[dnsmasq/f20] update to 2.67test13
by Tomas Hozza
commit 2f4ab38b51c27b95fe7b75f2679162fd2fb2f59a
Author: Tomas Hozza <thozza(a)redhat.com>
Date: Thu Sep 12 10:56:50 2013 +0200
update to 2.67test13
- use .tar.xz upstream archives
Signed-off-by: Tomas Hozza <thozza(a)redhat.com>
.gitignore | 1 +
...ADDR-as-well-as-SOREUSEPORT-on-DHCP-socke.patch | 63 --------------------
dnsmasq.spec | 16 +++---
sources | 2 +-
4 files changed, 10 insertions(+), 72 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index 5283997..5e91f1e 100644
--- a/.gitignore
+++ b/.gitignore
@@ -9,3 +9,4 @@ dnsmasq-2.52.tar.lzma
/dnsmasq-2.66.tar.gz
/dnsmasq-2.67test4.tar.gz
/dnsmasq-2.67test7.tar.gz
+/dnsmasq-2.67test13.tar.xz
diff --git a/dnsmasq.spec b/dnsmasq.spec
index a27fa2c..0f555e5 100644
--- a/dnsmasq.spec
+++ b/dnsmasq.spec
@@ -2,7 +2,7 @@
%define releasecandidate 0
%if 0%{testrelease}
%define extrapath test-releases/
- %define extraversion test7
+ %define extraversion test13
%endif
%if 0%{releasecandidate}
%define extrapath release-candidates/
@@ -13,18 +13,16 @@
Name: dnsmasq
Version: 2.67
-Release: 0.6.%{?extraversion}%{?dist}
+Release: 0.7.%{?extraversion}%{?dist}
Summary: A lightweight DHCP/caching DNS server
Group: System Environment/Daemons
License: GPLv2
URL: http://www.thekelleys.org.uk/dnsmasq/
-Source0: http://www.thekelleys.org.uk/dnsmasq/%{?extrapath}%{name}-%{version}%{?ex...
+Source0: http://www.thekelleys.org.uk/dnsmasq/%{?extrapath}%{name}-%{version}%{?ex...
Source1: %{name}.service
-# commit ffbad34b310ab2db6a686c85f5c0a0e52c0680c8
-Patch0: %{name}-2.66-Set-SOREUSEADDR-as-well-as-SOREUSEPORT-on-DHCP-socke.patch
-
+# Patches
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -60,8 +58,6 @@ query/remove a DHCP server's leases.
%prep
%setup -q -n %{name}-%{version}%{?extraversion}
-%patch0 -p1 -b .reuseport
-
# use /var/lib/dnsmasq instead of /var/lib/misc
for file in dnsmasq.conf.example man/dnsmasq.8 man/es/dnsmasq.8 src/config.h; do
sed -i 's|/var/lib/misc/dnsmasq.leases|/var/lib/dnsmasq/dnsmasq.leases|g' "$file"
@@ -141,6 +137,10 @@ rm -rf $RPM_BUILD_ROOT
%{_mandir}/man1/dhcp_*
%changelog
+* Thu Sep 12 2013 Tomas Hozza <thozza(a)redhat.com> - 2.67-0.7.test13
+- update to 2.67test13
+- use .tar.xz upstream archives
+
* Thu Aug 15 2013 Tomas Hozza <thozza(a)redhat.com> - 2.67-0.6.test7
- Use SO_REUSEPORT and SO_REUSEADDR if possible for DHCPv4/6 (#981973)
diff --git a/sources b/sources
index 47cbf2c..60f98cd 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-88f0652170247a9bae97177e075ccc43 dnsmasq-2.67test7.tar.gz
+c9fe55d74cdb7886f611a0cafd98b346 dnsmasq-2.67test13.tar.xz
10 years, 8 months
pemensik pushed to dnsmasq (master). "Update to 2.82 (..more)"
by notifications@fedoraproject.org
Notification time stamped 2020-07-20 09:18:57 UTC
From 688ad97e82a56a82384294f78737f06c7d2bd35b Mon Sep 17 00:00:00 2001
From: Petr Menšík <pemensik(a)redhat.com>
Date: Jul 20 2020 09:17:37 +0000
Subject: Update to 2.82
Fixes DNS over TCP issues with sockets and TTL 0 DNSKEY and DS
validation.
Announcement:
http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2020q3/014201.html
---
diff --git a/.gitignore b/.gitignore
index dfca15a..3866a27 100644
--- a/.gitignore
+++ b/.gitignore
@@ -32,3 +32,5 @@ dnsmasq-2.52.tar.lzma
/dnsmasq-2.81rc3.tar.xz.asc
/dnsmasq-2.81.tar.xz
/dnsmasq-2.81.tar.xz.asc
+/dnsmasq-2.82.tar.xz
+/dnsmasq-2.82.tar.xz.asc
diff --git a/dnsmasq.spec b/dnsmasq.spec
index 7bc3eb2..039c56f 100644
--- a/dnsmasq.spec
+++ b/dnsmasq.spec
@@ -19,8 +19,8 @@
%bcond_with sourcegit
Name: dnsmasq
-Version: 2.81
-Release: 4%{?extraversion:.%{extraversion}}%{?dist}
+Version: 2.82
+Release: 1%{?extraversion:.%{extraversion}}%{?dist}
Summary: A lightweight DHCP/caching DNS server
License: GPLv2 or GPLv3
@@ -41,8 +41,6 @@ Patch1: dnsmasq-2.77-underflow.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1852373
Patch2: dnsmasq-2.81-configuration.patch
Patch3: dnsmasq-2.78-fips.patch
-# https://bugzilla.redhat.com/show_bug.cgi?id=1728701
-Patch7: dnsmasq-2.80-rh1728701.patch
Patch9: dnsmasq-2.80-SIOCGSTAMP.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1834454
Patch17: dnsmasq-2.81-rh1834454.patch
@@ -186,6 +184,9 @@ install -Dpm 644 %{SOURCE2} %{buildroot}%{_sysusersdir}/%{name}.conf
%{_mandir}/man1/dhcp_*
%changelog
+* Mon Jul 20 2020 Petr Menšík <pemensik(a)redhat.com> - 2.82-1
+- Update to 2.82
+
* Tue Jun 30 2020 Petr Menšík <pemensik(a)redhat.com> - 2.81-4
- Accept queries only from localhost (CVE-2020-14312)
diff --git a/sources b/sources
index 974e9b0..f1e2285 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
-SHA512 (dnsmasq-2.81.tar.xz) = 85550c9782fef9b0710d0e233523ed1fe26e877a8bc53fcea3f7cf1fb17c3a79c46f284a99dab2bdaf6a107ea3f1a71cec476ab6d4e1b936da6591aaef42c88e
-SHA512 (dnsmasq-2.81.tar.xz.asc) = 8f102efb3f9ccf5509db60e81ef9fe2515cd4813dafdc7bb24a8f3246a3ededd62ca37171abbba3ef5b547313d344778d922ab8fd91bacd6351f4ab73ced74ef
+SHA512 (dnsmasq-2.82.tar.xz) = faf36efdaa3abe84994e46aea018b0a324218d42814baac056ca635f6d03f1301e7b4d958f92b272a8e3a7ac358f3a4e2606129a217587b471aedb3ce23e903b
+SHA512 (dnsmasq-2.82.tar.xz.asc) = e52a9b6589b37a97313654f78f86cf9f9c501dc8f38b3775b8b6ebfe6e4f4a54d3aa73ac9cf0472eac3a32ec930a8b4fc5a6a809b396e7ade16988d3c034b5bd
https://src.fedoraproject.org/rpms/dnsmasq/c/688ad97e82a56a82384294f78737...
