pemensik pushed to rpms/dnsmasq (f37). "Update to 2.88 (#2150667) (..more)"
by notifications@fedoraproject.org
Notification time stamped 2022-12-08 13:00:23 UTC
From 773d89e137bd232c1a49195405af0ebde8d70eac Mon Sep 17 00:00:00 2001
From: Petr Menšík <pemensik(a)redhat.com>
Date: Dec 06 2022 17:35:48 +0000
Subject: Update to 2.88 (#2150667)
Still keeping underflow patch, even it seems not necessary.
https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2022q4/016767.html
---
diff --git a/.gitignore b/.gitignore
index 21fb205..b0930fc 100644
--- a/.gitignore
+++ b/.gitignore
@@ -46,3 +46,5 @@ dnsmasq-2.52.tar.lzma
/dnsmasq-2.86.tar.xz.asc
/dnsmasq-2.87.tar.xz
/dnsmasq-2.87.tar.xz.asc
+/dnsmasq-2.88.tar.xz
+/dnsmasq-2.88.tar.xz.asc
diff --git a/dnsmasq-2.77-underflow.patch b/dnsmasq-2.77-underflow.patch
index 9e1b750..155355b 100644
--- a/dnsmasq-2.77-underflow.patch
+++ b/dnsmasq-2.77-underflow.patch
@@ -1,4 +1,4 @@
-From 46b9670a418419d9e04bbe9a0d6c5a85f3c63265 Mon Sep 17 00:00:00 2001
+From 0e581ae7b2d3b181f22f71d5a0b7ace0bf90089f Mon Sep 17 00:00:00 2001
From: Doran Moppert <dmoppert(a)redhat.com>
Date: Tue, 26 Sep 2017 14:48:20 +0930
Subject: [PATCH] google patch hand-applied
@@ -30,19 +30,19 @@ index c498eb1..0eb3873 100644
free(buff);
p += rdlen;
diff --git a/src/rfc1035.c b/src/rfc1035.c
-index 60ef272..93701f6 100644
+index 5c0df56..7e01459 100644
--- a/src/rfc1035.c
+++ b/src/rfc1035.c
-@@ -1411,6 +1411,9 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
+@@ -1425,6 +1425,9 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
size_t len;
int rd_bit = (header->hb3 & HB3_RD);
+ // Make sure we do not underflow here too.
+ if (qlen > (limit - ((char *)header))) return 0;
+
- /* never answer queries with RD unset, to avoid cache snooping. */
- if (ntohs(header->ancount) != 0 ||
- ntohs(header->nscount) != 0 ||
+ if (stale)
+ *stale = 0;
+
--
-2.37.3
+2.38.1
diff --git a/dnsmasq-2.87-dbus-file-reload.patch b/dnsmasq-2.87-dbus-file-reload.patch
deleted file mode 100644
index f1e0d66..0000000
--- a/dnsmasq-2.87-dbus-file-reload.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-From 930428fb970f4991e5c2933fd5a5d2504c18a551 Mon Sep 17 00:00:00 2001
-From: Simon Kelley <simon(a)thekelleys.org.uk>
-Date: Mon, 17 Oct 2022 21:15:43 +0100
-Subject: [PATCH] Fix loss of DNS servers on config reload.
-
-A bug, introduced in 2.87, which could result in DNS
-servers being removed from the configuration when reloading
-server configuration from DBus, or re-reading /etc/resolv.conf
-Only servers from the same source should be replaced, but some
-servers from other sources (ie hard coded or another dynamic source)
-could mysteriously disappear.
----
- src/domain-match.c | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/src/domain-match.c b/src/domain-match.c
-index f7db0fe..76a1109 100644
---- a/src/domain-match.c
-+++ b/src/domain-match.c
-@@ -683,7 +683,9 @@ int add_update_server(int flags,
- serv->next = NULL;
- }
- break;
-- }
-+ }
-+ else
-+ up = &serv->next;
- }
-
- if (serv)
---
-2.38.1
-
diff --git a/dnsmasq.spec b/dnsmasq.spec
index 7c84848..c2a9a57 100644
--- a/dnsmasq.spec
+++ b/dnsmasq.spec
@@ -19,8 +19,8 @@
%bcond_with sourcegit
Name: dnsmasq
-Version: 2.87
-Release: 3%{?extraversion:.%{extraversion}}%{?dist}
+Version: 2.88
+Release: 1%{?extraversion:.%{extraversion}}%{?dist}
Summary: A lightweight DHCP/caching DNS server
License: GPL-2.0-only or GPL-3.0-only
@@ -41,14 +41,6 @@ Patch1: dnsmasq-2.77-underflow.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1852373
Patch2: dnsmasq-2.81-configuration.patch
Patch3: dnsmasq-2.78-fips.patch
-# https://bugzilla.redhat.com/show_bug.cgi?id=2148301
-# https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=930428fb970f49...
-Patch4: dnsmasq-2.87-dbus-file-reload.patch
-
-# https://bugzilla.redhat.com/show_bug.cgi?id=2009975
-# replaces/enhances http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=d290630d31f4517...
-#Patch26: dnsmasq-2.86-build_server_array.patch
-
Requires: nettle
@@ -190,6 +182,9 @@ install -Dpm 644 %{SOURCE2} %{buildroot}%{_sysusersdir}/%{name}.conf
%{_mandir}/man1/dhcp_*
%changelog
+* Tue Dec 06 2022 Petr Menšík <pemensik(a)redhat.com> - 2.88-1
+- Update to 2.88 (#2150667)
+
* Fri Nov 25 2022 Petr Menšík <pemensik(a)redhat.com> - 2.87-3
- Fix regression removing config statements on DBus change (#2148301)
diff --git a/sources b/sources
index b290fb4..805f741 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
-SHA512 (dnsmasq-2.87.tar.xz) = 965071ff35aed558a661e7f57ff82de170f4ad7fcdd6a4070ce7915c9f5e41450d8d86b2a0c2c30bf52ddc3aaeb22af18bb6da71a1cccb3c409429ef0ef308f3
-SHA512 (dnsmasq-2.87.tar.xz.asc) = 539abb6c5ad50c2e3eaa534dde63be4003b4ed96d471ba9d96fed028d5ddf76111591626de6def823438731c363383282a75139346304f2819aef64a0943a300
+SHA512 (dnsmasq-2.88.tar.xz) = 109ee4513cb25fb0c9ff6f81d696c195a24ffa013847fdc3a507757137fff098248e2b907a87695075405039c4dc0eda40803395a52306ce673ca593cc4f4e00
+SHA512 (dnsmasq-2.88.tar.xz.asc) = 64b12010139b224db879eb007550ddc0ce8152c98aaa9f3a8063b757c49478473d6ff10a6053913400f7eedefceb4fa38e83b8b6f1e3ebe36c78b00e490bd951
https://src.fedoraproject.org/rpms/dnsmasq/c/773d89e137bd232c1a49195405af...
