This commit is contained in:
Reinhard Max
Git OBS Bridge
parent
0c6831c53a
commit
029f71cf1d
@ -7,7 +7,9 @@ Thu Sep 23 08:48:12 UTC 2021 - Reinhard Max <max@suse.com>
|
||||
* bsc#1176076: dnsmasq-servfail.patch
|
||||
* bsc#1156543: dnsmasq-siocgstamp.patch
|
||||
* bsc#1138743: dnsmasq-cache-size.patch
|
||||
* bsc#1076958: CVE-2017-15107, dnsmasq-CVE-2017-15107.patch
|
||||
* bsc#1076958: CVE-2017-15107, dnsmasq-CVE-2017-15107.patch
|
||||
* bsc#1180914: Open inotify socket only when used.
|
||||
- bsc#1173646: Set --local-service by default.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Sep 17 11:10:17 UTC 2021 - Reinhard Max <max@suse.com>
|
||||
|
||||
14
dnsmasq.spec
14
dnsmasq.spec
@ -101,9 +101,21 @@ sed -i -e 's|CACHESIZ 150|CACHESIZ 2000|;
|
||||
s|CHGRP "dip"|CHGRP "nogroup"|' \
|
||||
src/config.h
|
||||
|
||||
# Fix trust-anchor.conf location and include /etc/dnsmasq.d/*.conf by default
|
||||
# Tweaks to the default configuration:
|
||||
# - Fix trust-anchor.conf location
|
||||
# - Include /etc/dnsmasq.d/*.conf by default
|
||||
# - Only answer queries coming from the local network
|
||||
sed -i -e '/trust-anchors.conf/c\#conf-file=%{_sysconfdir}/dnsmasq.d/trust-anchors.conf' \
|
||||
-e '/conf-dir=.*conf/s/^\#//' \
|
||||
-e '0,/^$/{/^$/a \
|
||||
# Accept DNS queries only from hosts whose address is on a local\
|
||||
# subnet, ie a subnet for which an interface exists on the server.\
|
||||
# It is intended to be set as a default on installation, to allow\
|
||||
# unconfigured installations to be useful but also safe from being\
|
||||
# used for DNS amplification attacks.\
|
||||
local-service\
|
||||
|
||||
}' \
|
||||
dnsmasq.conf.example
|
||||
|
||||
%build
|
||||
|
||||
Loading…
Reference in New Issue
Block a user