Search results for "dnsmasq" - Fedora Mailing-Lists

[dnsmasq/f19] dnsmasq unit file cleanup

by Tomas Hozza

commit c925f9e48acabceb5418f2ce4d60b3a487edbbee Author: Tomas Hozza <thozza(a)redhat.com> Date: Tue Apr 30 17:24:27 2013 +0200 dnsmasq unit file cleanup - drop forking Type and PIDfile and rather start dnsmasq with "-k" option - drop After syslog.target as this is by default Signed-off-by: Tomas Hozza <thozza(a)redhat.com> dnsmasq.service | 6 ++---- dnsmasq.spec | 7 ++++++- 2 files changed, 8 insertions(+), 5 deletions(-) --- diff --git a/dnsmasq.service b/dnsmasq.service index 8ecb7c8..07fa92e 100644 --- a/dnsmasq.service +++ b/dnsmasq.service @@ -1,11 +1,9 @@ [Unit] Description=DNS caching server. -After=syslog.target network.target +After=network.target [Service] -Type=forking -PIDFile=/var/run/dnsmasq.pid -ExecStart=/usr/sbin/dnsmasq +ExecStart=/usr/sbin/dnsmasq -k [Install] WantedBy=multi-user.target diff --git a/dnsmasq.spec b/dnsmasq.spec index a49a3e2..f5f41cc 100644 --- a/dnsmasq.spec +++ b/dnsmasq.spec @@ -11,7 +11,7 @@ Name: dnsmasq Version: 2.66 -Release: 4%{?extraversion}%{?dist} +Release: 5%{?extraversion}%{?dist} Summary: A lightweight DHCP/caching DNS server Group: System Environment/Daemons @@ -164,6 +164,11 @@ rm -rf $RPM_BUILD_ROOT %{_mandir}/man1/dhcp_* %changelog +* Tue Apr 30 2013 Tomas Hozza <thozza(a)redhat.com> - 2.66-5 +- dnsmasq unit file cleanup + - drop forking Type and PIDfile and rather start dnsmasq with "-k" option + - drop After syslog.target as this is by default + * Thu Apr 25 2013 Tomas Hozza <thozza(a)redhat.com> - 2.66-4 - include several fixes from upstream repo: - Send TCP DNS messages in one packet

11 years, 1 month

[dnsmasq/f17] dhcp6 support fixes (#867054)

by Tomas Hozza

commit 9a270ea0e2be7cbd027e7ffc7599cb8f8e87fcc2 Author: Tomas Hozza <thozza(a)redhat.com> Date: Mon Nov 19 10:39:37 2012 +0100 dhcp6 support fixes (#867054) dnsmasq-2.63-dhcp6-access-control.patch | 91 +++++++++++++++++++++++++++++++ dnsmasq-2.63-ip6-reuseaddr.patch | 36 ++++++++++++ dnsmasq.spec | 12 ++++- 3 files changed, 138 insertions(+), 1 deletions(-) --- diff --git a/dnsmasq-2.63-dhcp6-access-control.patch b/dnsmasq-2.63-dhcp6-access-control.patch new file mode 100644 index 0000000..87e900d --- /dev/null +++ b/dnsmasq-2.63-dhcp6-access-control.patch @@ -0,0 +1,91 @@ +diff --git a/src/dhcp6.c b/src/dhcp6.c +index 718a262..5525ca5 100644 +--- a/src/dhcp6.c ++++ b/src/dhcp6.c +@@ -21,7 +21,7 @@ + struct iface_param { + struct dhcp_context *current; + struct in6_addr fallback; +- int ind; ++ int ind, addr_match; + }; + + static int complete_context6(struct in6_addr *local, int prefix, +@@ -87,7 +87,6 @@ void dhcp6_packet(time_t now) + char control6[CMSG_SPACE(sizeof(struct in6_pktinfo))]; + } control_u; + struct sockaddr_in6 from; +- struct all_addr dest; + ssize_t sz; + struct ifreq ifr; + struct iname *tmp; +@@ -114,15 +113,15 @@ void dhcp6_packet(time_t now) + p.c = CMSG_DATA(cmptr); + + if_index = p.p->ipi6_ifindex; +- dest.addr.addr6 = p.p->ipi6_addr; + } + + if (!indextoname(daemon->dhcp6fd, if_index, ifr.ifr_name)) + return; + +- if (!iface_check(AF_INET6, (struct all_addr *)&dest, ifr.ifr_name)) +- return; +- ++ for (tmp = daemon->if_except; tmp; tmp = tmp->next) ++ if (tmp->name && (strcmp(tmp->name, ifr.ifr_name) == 0)) ++ return; ++ + for (tmp = daemon->dhcp_except; tmp; tmp = tmp->next) + if (tmp->name && (strcmp(tmp->name, ifr.ifr_name) == 0)) + return; +@@ -136,11 +135,23 @@ void dhcp6_packet(time_t now) + + parm.current = NULL; + parm.ind = if_index; ++ parm.addr_match = 0; + memset(&parm.fallback, 0, IN6ADDRSZ); + + if (!iface_enumerate(AF_INET6, &parm, complete_context6)) + return; + ++ if (daemon->if_names || daemon->if_addrs) ++ { ++ ++ for (tmp = daemon->if_names; tmp; tmp = tmp->next) ++ if (tmp->name && (strcmp(tmp->name, ifr.ifr_name) == 0)) ++ break; ++ ++ if (!tmp && !parm.addr_match) ++ return; ++ } ++ + lease_prune(NULL, now); /* lose any expired leases */ + + port = dhcp6_reply(parm.current, if_index, ifr.ifr_name, &parm.fallback, +@@ -167,15 +178,23 @@ static int complete_context6(struct in6_addr *local, int prefix, + { + struct dhcp_context *context; + struct iface_param *param = vparam; +- ++ struct iname *tmp; ++ + (void)scope; /* warning */ + (void)dad; +- ++ + if (if_index == param->ind && + !IN6_IS_ADDR_LOOPBACK(local) && + !IN6_IS_ADDR_LINKLOCAL(local) && + !IN6_IS_ADDR_MULTICAST(local)) + { ++ /* if we have --listen-address config, see if the ++ arrival interface has a matching address. */ ++ for (tmp = daemon->if_addrs; tmp; tmp = tmp->next) ++ if (tmp->addr.sa.sa_family == AF_INET6 && ++ IN6_ARE_ADDR_EQUAL(&tmp->addr.in6.sin6_addr, local)) ++ param->addr_match = 1; ++ + /* Determine a globally address on the arrival interface, even + if we have no matching dhcp-context, because we're only + allocating on remote subnets via relays. This diff --git a/dnsmasq-2.63-ip6-reuseaddr.patch b/dnsmasq-2.63-ip6-reuseaddr.patch new file mode 100644 index 0000000..af2f043 --- /dev/null +++ b/dnsmasq-2.63-ip6-reuseaddr.patch @@ -0,0 +1,36 @@ +diff -urp dnsmasq-2.63-orig/src/dhcp6.c dnsmasq-2.63/src/dhcp6.c +--- dnsmasq-2.63-orig/src/dhcp6.c 2012-08-16 09:04:05.000000000 -0400 ++++ dnsmasq-2.63/src/dhcp6.c 2012-11-03 07:55:39.293006824 -0400 +@@ -36,15 +36,31 @@ void dhcp6_init(void) + #if defined(IPV6_TCLASS) && defined(IPTOS_CLASS_CS6) + int class = IPTOS_CLASS_CS6; + #endif +- ++ int oneopt = 1; ++ + if ((fd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_UDP)) == -1 || + #if defined(IPV6_TCLASS) && defined(IPTOS_CLASS_CS6) + setsockopt(fd, IPPROTO_IPV6, IPV6_TCLASS, &class, sizeof(class)) == -1 || + #endif ++ setsockopt(fd, IPPROTO_IPV6, IPV6_V6ONLY, &oneopt, sizeof(oneopt)) == -1 || + !fix_fd(fd) || + !set_ipv6pktinfo(fd)) + die (_("cannot create DHCPv6 socket: %s"), NULL, EC_BADNET); + ++ /* When bind-interfaces is set, there might be more than one dnmsasq ++ instance binding port 547. That's OK if they serve different networks. ++ Need to set REUSEADDR to make this posible, or REUSEPORT on *BSD. */ ++ if (option_bool(OPT_NOWILD) || option_bool(OPT_CLEVERBIND)) ++ { ++#ifdef SO_REUSEPORT ++ int rc = setsockopt(fd, SOL_SOCKET, SO_REUSEPORT, &oneopt, sizeof(oneopt)); ++#else ++ int rc = setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &oneopt, sizeof(oneopt)); ++#endif ++ if (rc == -1) ++ die(_("failed to set SO_REUSE{ADDR|PORT} on DHCPv6 socket: %s"), NULL, EC_BADNET); ++ } ++ + memset(&saddr, 0, sizeof(saddr)); + #ifdef HAVE_SOCKADDR_SA_LEN + saddr.sin6_len = sizeof(struct sockaddr_in6); diff --git a/dnsmasq.spec b/dnsmasq.spec index 07d3e60..7360e78 100644 --- a/dnsmasq.spec +++ b/dnsmasq.spec @@ -11,7 +11,7 @@ Name: dnsmasq Version: 2.63 -Release: 1%{?extraversion}%{?dist} +Release: 2%{?extraversion}%{?dist} Summary: A lightweight DHCP/caching DNS server Group: System Environment/Daemons @@ -19,6 +19,10 @@ License: GPLv2 URL: http://www.thekelleys.org.uk/dnsmasq/ Source0: http://www.thekelleys.org.uk/dnsmasq/%{?extrapath}%{name}-%{version}%{?ex... Source1: %{name}.service + +Patch0: dnsmasq-2.63-ip6-reuseaddr.patch +Patch1: dnsmasq-2.63-dhcp6-access-control.patch + BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: dbus-devel @@ -52,6 +56,9 @@ query/remove a DHCP server's leases. %prep %setup -q -n %{name}-%{version}%{?extraversion} +%patch0 -p1 -b .ip6_reuseaddr +%patch1 -p1 -b .dhcp6_access_ctrl + # use /var/lib/dnsmasq instead of /var/lib/misc for file in dnsmasq.conf.example man/dnsmasq.8 man/es/dnsmasq.8 src/config.h; do sed -i 's|/var/lib/misc/dnsmasq.leases|/var/lib/dnsmasq/dnsmasq.leases|g' "$file" @@ -139,6 +146,9 @@ fi %{_mandir}/man1/dhcp_* %changelog +* Mon Nov 19 2012 Tomas Hozza <thozza(a)redhat.com> - 2.63-2 +- dhcp6 support fixes (#867054) + * Sat Aug 23 2012 Douglas Schilling Landgraf <dougsland(a)redhat.com> - 2.63-1 - Use .tar.gz compression, in upstream site there is no .lzma anymore - New version 2.63

