Accepting request 800348 from home:polslinux:branches:network

- Update to 2.81:
  *	Improve cache behaviour for TCP connections
  *	Remove the NO_FORK compile-time option, and support for uclinux
  *	Fix line-counting when reading /etc/hosts and friends
  *	Fix bug in DNS non-terminal code, added in 2.80, which could
	sometimes cause a NODATA rather than an NXDOMAIN reply.
  *	Support TCP-fastopen (RFC-7413) on both incoming and
	outgoing TCP connections, if supported and enabled in the OS.
  *	Improve kernel-capability manipulation code under Linux
  *	Add --shared-network config. This enables allocation of addresses
	by the DHCP server in subnets where the server (or relay) does not
	have an interface on the network in that subnet. Many thanks to
	kamp.de for sponsoring this feature.
  *	Fix broken contrib/lease_tools/dhcp_lease_time.c. A packet
	validation check got borked in commit 2b38e382 and release 2.80.
	Thanks to Tomasz Szajner for spotting this.
  *	Fix compilation against nettle version 3.5 and later.
  *	Fix spurious DNSSEC validation failures when the auth section
	of a reply contains unsigned RRs from a signed zone,
	with the exception that NSEC and NSEC3 RRs must always be signed.
        Thanks to Tore Anderson for spotting and diagnosing the bug.
  *	Add --dhcp-ignore-clid. This disables reading of DHCP client
	identifier option (option 61), so clients are only identified by
	MAC addresses.
  *	Fix a bug which stopped --dhcp-name-match from working when a hostname
	is supplied in --dhcp-host. Thanks to James Feeney for spotting this.
  *	Fix bug which caused very rarely caused zero-length DHCPv6 packets.
	Thanks to Dereck Higgins for spotting this.
  *	Add --tftp-single-port option.
  *	Enhance --conf-dir to load files in a deterministic order
  * Add filtering by tag of --dhcp-host directives
  * Remove DSA signature verification from DNSSEC, as specified in
	RFC 8624
  *	Add --script-on-renewal option.
- Remove Fix-build-with-libnettle-3.5.patch
- Remove 0001-fix-build-after-y2038-changes-in-glibc.patch
- Remove dnsmasq-CVE-2019-14834.patch

OBS-URL: https://build.opensuse.org/request/show/800348
OBS-URL: https://build.opensuse.org/package/show/network/dnsmasq?expand=0&rev=122

0001-fix-build-after-y2038-changes-in-glibc.patch

@@ -1,27 +0,0 @@
-From: Jiri Slaby <jslaby@suse.cz>
-Date: Wed, 10 Jul 2019 08:19:06 +0200
-Subject: fix build after y2038 changes in glibc
-Patch-mainline: submitted on 2019/07/10
-
-SIOCGSTAMP is defined in linux/sockios.h, not asm/sockios.h now.
-
-Signed-off-by: Jiri Slaby <jslaby@suse.cz>
----
- src/dnsmasq.h | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/src/dnsmasq.h b/src/dnsmasq.h
-index ff3204a..3ef04ad 100644
---- a/src/dnsmasq.h
-+++ b/src/dnsmasq.h
-@@ -137,6 +137,7 @@ typedef unsigned long long u64;
- #endif
- 
- #if defined(HAVE_LINUX_NETWORK)
-+#include <linux/sockios.h>
- #include <linux/capability.h>
- /* There doesn't seem to be a universally-available 
-    userspace header for these. */
--- 
-2.21.0
-

