2007-01-16 00:10:19 +01:00
|
|
|
#
|
2011-05-05 10:40:27 +02:00
|
|
|
# spec file for package dnsmasq
|
2007-01-16 00:10:19 +01:00
|
|
|
#
|
- Update to 2.83:
* bsc#1177077: Fixed DNSpooq vulnerabilities
* Use the values of --min-port and --max-port in outgoing
TCP connections to upstream DNS servers.
* Fix a remote buffer overflow problem in the DNSSEC code.
Any dnsmasq with DNSSEC compiled in and enabled is vulnerable
to this, referenced by CVE-2020-25681, CVE-2020-25682,
CVE-2020-25683 CVE-2020-25687.
* Be sure to only accept UDP DNS query replies at the address
from which the query was originated. This keeps as much
entropy in the {query-ID, random-port} tuple as possible, to
help defeat cache poisoning attacks. Refer: CVE-2020-25684.
* Use the SHA-256 hash function to verify that DNS answers
received are for the questions originally asked. This replaces
the slightly insecure SHA-1 (when compiled with DNSSEC) or
the very insecure CRC32 (otherwise). Refer: CVE-2020-25685
* Handle multiple identical near simultaneous DNS queries better.
Previously, such queries would all be forwarded independently.
This is, in theory, inefficent but in practise not a problem,
_except_ that is means that an answer for any of the forwarded
queries will be accepted and cached.
An attacker can send a query multiple times, and for each
repeat, another {port, ID} becomes capable of accepting the
answer he is sending in the blind, to random IDs and ports.
The chance of a succesful attack is therefore multiplied by the
number of repeats of the query. The new behaviour detects
repeated queries and merely stores the clients sending repeats
so that when the first query completes, the answer can be sent
to all the clients who asked. Refer: CVE-2020-25686.
OBS-URL: https://build.opensuse.org/package/show/network/dnsmasq?expand=0&rev=126
2021-01-19 13:32:14 +01:00
|
|
|
# Copyright (c) 2021 SUSE LLC
|
2007-01-16 00:10:19 +01:00
|
|
|
#
|
2008-08-15 23:07:27 +02:00
|
|
|
# All modifications and additions to the file contributed by third parties
|
|
|
|
# remain the property of their copyright owners, unless otherwise agreed
|
|
|
|
# upon. The license for this file, and modifications and additions to the
|
|
|
|
# file, is the same license as for the pristine package itself (unless the
|
|
|
|
# license for the pristine package is not an Open Source License, in which
|
|
|
|
# case the license is the MIT License). An "Open Source License" is a
|
|
|
|
# license that conforms to the Open Source Definition (Version 1.9)
|
|
|
|
# published by the Open Source Initiative.
|
|
|
|
|
2019-09-05 13:34:19 +02:00
|
|
|
# Please submit bugfixes or comments via https://bugs.opensuse.org/
|
2007-01-16 00:10:19 +01:00
|
|
|
#
|
|
|
|
|
|
|
|
|
2021-11-18 14:53:24 +01:00
|
|
|
%if 0%{?suse_version} >= 1550 || 0%{?sle_version} >= 150300
|
2019-11-13 15:15:14 +01:00
|
|
|
%bcond_without tftp_user_package
|
2021-11-18 14:53:24 +01:00
|
|
|
%else
|
