diff --git a/0001-fix-build-after-y2038-changes-in-glibc.patch b/0001-fix-build-after-y2038-changes-in-glibc.patch deleted file mode 100644 index a5bbee7..0000000 --- a/0001-fix-build-after-y2038-changes-in-glibc.patch +++ /dev/null @@ -1,27 +0,0 @@ -From: Jiri Slaby -Date: Wed, 10 Jul 2019 08:19:06 +0200 -Subject: fix build after y2038 changes in glibc -Patch-mainline: submitted on 2019/07/10 - -SIOCGSTAMP is defined in linux/sockios.h, not asm/sockios.h now. - -Signed-off-by: Jiri Slaby ---- - src/dnsmasq.h | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/dnsmasq.h b/src/dnsmasq.h -index ff3204a..3ef04ad 100644 ---- a/src/dnsmasq.h -+++ b/src/dnsmasq.h -@@ -137,6 +137,7 @@ typedef unsigned long long u64; - #endif - - #if defined(HAVE_LINUX_NETWORK) -+#include - #include - /* There doesn't seem to be a universally-available - userspace header for these. */ --- -2.21.0 - diff --git a/Fix-build-with-libnettle-3.5.patch b/Fix-build-with-libnettle-3.5.patch deleted file mode 100644 index 0c310e8..0000000 --- a/Fix-build-with-libnettle-3.5.patch +++ /dev/null @@ -1,41 +0,0 @@ -From: Vladislav Grishenko -Date: Wed, 26 Jun 2019 15:27:11 +0000 (+0500) -Subject: Fix build with libnettle 3.5 -X-Git-Url: http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commitdiff_plain;h=ab73a746a0d6fcac2e682c5548eeb87fb9c9c82e;hp=69bc94779c2f035a9fffdb5327a54c3aeca73ed5 - -Fix build with libnettle 3.5 ---- - -diff --git a/src/crypto.c b/src/crypto.c -index ebb871e..fecc64a 100644 ---- a/src/crypto.c -+++ b/src/crypto.c -@@ -275,6 +275,10 @@ static int dnsmasq_ecdsa_verify(struct blockdata *key_data, unsigned int key_len - static struct ecc_point *key_256 = NULL, *key_384 = NULL; - static mpz_t x, y; - static struct dsa_signature *sig_struct; -+#if NETTLE_VERSION_MAJOR == 3 && NETTLE_VERSION_MINOR < 4 -+#define nettle_get_secp_256r1() (&nettle_secp_256r1) -+#define nettle_get_secp_384r1() (&nettle_secp_384r1) -+#endif - - if (!sig_struct) - { -@@ -294,7 +298,7 @@ static int dnsmasq_ecdsa_verify(struct blockdata *key_data, unsigned int key_len - if (!(key_256 = whine_malloc(sizeof(struct ecc_point)))) - return 0; - -- nettle_ecc_point_init(key_256, &nettle_secp_256r1); -+ nettle_ecc_point_init(key_256, nettle_get_secp_256r1()); - } - - key = key_256; -@@ -307,7 +311,7 @@ static int dnsmasq_ecdsa_verify(struct blockdata *key_data, unsigned int key_len - if (!(key_384 = whine_malloc(sizeof(struct ecc_point)))) - return 0; - -- nettle_ecc_point_init(key_384, &nettle_secp_384r1); -+ nettle_ecc_point_init(key_384, nettle_get_secp_384r1()); - } - - key = key_384; diff --git a/dnsmasq-2.80.tar.xz b/dnsmasq-2.80.tar.xz deleted file mode 100644 index ad4835f..0000000 --- a/dnsmasq-2.80.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:cdaba2785e92665cf090646cba6f94812760b9d7d8c8d0cfb07ac819377a63bb -size 501072 diff --git a/dnsmasq-2.80.tar.xz.asc b/dnsmasq-2.80.tar.xz.asc deleted file mode 100644 index a92c8aa..0000000 --- a/dnsmasq-2.80.tar.xz.asc +++ /dev/null @@ -1,17 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG v2 - -iQIcBAABCAAGBQJbyM91AAoJEBXN2mrhkTWi4AoP/0u8jQUHT6452+VKZRWsskJo -Msfvi1XXVRC+Srt0Vzt4FQaLCDZsBChXtRzWgbmroLfwnqshIKE/jSbiAd5vz4SH -czfA4Y9BZHImfornkr3WIaO1V8Y2W0UrB1q84JfhCv/CK+vg29GEMK57vXZJQkUe -tFWifHRx9eb8vIodTUuVzsNzC9ggEzDrPbe/heJeiNNEfAF24gdFh0XJCfCiYKuv -tF9vBfLVHR8xp3pIEtS95tKhbUdtb4iWrWrYLICBw38lhD+yfGKslwle5lFqXBHe -wNTX1Ynzlio7iWQBv6SSfBA91UUPdsFP9DwaOv024k9knpn3wpCWDjOupKOrbMWv -YsyPOC4LaUBFxuvhlwsrN2gsfhTmxrnzj5raB5Gcf/K60WcOLIkN6aLa1etBFIpQ -N748IppqIm5nU199K8XSFJe2VxlQ2nH7xgL2/JNSzmOQZwkk6XfSBvL0ZtL7uAos -X8U3MheRZv4aKY0cQSVN1M8cprIS290N64xpYRt3k+zpfW9zyYhjTAf/YHTRnTTt -p8q2LxibzF9sd7N01Vp7rq7pMbFlQ3WKOy0QY0i7poxyYTO6v1V3kQFkTkC0U2P1 -5qlx/j5Sq4/Sr/zO/v7ejpc8XZexKIUYCjjsHm4/qJyTMkgWGayHq7a2aIuY9T6M -N+rWUqRpj5o49g3zcd+d -=PMEN ------END PGP SIGNATURE----- diff --git a/dnsmasq-2.81.tar.xz b/dnsmasq-2.81.tar.xz new file mode 100644 index 0000000..7341429 --- /dev/null +++ b/dnsmasq-2.81.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:749ca903537c5197c26444ac24b0dce242cf42595fdfe6b9a5b9e4c7ad32f8fb +size 510648 diff --git a/dnsmasq-2.81.tar.xz.asc b/dnsmasq-2.81.tar.xz.asc new file mode 100644 index 0000000..3cd008e --- /dev/null +++ b/dnsmasq-2.81.tar.xz.asc @@ -0,0 +1,17 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2 + +iQIcBAABCAAGBQJekkKsAAoJEBXN2mrhkTWiPIUQAKn8QayVwrx7G9H6iY8cMp6p +yTmZ7XZyKUb+RY5ZZr1dUV9vdv5nNDbkNYOdViwjlzNficaxwJk+9jW7fz4lxGuS +eIU5BdejCKoRJH2L6JAnUwRz742O7/TfoyyjyDLGW52qx3tlWyD5VMCsYmu5/7Mb +yVLifBCgvOKCGhXxJV7cWU/zCWGR0vDKu1kYvMbRnz3HzNVtOPLHA8PjQ6aDGbRf +PBygCQzyvsNIpEDmCfWwgSp8WBenpHmcR9amPIrTPUAmZ3TLtF7yBhZ1sGPqd+Sn +RXnjc5LyZw0MdK/3/g1SLt8z1kgvl1eNQIVvonG0sxg3m7RqWIcrM76uw03voW9B +Fkx+xe+nIKgu8fTSnvJxWE7j4d4pDjte/uQoZhr8RxqRnmOpz+NteC5hzGS5Qk1p +a+Nt3MjW1sfKHHtLwszgwHjnqLGHOFNE6BQjKuQj1WQ+SJv16sele/gKRo8J8hMG +HRfH1JTr48ikvXLBrUOJ8zCcw/HBcimvv4Awmw6pyIVup5zYztjVDPLXcjINj8t4 +UXji3WcEjevZ0LA4Dz/S4jlz5NR/ne5Grqvsv42FKXBn7AoOVzHmQqiX1rZL8G5u +1aCiM8FdUJaoysSxSNGMpISE4lAhO/vjbZD0tCzCQSpfW8erYPKKBYG/dY9p/Di1 +Bysh+4glD6m578lOw67q +=EWoa +-----END PGP SIGNATURE----- diff --git a/dnsmasq-CVE-2019-14834.patch b/dnsmasq-CVE-2019-14834.patch deleted file mode 100644 index 693c313..0000000 --- a/dnsmasq-CVE-2019-14834.patch +++ /dev/null @@ -1,33 +0,0 @@ -X-Git-Url: http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=blobdiff_plain;f=src%2Fhelper.c;h=c392eeced3e73762d3ea6a2f9fa27ab5ae389241;hp=33ba120ab39e3788719a18796b5b58338972e1e8;hb=69bc94779c2f035a9fffdb5327a54c3aeca73ed5;hpb=3052ce208acf602f0163166dcefb7330d537cedb - ---- src/helper.c.orig -+++ src/helper.c -@@ -82,7 +82,8 @@ int create_helper(int event_fd, int err_ - pid_t pid; - int i, pipefd[2]; - struct sigaction sigact; -- -+ unsigned char *alloc_buff = NULL; -+ - /* create the pipe through which the main program sends us commands, - then fork our process. */ - if (pipe(pipefd) == -1 || !fix_fd(pipefd[1]) || (pid = fork()) == -1) -@@ -188,11 +189,16 @@ int create_helper(int event_fd, int err_ - struct script_data data; - char *p, *action_str, *hostname = NULL, *domain = NULL; - unsigned char *buf = (unsigned char *)daemon->namebuff; -- unsigned char *end, *extradata, *alloc_buff = NULL; -+ unsigned char *end, *extradata; - int is6, err = 0; - int pipeout[2]; - -- free(alloc_buff); -+ /* Free rarely-allocated memory from previous iteration. */ -+ if (alloc_buff) -+ { -+ free(alloc_buff); -+ alloc_buff = NULL; -+ } - - /* we read zero bytes when pipe closed: this is our signal to exit */ - if (!read_write(pipefd[0], (unsigned char *)&data, sizeof(data), 1)) diff --git a/dnsmasq.changes b/dnsmasq.changes index 56b5666..090391e 100644 --- a/dnsmasq.changes +++ b/dnsmasq.changes @@ -1,3 +1,44 @@ +------------------------------------------------------------------- +Tue