1 year, 6 months
rpms/dnsmasq/devel dnsmasq-2.30-enable-dbus.patch, NONE, 1.1 dnsmasq-2.30-initscript.patch, NONE, 1.1
by fedora-extras-commits@redhat.com
Author: jima
Update of /cvs/extras/rpms/dnsmasq/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv7576/devel
Added Files:
dnsmasq-2.30-enable-dbus.patch dnsmasq-2.30-initscript.patch
Log Message:
Implementing request from upstream, unified spec, etc
dnsmasq-2.30-enable-dbus.patch:
--- NEW FILE dnsmasq-2.30-enable-dbus.patch ---
diff -urN dnsmasq-2.30/src/config.h dnsmasq-2.30-patched/src/config.h
--- dnsmasq-2.30/src/config.h 2006-04-23 13:27:20.000000000 -0500
+++ dnsmasq-2.30-patched/src/config.h 2006-04-26 13:43:54.000000000 -0500
@@ -168,7 +168,7 @@
/* platform independent options- uncomment to enable */
/* #define HAVE_BROKEN_RTC */
/* #define HAVE_ISC_READER */
-/* #define HAVE_DBUS */
+#define HAVE_DBUS
#if defined(HAVE_BROKEN_RTC) && defined(HAVE_ISC_READER)
# error HAVE_ISC_READER is not compatible with HAVE_BROKEN_RTC
dnsmasq-2.30-initscript.patch:
--- NEW FILE dnsmasq-2.30-initscript.patch ---
diff -urN dnsmasq-2.30/rpm/dnsmasq.rh dnsmasq-2.30-patched/rpm/dnsmasq.rh
--- dnsmasq-2.30/rpm/dnsmasq.rh 2006-04-23 08:26:21.000000000 -0500
+++ dnsmasq-2.30-patched/rpm/dnsmasq.rh 2006-04-24 15:06:01.000000000 -0500
@@ -2,7 +2,7 @@
#
# Startup script for the DNS caching server
#
-# chkconfig: 2345 99 01
+# chkconfig: - 99 01
# description: This script starts your DNS caching server
# processname: dnsmasq
# pidfile: /var/run/dnsmasq.pid
18 years, 2 months
rpms/dnsmasq/FC-3 dnsmasq.spec,1.7,1.8
by fedora-extras-commits@redhat.com
Author: jima
Update of /cvs/extras/rpms/dnsmasq/FC-3
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv16919/FC-3
Modified Files:
dnsmasq.spec
Log Message:
Don't install dbus/dnsmasq.conf on FC3 (dbus too old)
Index: dnsmasq.spec
===================================================================
RCS file: /cvs/extras/rpms/dnsmasq/FC-3/dnsmasq.spec,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- dnsmasq.spec 2 May 2006 16:37:48 -0000 1.7
+++ dnsmasq.spec 2 May 2006 16:48:07 -0000 1.8
@@ -1,6 +1,6 @@
Name: dnsmasq
Version: 2.30
-Release: 4.2%{?dist}
+Release: 4.2%{?dist}.1
Summary: A lightweight DHCP/caching DNS server
Group: System Environment/Daemons
@@ -53,7 +53,9 @@
$RPM_BUILD_ROOT%{_sysconfdir}/dbus-1/system.d
install src/dnsmasq $RPM_BUILD_ROOT%{_sbindir}/dnsmasq
install dnsmasq.conf.example $RPM_BUILD_ROOT%{_sysconfdir}/dnsmasq.conf
+%if "%{dist}" != ".fc3"
install dbus/dnsmasq.conf $RPM_BUILD_ROOT%{_sysconfdir}/dbus-1/system.d/
+%endif
install rpm/dnsmasq.rh $RPM_BUILD_ROOT%{_initrddir}/dnsmasq
install man/dnsmasq.8 $RPM_BUILD_ROOT%{_mandir}/man8/
@@ -79,13 +81,18 @@
%defattr(-,root,root,-)
%doc CHANGELOG COPYING FAQ doc.html setup.html UPGRADING_to_2.0
%config(noreplace) %attr(644,root,root) %{_sysconfdir}/dnsmasq.conf
+%if "%{dist}" != ".fc3"
%config(noreplace) %attr(644,root,root) %{_sysconfdir}/dbus-1/system.d/dnsmasq.conf
+%endif
%{_initrddir}/dnsmasq
%{_sbindir}/dnsmasq
%{_mandir}/man8/dnsmasq*
%changelog
+* Tue May 2 2006 Patrick "Jima" Laughton <jima(a)auroralinux.org> 2.30-4.2.fc3.1
+- Don't install dbus/dnsmasq.conf on FC3 (dbus too old)
+
* Tue May 2 2006 Patrick "Jima" Laughton <jima(a)auroralinux.org> 2.30-4.2
- More upstream-recommended cleanups :)
- Killed sysconfig file (provides unneeded functionality)
18 years, 1 month
pemensik pushed to dnsmasq (master). "Make dnsmasq leases writeable
by root again (#1554390)"
by notifications@fedoraproject.org
Notification time stamped 2018-07-02 18:20:22 UTC