3 years, 10 months
pemensik pushed to dnsmasq (f32). "Update to 2.82 (..more)"
by notifications@fedoraproject.org
Notification time stamped 2021-01-19 22:16:09 UTC
From b207dc3e840282124761aa472a0232969fbf5b14 Mon Sep 17 00:00:00 2001
From: Petr Menšík <pemensik(a)redhat.com>
Date: Jan 19 2021 22:14:32 +0000
Subject: Update to 2.82
Fixes DNS over TCP issues with sockets and TTL 0 DNSKEY and DS
validation.
Announcement:
http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2020q3/014201.html
---
diff --git a/.gitignore b/.gitignore
index dfca15a..3866a27 100644
--- a/.gitignore
+++ b/.gitignore
@@ -32,3 +32,5 @@ dnsmasq-2.52.tar.lzma
/dnsmasq-2.81rc3.tar.xz.asc
/dnsmasq-2.81.tar.xz
/dnsmasq-2.81.tar.xz.asc
+/dnsmasq-2.82.tar.xz
+/dnsmasq-2.82.tar.xz.asc
diff --git a/dnsmasq.spec b/dnsmasq.spec
index 4fbecbc..5430d5b 100644
--- a/dnsmasq.spec
+++ b/dnsmasq.spec
@@ -19,8 +19,8 @@
%bcond_with sourcegit
Name: dnsmasq
-Version: 2.81
-Release: 5%{?extraversion:.%{extraversion}}%{?dist}
+Version: 2.82
+Release: 1%{?extraversion:.%{extraversion}}%{?dist}
Summary: A lightweight DHCP/caching DNS server
License: GPLv2 or GPLv3
@@ -41,8 +41,6 @@ Patch1: dnsmasq-2.77-underflow.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1852373
Patch2: dnsmasq-2.81-configuration.patch
Patch3: dnsmasq-2.78-fips.patch
-# https://bugzilla.redhat.com/show_bug.cgi?id=1728701
-Patch7: dnsmasq-2.80-rh1728701.patch
Patch9: dnsmasq-2.80-SIOCGSTAMP.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1834454
Patch17: dnsmasq-2.81-rh1834454.patch
@@ -186,6 +184,9 @@ install -Dpm 644 %{SOURCE2} %{buildroot}%{_sysusersdir}/%{name}.conf
%{_mandir}/man1/dhcp_*
%changelog
+* Mon Jul 20 2020 Petr Menšík <pemensik(a)redhat.com> - 2.82-1
+- Update to 2.82
+
* Wed Sep 30 2020 Petr Menšík <pemensik(a)redhat.com> - 2.81-5
- Listen only on localhost interface, return port unreachable on all others
(#1852373)
diff --git a/sources b/sources
index 974e9b0..f1e2285 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
-SHA512 (dnsmasq-2.81.tar.xz) = 85550c9782fef9b0710d0e233523ed1fe26e877a8bc53fcea3f7cf1fb17c3a79c46f284a99dab2bdaf6a107ea3f1a71cec476ab6d4e1b936da6591aaef42c88e
-SHA512 (dnsmasq-2.81.tar.xz.asc) = 8f102efb3f9ccf5509db60e81ef9fe2515cd4813dafdc7bb24a8f3246a3ededd62ca37171abbba3ef5b547313d344778d922ab8fd91bacd6351f4ab73ced74ef
+SHA512 (dnsmasq-2.82.tar.xz) = faf36efdaa3abe84994e46aea018b0a324218d42814baac056ca635f6d03f1301e7b4d958f92b272a8e3a7ac358f3a4e2606129a217587b471aedb3ce23e903b
+SHA512 (dnsmasq-2.82.tar.xz.asc) = e52a9b6589b37a97313654f78f86cf9f9c501dc8f38b3775b8b6ebfe6e4f4a54d3aa73ac9cf0472eac3a32ec930a8b4fc5a6a809b396e7ade16988d3c034b5bd
https://src.fedoraproject.org/rpms/dnsmasq/c/b207dc3e840282124761aa472a02...
3 years, 4 months
[dnsmasq/f17] Fix for CVE-2013-0198 (checking of TCP connection interfaces)
by Tomas Hozza
commit 76718e7dc3eb058e901b90dff9b8827b24f9f95a
Author: Tomas Hozza <thozza(a)redhat.com>
Date: Tue Jan 22 17:40:49 2013 +0100
Fix for CVE-2013-0198 (checking of TCP connection interfaces)
Resolves: rhbz#901555
Signed-off-by: Tomas Hozza <thozza(a)redhat.com>
...aviour-for-TCP-queries-to-allowed-address.patch | 189 ++++++++++++++++++++
dnsmasq.spec | 10 +-
2 files changed, 198 insertions(+), 1 deletions(-)
---
diff --git a/dnsmasq-2.65-Correct-behaviour-for-TCP-queries-to-allowed-address.patch b/dnsmasq-2.65-Correct-behaviour-for-TCP-queries-to-allowed-address.patch
new file mode 100644
index 0000000..4b08fdc
--- /dev/null
+++ b/dnsmasq-2.65-Correct-behaviour-for-TCP-queries-to-allowed-address.patch
@@ -0,0 +1,189 @@
+diff -up dnsmasq-2.65/src/dnsmasq.c.CVE-2013-0198 dnsmasq-2.65/src/dnsmasq.c
+--- dnsmasq-2.65/src/dnsmasq.c.CVE-2013-0198 2012-12-14 12:48:26.000000000 +0100
++++ dnsmasq-2.65/src/dnsmasq.c 2013-01-22 16:32:30.387640907 +0100
+@@ -1384,7 +1384,7 @@ static void check_dns_listeners(fd_set *
+
+ if (listener->tcpfd != -1 && FD_ISSET(listener->tcpfd, set))
+ {
+- int confd;
++ int confd, client_ok = 1;
+ struct irec *iface = NULL;
+ pid_t p;
+ union mysockaddr tcp_addr;
+@@ -1395,25 +1395,49 @@ static void check_dns_listeners(fd_set *
+ if (confd == -1 ||
+ getsockname(confd, (struct sockaddr *)&tcp_addr, &tcp_len) == -1)
+ continue;
+-
+- if (option_bool(OPT_NOWILD) || option_bool(OPT_CLEVERBIND))
++
++ if (option_bool(OPT_NOWILD))
+ iface = listener->iface; /* May be NULL */
+- else
+- {
+- /* Check for allowed interfaces when binding the wildcard address:
+- we do this by looking for an interface with the same address as
+- the local address of the TCP connection, then looking to see if that's
+- an allowed interface. As a side effect, we get the netmask of the
+- interface too, for localisation. */
+-
+- /* interface may be new since startup */
+- if (enumerate_interfaces())
+- for (iface = daemon->interfaces; iface; iface = iface->next)
+- if (sockaddr_isequal(&iface->addr, &tcp_addr))
+- break;
+- }
+-
+- if (!iface && !(option_bool(OPT_NOWILD) || option_bool(OPT_CLEVERBIND)))
++ else
++ {
++ int if_index;
++
++ /* In full wildcard mode, need to refresh interface list.