May 5 11:26:55 UTC 2020 - Paolo Stivanin + +- Update to 2.81: + * Improve cache behaviour for TCP connections + * Remove the NO_FORK compile-time option, and support for uclinux + * Fix line-counting when reading /etc/hosts and friends + * Fix bug in DNS non-terminal code, added in 2.80, which could + sometimes cause a NODATA rather than an NXDOMAIN reply. + * Support TCP-fastopen (RFC-7413) on both incoming and + outgoing TCP connections, if supported and enabled in the OS. + * Improve kernel-capability manipulation code under Linux + * Add --shared-network config. This enables allocation of addresses + by the DHCP server in subnets where the server (or relay) does not + have an interface on the network in that subnet. Many thanks to + kamp.de for sponsoring this feature. + * Fix broken contrib/lease_tools/dhcp_lease_time.c. A packet + validation check got borked in commit 2b38e382 and release 2.80. + Thanks to Tomasz Szajner for spotting this. + * Fix compilation against nettle version 3.5 and later. + * Fix spurious DNSSEC validation failures when the auth section + of a reply contains unsigned RRs from a signed zone, + with the exception that NSEC and NSEC3 RRs must always be signed. + Thanks to Tore Anderson for spotting and diagnosing the bug. + * Add --dhcp-ignore-clid. This disables reading of DHCP client + identifier option (option 61), so clients are only identified by + MAC addresses. + * Fix a bug which stopped --dhcp-name-match from working when a hostname + is supplied in --dhcp-host. Thanks to James Feeney for spotting this. + * Fix bug which caused very rarely caused zero-length DHCPv6 packets. + Thanks to Dereck Higgins for spotting this. + * Add --tftp-single-port option. + * Enhance --conf-dir to load files in a deterministic order + * Add filtering by tag of --dhcp-host directives + * Remove DSA signature verification from DNSSEC, as specified in + RFC 8624 + * Add --script-on-renewal option. +- Remove Fix-build-with-libnettle-3.5.patch +- Remove 0001-fix-build-after-y2038-changes-in-glibc.patch +- Remove dnsmasq-CVE-2019-14834.patch + ------------------------------------------------------------------- Sat Nov 30 12:15:42 UTC 2019 - Dominique Leuenberger diff --git a/dnsmasq.spec b/dnsmasq.spec index fa12f82..bca71d3 100644 --- a/dnsmasq.spec +++ b/dnsmasq.spec @@ -1,7 +1,7 @@ # # spec file for package dnsmasq # -# Copyright (c) 2019 SUSE LLC +# Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -26,7 +26,7 @@ Name: dnsmasq Summary: DNS Forwarder and DHCP Server License: GPL-2.0-only OR GPL-3.0-only Group: Productivity/Networking/DNS/Servers -Version: 2.80 +Version: 2.81 Release: 0 Provides: dns_daemon URL: http://www.thekelleys.org.uk/dnsmasq/ @@ -38,10 +38,6 @@ Source4: dnsmasq.service Source5: rc.dnsmasq-suse Source8: %{name}-rpmlintrc Patch0: dnsmasq-groups.patch -Patch1: 0001-fix-build-after-y2038-changes-in-glibc.patch -# PATCH-FIX-UPSTREAM -- http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=ab73a746a0d6fcac2e682c5548eeb87fb9c9c82e -Patch2: Fix-build-with-libnettle-3.5.patch -Patch3: dnsmasq-CVE-2019-14834.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: dbus-1-devel BuildRequires: dos2unix @@ -78,9 +74,6 @@ server's leases. %prep %setup -q %patch0 -%patch1 -p1 -%patch2 -p1 -%patch3 # Remove the executable bit from python example files to # avoid unwanted automatic dependencies