diff --git a/SOURCES/dnsmasq-2.76-coverity.patch b/SOURCES/dnsmasq-2.76-coverity.patch new file mode 100644 index 00000000..87f41a07 --- /dev/null +++ b/SOURCES/dnsmasq-2.76-coverity.patch @@ -0,0 +1,254 @@ +From 7ab5d6bd1f8b018c73341f50a395405dee6873d8 Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Wed, 15 Mar 2017 14:26:04 +0100 +Subject: [PATCH] Coverity fixes + +--- + src/dbus.c | 2 +- + src/dhcp-common.c | 2 +- + src/dhcp.c | 4 ++-- + src/dnsmasq.h | 2 +- + src/edns0.c | 2 ++ + src/inotify.c | 9 ++++++--- + src/lease.c | 4 ++-- + src/network.c | 8 ++++---- + src/option.c | 16 +++++++++++----- + src/tftp.c | 2 +- + src/util.c | 2 +- + 11 files changed, 32 insertions(+), 21 deletions(-) + +diff --git a/src/dbus.c b/src/dbus.c +index 2e1a48e..f27ec3e 100644 +--- a/src/dbus.c ++++ b/src/dbus.c +@@ -550,7 +550,7 @@ static DBusMessage *dbus_add_lease(DBusMessage* message) + "Invalid IP address '%s'", ipaddr); + + hw_len = parse_hex((char*)hwaddr, dhcp_chaddr, DHCP_CHADDR_MAX, NULL, &hw_type); +- if (hw_type == 0 && hw_len != 0) ++ if (hw_type == 0 && hw_len > 0) + hw_type = ARPHRD_ETHER; + + lease_set_hwaddr(lease, dhcp_chaddr, clid, hw_len, hw_type, +diff --git a/src/dhcp-common.c b/src/dhcp-common.c +index 08528e8..ebf06b6 100644 +--- a/src/dhcp-common.c ++++ b/src/dhcp-common.c +@@ -487,7 +487,7 @@ void bindtodevice(char *device, int fd) + { + struct ifreq ifr; + +- strcpy(ifr.ifr_name, device); ++ strncpy(ifr.ifr_name, device, IF_NAMESIZE-1); + /* only allowed by root. */ + if (setsockopt(fd, SOL_SOCKET, SO_BINDTODEVICE, (void *)&ifr, sizeof(ifr)) == -1 && + errno != EPERM) +diff --git a/src/dhcp.c b/src/dhcp.c +index 10f1fb9..37bb71e 100644 +--- a/src/dhcp.c ++++ b/src/dhcp.c +@@ -246,7 +246,7 @@ void dhcp_packet(time_t now, int pxe_fd) + } + else + { +- strncpy(ifr.ifr_name, bridge->iface, IF_NAMESIZE); ++ strncpy(ifr.ifr_name, bridge->iface, IF_NAMESIZE-1); + break; + } + } +@@ -270,7 +270,7 @@ void dhcp_packet(time_t now, int pxe_fd) + is_relay_reply = 1; + iov.iov_len = sz; + #ifdef HAVE_LINUX_NETWORK +- strncpy(arp_req.arp_dev, ifr.ifr_name, 16); ++ strncpy(arp_req.arp_dev, ifr.ifr_name, IF_NAMESIZE-1); + #endif + } + else +diff --git a/src/dnsmasq.h b/src/dnsmasq.h +index dfd15aa..1179492 100644 +--- a/src/dnsmasq.h ++++ b/src/dnsmasq.h +@@ -180,7 +180,7 @@ struct event_desc { + #define EC_INIT_OFFSET 10 + + /* Trust the compiler dead-code eliminator.... */ +-#define option_bool(x) (((x) < 32) ? daemon->options & (1u << (x)) : daemon->options2 & (1u << ((x) - 32))) ++#define option_bool(x) (((x) < 32) ? daemon->options & (1u << ((x)&0x1F)) : daemon->options2 & (1u << ((x) - 32))) + + #define OPT_BOGUSPRIV 0 + #define OPT_FILTER 1 +diff --git a/src/edns0.c b/src/edns0.c +index c7a101e..d2b514b 100644 +--- a/src/edns0.c ++++ b/src/edns0.c +@@ -263,6 +263,8 @@ static size_t add_dns_client(struct dns_header *header, size_t plen, unsigned ch + encode[8] = 0; + } + } ++ else ++ encode[0] = '\0'; + + return add_pseudoheader(header, plen, limit, PACKETSZ, EDNS0_OPTION_NOMDEVICEID, (unsigned char *)encode, strlen(encode), 0, replace); + } +diff --git a/src/inotify.c b/src/inotify.c +index 603ce9d..fcc0d97 100644 +--- a/src/inotify.c ++++ b/src/inotify.c +@@ -224,17 +224,20 @@ int inotify_check(time_t now) + + if (rc <= 0) + break; ++ else ++ inotify_buffer[rc] = '\0'; + + for (p = inotify_buffer; rc - (p - inotify_buffer) >= (int)sizeof(struct inotify_event); p += sizeof(struct inotify_event) + in->len) + { + in = (struct inotify_event*)p; +- ++ + for (res = daemon->resolv_files; res; res = res->next) +- if (res->wd == in->wd && in->len != 0 && strcmp(res->file, in->name) == 0) ++ if (res->wd == in->wd && in->len != 0 && strncmp(res->file, in->name, NAME_MAX) == 0) + hit = 1; + + /* ignore emacs backups and dotfiles */ +- if (in->len == 0 || ++ if (in->len == 0 || ++ in->len > NAME_MAX+1 || + in->name[in->len - 1] == '~' || + (in->name[0] == '#' && in->name[in->len - 1] == '#') || + in->name[0] == '.') +diff --git a/src/lease.c b/src/lease.c +index 20cac90..9ad106d 100644 +--- a/src/lease.c ++++ b/src/lease.c +@@ -827,9 +827,9 @@ void lease_set_hwaddr(struct dhcp_lease *lease, const unsigned char *hwaddr, + + if (hw_len != lease->hwaddr_len || + hw_type != lease->hwaddr_type || +- (hw_len != 0 && memcmp(lease->hwaddr, hwaddr, hw_len) != 0)) ++ (hw_len > 0 && memcmp(lease->hwaddr, hwaddr, hw_len) != 0)) + { +- if (hw_len != 0) ++ if (hw_len > 0) + memcpy(lease->hwaddr, hwaddr, hw_len); + lease->hwaddr_len = hw_len; + lease->hwaddr_type = hw_type; +diff --git a/src/network.c b/src/network.c +index 6119039..fcd9d8d 100644 +--- a/src/network.c ++++ b/src/network.c +@@ -188,7 +188,7 @@ int loopback_exception(int fd, int family, struct all_addr *addr, char *name) + struct ifreq ifr; + struct irec *iface; + +- strncpy(ifr.ifr_name, name, IF_NAMESIZE); ++ strncpy(ifr.ifr_name, name, IF_NAMESIZE-1); + if (ioctl(fd, SIOCGIFFLAGS, &ifr) != -1 && + ifr.ifr_flags & IFF_LOOPBACK) + { +@@ -1206,7 +1206,7 @@ int local_bind(int fd, union mysockaddr *addr, char *intname, int is_tcp) + return 0; + + #if defined(SO_BINDTODEVICE) +- if (intname[0] != 0 && ++ if (intname && intname[0] != 0 && + setsockopt(fd, SOL_SOCKET, SO_BINDTODEVICE, intname, IF_NAMESIZE) == -1) + return 0; + #endif +@@ -1245,7 +1245,7 @@ static struct serverfd *allocate_sfd(union mysockaddr *addr, char *intname) + /* may have a suitable one already */ + for (sfd = daemon->sfds; sfd; sfd = sfd->next ) + if (sockaddr_isequal(&sfd->source_addr, addr) && +- strcmp(intname, sfd->interface) == 0 && ++ intname && strcmp(intname, sfd->interface) == 0 && + ifindex == sfd->ifindex) + return sfd; + +@@ -1437,7 +1437,7 @@ void add_update_server(int flags, + serv->flags |= SERV_HAS_DOMAIN; + + if (interface) +- strcpy(serv->interface, interface); ++ strncpy(serv->interface, interface, sizeof(serv->interface)-1); + if (addr) + serv->addr = *addr; + if (source_addr) +diff --git a/src/option.c b/src/option.c +index 5503b79..eb78b1a 100644 +--- a/src/option.c ++++ b/src/option.c +@@ -3929,13 +3929,15 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma + + case LOPT_HOST_REC: /* --host-record */ + { +- struct host_record *new = opt_malloc(sizeof(struct host_record)); +- memset(new, 0, sizeof(struct host_record)); +- new->ttl = -1; ++ struct host_record *new; + + if (!arg || !(comma = split(arg))) + ret_err(_("Bad host-record")); + ++ new = opt_malloc(sizeof(struct host_record)); ++ memset(new, 0, sizeof(struct host_record)); ++ new->ttl = -1; ++ + while (arg) + { + struct all_addr addr; +@@ -3956,10 +3958,11 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma + { + int nomem; + char *canon = canonicalise(arg, &nomem); +- struct name_list *nl = opt_malloc(sizeof(struct name_list)); ++ struct name_list *nl; + if (!canon) + ret_err(_("Bad name in host-record")); + ++ nl = opt_malloc(sizeof(struct name_list)); + nl->name = canon; + /* keep order, so that PTR record goes to first name */ + nl->next = NULL; +@@ -4023,7 +4026,10 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma + !atoi_check8(algo, &new->algo) || + !atoi_check8(digest, &new->digest_type) || + !(new->name = canonicalise_opt(arg))) +- ret_err(_("bad trust anchor")); ++ { ++ free(new); ++ ret_err(_("bad trust anchor")); ++ } + + /* Upper bound on length */ + len = (2*strlen(keyhex))+1; +diff --git a/src/tftp.c b/src/tftp.c +index 5e4a32a..bd8c622 100644 +--- a/src/tftp.c ++++ b/src/tftp.c +@@ -234,7 +234,7 @@ void tftp_request(struct listener *listen, time_t now) + #endif + } + +- strncpy(ifr.ifr_name, name, IF_NAMESIZE); ++ strncpy(ifr.ifr_name, name, IF_NAMESIZE-1); + if (ioctl(listen->tftpfd, SIOCGIFMTU, &ifr) != -1) + { + mtu = ifr.ifr_mtu; +diff --git a/src/util.c b/src/util.c +index 93b24f5..1a9f228 100644 +--- a/src/util.c ++++ b/src/util.c +@@ -491,7 +491,7 @@ int parse_hex(char *in, unsigned char *out, int maxlen, + int j, bytes = (1 + (r - in))/2; + for (j = 0; j < bytes; j++) + { +- char sav = sav; ++ char sav; + if (j < bytes - 1) + { + sav = in[(j+1)*2]; +-- +2.9.3 + diff --git a/SOURCES/dnsmasq-2.76-dns-sleep-resume.patch b/SOURCES/dnsmasq-2.76-dns-sleep-resume.patch new file mode 100644 index 00000000..4271d8dd --- /dev/null +++ b/SOURCES/dnsmasq-2.76-dns-sleep-resume.patch @@ -0,0 +1,119 @@ +From 2675f2061525bc954be14988d64384b74aa7bf8b Mon Sep 17 00:00:00 2001 +From: Beniamino Galvani +Date: Sun, 28 Aug 2016 20:44:05 +0100 +Subject: [PATCH] Handle binding upstream servers to an interface + (--server=1.2.3.4@eth0) when the named interface is destroyed and recreated + in the kernel. + +--- + CHANGELOG | 5 +++++ + src/dnsmasq.h | 1 + + src/network.c | 31 +++++++++++++++++++++++++++++-- + 3 files changed, 35 insertions(+), 2 deletions(-) + +diff --git a/src/dnsmasq.h b/src/dnsmasq.h +index 27385a9..f239ce5 100644 +--- a/src/dnsmasq.h ++++ b/src/dnsmasq.h +@@ -488,6 +488,7 @@ struct serverfd { + int fd; + union mysockaddr source_addr; + char interface[IF_NAMESIZE+1]; ++ unsigned int ifindex, used; + struct serverfd *next; + }; + +diff --git a/src/network.c b/src/network.c +index e7722fd..ddf8d31 100644 +--- a/src/network.c ++++ b/src/network.c +@@ -1204,6 +1204,7 @@ int local_bind(int fd, union mysockaddr *addr, char *intname, int is_tcp) + static struct serverfd *allocate_sfd(union mysockaddr *addr, char *intname) + { + struct serverfd *sfd; ++ unsigned int ifindex = 0; + int errsave; + + /* when using random ports, servers which would otherwise use +@@ -1224,11 +1225,15 @@ static struct serverfd *allocate_sfd(union mysockaddr *addr, char *intname) + return NULL; + #endif + } ++ ++ if (intname && strlen(intname) != 0) ++ ifindex = if_nametoindex(intname); /* index == 0 when not binding to an interface */ + + /* may have a suitable one already */ + for (sfd = daemon->sfds; sfd; sfd = sfd->next ) + if (sockaddr_isequal(&sfd->source_addr, addr) && +- strcmp(intname, sfd->interface) == 0) ++ strcmp(intname, sfd->interface) == 0 && ++ ifindex == sfd->ifindex) + return sfd; + + /* need to make a new one. */ +@@ -1250,11 +1255,13 @@ static struct serverfd *allocate_sfd(union mysockaddr *addr, char *intname) + errno = errsave; + return NULL; + } +- ++ + strcpy(sfd->interface, intname); + sfd->source_addr = *addr; + sfd->next = daemon->sfds; ++ sfd->ifindex = ifindex; + daemon->sfds = sfd; ++ + return sfd; + } + +@@ -1429,12 +1436,16 @@ void check_servers(void) + { + struct irec *iface; + struct server *serv; ++ struct serverfd *sfd, *tmp, **up; + int port = 0, count; + + /* interface may be new since startup */ + if (!option_bool(OPT_NOWILD)) + enumerate_interfaces(0); + ++ for (sfd = daemon->sfds; sfd; sfd = sfd->next) ++ sfd->used = 0; ++ + #ifdef HAVE_DNSSEC + /* Disable DNSSEC validation when using server=/domain/.... servers + unless there's a configured trust anchor. */ +@@ -1505,6 +1516,8 @@ void check_servers(void) + serv->flags |= SERV_MARK; + continue; + } ++ ++ serv->sfd->used = 1; + } + + if (!