Accepting request 323450 from network
1 OBS-URL: https://build.opensuse.org/request/show/323450 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/dnsmasq?expand=0&rev=58
This commit is contained in:
commit
d6937a64d2
@ -1,3 +0,0 @@
|
|||||||
version https://git-lfs.github.com/spec/v1
|
|
||||||
oid sha256:635f1b47417d17cf32e45cfcfd0213ac39fd09918479a25373ba9b2ce4adc05d
|
|
||||||
size 654739
|
|
3
dnsmasq-2.75.tar.xz
Normal file
3
dnsmasq-2.75.tar.xz
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
version https://git-lfs.github.com/spec/v1
|
||||||
|
oid sha256:640c4e1d4c298e42458419cd78cfc26acc549401b1a34d271cd3e0e4226941f1
|
||||||
|
size 472484
|
156
dnsmasq.changes
156
dnsmasq.changes
@ -1,3 +1,159 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Aug 11 01:41:02 UTC 2015 - stefan.bruens@rwth-aachen.de
|
||||||
|
|
||||||
|
- Update to 2.75, announce message:
|
||||||
|
Fix reversion on 2.74 which caused 100% CPU use when a
|
||||||
|
dhcp-script is configured. Thanks to Adrian Davey for
|
||||||
|
reporting the bug and testing the fix.
|
||||||
|
|
||||||
|
- Update to 2.74, announce message:
|
||||||
|
Fix reversion in 2.73 where --conf-file would attempt to
|
||||||
|
read the default file, rather than no file.
|
||||||
|
|
||||||
|
Fix inotify code to handle dangling symlinks better and
|
||||||
|
not SEGV in some circumstances.
|
||||||
|
|
||||||
|
DNSSEC fix. In the case of a signed CNAME generated by a
|
||||||
|
wildcard which pointed to an unsigned domain, the wrong
|
||||||
|
status would be logged, and some necessary checks omitted.
|
||||||
|
|
||||||
|
- Update to 2.73, announce message:
|
||||||
|
Fix crash at startup when an empty suffix is supplied to
|
||||||
|
--conf-dir, also trivial memory leak. Thanks to
|
||||||
|
Tomas Hozza for spotting this.
|
||||||
|
|
||||||
|
Remove floor of 4096 on advertised EDNS0 packet size when
|
||||||
|
DNSSEC in use, the original rationale for this has long gone.
|
||||||
|
Thanks to Anders Kaseorg for spotting this.
|
||||||
|
|
||||||
|
Use inotify for checking on updates to /etc/resolv.conf and
|
||||||
|
friends under Linux. This fixes race conditions when the files are
|
||||||
|
updated rapidly and saves CPU by noy polling. To build
|
||||||
|
a binary that runs on old Linux kernels without inotify,
|
||||||
|
use make COPTS=-DNO_INOTIFY
|
||||||
|
|
||||||
|
Fix breakage of --domain=<domain>,<subnet>,local - only reverse
|
||||||
|
queries were intercepted. THis appears to have been broken
|
||||||
|
since 2.69. Thanks to Josh Stone for finding the bug.
|
||||||
|
|
||||||
|
Eliminate IPv6 privacy addresses and deprecated addresses from
|
||||||
|
the answers given by --interface-name. Note that reverse queries
|
||||||
|
(ie looking for names, given addresses) are not affected.
|
||||||
|
Thanks to Michael Gorbach for the suggestion.
|
||||||
|
|
||||||
|
Fix crash in DNSSEC code with long RRs. Thanks to Marco Davids
|
||||||
|
for the bug report.
|
||||||
|
|
||||||
|
Add --ignore-address option. Ignore replies to A-record
|
||||||
|
queries which include the specified address. No error is
|
||||||
|
generated, dnsmasq simply continues to listen for another
|
||||||
|
reply. This is useful to defeat blocking strategies which
|
||||||
|
rely on quickly supplying a forged answer to a DNS
|
||||||
|
request for certain domains, before the correct answer can
|
||||||
|
arrive. Thanks to Glen Huang for the patch.
