From 067293717f140c0a92b9a834b7b3521eca1123183fd8dad22a909f713b61827f Mon Sep 17 00:00:00 2001 From: Dirk Mueller Date: Thu, 21 May 2020 11:02:08 +0000 Subject: [PATCH] Accepting request 800348 from home:polslinux:branches:network - Update to 2.81: * Improve cache behaviour for TCP connections * Remove the NO_FORK compile-time option, and support for uclinux * Fix line-counting when reading /etc/hosts and friends * Fix bug in DNS non-terminal code, added in 2.80, which could sometimes cause a NODATA rather than an NXDOMAIN reply. * Support TCP-fastopen (RFC-7413) on both incoming and outgoing TCP connections, if supported and enabled in the OS. * Improve kernel-capability manipulation code under Linux * Add --shared-network config. This enables allocation of addresses by the DHCP server in subnets where the server (or relay) does not have an interface on the network in that subnet. Many thanks to kamp.de for sponsoring this feature. * Fix broken contrib/lease_tools/dhcp_lease_time.c. A packet validation check got borked in commit 2b38e382 and release 2.80. Thanks to Tomasz Szajner for spotting this. * Fix compilation against nettle version 3.5 and later. * Fix spurious DNSSEC validation failures when the auth section of a reply contains unsigned RRs from a signed zone, with the exception that NSEC and NSEC3 RRs must always be signed. Thanks to Tore Anderson for spotting and diagnosing the bug. * Add --dhcp-ignore-clid. This disables reading of DHCP client identifier option (option 61), so clients are only identified by MAC addresses. * Fix a bug which stopped --dhcp-name-match from working when a hostname is supplied in --dhcp-host. Thanks to James Feeney for spotting this. * Fix bug which caused very rarely caused zero-length DHCPv6 packets. Thanks to Dereck Higgins for spotting this. * Add --tftp-single-port option. * Enhance --conf-dir to load files in a deterministic order * Add filtering by tag of --dhcp-host directives * Remove DSA signature verification from DNSSEC, as specified in RFC 8624 * Add --script-on-renewal option. - Remove Fix-build-with-libnettle-3.5.patch - Remove 0001-fix-build-after-y2038-changes-in-glibc.patch - Remove dnsmasq-CVE-2019-14834.patch OBS-URL: https://build.opensuse.org/request/show/800348 OBS-URL: https://build.opensuse.org/package/show/network/dnsmasq?expand=0&rev=122 --- ...x-build-after-y2038-changes-in-glibc.patch | 27 ------------ Fix-build-with-libnettle-3.5.patch | 41 ------------------- dnsmasq-2.80.tar.xz | 3 -- dnsmasq-2.80.tar.xz.asc | 17 -------- dnsmasq-2.81.tar.xz | 3 ++ dnsmasq-2.81.tar.xz.asc | 17 ++++++++ dnsmasq-CVE-2019-14834.patch | 33 --------------- dnsmasq.changes | 41 +++++++++++++++++++ dnsmasq.spec | 11 +---- 9 files changed, 63 insertions(+), 130 deletions(-) delete mode 100644 0001-fix-build-after-y2038-changes-in-glibc.patch delete mode 100644 Fix-build-with-libnettle-3.5.patch delete mode 100644 dnsmasq-2.80.tar.xz delete mode 100644 dnsmasq-2.80.tar.xz.asc create mode 100644 dnsmasq-2.81.tar.xz create mode 100644 dnsmasq-2.81.tar.xz.asc delete mode 100644 dnsmasq-CVE-2019-14834.patch diff --git a/0001-fix-build-after-y2038-changes-in-glibc.patch b/0001-fix-build-after-y2038-changes-in-glibc.patch deleted file mode 100644 index a5bbee7..0000000 --- a/0001-fix-build-after-y2038-changes-in-glibc.patch +++ /dev/null @@ -1,27 +0,0 @@ -From: Jiri Slaby -Date: Wed, 10 Jul 2019 08:19:06 +0200 -Subject: fix build after y2038 changes in glibc -Patch-mainline: submitted on 2019/07/10 - -SIOCGSTAMP is defined in linux/sockios.h, not asm/sockios.h now. - -Signed-off-by: Jiri Slaby ---- - src/dnsmasq.h | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/dnsmasq.h b/src/dnsmasq.h -index ff3204a..3ef04ad 100644 ---- a/src/dnsmasq.h -+++ b/src/dnsmasq.h -@@ -137,6 +137,7 @@ typedef unsigned long long u64; - #endif - - #if defined(HAVE_LINUX_NETWORK) -+#include - #include - /* There doesn't seem to be a universally-available - userspace header for these. */ --- -2.21.0 - diff --git a/Fix-build-with-libnettle-3.5.patch b/Fix-build-with-libnettle-3.5.patch deleted file mode 100644 index 0c310e8..0000000 --- a/Fix-build-with-libnettle-3.5.patch +++ /dev/null @@ -1,41 +0,0 @@ -From: Vladislav Grishenko -Date: Wed, 26 Jun 2019 15:27:11 +0000 (+0500) -Subject: Fix build with libnettle 3.5 -X-Git-Url: http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commitdiff_plain;h=ab73a746a0d6fcac2e682c5548eeb87fb9c9c82e;hp=69bc94779c2f035a9fffdb5327a54c3aeca73ed5 - -Fix build with libnettle 3.5 ---- - -diff --git a/src/crypto.c b/src/crypto.c -index ebb871e..fecc64a 100644 ---- a/src/crypto.c -+++ b/src/crypto.c -@@ -275,6 +275,10 @@ static int dnsmasq_ecdsa_verify(struct blockdata *key_data, unsigned int key_len - static struct ecc_point *key_256 = NULL, *key_384 = NULL; - static mpz_t x, y; - static struct dsa_signature *sig_struct; -+#if NETTLE_VERSION_MAJOR == 3 && NETTLE_VERSION_MINOR < 4 -+#define nettle_get_secp_256r1() (&nettle_secp_256r1) -+#define nettle_get_secp_384r1() (&nettle_secp_384r1) -+#endif - - if (!sig_struct) - { -@@ -294,7 +298,7 @@ static int dnsmasq_ecdsa_verify(struct blockdata *key_data, unsigned int key_len - if (!(key_256 = whine_malloc(sizeof(struct ecc_point)))) - return 0; - -- nettle_ecc_point_init(key_256, &nettle_secp_256r1); -+ nettle_ecc_point_init(key_256, nettle_get_secp_256r1()); - } - - key = key_256; -@@ -307,7 +311,7 @@ static int dnsmasq_ecdsa_verify(struct blockdata *key_data, unsigned int key_len - if (!(key_384 = whine_malloc(sizeof(struct ecc_point)))) - return 0; - -- nettle_ecc_point_init(key_384, &nettle_secp_384r1); -+ nettle_ecc_point_init(key_384, nettle_get_secp_384r1()); - } - - key = key_384; diff --git a/dnsmasq-2.80.tar.xz b/dnsmasq-2.80.tar.xz deleted file mode 100644 index ad4835f..0000000 --- a/dnsmasq-2.80.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:cdaba2785e92665cf090646cba6f94812760b9d7d8c8d0cfb07ac819377a63bb -size 501072 diff --git a/dnsmasq-2.80.tar.xz.asc b/dnsmasq-2.80.tar.xz.asc deleted file mode 100644 index a92c8aa..0000000 --- a/dnsmasq-2.80.tar.xz.asc +++ /dev/null @@ -1,17 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG v2 - -iQIcBAABCAAGBQJbyM91AAoJEBXN2mrhkTWi4AoP/0u8jQUHT6452+VKZRWsskJo -Msfvi1XXVRC+Srt0Vzt4FQaLCDZsBChXtRzWgbmroLfwnqshIKE/jSbiAd5vz4SH -czfA4Y9BZHImfornkr3WIaO1V8Y2W0UrB1q84JfhCv/CK+vg29GEMK57vXZJQkUe -tFWifHRx9eb8vIodTUuVzsNzC9ggEzDrPbe/heJeiNNEfAF24gdFh0XJCfCiYKuv -tF9vBfLVHR8xp3pIEtS95tKhbUdtb4iWrWrYLICBw38lhD+yfGKslwle5lFqXBHe -wNTX1Ynzlio7iWQBv6SSfBA91UUPdsFP9DwaOv024k9knpn3wpCWDjOupKOrbMWv -YsyPOC4LaUBFxuvhlwsrN2gsfhTmxrnzj5raB5Gcf/K60WcOLIkN6aLa1etBFIpQ -N748IppqIm5nU199K8XSFJe2VxlQ2nH7xgL2/JNSzmOQZwkk6XfSBvL0ZtL7uAos -X8U3MheRZv4aKY0cQSVN1M8cprIS290N64xpYRt3k+zpfW9zyYhjTAf/YHTRnTTt -p8q2LxibzF9sd7N01Vp7rq7pMbFlQ3WKOy0QY0i7poxyYTO6v1V3kQFkTkC0U2P1 -5qlx/j5Sq4/Sr/zO/v7ejpc8XZexKIUYCjjsHm4/qJyTMkgWGayHq7a2aIuY9T6M -N+rWUqRpj5o49g3zcd+d -=PMEN ------END PGP SIGNATURE----- diff --git a/dnsmasq-2.81.tar.xz b/dnsmasq-2.81.tar.xz new file mode 100644 index 0000000..7341429 --- /dev/null +++ b/dnsmasq-2.81.