Commit Graph

116 Commits

Author SHA256 Message Date
Reinhard Max
0cc8ed3dc1 - update to 2.90:
* CVE-2023-50387, CVE-2023-50868, bsc#1219823, bsc#1219826:
    Denial Of Service while trying to validate specially crafted
    DNSSEC responses
  * Fix reversion in --rev-server introduced in 2.88 which caused
    breakage if the prefix length is not exactly divisible by 8
    (IPv4) or 4 (IPv6).
  * Fix possible SEGV when there server(s) for a particular domain
    are configured, but no server which is not qualified for a
    particular domain.
  * Set the default maximum DNS UDP packet sice to 1232.
    Obsoletes: dnsmasq-CVE-2023-28450.patch
  * Add --no-dhcpv4-interface and --no-dhcpv6-interface for better
    control over which inetrfaces are providing DHCP service.
  * Fix issue with stale caching
  * Add configurable caching for arbitrary RR-types.
  * Add --filter-rr option, to filter arbitrary RR-types.

OBS-URL: https://build.opensuse.org/package/show/network/dnsmasq?expand=0&rev=165
2024-02-14 18:04:45 +00:00
Reinhard Max
22e8185410 Accepting request 1117613 from home:kukuk:branches:network
- SLP got dropped, remove config (bsc#1214884)

OBS-URL: https://build.opensuse.org/request/show/1117613
OBS-URL: https://build.opensuse.org/package/show/network/dnsmasq?expand=0&rev=163
2023-11-15 14:20:46 +00:00
Reinhard Max
4d358c4945 Accepting request 1087003 from home:gmbr3:Active
- Correct rundir from /var/run to /run for pid file

OBS-URL: https://build.opensuse.org/request/show/1087003
OBS-URL: https://build.opensuse.org/package/show/network/dnsmasq?expand=0&rev=161
2023-05-15 11:30:28 +00:00
Reinhard Max
5812a696e5 - bsc#1209358, CVE-2023-28450, dnsmasq-CVE-2023-28450.patch:
default maximum EDNS.0 UDP packet size should be 1232

OBS-URL: https://build.opensuse.org/package/show/network/dnsmasq?expand=0&rev=159
2023-04-25 08:33:07 +00:00
Reinhard Max
34ee2bc9ad it down. (boo#1207174)
OBS-URL: https://build.opensuse.org/package/show/network/dnsmasq?expand=0&rev=157
2023-02-17 11:54:59 +00:00
Reinhard Max
632e70dcde Accepting request 1063373 from home:polslinux:branches:network
- update to 2.89:
  * Fix bug introduced in 2.88 (commit fe91134b) which can result
    in corruption of the DNS cache internal data structures and
    logging of "cache internal error". This has only been seen
    in one place in the wild, and it took considerable effort
    to even generate a test case to reproduce it, but there's
    no way to be sure it won't strike, and the effect is to break
    the cache badly. Installations with DNSSEC enabled are more
    likely to see the problem, but not running DNSSEC does not
    guarantee that it won't happen. Thanks to Timo van Roermund
    for reporting the bug and for his great efforts in chasing
    it down.
- remove no longer needed rpmlintrc filters

OBS-URL: https://build.opensuse.org/request/show/1063373
OBS-URL: https://build.opensuse.org/package/show/network/dnsmasq?expand=0&rev=155
2023-02-06 17:47:21 +00:00
Reinhard Max
ee2f248c1a Accepting request 1044373 from home:dirkmueller:Factory
- update to 2.88:
  * Fix bug in --dynamic-host when an interface has /16 IPv4
  * address.
  * Add --fast-dns-retry option. This gives dnsmasq the ability
    to originate retries for upstream DNS queries itself, rather
    than relying on the downstream client. This is most useful
    when doing DNSSEC over unreliable upstream networks. It comes
    with some cost in memory usage and network bandwidth.
  * Add --use-stale-cache option. When set, if a DNS name exists
    in the cache, but its time-to-live has expired, dnsmasq will
    return the data anyway.
  * handle removal of whole files or entries within files.

