.service
Normal file
30
dnsmasq.service
Normal file
@ -0,0 +1,30 @@
|
||||
[Unit]
|
||||
Description=DNS caching server.
|
||||
After=network.target
|
||||
Wants=nss-lookup.target
|
||||
Before=nss-lookup.target
|
||||
|
||||
[Service]
|
||||
# added automatically, for details please see
|
||||
# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
|
||||
ProtectSystem=full
|
||||
ProtectHome=true
|
||||
ProtectHostname=true
|
||||
ProtectClock=true
|
||||
ProtectKernelTunables=true
|
||||
ProtectKernelModules=true
|
||||
ProtectKernelLogs=true
|
||||
ProtectControlGroups=true
|
||||
RestrictRealtime=true
|
||||
# end of automatic additions
|
||||
Type=dbus
|
||||
BusName=uk.org.thekelleys.dnsmasq
|
||||
ExecStartPre=/usr/sbin/dnsmasq --test
|
||||
ExecStart=/usr/sbin/dnsmasq --log-async --enable-dbus --keep-in-foreground
|
||||
ExecReload=/bin/kill -HUP $MAINPID
|
||||
#### kills logging, so not enabled
|
||||
# PrivateDevices=yes
|
||||
####
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
227
dnsmasq.spec
Normal file
227
dnsmasq.spec
Normal file
@ -0,0 +1,227 @@
|
||||
#
|
||||
# spec file for package dnsmasq
|
||||
#
|
||||
# Copyright (c) 2023 SUSE LLC
|
||||
#
|
||||
# All modifications and additions to the file contributed by third parties
|
||||
# remain the property of their copyright owners, unless otherwise agreed
|
||||
# upon. The license for this file, and modifications and additions to the
|
||||
# file, is the same license as for the pristine package itself (unless the
|
||||
# license for the pristine package is not an Open Source License, in which
|
||||
# case the license is the MIT License). An "Open Source License" is a
|
||||
# license that conforms to the Open Source Definition (Version 1.9)
|
||||
# published by the Open Source Initiative.
|
||||
|
||||
# Please submit bugfixes or comments via https://bugs.opensuse.org/
|
||||
#
|
||||
|
||||
|
||||
%if 0%{?suse_version} >= 1550 || 0%{?sle_version} >= 150300
|
||||
%bcond_without tftp_user_package
|
||||
%else
|
||||
%bcond_with tftp_user_package
|
||||
%endif
|
||||
Name: dnsmasq
|
||||
Version: 2.89
|
||||
Release: 0
|
||||
Summary: DNS Forwarder and DHCP Server
|
||||
License: GPL-2.0-only OR GPL-3.0-only
|
||||
Group: Productivity/Networking/DNS/Servers
|
||||
URL: https://thekelleys.org.uk/dnsmasq/
|
||||
Source0: https://thekelleys.org.uk/%{name}/%{name}-%{version}.tar.xz
|
||||
Source1: https://thekelleys.org.uk/%{name}/%{name}-%{version}.tar.xz.asc
|
||||
Source2: %{name}.keyring
|
||||
Source3: dnsmasq.reg
|
||||
Source4: dnsmasq.service
|
||||
Source5: rc.dnsmasq-suse
|
||||
Source6: system-user-dnsmasq.conf
|
||||
Patch0: dnsmasq-groups.patch
|
||||
Patch1: dnsmasq-CVE-2023-28450.patch
|
||||
BuildRequires: dbus-1-devel
|
||||
BuildRequires: dos2unix
|
||||
BuildRequires: libidn2-devel
|
||||
BuildRequires: libnettle-devel
|
||||
BuildRequires: lua-devel
|
||||
BuildRequires: pkgconfig
|
||||
BuildRequires: pkgconfig(libnetfilter_conntrack)
|
||||
BuildRequires: pkgconfig(systemd)
|
||||
Provides: dns_daemon
|
||||
%if %{with tftp_user_package}
|
||||
BuildRequires: sysuser-tools
|
||||
Requires(pre): user(tftp)
|
||||
%sysusers_requires
|
||||
%else
|
||||
Requires(pre): %{_sbindir}/useradd
|
||||
%endif
|
||||
|
||||
%description
|
||||
Dnsmasq provides network infrastructure for small networks: DNS,
|
||||
DHCP, router advertisement and network boot.
|
||||
|
||||
The DNS subsystem supprots forwarding of all query types, and caching
|
||||
of common record types, DNSSEC included. The DHCP subsystem supports
|
||||
DHCPv4, DHCPv6, BOOTP and PXE. RA can be used stand-alone or in
|
||||
conjunction with DHCPv6.
