# # spec file for package dnsmasq (Version 2.45) # # Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # # norootforbuild Name: dnsmasq Summary: Lightweight, Easy-to-Configure DNS Forwarder and DHCP Server Version: 2.45 Release: 12 License: GPL v2 or later Group: Productivity/Networking/DNS/Servers Provides: dns_daemon PreReq: /usr/sbin/useradd %fillup_prereq %insserv_prereq /bin/mkdir AutoReqProv: on Url: http://www.thekelleys.org.uk/dnsmasq/ Source: %{name}-%{version}.tar.bz2 Source1: vendor-files.tar.bz2 Patch1: group_and_isc.diff Patch2: chuser.diff Patch3: manpage.diff BuildRoot: %{_tmppath}/%{name}-%{version}-build %description Dnsmasq is a lightweight, easy-to-configure DNS forwarder and DHCP server. It is designed to provide DNS and, optionally, DHCP, to a small network. It can serve the names of local machines that are not in the global DNS. The DHCP server integrates with the DNS server and allows machines with DHCP-allocated addresses to appear in DNS with names configured either in each host or in a central configuration file. Dnsmasq supports static and dynamic DHCP leases and BOOTP for network booting of diskless machines. Authors: -------- simon@thekelleys.org.uk %prep %setup -n dnsmasq-%{version} %setup -T -D -a1 -n dnsmasq-%{version} %patch1 -p0 %patch2 -p0 %patch3 -p0 %build mv po/no.po po/nb.po export CFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing" %{__make} %{?jobs:-j%jobs} %pre if ! /usr/bin/getent passwd dnsmasq >/dev/null; then /usr/sbin/useradd -r -d /var/lib/empty -s /bin/false -c "dnsmasq" -g nogroup dnsmasq || : fi %post %{fillup_and_insserv dnsmasq} %preun %stop_on_removal dnsmasq %postun %restart_on_update dnsmasq %{insserv_cleanup} %clean rm -rf %{buildroot} %install make install-i18n DESTDIR=$RPM_BUILD_ROOT PREFIX=/usr install -d -m 755 ${RPM_BUILD_ROOT}/%{_sysconfdir}/init.d install -d -m 755 ${RPM_BUILD_ROOT}/%{_sysconfdir}/slp.reg.d install -d -m 755 ${RPM_BUILD_ROOT}/%{_sysconfdir}/sysconfig/SuSEfirewall2.d/services install -m 755 rc.dnsmasq-suse $RPM_BUILD_ROOT/%{_sysconfdir}/init.d/dnsmasq ln -sf ../../etc/init.d/dnsmasq $RPM_BUILD_ROOT/usr/sbin/rcdnsmasq install -m 644 dnsmasq.conf.example $RPM_BUILD_ROOT/%{_sysconfdir}/dnsmasq.conf install -m 644 dnsmasq.reg $RPM_BUILD_ROOT/%{_sysconfdir}/slp.reg.d/ install -m 644 SuSEFirewall.dnsmasq-dns ${RPM_BUILD_ROOT}/%{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/dnsmasq-dns install -m 644 SuSEFirewall.dnsmasq-dhcp ${RPM_BUILD_ROOT}/%{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/dnsmasq-dhcp %find_lang %{name} %files -f %{name}.lang %defattr(-,root,root) %doc CHANGELOG COPYING FAQ doc.html setup.html dnsmasq.conf.example contrib README.SUSE %config(noreplace) /%{_sysconfdir}/dnsmasq.conf %{_sysconfdir}/init.d/dnsmasq %{_sbindir}/rcdnsmasq %{_sbindir}/dnsmasq %config %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/dnsmasq-dns %config %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/dnsmasq-dhcp %dir %{_sysconfdir}/slp.reg.d/ %config %attr(0644,root,root) /%{_sysconfdir}/slp.reg.d/dnsmasq.reg %{_mandir}/man8/dnsmasq.8.gz %{_mandir}/fr/man8/dnsmasq.8.gz %{_mandir}/es/man8/dnsmasq.8.gz %changelog * Tue Nov 11 2008 kukuk@suse.de - Add /usr/sbin/useradd to PreReq * Fri Sep 12 2008 mrueckert@suse.de - fix manpage.diff to actually apply - mark files below /etc as config - do not install README.SUSE in %%install as %%doc will clean the directory anyway. * Fri Sep 12 2008 ug@suse.de - user dnsmasq moved to group nogroup (bnc#401648) - added README.SUSE - added warning to init script when /etc/ppp is in use since it's not readable anymore * Tue Aug 19 2008 ug@suse.de - init script fixed * Mon Aug 11 2008 ug@suse.de - Fix crash when unknown client attempts to renew a DHCP lease, problem introduced in version 2.43. Thanks to Carlos Carvalho for help chasing this down. - Fix potential crash when a host which doesn't have a lease does DHCPINFORM. Again introduced in 2.43. This bug has never been reported in the wild. - Fix crash in netlink code introduced in 2.43. Thanks to Jean Wolter for finding this. - Change implementation of min_port to work even if min-port as large. - 2.4.45 * Mon Jul 14 2008 ug@suse.de - This release fixes the DNS spoofing vulnerabilities announced in CERT VU#800113. It adds source port randomization for communication with upstream nameservers and replaces the C library PRNG with stronger code. It makes failure to drop root privileges a hard error (previous versions