diff --git a/.gitignore b/.gitignore
index e69de29..3866a27 100644
--- a/.gitignore
+++ b/.gitignore
@@ -0,0 +1,36 @@
+dnsmasq-2.52.tar.lzma
+/dnsmasq-2.58.tar.lzma
+/dnsmasq-2.59.tar.lzma
+/dnsmasq-2.63.tar.gz
+/dnsmasq-2.64.tar.gz
+/dnsmasq-2.65.tar.gz
+/dnsmasq-2.66rc1.tar.gz
+/dnsmasq-2.66rc5.tar.gz
+/dnsmasq-2.66.tar.gz
+/dnsmasq-2.67test4.tar.gz
+/dnsmasq-2.67test7.tar.gz
+/dnsmasq-2.67test13.tar.xz
+/dnsmasq-2.67test16.tar.xz
+/dnsmasq-2.67rc2.tar.xz
+/dnsmasq-2.67rc4.tar.xz
+/dnsmasq-2.67.tar.xz
+/dnsmasq-2.68rc3.tar.xz
+/dnsmasq-2.68.tar.xz
+/dnsmasq-2.69rc1.tar.xz
+/dnsmasq-2.69.tar.xz
+/dnsmasq-2.70.tar.xz
+/dnsmasq-2.71.tar.xz
+/dnsmasq-2.72.tar.xz
+/dnsmasq-2.75.tar.xz
+/dnsmasq-2.76.tar.xz
+/dnsmasq-2.77rc2.tar.xz
+/dnsmasq-2.77.tar.xz
+/dnsmasq-2.78.tar.xz
+/dnsmasq-2.79.tar.xz
+/dnsmasq-2.80.tar.xz
+/dnsmasq-2.81rc3.tar.xz
+/dnsmasq-2.81rc3.tar.xz.asc
+/dnsmasq-2.81.tar.xz
+/dnsmasq-2.81.tar.xz.asc
+/dnsmasq-2.82.tar.xz
+/dnsmasq-2.82.tar.xz.asc
diff --git a/dnsmasq-2.77-underflow.patch b/dnsmasq-2.77-underflow.patch
new file mode 100644
index 0000000..2a04039
--- /dev/null
+++ b/dnsmasq-2.77-underflow.patch
@@ -0,0 +1,64 @@
+From 684bede049a006a0a47ce88f017ada9f73bf4430 Mon Sep 17 00:00:00 2001
+From: Doran Moppert <dmoppert@redhat.com>
+Date: Tue, 26 Sep 2017 14:48:20 +0930
+Subject: [PATCH] google patch hand-applied
+
+---
+ src/edns0.c   | 10 +++++-----
+ src/forward.c |  4 ++++
+ src/rfc1035.c |  3 +++
+ 3 files changed, 12 insertions(+), 5 deletions(-)
+
+diff --git a/src/edns0.c b/src/edns0.c
+index d75d3cc..7d8cf7f 100644
+--- a/src/edns0.c
++++ b/src/edns0.c
+@@ -212,11 +212,11 @@ size_t add_pseudoheader(struct dns_header *header, size_t plen, unsigned char *l
+       /* Copy back any options */
+       if (buff)
+ 	{
+-          if (p + rdlen > limit)
+-          {
+-            free(buff);
+-            return plen; /* Too big */
+-          }
++	  if (p + rdlen > limit)
++	  {
++	    free(buff);
++	    return plen; /* Too big */
++	  }
+ 	  memcpy(p, buff, rdlen);
+ 	  free(buff);
+ 	  p += rdlen;
+diff --git a/src/forward.c b/src/forward.c
+index ed9c8f6..77059ed 100644
+--- a/src/forward.c
++++ b/src/forward.c
+@@ -1542,6 +1542,10 @@ void receive_query(struct listener *listen, time_t now)
+ 	udp_size = PACKETSZ; /* Sanity check - can't reduce below default. RFC 6891 6.2.3 */
+     }
+ 
++  // Make sure the udp size is not smaller than the incoming message so that we
++  // do not underflow
++  if (udp_size < n) udp_size = n;
++
+ #ifdef HAVE_AUTH
+   if (auth_dns)
+     {
+diff --git a/src/rfc1035.c b/src/rfc1035.c
+index f1edc45..15041cc 100644
+--- a/src/rfc1035.c
++++ b/src/rfc1035.c
+@@ -1326,6 +1326,9 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
+   size_t len;
+   int rd_bit = (header->hb3 & HB3_RD);
+ 
++  // Make sure we do not underflow here too.
++  if (qlen > (limit - ((char *)header))) return 0;
++
+   /* never answer queries with RD unset, to avoid cache snooping. */
+   if (ntohs(header->ancount) != 0 ||
+       ntohs(header->nscount) != 0 ||
+-- 
+2.21.1
+
diff --git a/dnsmasq-2.78-fips.patch b/dnsmasq-2.78-fips.patch
new file mode 100644
index 0000000..1b77981
--- /dev/null
+++ b/dnsmasq-2.78-fips.patch
@@ -0,0 +1,37 @@
+From 7b1cce1d0bdb61c09946978d4bdeb05a3cd4202a Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
+Date: Fri, 2 Mar 2018 13:17:04 +0100
+Subject: [PATCH] Print warning on FIPS machine with dnssec enabled. Dnsmasq
+ has no proper FIPS 140-2 compliant implementation.