From 4c7e2b30a03ff3026ba51b4120e249009c4dbfc5 Mon Sep 17 00:00:00 2001
From: Petr Menšík <pemensik(a)redhat.com>
Date: Jul 02 2018 18:18:18 +0000
Subject: Make dnsmasq leases writeable by root again (#1554390)
---
diff --git a/dnsmasq.spec b/dnsmasq.spec
index 9c7f40f..75e292f 100644
--- a/dnsmasq.spec
+++ b/dnsmasq.spec
@@ -13,7 +13,7 @@
Name: dnsmasq
Version: 2.79
-Release: 2%{?extraversion:.%{extraversion}}%{?dist}
+Release: 3%{?extraversion:.%{extraversion}}%{?dist}
Summary: A lightweight DHCP/caching DNS server
License: GPLv2 or GPLv3
@@ -144,10 +144,12 @@ install -Dpm 644 %{SOURCE2} %{buildroot}%{_sysusersdir}/dnsmasq.conf
%files
%doc CHANGELOG FAQ doc.html setup.html dbus/DBus-interface
%license COPYING COPYING-v3
-%config(noreplace) %attr(644,root,root) %{_sysconfdir}/dnsmasq.conf
-%dir /etc/dnsmasq.d
-%dir %attr(0755, dnsmasq, dnsmasq) %{_var}/lib/dnsmasq
-%config(noreplace) %attr(644,root,root) %{_sysconfdir}/dbus-1/system.d/dnsmasq.conf
+%defattr(0644,root,dnsmasq,0755)
+%config(noreplace) %{_sysconfdir}/dnsmasq.conf
+%dir %{_sysconfdir}/dnsmasq.d
+%dir %{_var}/lib/dnsmasq
+%defattr(-,root,root,-)
+%config(noreplace) %{_sysconfdir}/dbus-1/system.d/dnsmasq.conf
%{_unitdir}/%{name}.service
%{_sbindir}/dnsmasq
%{_mandir}/man8/dnsmasq*
@@ -161,6 +163,9 @@ install -Dpm 644 %{SOURCE2} %{buildroot}%{_sysusersdir}/dnsmasq.conf
%{_mandir}/man1/dhcp_*
%changelog
+* Mon Jul 02 2018 Petr Menšík <pemensik(a)redhat.com> - 2.79-3
+- Make dnsmasq leases writeable by root again (#1554390)
+
* Mon Jul 02 2018 Petr Menšík <pemensik(a)redhat.com> - 2.79-2
- Fix passing of dnssec enabled queries (#1597309)
https://src.fedoraproject.org/rpms/dnsmasq/c/4c7e2b30a03ff3026ba51b4120e2...
5 years, 12 months
pemensik pushed to dnsmasq (f28). "Make dnsmasq leases writeable by
root again (#1554390)"
by notifications@fedoraproject.org
Notification time stamped 2018-07-02 18:21:00 UTC
From 4c7e2b30a03ff3026ba51b4120e249009c4dbfc5 Mon Sep 17 00:00:00 2001
From: Petr Menšík <pemensik(a)redhat.com>
Date: Jul 02 2018 18:18:18 +0000
Subject: Make dnsmasq leases writeable by root again (#1554390)
---
diff --git a/dnsmasq.spec b/dnsmasq.spec
index 9c7f40f..75e292f 100644
--- a/dnsmasq.spec
+++ b/dnsmasq.spec
@@ -13,7 +13,7 @@
Name: dnsmasq
Version: 2.79
-Release: 2%{?extraversion:.%{extraversion}}%{?dist}
+Release: 3%{?extraversion:.%{extraversion}}%{?dist}
Summary: A lightweight DHCP/caching DNS server
License: GPLv2 or GPLv3
@@ -144,10 +144,12 @@ install -Dpm 644 %{SOURCE2} %{buildroot}%{_sysusersdir}/dnsmasq.conf
%files
%doc CHANGELOG FAQ doc.html setup.html dbus/DBus-interface
%license COPYING COPYING-v3
-%config(noreplace) %attr(644,root,root) %{_sysconfdir}/dnsmasq.conf
-%dir /etc/dnsmasq.d
-%dir %attr(0755, dnsmasq, dnsmasq) %{_var}/lib/dnsmasq
-%config(noreplace) %attr(644,root,root) %{_sysconfdir}/dbus-1/system.d/dnsmasq.conf
+%defattr(0644,root,dnsmasq,0755)
+%config(noreplace) %{_sysconfdir}/dnsmasq.conf
+%dir %{_sysconfdir}/dnsmasq.d
+%dir %{_var}/lib/dnsmasq
+%defattr(-,root,root,-)
+%config(noreplace) %{_sysconfdir}/dbus-1/system.d/dnsmasq.conf
%{_unitdir}/%{name}.service
%{_sbindir}/dnsmasq
%{_mandir}/man8/dnsmasq*
@@ -161,6 +163,9 @@ install -Dpm 644 %{SOURCE2} %{buildroot}%{_sysusersdir}/dnsmasq.conf
%{_mandir}/man1/dhcp_*
%changelog
+* Mon Jul 02 2018 Petr Menšík <pemensik(a)redhat.com> - 2.79-3
+- Make dnsmasq leases writeable by root again (#1554390)
+
* Mon Jul 02 2018 Petr Menšík <pemensik(a)redhat.com> - 2.79-2
- Fix passing of dnssec enabled queries (#1597309)
https://src.fedoraproject.org/rpms/dnsmasq/c/4c7e2b30a03ff3026ba51b4120e2...