would log the error and continue, running as root.) Other changes include an update to avoid triggering Linux kernel messages about an out-of-date capabilities ABI, support for NAPTR records, and RFC 5107 server-id-override. - 2.43 * Thu Jun 19 2008 ug@suse.de - running as user dnsmasq now (bnc#401643) * Thu Jun 05 2008 ug@suse.de * Add --dhcp-alternate-port option. Thanks to Jan Psota for the suggestion. * Updated Polish translations - thank to Jan Psota. * Provide --dhcp-bridge on all BSD variants. * Define _LARGEFILE_SOURCE which removes an arbitrary 2GB limit on logfiles. Thanks to Paul Chambers for spotting the problem. * Fix RFC3046 agent-id echo code, broken for many releases. Thanks to Jeremy Laine for spotting the problem and providing a patch. * Add --dhcp-scriptuser option. * Support new capability interface on suitable Linux kernels, removes "legacy support in use" messages. Thanks to Jorge Bastos for pointing this out. * Fix subtle bug in cache code which could cause dnsmasq to lock spinning CPU in rare circumstances. Thanks to Alex Chekholko for bug reports and help debugging. * Support netascii transfer mode for TFTP. - 2.42 * Wed Feb 13 2008 ug@suse.de - Allow the DNS function to be completely disabled, by setting the port to zero "--port=0" - Fix a bug where NXDOMAIN could be returned for a query even if the name's value was known for a different query type. - Fixed possible crash bug in DBus IPv6 code - Add --dhcp-no-override option - Add --tftp-port-range option - Add --stop-dns-rebind option - Added --all-servers option - Add --dhcp-optsfile option - Fixed broken --alias functionality - Add --dhcp-match flag - Added --dhcp-broadcast, to force broadcast replies - multiple bugs fixed - 2.41 * Fri Jan 04 2008 crrodriguez@suse.de - bzip tarball - use find_lang macro. * Thu Dec 06 2007 ug@suse.de - version 2.40 - Fix handling of fully-qualified names in --dhcp-host - Fixed error in manpage - Fixed misaligned memory access which caused problems on Blackfin CPUs - lots of new options (see changelog for details) * Wed May 02 2007 ug@suse.de - version 2.39 - names like "localhost." in /etc/hosts with trailing period are treated as fully-qualified. - Tolerate and ignore spaces around commas in the configuration file in all circumstances - /a is no longer a valid escape in quoted strings. - Added symbolic DHCP option names - Overhauled the log code - --log-facility can now take a file-name - Added --log-dhcp flag - Added 127.0.0.0/8 and 169.254.0.0/16 to the address ranges affected by --bogus-priv - Fixed failure of TFTP server with --listen-address - Added --dhcp-circuitid and --dhcp-remoteid for RFC3046 - Added --dhcp-subscrid for RFC3993 subscriber-id relay - Corrected garbage-collection - Allow absolute paths for TFTP transfers even when --tftp-root is set, as long as the path matches the root - Updated translations - Added --interface-name option * Thu Mar 15 2007 ug@suse.de - SuSEFirewall service files fixed and enhanced * Tue Mar 06 2007 ug@suse.de - SuSEFirewall service file added * Tue Feb 13 2007 ug@suse.de - version 2.38 Don't send length zero DHCP option 43 and cope with encapsulated options whose total length exceeds 255 octets by splitting them into multiple option 43 pieces. Avoid queries being retried forever when --strict-order is set and an upstream server returns a SERVFAIL error. Thanks to Johannes Stezenbach for spotting this. Fix BOOTP support, broken in version 2.37. Add example dhcp-options for Etherboot. Add \e (for ASCII ESCape) to the set of valid escapes in config-file strings. Added --dhcp-option-force flag and examples in the configuration file which use this to control PXELinux. Added --tftp-no-blocksize option. Set netid tag "bootp" when BOOTP (rather than DHCP) is in use. This makes it easy to customise which options are sent to BOOTP clients. (BOOTP allows only 64 octets for options, so it can be necessary to trim things.) Fix rare hang in cache code, a 2.37 regression. This probably needs an infinite DHCP lease and some bad luck to trigger. Thanks to Detlef Reichelt for bug reports and testing. * Mon Feb 05 2007 ug@suse.de Add better support for RFC-2855 DHCP-over-firewire and RFC -4390 DHCP-over-InfiniBand. A good suggestion from Karl Svec. Some efficiency tweaks to the cache code for very large /etc/hosts files. Should improve reverse (address->name) lookups and garbage collection. Thanks to Jan 'RedBully' Seiffert for input on this. Fix regression in 2.36 