++ This happens automagically in CLEVERBIND */
++ if (!option_bool(OPT_CLEVERBIND))
++ enumerate_interfaces();
++
++ /* if we can find the arrival interface, check it's one that's allowed */
++ if ((if_index = tcp_interface(confd, tcp_addr.sa.sa_family)) != 0)
++ {
++ for (iface = daemon->interfaces; iface; iface = iface->next)
++ if (iface->index == if_index)
++ break;
++
++ if (!iface)
++ client_ok = 0;
++ }
++
++ if (option_bool(OPT_CLEVERBIND))
++ iface = listener->iface; /* May be NULL */
++ else
++ {
++ /* Check for allowed interfaces when binding the wildcard address:
++ we do this by looking for an interface with the same address as
++ the local address of the TCP connection, then looking to see if that's
++ an allowed interface. As a side effect, we get the netmask of the
++ interface too, for localisation. */
++
++ for (iface = daemon->interfaces; iface; iface = iface->next)
++ if (sockaddr_isequal(&iface->addr, &tcp_addr))
++ break;
++
++ if (!iface)
++ client_ok = 0;
++ }
++ }
++
++ if (!client_ok)
+ {
+ shutdown(confd, SHUT_RDWR);
+ close(confd);
+diff -up dnsmasq-2.65/src/dnsmasq.h.CVE-2013-0198 dnsmasq-2.65/src/dnsmasq.h
+--- dnsmasq-2.65/src/dnsmasq.h.CVE-2013-0198 2012-12-14 12:48:26.000000000 +0100
++++ dnsmasq-2.65/src/dnsmasq.h 2013-01-22 16:32:30.387640907 +0100
+@@ -412,7 +412,7 @@ struct server {
+ struct irec {
+ union mysockaddr addr;
+ struct in_addr netmask; /* only valid for IPv4 */
+- int tftp_ok, dhcp_ok, mtu, done, dad;
++ int tftp_ok, dhcp_ok, mtu, done, dad, index;
+ char *name;
+ struct irec *next;
+ };
+@@ -955,6 +955,7 @@ void create_bound_listeners(int die);
+ int is_dad_listeners(void);
+ int iface_check(int family, struct all_addr *addr, char *name);
+ int fix_fd(int fd);
++int tcp_interface(int fd, int af);
+ struct in_addr get_ifaddr(char *intr);
+ #ifdef HAVE_IPV6
+ int set_ipv6pktinfo(int fd);
+diff -up dnsmasq-2.65/src/network.c.CVE-2013-0198 dnsmasq-2.65/src/network.c
+--- dnsmasq-2.65/src/network.c.CVE-2013-0198 2012-12-14 12:48:26.000000000 +0100
++++ dnsmasq-2.65/src/network.c 2013-01-22 17:33:00.349128334 +0100
+@@ -239,6 +239,7 @@ static int iface_allowed(struct irec **i
+ iface->mtu = mtu;
+ iface->dad = dad;
+ iface->done = 0;
++ iface->index = if_index;
+ if ((iface->name = whine_malloc(strlen(ifr.ifr_name)+1)))
+ {
+ strcpy(iface->name, ifr.ifr_name);
+@@ -420,6 +421,77 @@ int set_ipv6pktinfo(int fd)
+ return 0;
+ }
+ #endif
++
++
++/* Find the interface on which a TCP connection arrived, if possible, or zero otherwise. */
++int tcp_interface(int fd, int af)
++{
++ int if_index = 0;
++
++#ifdef HAVE_LINUX_NETWORK
++ int opt = 1;
++ struct cmsghdr *cmptr;
++ struct msghdr msg;
++
++ /* use mshdr do that the CMSDG_* macros are available */
++ msg.msg_control = daemon->packet;
++ msg.msg_controllen = daemon->packet_buff_sz;
++
++ /* we overwrote the buffer... */
++ daemon->srv_save = NULL;
++
++ if (af == AF_INET)
++ {
++ if (setsockopt(fd, IPPROTO_IP, IP_PKTINFO, &opt, sizeof(opt)) != -1 &&
++ getsockopt(fd, IPPROTO_IP, IP_PKTOPTIONS, msg.msg_control, (socklen_t *)&msg.msg_controllen) != -1)
++ for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr))
++ if (cmptr->cmsg_level == IPPROTO_IP && cmptr->cmsg_type == IP_PKTINFO)
++ {
++ union {
++ unsigned char *c;
++ struct in_pktinfo *p;
++ } p;
++
++ p.c = CMSG_DATA(cmptr);
++ if_index = p.p->ipi_ifindex;
++ }
++ }
++#ifdef HAVE_IPV6
++ else
++ {
++ /* Only the RFC-2292 API has the ability to find the interface for TCP connections,
++ it was removed in RFC-3542 !!!!