5 years, 12 months
pemensik pushed to dnsmasq (f27). "Make dnsmasq leases writeable by
root again (#1554390)"
by notifications@fedoraproject.org
Notification time stamped 2018-07-02 18:21:25 UTC
From 4c7e2b30a03ff3026ba51b4120e249009c4dbfc5 Mon Sep 17 00:00:00 2001
From: Petr Menšík <pemensik(a)redhat.com>
Date: Jul 02 2018 18:18:18 +0000
Subject: Make dnsmasq leases writeable by root again (#1554390)
---
diff --git a/dnsmasq.spec b/dnsmasq.spec
index 9c7f40f..75e292f 100644
--- a/dnsmasq.spec
+++ b/dnsmasq.spec
@@ -13,7 +13,7 @@
Name: dnsmasq
Version: 2.79
-Release: 2%{?extraversion:.%{extraversion}}%{?dist}
+Release: 3%{?extraversion:.%{extraversion}}%{?dist}
Summary: A lightweight DHCP/caching DNS server
License: GPLv2 or GPLv3
@@ -144,10 +144,12 @@ install -Dpm 644 %{SOURCE2} %{buildroot}%{_sysusersdir}/dnsmasq.conf
%files
%doc CHANGELOG FAQ doc.html setup.html dbus/DBus-interface
%license COPYING COPYING-v3
-%config(noreplace) %attr(644,root,root) %{_sysconfdir}/dnsmasq.conf
-%dir /etc/dnsmasq.d
-%dir %attr(0755, dnsmasq, dnsmasq) %{_var}/lib/dnsmasq
-%config(noreplace) %attr(644,root,root) %{_sysconfdir}/dbus-1/system.d/dnsmasq.conf
+%defattr(0644,root,dnsmasq,0755)
+%config(noreplace) %{_sysconfdir}/dnsmasq.conf
+%dir %{_sysconfdir}/dnsmasq.d
+%dir %{_var}/lib/dnsmasq
+%defattr(-,root,root,-)
+%config(noreplace) %{_sysconfdir}/dbus-1/system.d/dnsmasq.conf
%{_unitdir}/%{name}.service
%{_sbindir}/dnsmasq
%{_mandir}/man8/dnsmasq*
@@ -161,6 +163,9 @@ install -Dpm 644 %{SOURCE2} %{buildroot}%{_sysusersdir}/dnsmasq.conf
%{_mandir}/man1/dhcp_*
%changelog
+* Mon Jul 02 2018 Petr Menšík <pemensik(a)redhat.com> - 2.79-3
+- Make dnsmasq leases writeable by root again (#1554390)
+
* Mon Jul 02 2018 Petr Menšík <pemensik(a)redhat.com> - 2.79-2
- Fix passing of dnssec enabled queries (#1597309)
https://src.fedoraproject.org/rpms/dnsmasq/c/4c7e2b30a03ff3026ba51b4120e2...
5 years, 12 months
pemensik pushed to dnsmasq (master). "Update to dnsmasq 2.80 (..more)"
by notifications@fedoraproject.org
Notification time stamped 2018-10-25 13:32:54 UTC
From d63c7d423ae5eb8c3b12741e8a3afef4f7d889df Mon Sep 17 00:00:00 2001
From: Petr Menšík <pemensik(a)redhat.com>
Date: Oct 24 2018 17:36:17 +0000
Subject: Update to dnsmasq 2.80
Fix underflow patch
---
diff --git a/.gitignore b/.gitignore
index 1e0c820..041189e 100644
--- a/.gitignore
+++ b/.gitignore
@@ -27,3 +27,4 @@ dnsmasq-2.52.tar.lzma
/dnsmasq-2.77.tar.xz
/dnsmasq-2.78.tar.xz
/dnsmasq-2.79.tar.xz
+/dnsmasq-2.80.tar.xz
diff --git a/dnsmasq-2.77-underflow.patch b/dnsmasq-2.77-underflow.patch
index 2e900bf..f42212e 100644
--- a/dnsmasq-2.77-underflow.patch
+++ b/dnsmasq-2.77-underflow.patch
@@ -1,4 +1,4 @@
-From c82a594d95431e8615126621397ea595eb037a6b Mon Sep 17 00:00:00 2001
+From 0ef799244732871e043d848f2f845c797f5a0745 Mon Sep 17 00:00:00 2001
From: Doran Moppert <dmoppert(a)redhat.com>
Date: Tue, 26 Sep 2017 14:48:20 +0930
Subject: [PATCH] google patch hand-applied
@@ -31,10 +31,10 @@ index af33877..ba6ff0c 100644
free(buff);
p += rdlen;
diff --git a/src/forward.c b/src/forward.c
-index cdd11d3..3078f64 100644
+index 3dd8633..64af66f 100644
--- a/src/forward.c
+++ b/src/forward.c
-@@ -1438,6 +1438,10 @@ void receive_query(struct listener *listen, time_t now)
+@@ -1577,6 +1577,10 @@ void receive_query(struct listener *listen, time_t now)
udp_size = PACKETSZ; /* Sanity check - can't reduce below default. RFC 6891 6.2.3 */
}
@@ -46,18 +46,18 @@ index cdd11d3..3078f64 100644
if (auth_dns)
{
diff --git a/src/rfc1035.c b/src/rfc1035.c
-index b078b59..777911b 100644
+index 6290f22..a943ecb 100644
--- a/src/rfc1035.c
+++ b/src/rfc1035.c
-@@ -1281,6 +1281,8 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
+@@ -1292,6 +1292,8 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
int nxdomain = 0, auth = 1, trunc = 0, sec_data = 1;
struct mx_srv_record *rec;
size_t len;
+ // Make sure we do not underflow here too.
+ if (qlen > (limit - ((char *)header))) return 0;
- if (ntohs(header->ancount) != 0 ||
- ntohs(header->nscount) != 0 ||
+ /* never answer queries with RD unset, to avoid cache snooping. */
+ if (!(header->hb3 & HB3_RD) ||
--
-2.14.3
+2.14.4
diff --git a/dnsmasq-2.78-fips.patch b/dnsmasq-2.78-fips.patch
index 011433c..1b77981 100644
--- a/dnsmasq-2.78-fips.patch
+++ b/dnsmasq-2.78-fips.patch
@@ -1,4 +1,4 @@
-From 89f57e39b69f92beacb6bad9c68d61f9c4fb0e77 Mon Sep 17 00:00:00 2001
+From 7b1cce1d0bdb61c09946978d4bdeb05a3cd4202a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik(a)redhat.com>
Date: Fri, 2 Mar 2018 13:17:04 +0100
Subject: [PATCH] Print warning on FIPS machine with dnssec enabled. Dnsmasq
@@ -9,7 +9,7 @@ Subject: [PATCH] Print warning on FIPS machine with dnssec enabled. Dnsmasq
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/src/dnsmasq.c b/src/dnsmasq.c
-index ce44809..9f6c020 100644
+index 480c5f9..5fd229e 100644
--- a/src/dnsmasq.c
+++ b/src/dnsmasq.c
@@ -187,6 +187,7 @@ int main (int argc, char **argv)
@@ -20,10 +20,10 @@ index ce44809..9f6c020 100644
#else
die(_("DNSSEC not available: set HAVE_DNSSEC in src/config.h"), NULL, EC_BADCONF);
#endif
-@@ -769,7 +770,10 @@ int main (int argc, char **argv)
- }
-
- my_syslog(LOG_INFO, _("DNSSEC validation enabled"));
+@@ -786,7 +787,10 @@ int main (int argc, char **argv)
+ my_syslog(LOG_INFO, _("DNSSEC validation enabled but all unsigned answers are trusted"));
+ else
+ my_syslog(LOG_INFO, _("DNSSEC validation enabled"));
-
+
+ if (access("/etc/system-fips", F_OK) == 0)
diff --git a/dnsmasq-2.79-randomize-ports.patch b/dnsmasq-2.79-randomize-ports.patch
index e37931b..0f6a815 100644
--- a/dnsmasq-2.79-randomize-ports.patch
+++ b/dnsmasq-2.79-randomize-ports.patch
@@ -1,4 +1,4 @@
-From 6899c5c5b9a32aa2ce0513b5e69356844988c64e Mon Sep 17 00:00:00 2001
+From 8455bcbe5311ee0d15bcebe494580fec8868a93a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik(a)redhat.com>
Date: Thu, 9 Aug 2018 18:17:26 +0200
Subject: [PATCH] Use OS random ports by default
@@ -13,20 +13,20 @@ separately. Would use port according to system policy.