|
||||
|
||||
%package utils
|
||||
Summary: Utilities for manipulating DHCP server leases
|
||||
Group: Productivity/Networking/DNS/Servers
|
||||
|
||||
%description utils
|
||||
Utilities that use the standard DHCP protocol to query/remove a DHCP
|
||||
server's leases.
|
||||
|
||||
%prep
|
||||
%autosetup -p0
|
||||
|
||||
# Remove the executable bit from python example files to
|
||||
# avoid unwanted automatic dependencies
|
||||
find contrib -name *.py -exec chmod a-x '{}' +
|
||||
|
||||
# Some docs have the DOS line ends
|
||||
dos2unix contrib/systemd/dbus_activation
|
||||
|
||||
# SED-FIX-UPSTREAM -- Fix paths
|
||||
sed -i -e 's|\(PREFIX *= *\)%{_prefix}/local|\1/usr|;
|
||||
s|$(LDFLAGS)|$(CFLAGS) $(LDFLAGS)|' \
|
||||
Makefile
|
||||
|
||||
# use lua5.3 instead of lua5.2
|
||||
sed -i -e 's|lua5.2|lua%{lua_version}|' Makefile
|
||||
|
||||
# SED-FIX-UPSTREAM -- Fix man page
|
||||
sed -i -e 's|The default is "dip",|The default is "dnsmasq",|' \
|
||||
man/dnsmasq.8
|
||||
|
||||
# SED-FIX-UPSTREAM -- Fix cachesize, group , user and pid location
|
||||
sed -i -e 's|CACHESIZ 150|CACHESIZ 2000|;
|
||||
s|CHUSER "nobody"|CHUSER "dnsmasq"|;
|
||||
s|CHGRP "dip"|CHGRP "dnsmasq"|;
|
||||
s|RUNFILE "/var/run/dnsmasq.pid"|RUNFILE "%{_rundir}/dnsmasq.pid"|' \
|
||||
src/config.h
|
||||
|
||||
# Tweaks to the default configuration:
|
||||
# - Fix trust-anchor.conf location
|
||||
# - Include /etc/dnsmasq.d/*.conf by default
|
||||
# - Only answer queries coming from the local network
|
||||
sed -i -e '/trust-anchors.conf/c\#conf-file=%{_sysconfdir}/dnsmasq.d/trust-anchors.conf' \
|
||||
-e '/conf-dir=.*conf/s/^\#//' \
|
||||
-e '0,/^$/{/^$/a \
|
||||
# Accept DNS queries only from hosts whose address is on a local\
|
||||
# subnet, ie a subnet for which an interface exists on the server.\
|
||||
# It is intended to be set as a default on installation, to allow\
|
||||
# unconfigured installations to be useful but also safe from being\
|
||||
# used for DNS amplification attacks.\
|
||||
local-service\
|
||||
|
||||
}' \
|
||||
dnsmasq.conf.example
|
||||
|
||||
%build
|
||||
mv po/no.po po/nb.po
|
||||
export CFLAGS="%{optflags} -std=gnu99 -fPIC -DPIC -fpie"
|
||||
export LDFLAGS="-Wl,-z,relro,-z,now -pie"
|
||||
# the dnsmasq make system hashes the configuration flags, so we have to supply the
|
||||
# same flags for make and make install, else everything gets recompiled
|
||||
%define _copts "-DHAVE_DBUS -DHAVE_CONNTRACK -DHAVE_LIBIDN2 -DHAVE_DNSSEC -DHAVE_LUASCRIPT"
|
||||
%make_build AWK=gawk all-i18n CFLAGS="$CFLAGS" LDFLAGS="$LDFLAGS" COPTS=%{_copts}
|
||||
%if %{with tftp_user_package}
|
||||
%sysusers_generate_pre %{SOURCE6} dnsmasq system-user-dnsmasq.conf
|
||||
%endif
|
||||
|
||||
%if %{without tftp_user_package}
|
||||
%pre
|
||||
if ! %{_bindir}/getent group tftp >/dev/null; then
|
||||
%{_sbindir}/groupadd -r tftp
|
||||
fi
|
||||
if ! %{_bindir}/getent passwd tftp >/dev/null; then
|
||||
%{_sbindir}/useradd -c "TFTP account" -d /srv/tftpboot -G tftp -g tftp \
|
||||
-r -s /bin/false tftp
|
||||
fi
|
||||
if ! %{_bindir}/getent passwd dnsmasq >/dev/null; then
|
||||
%{_sbindir}/useradd -r -d %{_localstatedir}/lib/empty -s /bin/false -c "dnsmasq" -g nogroup -G tftp dnsmasq
|
||||
fi
|
||||
%else
|
||||