(serv->flags & SERV_NO_REBIND) && !(serv->flags & SERV_LITERAL_ADDRESS)) +@@ -1547,6 +1560,20 @@ void check_servers(void) + if (count - 1 > SERVERS_LOGGED) + my_syslog(LOG_INFO, _("using %d more nameservers"), count - SERVERS_LOGGED - 1); + ++ /* Remove unused sfds */ ++ for (sfd = daemon->sfds, up = &daemon->sfds; sfd; sfd = tmp) ++ { ++ tmp = sfd->next; ++ if (!sfd->used) ++ { ++ *up = sfd->next; ++ close(sfd->fd); ++ free(sfd); ++ } ++ else ++ up = &sfd->next; ++ } ++ + cleanup_servers(); + } + +-- +2.7.4 + diff --git a/SOURCES/dnsmasq-2.76-fix-crash-dns-resume.patch b/SOURCES/dnsmasq-2.76-fix-crash-dns-resume.patch new file mode 100644 index 00000000..2857de0c --- /dev/null +++ b/SOURCES/dnsmasq-2.76-fix-crash-dns-resume.patch @@ -0,0 +1,29 @@ +From 16800ea072dd0cdf14d951c4bb8d2808b3dfe53d Mon Sep 17 00:00:00 2001 +From: Simon Kelley +Date: Tue, 30 Aug 2016 23:07:06 +0100 +Subject: [PATCH] Fix crash introduced in + 2675f2061525bc954be14988d64384b74aa7bf8b + +--- + src/network.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/src/network.c b/src/network.c +index ddf8d31..d87d08f 100644 +--- a/src/network.c ++++ b/src/network.c +@@ -1516,8 +1516,9 @@ void check_servers(void) + serv->flags |= SERV_MARK; + continue; + } +- +- serv->sfd->used = 1; ++ ++ if (serv->sfd) ++ serv->sfd->used = 1; + } + + if (!(serv->flags & SERV_NO_REBIND) && !(serv->flags & SERV_LITERAL_ADDRESS)) +-- +2.9.3 + diff --git a/SOURCES/dnsmasq-2.76-fix-dhcp-option-arrangements.patch b/SOURCES/dnsmasq-2.76-fix-dhcp-option-arrangements.patch new file mode 100644 index 00000000..7155b0fd --- /dev/null +++ b/SOURCES/dnsmasq-2.76-fix-dhcp-option-arrangements.patch @@ -0,0 +1,49 @@ +From 591ed1e90503817938ccf5f127e677a8dd48b6d8 Mon Sep 17 00:00:00 2001 +From: Simon Kelley +Date: Mon, 11 Jul 2016 18:18:42 +0100 +Subject: [PATCH] Fix bad behaviour with some DHCP option arrangements. + +The check that there's enough space to store the DHCP agent-id +at the end of the packet could succeed when it should fail +if the END option is in either of the oprion-overload areas. +That could overwrite legit options in the request and cause +bad behaviour. It's highly unlikely that any sane DHCP client +would trigger this bug, and it's never been seen, but this +fixes the problem. + +Also fix off-by-one in bounds checking of option processing. +Worst case scenario on that is a read one byte beyond the +end off a buffer with a crafted packet, and maybe therefore +a SIGV crash if the memory after the buffer is not mapped. + +Thanks to Timothy Becker for spotting these. +--- + src/rfc2131.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/src/rfc2131.c b/src/rfc2131.c +index b7c167e..8b99d4b 100644 +--- a/src/rfc2131.c ++++ b/src/rfc2131.c +@@ -186,7 +186,8 @@ size_t dhcp_reply(struct dhcp_context *context, char *iface_name, int int_index, + be enough free space at the end of the packet to copy the option. */ + unsigned char *sopt; + unsigned int total = option_len(opt) + 2; +- unsigned char *last_opt = option_find(mess, sz, OPTION_END, 0); ++ unsigned char *last_opt = option_find1(&mess->options[0] + sizeof(u32), ((unsigned char *)mess) + sz, ++ OPTION_END, 0); + if (last_opt && last_opt < end - total) + { + end -= total; +@@ -1606,7 +1607,7 @@ static unsigned char *option_find1(unsigned char *p, unsigned char *end, int opt + { + while (1) + { +- if (p > end) ++ if (p >= end) + return NULL; + else if (*p == OPTION_END) + return opt == OPTION_END ? p : NULL; +-- +2.9.3 + diff --git a/SOURCES/dnsmasq-2.76-label-man.patch b/SOURCES/dnsmasq-2.76-label-man.patch new file mode 100644 index 00000000..74514bdd --- /dev/null +++ b/SOURCES/dnsmasq-2.76-label-man.patch @@ -0,0 +1,36 @@ +From 6eaafb18e56928881bae371ba8bb05ee93f55d54 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= +Date: Tue, 14 Mar 2017 15:24:58 +0100 +Subject: [PATCH 2/2] Document real behaviour of labels with --interface + +--- + man/dnsmasq.8 | 12 +++++++----- + 1 file changed, 7 insertions(+), 5 deletions(-) + +diff --git a/man/dnsmasq.8 b/man/dnsmasq.8 +index 523c823..6e93cf1 100644 +--- a/man/dnsmasq.8 ++++ b/man/dnsmasq.8 +@@ -203,12 +203,14 @@ or + options are given dnsmasq listens on all available interfaces except any + given in + .B \--except-interface +-options. IP alias interfaces (eg "eth1:0") cannot be used with +-.B --interface ++options. IP alias interface names (eg "eth1:0") can be used only in ++.B \--bind-interfaces + or +-.B --except-interface +-options, use --listen-address instead. A simple wildcard, consisting +-of a trailing '*', can be used in ++.B \--bind-dynamic ++mode. Use ++.B \--listen-address ++in the default mode instead. A simple wildcard, consisting of a trailing '*', ++can be used in + .B \--interface + and + .B \--except-interface +-- +2.9.3 + diff --git a/SOURCES/dnsmasq-2.76-label-warning.patch b/SOURCES/dnsmasq-2.76-label-warning.patch new file mode 100644 index 00000000..7c156abf --- /dev/null +++ b/SOURCES/dnsmasq-2.76-label-warning.patch @@ -0,0 +1,93 @@ +From c3d10a1132ada7baa80914f61abb720f94400465 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= +Date: Tue, 14 Mar 2017 15:23:22 +0100 +Subject: [PATCH 1/2] Warn when using label in default mode + +--- + src/dnsmasq.c | 2 ++ + src/dnsmasq.h | 3 ++- + src/network.c | 13 +++++++++++++ + 3 files changed, 17 insertions(+), 1 deletion(-) + +diff --git a/src/dnsmasq.c b/src/dnsmasq.c +index 456b0e8..d2cc7cc 100644 +--- a/src/dnsmasq.c ++++ b/src/dnsmasq.c +@@ -771,6 +771,8 @@ int main (int argc, char **argv) + + if (option_bool(OPT_NOWILD)) + warn_bound_listeners(); ++ else if (!option_bool(OPT_CLEVERBIND)) ++ warn_wild_labels(); + + warn_int_names(); + +diff --git a/src/dnsmasq.h b/src/dnsmasq.h +index a27fbc1..6b44e53 100644 +--- a/src/dnsmasq.h ++++ b/src/dnsmasq.h +@@ -522,7 +522,7 @@ struct ipsets { + struct irec { + union mysockaddr addr; + struct in_addr netmask; /* only valid for IPv4 */ +- int tftp_ok, dhcp_ok, mtu, done, warned, dad, dns_auth, index, multicast_done, found; ++ int tftp_ok, dhcp_ok, mtu, done, warned, dad, dns_auth, index, multicast_done, found, label; + char *name; + struct irec *next; + }; +@@ -1252,6 +1252,7 @@ int enumerate_interfaces(int reset); + void create_wildcard_listeners(void); + void create_bound_listeners(int die); + void warn_bound_listeners(void); ++void warn_wild_labels(void); + void warn_int_names(void); + int is_dad_listeners(void); + int iface_check(int family, struct all_addr *addr, char *name, int *auth_dns); +diff --git a/src/network.c b/src/network.c +index eb41624..e5ceb76 100644 +--- a/src/network.c ++++ b/src/network.c +@@ -244,6 +244,7 @@ static int iface_allowed(struct iface_param *param, int if_index, char *label, + int tftp_ok = !!option_bool(OPT_TFTP); + int dhcp_ok = 1; + int auth_dns = 0; ++ int is_label = 0; + #if defined(HAVE_DHCP) || defined(HAVE_TFTP) + struct iname *tmp; + #endif +@@ -264,6 +265,8 @@ static int iface_allowed(struct iface_param *param, int if_index, char *label, + + if (!label) + label = ifr.ifr_name; ++ else ++ is_label = strcmp(label, ifr.ifr_name); + + /* maintain a list of all addresses on all interfaces for --local-service option */ + if (option_bool(OPT_LOCAL_SERVICE)) +@@ -482,6 +485,7 @@ static int iface_allowed(struct iface_param *param, int if_index, char *label, + iface->found = 1; + iface->done = iface->multicast_done = iface->warned = 0; + iface->index = if_index; ++ iface->label = is_label; + if ((iface->name = whine_malloc(strlen(ifr.ifr_name)+1))) + { + strcpy(iface->name, ifr.ifr_name); +@@ -1034,6 +1038,15 @@ void warn_bound_listeners(void) + my_syslog(LOG_WARNING, _("LOUD WARNING: use --bind-dynamic rather than --bind-interfaces to avoid DNS amplification attacks via these interface(s)")); + } + ++void warn_wild_labels(void) ++{ ++ struct irec *iface; ++ ++ for (iface = daemon->interfaces; iface; iface = iface->next) ++ if (iface->found && iface->name && iface->label) ++ my_syslog(LOG_WARNING, _("warning: using interface %s instead"), iface->name); ++} ++ + void warn_int_names(void) + { + struct interface_name *intname; +-- +2.9.3 + diff --git a/SOURCES/dnsmasq-2.76-pftables.patch b/SOURCES/dnsmasq-2.76-pftables.patch new file mode 100644 index 00000000..fffd3a23 --- /dev/null +++ b/SOURCES/dnsmasq-2.76-pftables.patch @@ -0,0 +1,149 @@ +From 396750cef533cf72c7e6a72e47a9c93e2e431cb7 Mon Sep 17 00:00:00 2001 +From: Simon Kelley +Date: Sat, 13 Aug 2016 22:34:11 +0100 +Subject: [PATCH] Refactor openBSD pftables code to remove blatant copyright + violation. + +--- + src/tables.c | 90 +++++++++++++++++++++--------------------------------------- + 1 file changed, 32 insertions(+), 58 deletions(-) + +diff --git a/src/tables.c b/src/tables.c +index aae1252..4fa3487 100644 +--- a/src/tables.c ++++ b/src/tables.c +@@ -53,52 +53,6 @@ static char *pfr_strerror(int errnum) + } + } + +-static int pfr_add_tables(struct pfr_table *tbl, int size, int *nadd, int flags) +-{ +- struct pfioc_table io; +- +- if (size < 0 || (size && tbl == NULL)) +- { +- errno = EINVAL; +- return (-1); +- } +- bzero(&io, sizeof io); +- io.pfrio_flags = flags; +- io.pfrio_buffer = tbl; +- io.pfrio_esize = sizeof(*tbl); +- io.pfrio_size = size; +- if (ioctl(dev, DIOCRADDTABLES, &io)) +- return (-1); +- if (nadd != NULL) +- *nadd = io.pfrio_nadd; +- return (0); +-} +- +-static int fill_addr(const struct all_addr *ipaddr, int flags, struct pfr_addr* addr) { +- if ( !addr || !ipaddr) +- { +- my_syslog(LOG_ERR, _("error: fill_addr missused")); +- return -1; +- } +- bzero(addr, sizeof(*addr)); +-#ifdef HAVE_IPV6 +- if (flags & F_IPV6) +- { +- addr->pfra_af = AF_INET6; +- addr->pfra_net = 0x80; +- memcpy(&(addr->pfra_ip6addr), &(ipaddr->addr), sizeof(struct in6_addr)); +- } +- else +-#endif +- { +- addr->pfra_af = AF_INET; +- addr->pfra_net = 0x20; +- addr->pfra_ip4addr.s_addr = ipaddr->addr.addr4.s_addr; +- } +- return 1; +-} +- +-/*****************************************************************************/ + + void ipset_init(void) + { +@@ -111,14 +65,13 @@ void ipset_init(void) + } + + int add_to_ipset(const char *setname, const struct all_addr *ipaddr, +- int flags, int remove) ++ int flags, int remove) + { + struct pfr_addr addr; + struct pfioc_table io; + struct pfr_table table; +- int