11 years, 7 months

[selinux-policy: 1384/3172] add dnsmasq, bug 1524

by Daniel J Walsh

commit 9e725d8a1a992a2c65dd9982ab73cf46c2aeb02b Author: Chris PeBenito <cpebenito(a)tresys.com> Date: Tue Apr 25 14:45:14 2006 +0000 add dnsmasq, bug 1524 refpolicy/Changelog | 1 + refpolicy/policy/modules/services/dnsmasq.fc | 4 + refpolicy/policy/modules/services/dnsmasq.if | 1 + refpolicy/policy/modules/services/dnsmasq.te | 103 ++++++++++++++++++++++++++ 4 files changed, 109 insertions(+), 0 deletions(-) --- diff --git a/refpolicy/Changelog b/refpolicy/Changelog index e7a3afb..db784da 100644 --- a/refpolicy/Changelog +++ b/refpolicy/Changelog @@ -44,6 +44,7 @@ courier dante dpkg (Erich Schubert) + dnsmasq ethereal evolution games diff --git a/refpolicy/policy/modules/services/dnsmasq.fc b/refpolicy/policy/modules/services/dnsmasq.fc new file mode 100644 index 0000000..aa52c2c --- /dev/null +++ b/refpolicy/policy/modules/services/dnsmasq.fc @@ -0,0 +1,4 @@ +/usr/sbin/dnsmasq -- gen_context(system_u:object_r:dnsmasq_exec_t,s0) + +/var/lib/misc/dnsmasq\.leases -- gen_context(system_u:object_r:dnsmasq_lease_t,s0) +/var/run/dnsmasq\.pid -- gen_context(system_u:object_r:dnsmasq_var_run_t,s0) diff --git a/refpolicy/policy/modules/services/dnsmasq.if b/refpolicy/policy/modules/services/dnsmasq.if new file mode 100644 index 0000000..e5b0998 --- /dev/null +++ b/refpolicy/policy/modules/services/dnsmasq.if @@ -0,0 +1 @@ +## <summary>dnsmasq DNS forwarder and DHCP server</summary> diff --git a/refpolicy/policy/modules/services/dnsmasq.te b/refpolicy/policy/modules/services/dnsmasq.te new file mode 100644 index 0000000..afeb841 --- /dev/null +++ b/refpolicy/policy/modules/services/dnsmasq.te @@ -0,0 +1,103 @@ + +policy_module(dnsmasq,1.0.0) + +######################################## +# +# Declarations +# + +type dnsmasq_t; +type dnsmasq_exec_t; +init_daemon_domain(dnsmasq_t,dnsmasq_exec_t) + +type dnsmasq_lease_t; +files_type(dnsmasq_lease_t) + +type dnsmasq_var_run_t; +files_pid_file(dnsmasq_var_run_t) + +######################################## +# +# Local policy +# + +allow dnsmasq_t self:capability { setgid setuid net_bind_service net_raw }; +dontaudit dnsmasq_t self:capability sys_tty_config; +allow dnsmasq_t self:process signal_perms; +allow dnsmasq_t self:tcp_socket create_stream_socket_perms; +allow dnsmasq_t self:udp_socket create_socket_perms; +allow dnsmasq_t self:packet_socket create_socket_perms; +allow dnsmasq_t self:rawip_socket create_socket_perms; + +# dhcp leases +allow dnsmasq_t dnsmasq_lease_t:file manage_file_perms; +files_var_lib_filetrans(dnsmasq_t,dnsmasq_lease_t,file) + +allow dnsmasq_t dnsmasq_var_run_t:file create_file_perms; +allow dnsmasq_t dnsmasq_var_run_t:dir rw_dir_perms; +files_pid_filetrans(dnsmasq_t,dnsmasq_var_run_t,file) + +kernel_read_kernel_sysctls(dnsmasq_t) +kernel_list_proc(dnsmasq_t) +kernel_read_proc_symlinks(dnsmasq_t) + +corenet_tcp_sendrecv_generic_if(dnsmasq_t) +corenet_udp_sendrecv_generic_if(dnsmasq_t) +corenet_raw_sendrecv_generic_if(dnsmasq_t) +corenet_tcp_sendrecv_all_nodes(dnsmasq_t) +corenet_udp_sendrecv_all_nodes(dnsmasq_t) +corenet_raw_sendrecv_all_nodes(dnsmasq_t) +corenet_tcp_sendrecv_all_ports(dnsmasq_t) +corenet_udp_sendrecv_all_ports(dnsmasq_t) +corenet_non_ipsec_sendrecv(dnsmasq_t) +corenet_tcp_bind_all_nodes(dnsmasq_t) +corenet_udp_bind_all_nodes(dnsmasq_t) +corenet_tcp_bind_dns_port(dnsmasq_t) +corenet_udp_bind_dns_port(dnsmasq_t) +corenet_udp_bind_dhcpd_port(dnsmasq_t) + +dev_read_sysfs(dnsmasq_t) +dev_read_urand(dnsmasq_t) + +domain_use_interactive_fds(dnsmasq_t) + +# allow access to dnsmasq.conf +files_read_etc_files(dnsmasq_t) + +fs_getattr_all_fs(dnsmasq_t) +fs_search_auto_mountpoints(dnsmasq_t) + +term_dontaudit_use_console(dnsmasq_t) + +init_use_fds(dnsmasq_t) +init_use_script_ptys(dnsmasq_t) + +libs_use_ld_so(dnsmasq_t) +libs_use_shared_libs(dnsmasq_t) + +logging_send_syslog_msg(dnsmasq_t) + +miscfiles_read_localization(dnsmasq_t) + +sysnet_read_config(dnsmasq_t) + +userdom_dontaudit_use_unpriv_user_fds(dnsmasq_t) +userdom_dontaudit_search_sysadm_home_dirs(dnsmasq_t) + +ifdef(`targeted_policy',` + term_dontaudit_use_unallocated_ttys(dnsmasq_t) + term_dontaudit_use_generic_ptys(dnsmasq_t) + files_dontaudit_read_root_files(dnsmasq_t) +') + +optional_policy(` + nis_use_ypbind(dnsmasq_t) +') + +optional_policy(` + seutil_sigchld_newrole(dnsmasq_t) +') + +optional_policy(` + udev_read_db(dnsmasq_t) +')