which made bogus-nxdomain and DNS caching unreliable. Thanks to Dennis DeDonatis and Jan Seiffert for bug reports. Make DHCP encapsulated vendor-class options sane. Be warned that some conceivable existing configurations using these may break, but they work in a much simpler and more logical way now. Prepending "vendor:" to an option encapsulates it in option 43, and the option is sent only if the client-supplied vendor-class substring-matches with the given client-id. Thanks to Dennis DeDonatis for help with this. Apply patch from Jan Seiffert to tidy up tftp.c Add support for overloading the filename and servername fields in DHCP packet. This gives extra option-space when these fields are not being used or with a modern client which supports moving them into options. Added a LIMITS section to the man-page, with guidance on maximum numbers of clients, file sizes and tuning. - version 2.37 * Mon Jan 22 2007 ug@suse.de - version 2.36 * Mon Oct 30 2006 ug@suse.de - version 2.35 - better performance on parsing huge /etc/hosts files * Tue Oct 17 2006 ug@suse.de - version 2.34 - Tweak network-determination code - Improve handling of high DNS loads - Fixed intermittent infinite loop when re-reading /etc/ethers after SIGHUP - Provide extra information to the lease-change script - Run the lease change script as root - Add contrib/port-forward/* which is a script to set up port-forwards using the DHCP lease-change script - Fix unaligned access problem - Fixed problem with DHCPRELEASE - Updated French translation - Upgraded the name hash function in the DNS cache - Added --clear-on-reload flag - Treat a nameserver address of 0.0.0.0 as "nothing" - Added Webmin module in contrib/webmin * Fri Aug 11 2006 ug@suse.de - init-script more LSB conform patch by Matthias Andree * Mon Aug 07 2006 ug@suse.de - version 2.33 - Provide extra information to lease-change script - Fix breakage with some DHCP relay implementations - compilation warning fixes - minor DNS and DHCP fixes and enhancements * Mon Jun 12 2006 ug@suse.de - version 2.32 * Wed May 17 2006 ug@suse.de - version 2.31 * Wed Jan 25 2006 mls@suse.de - converted neededforbuild to BuildRequires * Mon Jan 23 2006 ug@suse.de - Fixed crash when attempting to send a DHCP NAK to a host which believes it has a lease on an unknown network. That bug was invented in 2.25 - version 2.26 * Mon Jan 16 2006 ug@suse.de - moved dnsmasq.no to dnsmasq.np see bug #42748 * Mon Jan 16 2006 ug@suse.de - version update to 2.25 * Mon Nov 28 2005 ug@suse.de - version update to 2.24 * Mon Oct 17 2005 ug@suse.de - "-fno-strict-aliasing" now * Wed Oct 12 2005 ug@suse.de - version update to 2.23 * Wed Aug 24 2005 ug@suse.de - Fix DNS query forwarding for empty queries and forward queries even when the recursion-desired bit is clear. This allows "dig +trace" to work Bug #106717 * Fri Aug 05 2005 cthiel@suse.de - update to version 2.22 * Wed Apr 13 2005 mls@suse.de - fix slp registration * Mon Jan 24 2005 ug@suse.de - version update from 2.19 to 2.20 - Allow more than one instance of dnsmasq to run on a machine, each providing DHCP service on a different interface - Protect against overlong names and overlong labels in configuration and from DHCP. - Fix interesting corner case in CNAME handling. This occurs when a CNAME has a target which "shadowed" by a name in /etc/hosts or from DHCP - Added support for SRV records - Fixed sign confusion in the vendor-id matching code - Added the ability to match the netid tag in a dhcp-range - Added preference values for MX records - Added the --localise-queries option. * Fri Jan 21 2005 ug@suse.de - version update to 2.19 - minor fixes in IPV6 and DHCP Code * Fri Nov 26 2004 ug@suse.de - version update to 2.18 - lots of DHCP fixes - some IPV6 fixes * Fri Nov 19 2004 ug@suse.de - SLP support via /etc/slp.reg.d/dnsmasq.reg file added * Fri Aug 20 2004 ug@suse.de - version update from 2.11 to 2.13 - Added extra checks to ensure that DHCP created DNS entries cannot generate multiple DNS address->name entries. - Don't set the the filterwin2k option in the example config file and add warnings that is breaks Kerberos. - Log types of incoming queries as well as source and domain. - Log NODATA replies generated as a result of the filterwin2k option. * Mon Aug 09 2004 ug@suse.de - version update from 2.8 to 2.11 * Tue Jun 01 2004 ug@suse.de - chgrp to "dialout" and not to "dip" - backward compatibility turned off * Mon May 24 2004 ug@suse.de - added to distribution