++
++ Fortunately, Linux kept the 2292 ABI when it moved to 3542. The following code always
++ uses the old ABI, and should work with pre- and post-3542 kernel headers */
++
++#ifdef IPV6_2292PKTOPTIONS
++# define PKTOPTIONS IPV6_2292PKTOPTIONS
++#else
++# define PKTOPTIONS IPV6_PKTOPTIONS
++#endif
++
++ if (set_ipv6pktinfo(fd) &&
++ getsockopt(fd, IPPROTO_IPV6, PKTOPTIONS, msg.msg_control, (socklen_t *)&msg.msg_controllen) != -1)
++ {
++ for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr))
++ if (cmptr->cmsg_level == IPPROTO_IPV6 && cmptr->cmsg_type == daemon->v6pktinfo)
++ {
++ union {
++ unsigned char *c;
++ struct in6_pktinfo *p;
++ } p;
++ p.c = CMSG_DATA(cmptr);
++
++ if_index = p.p->ipi6_ifindex;
++ }
++ }
++ }
++#endif /* IPV6 */
++#endif /* Linux */
++
++ return if_index;
++}
+
+ static struct listener *create_listeners(union mysockaddr *addr, int do_tftp, int dienow)
+ {
diff --git a/dnsmasq.spec b/dnsmasq.spec
index b9e9654..e224ae2 100644
--- a/dnsmasq.spec
+++ b/dnsmasq.spec
@@ -11,7 +11,7 @@
Name: dnsmasq
Version: 2.65
-Release: 1%{?extraversion}%{?dist}
+Release: 2%{?extraversion}%{?dist}
Summary: A lightweight DHCP/caching DNS server
Group: System Environment/Daemons
@@ -20,6 +20,9 @@ URL: http://www.thekelleys.org.uk/dnsmasq/
Source0: http://www.thekelleys.org.uk/dnsmasq/%{?extrapath}%{name}-%{version}%{?ex...
Source1: %{name}.service
+# http://www.thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=22ce550e534...
+Patch0: %{name}-2.65-Correct-behaviour-for-TCP-queries-to-allowed-address.patch
+
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: dbus-devel
@@ -53,6 +56,8 @@ query/remove a DHCP server's leases.
%prep
%setup -q -n %{name}-%{version}%{?extraversion}
+%patch0 -p1 -b .CVE-2013-0198
+
# use /var/lib/dnsmasq instead of /var/lib/misc
for file in dnsmasq.conf.example man/dnsmasq.8 man/es/dnsmasq.8 src/config.h; do
sed -i 's|/var/lib/misc/dnsmasq.leases|/var/lib/dnsmasq/dnsmasq.leases|g' "$file"
@@ -140,6 +145,9 @@ fi
%{_mandir}/man1/dhcp_*
%changelog
+* Tue Jan 22 2013 Tomas Hozza <thozza(a)redhat.com> - 2.65-2
+- Fix for CVE-2013-0198 (checking of TCP connection interfaces) (#901555)
+
* Sat Dec 15 2012 Tomas Hozza <thozza(a)redhat.com> - 2.65-1
- new version 2.65
11 years, 4 months
[dnsmasq/f18] Fix for CVE-2013-0198 (checking of TCP connection interfaces)
by Tomas Hozza
commit 837eefae26c209cb0204f376ed23f5b339e63424
Author: Tomas Hozza <thozza(a)redhat.com>
Date: Tue Jan 22 17:40:49 2013 +0100
Fix for CVE-2013-0198 (checking of TCP connection interfaces)
Resolves: rhbz#901555
Signed-off-by: Tomas Hozza <thozza(a)redhat.com>
...aviour-for-TCP-queries-to-allowed-address.patch | 189 ++++++++++++++++++++
dnsmasq.spec | 10 +-
2 files changed, 198 insertions(+), 1 deletions(-)
---
diff --git a/dnsmasq-2.65-Correct-behaviour-for-TCP-queries-to-allowed-address.patch b/dnsmasq-2.65-Correct-behaviour-for-TCP-queries-to-allowed-address.patch
new file mode 100644
index 0000000..4b08fdc
--- /dev/null
+++ b/dnsmasq-2.65-Correct-behaviour-for-TCP-queries-to-allowed-address.patch
@@ -0,0 +1,189 @@
+diff -up dnsmasq-2.65/src/dnsmasq.c.CVE-2013-0198 dnsmasq-2.65/src/dnsmasq.c
+--- dnsmasq-2.65/src/dnsmasq.c.CVE-2013-0198 2012-12-14 12:48:26.000000000 +0100
++++ dnsmasq-2.65/src/dnsmasq.c 2013-01-22 16:32:30.387640907 +0100
+@@ -1384,7 +1384,7 @@ static void check_dns_listeners(fd_set *
+
+ if (listener->tcpfd != -1 && FD_ISSET(listener->tcpfd, set))
+ {
+- int confd;
++ int confd, client_ok = 1;
+ struct irec *iface = NULL;
+ pid_t p;
+ union mysockaddr tcp_addr;
+@@ -1395,25 +1395,49 @@ static void check_dns_listeners(fd_set *
+ if (confd == -1 ||
+ getsockname(confd, (struct sockaddr *)&tcp_addr, &tcp_len) == -1)
+ continue;
+-
+- if (option_bool(OPT_NOWILD) || option_bool(OPT_CLEVERBIND))
++
++ if (option_bool(OPT_NOWILD))
+ iface = listener->iface; /* May be NULL */
+- else
+- {
+- /* Check for allowed interfaces when binding the wildcard address:
+- we do this by looking for an interface with the same address as
+- the local address of the TCP connection, then looking to see if that's
+- an allowed interface. As a side effect, we get the netmask of the
+- interface too, for localisation. */
+-
+- /* interface may be new since startup */
+- if (enumerate_interfaces())
+- for (iface = daemon->interfaces; iface; iface = iface->next)
+- if (sockaddr_isequal(&iface->addr, &tcp_addr))
+- break;
+- }
+-
+- if (!iface && !(option_bool(OPT_NOWILD) || option_bool(OPT_CLEVERBIND)))
++ else
++ {
++ int if_index;
++
++ /* In full wildcard mode, need to refresh interface list.