|
|
|
%bcond_with tftp_user_package
|
2019-11-13 15:15:14 +01:00
|
|
|
%endif
|
2007-01-16 00:10:19 +01:00
|
|
|
Name: dnsmasq
|
2021-09-17 13:27:06 +02:00
|
|
|
Version: 2.86
|
2020-07-31 16:11:53 +02:00
|
|
|
Release: 0
|
2018-10-22 11:28:32 +02:00
|
|
|
Summary: DNS Forwarder and DHCP Server
|
2018-07-17 10:06:47 +02:00
|
|
|
License: GPL-2.0-only OR GPL-3.0-only
|
2007-01-16 00:10:19 +01:00
|
|
|
Group: Productivity/Networking/DNS/Servers
|
2021-04-19 22:45:47 +02:00
|
|
|
URL: https://thekelleys.org.uk/dnsmasq/
|
|
|
|
Source0: https://thekelleys.org.uk/%{name}/%{name}-%{version}.tar.xz
|
|
|
|
Source1: https://thekelleys.org.uk/%{name}/%{name}-%{version}.tar.xz.asc
|
2016-03-06 09:08:56 +01:00
|
|
|
Source2: %{name}.keyring
|
|
|
|
Source3: dnsmasq.reg
|
|
|
|
Source4: dnsmasq.service
|
|
|
|
Source5: rc.dnsmasq-suse
|
2021-06-07 12:59:49 +02:00
|
|
|
Source6: system-user-dnsmasq.conf
|
2016-03-06 09:08:56 +01:00
|
|
|
Source8: %{name}-rpmlintrc
|
2016-06-16 14:44:49 +02:00
|
|
|
Patch0: dnsmasq-groups.patch
|
2021-11-18 15:11:14 +01:00
|
|
|
Patch1: dnsmasq-resolv-conf.patch
|
2012-02-07 16:24:59 +01:00
|
|
|
BuildRequires: dbus-1-devel
|
2014-12-29 09:46:59 +01:00
|
|
|
BuildRequires: dos2unix
|
2019-01-24 09:33:18 +01:00
|
|
|
BuildRequires: libidn2-devel
|
2014-08-26 14:34:11 +02:00
|
|
|
BuildRequires: libnettle-devel
|
2018-10-19 20:44:49 +02:00
|
|
|
BuildRequires: lua-devel
|
2020-07-31 16:11:53 +02:00
|
|
|
BuildRequires: pkgconfig
|
2012-06-28 08:18:18 +02:00
|
|
|
BuildRequires: pkgconfig(libnetfilter_conntrack)
|
2019-06-12 08:05:10 +02:00
|
|
|
BuildRequires: pkgconfig(systemd)
|
2018-10-22 11:28:32 +02:00
|
|
|
Requires(pre): group(nogroup)
|
2020-07-31 16:11:53 +02:00
|
|
|
Provides: dns_daemon
|
2019-11-13 15:29:51 +01:00
|
|
|
%if %{with tftp_user_package}
|
2021-06-07 12:59:49 +02:00
|
|
|
BuildRequires: sysuser-tools
|
2019-11-13 12:21:17 +01:00
|
|
|
Requires(pre): user(tftp)
|
2021-06-07 12:59:49 +02:00
|
|
|
%sysusers_requires
|
2019-11-13 15:15:14 +01:00
|
|
|
%else
|
2020-07-31 16:11:53 +02:00
|
|
|
Requires(pre): %{_sbindir}/useradd
|
2019-11-13 15:15:14 +01:00
|
|
|
%endif
|
2007-01-16 00:10:19 +01:00
|
|
|
|
|
|
|
%description
|
2018-10-22 11:28:32 +02:00
|
|
|
Dnsmasq provides network infrastructure for small networks: DNS,
|
|
|
|
DHCP, router advertisement and network boot.
|
|
|
|
|
|
|
|
The DNS subsystem supprots forwarding of all query types, and caching
|
|
|
|
of common record types, DNSSEC included. The DHCP subsystem supports
|
|
|
|
DHCPv4, DHCPv6, BOOTP and PXE. RA can be used stand-alone or in
|
|
|
|
conjunction with DHCPv6.
|
2007-01-16 00:10:19 +01:00
|
|
|
|
2013-03-12 19:56:12 +01:00
|
|
|
%package utils
|
|
|
|
Summary: Utilities for manipulating DHCP server leases
|
|
|
|
Group: Productivity/Networking/DNS/Servers
|
|
|
|
|
|
|
|
%description utils
|
|
|
|
Utilities that use the standard DHCP protocol to query/remove a DHCP
|
|
|
|
server's leases.