13 years, 8 months

[libvirt/f17] Fix conflict with NM launched dnsmasq (bz #886663)

by Cole Robinson

commit d4e5211296a00a0cff32e1a1daaa025002add736 Author: Cole Robinson <crobinso(a)redhat.com> Date: Sun Dec 16 14:45:50 2012 -0500 Fix conflict with NM launched dnsmasq (bz #886663) ...event-dnsmasq-from-listening-on-localhost.patch | 182 ++++++++++++++++++++ libvirt.spec | 8 +- 2 files changed, 189 insertions(+), 1 deletions(-) --- diff --git a/0001-network-prevent-dnsmasq-from-listening-on-localhost.patch b/0001-network-prevent-dnsmasq-from-listening-on-localhost.patch new file mode 100644 index 0000000..ffc9d63 --- /dev/null +++ b/0001-network-prevent-dnsmasq-from-listening-on-localhost.patch @@ -0,0 +1,182 @@ +From 9eb2b573253626c8c9329140d4ce2043863e417b Mon Sep 17 00:00:00 2001 +Message-Id: <9eb2b573253626c8c9329140d4ce2043863e417b.1355686333.git.crobinso(a)redhat.com> +From: Laine Stump <laine(a)laine.org> +Date: Thu, 13 Dec 2012 01:46:40 -0500 +Subject: [PATCH] network: prevent dnsmasq from listening on localhost + +This patch resolves the problem reported in: + + https://bugzilla.redhat.com/show_bug.cgi?id=886663 + +The source of the problem was the fix for CVE 2011-3411: + + https://bugzilla.redhat.com/show_bug.cgi?id=833033 + +which was originally committed upstream in commit +753ff83a50263d6975f88d6605d4b5ddfcc97560. That commit improperly +removed the "--except-interface lo" from dnsmasq commandlines when +--bind-dynamic was used (based on comments in the latter bug). + +It turns out that the problem reported in the CVE could be eliminated +without removing "--except-interface lo", and removing it actually +caused each instance of dnsmasq to listen on localhost on port 53, +which created a new problem: + +If another instance of dnsmasq using "bind-interfaces" (instead of +"bind-dynamic") had already been started (or if another instance +started later used "bind-dynamic"), this wouldn't have any immediately +visible ill effects, but if you tried to start another dnsmasq +instance using "bind-interfaces" *after* starting any libvirt +networks, the new dnsmasq would fail to start, because there was +already another process listening on port 53. + +This patch changes the network driver to *always* add +"except-interface=lo" to dnsmasq conf files, regardless of whether we use +bind-dynamic or bind-interfaces. This way no libvirt dnsmasq instances +are listening on localhost (and the CVE is still fixed). + +The actual code change is miniscule, but must be propogated through all +of the test files as well. + +(This is *not* a cherry-pick of the upstream commit that fixes the bug +(commit d66eb7866757dd371560c288dc6201fb9348792a), because subsequent +to the CVE fix, another patch changed the network driver to put +dnsmasq options in a conf file rather than directly on the dnsmasq +commandline preserving the same options), so a cherry-pick is just one +very large conflict.) + +diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c +index 8010797..6053770 100644 +--- a/src/network/bridge_driver.c ++++ b/src/network/bridge_driver.c +@@ -510,6 +510,9 @@ networkBuildDnsmasqArgv(virNetworkObjPtr network, + /* *no* conf file */ + virCommandAddArg(cmd, "--conf-file="); + ++ /* dnsmasq will *always* listen on localhost unless told otherwise */ ++ virCommandAddArgList(cmd, "--except-interface", "lo", NULL); ++ + if (dnsmasqCapsGet(caps, DNSMASQ_CAPS_BIND_DYNAMIC)) { + /* using --bind-dynamic with only --interface (no + * --listen-address) prevents dnsmasq from responding to dns +@@ -523,10 +526,7 @@ networkBuildDnsmasqArgv(virNetworkObjPtr network, + "--interface", network->def->bridge, + NULL); + } else { +- virCommandAddArgList(cmd, +- "--bind-interfaces", +- "--except-interface", "lo", +- NULL); ++ virCommandAddArg(cmd, "--bind-interfaces"); + /* + * --interface does not actually work with dnsmasq < 2.47, + * due to DAD for ipv6 addresses on the interface. +diff --git a/tests/networkxml2argvdata/isolated-network.argv b/tests/networkxml2argvdata/isolated-network.argv +index d629192..d91c730 100644 +--- a/tests/networkxml2argvdata/isolated-network.argv ++++ b/tests/networkxml2argvdata/isolated-network.argv +@@ -1,6 +1,6 @@ + @DNSMASQ@ --strict-order \ + --local=// --domain-needed --conf-file= \ +---bind-interfaces --except-interface lo \ ++--except-interface lo --bind-interfaces \ + --listen-address 192.168.152.1 \ + --dhcp-option=3 --no-resolv \ + --dhcp-range 192.168.152.2,192.168.152.254 \ +diff --git a/tests/networkxml2argvdata/nat-network-dns-hosts.argv b/tests/networkxml2argvdata/nat-network-dns-hosts.argv +index e5143ac..431e987 100644 +--- a/tests/networkxml2argvdata/nat-network-dns-hosts.argv ++++ b/tests/networkxml2argvdata/nat-network-dns-hosts.argv +@@ -1,5 +1,5 @@ + @DNSMASQ@ --strict-order --domain=example.com \ + --local=/example.com/ --domain-needed \ + --conf-file= \ +---bind-dynamic --interface virbr0 \ ++--except-interface lo --bind-dynamic --interface virbr0 \ + --expand-hosts --addn-hosts=/var/lib/libvirt/dnsmasq/default.addnhosts\ +diff --git a/tests/networkxml2argvdata/nat-network-dns-srv-record-minimal.argv b/tests/networkxml2argvdata/nat-network-dns-srv-record-minimal.argv +index c38b954..9c26f32 100644 +--- a/tests/networkxml2argvdata/nat-network-dns-srv-record-minimal.argv ++++ b/tests/networkxml2argvdata/nat-network-dns-srv-record-minimal.argv +@@ -1,7 +1,7 @@ + @DNSMASQ@ \ + --strict-order \ + --local=// --domain-needed --conf-file= \ +---bind-interfaces --except-interface lo \ ++--except-interface lo --bind-interfaces \ + --listen-address 192.168.122.1 \ + --listen-address 192.168.123.1 \ + --listen-address fc00:db8:ac10:fe01::1 \ +diff --git a/tests/networkxml2argvdata/nat-network-dns-srv-record.argv b/tests/networkxml2argvdata/nat-network-dns-srv-record.argv +index 311b0d7..ff9c223 100644 +--- a/tests/networkxml2argvdata/nat-network-dns-srv-record.argv ++++ b/tests/networkxml2argvdata/nat-network-dns-srv-record.argv +@@ -1,7 +1,7 @@ + @DNSMASQ@ \ + --strict-order \ + --local=// --domain-needed --conf-file= \ +---bind-dynamic --interface virbr0 \ ++--except-interface lo --bind-dynamic --interface virbr0 \ + --srv-host=name.tcp.test-domain-name,.,1024,10,10 \ + --dhcp-range 192.168.122.2,192.168.122.254 \ + --dhcp-leasefile=/var/lib/libvirt/dnsmasq/default.leases \ +diff --git a/tests/networkxml2argvdata/nat-network-dns-txt-record.argv b/tests/networkxml2argvdata/nat-network-dns-txt-record.argv +index cbdf50d..2b133ff 100644 +--- a/tests/networkxml2argvdata/nat-network-dns-txt-record.argv ++++ b/tests/networkxml2argvdata/nat-network-dns-txt-record.argv +@@ -1,6 +1,6 @@ + @DNSMASQ@ --strict-order \ + --local=// --domain-needed --conf-file= \ +---bind-dynamic --interface virbr0 \ ++--except-interface lo --bind-dynamic --interface virbr0 \ + --txt-record=example,example value \ + --dhcp-range 192.168.122.2,192.168.122.254 \ + --dhcp-leasefile=/var/lib/libvirt/dnsmasq/default.leases \ +diff --git a/tests/networkxml2argvdata/nat-network.argv b/tests/networkxml2argvdata/nat-network.argv +index 967ca94..1a771d0 100644 +--- a/tests/networkxml2argvdata/nat-network.argv ++++ b/tests/networkxml2argvdata/nat-network.argv +@@ -1,6 +1,6 @@ + @DNSMASQ@ --strict-order \ + --local=// --domain-needed --conf-file= \ +---bind-dynamic --interface virbr0 \ ++--except-interface lo --bind-dynamic --interface virbr0 \ + --dhcp-range 192.168.122.2,192.168.122.254 \ + --dhcp-leasefile=/var/lib/libvirt/dnsmasq/default.leases \ + --dhcp-lease-max=253 --dhcp-no-override \ +diff --git a/tests/networkxml2argvdata/netboot-network.argv b/tests/networkxml2argvdata/netboot-network.argv +index bcd6fad..9f8d114 100644 +--- a/tests/networkxml2argvdata/netboot-network.argv ++++ b/tests/networkxml2argvdata/netboot-network.argv +@@ -1,6 +1,6 @@ + @DNSMASQ@ --strict-order --domain=example.com \ + --local=/example.com/ --domain-needed --conf-file= \ +---bind-interfaces --except-interface lo --listen-address 192.168.122.1 \ ++--except-interface lo --bind-interfaces --listen-address 192.168.122.1 \ + --dhcp-range 192.168.122.2,192.168.122.254 \ + --dhcp-leasefile=/var/lib/libvirt/dnsmasq/netboot.leases \ + --dhcp-lease-max=253 --dhcp-no-override --expand-hosts --enable-tftp \ +diff --git a/tests/networkxml2argvdata/netboot-proxy-network.argv b/tests/networkxml2argvdata/netboot-proxy-network.argv +index 8c5ef9b..90a31e2 100644 +--- a/tests/networkxml2argvdata/netboot-proxy-network.argv ++++ b/tests/networkxml2argvdata/netboot-proxy-network.argv +@@ -1,6 +1,6 @@ + @DNSMASQ@ --strict-order --domain=example.com \ + --local=/example.com/ --domain-needed --conf-file= \ +---bind-interfaces --except-interface lo \ ++--except-interface lo --bind-interfaces \ + --listen-address 192.168.122.1 \ + --dhcp-range 192.168.122.2,192.168.122.254 \ + --dhcp-leasefile=/var/lib/libvirt/dnsmasq/netboot.leases \ +diff --git a/tests/networkxml2argvdata/routed-network.argv b/tests/networkxml2argvdata/routed-network.argv +index eacdf2d..862013e 100644 +--- a/tests/networkxml2argvdata/routed-network.argv ++++ b/tests/networkxml2argvdata/routed-network.argv +@@ -1,3 +1,3 @@ + @DNSMASQ@ --strict-order \ + --local=// --domain-needed --conf-file= \ +---bind-dynamic --interface virbr1\ ++--except-interface lo --bind-dynamic --interface virbr1\ +-- +1.8.0.2 + diff --git a/libvirt.spec b/libvirt.spec index 644c407..4d529fa 100644 --- a/libvirt.spec +++ b/libvirt.spec @@ -274,7 +274,7 @@ Summary: Library providing a simple virtualization API Name: libvirt Version: 0.9.11.8 -Release: 1%{?dist}%{?extra_release} +Release: 2%{?dist}%{?extra_release} License: LGPLv2+ Group: Development/Libraries @@ -297,6 +297,8 @@ Patch4: libvirt-sanlock-readonly-option.patch # Fix LXC domain startup with selinux=disabled (bz 858104) # keep: non upstream fix that doesn't apply to git head Patch5: libvirt-lxc-selinux-context-error.patch +# Fix conflict with NM launched dnsmasq (bz 886663) +Patch6: 0001-network-prevent-dnsmasq-from-listening-on-localhost.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root @@ -769,6 +771,7 @@ of recent versions of Linux (and other OSes). %patch3 -p1 %patch4 -p1 %patch5 -p1 +%patch6 -p1 %build %if ! %{with_xen} @@ -1500,6 +1503,9 @@ rm -f $RPM_BUILD_ROOT%{_sysconfdir}/sysctl.d/libvirtd %endif %changelog +* Sun Dec 16 2012 Cole Robinson <crobinso(a)redhat.com> - 0.9.11.8-2 +- Fix conflict with NM launched dnsmasq (bz #886663) + * Sun Dec 09 2012 Cole Robinson <crobinso(a)redhat.com> - 0.9.11.8-1 - Rebased to version 0.9.11.8 - CVE-2012-3411: avoid open DNS proxy with dnsmasq (bz #874702, bz #882309)