++ This happens automagically in CLEVERBIND */
++ if (!option_bool(OPT_CLEVERBIND))
++ enumerate_interfaces();
++
++ /* if we can find the arrival interface, check it's one that's allowed */
++ if ((if_index = tcp_interface(confd, tcp_addr.sa.sa_family)) != 0)
++ {
++ for (iface = daemon->interfaces; iface; iface = iface->next)
++ if (iface->index == if_index)
++ break;
++
++ if (!iface)
++ client_ok = 0;
++ }
++
++ if (option_bool(OPT_CLEVERBIND))
++ iface = listener->iface; /* May be NULL */
++ else
++ {
++ /* Check for allowed interfaces when binding the wildcard address:
++ we do this by looking for an interface with the same address as
++ the local address of the TCP connection, then looking to see if that's
++ an allowed interface. As a side effect, we get the netmask of the
++ interface too, for localisation. */
++
++ for (iface = daemon->interfaces; iface; iface = iface->next)
++ if (sockaddr_isequal(&iface->addr, &tcp_addr))
++ break;
++
++ if (!iface)
++ client_ok = 0;
++ }
++ }
++
++ if (!client_ok)
+ {
+ shutdown(confd, SHUT_RDWR);
+ close(confd);
+diff -up dnsmasq-2.65/src/dnsmasq.h.CVE-2013-0198 dnsmasq-2.65/src/dnsmasq.h
+--- dnsmasq-2.65/src/dnsmasq.h.CVE-2013-0198 2012-12-14 12:48:26.000000000 +0100
++++ dnsmasq-2.65/src/dnsmasq.h 2013-01-22 16:32:30.387640907 +0100
+@@ -412,7 +412,7 @@ struct server {
+ struct irec {
+ union mysockaddr addr;
+ struct in_addr netmask; /* only valid for IPv4 */
+- int tftp_ok, dhcp_ok, mtu, done, dad;
++ int tftp_ok, dhcp_ok, mtu, done, dad, index;
+ char *name;
+ struct irec *next;
+ };
+@@ -955,6 +955,7 @@ void create_bound_listeners(int die);
+ int is_dad_listeners(void);
+ int iface_check(int family, struct all_addr *addr, char *name);
+ int fix_fd(int fd);
++int tcp_interface(int fd, int af);
+ struct in_addr get_ifaddr(char *intr);
+ #ifdef HAVE_IPV6
+ int set_ipv6pktinfo(int fd);
+diff -up dnsmasq-2.65/src/network.c.CVE-2013-0198 dnsmasq-2.65/src/network.c
+--- dnsmasq-2.65/src/network.c.CVE-2013-0198 2012-12-14 12:48:26.000000000 +0100
++++ dnsmasq-2.65/src/network.c 2013-01-22 17:33:00.349128334 +0100
+@@ -239,6 +239,7 @@ static int iface_allowed(struct irec **i
+ iface->mtu = mtu;
+ iface->dad = dad;
+ iface->done = 0;
++ iface->index = if_index;
+ if ((iface->name = whine_malloc(strlen(ifr.ifr_name)+1)))
+ {
+ strcpy(iface->name, ifr.ifr_name);
+@@ -420,6 +421,77 @@ int set_ipv6pktinfo(int fd)
+ return 0;
+ }
+ #endif
++
++
++/* Find the interface on which a TCP connection arrived, if possible, or zero otherwise. */
++int tcp_interface(int fd, int af)
++{
++ int if_index = 0;
++
++#ifdef HAVE_LINUX_NETWORK
++ int opt = 1;
++ struct cmsghdr *cmptr;
++ struct msghdr msg;
++
++ /* use mshdr do that the CMSDG_* macros are available */
++ msg.msg_control = daemon->packet;
++ msg.msg_controllen = daemon->packet_buff_sz;
++
++ /* we overwrote the buffer... */
++ daemon->srv_save = NULL;
++
++ if (af == AF_INET)
++ {
++ if (setsockopt(fd, IPPROTO_IP, IP_PKTINFO, &opt, sizeof(opt)) != -1 &&
++ getsockopt(fd, IPPROTO_IP, IP_PKTOPTIONS, msg.msg_control, (socklen_t *)&msg.msg_controllen) != -1)
++ for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr))
++ if (cmptr->cmsg_level == IPPROTO_IP && cmptr->cmsg_type == IP_PKTINFO)
++ {
++ union {
++ unsigned char *c;
++ struct in_pktinfo *p;
++ } p;
++
++ p.c = CMSG_DATA(cmptr);
++ if_index = p.p->ipi_ifindex;
++ }
++ }
++#ifdef HAVE_IPV6
++ else
++ {
++ /* Only the RFC-2292 API has the ability to find the interface for TCP connections,
++ it was removed in RFC-3542 !!!!
++
++ Fortunately, Linux kept the 2292 ABI when it moved to 3542. The following code always
++ uses the old ABI, and should work with pre- and post-3542 kernel headers */
++
++#ifdef IPV6_2292PKTOPTIONS
++# define PKTOPTIONS IPV6_2292PKTOPTIONS
++#else
++# define PKTOPTIONS IPV6_PKTOPTIONS
++#endif
++
++ if (set_ipv6pktinfo(fd) &&
++ getsockopt(fd, IPPROTO_IPV6, PKTOPTIONS, msg.msg_control, (socklen_t *)&msg.msg_controllen) != -1)
++ {
++ for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr))
++ if (cmptr->cmsg_level == IPPROTO_IPV6 && cmptr->cmsg_type == daemon->v6pktinfo)
++ {
++ union {
++ unsigned char *c;
++ struct in6_pktinfo *p;
++ } p;
++ p.c = CMSG_DATA(cmptr);
++
++ if_index = p.p->ipi6_ifindex;
++ }
++ }
++ }
++#endif /* IPV6 */
++#endif /* Linux */
++
++ return if_index;
++}
+
+ static struct listener *create_listeners(union mysockaddr *addr, int do_tftp, int dienow)
+ {
diff --git a/dnsmasq.spec b/dnsmasq.spec
index 40cc1b8..72a8be9 100644
--- a/dnsmasq.spec
+++ b/dnsmasq.spec
@@ -11,7 +11,7 @@
Name: dnsmasq
Version: 2.65
-Release: 1%{?extraversion}%{?dist}
+Release: 2%{?extraversion}%{?dist}
Summary: A lightweight DHCP/caching DNS server
Group: System Environment/Daemons
@@ -20,6 +20,9 @@ URL: http://www.thekelleys.org.uk/dnsmasq/
Source0: http://www.thekelleys.org.uk/dnsmasq/%{?extrapath}%{name}-%{version}%{?ex...
Source1: %{name}.service
+# http://www.thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=22ce550e534...
+Patch0: %{name}-2.65-Correct-behaviour-for-TCP-queries-to-allowed-address.patch
+
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: dbus-devel
@@ -53,6 +56,8 @@ query/remove a DHCP server's leases.
