0cc8ed3dc1- update to 2.90: * CVE-2023-50387, CVE-2023-50868, bsc#1219823, bsc#1219826: Denial Of Service while trying to validate specially crafted DNSSEC responses * Fix reversion in --rev-server introduced in 2.88 which caused breakage if the prefix length is not exactly divisible by 8 (IPv4) or 4 (IPv6). * Fix possible SEGV when there server(s) for a particular domain are configured, but no server which is not qualified for a particular domain. * Set the default maximum DNS UDP packet sice to 1232. Obsoletes: dnsmasq-CVE-2023-28450.patch * Add --no-dhcpv4-interface and --no-dhcpv6-interface for better control over which inetrfaces are providing DHCP service. * Fix issue with stale caching * Add configurable caching for arbitrary RR-types. * Add --filter-rr option, to filter arbitrary RR-types.
Reinhard Max
2024-02-14 18:04:45 +0000
ee7ad3ae48Accepting request 1126658 from network
Ana Guerrero
2023-11-16 19:27:12 +0000
22e8185410Accepting request 1117613 from home:kukuk:branches:network
Reinhard Max
2023-11-15 14:20:46 +0000
a543d4ad0bAccepting request 1087210 from network
Dominique Leuenberger
2023-05-16 12:15:54 +0000
4d358c4945Accepting request 1087003 from home:gmbr3:Active
Reinhard Max
2023-05-15 11:30:28 +0000
cb7f45821cAccepting request 1082695 from network
Dominique Leuenberger
2023-04-26 15:24:15 +0000
5812a696e5- bsc#1209358, CVE-2023-28450, dnsmasq-CVE-2023-28450.patch: default maximum EDNS.0 UDP packet size should be 1232
Reinhard Max
2023-04-25 08:33:07 +0000
ee1ce84cabAccepting request 1066370 from network
Dominique Leuenberger
2023-02-17 15:43:57 +0000
34ee2bc9adit down. (boo#1207174)
Reinhard Max
2023-02-17 11:54:59 +0000
ae43cc1797Accepting request 1063496 from network
Dominique Leuenberger
2023-02-07 17:48:19 +0000
632e70dcdeAccepting request 1063373 from home:polslinux:branches:network
Reinhard Max
2023-02-06 17:47:21 +0000
92c6477b69Accepting request 1045478 from network
Dominique Leuenberger
2022-12-28 09:54:27 +0000
ee2f248c1aAccepting request 1044373 from home:dirkmueller:Factory
Reinhard Max
2022-12-27 10:20:23 +0000
70d707bb81Accepting request 1034136 from network
Dominique Leuenberger
2022-11-08 09:53:18 +0000
33d1dd7eacAccepting request 1031298 from home:dirkmueller:Factory
Reinhard Max
2022-11-07 10:18:14 +0000
a38c20861bAccepting request 1004570 from network
Dominique Leuenberger
2022-09-20 17:23:03 +0000
c177936b94- bsc#1192529, dnsmasq-resolv-conf.patch: Fix a segfault when re-reading an empty resolv.conf - Remove "nogroup" membership from the dnsmasq user.
Reinhard Max
2021-11-18 14:11:14 +0000
d5b765a964Accepting request 928184 from home:gmbr3:Active
Reinhard Max
2021-11-18 13:53:24 +0000
25af15f8e3Accepting request 921143 from network
Dominique Leuenberger
2021-09-26 19:48:37 +0000
bcf4390ff2- SLE bugs that got fixed upstream between 2.79 and 2.86, but for which we need to keep references when syncing Factory to SLE: * bsc#1176076: dnsmasq-servfail.patch * bsc#1156543: dnsmasq-siocgstamp.patch * bsc#1138743: dnsmasq-cache-size.patch * bsc#1076958: CVE-2017-15107, dnsmasq-CVE-2017-15107.patch
Reinhard Max
2021-09-23 08:59:05 +0000
049fbc620b- Update to 2.86: * Handle DHCPREBIND requests in the DHCPv6 server code. * Fix bug which caused dnsmasq to lose track of processes forked to handle TCP DNS connections under heavy load. * Major rewrite of the DNS server and domain handling code. This should be largely transparent, but it drastically improves performance and reduces memory foot-print when configuring large numbers of domains. * Revise resource handling for number of concurrent DNS queries. * Improve efficiency of DNSSEC. * Connection track mark based DNS query filtering. * Allow smaller than 64 prefix lengths in synth-domain, with caveats. --synth-domain=1234:4567::/56,example.com is now valid. * Make domains generated by --synth-domain appear in replies when in authoritative mode. * Ensure CAP_NET_ADMIN capability is available when conntrack is configured. * When --dhcp-hostsfile --dhcp-optsfile and --addn-hosts are given a directory as argument, define the order in which files within that directory are read (alphabetical order of filename). - Added hardening to systemd service(s) (bsc#1181400).