OBS-URL: https://build.opensuse.org/request/show/1044373
OBS-URL: https://build.opensuse.org/package/show/network/dnsmasq?expand=0&rev=153
2022-12-27 10:20:23 +00:00
Reinhard Max
33d1dd7eac Accepting request 1031298 from home:dirkmueller:Factory
- update to 2.87 (bsc#1197872, CVE-2022-0934):
  * Allow arbitrary prefix lengths in --rev-server and
    --domain=....,local
  * Replace --address=/#/..... functionality which got
    missed in the 2.86 domain search rewrite.
  * Add --nftset option, like --ipset but for the newer nftables.
  * Add --filter-A and --filter-AAAA options, to remove IPv4 or IPv6
    addresses from DNS answers.
  * Fix crash doing netbooting when --port is set to zero
    to disable the DNS server. Thanks to Drexl Johannes
    for the bug report.
  * Generalise --dhcp-relay. Sending via broadcast/multicast is
    now supported for both IPv4 and IPv6 and the configuration
    syntax made easier (but backwards compatible).
  * Add snooping of IPv6 prefix-delegations to the DHCP-relay system.
  * Finesse parsing of --dhcp-remoteid and --dhcp-subscrid. To be treated
    as hex, the pattern must consist of only hex digits AND contain
    at least one ':'. Thanks to Bengt-Erik Sandstrom who tripped
    over a pattern consisting of a decimal number which was interpreted
    surprisingly.
  * Include client address in TFTP file-not-found error reports.
    Thanks to Stefan Rink for the initial patch, which has been
    re-worked by me (srk). All bugs mine.
  * Note in manpage the change in behaviour of -address. This behaviour
    actually changed in v2.86, but was undocumented there. From 2.86 on,
    (eg) --address=/example.com/1.2.3.4 ONLY applies to A queries. All other
    types of query will be sent upstream. Pre 2.86, that would catch the
    whole example.com domain and queries for other types would get
    a local NODATA answer. The pre-2.86 behaviour is still available,
    by configuring --address=/example.com/1.2.3.4 --local=/example.com/

OBS-URL: https://build.opensuse.org/request/show/1031298
OBS-URL: https://build.opensuse.org/package/show/network/dnsmasq?expand=0&rev=151
2022-11-07 10:18:14 +00:00
0e41fdbd5f Accepting request 1002291 from home:gmbr3:Active
- Ensure the dnsmasq user's group is used
- Remove nogroup requirement

OBS-URL: https://build.opensuse.org/request/show/1002291
OBS-URL: https://build.opensuse.org/package/show/network/dnsmasq?expand=0&rev=149
2022-09-19 06:55:22 +00:00
37bc9b79aa Accepting request 981335 from home:gmbr3:Active
- Move the dbus-1 system.d file to /usr (bsc#1200344)

OBS-URL: https://build.opensuse.org/request/show/981335
OBS-URL: https://build.opensuse.org/package/show/network/dnsmasq?expand=0&rev=147
2022-06-13 08:25:42 +00:00
Reinhard Max
e3d0db2cf5 - bsc#1197872, CVE-2022-0934, dnsmasq-CVE-2022-0934.patch:
Heap use after free in dhcp6_no_relay

OBS-URL: https://build.opensuse.org/package/show/network/dnsmasq?expand=0&rev=145
2022-04-05 07:17:25 +00:00
Reinhard Max
e863251880 OBS-URL: https://build.opensuse.org/package/show/network/dnsmasq?expand=0&rev=144 2021-11-18 15:52:28 +00:00
Reinhard Max
c177936b94 - bsc#1192529, dnsmasq-resolv-conf.patch:
Fix a segfault when re-reading an empty resolv.conf
- Remove "nogroup" membership from the dnsmasq user.