3 files changed, 16 insertions(+), 5 deletions(-)
diff --git a/src/dnsmasq.c b/src/dnsmasq.c
-index 9f6c020..4cd478e 100644
+index ac5d8aa..6d51d3b 100644
--- a/src/dnsmasq.c
+++ b/src/dnsmasq.c
-@@ -226,7 +226,7 @@ int main (int argc, char **argv)
- die(_("loop detection not available: set HAVE_LOOP in src/config.h"), NULL, EC_BADCONF);
+@@ -230,7 +230,7 @@ int main (int argc, char **argv)
+ die(_("Ubus not available: set HAVE_UBUS in src/config.h"), NULL, EC_BADCONF);
#endif
-
+
- if (daemon->max_port < daemon->min_port)
+ if (daemon->max_port >= 0 && daemon->max_port < daemon->min_port)
die(_("max_port cannot be smaller than min_port"), NULL, EC_BADCONF);
now = dnsmasq_time();
diff --git a/src/network.c b/src/network.c
-index 0381513..9747d26 100644
+index 8ae7a70..58a2819 100644
--- a/src/network.c
+++ b/src/network.c
@@ -1138,18 +1138,27 @@ int random_sock(int family)
@@ -61,10 +61,10 @@ index 0381513..9747d26 100644
if (family == AF_INET)
{
diff --git a/src/option.c b/src/option.c
-index d358d99..b7eaff0 100644
+index 7ccbdea..477dd52 100644
--- a/src/option.c
+++ b/src/option.c
-@@ -2602,6 +2602,8 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
+@@ -2619,6 +2619,8 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
case LOPT_MINPORT: /* --min-port */
if (!atoi_check16(arg, &daemon->min_port))
ret_err(gen_err);
@@ -73,7 +73,7 @@ index d358d99..b7eaff0 100644
break;
case LOPT_MAXPORT: /* --max-port */
-@@ -4678,7 +4680,7 @@ void read_opts(int argc, char **argv, char *compile_opts)
+@@ -4754,7 +4756,7 @@ void read_opts(int argc, char **argv, char *compile_opts)
daemon->soa_refresh = SOA_REFRESH;
daemon->soa_retry = SOA_RETRY;
daemon->soa_expiry = SOA_EXPIRY;
diff --git a/dnsmasq-2.80-dnssec.patch b/dnsmasq-2.80-dnssec.patch
deleted file mode 100644
index a34f46e..0000000
--- a/dnsmasq-2.80-dnssec.patch
+++ /dev/null
@@ -1,73 +0,0 @@
-From a997ca0da044719a0ce8a232d14da8b30022592b Mon Sep 17 00:00:00 2001
-From: Simon Kelley <simon(a)thekelleys.org.uk>
-Date: Fri, 29 Jun 2018 14:39:41 +0100
-Subject: [PATCH] Fix sometimes missing DNSSEC RRs when DNSSEC validation not
- enabled.
-
-Dnsmasq does pass on the do-bit, and return DNSSEC RRs, irrespective
-of of having DNSSEC validation compiled in or enabled.
-
-The thing to understand here is that the cache does not store all the
-DNSSEC RRs, and dnsmasq doesn't have the (very complex) logic required
-to determine the set of DNSSEC RRs required in an answer. Therefore if
-the client wants the DNSSEC RRs, the query can not be answered from
-the cache. When DNSSEC validation is enabled, any query with the
-do-bit set is never answered from the cache, unless the domain is
-known not to be signed: the query is always forwarded. This ensures
-that the DNSEC RRs are included.
-
-The same thing should be true when DNSSEC validation is not enabled,
-but there's a bug in the logic.
-
-line 1666 of src/rfc1035.c looks like this
-
- if ((crecp->flags & (F_HOSTS | F_DHCP | F_CONFIG)) || !do_bit || !(crecp->flags & F_DNSSECOK))
-
-{ ...answer from cache ... }
-
-So local stuff (hosts, DHCP, ) get answered. If the do_bit is not set
-then the query is answered, and if the domain is known not to be
-signed, the query is answered.
-
-Unfortunately, if DNSSEC validation is not turned on then the
-F_DNSSECOK bit is not valid, and it's always zero, so the question
-always gets answered from the cache, even when the do-bit is set.
-
-This code should look like that at line 1468, dealing with PTR queries
-
- if ((crecp->flags & (F_HOSTS | F_DHCP | F_CONFIG)) ||
- !do_bit ||
- (option_bool(OPT_DNSSEC_VALID) && !(crecp->flags & F_DNSSECOK)))
-
-where the F_DNSSECOK bit is only used when validation is enabled.