Fix-build-with-libnettle-3.5.patch

@@ -1,41 +0,0 @@
-From: Vladislav Grishenko <themiron@mail.ru>
-Date: Wed, 26 Jun 2019 15:27:11 +0000 (+0500)
-Subject: Fix build with libnettle 3.5
-X-Git-Url: http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commitdiff_plain;h=ab73a746a0d6fcac2e682c5548eeb87fb9c9c82e;hp=69bc94779c2f035a9fffdb5327a54c3aeca73ed5
-
-Fix build with libnettle 3.5
----
-
-diff --git a/src/crypto.c b/src/crypto.c
-index ebb871e..fecc64a 100644
---- a/src/crypto.c
-+++ b/src/crypto.c
-@@ -275,6 +275,10 @@ static int dnsmasq_ecdsa_verify(struct blockdata *key_data, unsigned int key_len
-   static struct ecc_point *key_256 = NULL, *key_384 = NULL;
-   static mpz_t x, y;
-   static struct dsa_signature *sig_struct;
-+#if NETTLE_VERSION_MAJOR == 3 && NETTLE_VERSION_MINOR < 4
-+#define nettle_get_secp_256r1() (&nettle_secp_256r1)
-+#define nettle_get_secp_384r1() (&nettle_secp_384r1)
-+#endif
-   
-   if (!sig_struct)
-     {
-@@ -294,7 +298,7 @@ static int dnsmasq_ecdsa_verify(struct blockdata *key_data, unsigned int key_len
- 	  if (!(key_256 = whine_malloc(sizeof(struct ecc_point))))
- 	    return 0;
- 	  
--	  nettle_ecc_point_init(key_256, &nettle_secp_256r1);
-+	  nettle_ecc_point_init(key_256, nettle_get_secp_256r1());
- 	}
-       
-       key = key_256;
-@@ -307,7 +311,7 @@ static int dnsmasq_ecdsa_verify(struct blockdata *key_data, unsigned int key_len
- 	  if (!(key_384 = whine_malloc(sizeof(struct ecc_point))))
- 	    return 0;
- 	  
--	  nettle_ecc_point_init(key_384, &nettle_secp_384r1);
-+	  nettle_ecc_point_init(key_384, nettle_get_secp_384r1());
- 	}
-       
-       key = key_384;

dnsmasq-2.80.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:cdaba2785e92665cf090646cba6f94812760b9d7d8c8d0cfb07ac819377a63bb
-size 501072

dnsmasq-2.80.tar.xz.asc

@@ -1,17 +0,0 @@
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v2
-
-iQIcBAABCAAGBQJbyM91AAoJEBXN2mrhkTWi4AoP/0u8jQUHT6452+VKZRWsskJo
-Msfvi1XXVRC+Srt0Vzt4FQaLCDZsBChXtRzWgbmroLfwnqshIKE/jSbiAd5vz4SH
-czfA4Y9BZHImfornkr3WIaO1V8Y2W0UrB1q84JfhCv/CK+vg29GEMK57vXZJQkUe
-tFWifHRx9eb8vIodTUuVzsNzC9ggEzDrPbe/heJeiNNEfAF24gdFh0XJCfCiYKuv
-tF9vBfLVHR8xp3pIEtS95tKhbUdtb4iWrWrYLICBw38lhD+yfGKslwle5lFqXBHe
-wNTX1Ynzlio7iWQBv6SSfBA91UUPdsFP9DwaOv024k9knpn3wpCWDjOupKOrbMWv
-YsyPOC4LaUBFxuvhlwsrN2gsfhTmxrnzj5raB5Gcf/K60WcOLIkN6aLa1etBFIpQ
-N748IppqIm5nU199K8XSFJe2VxlQ2nH7xgL2/JNSzmOQZwkk6XfSBvL0ZtL7uAos
-X8U3MheRZv4aKY0cQSVN1M8cprIS290N64xpYRt3k+zpfW9zyYhjTAf/YHTRnTTt
-p8q2LxibzF9sd7N01Vp7rq7pMbFlQ3WKOy0QY0i7poxyYTO6v1V3kQFkTkC0U2P1
-5qlx/j5Sq4/Sr/zO/v7ejpc8XZexKIUYCjjsHm4/qJyTMkgWGayHq7a2aIuY9T6M
-N+rWUqRpj5o49g3zcd+d
-=PMEN
------END PGP SIGNATURE-----