11 years, 6 months

pemensik pushed to dnsmasq (master). "Update to 2.77rc2"

by notifications＠fedoraproject.org

From 389f40bfd59b1cb9bcb2efd448822ef7da900ccb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik(a)redhat.com> Date: Thu, 11 May 2017 18:05:24 +0200 Subject: Update to 2.77rc2 --- .gitignore | 1 + dnsmasq-2.76-dns-sleep-resume.patch | 104 ----------------------------- dnsmasq-2.76-libidn2.patch | 128 ------------------------------------ dnsmasq.spec | 30 +++------ sources | 2 +- 5 files changed, 12 insertions(+), 253 deletions(-) delete mode 100644 dnsmasq-2.76-dns-sleep-resume.patch delete mode 100644 dnsmasq-2.76-libidn2.patch diff --git a/.gitignore b/.gitignore index 2cde38c..bbb4928 100644 --- a/.gitignore +++ b/.gitignore @@ -23,3 +23,4 @@ dnsmasq-2.52.tar.lzma /dnsmasq-2.72.tar.xz /dnsmasq-2.75.tar.xz /dnsmasq-2.76.tar.xz +/dnsmasq-2.77rc2.tar.xz diff --git a/dnsmasq-2.76-dns-sleep-resume.patch b/dnsmasq-2.76-dns-sleep-resume.patch deleted file mode 100644 index ef4e920..0000000 --- a/dnsmasq-2.76-dns-sleep-resume.patch +++ /dev/null @@ -1,104 +0,0 @@ -diff --git a/src/dnsmasq.h b/src/dnsmasq.h -index 1896a64..aa5ec84 100644 ---- a/src/dnsmasq.h -+++ b/src/dnsmasq.h -@@ -487,6 +487,7 @@ struct serverfd { - int fd; - union mysockaddr source_addr; - char interface[IF_NAMESIZE+1]; -+ unsigned int ifindex, used; - struct serverfd *next; - }; - -diff --git a/src/network.c b/src/network.c -index e7722fd..d87d08f 100644 ---- a/src/network.c -+++ b/src/network.c -@@ -1204,6 +1204,7 @@ int local_bind(int fd, union mysockaddr *addr, char *intname, int is_tcp) - static struct serverfd *allocate_sfd(union mysockaddr *addr, char *intname) - { - struct serverfd *sfd; -+ unsigned int ifindex = 0; - int errsave; - - /* when using random ports, servers which would otherwise use -@@ -1224,11 +1225,15 @@ static struct serverfd *allocate_sfd(union mysockaddr *addr, char *intname) - return NULL; - #endif - } -+ -+ if (intname && strlen(intname) != 0) -+ ifindex = if_nametoindex(intname); /* index == 0 when not binding to an interface */ - - /* may have a suitable one already */ - for (sfd = daemon->sfds; sfd; sfd = sfd->next ) - if (sockaddr_isequal(&sfd->source_addr, addr) && -- strcmp(intname, sfd->interface) == 0) -+ strcmp(intname, sfd->interface) == 0 && -+ ifindex == sfd->ifindex) - return sfd; - - /* need to make a new one. */ -@@ -1250,11 +1255,13 @@ static struct serverfd *allocate_sfd(union mysockaddr *addr, char *intname) - errno = errsave; - return NULL; - } -- -+ - strcpy(sfd->interface, intname); - sfd->source_addr = *addr; - sfd->next = daemon->sfds; -+ sfd->ifindex = ifindex; - daemon->sfds = sfd; -+ - return sfd; - } - -@@ -1429,12 +1436,16 @@ void check_servers(void) - { - struct irec *iface; - struct server *serv; -+ struct serverfd *sfd, *tmp, **up; - int port = 0, count; - - /* interface may be new since startup */ - if (!option_bool(OPT_NOWILD)) - enumerate_interfaces(0); - -+ for (sfd = daemon->sfds; sfd; sfd = sfd->next) -+ sfd->used = 0; -+ - #ifdef HAVE_DNSSEC - /* Disable DNSSEC validation when using server=/domain/.... servers - unless there's a configured trust anchor. */ -@@ -1505,6 +1516,9 @@ void check_servers(void) - serv->flags |= SERV_MARK; - continue; - } -+ -+ if (serv->sfd) -+ serv->sfd->used = 1; - } - - if (!(serv->flags & SERV_NO_REBIND) && !(serv->flags & SERV_LITERAL_ADDRESS)) -@@ -1547,6 +1561,20 @@ void check_servers(void) - if (count - 1 > SERVERS_LOGGED) - my_syslog(LOG_INFO, _("using %d more nameservers"), count - SERVERS_LOGGED - 1); - -+ /* Remove unused sfds */ -+ for (sfd = daemon->sfds, up = &daemon->sfds; sfd; sfd = tmp) -+ { -+ tmp = sfd->next; -+ if (!sfd->used) -+ { -+ *up = sfd->next; -+ close(sfd->fd); -+ free(sfd); -+ } -+ else -+ up = &sfd->next; -+ } -+ - cleanup_servers(); - } - diff --git a/dnsmasq-2.76-libidn2.patch b/dnsmasq-2.76-libidn2.patch deleted file mode 100644 index 185ea46..0000000 --- a/dnsmasq-2.76-libidn2.patch +++ /dev/null @@ -1,128 +0,0 @@ -From 53ba1f8632b1fb09b5bf78e5bc355eebed2bc8b4 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik(a)redhat.com> -Date: Tue, 9 May 2017 18:56:16 +0200 -Subject: [PATCH] Support for libidn2 - ---- - Makefile | 6 ++++-- - src/config.h | 10 +++++++++- - src/util.c | 19 ++++++++++++++----- - 3 files changed, 27 insertions(+), 8 deletions(-) - -diff --git a/Makefile b/Makefile -index dd0513b..eacf5d4 100644 ---- a/Makefile -+++ b/Makefile -@@ -55,6 +55,8 @@ dbus_cflags = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_DBUS $(PKG_CONFIG) - dbus_libs = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_DBUS $(PKG_CONFIG) --libs dbus-1` - idn_cflags = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_IDN $(PKG_CONFIG) --cflags libidn` - idn_libs = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_IDN $(PKG_CONFIG) --libs libidn` -+idn2_cflags = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_LIBIDN2 $(PKG_CONFIG) --cflags libidn2` -+idn2_libs = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_LIBIDN2 $(PKG_CONFIG) --libs libidn2` - ct_cflags = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_CONNTRACK $(PKG_CONFIG) --cflags libnetfilter_conntrack` - ct_libs = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_CONNTRACK $(PKG_CONFIG) --libs libnetfilter_conntrack` - lua_cflags = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_LUASCRIPT $(PKG_CONFIG) --cflags lua5.1` -@@ -82,8 +84,8 @@ hdrs = dnsmasq.h config.h dhcp-protocol.h dhcp6-protocol.h \ - all : $(BUILDDIR) - @cd $(BUILDDIR) && $(MAKE) \ - top="$(top)" \ -- build_cflags="$(version) $(dbus_cflags) $(idn_cflags) $(ct_cflags) $(lua_cflags) $(nettle_cflags)" \ -- build_libs="$(dbus_libs) $(idn_libs) $(ct_libs) $(lua_libs) $(sunos_libs) $(nettle_libs) $(gmp_libs)" \ -+ build_cflags="$(version) $(dbus_cflags) $(idn2_cflags) $(idn_cflags) $(ct_cflags) $(lua_cflags) $(nettle_cflags)" \ -+ build_libs="$(dbus_libs) $(idn2_libs) $(idn_libs) $(ct_libs) $(lua_libs) $(sunos_libs) $(nettle_libs) $(gmp_libs)" \ - -f $(top)/Makefile dnsmasq - - mostly_clean : -diff --git a/src/config.h b/src/config.h -index 80a50e1..c9e24e5 100644 ---- a/src/config.h -+++ b/src/config.h -@@ -92,11 +92,14 @@ HAVE_DBUS - servers via DBus. - - HAVE_IDN -- define this if you want international domain name support. -+ define this if you want international domain name 2003 support. - NOTE: for backwards compatibility, IDN support is automatically - included when internationalisation support is built, using the - *-i18n makefile targets, even if HAVE_IDN is not explicitly set. - -+HAVE_LIBIDN2 -+ define this if you want international domain name 2008 support. -+ - HAVE_CONNTRACK - define this to include code which propogates conntrack marks from - incoming DNS queries to the corresponding upstream queries. This adds -@@ -173,6 +176,7 @@ RESOLVFILE - /* #define HAVE_LUASCRIPT */ - /* #define HAVE_DBUS */ - /* #define HAVE_IDN */ -+/* #define HAVE_LIBIDN2 */ - /* #define HAVE_CONNTRACK */ - /* #define HAVE_DNSSEC */ - -@@ -396,6 +400,10 @@ static char *compile_opts = - "no-" - #endif - "IDN " -+#if !defined(HAVE_LIBIDN2) -+"no-" -+#endif -+"IDN2 " - #ifndef HAVE_DHCP - "no-" - #endif -diff --git a/src/util.c b/src/util.c -index 93b24f5..0d3285f 100644 ---- a/src/util.c -+++ b/src/util.c -@@ -24,7 +24,9 @@ - #include <sys/times.h> - #endif - --#if defined(LOCALEDIR) || defined(HAVE_IDN) -+#ifdef HAVE_LIBIDN2 -+#include <idn2.h> -+#elif defined(LOCALEDIR) || defined(HAVE_IDN) - #include <idna.h> - #endif - -@@ -134,7 +136,7 @@ static int check_name(char *in) - else if (isascii((unsigned char)c) && iscntrl((unsigned char)c)) - /* iscntrl only gives expected results for ascii */ - return 0; --#if !defined(LOCALEDIR) && !defined(HAVE_IDN) -+#if !defined(LOCALEDIR) && !defined(HAVE_IDN) && !defined(HAVE_LIBIDN2) - else if (!isascii((unsigned char)c)) - return 0; - #endif -@@ -184,7 +186,7 @@ int legal_hostname(char *name) - char *canonicalise(char *in, int *nomem) - { - char *ret = NULL; --#if defined(LOCALEDIR) || defined(HAVE_IDN) -+#if defined(LOCALEDIR) || defined(HAVE_IDN) || defined(HAVE_LIBIDN2) - int rc; - #endif - -@@ -194,8 +196,15 @@ char *canonicalise(char *in, int *nomem) - if (!check_name(in)) - return NULL; - --#if defined(LOCALEDIR) || defined(HAVE_IDN) -- if ((rc = idna_to_ascii_lz(in, &ret, 0)) != IDNA_SUCCESS) -+#if defined(LOCALEDIR) || defined(HAVE_IDN) || defined(HAVE_LIBIDN2) -+#ifdef HAVE_LIBIDN2 -+ rc = idn2_to_ascii_lz(in, &ret, IDN2_NONTRANSITIONAL); -+ if (rc == IDN2_DISALLOWED) -+ rc = idn2_to_ascii_lz(in, &ret, IDN2_TRANSITIONAL); -+#else -+ rc = idna_to_ascii_lz(in, &ret, 0); -+#endif -+ if (rc != IDNA_SUCCESS) - { - if (ret) - free(ret); --- -2.9.3 - diff --git a/dnsmasq.spec b/dnsmasq.spec index 86520f5..dcd03fb 100644 --- a/dnsmasq.spec +++ b/dnsmasq.spec @@ -1,19 +1,19 @@ %define testrelease 0 -%define releasecandidate 0 +%define releasecandidate 2 %if 0%{testrelease} %define extrapath test-releases/ - %define extraversion test16 + %define extraversion test%{testrelease} %endif %if 0%{releasecandidate} %define extrapath release-candidates/ - %define extraversion rc1 + %define extraversion rc%{releasecandidate} %endif %define _hardened_build 1 Name: dnsmasq -Version: 2.76 -Release: 4%{?dist} +Version: 2.77 +Release: 1%{?extraversion:.%{extraversion}}%{?dist} Summary: A lightweight DHCP/caching DNS server Group: System Environment/Daemons @@ -22,11 +22,6 @@ URL: http://www.thekelleys.org.uk/dnsmasq/ Source0: http://www.thekelleys.org.uk/dnsmasq/%{?extrapath}%{name}-%{version}%{?ex... Source1: %{name}.service -# dns not updated after sleep and resume laptop -# https://bugzilla.redhat.com/show_bug.cgi?id=1367772 -Patch0: dnsmasq-2.76-dns-sleep-resume.patch -Patch1: dnsmasq-2.76-libidn2.patch - BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: dbus-devel @@ -60,8 +55,6 @@ query/remove a DHCP server's leases. %prep %setup -q -n %{name}-%{version}%{?extraversion} -%patch0 -p1 -%patch1 -p1 # use /var/lib/dnsmasq instead of /var/lib/misc for file in dnsmasq.conf.example man/dnsmasq.8 man/es/dnsmasq.8 src/config.h; do @@ -71,14 +64,8 @@ done # fix the path to the trust anchor sed -i 's|%%%%PREFIX%%%%|%{_prefix}|' dnsmasq.conf.example -#enable dbus -sed -i 's|/\* #define HAVE_DBUS \*/|#define HAVE_DBUS|g' src/config.h - -#enable IDN support -sed -i 's|/\* #define HAVE_LIBIDN2 \*/|#define HAVE_LIBIDN2|g' src/config.h - -#enable DNSSEC support -sed -i 's|/\* #define HAVE_DNSSEC \*/|#define HAVE_DNSSEC|g' src/config.h +# optional parts +sed -i 's|^COPTS[[:space:]]*=|\0 -DHAVE_DBUS -DHAVE_LIBIDN2 -DHAVE_DNSSEC|' Makefile #enable /etc/dnsmasq.d fix bz 526703, ignore RPM backup files cat << EOF >> dnsmasq.conf.example @@ -153,6 +140,9 @@ rm -rf $RPM_BUILD_ROOT %{_mandir}/man1/dhcp_* %changelog +* Thu May 11 2017 Petr Menšík <pemensik(a)redhat.com> - 2.77-1 +- Update to 2.77rc2 + * Thu May 11 2017 Petr Menšík <pemensik(a)redhat.com> - Include dhcp_release6 tool and license in utils - Support for IDN 2008 (#1449150) diff --git a/sources b/sources index 8f74da5..6d4d2fa 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -00f5ee66b4e4b7f14538bf62ae3c9461 dnsmasq-2.76.tar.xz +SHA512 (dnsmasq-2.77rc2.tar.xz) = d9e5c723dd1de33d6d71194855c1987e9f0541f84663f1dc70bfafe2c6010df4acfc1db4969de70b1f0debbb5471bd97ad943e2f9a9ef507725939badab93a91 -- cgit v1.1 https://src.fedoraproject.org/cgit/dnsmasq.git/commit/?h=master&id=389f40...