----
- src/rfc1035.c | 6 ++++--
- 1 file changed, 4 insertions(+), 2 deletions(-)
-
-diff --git a/src/rfc1035.c b/src/rfc1035.c
-index ebb1f36..580f5ef 100644
---- a/src/rfc1035.c
-+++ b/src/rfc1035.c
-@@ -1663,7 +1663,9 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
- }
-
- /* If the client asked for DNSSEC don't use cached data. */
-- if ((crecp->flags & (F_HOSTS | F_DHCP | F_CONFIG)) || !do_bit || !(crecp->flags & F_DNSSECOK))
-+ if ((crecp->flags & (F_HOSTS | F_DHCP | F_CONFIG)) ||
-+ !do_bit ||
-+ (option_bool(OPT_DNSSEC_VALID) && !(crecp->flags & F_DNSSECOK)))
- do
- {
- /* don't answer wildcard queries with data not from /etc/hosts
-@@ -1747,7 +1749,7 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
- {
- if ((crecp = cache_find_by_name(NULL, name, now, F_CNAME | (dryrun ? F_NO_RR : 0))) &&
- (qtype == T_CNAME || (crecp->flags & F_CONFIG)) &&
-- ((crecp->flags & F_CONFIG) || !do_bit || !(crecp->flags & F_DNSSECOK)))
-+ ((crecp->flags & F_CONFIG) || !do_bit || (option_bool(OPT_DNSSEC_VALID) && !(crecp->flags & F_DNSSECOK))))
- {
- if (!(crecp->flags & F_DNSSECOK))
- sec_data = 0;
---
-2.14.4
-
diff --git a/dnsmasq.spec b/dnsmasq.spec
index 3319fd7..4d46827 100644
--- a/dnsmasq.spec
+++ b/dnsmasq.spec
@@ -12,8 +12,8 @@
%define _hardened_build 1
Name: dnsmasq
-Version: 2.79
-Release: 8%{?extraversion:.%{extraversion}}%{?dist}
+Version: 2.80
+Release: 1%{?extraversion:.%{extraversion}}%{?dist}
Summary: A lightweight DHCP/caching DNS server
License: GPLv2 or GPLv3
@@ -25,8 +25,7 @@ Source2: dnsmasq-systemd-sysusers.conf
# https://bugzilla.redhat.com/show_bug.cgi?id=1495409
Patch1: dnsmasq-2.77-underflow.patch
Patch3: dnsmasq-2.78-fips.patch
-Patch4: dnsmasq-2.80-dnssec.patch
-Patch5: dnsmasq-2.79-randomize-ports.patch
+Patch5: dnsmasq-2.79-randomize-ports.patch
# This is workaround to nettle bug #1549190
# https://bugzilla.redhat.com/show_bug.cgi?id=1549190
@@ -63,7 +62,6 @@ server's leases.
%setup -q -n %{name}-%{version}%{?extraversion}
%patch1 -p1 -b .underflow
%patch3 -p1 -b .fips
-%patch4 -p1 -b .dnssec
%patch5 -p1 -b .ports
# use /var/lib/dnsmasq instead of /var/lib/misc
@@ -165,6 +163,9 @@ install -Dpm 644 %{SOURCE2} %{buildroot}%{_sysusersdir}/dnsmasq.conf
%{_mandir}/man1/dhcp_*
%changelog
+* Mon Aug 20 2018 Petr Menšík <pemensik(a)redhat.com> - 2.80-1
+- Update to 2.80
+
* Thu Aug 09 2018 Petr Menšík <pemensik(a)redhat.com> - 2.79-8
- Better randomize ports
diff --git a/sources b/sources
index c0990c5..fd1fa6d 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (dnsmasq-2.79.tar.xz) = 2c06212696ab55e1584f6133872f5b196013509e4b1822d0457787b456e14341afdde887749e370a2e512124cb4138f012f4601b08690707be4acc7cf2f2876f
+SHA512 (dnsmasq-2.80.tar.xz) = 58e56beb553fc41311e5dc16d8b0eb3b6801e2bdfbcd0e7a6659703f08960b6ad10d48b0b14a4d727636faf35483e01597cff2ae49e7fe9fa9e214f437b1c068
https://src.fedoraproject.org/rpms/dnsmasq/c/d63c7d423ae5eb8c3b12741e8a3a...
5 years, 8 months
[dnsmasq] update to the latest testing release 2.67test4 (#962246)
by Tomas Hozza
commit f9818256f6927518068b18f462207b299bb91f42
Author: Tomas Hozza <thozza(a)redhat.com>
Date: Wed May 15 09:31:14 2013 +0200
update to the latest testing release 2.67test4 (#962246)
- drop mergerd patches
Signed-off-by: Tomas Hozza <thozza(a)redhat.com>
.gitignore | 1 +
..._number_zero_in_encapsulated_DHCP_options.patch | 142 ----------
...ix-crash-on-SERVFAIL-when-using-conntrack.patch | 50 ----
...Fix-regression-in-dhcp_lease_time-utility.patch | 103 -------
dnsmasq-2.66-Fix-wrong_size_in_memset_call.patch | 26 --
dnsmasq-2.66-Manpage-typos.patch | 97 -------
...lease_time-and-dhcp_release-work-for-IPv4.patch | 45 ---
...6-Send-TCP-DNS-messages-in-one-write-call.patch | 90 -------
dnsmasq-2.66-dhcp-match-now-work-with-BOOTP.patch | 282 --------------------
dnsmasq.spec | 39 +---
sources | 2 +-
11 files changed, 10 insertions(+), 867 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index 5382b85..b72b52a 100644
--- a/.gitignore
+++ b/.gitignore
@@ -7,3 +7,4 @@ dnsmasq-2.52.tar.lzma
/dnsmasq-2.66rc1.tar.gz
/dnsmasq-2.66rc5.tar.gz
/dnsmasq-2.66.tar.gz
+/dnsmasq-2.67test4.tar.gz
diff --git a/dnsmasq.spec b/dnsmasq.spec
index f5f41cc..b007ecb 100644
--- a/dnsmasq.spec
+++ b/dnsmasq.spec
@@ -1,8 +1,8 @@
-%define testrelease 0
+%define testrelease 1
%define releasecandidate 0
%if 0%{testrelease}
%define extrapath test-releases/
- %define extraversion test30
+ %define extraversion test4
%endif
%if 0%{releasecandidate}
%define extrapath release-candidates/
@@ -10,8 +10,8 @@
%endif
Name: dnsmasq
-Version: 2.66
-Release: 5%{?extraversion}%{?dist}
+Version: 2.67
+Release: 0.1.%{?extraversion}%{?dist}
Summary: A lightweight DHCP/caching DNS server
Group: System Environment/Daemons
@@ -20,24 +20,6 @@ URL: http://www.thekelleys.org.uk/dnsmasq/
Source0: http://www.thekelleys.org.uk/dnsmasq/%{?extrapath}%{name}-%{version}%{?ex...