|
|
|
|
|
2007-01-16 00:10:19 +01:00
|
|
|
%prep
|
2016-03-06 09:08:56 +01:00
|
|
|
%setup -q
|
2016-06-16 14:44:49 +02:00
|
|
|
%patch0
|
2021-11-18 15:11:14 +01:00
|
|
|
%patch1
|
2014-12-29 09:46:59 +01:00
|
|
|
|
2017-12-01 16:00:21 +01:00
|
|
|
# Remove the executable bit from python example files to
|
|
|
|
# avoid unwanted automatic dependencies
|
2018-10-22 11:28:32 +02:00
|
|
|
find contrib -name *.py -exec chmod a-x '{}' +
|
2017-12-01 16:00:21 +01:00
|
|
|
|
2014-12-29 09:46:59 +01:00
|
|
|
# Some docs have the DOS line ends
|
|
|
|
dos2unix contrib/systemd/dbus_activation
|
|
|
|
|
|
|
|
# SED-FIX-UPSTREAM -- Fix paths
|
2020-07-31 16:11:53 +02:00
|
|
|
sed -i -e 's|\(PREFIX *= *\)%{_prefix}/local|\1/usr|;
|
2015-01-06 11:58:42 +01:00
|
|
|
s|$(LDFLAGS)|$(CFLAGS) $(LDFLAGS)|' \
|
|
|
|
Makefile
|
2014-12-29 09:46:59 +01:00
|
|
|
|
2019-09-05 13:34:19 +02:00
|
|
|
# use lua5.3 instead of lua5.2
|
2021-01-30 09:06:09 +01:00
|
|
|
sed -i -e 's|lua5.2|lua%{lua_version}|' Makefile
|
2018-10-19 20:44:49 +02:00
|
|
|
|
2014-12-29 09:46:59 +01:00
|
|
|
# SED-FIX-UPSTREAM -- Fix man page
|
2019-11-13 12:21:17 +01:00
|
|
|
sed -i -e 's|The default is "dip",|The default is "nogroup",|' \
|
2015-01-06 11:58:42 +01:00
|
|
|
man/dnsmasq.8
|
2014-12-29 09:46:59 +01:00
|
|
|
|
|
|
|
# SED-FIX-UPSTREAM -- Fix cachesize, group and user
|
2015-01-06 11:58:42 +01:00
|
|
|
sed -i -e 's|CACHESIZ 150|CACHESIZ 2000|;
|
|
|
|
s|CHUSER "nobody"|CHUSER "dnsmasq"|;
|
|
|
|
s|CHGRP "dip"|CHGRP "nogroup"|' \
|
|
|
|
src/config.h
|
2007-01-16 00:10:19 +01:00
|
|
|
|
2021-09-23 14:02:11 +02:00
|
|
|
# Tweaks to the default configuration:
|
|
|
|
# - Fix trust-anchor.conf location
|
|
|
|
# - Include /etc/dnsmasq.d/*.conf by default
|
|
|
|
# - Only answer queries coming from the local network
|
2020-07-31 16:11:53 +02:00
|
|
|
sed -i -e '/trust-anchors.conf/c\#conf-file=%{_sysconfdir}/dnsmasq.d/trust-anchors.conf' \
|
2019-11-13 12:21:17 +01:00
|
|
|
-e '/conf-dir=.*conf/s/^\#//' \
|
2021-09-23 14:02:11 +02:00
|
|
|
-e '0,/^$/{/^$/a \
|
|
|
|
# Accept DNS queries only from hosts whose address is on a local\
|
|
|
|
# subnet, ie a subnet for which an interface exists on the server.\
|
|
|
|
# It is intended to be set as a default on installation, to allow\
|
|
|
|
# unconfigured installations to be useful but also safe from being\
|
|
|
|