7 years, 1 month

Package: dnsmasq-2.66-6.fc19 Tag: None Status: complete Built by: sharkcz

by Fedora Koji Build System

Package: dnsmasq-2.66-6.fc19 Tag: None Status: complete Built by: sharkcz ID: 180559 Started: Sat, 18 May 2013 13:14:34 EDT Finished: Sat, 18 May 2013 13:18:18 EDT Changelog: * Fri May 17 2013 Tomas Hozza <thozza(a)redhat.com> - 2.66-6 - include several fixies from upstream repo: - Tighten hostname checks in legal hostname() function - Replace inet_addr() with inet_pton() in src/option.c - Use dnsmasq as default DNS server for RA only if it's doing DNS - Handle IPv4 interface address labels (aliases) in Linux (#962246) - Fix failure to start with ENOTSOCK (#962874) * Tue Apr 30 2013 Tomas Hozza <thozza(a)redhat.com> - 2.66-5 - dnsmasq unit file cleanup - drop forking Type and PIDfile and rather start dnsmasq with "-k" option - drop After syslog.target as this is by default * Thu Apr 25 2013 Tomas Hozza <thozza(a)redhat.com> - 2.66-4 - include several fixes from upstream repo: - Send TCP DNS messages in one packet - Fix crash on SERVFAIL when using --conntrack option - Fix regression in dhcp_lease_time utility - Man page typos fixes - Note that dhcp_lease_time and dhcp_release work only for IPv4 - Fix for --dhcp-match option to work also with BOOTP protocol SRPMS: dnsmasq-2.66-6.fc19.src.rpm Closed tasks: ------------- Task 1054344 on devel3.s390.bos.redhat.com Task Type: buildArch (dnsmasq-2.66-6.fc19.src.rpm, s390x) logs: http://s390.koji.fedoraproject.org/koji/getfile?taskID=1054344&name=build... http://s390.koji.fedoraproject.org/koji/getfile?taskID=1054344&name=mock_... http://s390.koji.fedoraproject.org/koji/getfile?taskID=1054344&name=root.log http://s390.koji.fedoraproject.org/koji/getfile?taskID=1054344&name=state... rpms: http://s390pkgs.fedoraproject.org/packages/dnsmasq/2.66/6.fc19/s390x/dnsm... http://s390pkgs.fedoraproject.org/packages/dnsmasq/2.66/6.fc19/s390x/dnsm... http://s390pkgs.fedoraproject.org/packages/dnsmasq/2.66/6.fc19/s390x/dnsm... Task 1054236 on fedora3.s390.bos.redhat.com Task Type: build (None, dnsmasq-2.66-6.fc19.src.rpm) Task 1054343 on fedora2.s390.bos.redhat.com Task Type: buildArch (dnsmasq-2.66-6.fc19.src.rpm, s390) logs: http://s390.koji.fedoraproject.org/koji/getfile?taskID=1054343&name=build... http://s390.koji.fedoraproject.org/koji/getfile?taskID=1054343&name=mock_... http://s390.koji.fedoraproject.org/koji/getfile?taskID=1054343&name=root.log http://s390.koji.fedoraproject.org/koji/getfile?taskID=1054343&name=state... rpms: http://s390pkgs.fedoraproject.org/packages/dnsmasq/2.66/6.fc19/s390/dnsma... http://s390pkgs.fedoraproject.org/packages/dnsmasq/2.66/6.fc19/s390/dnsma... http://s390pkgs.fedoraproject.org/packages/dnsmasq/2.66/6.fc19/s390/dnsma... Task Info: http://s390.koji.fedoraproject.org/koji/taskinfo?taskID=1054236 Build Info: http://s390.koji.fedoraproject.org/koji/buildinfo?buildID=180559

11 years, 1 month

Package: dnsmasq-2.66-7.fc19 Tag: None Status: complete Built by: sharkcz

by Fedora Koji Build System

Package: dnsmasq-2.66-7.fc19 Tag: None Status: complete Built by: sharkcz ID: 185724 Started: Thu, 13 Jun 2013 10:39:38 EDT Finished: Thu, 13 Jun 2013 10:47:54 EDT Changelog: * Tue Jun 11 2013 Tomas Hozza <thozza(a)redhat.com> - 2.66-7 - use _hardened_build macro instead of hardcoded flags - include several fixies from upstream repo: - Allow constructed ranges from interface address at end of range - Dont BINDTODEVICE DHCP socket if more interfaces may come - Fix option parsing for dhcp host - Log forwarding table overflows - Remove limit in prefix length in auth zone * Fri May 17 2013 Tomas Hozza <thozza(a)redhat.com> - 2.66-6 - include several fixies from upstream repo: - Tighten hostname checks in legal hostname() function - Replace inet_addr() with inet_pton() in src/option.c - Use dnsmasq as default DNS server for RA only if it's doing DNS - Handle IPv4 interface address labels (aliases) in Linux (#962246) - Fix failure to start with ENOTSOCK (#962874) * Tue Apr 30 2013 Tomas Hozza <thozza(a)redhat.com> - 2.66-5 - dnsmasq unit file cleanup - drop forking Type and PIDfile and rather start dnsmasq with "-k" option - drop After syslog.target as this is by default SRPMS: dnsmasq-2.66-7.fc19.src.rpm Closed tasks: ------------- Task 1080145 on devel3.s390.bos.redhat.com Task Type: buildArch (dnsmasq-2.66-7.fc19.src.rpm, s390) logs: http://s390.koji.fedoraproject.org/koji/getfile?taskID=1080145&name=build... http://s390.koji.fedoraproject.org/koji/getfile?taskID=1080145&name=mock_... http://s390.koji.fedoraproject.org/koji/getfile?taskID=1080145&name=root.log http://s390.koji.fedoraproject.org/koji/getfile?taskID=1080145&name=state... rpms: http://s390pkgs.fedoraproject.org/packages/dnsmasq/2.66/7.fc19/s390/dnsma... http://s390pkgs.fedoraproject.org/packages/dnsmasq/2.66/7.fc19/s390/dnsma... http://s390pkgs.fedoraproject.org/packages/dnsmasq/2.66/7.fc19/s390/dnsma... Task 1080146 on devel3.s390.bos.redhat.com Task Type: buildArch (dnsmasq-2.66-7.fc19.src.rpm, s390x) logs: http://s390.koji.fedoraproject.org/koji/getfile?taskID=1080146&name=build... http://s390.koji.fedoraproject.org/koji/getfile?taskID=1080146&name=mock_... http://s390.koji.fedoraproject.org/koji/getfile?taskID=1080146&name=root.log http://s390.koji.fedoraproject.org/koji/getfile?taskID=1080146&name=state... rpms: http://s390pkgs.fedoraproject.org/packages/dnsmasq/2.66/7.fc19/s390x/dnsm... http://s390pkgs.fedoraproject.org/packages/dnsmasq/2.66/7.fc19/s390x/dnsm... http://s390pkgs.fedoraproject.org/packages/dnsmasq/2.66/7.fc19/s390x/dnsm... Task 1080143 on fedora3.s390.bos.redhat.com Task Type: build (None, dnsmasq-2.66-7.fc19.src.rpm) Task Info: http://s390.koji.fedoraproject.org/koji/taskinfo?taskID=1080143 Build Info: http://s390.koji.fedoraproject.org/koji/buildinfo?buildID=185724