OBS-URL: https://build.opensuse.org/package/show/network/dnsmasq?expand=0&rev=143
2021-11-18 14:11:14 +00:00
Reinhard Max
d5b765a964 Accepting request 928184 from home:gmbr3:Active
- Use systemd-sysusers from 15.3 onwards

OBS-URL: https://build.opensuse.org/request/show/928184
OBS-URL: https://build.opensuse.org/package/show/network/dnsmasq?expand=0&rev=142
2021-11-18 13:53:24 +00:00
Reinhard Max
f4508ec1d0 OBS-URL: https://build.opensuse.org/package/show/network/dnsmasq?expand=0&rev=141 2021-09-23 12:06:42 +00:00
Reinhard Max
029f71cf1d OBS-URL: https://build.opensuse.org/package/show/network/dnsmasq?expand=0&rev=140 2021-09-23 12:02:11 +00:00
Reinhard Max
0c6831c53a OBS-URL: https://build.opensuse.org/package/show/network/dnsmasq?expand=0&rev=139 2021-09-23 09:22:08 +00:00
Reinhard Max
bcf4390ff2 - SLE bugs that got fixed upstream between 2.79 and 2.86, but for
which we need to keep references when syncing Factory to SLE:
  * bsc#1176076: dnsmasq-servfail.patch
  * bsc#1156543: dnsmasq-siocgstamp.patch
  * bsc#1138743: dnsmasq-cache-size.patch
  * bsc#1076958: CVE-2017-15107, dnsmasq-CVE-2017-15107.patch

OBS-URL: https://build.opensuse.org/package/show/network/dnsmasq?expand=0&rev=138
2021-09-23 08:59:05 +00:00
Reinhard Max
049fbc620b - Update to 2.86:
* Handle DHCPREBIND requests in the DHCPv6 server code.
  * Fix bug which caused dnsmasq to lose track of processes forked
    to handle TCP DNS connections under heavy load.
  * Major rewrite of the DNS server and domain handling code. This
    should be largely transparent, but it drastically improves
    performance and reduces memory foot-print when configuring
    large numbers of domains.
  * Revise resource handling for number of concurrent DNS queries.
  * Improve efficiency of DNSSEC.
  * Connection track mark based DNS query filtering.
  * Allow smaller than 64 prefix lengths in synth-domain, with
    caveats.
    --synth-domain=1234:4567::/56,example.com is now valid.
  * Make domains generated by --synth-domain appear in replies
    when in authoritative mode.
  * Ensure CAP_NET_ADMIN capability is available when conntrack
    is configured.
  * When --dhcp-hostsfile --dhcp-optsfile and --addn-hosts are
    given a directory as argument, define the order in which files
    within that directory are read (alphabetical order of filename).
- Added hardening to systemd service(s) (bsc#1181400).

OBS-URL: https://build.opensuse.org/package/show/network/dnsmasq?expand=0&rev=137
2021-09-17 11:27:06 +00:00
Reinhard Max
dc54688f33 Accepting request 918936 from home:jsegitz:branches:systemdhardening:network
Automatic systemd hardening effort by the security team. This has not been tested. For details please see https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort

OBS-URL: https://build.opensuse.org/request/show/918936
OBS-URL: https://build.opensuse.org/package/show/network/dnsmasq?expand=0&rev=136
2021-09-17 09:40:15 +00:00
Reinhard Max
253903d350 Accepting request 899810 from home:gmbr3:Active
- Add now working CONFIG parameter to sysusers generator

OBS-URL: https://build.opensuse.org/request/show/899810
OBS-URL: https://build.opensuse.org/package/show/network/dnsmasq?expand=0&rev=135
2021-07-05 13:31:21 +00:00
Reinhard Max
05adc3fbcf Accepting request 896893 from home:gmbr3:Active
- Change to using systemd-sysusers on TW

OBS-URL: https://build.opensuse.org/request/show/896893
OBS-URL: https://build.opensuse.org/package/show/network/dnsmasq?expand=0&rev=134
2021-06-07 10:59:49 +00:00
Reinhard Max
755bed9cef - Update to 2.85:
* Fix problem with DNS retries in 2.83/2.84.
  * Tweak sort order of tags in get-version.
  * Avoid treating a --dhcp-host which has an IPv6 address as
    eligible for use with DHCPv4 on the grounds that it has
    no address, and vice-versa.
  * Add --dynamic-host option: A and AAAA records which take their
    network part from the network of a local interface. Useful
    for routers with dynamically prefixes.
  * Teach --bogus-nxdomain and --ignore-address to take an IPv4
    subnet.
  * CVE-2021-3448, bsc#1183709: Use random source ports where
    possible if source addresses/interfaces in use.
  * Change the method of allocation of random source ports for DNS.
  * Scale the size of the DNS random-port pool based on the
    value of the --dns-forward-max configuration.
  * Tweak TFTP code to check sender of all received packets, as
    specified in RFC 1350 para 4.