%prep
%setup -q -n %{name}-%{version}%{?extraversion}
+%patch0 -p1 -b .CVE-2013-0198
+
# use /var/lib/dnsmasq instead of /var/lib/misc
for file in dnsmasq.conf.example man/dnsmasq.8 man/es/dnsmasq.8 src/config.h; do
sed -i 's|/var/lib/misc/dnsmasq.leases|/var/lib/dnsmasq/dnsmasq.leases|g' "$file"
@@ -131,6 +136,9 @@ rm -rf $RPM_BUILD_ROOT
%{_mandir}/man1/dhcp_*
%changelog
+* Tue Jan 22 2013 Tomas Hozza <thozza(a)redhat.com> - 2.65-2
+- Fix for CVE-2013-0198 (checking of TCP connection interfaces) (#901555)
+
* Sat Dec 15 2012 Tomas Hozza <thozza(a)redhat.com> - 2.65-1
- new version 2.65
11 years, 4 months
[dnsmasq] Fix failure to start with ENOTSOCK (#962874)
by Tomas Hozza
commit 4b348e1002cd1059ee54e35dbb7f837c4d91ada6
Author: Tomas Hozza <thozza(a)redhat.com>
Date: Fri May 17 15:30:55 2013 +0200
Fix failure to start with ENOTSOCK (#962874)
Signed-off-by: Tomas Hozza <thozza(a)redhat.com>
...q-2.67-Fix-failure-to-start-with-ENOTSOCK.patch | 44 ++++++++++++++++++++
dnsmasq.spec | 11 ++++-
2 files changed, 54 insertions(+), 1 deletions(-)
---
diff --git a/dnsmasq-2.67-Fix-failure-to-start-with-ENOTSOCK.patch b/dnsmasq-2.67-Fix-failure-to-start-with-ENOTSOCK.patch
new file mode 100644
index 0000000..26b2795
--- /dev/null
+++ b/dnsmasq-2.67-Fix-failure-to-start-with-ENOTSOCK.patch
@@ -0,0 +1,44 @@
+From cfcad42ff1ddee8e64d120f18016a654152d0215 Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon(a)thekelleys.org.uk>
+Date: Fri, 17 May 2013 11:32:03 +0100
+Subject: [PATCH] Fix failure to start with ENOTSOCK
+
+---
+ CHANGELOG | 6 ++++++
+ src/dnsmasq.c | 2 +-
+ 2 files changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/CHANGELOG b/CHANGELOG
+index 7aa0024..48b6070 100644
+--- a/CHANGELOG
++++ b/CHANGELOG
+@@ -31,7 +31,13 @@ version 2.67
+ want to continue to bind the aliases too, you need to add
+ eg. --interface=eth0:0 to the config.
+
++ Fix "failed to set SO_BINDTODEVICE on DHCP socket: Socket
++ operation on non-socket" error on startup with
++ configurations which have exactly one --interface option
++ and do RA but _not_ DHCPv6. Thanks to Trever Adams for the
++ bug report.
+
++
+ version 2.66
+ Add the ability to act as an authoritative DNS
+ server. Dnsmasq can now answer queries from the wider 'net
+diff --git a/src/dnsmasq.c b/src/dnsmasq.c
+index 43b8cb1..b0f984d 100644
+--- a/src/dnsmasq.c
++++ b/src/dnsmasq.c
+@@ -248,7 +248,7 @@ int main (int argc, char **argv)
+ #endif
+
+ #if defined(HAVE_LINUX_NETWORK) && defined(HAVE_DHCP6)
+- if (daemon->dhcp6)
++ if (daemon->doing_dhcp6)
+ bindtodevice(daemon->dhcp6fd);
+ #endif
+ }
+--
+1.8.1.4
+
diff --git a/dnsmasq.spec b/dnsmasq.spec
index b007ecb..146a10f 100644
--- a/dnsmasq.spec
+++ b/dnsmasq.spec
@@ -11,7 +11,7 @@
Name: dnsmasq
Version: 2.67
-Release: 0.1.%{?extraversion}%{?dist}
+Release: 0.2.%{?extraversion}%{?dist}
Summary: A lightweight DHCP/caching DNS server
Group: System Environment/Daemons
@@ -20,6 +20,10 @@ URL: http://www.thekelleys.org.uk/dnsmasq/
Source0: http://www.thekelleys.org.uk/dnsmasq/%{?extrapath}%{name}-%{version}%{?ex...
Source1: %{name}.service
+# Patches from upstream repo git://thekelleys.org.uk/dnsmasq.git
+# commit cfcad42ff1ddee8e64d120f18016a654152d0215 - Bug #962874
+Patch0: %{name}-2.67-Fix-failure-to-start-with-ENOTSOCK.patch
+
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: dbus-devel
@@ -54,6 +58,8 @@ query/remove a DHCP server's leases.
%prep
%setup -q -n %{name}-%{version}%{?extraversion}
+%patch0 -p1 -b .enotsock_failure
+
# use /var/lib/dnsmasq instead of /var/lib/misc
for file in dnsmasq.conf.example man/dnsmasq.8 man/es/dnsmasq.8 src/config.h; do
sed -i 's|/var/lib/misc/dnsmasq.leases|/var/lib/dnsmasq/dnsmasq.leases|g' "$file"
@@ -137,6 +143,9 @@ rm -rf $RPM_BUILD_ROOT
%{_mandir}/man1/dhcp_*
%changelog
+* Fri May 17 2013 Tomas Hozza <thozza(a)redhat.com> - 2.67-0.2.test4
+- Fix failure to start with ENOTSOCK (#962874)
+
* Wed May 15 2013 Tomas Hozza <thozza(a)redhat.com> - 2.67-0.1.test4
- update to the latest testing release 2.67test4 (#962246)
- drop mergerd patches
11 years
[openstack-ironic-discoverd] 0.2.1-2: add unit and configuration for dnsmasq
by Dmitry Tantsur
commit 7745bdac3c9aa098e0e56c57075bbf695a83db9f
Author: Dmitry Tantsur <divius.inside(a)gmail.com>
Date: Thu Oct 23 09:59:04 2014 +0200
0.2.1-2: add unit and configuration for dnsmasq
dnsmasq.conf | 10 ++++++++++
openstack-ironic-discoverd-dnsmasq.service | 11 +++++++++++
openstack-ironic-discoverd.spec | 18 ++++++++++++++++--
3 files changed, 37 insertions(+), 2 deletions(-)
---
diff --git a/dnsmasq.conf b/dnsmasq.conf
new file mode 100644
index 0000000..93ffc6a
--- /dev/null
+++ b/dnsmasq.conf
@@ -0,0 +1,10 @@
+# This is the recommend minimum for using discovery
+port=0
+bind-interfaces
+enable-tftp
+
+# These values do not have reasonable defaults
+#tftp-root=/tftpboot
+#interface=
+#dhcp-range=
+#dhcp-boot=
diff --git a/openstack-ironic-discoverd-dnsmasq.service b/openstack-ironic-discoverd-dnsmasq.service
new file mode 100644
index 0000000..7202c88
--- /dev/null
+++ b/openstack-ironic-discoverd-dnsmasq.service
@@ -0,0 +1,11 @@
+[Unit]
+Description=PXE boot dnsmasq service for ironic-discoverd
+After=openvswitch.service
+
+[Service]
+Type=forking
+ExecStart=/sbin/dnsmasq --conf-file=/etc/ironic-discoverd/dnsmasq.conf
+
+[Install]
+WantedBy=multi-user.target
+Alias=openstack-ironic-discoverd-dnsmasq.service
diff --git a/openstack-ironic-discoverd.spec b/openstack-ironic-discoverd.spec
index ccd36ff..1b755a9 100644
--- a/openstack-ironic-discoverd.spec
+++ b/openstack-ironic-discoverd.spec
@@ -3,13 +3,15 @@
Name: openstack-ironic-discoverd
Summary: Hardware discovery daemon for OpenStack Ironic
Version: 0.2.1
-Release: 1%{?dist}
+Release: 2%{?dist}
License: ASL 2.0
Group: System Environment/Base
URL: https://github.com/Divius/ironic-discoverd
Source0: https://pypi.python.org/packages/source/i/ironic-discoverd/ironic-discove...