11 years

psklenar pushed to dnsmasq (main). "Adding tests to fedora"

by notifications＠fedoraproject.org

Notification time stamped 2022-01-19 09:33:37 UTC From a48d6743da2033af697342832595823e869f312b Mon Sep 17 00:00:00 2001 From: Petr Sklenar <psklenar(a)redhat.com> Date: Jan 19 2022 09:33:23 +0000 Subject: Adding tests to fedora --- diff --git a/Sanity/NetworkManager/main.fmf b/Sanity/NetworkManager/main.fmf new file mode 100644 index 0000000..f96698a --- /dev/null +++ b/Sanity/NetworkManager/main.fmf @@ -0,0 +1,27 @@ +summary: Runs tests from Network Manager related to dnsmasq +description: '' +contact: Petr Mensik <pemensik(a)redhat.com> +component: + - dnsmasq +test: ./runtest.sh +framework: beakerlib +recommend: + - dnsmasq + - git-core + - iw + - ethtool + - wireshark-cli + - NetworkManager + - NetworkManager-openvpn + - NetworkManager-ppp + - NetworkManager-pptp + - NetworkManager-tui + - NetworkManager-team + - NetworkManager-wifi + - NetworkManager-vpnc + - NetworkManager-strongswan + - NetworkManager-ppp +duration: 15m +extra-summary: /CoreOS/dnsmasq/Sanity/NetworkManager +extra-task: /CoreOS/dnsmasq/Sanity/NetworkManager +tier: '1' diff --git a/Sanity/NetworkManager/runtest.sh b/Sanity/NetworkManager/runtest.sh new file mode 100755 index 0000000..f4a5a2f --- /dev/null +++ b/Sanity/NetworkManager/runtest.sh @@ -0,0 +1,61 @@ +#!/bin/bash +# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dnsmasq/Sanity/NetworkManager +# Description: Runs tests from Network Manager related to dnsmasq +# Author: Petr Mensik <pemensik(a)redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2019 Red Hat, Inc. +# +# This program is free software: you can redistribute it and/or +# modify it under the terms of the GNU General Public License as +# published by the Free Software Foundation, either version 2 of +# the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see http://www.gnu.org/licenses/. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include Beaker environment +. /usr/share/beakerlib/beakerlib.sh || exit 1 + +PACKAGE="dnsmasq" + +rlJournalStart + rlPhaseStartSetup + rlAssertRpm $PACKAGE + rlAssertRpm NetworkManager + rlRun "TmpDir=\$(mktemp -d)" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlRun "git clone https://github.com/NetworkManager/NetworkManager-ci" + rlRun "pushd NetworkManager-ci" + rlRun "git log -1" 0 "Show latest commit" + rlPhaseEnd + + rlPhaseStartTest + if [ "$DEBUG" = y ]; then + rlLog "Running with full details on output" + rlRun "run/osci/run-tests dnsmasq" 0 "Running Network Managers test for dnsmasq" + else + rlRun "run/osci/run-tests dnsmasq >& $TmpDir/test.log" 0 "Running Network Managers test for dnsmasq" + fi + rlPhaseEnd + + rlPhaseStartCleanup + rlRun "popd" + rlBundleLogs Artifacts /tmp/artifacts/* + rlFileSubmit test.log + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +rlJournalPrintText +rlJournalEnd diff --git a/Sanity/dnsmasq-2namespace-dig-check-open-ports/main.fmf b/Sanity/dnsmasq-2namespace-dig-check-open-ports/main.fmf new file mode 100644 index 0000000..f79c2b9 --- /dev/null +++ b/Sanity/dnsmasq-2namespace-dig-check-open-ports/main.fmf @@ -0,0 +1,27 @@ +summary: dnsmasq in running in 2 namespaces +description: | + dnsmasq in running in 2 namespaces +contact: Petr Sklenar <psklenar(a)redhat.com> +component: + - dnsmasq +test: ./runtest.sh +framework: beakerlib +recommend: + - dnsmasq + - bind-utils + - bind + - bind-utils + - tcpdump +duration: 25m +enabled: true +tag: + - NoRHEL4 + - NoRHEL5 + - Tier2 +tier: '1' +adjust: + - enabled: false + when: distro == rhel-4, rhel-5 + continue: false +extra-summary: /CoreOS/dnsmasq/Regression/dnsmasq-2namespace-dig-check-open-ports +extra-task: /CoreOS/dnsmasq/Regression/dnsmasq-2namespace-dig-check-open-ports diff --git a/Sanity/dnsmasq-2namespace-dig-check-open-ports/runtest.sh b/Sanity/dnsmasq-2namespace-dig-check-open-ports/runtest.sh new file mode 100755 index 0000000..ea733d1 --- /dev/null +++ b/Sanity/dnsmasq-2namespace-dig-check-open-ports/runtest.sh @@ -0,0 +1,128 @@ +#!/bin/bash +# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dnsmasq/Regression/dnsmasq-2namespace-dig-check-open-ports +# Description: dnsmasq-2namespace-dig-check-open-ports +# Author: Petr Sklenar <psklenar(a)redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2020 Red Hat, Inc. +# +# This program is free software: you can redistribute it and/or +# modify it under the terms of the GNU General Public License as +# published by the Free Software Foundation, either version 2 of +# the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see http://www.gnu.org/licenses/. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include Beaker environment +. /usr/share/beakerlib/beakerlib.sh || exit 1 + +PACKAGE="dnsmasq" + +rlJournalStart + rlPhaseStartSetup + rlAssertRpm $PACKAGE +#to debug when running on one machine again and again +ps aux | grep -ie dnsmasq | awk '{print "kill -9 " $2}' +ps aux | grep -ie tcpdump | awk '{print "kill -9 " $2}' +ps aux | grep -ie dig | awk '{print "kill -9 " $2}' + rlPhaseEnd + + rlPhaseStartSetup "namespace" +# TODO: use rlImport kernel/network or move it to separate library +# Similar code is already prepared for both IPv4 and IPv6 +IPV6_PREFIX=fc7a:5313:5f5a # /48 +ip link add veth0 type veth peer name veth1 + +ip netns add vnet0 +ip link set veth0 netns vnet0 +ip -n vnet0 addr add 10.0.1.0/24 dev veth0 +ip -n vnet0 addr add $IPV6_PREFIX:1::/64 dev veth0 +ip -n vnet0 link set veth0 up +ip -n vnet0 link set lo up + +ip netns add vnet1 +ip link set veth1 netns vnet1 +ip -n vnet1 addr add 10.0.2.0/24 dev veth1 +ip -n vnet1 addr add $IPV6_PREFIX:2::/64 dev veth1 +ip -n vnet1 link set veth1 up +ip -n vnet1 link set lo up + +ip -n vnet0 route add 10.0.2.0/24 dev veth0 +ip -n vnet0 route add $IPV6_PREFIX:2::/64 dev veth0 +ip -n vnet1 route add 10.0.1.0/24 dev veth1 +ip -n vnet1 route add $IPV6_PREFIX:1::/64 dev veth1 + + rlRun "ip netns exec vnet0 ping -c10 10.0.2.0 -c2" + rlRun "ip netns exec vnet1 ping -c10 10.0.1.0 -c2" + rlRun "ip netns exec vnet0 ping6 -c10 $IPV6_PREFIX:2:: -c2" + rlRun "ip netns exec vnet1 ping6 -c10 $IPV6_PREFIX:1:: -c2" + rlPhaseEnd + + rlPhaseStartTest "run dnsmasq" + echo -n > dnsmasq-auth.log + echo -n > dnsmasq-rec.log + rlRun "ip netns exec vnet1 dnsmasq --no-daemon --except-interface=lo --listen-address=10.0.2.0 --bind-interfaces --address=/localhost/127.0.0.1 --no-resolv --log-facility=./dnsmasq-auth.log --pid-file=./dnsmasq-auth.pid &" + DNSMASQ_AUTH=$! + rlRun "ip netns exec vnet0 dnsmasq --no-daemon --except-interface=lo --listen-address=10.0.1.0 --server=10.0.2.0@veth0 --bind-interfaces --no-resolv --log-queries --log-facility=./dnsmasq-rec.log --pid-file=./dnsmasq-rec.pid &" + DNSMASQ_REC=$! + sleep 5 + rlRun "ps u $DNSMASQ_AUTH" 0 "Check authoritative server is running" + rlRun "ps u $DNSMASQ_REC" 0 "Check recursive server is running" + rlRun "ip netns exec vnet0 dig @10.0.2.0 localhost" + rlPhaseEnd + + rlPhaseStartTest "tcpdump in vnet0" + rlRun "ip netns exec vnet0 tcpdump -w dns.pcap -i veth0 port domain &" + sleep 10 + TCPDUMP_FWD=$! + rlRun "pgrep tcpdump" + + rlPhaseEnd + + rlPhaseStartTest "dig from vnet1 to 10.0.1.0 which is vnet0" + for H in test{1..20}.localhost; do + ip netns exec vnet0 dig +timeout=2 +short @10.0.1.0 $H + done + sleep 60 # its really needed, aarch64 needs that + rlPhaseEnd + + rlPhaseStartTest "count src ports" + rlRun "kill $TCPDUMP_FWD" 0 "kill tcpdump" + rlRun "wait $TCPDUMP_FWD" 0 "wait until tcpdump stops" + rlRun "tcpdump -r dns.pcap -nn &>dns.tcpdump" + sleep 5 + UNIQUE_PORTS=$(gawk -F' ' '{ print $3 }' dns.tcpdump | gawk -F'.' '{ print $5 }' | grep -v 53 | sort|uniq|wc -l) + UNIQUE_IDS=$(awk '{print $6}' dns.tcpdump | grep '[0-9]\++' | sort -u | wc -l) + rlLog "WE HAVE ${UNIQUE_PORTS} PORT" + + if [ $UNIQUE_PORTS -gt 17 ]; then + rlPass "many PORTs" + else + rlFail "only $UNIQUE_PORTS ports used" + fi + rlAssertGreater "Check IDs are unique too" "$UNIQUE_IDS" 17 + [ "$DEBUG" = y ] && PS1="test-debug $PS1" bash -i + rlPhaseEnd + + + rlPhaseStartCleanup "kill all" + killall dnsmasq tcpdump + ps aux | grep -ie dnsmasq | awk '{print "kill -9 " $2}' + ps aux | grep -ie dig | awk '{print "kill -9 " $2}' + rlBundleLogs dnsmasq*.log dns.pcap dns.tcpdump + rlLog "test end" + rlPhaseEnd +rlJournalPrintText +rlJournalEnd diff --git a/main.fmf b/main.fmf new file mode 100644 index 0000000..41e2fab --- /dev/null +++ b/main.fmf @@ -0,0 +1,2 @@ +# QE owner +contact: Petr Sklenar <psklenar(a)redhat.com> https://src.fedoraproject.org/tests/dnsmasq/c/a48d6743da2033af69734283259...