# used for DNS amplification attacks.\
|
|
|
|
local-service\
|
|
|
|
|
|
|
|
}' \
|
2015-04-24 10:43:40 +02:00
|
|
|
dnsmasq.conf.example
|
|
|
|
|
2007-01-16 00:10:19 +01:00
|
|
|
%build
|
|
|
|
mv po/no.po po/nb.po
|
2020-07-31 16:11:53 +02:00
|
|
|
export CFLAGS="%{optflags} -std=gnu99 -fPIC -DPIC -fpie"
|
2012-02-07 16:24:59 +01:00
|
|
|
export LDFLAGS="-Wl,-z,relro,-z,now -pie"
|
2015-08-25 09:22:17 +02:00
|
|
|
# the dnsmasq make system hashes the configuration flags, so we have to supply the
|
|
|
|
# same flags for make and make install, else everything gets recompiled
|
2019-01-24 09:33:18 +01:00
|
|
|
%define _copts "-DHAVE_DBUS -DHAVE_CONNTRACK -DHAVE_LIBIDN2 -DHAVE_DNSSEC -DHAVE_LUASCRIPT"
|
2020-07-31 16:11:53 +02:00
|
|
|
%make_build AWK=gawk all-i18n CFLAGS="$CFLAGS" LDFLAGS="$LDFLAGS" COPTS=%{_copts}
|
2021-06-07 12:59:49 +02:00
|
|
|
%if %{with tftp_user_package}
|
2021-07-05 15:31:21 +02:00
|
|
|
%sysusers_generate_pre %{SOURCE6} dnsmasq system-user-dnsmasq.conf
|
2021-06-07 12:59:49 +02:00
|
|
|
%endif
|
2007-01-16 00:10:19 +01:00
|
|
|
|
2019-11-13 15:29:51 +01:00
|
|
|
%if %{without tftp_user_package}
|
2021-06-07 12:59:49 +02:00
|
|
|
%pre
|
2020-07-31 16:11:53 +02:00
|
|
|
if ! %{_bindir}/getent group tftp >/dev/null; then
|
2019-11-13 15:15:14 +01:00
|
|
|
%{_sbindir}/groupadd -r tftp
|
|
|
|
fi
|
2020-07-31 16:11:53 +02:00
|
|
|
if ! %{_bindir}/getent passwd tftp >/dev/null; then
|
2019-11-13 15:15:14 +01:00
|
|
|
%{_sbindir}/useradd -c "TFTP account" -d /srv/tftpboot -G tftp -g tftp \
|
|
|
|
-r -s /bin/false tftp
|
|
|
|
fi
|
2020-07-31 16:11:53 +02:00
|
|
|
if ! %{_bindir}/getent passwd dnsmasq >/dev/null; then
|
|
|
|
%{_sbindir}/useradd -r -d %{_localstatedir}/lib/empty -s /bin/false -c "dnsmasq" -g nogroup -G tftp dnsmasq
|
2008-06-23 21:00:42 +02:00
|
|
|
fi
|
2021-06-07 12:59:49 +02:00
|
|
|
%else
|
2021-11-18 15:11:14 +01:00
|
|
|
|
2021-06-07 12:59:49 +02:00
|
|
|
%pre -f dnsmasq.pre
|
|
|
|
%endif
|
2012-02-07 16:24:59 +01:00
|
|
|
%service_add_pre %{name}.service
|
2012-02-08 17:00:07 +01:00
|
|
|
|
2007-01-16 00:10:19 +01:00
|
|
|
%post
|
2012-02-07 16:24:59 +01:00
|
|
|
%service_add_post %{name}.service
|
2017-08-18 13:16:45 +02:00
|
|
|
# reload dbus after install or upgrade to apply new policies
|
2020-07-31 16:11:53 +02:00
|
|
|
if [ -z "${TRANSACTIONAL_UPDATE}" -a -x %{_bindir}/systemctl ]; then
|
|
|