Source1: openstack-ironic-discoverd.service
+Source2: openstack-ironic-discoverd-dnsmasq.service
+Source3: dnsmasq.conf
BuildArch: noarch
BuildRequires: python-setuptools
@@ -24,6 +26,7 @@ Requires: python-ironicclient
Requires: python-keystoneclient
Requires: python-requests
Requires: python-six
+Requires: dnsmasq
%prep
@@ -41,13 +44,15 @@ install -p -D -m 644 ironic-discoverd.8 %{buildroot}%{_mandir}/man8/
# install systemd scripts
mkdir -p %{buildroot}%{_unitdir}
install -p -D -m 644 %{SOURCE1} %{buildroot}%{_unitdir}
+install -p -D -m 644 %{SOURCE2} %{buildroot}%{_unitdir}
# configuration contains passwords, thus 640
install -p -D -m 640 example.conf %{buildroot}/%{_sysconfdir}/ironic-discoverd/discoverd.conf
+install -p -D -m 644 %{SOURCE3} %{buildroot}/%{_sysconfdir}/ironic-discoverd/dnsmasq.conf
%description
-Simple hardware properties discovery daemon for use with OpenStack Ironic.
+Hardware properties discovery daemon for use with OpenStack Ironic.
%files
%doc README.rst
@@ -56,20 +61,29 @@ Simple hardware properties discovery daemon for use with OpenStack Ironic.
%config(noreplace) %attr(-,root,root) %{_sysconfdir}/ironic-discoverd
%{_bindir}/ironic-discoverd
%{_unitdir}/openstack-ironic-discoverd.service
+%{_unitdir}/openstack-ironic-discoverd-dnsmasq.service
%doc %{_mandir}/man8/ironic-discoverd.8.gz
%post
%systemd_post openstack-ironic-discoverd.service
+%systemd_post openstack-ironic-discoverd-dnsmasq.service
%preun
%systemd_preun openstack-ironic-discoverd.service
+%systemd_preun openstack-ironic-discoverd-dnsmasq.service
%postun
%systemd_postun_with_restart openstack-ironic-discoverd.service
+%systemd_postun_with_restart openstack-ironic-discoverd-dnsmasq.service
%changelog
+* Thu Oct 23 2014 Dmitry Tantsur <dtantsur(a)redhat.com> - 0.2.1-2
+- Require dnsmasq
+- Add openstack-ironic-discoverd-dnsmasq.service - sample service for dnsmasq
+- Updated description to upstream version
+
* Thu Oct 16 2014 Dmitry Tantsur <dtantsur(a)redhat.com> - 0.2.1-1
- Upstream bugfix release
9 years, 7 months
rpms/dnsmasq/devel .cvsignore, 1.5, 1.6 dnsmasq.spec, 1.11, 1.12 sources, 1.5, 1.6
by fedora-extras-commits@redhat.com
Author: jima
Update of /cvs/extras/rpms/dnsmasq/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv17242
Modified Files:
.cvsignore dnsmasq.spec sources
Log Message:
Update to 2.34, minor cleanup
Index: .cvsignore
===================================================================
RCS file: /cvs/extras/rpms/dnsmasq/devel/.cvsignore,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- .cvsignore 15 Aug 2006 20:35:02 -0000 1.5
+++ .cvsignore 19 Oct 2006 18:09:19 -0000 1.6
@@ -1 +1 @@
-dnsmasq-2.33.tar.gz
+dnsmasq-2.34.tar.gz
Index: dnsmasq.spec
===================================================================
RCS file: /cvs/extras/rpms/dnsmasq/devel/dnsmasq.spec,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -r1.11 -r1.12
--- dnsmasq.spec 28 Aug 2006 17:03:59 -0000 1.11
+++ dnsmasq.spec 19 Oct 2006 18:09:19 -0000 1.12
@@ -1,14 +1,14 @@
Name: dnsmasq
-Version: 2.33
-Release: 2%{?dist}
+Version: 2.34
+Release: 1%{?dist}
Summary: A lightweight DHCP/caching DNS server
Group: System Environment/Daemons
License: GPL
URL: http://www.thekelleys.org.uk/dnsmasq/
Source0: http://www.thekelleys.org.uk/dnsmasq/%{name}-%{version}.tar.gz
-Patch0: http://beer.tclug.org/fedora-extras/dnsmasq/%{name}-%{version}-initscript...
-Patch1: http://beer.tclug.org/fedora-extras/dnsmasq/%{name}-%{version}-enable-dbu...
+Patch0: http://beer.tclug.org/fedora-extras/dnsmasq/%{name}-2.33-initscript.patch
+Patch1: http://beer.tclug.org/fedora-extras/dnsmasq/%{name}-2.33-enable-dbus.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
%if "%fedora" > "3" || "%aurora" > "2"
@@ -90,6 +90,10 @@
%changelog
+* Thu Oct 19 2006 Patrick "Jima" Laughton <jima(a)beer.tclug.org> 2.34-1
+- Hardcoded version in patches, as I'm getting tired of updating them
+- Update to 2.34
+
* Mon Aug 28 2006 Patrick "Jima" Laughton <jima(a)beer.tclug.org> 2.33-2
- Rebuild for FC6
Index: sources
===================================================================
RCS file: /cvs/extras/rpms/dnsmasq/devel/sources,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sources 15 Aug 2006 20:35:02 -0000 1.5
+++ sources 19 Oct 2006 18:09:19 -0000 1.6
@@ -1 +1 @@
-45696461b6e6bc929273b1191ca50447 dnsmasq-2.33.tar.gz
+a40b79bec295bb4631b1c033cf0bbdf1 dnsmasq-2.34.tar.gz
17 years, 7 months
rpms/dnsmasq/devel .cvsignore, 1.11, 1.12 dnsmasq.spec, 1.20, 1.21 sources, 1.11, 1.12
by fedora-extras-commits@redhat.com
Author: jima
Update of /cvs/pkgs/rpms/dnsmasq/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv19997
Modified Files:
.cvsignore dnsmasq.spec sources
Log Message:
* Sun Aug 26 2007 Patrick "Jima" Laughton <jima(a)beer.tclug.org> 2.40-0.1.rc2
- New upstream release candidate (feature-frozen), thanks Simon!