+
+---
+ src/dnsmasq.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/src/dnsmasq.c b/src/dnsmasq.c
+index 480c5f9..5fd229e 100644
+--- a/src/dnsmasq.c
++++ b/src/dnsmasq.c
+@@ -187,6 +187,7 @@ int main (int argc, char **argv)
+       
+       if (daemon->cachesize < CACHESIZ)
+ 	die(_("cannot reduce cache size from default when DNSSEC enabled"), NULL, EC_BADCONF);
++           
+ #else 
+       die(_("DNSSEC not available: set HAVE_DNSSEC in src/config.h"), NULL, EC_BADCONF);
+ #endif
+@@ -786,7 +787,10 @@ int main (int argc, char **argv)
+ 	my_syslog(LOG_INFO, _("DNSSEC validation enabled but all unsigned answers are trusted"));
+       else
+ 	my_syslog(LOG_INFO, _("DNSSEC validation enabled"));
+-      
++
++      if (access("/etc/system-fips", F_OK) == 0)
++        my_syslog(LOG_WARNING, _("DNSSEC support is not FIPS 140-2 compliant"));
++
+       daemon->dnssec_no_time_check = option_bool(OPT_DNSSEC_TIME);
+       if (option_bool(OPT_DNSSEC_TIME) && !daemon->back_to_the_future)
+ 	my_syslog(LOG_INFO, _("DNSSEC signature timestamps not checked until receipt of SIGINT"));
+-- 
+2.14.4
+
diff --git a/dnsmasq-2.80-SIOCGSTAMP.patch b/dnsmasq-2.80-SIOCGSTAMP.patch
new file mode 100644
index 0000000..4b08f5d
--- /dev/null
+++ b/dnsmasq-2.80-SIOCGSTAMP.patch
@@ -0,0 +1,59 @@
+From 02b6209f8085cbe3443f8623ccdc31f020825507 Mon Sep 17 00:00:00 2001
+From: Petr Mensik <pemensik@redhat.com>
+Date: Wed, 31 Jul 2019 20:35:35 +0200
+Subject: [PATCH] Recent kernel no longer supports SIOCGSTAMP
+
+Build without it defined by kernel headers. Do not try SO_TIMESTAMP
+until fixed properly.
+---
+ src/dhcp.c | 30 +++++++++++++++++-------------
+ 1 file changed, 17 insertions(+), 13 deletions(-)
+
+diff --git a/src/dhcp.c b/src/dhcp.c
+index bea4688..13373ae 100644
+--- a/src/dhcp.c
++++ b/src/dhcp.c
+@@ -178,23 +178,27 @@ void dhcp_packet(time_t now, int pxe_fd)
+       (sz < (ssize_t)(sizeof(*mess) - sizeof(mess->options)))) 
+     return;
+     
+-  #if defined (HAVE_LINUX_NETWORK)
++#if defined (HAVE_LINUX_NETWORK)
++#ifdef SIOCGSTAMP
+   if (ioctl(fd, SIOCGSTAMP, &tv) == 0)
+     recvtime = tv.tv_sec;
++#endif
+ 
+   if (msg.msg_controllen >= sizeof(struct cmsghdr))
+-    for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr))
+-      if (cmptr->cmsg_level == IPPROTO_IP && cmptr->cmsg_type == IP_PKTINFO)
+-	{
+-	  union {
+-	    unsigned char *c;
+-	    struct in_pktinfo *p;
+-	  } p;
+-	  p.c = CMSG_DATA(cmptr);
+-	  iface_index = p.p->ipi_ifindex;
+-	  if (p.p->ipi_addr.s_addr != INADDR_BROADCAST)
+-	    unicast_dest = 1;
+-	}
++    {
++      for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr))
++        if (cmptr->cmsg_level == IPPROTO_IP && cmptr->cmsg_type == IP_PKTINFO)
++	  {
++	    union {
++	      unsigned char *c;
++	      struct in_pktinfo *p;
++	    } p;
++	    p.c = CMSG_DATA(cmptr);
++	    iface_index = p.p->ipi_ifindex;
++	    if (p.p->ipi_addr.s_addr != INADDR_BROADCAST)
++	      unicast_dest = 1;
++	  }
++    }
+ 
+ #elif defined(HAVE_BSD_NETWORK) 
+   if (msg.msg_controllen >= sizeof(struct cmsghdr))
+-- 
+2.26.2
+
diff --git a/dnsmasq-2.80-rh1728701.patch b/dnsmasq-2.80-rh1728701.patch
new file mode 100644
index 0000000..0213518
--- /dev/null
+++ b/dnsmasq-2.80-rh1728701.patch
@@ -0,0 +1,536 @@
+From d571d74b63382f52572f2b060c8caf867dea76dc Mon Sep 17 00:00:00 2001
+From: Petr Mensik <pemensik@redhat.com>
+Date: Wed, 31 Jul 2019 17:23:45 +0200
+Subject: [PATCH] Fix TCP listener after interface is recreated
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Squashed commit of the following:
+
+commit 023433cad60a47bf83037cd8f8d403d1086163e0
+Author: Petr Menšík <pemensik@redhat.com>
+Date:   Mon Jul 15 17:16:44 2019 +0200
+
+    Remove duplicate address family from listener
+
+    Since address already contain family, remove separate family from
+    listener. Use now family from address itself.