n = 0, rc = 0; + +- if ( dev == -1 ) ++ if (dev == -1) + { + my_syslog(LOG_ERR, _("warning: no opened pf devices %s"), pf_device); + return -1; +@@ -126,31 +79,52 @@ int add_to_ipset(const char *setname, const struct all_addr *ipaddr, + + bzero(&table, sizeof(struct pfr_table)); + table.pfrt_flags |= PFR_TFLAG_PERSIST; +- if ( strlen(setname) >= PF_TABLE_NAME_SIZE ) ++ if (strlen(setname) >= PF_TABLE_NAME_SIZE) + { + my_syslog(LOG_ERR, _("error: cannot use table name %s"), setname); + errno = ENAMETOOLONG; + return -1; + } + +- if ( strlcpy(table.pfrt_name, setname, +- sizeof(table.pfrt_name)) >= sizeof(table.pfrt_name)) ++ if (strlcpy(table.pfrt_name, setname, ++ sizeof(table.pfrt_name)) >= sizeof(table.pfrt_name)) + { + my_syslog(LOG_ERR, _("error: cannot strlcpy table name %s"), setname); + return -1; + } + +- if ((rc = pfr_add_tables(&table, 1, &n, 0))) ++ bzero(&io, sizeof io); ++ io.pfrio_flags = 0; ++ io.pfrio_buffer = &table; ++ io.pfrio_esize = sizeof(table); ++ io.pfrio_size = 1; ++ if (ioctl(dev, DIOCRADDTABLES, &io)) + { +- my_syslog(LOG_WARNING, _("warning: pfr_add_tables: %s(%d)"), +- pfr_strerror(errno),rc); ++ my_syslog(LOG_WARNING, _("IPset: error:%s"), pfr_strerror(errno)); ++ + return -1; + } ++ + table.pfrt_flags &= ~PFR_TFLAG_PERSIST; +- if (n) ++ if (io.pfrio_nadd) + my_syslog(LOG_INFO, _("info: table created")); +- +- fill_addr(ipaddr,flags,&addr); ++ ++ bzero(&addr, sizeof(addr)); ++#ifdef HAVE_IPV6 ++ if (flags & F_IPV6) ++ { ++ addr.pfra_af = AF_INET6; ++ addr.pfra_net = 0x80; ++ memcpy(&(addr.pfra_ip6addr), &(ipaddr->addr), sizeof(struct in6_addr)); ++ } ++ else ++#endif ++ { ++ addr.pfra_af = AF_INET; ++ addr.pfra_net = 0x20; ++ addr.pfra_ip4addr.s_addr = ipaddr->addr.addr4.s_addr; ++ } ++ + bzero(&io, sizeof(io)); + io.pfrio_flags = 0; + io.pfrio_table = table; +-- +2.9.3 + diff --git a/SOURCES/dnsmasq-2.76-warning-fixes.patch b/SOURCES/dnsmasq-2.76-warning-fixes.patch new file mode 100644 index 00000000..8b0bea84 --- /dev/null +++ b/SOURCES/dnsmasq-2.76-warning-fixes.patch @@ -0,0 +1,60 @@ +From 13dee6f49e1d035b8069947be84ee8da2af0c420 Mon Sep 17 00:00:00 2001 +From: Simon Kelley +Date: Tue, 28 Feb 2017 16:51:58 +0000 +Subject: [PATCH] Compilation warning fixes. + +--- + src/dbus.c | 9 ++++----- + src/option.c | 3 ++- + 2 files changed, 6 insertions(+), 6 deletions(-) + +diff --git a/src/dbus.c b/src/dbus.c +index 7e0d342..2e1a48e 100644 +--- a/src/dbus.c ++++ b/src/dbus.c +@@ -549,17 +549,16 @@ static DBusMessage *dbus_add_lease(DBusMessage* message) + return dbus_message_new_error_printf(message, DBUS_ERROR_INVALID_ARGS, + "Invalid IP address '%s'", ipaddr); + +- hw_len = parse_hex((char*)hwaddr, dhcp_chaddr, DHCP_CHADDR_MAX, NULL, +- &hw_type); ++ hw_len = parse_hex((char*)hwaddr, dhcp_chaddr, DHCP_CHADDR_MAX, NULL, &hw_type); + if (hw_type == 0 && hw_len != 0) + hw_type = ARPHRD_ETHER; +- +- lease_set_hwaddr(lease, dhcp_chaddr, clid, hw_len, hw_type, ++ ++ lease_set_hwaddr(lease, dhcp_chaddr, clid, hw_len, hw_type, + clid_len, now, 0); + lease_set_expires(lease, expires, now); + if (hostname_len != 0) + lease_set_hostname(lease, hostname, 0, get_domain(lease->addr), NULL); +- ++ + lease_update_file(now); + lease_update_dns(0); + +diff --git a/src/option.c b/src/option.c +index 4a5ef5f..e03b1e3 100644 +--- a/src/option.c ++++ b/src/option.c +@@ -4089,7 +4089,7 @@ static void read_file(char *file, FILE *f, int hard_opt) + { + int white, i; + volatile int option = (hard_opt == LOPT_REV_SERV) ? 0 : hard_opt; +- char *errmess, *p, *arg = NULL, *start; ++ char *errmess, *p, *arg, *start; + size_t len; + + /* Memory allocation failure longjmps here if mem_recover == 1 */ +@@ -4100,6 +4100,7 @@ static void read_file(char *file, FILE *f, int hard_opt) + mem_recover = 1; + } + ++ arg = NULL; + lineno++; + errmess = NULL; + +-- +2.9.3 + diff --git a/SOURCES/dnsmasq.service b/SOURCES/dnsmasq.service new file mode 100644 index 00000000..07fa92e3 --- /dev/null +++ b/SOURCES/dnsmasq.service @@ -0,0 +1,9 @@ +[Unit] +Description=DNS caching server. +After=network.target + +[Service] +ExecStart=/usr/sbin/dnsmasq -k + +[Install] +WantedBy=multi-user.target diff --git a/SPECS/dnsmasq.spec b/SPECS/dnsmasq.spec new file mode 100644 index 00000000..8a6450a0 --- /dev/null +++ b/SPECS/dnsmasq.spec @@ -0,0 +1,492 @@ +%define testrelease 0 +%define releasecandidate 0 +%if 0%{testrelease} + %define extrapath test-releases/ + %define extraversion test30 +%endif +%if 0%{releasecandidate} + %define extrapath release-candidates/ + %define extraversion rc5 +%endif + +%define _hardened_build 1 + +Name: dnsmasq +Version: 2.76 +Release: 2%{?extraversion}%{?dist} +Summary: A lightweight DHCP/caching DNS server + +Group: System Environment/Daemons +License: GPLv2 or GPLv3 +URL: http://www.thekelleys.org.uk/dnsmasq/ +Source0: http://www.thekelleys.org.uk/dnsmasq/%{?extrapath}%{name}-%{version}%{?extraversion}.tar.gz +Source1: %{name}.service +# upstream git: git://thekelleys.org.uk/dnsmasq.git + +# https://bugzilla.redhat.com/show_bug.cgi?id=1367772 +# commit 2675f2061525bc954be14988d64384b74aa7bf8b +# after v2.76 +Patch1: dnsmasq-2.76-dns-sleep-resume.patch +# commit 591ed1e90503817938ccf5f127e677a8dd48b6d8 +Patch2: dnsmasq-2.76-fix-dhcp-option-arrangements.patch +# commit 396750cef533cf72c7e6a72e47a9c93e2e431cb7 +Patch3: dnsmasq-2.76-pftables.patch +# commit 16800ea072dd0cdf14d951c4bb8d2808b3dfe53d +Patch4: dnsmasq-2.76-fix-crash-dns-resume.patch +# commit 13dee6f49e1d035b8069947be84ee8da2af0c420 +Patch5: dnsmasq-2.76-warning-fixes.patch +Patch6: dnsmasq-2.76-label-warning.patch +Patch7: dnsmasq-2.76-label-man.patch +Patch8: dnsmasq-2.76-coverity.patch + +BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) + +BuildRequires: dbus-devel +BuildRequires: pkgconfig +BuildRequires: libidn-devel + +BuildRequires: systemd +Requires(post): systemd systemd-sysv chkconfig +Requires(preun): systemd +Requires(postun): systemd + + +%description +Dnsmasq is lightweight, easy to configure DNS forwarder and DHCP server. +It is designed to provide DNS and, optionally, DHCP, to a small network. +It can serve the names of local machines which are not in the global +DNS. The DHCP server integrates with the DNS server and allows machines +with DHCP-allocated addresses to appear in the DNS with names configured +either in each host or in a central configuration file. Dnsmasq supports +static and dynamic DHCP leases and BOOTP for network booting of diskless +machines. + +%package utils +Summary: Utilities for manipulating DHCP server leases +Group: System Environment/Daemons + +%description utils +Utilities that use the standard DHCP protocol to +query/remove a DHCP server's leases. + + +%prep +%setup -q -n %{name}-%{version}%{?extraversion} + +%patch1 -p1 +%patch2 -p1 +%patch3 -p1 +%patch4 -p1 +%patch5 -p1 +%patch6 -p1 +%patch7 -p1 +%patch8 -p1 -b .coverity + +# use /var/lib/dnsmasq instead of /var/lib/misc +for file in dnsmasq.conf.example man/dnsmasq.8 man/es/dnsmasq.8 src/config.h; do + sed -i 's|/var/lib/misc/dnsmasq.leases|/var/lib/dnsmasq/dnsmasq.leases|g' "$file" +done + +#enable dbus +sed -i 's|/\* #define HAVE_DBUS \*/|#define HAVE_DBUS|g' src/config.h + +#enable IDN support +sed -i 's|/\* #define HAVE_IDN \*/|#define HAVE_IDN|g' src/config.h + +#enable /etc/dnsmasq.d fix bz 526703, ignore RPM backup files +cat << EOF >> dnsmasq.conf.example + +# Include all files in /etc/dnsmasq.d except RPM backup files +conf-dir=/etc/dnsmasq.d,.rpmnew,.rpmsave,.rpmorig +EOF + + +%build +make %{?_smp_mflags} CFLAGS="$RPM_OPT_FLAGS" LDFLAGS="$RPM_LD_FLAGS" +make -C contrib/lease-tools %{?_smp_mflags} CFLAGS="$RPM_OPT_FLAGS" LDFLAGS="$RPM_LD_FLAGS" + + +%install +rm -rf $RPM_BUILD_ROOT +# normally i'd do 'make install'...it's a bit messy, though +mkdir -p $RPM_BUILD_ROOT%{_sbindir} \ + $RPM_BUILD_ROOT%{_mandir}/man8 \ + $RPM_BUILD_ROOT%{_var}/lib/dnsmasq \ + $RPM_BUILD_ROOT%{_sysconfdir}/dnsmasq.d \ + $RPM_BUILD_ROOT%{_sysconfdir}/dbus-1/system.d +install src/dnsmasq $RPM_BUILD_ROOT%{_sbindir}/dnsmasq +install dnsmasq.conf.example $RPM_BUILD_ROOT%{_sysconfdir}/dnsmasq.conf +install dbus/dnsmasq.conf $RPM_BUILD_ROOT%{_sysconfdir}/dbus-1/system.d/ +install -m 644 man/dnsmasq.8 $RPM_BUILD_ROOT%{_mandir}/man8/ + +# utils sub package +mkdir -p $RPM_BUILD_ROOT%{_bindir} \ + $RPM_BUILD_ROOT%{_mandir}/man1 +install -m 755 contrib/lease-tools/dhcp_release $RPM_BUILD_ROOT%{_bindir}/dhcp_release +install -m 644 contrib/lease-tools/dhcp_release.1 $RPM_BUILD_ROOT%{_mandir}/man1/dhcp_release.1 +install -m 755 contrib/lease-tools/dhcp_release6 $RPM_BUILD_ROOT%{_bindir}/dhcp_release6 +install -m 644 contrib/lease-tools/dhcp_release6.1 $RPM_BUILD_ROOT%{_mandir}/man1/dhcp_release6.1 +install -m 755 contrib/lease-tools/dhcp_lease_time $RPM_BUILD_ROOT%{_bindir}/dhcp_lease_time +install -m 644 contrib/lease-tools/dhcp_lease_time.1 $RPM_BUILD_ROOT%{_mandir}/man1/dhcp_lease_time.1 + +# Systemd +mkdir -p %{buildroot}%{_unitdir} +install -m644 %{SOURCE1} %{buildroot}%{_unitdir} +rm -rf %{buildroot}%{_initrddir} + +%clean +rm -rf $RPM_BUILD_ROOT + +%post +%systemd_post dnsmasq.service + +%preun +%systemd_preun dnsmasq.service + +%postun +%systemd_postun_with_restart dnsmasq.service + +%triggerun -- dnsmasq < 2.52-3 +%{_bindir}/systemd-sysv-convert --save dnsmasq >/dev/null 2>&1 ||: +/sbin/chkconfig --del dnsmasq >/dev/null 2>&1 || : +/bin/systemctl try-restart dnsmasq.service >/dev/null 2>&1 || : + +%files +%defattr(-,root,root,-) +%doc CHANGELOG COPYING COPYING-v3 FAQ doc.html setup.html dbus/DBus-interface +%config(noreplace) %attr(644,root,root) %{_sysconfdir}/dnsmasq.conf +%dir /etc/dnsmasq.d +%dir %{_var}/lib/dnsmasq +%config(noreplace) %attr(644,root,root) %{_sysconfdir}/dbus-1/system.d/dnsmasq.conf +%{_unitdir}/%{name}.service +%{_sbindir}/dnsmasq +%{_mandir}/man8/dnsmasq* + +%files utils +%{_bindir}/dhcp_* +%{_mandir}/man1/dhcp_* + +%changelog +* Wed Mar 15 2017 Petr Menšík - 2.76-2 +- Fix a few coverity warnings +- package is dual-licensed GPL v2 or v3 +- don't include /etc/dnsmasq.d in triplicate, ignore RPM backup files instead + +* Tue Feb 21 2017 Petr Menšík - 2.76-1 +- Rebase to 2.76 (#1375527) +- Include also dhcp_release6 (#1375569) +- Fix compilation warnings +- Correct manual about interface aliases, warn if used without --bind* + +* Tue Sep 13 2016 Pavel Šimerda - 2.66-21 +- Related: #1367772 - fix dns server update + +* Thu Sep 08 2016 Pavel Šimerda - 2.66-20 +- Related: #1367772 - additional upstream patch + +* Tue Sep 06 2016 Pavel Šimerda - 2.66-19 +- Resolves: #1367772 - dns not updated after sleep and resume laptop + +* Fri Aug 26 2016 root - 2.66-18 +- Resolves: #1358427 - dhcp errors with hostnames beginning with numbers + +* Tue May 31 2016 Pavel Šimerda - 2.66-17 +- Resolves: #1275626 - modify the patch using new information + +* Mon May 30 2016 Pavel Šimerda - 2.66-16 +- Resolves: #1275626 - use the patch + +* Wed May 25 2016 Pavel Šimerda - 2.66-15 +- Resolves: #1275626 - dnsmasq crash with coredump on infiniband network with + OpenStack + +* Thu Jun 25 2015 Pavel Šimerda - 2.66-14 +- Resolves: #1232677 - handle IPv4 and IPv6 host entries properly + +* Wed Feb 25 2015 Pavel Šimerda - 2.66-13 +- Resolves: #1179756 - dnsmasq does not support MAC address based matching for + IPv6 + +* Fri Jan 24 2014 Daniel Mach - 2.66-12 +- Mass rebuild 2014-01-24 + +* Fri Dec 27 2013 Daniel Mach - 2.66-11 +- Mass rebuild 2013-12-27 + +* Thu Aug 15 2013 Tomas Hozza - 2.66-10 +- Use SO_REUSEPORT and SO_REUSEADDR if possible for DHCPv4/6 (#981973) + +* Mon Aug 12 2013 Tomas Hozza - 2.66-9 +- Don't use SO_REUSEPORT on DHCPv4 socket to prevent conflicts with ISC DHCP (#981973) + +* Tue Jul 23 2013 Tomas Hozza - 2.66-8 +- Fix crash when specified empty DHCP option + +* Tue Jun 11 2013 Tomas Hozza - 2.66-7 +- use _hardened_build macro instead of hardcoded flags +- include several fixies from upstream repo: + - Allow constructed ranges from interface address at end of range + - Dont BINDTODEVICE DHCP socket if more interfaces may come + - Fix option parsing for dhcp host + - Log forwarding table overflows + - Remove limit in prefix length in auth zone + +* Fri May 17 2013 Tomas Hozza - 2.66-6 +- include several fixies from upstream repo: + - Tighten hostname checks in legal hostname() function + - Replace inet_addr() with inet_pton() in src/option.c + - Use dnsmasq as default DNS server for RA only if it's doing DNS + - Handle IPv4 interface address labels (aliases) in Linux (#962246) + - Fix failure to start with ENOTSOCK (#962874) + +* Tue Apr 30 2013 Tomas Hozza - 2.66-5 +- dnsmasq unit file cleanup + - drop forking Type and PIDfile and rather start dnsmasq with "-k" option + - drop After syslog.target as this is by default + +* Thu Apr 25 2013 Tomas Hozza - 2.66-4 +- include several fixes from upstream repo: + - Send TCP DNS messages in one packet + - Fix crash on SERVFAIL when using --conntrack option + - Fix regression in dhcp_lease_time utility + - Man page typos fixes + - Note that dhcp_lease_time and dhcp_release work only for IPv4 + - Fix for --dhcp-match option to work also with BOOTP protocol + +* Sat Apr 20 2013 Tomas Hozza - 2.66-3 +- Use Full RELRO when linking the daemon +- compile the daemon with PIE +- include two fixes from upstream git repo + +* Thu Apr 18 2013 Tomas Hozza - 2.66-2 +- New stable version dnsmasq-2.66 +- Drop of merged patch + +* Fri Apr 12 2013 Tomas Hozza - 2.66-1.rc5 +- Update to latest dnsmasq-2.66rc5 +- Include fix for segfault when lease limit is reached + +* Fri Mar 22 2013 Tomas Hozza - 2.66-1.rc1 +- Update to latest dnsmasq-2.66rc1 +- Dropping unneeded patches +- Enable IDN support + +* Fri Mar 15 2013 Tomas Hozza - 2.65-5 +- Allocate dhcp_buff-ers also if daemon->ra_contexts to prevent SIGSEGV (#920300) + +* Thu Jan 31 2013 Tomas Hozza - 2.65-4 +- Handle locally-routed DNS Queries (#904940) + +* Thu Jan 24 2013 Tomas Hozza - 2.65-3 +- build dnsmasq with $RPM_OPT_FLAGS, $RPM_LD_FLAGS explicitly (#903362) + +* Tue Jan 22 2013 Tomas Hozza - 2.65-2 +- Fix for CVE-2013-0198 (checking of TCP connection interfaces) (#901555) + +* Sat Dec 15 2012 Tomas Hozza - 2.65-1 +- new version 2.65 + +* Wed Dec 05 2012 Tomas Hozza - 2.64-1 +- New version 2.64 +- Merged patches dropped + +* Tue Nov 20 2012 Tomas Hozza - 2.63-4 +- Remove EnvironmentFile from service file (#878343) + +* Mon Nov 19 2012 Tomas Hozza - 2.63-3 +- dhcp6 support fixes (#867054) +- removed "-s $HOSTNAME" from .service file (#753656, #822797) + +* Tue Oct 23 2012 Tomas Hozza - 2.63-2 +- Introduce new systemd-rpm macros in dnsmasq spec file (#850096) + +* Thu Aug 23 2012 Douglas Schilling Landgraf - 2.63-1 +- Use .tar.gz compression, in upstream site there is no .lzma anymore +- New version 2.63 + +* Sat Feb 11 2012 Pádraig Brady - 2.59-5 +- Compile DHCP lease management utils with RPM_OPT_FLAGS + +* Thu Feb 9 2012 Pádraig Brady - 2.59-4 +- Include DHCP lease management utils in a subpackage + +* Fri Jan 13 2012 Fedora Release Engineering - 2.59-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Fri Aug 26 2011 Douglas Schilling Landgraf - 2.59-2 +- do not enable service by default + +* Fri Aug 26 2011 Douglas Schilling Landgraf - 2.59-1 +- New version 2.59 +- Fix regression in 2.58 (IPv6 issue) - bz 744814 + +* Fri Aug 26 2011 Douglas Schilling Landgraf - 2.58-1 +- Fixed License +- New version 2.58 + +* Mon Aug 08 2011 Patrick "Jima" Laughton - 2.52-5 +- Include systemd unit file + +* Mon Aug 08 2011 Patrick "Jima" Laughton - 2.52-3 +- Applied Jóhann's patch, minor cleanup + +* Tue Jul 26 2011 Jóhann B. Guðmundsson - 2.52-3 +- Introduce systemd unit file, drop SysV support + +* Tue Feb 08 2011 Fedora Release Engineering - 2.52-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Tue Jan 26 2010 Itamar Reis Peixoto - 2.52-1 +- New Version 2.52 +- fix condrestart() in initscript bz 547605 +- fix sed to enable DBUS(the '*' need some