- License clarification
Index: .cvsignore
===================================================================
RCS file: /cvs/pkgs/rpms/dnsmasq/devel/.cvsignore,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -r1.11 -r1.12
--- .cvsignore 29 May 2007 16:01:00 -0000 1.11
+++ .cvsignore 27 Aug 2007 21:40:07 -0000 1.12
@@ -1 +1 @@
-dnsmasq-2.39.tar.gz
+dnsmasq-2.40rc2.tar.gz
Index: dnsmasq.spec
===================================================================
RCS file: /cvs/pkgs/rpms/dnsmasq/devel/dnsmasq.spec,v
retrieving revision 1.20
retrieving revision 1.21
diff -u -r1.20 -r1.21
--- dnsmasq.spec 29 May 2007 16:34:11 -0000 1.20
+++ dnsmasq.spec 27 Aug 2007 21:40:07 -0000 1.21
@@ -1,12 +1,14 @@
+%define extraversion rc2
+
Name: dnsmasq
-Version: 2.39
-Release: 1%{?dist}
+Version: 2.40
+Release: 0.1.%{extraversion}%{?dist}
Summary: A lightweight DHCP/caching DNS server
Group: System Environment/Daemons
-License: GPL
+License: GPLv2
URL: http://www.thekelleys.org.uk/dnsmasq/
-Source0: http://www.thekelleys.org.uk/dnsmasq/%{name}-%{version}.tar.gz
+Source0: http://www.thekelleys.org.uk/dnsmasq/%{name}-%{version}%{?extraversion}.t...
Patch0: http://beer.tclug.org/fedora-extras/dnsmasq/%{name}-2.33-initscript.patch
Patch1: http://beer.tclug.org/fedora-extras/dnsmasq/%{name}-2.33-enable-dbus.patch
Patch2: http://beer.tclug.org/fedora-extras/dnsmasq/%{name}-2.35-conf-dir.patch
@@ -35,7 +37,7 @@
%prep
-%setup -q
+%setup -q -n %{name}-%{version}%{?extraversion}
%patch0 -p1
%if "%fedora" > "3" || "%aurora" > "2"
%patch1 -p1
@@ -92,6 +94,10 @@
%changelog
+* Sun Aug 26 2007 Patrick "Jima" Laughton <jima(a)beer.tclug.org> 2.40-0.1.rc2
+- New upstream release candidate (feature-frozen), thanks Simon!
+- License clarification
+
* Tue May 29 2007 Patrick "Jima" Laughton <jima(a)beer.tclug.org> 2.39-1
- New upstream version (bugfixes, enhancements)
Index: sources
===================================================================
RCS file: /cvs/pkgs/rpms/dnsmasq/devel/sources,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -r1.11 -r1.12
--- sources 29 May 2007 16:01:00 -0000 1.11
+++ sources 27 Aug 2007 21:40:07 -0000 1.12
@@ -1 +1 @@
-1ffccc1f0d9b8a08f2b99e03ba9cc08b dnsmasq-2.39.tar.gz
+45b3ca53556e99b1edaef2142fb0e306 dnsmasq-2.40rc2.tar.gz
16 years, 9 months
pavlix pushed to dnsmasq (f23). "Resolves: #1239256 - install
trust-anchors.conf"
by notifications@fedoraproject.org
From e6ea56c2ab40085198391b172ce188b7b763a3ac Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20=C5=A0imerda?= <psimerda(a)redhat.com>
Date: Fri, 2 Oct 2015 16:24:49 +0200
Subject: Resolves: #1239256 - install trust-anchors.conf
---
dnsmasq.spec | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/dnsmasq.spec b/dnsmasq.spec
index 876d817..9be7a47 100644
--- a/dnsmasq.spec
+++ b/dnsmasq.spec
@@ -13,7 +13,7 @@
Name: dnsmasq
Version: 2.75
-Release: 1%{?extraversion:.%{extraversion}}%{?dist}
+Release: 2%{?extraversion:.%{extraversion}}%{?dist}
Summary: A lightweight DHCP/caching DNS server
Group: System Environment/Daemons
@@ -61,6 +61,8 @@ for file in dnsmasq.conf.example man/dnsmasq.8 man/es/dnsmasq.8 src/config.h; do
sed -i 's|/var/lib/misc/dnsmasq.leases|/var/lib/dnsmasq/dnsmasq.leases|g' "$file"
done
+sed -i "s:%%PREFIX%%:${EPREFIX}/usr:" dnsmasq.conf.example
+
#enable dbus
sed -i 's|/\* #define HAVE_DBUS \*/|#define HAVE_DBUS|g' src/config.h
@@ -95,6 +97,7 @@ install src/dnsmasq $RPM_BUILD_ROOT%{_sbindir}/dnsmasq
install dnsmasq.conf.example $RPM_BUILD_ROOT%{_sysconfdir}/dnsmasq.conf
install dbus/dnsmasq.conf $RPM_BUILD_ROOT%{_sysconfdir}/dbus-1/system.d/
install -m 644 man/dnsmasq.8 $RPM_BUILD_ROOT%{_mandir}/man8/
+install -D trust-anchors.conf $RPM_BUILD_ROOT%{_datadir}/%{name}/trust-anchors.conf
# utils sub package
mkdir -p $RPM_BUILD_ROOT%{_bindir} \
@@ -131,12 +134,16 @@ rm -rf $RPM_BUILD_ROOT
%{_unitdir}/%{name}.service
%{_sbindir}/dnsmasq
%{_mandir}/man8/dnsmasq*
+%{_datadir}/%{name}/trust-anchors.conf
%files utils
%{_bindir}/dhcp_*
%{_mandir}/man1/dhcp_*
%changelog
+* Fri Oct 02 2015 Pavel Šimerda <psimerda(a)redhat.com> - 2.75-2
+- Resolves: #1239256 - install trust-anchors.conf
+
* Wed Aug 05 2015 Pavel Šimerda <psimerda(a)redhat.com> - 2.75-1
- new version 2.75
--
cgit v0.11.2
http://pkgs.fedoraproject.org/cgit/dnsmasq.git/commit/?h=f23&id=e6ea56c2a...
8 years, 7 months