Source1: %{name}.service
-#include upstream bug fix patches committed after stable release
-# commit 4582c0efe7d7af93517b1f3bcc7af67685ab3e5c
-Patch0: %{name}-2.66-Fix-wrong_size_in_memset_call.patch
-# commit bd08ae67f9a0cae2ce15be885254cad9449d4551
-Patch1: %{name}-2.66-Allow-option_number_zero_in_encapsulated_DHCP_options.patch
-# commit 4b5ea12e90024ade5033b3b83a8b2620035952ba
-Patch2: %{name}-2.66-Send-TCP-DNS-messages-in-one-write-call.patch
-# commit 797a7afba477390bc016c647cfb792c85ee6102d
-Patch3: %{name}-2.66-Fix-crash-on-SERVFAIL-when-using-conntrack.patch
-# commit aa63a21ce0b20dfe988e0bcdf14b8b930de20311
-Patch4: %{name}-2.66-Fix-regression-in-dhcp_lease_time-utility.patch
-# commit a66d36ea1112c861ad2f11ed40cc26973873e5be
-Patch5: %{name}-2.66-Manpage-typos.patch
-# commit 1c10b9de118c951a5aedc130e55101987dcc3feb
-Patch6: %{name}-2.66-Note-that-dhcp_lease_time-and-dhcp_release-work-for-IPv4.patch
-# commit 86e92f998379d219e10517dfa2c42f544ba164ce
-Patch7: %{name}-2.66-dhcp-match-now-work-with-BOOTP.patch
-
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: dbus-devel
@@ -72,15 +54,6 @@ query/remove a DHCP server's leases.
%prep
%setup -q -n %{name}-%{version}%{?extraversion}
-%patch0 -p1 -b .wrong_size
-%patch1 -p1 -b .zero_DHCP_option
-%patch2 -p1 -b .tcp_dns_in_one_packet
-%patch3 -p1 -b .SERVFAIL_crash
-%patch4 -p1 -b .dhcp_lease_time-regression
-%patch5 -p1
-%patch6 -p1 -b .utils_work_only_ipv4
-%patch7 -p1 -b .dhcp-match_bootp
-
# use /var/lib/dnsmasq instead of /var/lib/misc
for file in dnsmasq.conf.example man/dnsmasq.8 man/es/dnsmasq.8 src/config.h; do
sed -i 's|/var/lib/misc/dnsmasq.leases|/var/lib/dnsmasq/dnsmasq.leases|g' "$file"
@@ -164,6 +137,10 @@ rm -rf $RPM_BUILD_ROOT
%{_mandir}/man1/dhcp_*
%changelog
+* Wed May 15 2013 Tomas Hozza <thozza(a)redhat.com> - 2.67-0.1.test4
+- update to the latest testing release 2.67test4 (#962246)
+- drop mergerd patches
+
* Tue Apr 30 2013 Tomas Hozza <thozza(a)redhat.com> - 2.66-5
- dnsmasq unit file cleanup
- drop forking Type and PIDfile and rather start dnsmasq with "-k" option
diff --git a/sources b/sources
index ee41294..91c493a 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-c5eb8fb88847a5e9bf18db67c74efd47 dnsmasq-2.66.tar.gz
+11a823a512d7aeb1dedee5606a787d6f dnsmasq-2.67test4.tar.gz
11 years, 1 month
[dnsmasq/f17] Allocate dhcp_buff-ers also if daemon->ra_contexts to prevent SIGSEGV (#920300)
by Tomas Hozza
commit d62cdde5d551d8f3c73ff8080ebc99afbea6e25c
Author: Tomas Hozza <thozza(a)redhat.com>
Date: Fri Mar 15 11:41:41 2013 +0100
Allocate dhcp_buff-ers also if daemon->ra_contexts to prevent SIGSEGV (#920300)
Signed-off-by: Tomas Hozza <thozza(a)redhat.com>
...-dhcp_buff-ers-also-if-deamon-ra_contexts.patch | 37 ++++++++++++++++++++
dnsmasq.spec | 9 ++++-
2 files changed, 45 insertions(+), 1 deletions(-)
---
diff --git a/dnsmasq-2.65-Allocate-dhcp_buff-ers-also-if-deamon-ra_contexts.patch b/dnsmasq-2.65-Allocate-dhcp_buff-ers-also-if-deamon-ra_contexts.patch
new file mode 100644
index 0000000..3f6005f
--- /dev/null
+++ b/dnsmasq-2.65-Allocate-dhcp_buff-ers-also-if-deamon-ra_contexts.patch
@@ -0,0 +1,37 @@
+From c2845b1f4047c7441bae46c8651ab6a6df9d832c Mon Sep 17 00:00:00 2001
+From: Tomas Hozza <thozza(a)redhat.com>
+Date: Fri, 15 Mar 2013 10:55:55 +0100
+Subject: [PATCH] Allocate dhcp_buff-ers also if deamon->ra_contexts
+
+Allocate dhcp_buff and prevent SIGSEGV.
+
+Signed-off-by: Tomas Hozza <thozza(a)redhat.com>
+---
+ dnsmasq-2.65/src/dnsmasq.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/dnsmasq-2.65/src/dnsmasq.c b/dnsmasq-2.65/src/dnsmasq.c
+index 02055e9..d61810b 100644
+--- a/dnsmasq-2.65/src/dnsmasq.c
++++ b/dnsmasq-2.65/src/dnsmasq.c
+@@ -152,13 +152,16 @@ int main (int argc, char **argv)
+ now = dnsmasq_time();
+
+ #ifdef HAVE_DHCP
+- if (daemon->dhcp || daemon->dhcp6)
++ if (daemon->dhcp || daemon->dhcp6 || daemon->ra_contexts)
+ {
+ /* Note that order matters here, we must call lease_init before
+ creating any file descriptors which shouldn't be leaked
+ to the lease-script init process. We need to call common_init
+ before lease_init to allocate buffers it uses.*/
+ dhcp_common_init();
++ }
++ if (daemon->dhcp || daemon->dhcp6)
++ {
+ lease_init(now);
+
+ if (daemon->dhcp)
+--
+1.8.1.4
+
diff --git a/dnsmasq.spec b/dnsmasq.spec
index f5083c4..e56b0d8 100644
--- a/dnsmasq.spec
+++ b/dnsmasq.spec
@@ -11,7 +11,7 @@
Name: dnsmasq
Version: 2.65
-Release: 4%{?extraversion}%{?dist}
+Release: 5%{?extraversion}%{?dist}
Summary: A lightweight DHCP/caching DNS server
Group: System Environment/Daemons
@@ -24,6 +24,9 @@ Source1: %{name}.service
Patch0: %{name}-2.65-Correct-behaviour-for-TCP-queries-to-allowed-address.patch
# http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=e25db1f273920d5...
Patch1: %{name}-2.65-Handle-wrong-interface-for-locally-routed-packets.patch
+# Code has been completely rewritten in new version
+# http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2013q1/006967.html
+Patch2: %{name}-2.65-Allocate-dhcp_buff-ers-also-if-deamon-ra_contexts.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -60,6 +63,7 @@ query/remove a DHCP server's leases.