escaping) bz 553161 + +* Sun Nov 22 2009 Itamar Reis Peixoto - 2.51-2 +- fix bz 512664 + +* Sat Oct 17 2009 Itamar Reis Peixoto - 2.51-1 +- move initscript from patch to a plain text file +- drop (dnsmasq-configuration.patch) and use sed instead +- enable /etc/dnsmasq.d fix bz 526703 +- change requires to package name instead of file +- new version 2.51 + +* Mon Oct 5 2009 Mark McLoughlin - 2.48-4 +- Fix multiple TFTP server vulnerabilities (CVE-2009-2957, CVE-2009-2958) + +* Wed Aug 12 2009 Ville Skyttä - 2.48-3 +- Use lzma compressed upstream tarball. + +* Fri Jul 24 2009 Fedora Release Engineering - 2.48-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Wed Jun 10 2009 Patrick "Jima" Laughton 2.48-1 +- Bugfix/feature enhancement update +- Fixing BZ#494094 + +* Fri May 29 2009 Patrick "Jima" Laughton 2.47-1 +- Bugfix/feature enhancement update + +* Tue Feb 24 2009 Fedora Release Engineering - 2.46-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Mon Dec 29 2008 Matěj Cepl - 2.45-2 +- rebuilt + +* Mon Jul 21 2008 Patrick "Jima" Laughton 2.45-1 +- Upstream release (bugfixes) + +* Wed Jul 16 2008 Patrick "Jima" Laughton 2.43-2 +- New upstream release, contains fixes for CVE-2008-1447/CERT VU#800113 +- Dropped patch for newer glibc (merged upstream) + +* Wed Feb 13 2008 Patrick "Jima" Laughton 2.41-0.8 +- Added upstream-authored patch for newer glibc (thanks Simon!) + +* Wed Feb 13 2008 Patrick "Jima" Laughton 2.41-0.7 +- New upstream release + +* Wed Jan 30 2008 Patrick "Jima" Laughton 2.41-0.6.rc1 +- Release candidate +- Happy Birthday Isaac! + +* Wed Jan 23 2008 Patrick "Jima" Laughton 2.41-0.5.test30 +- Bugfix update + +* Mon Dec 31 2007 Patrick "Jima" Laughton 2.41-0.4.test26 +- Bugfix/feature enhancement update + +* Thu Dec 13 2007 Patrick "Jima" Laughton 2.41-0.3.test24 +- Upstream fix for fairly serious regression + +* Tue Dec 04 2007 Patrick "Jima" Laughton 2.41-0.2.test20 +- New upstream test release +- Moving dnsmasq.leases to /var/lib/dnsmasq/ as per BZ#407901 +- Ignoring dangerous-command-in-%%post rpmlint warning (as per above fix) +- Patch consolidation/cleanup +- Removed conditionals for Fedora <= 3 and Aurora 2.0 + +* Tue Sep 18 2007 Patrick "Jima" Laughton 2.40-1 +- Finalized upstream release +- Removing URLs from patch lines (CVS is the authoritative source) +- Added more magic to make spinning rc/test packages more seamless + +* Sun Aug 26 2007 Patrick "Jima" Laughton 2.40-0.1.rc2 +- New upstream release candidate (feature-frozen), thanks Simon! +- License clarification + +* Tue May 29 2007 Patrick "Jima" Laughton 2.39-1 +- New upstream version (bugfixes, enhancements) + +* Mon Feb 12 2007 Patrick "Jima" Laughton 2.38-1 +- New upstream version with bugfix for potential hang + +* Tue Feb 06 2007 Patrick "Jima" Laughton 2.37-1 +- New upstream version + +* Wed Jan 24 2007 Patrick "Jima" Laughton 2.36-1 +- New upstream version + +* Mon Nov 06 2006 Patrick "Jima" Laughton 2.35-2 +- Stop creating /etc/sysconfig on %%install +- Create /etc/dnsmasq.d on %%install + +* Mon Nov 06 2006 Patrick "Jima" Laughton 2.35-1 +- Update to 2.35 +- Removed UPGRADING_to_2.0 from %%doc as per upstream change +- Enabled conf-dir in default config as per RFE BZ#214220 (thanks Chris!) +- Added %%dir /etc/dnsmasq.d to %%files as per above RFE + +* Tue Oct 24 2006 Patrick "Jima" Laughton 2.34-2 +- Fixed BZ#212005 +- Moved %%postun scriptlet to %%post, where it made more sense +- Render scriptlets safer +- Minor cleanup for consistency + +* Thu Oct 19 2006 Patrick "Jima" Laughton 2.34-1 +- Hardcoded version in patches, as I'm getting tired of updating them +- Update to 2.34 + +* Mon Aug 28 2006 Patrick "Jima" Laughton 2.33-2 +- Rebuild for FC6 + +* Tue Aug 15 2006 Patrick "Jima" Laughton 2.33-1 +- Update + +* Sat Jul 22 2006 Patrick "Jima" Laughton 2.32-3 +- Added pkgconfig BuildReq due to reduced buildroot + +* Thu Jul 20 2006 Patrick "Jima" Laughton 2.32-2 +- Forced update due to dbus version bump + +* Mon Jun 12 2006 Patrick "Jima" Laughton 2.32-1 +- Update from upstream +- Patch from Dennis Gilmore fixed the conditionals to detect Aurora Linux + +* Mon May 8 2006 Patrick "Jima" Laughton 2.31-1 +- Removed dbus config patch (now provided upstream) +- Patched in init script (no longer provided upstream) +- Added DBus-interface to docs + +* Tue May 2 2006 Patrick "Jima" Laughton 2.30-4.2 +- More upstream-recommended cleanups :) +- Killed sysconfig file (provides unneeded functionality) +- Tweaked init script a little more + +* Tue May 2 2006 Patrick "Jima" Laughton 2.30-4 +- Moved options out of init script and into /etc/sysconfig/dnsmasq +- Disabled DHCP_LEASE in sysconfig file, fixing bug #190379 +- Simon Kelley provided dbus/dnsmasq.conf, soon to be part of the tarball + +* Thu Apr 27 2006 Patrick "Jima" Laughton 2.30-3 +- Un-enabled HAVE_ISC_READER, a hack to enable a deprecated feature (request) +- Split initscript & enable-dbus patches, conditionalized dbus for FC3 +- Tweaked name field in changelog entries (trying to be consistent) + +* Mon Apr 24 2006 Patrick "Jima" Laughton 2.30-2 +- Disabled stripping of binary while installing (oops) +- Enabled HAVE_ISC_READER/HAVE_DBUS via patch +- Added BuildReq for dbus-devel + +* Mon Apr 24 2006 Patrick "Jima" Laughton 2.30-1 +- Initial Fedora Extras RPM