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:749ca903537c5197c26444ac24b0dce242cf42595fdfe6b9a5b9e4c7ad32f8fb +size 510648 diff --git a/dnsmasq-2.81.tar.xz.asc b/dnsmasq-2.81.tar.xz.asc new file mode 100644 index 0000000..3cd008e --- /dev/null +++ b/dnsmasq-2.81.tar.xz.asc @@ -0,0 +1,17 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2 + +iQIcBAABCAAGBQJekkKsAAoJEBXN2mrhkTWiPIUQAKn8QayVwrx7G9H6iY8cMp6p +yTmZ7XZyKUb+RY5ZZr1dUV9vdv5nNDbkNYOdViwjlzNficaxwJk+9jW7fz4lxGuS +eIU5BdejCKoRJH2L6JAnUwRz742O7/TfoyyjyDLGW52qx3tlWyD5VMCsYmu5/7Mb +yVLifBCgvOKCGhXxJV7cWU/zCWGR0vDKu1kYvMbRnz3HzNVtOPLHA8PjQ6aDGbRf +PBygCQzyvsNIpEDmCfWwgSp8WBenpHmcR9amPIrTPUAmZ3TLtF7yBhZ1sGPqd+Sn +RXnjc5LyZw0MdK/3/g1SLt8z1kgvl1eNQIVvonG0sxg3m7RqWIcrM76uw03voW9B +Fkx+xe+nIKgu8fTSnvJxWE7j4d4pDjte/uQoZhr8RxqRnmOpz+NteC5hzGS5Qk1p +a+Nt3MjW1sfKHHtLwszgwHjnqLGHOFNE6BQjKuQj1WQ+SJv16sele/gKRo8J8hMG +HRfH1JTr48ikvXLBrUOJ8zCcw/HBcimvv4Awmw6pyIVup5zYztjVDPLXcjINj8t4 +UXji3WcEjevZ0LA4Dz/S4jlz5NR/ne5Grqvsv42FKXBn7AoOVzHmQqiX1rZL8G5u +1aCiM8FdUJaoysSxSNGMpISE4lAhO/vjbZD0tCzCQSpfW8erYPKKBYG/dY9p/Di1 +Bysh+4glD6m578lOw67q +=EWoa +-----END PGP SIGNATURE----- diff --git a/dnsmasq-CVE-2019-14834.patch b/dnsmasq-CVE-2019-14834.patch deleted file mode 100644 index 693c313..0000000 --- a/dnsmasq-CVE-2019-14834.patch +++ /dev/null @@ -1,33 +0,0 @@ -X-Git-Url: http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=blobdiff_plain;f=src%2Fhelper.c;h=c392eeced3e73762d3ea6a2f9fa27ab5ae389241;hp=33ba120ab39e3788719a18796b5b58338972e1e8;hb=69bc94779c2f035a9fffdb5327a54c3aeca73ed5;hpb=3052ce208acf602f0163166dcefb7330d537cedb - ---- src/helper.c.orig -+++ src/helper.c -@@ -82,7 +82,8 @@ int create_helper(int event_fd, int err_ - pid_t pid; - int i, pipefd[2]; - struct sigaction sigact; -- -+ unsigned char *alloc_buff = NULL; -+ - /* create the pipe through which the main program sends us commands, - then fork our process. */ - if (pipe(pipefd) == -1 || !fix_fd(pipefd[1]) || (pid = fork()) == -1) -@@ -188,11 +189,16 @@ int create_helper(int event_fd, int err_ - struct script_data data; - char *p, *action_str, *hostname = NULL, *domain = NULL; - unsigned char *buf = (unsigned char *)daemon->namebuff; -- unsigned char *end, *extradata, *alloc_buff = NULL; -+ unsigned char *end, *extradata; - int is6, err = 0; - int pipeout[2]; - -- free(alloc_buff); -+ /* Free rarely-allocated memory from previous iteration. */ -+ if (alloc_buff) -+ { -+ free(alloc_buff); -+ alloc_buff = NULL; -+ } - - /* we read zero bytes when pipe closed: this is our signal to exit */ - if (!read_write(pipefd[0], (unsigned char *)&data, sizeof(data), 1)) diff --git a/dnsmasq.changes b/dnsmasq.changes index 56b5666..090391e 100644 --- a/dnsmasq.changes +++ b/dnsmasq.changes @@ -1,3 +1,44 @@ +------------------------------------------------------------------- +Tue May 5 11:26:55 UTC 2020 - Paolo Stivanin + +- Update to 