%patch0 -p1 -b .CVE-2013-0198
%patch1 -p1 -b .local_queries
+%patch2 -p2 -b .SIGSEGV
# use /var/lib/dnsmasq instead of /var/lib/misc
for file in dnsmasq.conf.example man/dnsmasq.8 man/es/dnsmasq.8 src/config.h; do
@@ -146,6 +150,9 @@ fi
%{_mandir}/man1/dhcp_*
%changelog
+* Fri Mar 15 2013 Tomas Hozza <thozza(a)redhat.com> - 2.65-5
+- Allocate dhcp_buff-ers also if daemon->ra_contexts to prevent SIGSEGV (#920300)
+
* Thu Jan 31 2013 Tomas Hozza <thozza(a)redhat.com> - 2.65-4
- Handle locally-routed DNS Queries (#904940)
11 years, 3 months
[dnsmasq/f18] Allocate dhcp_buff-ers also if daemon->ra_contexts to prevent SIGSEGV (#920300)
by Tomas Hozza
commit bebbe6c7d0874c7903ee8c58149208e82a7b2aeb
Author: Tomas Hozza <thozza(a)redhat.com>
Date: Fri Mar 15 11:41:41 2013 +0100
Allocate dhcp_buff-ers also if daemon->ra_contexts to prevent SIGSEGV (#920300)
Signed-off-by: Tomas Hozza <thozza(a)redhat.com>
...-dhcp_buff-ers-also-if-deamon-ra_contexts.patch | 37 ++++++++++++++++++++
dnsmasq.spec | 9 ++++-
2 files changed, 45 insertions(+), 1 deletions(-)
---
diff --git a/dnsmasq-2.65-Allocate-dhcp_buff-ers-also-if-deamon-ra_contexts.patch b/dnsmasq-2.65-Allocate-dhcp_buff-ers-also-if-deamon-ra_contexts.patch
new file mode 100644
index 0000000..3f6005f
--- /dev/null
+++ b/dnsmasq-2.65-Allocate-dhcp_buff-ers-also-if-deamon-ra_contexts.patch
@@ -0,0 +1,37 @@
+From c2845b1f4047c7441bae46c8651ab6a6df9d832c Mon Sep 17 00:00:00 2001
+From: Tomas Hozza <thozza(a)redhat.com>
+Date: Fri, 15 Mar 2013 10:55:55 +0100
+Subject: [PATCH] Allocate dhcp_buff-ers also if deamon->ra_contexts
+
+Allocate dhcp_buff and prevent SIGSEGV.
+
+Signed-off-by: Tomas Hozza <thozza(a)redhat.com>
+---
+ dnsmasq-2.65/src/dnsmasq.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/dnsmasq-2.65/src/dnsmasq.c b/dnsmasq-2.65/src/dnsmasq.c
+index 02055e9..d61810b 100644
+--- a/dnsmasq-2.65/src/dnsmasq.c
++++ b/dnsmasq-2.65/src/dnsmasq.c
+@@ -152,13 +152,16 @@ int main (int argc, char **argv)
+ now = dnsmasq_time();
+
+ #ifdef HAVE_DHCP
+- if (daemon->dhcp || daemon->dhcp6)
++ if (daemon->dhcp || daemon->dhcp6 || daemon->ra_contexts)
+ {
+ /* Note that order matters here, we must call lease_init before
+ creating any file descriptors which shouldn't be leaked
+ to the lease-script init process. We need to call common_init
+ before lease_init to allocate buffers it uses.*/
+ dhcp_common_init();
++ }
++ if (daemon->dhcp || daemon->dhcp6)
++ {
+ lease_init(now);
+
+ if (daemon->dhcp)
+--
+1.8.1.4
+
diff --git a/dnsmasq.spec b/dnsmasq.spec
index 8573333..65a4141 100644
--- a/dnsmasq.spec
+++ b/dnsmasq.spec
@@ -11,7 +11,7 @@
Name: dnsmasq
Version: 2.65
-Release: 4%{?extraversion}%{?dist}
+Release: 5%{?extraversion}%{?dist}
Summary: A lightweight DHCP/caching DNS server
Group: System Environment/Daemons
@@ -24,6 +24,9 @@ Source1: %{name}.service
Patch0: %{name}-2.65-Correct-behaviour-for-TCP-queries-to-allowed-address.patch
# http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=e25db1f273920d5...
Patch1: %{name}-2.65-Handle-wrong-interface-for-locally-routed-packets.patch
+# Code has been completely rewritten in new version
+# http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2013q1/006967.html
+Patch2: %{name}-2.65-Allocate-dhcp_buff-ers-also-if-deamon-ra_contexts.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -60,6 +63,7 @@ query/remove a DHCP server's leases.
%patch0 -p1 -b .CVE-2013-0198
%patch1 -p1 -b .local_queries
+%patch2 -p2 -b .SIGSEGV
# use /var/lib/dnsmasq instead of /var/lib/misc
for file in dnsmasq.conf.example man/dnsmasq.8 man/es/dnsmasq.8 src/config.h; do
@@ -137,6 +141,9 @@ rm -rf $RPM_BUILD_ROOT
%{_mandir}/man1/dhcp_*
%changelog
+* Fri Mar 15 2013 Tomas Hozza <thozza(a)redhat.com> - 2.65-5
+- Allocate dhcp_buff-ers also if daemon->ra_contexts to prevent SIGSEGV (#920300)
+
* Thu Jan 31 2013 Tomas Hozza <thozza(a)redhat.com> - 2.65-4
- Handle locally-routed DNS Queries (#904940)
11 years, 3 months