|
||||||
|
|
||||||
|
Revisit the part of DNSSEC validation which determines if an
|
||||||
|
unsigned answer is legit, or is in some part of the DNS
|
||||||
|
tree which should be signed. Dnsmasq now works from the
|
||||||
|
DNS root downward looking for the limit of signed
|
||||||
|
delegations, rather than working bottom up. This is
|
||||||
|
both more correct, and less likely to trip over broken
|
||||||
|
nameservers in the unsigned parts of the DNS tree
|
||||||
|
which don't respond well to DNSSEC queries.
|
||||||
|
|
||||||
|
Add --log-queries=extra option, which makes logs easier
|
||||||
|
to search automatically.
|
||||||
|
|
||||||
|
Add --min-cache-ttl option. I've resisted this for a long
|
||||||
|
time, on the grounds that disbelieving TTLs is never a
|
||||||
|
good idea, but I've been persuaded that there are
|
||||||
|
sometimes reasons to do it. (Step forward, GFW).
|
||||||
|
To avoid misuse, there's a hard limit on the TTL
|
||||||
|
floor of one hour. Thansk to RinSatsuki for the patch.
|
||||||
|
|
||||||
|
Cope with multiple interfaces with the same link-local
|
||||||
|
address. (IPv6 addresses are scoped, so this is allowed.)
|
||||||
|
Thanks to Cory Benfield for help with this.
|
||||||
|
|
||||||
|
Add --dhcp-hostsdir. This allows addition of new host
|
||||||
|
configurations to a running dnsmasq instance much more
|
||||||
|
cheaply than having dnsmasq re-read all its existing
|
||||||
|
configuration each time.
|
||||||
|
|
||||||
|
Don't reply to DHCPv6 SOLICIT messages if we're not
|
||||||
|
configured to do stateful DHCPv6. Thanks to Win King Wan
|
||||||
|
for the patch.
|
||||||
|
|
||||||
|
Fix broken DNSSEC validation of ECDSA signatures.
|
||||||
|
|
||||||
|
Add --dnssec-timestamp option, which provides an automatic
|
||||||
|
way to detect when the system time becomes valid after
|
||||||
|
boot on systems without an RTC, whilst allowing DNS
|
||||||
|
queries before the clock is valid so that NTP can run.
|
||||||
|
Thanks to Kevin Darbyshire-Bryant for developing this idea.
|
||||||
|
|
||||||
|
Add --tftp-no-fail option. Thanks to Stefan Tomanek for
|
||||||
|
the patch.
|
||||||
|
|
||||||
|
Fix crash caused by looking up servers.bind, CHAOS text
|
||||||
|
record, when more than about five --servers= lines are
|
||||||
|
in the dnsmasq config. This causes memory corruption
|
||||||
|
which causes a crash later. Thanks to Matt Coddington for
|
||||||
|
sterling work chasing this down.
|
||||||
|
|
||||||
|
Fix crash on receipt of certain malformed DNS requests.
|
||||||
|
Thanks to Nick Sampanis for spotting the problem.
|
||||||
|
Note that this is could allow the dnsmasq process's
|
||||||
|
memory to be read by an attacker under certain
|
||||||
|
circumstances, so it has a CVE, CVE-2015-3294
|
||||||
|
|
||||||
|
Fix crash in authoritative DNS code, if a .arpa zone
|
||||||
|
is declared as authoritative, and then a PTR query which
|
||||||
|
is not to be treated as authoritative arrived. Normally,
|
||||||
|
directly declaring .arpa zone as authoritative is not
|
||||||
|
done, so this crash wouldn't be seen. Instead the
|
||||||
|
relevant .arpa zone should be specified as a subnet
|
||||||
|
in the auth-zone declaration. Thanks to Johnny S. Lee
|
||||||
|
for the bugreport and initial patch.