2 years, 5 months

pemensik pushed to dnsmasq (master). "Randomize ports"

by notifications＠fedoraproject.org

Notification time stamped 2018-10-25 13:32:54 UTC From 8a0901a90e38fb504c3127b7ec382dbf546fda50 Mon Sep 17 00:00:00 2001 From: Petr Menšík <pemensik(a)redhat.com> Date: Oct 24 2018 16:54:52 +0000 Subject: Randomize ports --- diff --git a/dnsmasq-2.79-randomize-ports.patch b/dnsmasq-2.79-randomize-ports.patch new file mode 100644 index 0000000..e37931b --- /dev/null +++ b/dnsmasq-2.79-randomize-ports.patch @@ -0,0 +1,87 @@ +From 6899c5c5b9a32aa2ce0513b5e69356844988c64e Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik(a)redhat.com> +Date: Thu, 9 Aug 2018 18:17:26 +0200 +Subject: [PATCH] Use OS random ports by default + +Unless max-port or min-port is given, let OS allocate random ports for +DNS queries. Randomize similar to --query-port=0, but for each query +separately. Would use port according to system policy. +--- + src/dnsmasq.c | 2 +- + src/network.c | 15 ++++++++++++--- + src/option.c | 4 +++- + 3 files changed, 16 insertions(+), 5 deletions(-) + +diff --git a/src/dnsmasq.c b/src/dnsmasq.c +index 9f6c020..4cd478e 100644 +--- a/src/dnsmasq.c ++++ b/src/dnsmasq.c +@@ -226,7 +226,7 @@ int main (int argc, char **argv) + die(_("loop detection not available: set HAVE_LOOP in src/config.h"), NULL, EC_BADCONF); + #endif + +- if (daemon->max_port < daemon->min_port) ++ if (daemon->max_port >= 0 && daemon->max_port < daemon->min_port) + die(_("max_port cannot be smaller than min_port"), NULL, EC_BADCONF); + + now = dnsmasq_time(); +diff --git a/src/network.c b/src/network.c +index 0381513..9747d26 100644 +--- a/src/network.c ++++ b/src/network.c +@@ -1138,18 +1138,27 @@ int random_sock(int family) + if ((fd = socket(family, SOCK_DGRAM, 0)) != -1) + { + union mysockaddr addr; +- unsigned int ports_avail = ((unsigned short)daemon->max_port - (unsigned short)daemon->min_port) + 1; +- int tries = ports_avail < 30 ? 3 * ports_avail : 100; ++ unsigned short ports_avail = 0; ++ int tries = 100; ++ unsigned short port = 0; + + memset(&addr, 0, sizeof(addr)); + addr.sa.sa_family = family; + ++ if (daemon->max_port >= 0) ++ { ++ ports_avail = ((unsigned short)daemon->max_port - (unsigned short)daemon->min_port) + 1; ++ if (ports_avail < 30) ++ tries = 3 * ports_avail; ++ } ++ + /* don't loop forever if all ports in use. */ + + if (fix_fd(fd)) + while(tries--) + { +- unsigned short port = htons(daemon->min_port + (rand16() % ((unsigned short)ports_avail))); ++ if (ports_avail) ++ port = htons(daemon->min_port + (rand16() % ports_avail)); + + if (family == AF_INET) + { +diff --git a/src/option.c b/src/option.c +index d358d99..b7eaff0 100644 +--- a/src/option.c ++++ b/src/option.c +@@ -2602,6 +2602,8 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma + case LOPT_MINPORT: /* --min-port */ + if (!atoi_check16(arg, &daemon->min_port)) + ret_err(gen_err); ++ if (daemon->max_port < 0) ++ daemon->max_port = MAX_PORT; + break; + + case LOPT_MAXPORT: /* --max-port */ +@@ -4678,7 +4680,7 @@ void read_opts(int argc, char **argv, char *compile_opts) + daemon->soa_refresh = SOA_REFRESH; + daemon->soa_retry = SOA_RETRY; + daemon->soa_expiry = SOA_EXPIRY; +- daemon->max_port = MAX_PORT; ++ daemon->max_port = -1; + daemon->min_port = MIN_PORT; + + #ifndef NO_ID +-- +2.14.4 + diff --git a/dnsmasq.spec b/dnsmasq.spec index f1a5a9f..3319fd7 100644 --- a/dnsmasq.spec +++ b/dnsmasq.spec @@ -13,7 +13,7 @@ Name: dnsmasq Version: 2.79 -Release: 7%{?extraversion:.%{extraversion}}%{?dist} +Release: 8%{?extraversion:.%{extraversion}}%{?dist} Summary: A lightweight DHCP/caching DNS server License: GPLv2 or GPLv3 @@ -26,6 +26,7 @@ Source2: dnsmasq-systemd-sysusers.conf Patch1: dnsmasq-2.77-underflow.patch Patch3: dnsmasq-2.78-fips.patch Patch4: dnsmasq-2.80-dnssec.patch +Patch5: dnsmasq-2.79-randomize-ports.patch # This is workaround to nettle bug #1549190 # https://bugzilla.redhat.com/show_bug.cgi?id=1549190 @@ -63,6 +64,7 @@ server's leases. %patch1 -p1 -b .underflow %patch3 -p1 -b .fips %patch4 -p1 -b .dnssec +%patch5 -p1 -b .ports # use /var/lib/dnsmasq instead of /var/lib/misc for file in dnsmasq.conf.example man/dnsmasq.8 man/es/dnsmasq.8 src/config.h; do @@ -163,6 +165,9 @@ install -Dpm 644 %{SOURCE2} %{buildroot}%{_sysusersdir}/dnsmasq.conf %{_mandir}/man1/dhcp_* %changelog +* Thu Aug 09 2018 Petr Menšík <pemensik(a)redhat.com> - 2.79-8 +- Better randomize ports + * Tue Jul 31 2018 Florian Weimer <fweimer(a)redhat.com> - 2.79-7 - Rebuild with fixed binutils https://src.fedoraproject.org/rpms/dnsmasq/c/8a0901a90e38fb504c3127b7ec38...

5 years, 8 months

Package: dnsmasq-2.66-1.rc5.fc19 Tag: None Status: complete Built by: sharkcz

by Fedora Koji Build System

11 years, 2 months

Search results for query "dnsmasq"