OBS-URL: https://build.opensuse.org/package/show/network/dnsmasq?expand=0&rev=132
2021-04-19 21:50:31 +00:00
Reinhard Max
6b64faead0 Accepting request 870366 from home:dirkmueller:branches:network
- update to 2.84:
  * Change HAVE_NETTLEHASH compile-time to HAVE_CRYPTOHASH
  * Tidy initialisation in hash_questions.c
  * Optimise sort_rrset for the case where the RR type
  * Move fd into frec_src

OBS-URL: https://build.opensuse.org/request/show/870366
OBS-URL: https://build.opensuse.org/package/show/network/dnsmasq?expand=0&rev=130
2021-02-09 07:35:03 +00:00
5761a19f0e Accepting request 867249 from home:gmbr3:Lua
- Fix building with lua54

OBS-URL: https://build.opensuse.org/request/show/867249
OBS-URL: https://build.opensuse.org/package/show/network/dnsmasq?expand=0&rev=128
2021-01-30 08:06:09 +00:00
Reinhard Max
f38fa3d41b - Update to 2.83:
* bsc#1177077: Fixed DNSpooq vulnerabilities
  * Use the values of --min-port and --max-port in outgoing
    TCP connections to upstream DNS servers.
  * Fix a remote buffer overflow problem in the DNSSEC code.
    Any dnsmasq with DNSSEC compiled in and enabled is vulnerable
    to this, referenced by CVE-2020-25681, CVE-2020-25682,
    CVE-2020-25683 CVE-2020-25687.
  * Be sure to only accept UDP DNS query replies at the address
    from which the query was originated. This keeps as much
    entropy in the {query-ID, random-port} tuple as possible, to
    help defeat cache poisoning attacks. Refer: CVE-2020-25684.
  * Use the SHA-256 hash function to verify that DNS answers
    received are for the questions originally asked. This replaces
    the slightly insecure SHA-1 (when compiled with DNSSEC) or
    the very insecure CRC32 (otherwise). Refer: CVE-2020-25685
  * Handle multiple identical near simultaneous DNS queries better.
    Previously, such queries would all be forwarded independently.
    This is, in theory, inefficent but in practise not a problem,
    _except_ that is means that an answer for any of the forwarded
    queries will be accepted and cached.
    An attacker can send a query multiple times, and for each
    repeat, another {port, ID} becomes capable of accepting the
    answer he is sending in the blind, to random IDs and ports.
    The chance of a succesful attack is therefore multiplied by the
    number of repeats of the query. The new behaviour detects
    repeated queries and merely stores the clients sending repeats
    so that when the first query completes, the answer can be sent
    to all the clients who asked. Refer: CVE-2020-25686.

OBS-URL: https://build.opensuse.org/package/show/network/dnsmasq?expand=0&rev=126
2021-01-19 12:32:14 +00:00
Reinhard Max
be2d2498af Accepting request 823079 from home:mrey:branches:network
- Update to 2.82:
  * Improve behaviour in the face of network interfaces which come
    and go and change index.
  * Convert hard startup failure on NETLINK_NO_ENOBUFS under
    qemu-user to a warning.
  * Allow IPv6 addresses ofthe form [::ffff:1.2.3.4] in
    --dhcp-option.
  * Fix crash under heavy TCP connection load introduced in 2.81.
  * Change default lease time for DHCPv6 to one day.
  * Alter calculation of preferred and valid times in router
    advertisements, so that these do not have a floor applied of
    the lease time in the dhcp-range if this is not explicitly
    specified and is merely the default.
- Reformat spec file with spec-cleaner