|
||||||
|
|
||||||
|
Fix authoritative DNS code to correctly reply to NS
|
||||||
|
and SOA queries for .arpa zones for which we are
|
||||||
|
declared authoritative by means of a subnet in auth-zone.
|
||||||
|
Previously we provided correct answers to PTR queries
|
||||||
|
in such zones (including NS and SOA) but not direct
|
||||||
|
NS and SOA queries. Thanks to Johnny S. Lee for
|
||||||
|
pointing out the problem.
|
||||||
|
|
||||||
|
Fix logging of DHCPREPLY which should be suppressed
|
||||||
|
by quiet-dhcp6. Thanks to J. Pablo Abonia for
|
||||||
|
spotting the problem.
|
||||||
|
|
||||||
|
Try and handle net connections with broken fragmentation
|
||||||
|
that lose large UDP packets. If a server times out,
|
||||||
|
reduce the maximum UDP packet size field in the EDNS0
|
||||||
|
header to 1280 bytes. If it then answers, make that
|
||||||
|
change permanent.
|
||||||
|
|
||||||
|
Check IPv4-mapped IPv6 addresses when --stop-rebind
|
||||||
|
is active. Thanks to Jordan Milne for spotting this.
|
||||||
|
|
||||||
|
Allow DHCPv4 options T1 and T2 to be set using --dhcp-option.
|
||||||
|
Thanks to Kevin Benton for patches and work on this.
|
||||||
|
|
||||||
|
Fix code for DHCPCONFIRM DHCPv6 messages to confirm addresses
|
||||||
|
in the correct subnet, even of not in dynamic address
|
||||||
|
allocation range. Thanks to Steve Hirsch for spotting
|
||||||
|
the problem.
|
||||||
|
|
||||||
|
Add AddDhcpLease and DeleteDhcpLease DBus methods. Thanks
|
||||||
|
to Nicolas Cavallari for the patch.
|
||||||
|
|
||||||
|
Allow configuration of router advertisements without the
|
||||||
|
"on-link" bit set. Thanks to Neil Jerram for the patch.
|
||||||
|
|
||||||
|
Extend --bridge-interface to DHCPv6 and router
|
||||||
|
advertisements. Thanks to Neil Jerram for the patch.
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Wed Jun 17 01:45:33 UTC 2015 - crrodriguez@opensuse.org
|
Wed Jun 17 01:45:33 UTC 2015 - crrodriguez@opensuse.org
|
||||||
|
|
||||||
|
@ -20,12 +20,12 @@ Name: dnsmasq
|
|||||||
Summary: Lightweight, Easy-to-Configure DNS Forwarder and DHCP Server
|
Summary: Lightweight, Easy-to-Configure DNS Forwarder and DHCP Server
|
||||||
License: GPL-2.0 or GPL-3.0
|
License: GPL-2.0 or GPL-3.0
|
||||||
Group: Productivity/Networking/DNS/Servers
|
Group: Productivity/Networking/DNS/Servers
|
||||||
Version: 2.72
|
Version: 2.75
|
||||||
Release: 0
|
Release: 0
|
||||||
Provides: dns_daemon
|
Provides: dns_daemon
|
||||||
PreReq: /usr/sbin/useradd /bin/mkdir
|
PreReq: /usr/sbin/useradd /bin/mkdir
|
||||||
Url: http://www.thekelleys.org.uk/dnsmasq/
|
Url: http://www.thekelleys.org.uk/dnsmasq/
|
||||||
Source: http://www.thekelleys.org.uk/%{name}/%{name}-%{version}.tar.gz
|
Source: http://www.thekelleys.org.uk/%{name}/%{name}-%{version}.tar.xz
|
||||||
Source1: dnsmasq.reg
|
Source1: dnsmasq.reg
|
||||||
Source2: dnsmasq.service
|
Source2: dnsmasq.service
|
||||||
Source3: rc.dnsmasq-suse
|
Source3: rc.dnsmasq-suse
|
||||||
|
Loading…
Reference in New Issue
Block a user