|
||||
%pre -f dnsmasq.pre
|
||||
%endif
|
||||
%service_add_pre %{name}.service
|
||||
|
||||
%post
|
||||
%service_add_post %{name}.service
|
||||
# reload dbus after install or upgrade to apply new policies
|
||||
if [ -z "${TRANSACTIONAL_UPDATE}" -a -x %{_bindir}/systemctl ]; then
|
||||
%{_bindir}/systemctl reload dbus.service 2>/dev/null || :
|
||||
fi
|
||||
|
||||
%preun
|
||||
%service_del_preun %{name}.service
|
||||
|
||||
%postun
|
||||
%service_del_postun %{name}.service
|
||||
# reload dbus after uninstall, our policies are gone again
|
||||
if [ $1 -eq 0 -a -z "${TRANSACTIONAL_UPDATE}" \
|
||||
-a -x %{_bindir}/systemctl ]; then
|
||||
%{_bindir}/systemctl reload dbus.service 2>/dev/null || :
|
||||
fi
|
||||
|
||||
%install
|
||||
make install-i18n DESTDIR=%{buildroot} PREFIX=%{_prefix} AWK=gawk COPTS=%{_copts}
|
||||
install -d -m 755 %{buildroot}/%{_sysconfdir}/slp.reg.d
|
||||
install -m 644 dnsmasq.conf.example %{buildroot}/%{_sysconfdir}/dnsmasq.conf
|
||||
install -m 644 %{SOURCE3} %{buildroot}/%{_sysconfdir}/slp.reg.d/
|
||||
install -d 755 %{buildroot}%{_datadir}/dbus-1/system.d/
|
||||
install -m 644 dbus/dnsmasq.conf %{buildroot}%{_datadir}/dbus-1/system.d/dnsmasq.conf
|
||||
install -D -m 0644 %{SOURCE4} %{buildroot}%{_unitdir}/dnsmasq.service
|
||||
%if %{without tftp_user_package}
|
||||
install -d -m 0755 %{buildroot}/srv/tftpboot
|
||||
%else
|
||||
mkdir -p %{buildroot}%{_sysusersdir}
|
||||
install -m 0644 %{SOURCE6} %{buildroot}%{_sysusersdir}/
|
||||
%endif
|
||||
ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rcdnsmasq
|
||||
install -d -m 755 %{buildroot}/%{_sysconfdir}/dnsmasq.d
|
||||
install -m 644 trust-anchors.conf %{buildroot}/%{_sysconfdir}/dnsmasq.d/trust-anchors.conf
|
||||
|
||||
# utils subpackage
|
||||
mkdir -p %{buildroot}/%{_bindir} %{buildroot}/%{_mandir}/man1
|
||||
make -C contrib/lease-tools %{?_smp_mflags}
|
||||
install -m 755 contrib/lease-tools/dhcp_release %{buildroot}/%{_bindir}/dhcp_release
|
||||
install -m 644 contrib/lease-tools/dhcp_release.1 %{buildroot}/%{_mandir}/man1/dhcp_release.1
|
||||
install -m 755 contrib/lease-tools/dhcp_release6 %{buildroot}/%{_bindir}/dhcp_release6
|
||||
install -m 644 contrib/lease-tools/dhcp_release6.1 %{buildroot}/%{_mandir}/man1/dhcp_release6.1
|
||||
install -m 755 contrib/lease-tools/dhcp_lease_time %{buildroot}/%{_bindir}/dhcp_lease_time
|
||||
install -m 644 contrib/lease-tools/dhcp_lease_time.1 %{buildroot}/%{_mandir}/man1/dhcp_lease_time.1
|
||||
make -C contrib/lease-tools clean
|
||||
rm -rf contrib/Suse
|
||||
rm -rf contrib/Solaris10
|
||||
rm -rf contrib/dnsmasq_MacOSX-pre10.4
|
||||
rm -rf contrib/slackware-dnsmasq
|
||||
rm -rf contrib/MacOSX-launchd
|
||||
|
||||
%find_lang %{name} --with-man
|
||||
|
||||
%files -f %{name}.lang
|
||||
%license COPYING COPYING-v3
|
||||
%doc CHANGELOG FAQ doc.html setup.html dnsmasq.conf.example contrib dbus
|
||||
%config(noreplace) %{_sysconfdir}/dnsmasq.conf
|
||||
%{_sbindir}/dnsmasq
|
||||
%{_sbindir}/rcdnsmasq
|
||||
%dir %{_sysconfdir}/slp.reg.d/
|
||||
%config %attr(0644,root,root) /%{_sysconfdir}/slp.reg.d/dnsmasq.reg
|
||||
%{_mandir}/man8/dnsmasq.8%{?ext_man}
|
||||
%{_datadir}/dbus-1/system.d/dnsmasq.conf
|
||||
%{_unitdir}/dnsmasq.service
|
||||