dnsmasq-2.81.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:749ca903537c5197c26444ac24b0dce242cf42595fdfe6b9a5b9e4c7ad32f8fb
+size 510648

dnsmasq-2.81.tar.xz.asc

@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2
+
+iQIcBAABCAAGBQJekkKsAAoJEBXN2mrhkTWiPIUQAKn8QayVwrx7G9H6iY8cMp6p
+yTmZ7XZyKUb+RY5ZZr1dUV9vdv5nNDbkNYOdViwjlzNficaxwJk+9jW7fz4lxGuS
+eIU5BdejCKoRJH2L6JAnUwRz742O7/TfoyyjyDLGW52qx3tlWyD5VMCsYmu5/7Mb
+yVLifBCgvOKCGhXxJV7cWU/zCWGR0vDKu1kYvMbRnz3HzNVtOPLHA8PjQ6aDGbRf
+PBygCQzyvsNIpEDmCfWwgSp8WBenpHmcR9amPIrTPUAmZ3TLtF7yBhZ1sGPqd+Sn
+RXnjc5LyZw0MdK/3/g1SLt8z1kgvl1eNQIVvonG0sxg3m7RqWIcrM76uw03voW9B
+Fkx+xe+nIKgu8fTSnvJxWE7j4d4pDjte/uQoZhr8RxqRnmOpz+NteC5hzGS5Qk1p
+a+Nt3MjW1sfKHHtLwszgwHjnqLGHOFNE6BQjKuQj1WQ+SJv16sele/gKRo8J8hMG
+HRfH1JTr48ikvXLBrUOJ8zCcw/HBcimvv4Awmw6pyIVup5zYztjVDPLXcjINj8t4
+UXji3WcEjevZ0LA4Dz/S4jlz5NR/ne5Grqvsv42FKXBn7AoOVzHmQqiX1rZL8G5u
+1aCiM8FdUJaoysSxSNGMpISE4lAhO/vjbZD0tCzCQSpfW8erYPKKBYG/dY9p/Di1
+Bysh+4glD6m578lOw67q
+=EWoa
+-----END PGP SIGNATURE-----

dnsmasq-CVE-2019-14834.patch

@@ -1,33 +0,0 @@
-X-Git-Url: http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=blobdiff_plain;f=src%2Fhelper.c;h=c392eeced3e73762d3ea6a2f9fa27ab5ae389241;hp=33ba120ab39e3788719a18796b5b58338972e1e8;hb=69bc94779c2f035a9fffdb5327a54c3aeca73ed5;hpb=3052ce208acf602f0163166dcefb7330d537cedb
-
---- src/helper.c.orig
-+++ src/helper.c
-@@ -82,7 +82,8 @@ int create_helper(int event_fd, int err_
-   pid_t pid;
-   int i, pipefd[2];
-   struct sigaction sigact;
--
-+  unsigned char *alloc_buff = NULL;
-+  
-   /* create the pipe through which the main program sends us commands,
-      then fork our process. */
-   if (pipe(pipefd) == -1 || !fix_fd(pipefd[1]) || (pid = fork()) == -1)
-@@ -188,11 +189,16 @@ int create_helper(int event_fd, int err_
-       struct script_data data;
-       char *p, *action_str, *hostname = NULL, *domain = NULL;
-       unsigned char *buf = (unsigned char *)daemon->namebuff;
--      unsigned char *end, *extradata, *alloc_buff = NULL;
-+      unsigned char *end, *extradata;
-       int is6, err = 0;
-       int pipeout[2];
- 
--      free(alloc_buff);
-+      /* Free rarely-allocated memory from previous iteration. */
-+      if (alloc_buff)
-+	{
-+	  free(alloc_buff);
-+	  alloc_buff = NULL;
-+	}
-       
-       /* we read zero bytes when pipe closed: this is our signal to exit */ 
-       if (!read_write(pipefd[0], (unsigned char *)&data, sizeof(data), 1))