2.81: + * Improve cache behaviour for TCP connections + * Remove the NO_FORK compile-time option, and support for uclinux + * Fix line-counting when reading /etc/hosts and friends + * Fix bug in DNS non-terminal code, added in 2.80, which could + sometimes cause a NODATA rather than an NXDOMAIN reply. + * Support TCP-fastopen (RFC-7413) on both incoming and + outgoing TCP connections, if supported and enabled in the OS. + * Improve kernel-capability manipulation code under Linux + * Add --shared-network config. This enables allocation of addresses + by the DHCP server in subnets where the server (or relay) does not + have an interface on the network in that subnet. Many thanks to + kamp.de for sponsoring this feature. + * Fix broken contrib/lease_tools/dhcp_lease_time.c. A packet + validation check got borked in commit 2b38e382 and release 2.80. + Thanks to Tomasz Szajner for spotting this. + * Fix compilation against nettle version 3.5 and later. + * Fix spurious DNSSEC validation failures when the auth section + of a reply contains unsigned RRs from a signed zone, + with the exception that NSEC and NSEC3 RRs must always be signed. + Thanks to Tore Anderson for spotting and diagnosing the bug. + * Add --dhcp-ignore-clid. This disables reading of DHCP client + identifier option (option 61), so clients are only identified by + MAC addresses. + * Fix a bug which stopped --dhcp-name-match from working when a hostname + is supplied in --dhcp-host. Thanks to James Feeney for spotting this. + * Fix bug which caused very rarely caused zero-length DHCPv6 packets. + Thanks to Dereck Higgins for spotting this. + * Add --tftp-single-port option. + * Enhance --conf-dir to load files in a deterministic order + * Add filtering by tag of --dhcp-host directives + * Remove DSA signature verification from DNSSEC, as specified in + RFC 8624 + * Add --script-on-renewal option. +- Remove Fix-build-with-libnettle-3.5.patch +- Remove 0001-fix-build-after-y2038-changes-in-glibc.patch +- Remove dnsmasq-CVE-2019-14834.patch + ------------------------------------------------------------------- Sat Nov 30 12:15:42 UTC 2019 - Dominique Leuenberger diff --git a/dnsmasq.spec b/dnsmasq.spec index fa12f82..bca71d3 100644 --- a/dnsmasq.spec +++ b/dnsmasq.spec @@ -1,7 +1,7 @@ # # spec file for package dnsmasq # -# Copyright (c) 2019 SUSE LLC +# Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -26,7 +26,7 @@ Name: dnsmasq Summary: DNS Forwarder and DHCP Server License: GPL-2.0-only OR GPL-3.0-only Group: Productivity/Networking/DNS/Servers -Version: 2.80 +Version: 2.81 Release: 0 Provides: dns_daemon URL: http://www.thekelleys.org.uk/dnsmasq/ @@ -38,10 +38,6 @@ Source4: dnsmasq.service Source5: rc.dnsmasq-suse Source8: %{name}-rpmlintrc Patch0: dnsmasq-groups.patch -Patch1: 0001-fix-build-after-y2038-changes-in-glibc.patch -# PATCH-FIX-UPSTREAM -- http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=ab73a746a0d6fcac2e682c5548eeb87fb9c9c82e -Patch2: Fix-build-with-libnettle-3.5.patch -Patch3: dnsmasq-CVE-2019-14834.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: dbus-1-devel BuildRequires: dos2unix @@ -78,9 +74,6 @@ server's leases. %prep %setup -q %patch0 -%patch1 -p1 -%patch2 -p1 -%patch3 # Remove the executable bit from python example files to # avoid unwanted automatic dependencies