|
%{_bindir}/systemctl reload dbus.service 2>/dev/null || :
|
2018-07-17 10:06:47 +02:00
|
|
|
fi
|
2012-02-08 17:00:07 +01:00
|
|
|
|
2007-01-16 00:10:19 +01:00
|
|
|
%preun
|
2012-02-07 16:24:59 +01:00
|
|
|
%service_del_preun %{name}.service
|
2012-02-08 17:00:07 +01:00
|
|
|
|
2007-01-16 00:10:19 +01:00
|
|
|
%postun
|
2012-02-07 16:24:59 +01:00
|
|
|
%service_del_postun %{name}.service
|
2017-08-18 13:16:45 +02:00
|
|
|
# reload dbus after uninstall, our policies are gone again
|
2019-02-22 11:44:04 +01:00
|
|
|
if [ $1 -eq 0 -a -z "${TRANSACTIONAL_UPDATE}" \
|
2020-07-31 16:11:53 +02:00
|
|
|
-a -x %{_bindir}/systemctl ]; then
|
|
|
|
%{_bindir}/systemctl reload dbus.service 2>/dev/null || :
|
2017-08-18 13:16:45 +02:00
|
|
|
fi
|
2007-01-16 00:10:19 +01:00
|
|
|
|
|
|
|
%install
|
2020-07-31 16:11:53 +02:00
|
|
|
make install-i18n DESTDIR=%{buildroot} PREFIX=%{_prefix} AWK=gawk COPTS=%{_copts}
|
2018-10-22 11:28:32 +02:00
|
|
|
install -d -m 755 %{buildroot}/%{_sysconfdir}/slp.reg.d
|
|
|
|
install -m 644 dnsmasq.conf.example %{buildroot}/%{_sysconfdir}/dnsmasq.conf
|
2020-07-31 16:11:53 +02:00
|
|
|
install -m 644 %{SOURCE3} %{buildroot}/%{_sysconfdir}/slp.reg.d/
|
|
|
|
install -d 755 %{buildroot}%{_sysconfdir}/dbus-1/system.d/
|
|
|
|
install -m 644 dbus/dnsmasq.conf %{buildroot}%{_sysconfdir}/dbus-1/system.d/dnsmasq.conf
|
|
|
|
install -D -m 0644 %{SOURCE4} %{buildroot}%{_unitdir}/dnsmasq.service
|
2019-11-13 15:29:51 +01:00
|
|
|
%if %{without tftp_user_package}
|
2019-11-13 15:15:14 +01:00
|
|
|
install -d -m 0755 %{buildroot}/srv/tftpboot
|
2021-06-07 12:59:49 +02:00
|
|
|
%else
|
|
|
|
mkdir -p %{buildroot}%{_sysusersdir}
|
|
|
|
install -m 0644 %{SOURCE6} %{buildroot}%{_sysusersdir}/
|
2019-11-13 15:15:14 +01:00
|
|
|
%endif
|
2020-07-31 16:11:53 +02:00
|
|
|
ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rcdnsmasq
|
2018-10-22 11:28:32 +02:00
|
|
|
install -d -m 755 %{buildroot}/%{_sysconfdir}/dnsmasq.d
|
|
|
|
install -m 644 trust-anchors.conf %{buildroot}/%{_sysconfdir}/dnsmasq.d/trust-anchors.conf
|
2013-03-12 19:56:12 +01:00
|
|
|
|
|
|
|
# utils subpackage
|
2018-10-22 11:28:32 +02:00
|
|
|
mkdir -p %{buildroot}/%{_bindir} %{buildroot}/%{_mandir}/man1
|
2019-11-13 12:21:17 +01:00
|
|
|
make -C contrib/lease-tools %{?_smp_mflags}
|
2018-10-22 11:28:32 +02:00
|
|
|