dnsmasq.changes

@@ -1,3 +1,44 @@
+-------------------------------------------------------------------
+Tue May  5 11:26:55 UTC 2020 - Paolo Stivanin <info@paolostivanin.com>
+
+- Update to 2.81:
+  *	Improve cache behaviour for TCP connections
+  *	Remove the NO_FORK compile-time option, and support for uclinux
+  *	Fix line-counting when reading /etc/hosts and friends
+  *	Fix bug in DNS non-terminal code, added in 2.80, which could
+	sometimes cause a NODATA rather than an NXDOMAIN reply.
+  *	Support TCP-fastopen (RFC-7413) on both incoming and
+	outgoing TCP connections, if supported and enabled in the OS.
+  *	Improve kernel-capability manipulation code under Linux
+  *	Add --shared-network config. This enables allocation of addresses
+	by the DHCP server in subnets where the server (or relay) does not
+	have an interface on the network in that subnet. Many thanks to
+	kamp.de for sponsoring this feature.
+  *	Fix broken contrib/lease_tools/dhcp_lease_time.c. A packet
+	validation check got borked in commit 2b38e382 and release 2.80.
+	Thanks to Tomasz Szajner for spotting this.
+  *	Fix compilation against nettle version 3.5 and later.
+  *	Fix spurious DNSSEC validation failures when the auth section
+	of a reply contains unsigned RRs from a signed zone,
+	with the exception that NSEC and NSEC3 RRs must always be signed.
+        Thanks to Tore Anderson for spotting and diagnosing the bug.
+  *	Add --dhcp-ignore-clid. This disables reading of DHCP client
+	identifier option (option 61), so clients are only identified by
+	MAC addresses.
+  *	Fix a bug which stopped --dhcp-name-match from working when a hostname
+	is supplied in --dhcp-host. Thanks to James Feeney for spotting this.
+  *	Fix bug which caused very rarely caused zero-length DHCPv6 packets.
+	Thanks to Dereck Higgins for spotting this.
+  *	Add --tftp-single-port option.
+  *	Enhance --conf-dir to load files in a deterministic order
+  * Add filtering by tag of --dhcp-host directives
+  * Remove DSA signature verification from DNSSEC, as specified in
+	RFC 8624
+  *	Add --script-on-renewal option.
+- Remove Fix-build-with-libnettle-3.5.patch
+- Remove 0001-fix-build-after-y2038-changes-in-glibc.patch
+- Remove dnsmasq-CVE-2019-14834.patch
+
 -------------------------------------------------------------------
 Sat Nov 30 12:15:42 UTC 2019 - Dominique Leuenberger <dimstar@opensuse.org>
 

dnsmasq.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package dnsmasq
 #
-# Copyright (c) 2019 SUSE LLC
+# Copyright (c) 2020 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -26,7 +26,7 @@ Name:           dnsmasq
 Summary:        DNS Forwarder and DHCP Server
 License:        GPL-2.0-only OR GPL-3.0-only
 Group:          Productivity/Networking/DNS/Servers
-Version:        2.80
+Version:        2.81
 Release:        0
 Provides:       dns_daemon
 URL:            http://www.thekelleys.org.uk/dnsmasq/
@@ -38,10 +38,6 @@ Source4:        dnsmasq.service
 Source5:        rc.dnsmasq-suse
 Source8:        %{name}-rpmlintrc
 Patch0:         dnsmasq-groups.patch
-Patch1:         0001-fix-build-after-y2038-changes-in-glibc.patch
-# PATCH-FIX-UPSTREAM -- http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=ab73a746a0d6fcac2e682c5548eeb87fb9c9c82e
-Patch2:         Fix-build-with-libnettle-3.5.patch
-Patch3:         dnsmasq-CVE-2019-14834.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 BuildRequires:  dbus-1-devel
 BuildRequires:  dos2unix
@@ -78,9 +74,6 @@ server's leases.
 %prep
 %setup -q
 %patch0
-%patch1 -p1
-%patch2 -p1
-%patch3
 
 # Remove the executable bit from python example files to
 # avoid unwanted automatic dependencies