OBS-URL: https://build.opensuse.org/request/show/823079
OBS-URL: https://build.opensuse.org/package/show/network/dnsmasq?expand=0&rev=124
2020-07-31 14:11:53 +00:00
067293717f Accepting request 800348 from home:polslinux:branches:network
- Update to 2.81:
  *	Improve cache behaviour for TCP connections
  *	Remove the NO_FORK compile-time option, and support for uclinux
  *	Fix line-counting when reading /etc/hosts and friends
  *	Fix bug in DNS non-terminal code, added in 2.80, which could
	sometimes cause a NODATA rather than an NXDOMAIN reply.
  *	Support TCP-fastopen (RFC-7413) on both incoming and
	outgoing TCP connections, if supported and enabled in the OS.
  *	Improve kernel-capability manipulation code under Linux
  *	Add --shared-network config. This enables allocation of addresses
	by the DHCP server in subnets where the server (or relay) does not
	have an interface on the network in that subnet. Many thanks to
	kamp.de for sponsoring this feature.
  *	Fix broken contrib/lease_tools/dhcp_lease_time.c. A packet
	validation check got borked in commit 2b38e382 and release 2.80.
	Thanks to Tomasz Szajner for spotting this.
  *	Fix compilation against nettle version 3.5 and later.
  *	Fix spurious DNSSEC validation failures when the auth section
	of a reply contains unsigned RRs from a signed zone,
	with the exception that NSEC and NSEC3 RRs must always be signed.
        Thanks to Tore Anderson for spotting and diagnosing the bug.
  *	Add --dhcp-ignore-clid. This disables reading of DHCP client
	identifier option (option 61), so clients are only identified by
	MAC addresses.
  *	Fix a bug which stopped --dhcp-name-match from working when a hostname
	is supplied in --dhcp-host. Thanks to James Feeney for spotting this.
  *	Fix bug which caused very rarely caused zero-length DHCPv6 packets.
	Thanks to Dereck Higgins for spotting this.
  *	Add --tftp-single-port option.
  *	Enhance --conf-dir to load files in a deterministic order
  * Add filtering by tag of --dhcp-host directives
  * Remove DSA signature verification from DNSSEC, as specified in
	RFC 8624
  *	Add --script-on-renewal option.
- Remove Fix-build-with-libnettle-3.5.patch
- Remove 0001-fix-build-after-y2038-changes-in-glibc.patch
- Remove dnsmasq-CVE-2019-14834.patch

OBS-URL: https://build.opensuse.org/request/show/800348
OBS-URL: https://build.opensuse.org/package/show/network/dnsmasq?expand=0&rev=122
2020-05-21 11:02:08 +00:00
Tomáš Chvátal
717dcedc03 Accepting request 752568 from home:dimstar:Factory
- Remove redundant %else without meaning (if/else/else/endif?)


Fixes build with rpm 4.15,
see https://build.opensuse.org/package/live_build_log/openSUSE:Factory:Staging:N/dnsmasq/standard/x86_64

OBS-URL: https://build.opensuse.org/request/show/752568
OBS-URL: https://build.opensuse.org/package/show/network/dnsmasq?expand=0&rev=120
2019-12-02 07:41:02 +00:00
Reinhard Max
5fa347475a OBS-URL: https://build.opensuse.org/package/show/network/dnsmasq?expand=0&rev=116 2019-11-13 11:21:17 +00:00
ccc8eeefa0 Accepting request 728337 from home:StefanBruens:branches:openSUSE:Factory
Fix build with libnettle 3.5, unbreak Staging:L

OBS-URL: https://build.opensuse.org/request/show/728337
OBS-URL: https://build.opensuse.org/package/show/network/dnsmasq?expand=0&rev=114
2019-09-05 11:34:19 +00:00
3edd2e1ad9 Accepting request 717919 from home:mgerstner:branches:network
- removal of SuSEfirewall2 service, since SuSEfirewall2 has been replaced by
  firewalld, see [1].
  [1]: https://lists.opensuse.org/opensuse-factory/2019-01/msg00490.html

OBS-URL: https://build.opensuse.org/request/show/717919
OBS-URL: https://build.opensuse.org/package/show/network/dnsmasq?expand=0&rev=112
2019-07-25 17:07:06 +00:00
Tomáš Chvátal
9c019eebb6 Accepting request 714370 from home:jirislaby:branches:network
- add 0001-fix-build-after-y2038-changes-in-glibc.patch

OBS-URL: https://build.opensuse.org/request/show/714370
OBS-URL: https://build.opensuse.org/package/show/network/dnsmasq?expand=0&rev=110
2019-07-10 07:24:12 +00:00
Tomáš Chvátal
8f7f833592 Accepting request 709153 from home:dimstar:Factory
Allow OBS to pick better candidates to shorten rebuild queues