Reinhard Max
2021-09-17 11:27:06 +0000
dc54688f33Accepting request 918936 from home:jsegitz:branches:systemdhardening:network
Reinhard Max
2021-09-17 09:40:15 +0000
36392b1f56Accepting request 904175 from network
Dominique Leuenberger
2021-07-07 16:29:47 +0000
253903d350Accepting request 899810 from home:gmbr3:Active
Reinhard Max
2021-07-05 13:31:21 +0000
05adc3fbcfAccepting request 896893 from home:gmbr3:Active
Reinhard Max
2021-06-07 10:59:49 +0000
42d55dff3cAccepting request 888631 from network
Dominique Leuenberger
2021-04-28 23:36:38 +0000
755bed9cef- Update to 2.85: * Fix problem with DNS retries in 2.83/2.84. * Tweak sort order of tags in get-version. * Avoid treating a --dhcp-host which has an IPv6 address as eligible for use with DHCPv4 on the grounds that it has no address, and vice-versa. * Add --dynamic-host option: A and AAAA records which take their network part from the network of a local interface. Useful for routers with dynamically prefixes. * Teach --bogus-nxdomain and --ignore-address to take an IPv4 subnet. * CVE-2021-3448, bsc#1183709: Use random source ports where possible if source addresses/interfaces in use. * Change the method of allocation of random source ports for DNS. * Scale the size of the DNS random-port pool based on the value of the --dns-forward-max configuration. * Tweak TFTP code to check sender of all received packets, as specified in RFC 1350 para 4.
Reinhard Max
2021-04-19 21:50:31 +0000
822e2ef139Fix URLs.
Reinhard Max
2021-04-19 20:45:47 +0000
6b64faead0Accepting request 870366 from home:dirkmueller:branches:network
Reinhard Max
2021-02-09 07:35:03 +0000
119b64113aAccepting request 867893 from network
Dominique Leuenberger
2021-02-04 19:23:46 +0000
e7d4817578Accepting request 864301 from network
Dominique Leuenberger
2021-01-20 17:23:34 +0000
f38fa3d41b- Update to 2.83: * bsc#1177077: Fixed DNSpooq vulnerabilities * Use the values of --min-port and --max-port in outgoing TCP connections to upstream DNS servers. * Fix a remote buffer overflow problem in the DNSSEC code. Any dnsmasq with DNSSEC compiled in and enabled is vulnerable to this, referenced by CVE-2020-25681, CVE-2020-25682, CVE-2020-25683 CVE-2020-25687. * Be sure to only accept UDP DNS query replies at the address from which the query was originated. This keeps as much entropy in the {query-ID, random-port} tuple as possible, to help defeat cache poisoning attacks. Refer: CVE-2020-25684. * Use the SHA-256 hash function to verify that DNS answers received are for the questions originally asked. This replaces the slightly insecure SHA-1 (when compiled with DNSSEC) or the very insecure CRC32 (otherwise). Refer: CVE-2020-25685 * Handle multiple identical near simultaneous DNS queries better. Previously, such queries would all be forwarded independently. This is, in theory, inefficent but in practise not a problem, _except_ that is means that an answer for any of the forwarded queries will be accepted and cached. An attacker can send a query multiple times, and for each repeat, another {port, ID} becomes capable of accepting the answer he is sending in the blind, to random IDs and ports. The chance of a succesful attack is therefore multiplied by the number of repeats of the query. The new behaviour detects repeated queries and merely stores the clients sending repeats so that when the first query completes, the answer can be sent to all the clients who asked. Refer: CVE-2020-25686.