install -m 755 contrib/lease-tools/dhcp_release %{buildroot}/%{_bindir}/dhcp_release
|
|
|
|
install -m 644 contrib/lease-tools/dhcp_release.1 %{buildroot}/%{_mandir}/man1/dhcp_release.1
|
2019-11-13 12:21:17 +01:00
|
|
|
install -m 755 contrib/lease-tools/dhcp_release6 %{buildroot}/%{_bindir}/dhcp_release6
|
|
|
|
install -m 644 contrib/lease-tools/dhcp_release6.1 %{buildroot}/%{_mandir}/man1/dhcp_release6.1
|
2018-10-22 11:28:32 +02:00
|
|
|
install -m 755 contrib/lease-tools/dhcp_lease_time %{buildroot}/%{_bindir}/dhcp_lease_time
|
|
|
|
install -m 644 contrib/lease-tools/dhcp_lease_time.1 %{buildroot}/%{_mandir}/man1/dhcp_lease_time.1
|
2019-11-13 12:21:17 +01:00
|
|
|
make -C contrib/lease-tools clean
|
2014-08-06 13:50:45 +02:00
|
|
|
rm -rf contrib/Suse
|
|
|
|
rm -rf contrib/Solaris10
|
|
|
|
rm -rf contrib/dnsmasq_MacOSX-pre10.4
|
|
|
|
rm -rf contrib/slackware-dnsmasq
|
|
|
|
rm -rf contrib/MacOSX-launchd
|
2013-03-12 19:56:12 +01:00
|
|
|
|
2012-06-28 08:18:18 +02:00
|
|
|
%find_lang %{name} --with-man
|
2007-01-16 00:10:19 +01:00
|
|
|
|
2008-01-07 02:45:31 +01:00
|
|
|
%files -f %{name}.lang
|
2018-07-17 10:06:47 +02:00
|
|
|
%license COPYING COPYING-v3
|
|
|
|
%doc CHANGELOG FAQ doc.html setup.html dnsmasq.conf.example contrib dbus
|
2012-06-28 08:18:18 +02:00
|
|
|
%config(noreplace) %{_sysconfdir}/dnsmasq.conf
|
2008-01-07 02:45:31 +01:00
|
|
|
%{_sbindir}/dnsmasq
|
2013-04-22 13:35:55 +02:00
|
|
|
%{_sbindir}/rcdnsmasq
|
2008-09-13 03:47:51 +02:00
|
|
|
%dir %{_sysconfdir}/slp.reg.d/
|
|
|
|
%config %attr(0644,root,root) /%{_sysconfdir}/slp.reg.d/dnsmasq.reg
|
2020-07-31 16:11:53 +02:00
|
|
|
%{_mandir}/man8/dnsmasq.8%{?ext_man}
|
|
|
|
%config(noreplace) %{_sysconfdir}/dbus-1/system.d/dnsmasq.conf
|
2013-04-04 10:35:14 +02:00
|
|
|
%{_unitdir}/dnsmasq.service
|
2015-04-24 10:43:40 +02:00
|
|
|
%dir %{_sysconfdir}/dnsmasq.d
|
|
|
|
%config(noreplace) %{_sysconfdir}/dnsmasq.d/trust-anchors.conf
|
2019-11-13 15:29:51 +01:00
|
|
|
%if %{without tftp_user_package}
|
2019-11-13 15:15:14 +01:00
|
|
|
%dir %attr(0755,tftp,tftp) /srv/tftpboot
|
2021-06-07 12:59:49 +02:00
|
|
|
%else
|
|
|
|
%{_sysusersdir}/system-user-dnsmasq.conf
|
2019-11-13 15:29:51 +01:00
|
|
|
%endif
|
2019-11-13 15:15:14 +01:00
|
|
|
|
2013-03-12 19:56:12 +01:00
|
|
|
%files utils
|
|
|
|
%{_bindir}/dhcp_*
|
|
|
|
%{_mandir}/man1/dhcp_*
|
|
|
|
|
2007-03-06 17:48:16 +01:00
|
|
|
%changelog
|