OBS-URL: https://build.opensuse.org/request/show/709153
OBS-URL: https://build.opensuse.org/package/show/network/dnsmasq?expand=0&rev=108
2019-06-12 06:05:10 +00:00
Tomáš Chvátal
deb329e226 Accepting request 678164 from home:fbui:branches:network
- Drop use of $FIRST_ARG in .spec
  The use of $FIRST_ARG was probably required because of the
  %service_* rpm macros were playing tricks with the shell positional
  parameters. This is bad practice and error prones so let's assume
  that no macros should do that anymore and hence it's safe to assume
  that positional parameters remains unchanged after any rpm macro
  call.

OBS-URL: https://build.opensuse.org/request/show/678164
OBS-URL: https://build.opensuse.org/package/show/network/dnsmasq?expand=0&rev=106
2019-02-22 10:44:04 +00:00
500c355c40 Accepting request 668710 from home:eeich:branches:network
- enabled lua scripting interface (FATE#327143).

OBS-URL: https://build.opensuse.org/request/show/668710
OBS-URL: https://build.opensuse.org/package/show/network/dnsmasq?expand=0&rev=104
2019-01-25 17:29:11 +00:00
Tomáš Chvátal
943aafc77b Accepting request 668197 from home:elvigia:branches:network
- libidn should not be used anymore, switch to libidn2

OBS-URL: https://build.opensuse.org/request/show/668197
OBS-URL: https://build.opensuse.org/package/show/network/dnsmasq?expand=0&rev=103
2019-01-24 08:33:18 +00:00
Reinhard Max
c95068e949 Accepting request 643663 from home:jengelh:branches:network
- Ensure neutrality of descriptions. / Replace description with
  new upstream description.
- Do not hide failures from user/group additions.
- Replace old $RPM_* shell vars by macros.

Fix wrong future time on sean@ entry

OBS-URL: https://build.opensuse.org/request/show/643663
OBS-URL: https://build.opensuse.org/package/show/network/dnsmasq?expand=0&rev=101
2018-10-22 09:28:32 +00:00
Ismail Dönmez
780a2eb11d Accepting request 643595 from home:seanlew:branches:network
Update dnasmasq to 2.80

OBS-URL: https://build.opensuse.org/request/show/643595
OBS-URL: https://build.opensuse.org/package/show/network/dnsmasq?expand=0&rev=100
2018-10-22 08:10:05 +00:00
Ismail Dönmez
91a1f07afb Accepting request 643221 from home:mslacken:prov
- enabled lua scripting interface

OBS-URL: https://build.opensuse.org/request/show/643221
OBS-URL: https://build.opensuse.org/package/show/network/dnsmasq?expand=0&rev=99
2018-10-19 18:44:49 +00:00
0c17079da6 - add missing prereq on the group to be created (bsc#1106446)
OBS-URL: https://build.opensuse.org/package/show/network/dnsmasq?expand=0&rev=97
2018-08-29 16:22:36 +00:00
59367376ec Accepting request 623070 from home:kukuk:branches:network
- Don't require systemd explicit, fix spec file to handle both
  cases correct. In containers we don't have systemd.
- Adjust pre/post install for transactional updates.
- Use %license instead of %doc [bsc#1082318]

OBS-URL: https://build.opensuse.org/request/show/623070
OBS-URL: https://build.opensuse.org/package/show/network/dnsmasq?expand=0&rev=95
2018-07-17 08:06:47 +00:00
Ismail Dönmez
b5b76cd9b1 - Update keyring
OBS-URL: https://build.opensuse.org/package/show/network/dnsmasq?expand=0&rev=93
2017-12-04 13:39:44 +00:00
Ismail Dönmez
7a3d7e2c7b Accepting request 547138 from home:cbosdonnat:branches:network
- Get rid of python dependency due to examples. (fate#323526)

