- update to 2.90:

* CVE-2023-50387, CVE-2023-50868, bsc#1219823, bsc#1219826:
    Denial Of Service while trying to validate specially crafted
    DNSSEC responses
  * Fix reversion in --rev-server introduced in 2.88 which caused
    breakage if the prefix length is not exactly divisible by 8
    (IPv4) or 4 (IPv6).
  * Fix possible SEGV when there server(s) for a particular domain
    are configured, but no server which is not qualified for a
    particular domain.
  * Set the default maximum DNS UDP packet sice to 1232.
    Obsoletes: dnsmasq-CVE-2023-28450.patch
  * Add --no-dhcpv4-interface and --no-dhcpv6-interface for better
    control over which inetrfaces are providing DHCP service.
  * Fix issue with stale caching
  * Add configurable caching for arbitrary RR-types.
  * Add --filter-rr option, to filter arbitrary RR-types.

OBS-URL: https://build.opensuse.org/package/show/network/dnsmasq?expand=0&rev=165

dnsmasq-2.89.tar.xz.asc

@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCAAdFiEE1urL1u5GuDQkjRESFc3aauGRNaIFAmPe36kACgkQFc3aauGR
-NaLJZg/+K/gk5uLUH48BCNAVNtffC1jGLIxQ2usJbXvJ02n9WcidN3dX6MlVBYNq
-s5ouNuDZdIgydJjFWgIIqxtsVdeYhJ6sd9fSDX+8iT4zDLw0N1puDE5YZvvqHxFD
-0gYuIcu4ukr5tsBL5ClWoVtTDGEi8NZ+PaGCZrnPVuZWPAnNrf3MbiUqPaJxCgA6
-GNnfqm9LKEL5sPwQlErhf1GLFG7UOPXyjfIQilI6+ShCajDmDjvsPs8Y3JqC66rt
-6OEFDKbNVoZQDVA53PswLa1mb5gryB6r7gU5ofwS6jr34BNFfkBGFk6wjhZfZenu
-OGU3Adk36l5HykAH5fjDs95bVBLoq+N+gG1Yor4qgUmdgSlLvh8lwArXwweWW2Q5
-k/Nkk/MZaIEL+3nqdIMptfGG82rhCuS1jse2DyYcTmJiJdew2Mv+AQAVIm/Km7oa
-3HrpxQJ88LLRtWwfKbW9yRipt+JkzrrZun5VftQ85Xn9nELgU5n5rdHUCzXrpu0r
-/dFw5JoTfcIsPGQ8a2IIMW6SyWOEkv8EWAq+10mNokpnQMv5RFHmZoGQhx1PmHWy
-+mqHh9T2B9KYGHKRjP4apQkX+JSuqmsdLt1sNfzcnwjQQ0nEq0FMub2hNJ8V0S/4
-h/QpdO6qLn9RYSx0Be31BTAZNq71ow6HPjV62i4l+xTpYq9q1Ik=
-=yXEY
------END PGP SIGNATURE-----

dnsmasq-2.90.tar.xz.asc

@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCAAdFiEE1urL1u5GuDQkjRESFc3aauGRNaIFAmXLc7MACgkQFc3aauGR
+NaKwug/7BIZ9TOBB65sR/rBg0JU/4jBG1WQglmEckSkK7NWagXVbjlVVl0F1AUZo
+JBaW6qIvFZ9q7OlOB50gpZNC0wvIYRa8bdvicWjktxW/KFC/NZo5iI6DHH0p6LK2
+pymMCGyRkAgVc8Yxv3BDTqw70ld4gA8WamNWQsfS14n0VF/abOv/A0x70XkHPdIc
+U9ZZX+1/Zn6s08arzUSEAnuR3+SW6Amq6MJKwCT8eVDNvTG35o0+HWAmyo+EjRmo
+PdiIa1fmOcY8V80E5Xs2V11kMZeAZymD/GzCUTwW4Q2T7WW3OsMc9KlH35bAhfvI
+iiBDbmYqI6AgLi6rIB1X6CKZ5V3VR93nxbSieaocZ145BAukxFOLuBTqjR1jhZt7
+63HfbYv3aViwMX2Ggk0XIh/OvIr6dFAsqiD6n+pYKLOVs1nyhXK1UP+J/9BhvJfx
+4Dzx38K1iFilyR35tUiRosiZHgEHiZtJJ2u4B+nVENHpcVPG1cZQ92x7b2UDBfL4
+wcZ2U4guxdN4iBE7zzCseJNFL7NZ0U476RWEG9NybAnGGlpDY8m5AuQ5nHT0AjV7
+d+Fq0EaKr0rfjDk1bjYf88VRW0Khx4Fz5IsmnGw/p+09xBEhQftK+M42FpIbbscx
+uZQ5i7CNkMAsft/lUGYEdLcTi5HuDWBtbXjVMLvzFRPz7W9l0J0=
+=iZdM
+-----END PGP SIGNATURE-----

dnsmasq-groups.patch

@@ -1,6 +1,6 @@
 --- src/dnsmasq.c.orig
 +++ src/dnsmasq.c
-@@ -731,11 +731,10 @@ int main (int argc, char **argv)
+@@ -728,11 +728,10 @@ int main (int argc, char **argv)
    if (!option_bool(OPT_DEBUG) && getuid() == 0)   
      {
        int bad_capabilities = 0;

dnsmasq.changes

@@ -1,3 +1,24 @@
+-------------------------------------------------------------------
+Wed Feb 14 17:39:46 UTC 2024 - Reinhard Max <max@suse.com>
+
+- update to 2.90:
+  * CVE-2023-50387, CVE-2023-50868, bsc#1219823, bsc#1219826:
+    Denial Of Service while trying to validate specially crafted
+    DNSSEC responses
+  * Fix reversion in --rev-server introduced in 2.88 which caused
+    breakage if the prefix length is not exactly divisible by 8
+    (IPv4) or 4 (IPv6).
+  * Fix possible SEGV when there server(s) for a particular domain
+    are configured, but no server which is not qualified for a
+    particular domain.
+  * Set the default maximum DNS UDP packet sice to 1232.
+    Obsoletes: dnsmasq-CVE-2023-28450.patch
+  * Add --no-dhcpv4-interface and --no-dhcpv6-interface for better
+    control over which inetrfaces are providing DHCP service.
+  * Fix issue with stale caching
+  * Add configurable caching for arbitrary RR-types.
+  * Add --filter-rr option, to filter arbitrary RR-types.
+
 -------------------------------------------------------------------
 Fri Oct 13 08:48:49 UTC 2023 - Thorsten Kukuk <kukuk@suse.com>
 

dnsmasq.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package dnsmasq
 #
-# Copyright (c) 2023 SUSE LLC
+# Copyright (c) 2024 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -22,7 +22,7 @@
 %bcond_with tftp_user_package
 %endif
 Name:           dnsmasq
-Version:        2.89
+Version:        2.90
 Release:        0
 Summary:        DNS Forwarder and DHCP Server
 License:        GPL-2.0-only OR GPL-3.0-only
@@ -35,7 +35,6 @@ Source4:        dnsmasq.service
 Source5:        rc.dnsmasq-suse
 Source6:        system-user-dnsmasq.conf
 Patch0:         dnsmasq-groups.patch
-Patch1:         dnsmasq-CVE-2023-28450.patch
 BuildRequires:  dbus-1-devel
 BuildRequires:  dos2unix
 BuildRequires:  libidn2-devel