%dir %{_sysconfdir}/dnsmasq.d
|
||||
%config(noreplace) %{_sysconfdir}/dnsmasq.d/trust-anchors.conf
|
||||
%if %{without tftp_user_package}
|
||||
%dir %attr(0755,tftp,tftp) /srv/tftpboot
|
||||
%else
|
||||
%{_sysusersdir}/system-user-dnsmasq.conf
|
||||
%endif
|
||||
|
||||
%files utils
|
||||
%{_bindir}/dhcp_*
|
||||
%{_mandir}/man1/dhcp_*
|
||||
|
||||
%changelog
|
90
rc.dnsmasq-suse
Normal file
90
rc.dnsmasq-suse
Normal file
@ -0,0 +1,90 @@
|
||||
#! /bin/sh
|
||||
#
|
||||
# init.d/dnsmasq
|
||||
#
|
||||
### BEGIN INIT INFO
|
||||
# Provides: dnsmasq
|
||||
# Required-Start: $network $remote_fs $syslog
|
||||
# Required-Stop: $remote_fs $syslog
|
||||
# Default-Start: 3 5
|
||||
# Default-Stop:
|
||||
# Description: Starts internet name service masq caching server (DNS)
|
||||
### END INIT INFO
|
||||
|
||||
NAMED_BIN=/usr/sbin/dnsmasq
|
||||
NAMED_PID=/var/run/dnsmasq.pid
|
||||
NAMED_CONF=/etc/dnsmasq.conf
|
||||
|
||||
if [ ! -x $NAMED_BIN ] ; then
|
||||
echo -n "dnsmasq not installed! "
|
||||
exit 5
|
||||
fi
|
||||
|
||||
. /etc/rc.status
|
||||
rc_reset
|
||||
|
||||
case "$1" in
|
||||
start)
|
||||
if grep "^[^#].*/etc/ppp/" /etc/dnsmasq.conf >/dev/null 2>&1; then
|
||||
echo
|
||||
echo "Warning! dnsmasq can not read the /etc/ppp directory anymore";
|
||||
echo " but /etc/ppp seems to be used in your config";
|
||||
echo " use /var/run/ instead like /var/run/dnsmasq-forwarders.conf";
|
||||
echo
|
||||
fi
|
||||
echo -n "Starting name service masq caching server "
|
||||
checkproc -p $NAMED_PID $NAMED_BIN
|
||||
if [ $? -eq 0 ] ; then
|
||||
echo -n "- Warning: dnsmasq already running! "
|
||||
else
|
||||
[ -e $NAMED_PID ] && echo -n "- Warning: $NAMED_PID exists! "
|
||||
fi
|
||||
startproc -p $NAMED_PID $NAMED_BIN -u dnsmasq
|
||||
rc_status -v
|
||||
;;
|
||||
stop)
|
||||
echo -n "Shutting name service masq caching server "
|
||||
checkproc -p $NAMED_PID $NAMED_BIN
|
||||
[ $? -ne 0 ] && echo -n "- Warning: dnsmasq not running! "
|
||||
killproc -p $NAMED_PID -TERM $NAMED_BIN
|
||||
rc_status -v
|
||||
;;
|
||||
try-restart|force-reload)
|
||||
if $0 status ; then
|
||||
$0 restart
|
||||
else
|
||||
rc_reset
|
||||
fi
|
||||
rc_status
|
||||
;;
|
||||
restart)
|
||||
if checkproc -p $NAMED_PID $NAMED_BIN ; then
|
||||
$0 stop
|
||||
fi
|
||||
$0 start
|
||||
rc_status
|
||||
;;
|
||||
reload)
|
||||
echo -n "Reloading name service masq caching server unsupported "
|
||||
rc_failed 3
|
||||
rc_status -v
|
||||
;;
|
||||
sighup)
|
||||
echo -n "Sending SIGHUP to name service masq caching server "
|
||||
killproc -p $NAMED_PID -HUP $NAMED_BIN
|
||||
rc_status -v
|
||||
;;
|
||||
status)
|
||||
echo -n "Checking for name service masq caching server "
|
||||
checkproc -p $NAMED_PID $NAMED_BIN
|
||||
rc_status -v
|
||||
;;
|
||||
probe)
|
||||
test $NAMED_CONF -nt $NAMED_PID && echo reload
|
||||
;;
|
||||
*)
|
||||
echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|sighup|probe}"
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
rc_exit
|
3
system-user-dnsmasq.conf
Normal file
3
system-user-dnsmasq.conf
Normal file
@ -0,0 +1,3 @@
|
||||
#Type Name ID GECOS Home directory Shell
|
||||
u dnsmasq - "dnsmasq" /var/lib/empty -
|
||||
m dnsmasq tftp - - -
|
Loading…
Reference in New Issue
Block a user