OBS-URL: https://build.opensuse.org/request/show/547138
OBS-URL: https://build.opensuse.org/package/show/network/dnsmasq?expand=0&rev=92
2017-12-01 15:00:21 +00:00
Reinhard Max
09eac739de - Security update to version 2.78:
* bsc#1060354, CVE-2017-14491: 2 byte heap based overflow.
  * bsc#1060355, CVE-2017-14492: heap based overflow.
  * bsc#1060360, CVE-2017-14493: stack based overflow.
  * bsc#1060361, CVE-2017-14494: DHCP - info leak.
  * bsc#1060362, CVE-2017-14495: DNS - OOM DoS.
  * bsc#1060364, CVE-2017-14496: DNS - DoS Integer underflow.
  * Fix DHCP relaying, broken in 2.76 and 2.77.
  * For other changes, see
    http://www.thekelleys.org.uk/dnsmasq/CHANGELOG
- Obsoleted patches:
  * Fix-crash-introduced-in-2675f2061525bc954be14988d643.patch
  * Handle-binding-upstream-servers-to-an-interface.patch

OBS-URL: https://build.opensuse.org/package/show/network/dnsmasq?expand=0&rev=90
2017-10-02 14:34:17 +00:00
Ismail Dönmez
1c4b4aee27 Accepting request 523600 from home:scarabeus_iv:branches:network
- Fix /srv/tftpboot permissions wrt bsc#940608

OBS-URL: https://build.opensuse.org/request/show/523600
OBS-URL: https://build.opensuse.org/package/show/network/dnsmasq?expand=0&rev=89
2017-09-13 14:15:31 +00:00
d7b45ae928 - reload system dbus to pick up policy change on install (bsc#1054429)
OBS-URL: https://build.opensuse.org/package/show/network/dnsmasq?expand=0&rev=88
2017-08-18 11:16:45 +00:00
Ismail Dönmez
13ce29f32b Accepting request 449467 from home:mwilck:branches:network
- Handle binding upstream servers to an interface if interface
  is destroyed and recreated (boo#1018160) 
  Added two patches from upstream:
  * added Handle-binding-upstream-servers-to-an-interface.patch
  * added Fix-crash-introduced-in-2675f2061525bc954be14988d643.patch

OBS-URL: https://build.opensuse.org/request/show/449467
OBS-URL: https://build.opensuse.org/package/show/network/dnsmasq?expand=0&rev=86
2017-01-10 08:52:59 +00:00
Reinhard Max
428579c9fb - Update to 2.76:
* Include 0.0.0.0/8 in DNS rebind checks.
  * Enhance --add-subnet to allow arbitrary subnet addresses.
  * Respect the --no-resolv flag in inotify code. Fixes bug
    which caused dnsmasq to fail to start if a resolv-file
    was a dangling symbolic link, even of --no-resolv set.
  * Fix crash when an A or AAAA record is defined locally,
    in a hosts file, and an upstream server sends a reply
    that the same name is empty (CVE-2015-8899, bsc#983273).
  * Fix failure to correctly calculate cache-size when reading a
    hosts-file fails.
  * Fix wrong answer to simple name query when --domain-needed
    set, but no upstream servers configured.
  * Return REFUSED when running out of forwarding table slots,
    not SERVFAIL.
  * Add --max-port configuration.
  * Add --script-arp and two new functions for the dhcp-script.
  * Extend --add-mac to allow a new encoding of the MAC address
    as base64, by configurting --add-mac=base64
  * Add --add-cpe-id option.
  * Don't crash with divide-by-zero if an IPv6 dhcp-range is
    declared as a whole /64.
    (ie xx::0 to xx::ffff:ffff:ffff:ffff)
  * Add support for a TTL parameter in --host-record and --cname.
  * Add --dhcp-ttl option.
  * Add --tftp-mtu option.
  * Check return-code of inet_pton() when parsing dhcp-option.
  * Fix wrong value for EDNS UDP packet size when using
    --servers-file to define upstream DNS servers.
  * Add dhcp_release6 to contrib/lease-tools.

OBS-URL: https://build.opensuse.org/package/show/network/dnsmasq?expand=0&rev=84
2016-08-03 14:02:20 +00:00
Reinhard Max
9e6d0bab8c - dnsmasq-groups.patch: Initialize the supplementary groups of the
dnsmasq user (bsc#859298).

OBS-URL: https://build.opensuse.org/package/show/network/dnsmasq?expand=0&rev=82
2016-06-22 13:51:23 +00:00