Reinhard Max
2021-01-19 12:32:14 +0000
de12c31418Accepting request 823748 from network
Dominique Leuenberger
2020-08-03 12:13:03 +0000
be2d2498afAccepting request 823079 from home:mrey:branches:network
Reinhard Max
2020-07-31 14:11:53 +0000
f2c36e7dadAccepting request 807964 from network
Dominique Leuenberger
2020-06-04 15:49:02 +0000
067293717fAccepting request 800348 from home:polslinux:branches:networkDirk Mueller2020-05-21 11:02:08 +0000
558e4ff507Accepting request 752812 from network
Dominique Leuenberger
2019-12-07 14:11:48 +0000
717dcedc03Accepting request 752568 from home:dimstar:Factory
Tomáš Chvátal
2019-12-02 07:41:02 +0000
bd280d0c79Accepting request 748378 from network
Dominique Leuenberger
2019-11-20 12:42:47 +0000
7a3d7e2c7bAccepting request 547138 from home:cbosdonnat:branches:network
Ismail Dönmez
2017-12-01 15:00:21 +0000
9141fa3579Accepting request 525886 from network
Dominique Leuenberger
2017-10-05 09:53:17 +0000
09eac739de- Security update to version 2.78: * bsc#1060354, CVE-2017-14491: 2 byte heap based overflow. * bsc#1060355, CVE-2017-14492: heap based overflow. * bsc#1060360, CVE-2017-14493: stack based overflow. * bsc#1060361, CVE-2017-14494: DHCP - info leak. * bsc#1060362, CVE-2017-14495: DNS - OOM DoS. * bsc#1060364, CVE-2017-14496: DNS - DoS Integer underflow. * Fix DHCP relaying, broken in 2.76 and 2.77. * For other changes, see http://www.thekelleys.org.uk/dnsmasq/CHANGELOG - Obsoleted patches: * Fix-crash-introduced-in-2675f2061525bc954be14988d643.patch * Handle-binding-upstream-servers-to-an-interface.patch
Reinhard Max
2017-10-02 14:34:17 +0000
1c4b4aee27Accepting request 523600 from home:scarabeus_iv:branches:network
Ismail Dönmez
2017-09-13 14:15:31 +0000
d7b45ae928- reload system dbus to pick up policy change on install (bsc#1054429)Dirk Mueller2017-08-18 11:16:45 +0000
a9a380275eAccepting request 449478 from network
Dominique Leuenberger
2017-01-11 11:01:12 +0000
13ce29f32bAccepting request 449467 from home:mwilck:branches:network
Ismail Dönmez
2017-01-10 08:52:59 +0000
b07b199c9fAccepting request 416775 from network
Dominique Leuenberger
2016-08-06 18:35:45 +0000
428579c9fb- Update to 2.76: * Include 0.0.0.0/8 in DNS rebind checks. * Enhance --add-subnet to allow arbitrary subnet addresses. * Respect the --no-resolv flag in inotify code. Fixes bug which caused dnsmasq to fail to start if a resolv-file was a dangling symbolic link, even of --no-resolv set. * Fix crash when an A or AAAA record is defined locally, in a hosts file, and an upstream server sends a reply that the same name is empty (CVE-2015-8899, bsc#983273). * Fix failure to correctly calculate cache-size when reading a hosts-file fails. * Fix wrong answer to simple name query when --domain-needed set, but no upstream servers configured. * Return REFUSED when running out of forwarding table slots, not SERVFAIL. * Add --max-port configuration. * Add --script-arp and two new functions for the dhcp-script. * Extend --add-mac to allow a new encoding of the MAC address as base64, by configurting --add-mac=base64 * Add --add-cpe-id option. * Don't crash with divide-by-zero if an IPv6 dhcp-range is declared as a whole /64. (ie xx::0 to xx::ffff:ffff:ffff:ffff) * Add support for a TTL parameter in --host-record and --cname. * Add --dhcp-ttl option. * Add --tftp-mtu option. * Check return-code of inet_pton() when parsing dhcp-option. * Fix wrong value for EDNS UDP packet size when using --servers-file to define upstream DNS servers. * Add dhcp_release6 to contrib/lease-tools.
Reinhard Max
2016-08-03 14:02:20 +0000
066af89b75Accepting request 404054 from network
Dominique Leuenberger
2016-06-29 13:04:14 +0000
9e6d0bab8c- dnsmasq-groups.patch: Initialize the supplementary groups of the dnsmasq user (bsc#859298).
Reinhard Max
2016-06-22 13:51:23 +0000
a427dadb0d- Initialize the supplementary groups of the dnsmasq user (bsc#859298).
Reinhard Max
2016-06-16 12:44:49 +0000
548fa244baAccepting request 366915 from network
Dominique Leuenberger
2016-03-09 14:15:29 +0000
3508d04081Accepting request 366204 from home:pluskalm:branches:network
Ismail Dönmez
2016-03-06 08:08:56 +0000
7dd60a9e09Accepting request 326525 from network
Stephan Kulow
2015-08-27 06:54:14 +0000
bcc77e54aeAccepting request 326465 from home:StefanBruens:branches:networkDirk Mueller2015-08-25 07:22:17 +0000
d6937a64d2Accepting request 323450 from network
Dominique Leuenberger
2015-08-19 11:41:09 +0000
86a5b874dfAccepting request 323445 from home:StefanBruens:branches:network
Ismail Dönmez
2015-08-16 16:23:15 +0000
4940698f3bAccepting request 312722 from network
Stephan Kulow
2015-07-05 15:56:36 +0000