+
+commit d9b9235139b15a953ba9220e1d33a62d853f4e73
+Author: Petr Menšík <pemensik@redhat.com>
+Date:   Mon Jul 15 17:13:12 2019 +0200
+
+    Handle listening on duplicate addresses
+
+    Save listening address into listener. Use it to find existing listeners
+    before creating new one. If it exist, increase just used counter.
+    Release only listeners not already used.
+
+    Duplicates family in listener.
+
+commit a9836313966ecb0689c52bbc4ddbc7a78f7bb677
+Author: Petr Mensik <pemensik@redhat.com>
+Date:   Tue Jul 9 14:05:59 2019 +0200
+
+    Cleanup interfaces no longer available
+
+    Clean addresses and interfaces not found after enumerate. Free unused
+    records to speed up checking active interfaces and reduce used memory.
+
+commit 1474c5146b6278fc61df385a8e08b23ccc11b1ab
+Author: Petr Mensik <pemensik@redhat.com>
+Date:   Wed Jul 3 17:02:16 2019 +0200
+
+    Compare address and interface index for allowed interface
+
+    If interface is recreated with the same address but different index, it
+    would not change any other parameter.
+
+    Test also address family on incoming TCP queries.
+
+commit 94b2f5d33e043652a00b8c70e573994925cd26fe
+Author: Petr Mensik <pemensik@redhat.com>
+Date:   Thu Jul 4 20:28:08 2019 +0200
+
+    Log listening on new interfaces
+
+    Log in debug mode listening on interfaces. They can be dynamically
+    found, include interface number, since it is checked on TCP connections.
+    Print also addresses found on them.
+---
+ src/dnsmasq.c |   3 +-
+ src/dnsmasq.h |   3 +-
+ src/forward.c |  27 +++++-----
+ src/network.c | 147 +++++++++++++++++++++++++++++++++++++++++---------
+ src/tftp.c    |  29 +++++-----
+ 5 files changed, 155 insertions(+), 54 deletions(-)
+
+diff --git a/src/dnsmasq.c b/src/dnsmasq.c
+index 769e063..4755125 100644
+--- a/src/dnsmasq.c
++++ b/src/dnsmasq.c
+@@ -1820,7 +1820,8 @@ static void check_dns_listeners(time_t now)
+ 		    addr.addr4 = tcp_addr.in.sin_addr;
+ 		  
+ 		  for (iface = daemon->interfaces; iface; iface = iface->next)
+-		    if (iface->index == if_index)
++		    if (iface->index == if_index &&
++		        iface->addr.sa.sa_family == tcp_addr.sa.sa_family)
+ 		      break;
+ 		  
+ 		  if (!iface && !loopback_exception(listener->tcpfd, tcp_addr.sa.sa_family, &addr, intr_name))
+diff --git a/src/dnsmasq.h b/src/dnsmasq.h
+index c46bfeb..17b5f4e 100644
+--- a/src/dnsmasq.h
++++ b/src/dnsmasq.h
+@@ -569,7 +569,8 @@ struct irec {
+ };
+ 
+ struct listener {
+-  int fd, tcpfd, tftpfd, family;
++  int fd, tcpfd, tftpfd, used;
++  union mysockaddr addr;
+   struct irec *iface; /* only sometimes valid for non-wildcard */
+   struct listener *next;
+ };
+diff --git a/src/forward.c b/src/forward.c
+index 77059ed..043c2e2 100644
+--- a/src/forward.c
++++ b/src/forward.c
+@@ -1279,8 +1279,9 @@ void receive_query(struct listener *listen, time_t now)
+ 		 CMSG_SPACE(sizeof(struct sockaddr_dl))];
+ #endif
+   } control_u;
++  int family = listen->addr.sa.sa_family;
+    /* Can always get recvd interface for IPv6 */
+-  int check_dst = !option_bool(OPT_NOWILD) || listen->family == AF_INET6;
++  int check_dst = !option_bool(OPT_NOWILD) || family == AF_INET6;
+ 
+   /* packet buffer overwritten */
+   daemon->srv_save = NULL;
+@@ -1292,7 +1293,7 @@ void receive_query(struct listener *listen, time_t now)
+     {
+       auth_dns = listen->iface->dns_auth;
+      
+-      if (listen->family == AF_INET)
++      if (family == AF_INET)
+ 	{
+ 	  dst_addr_4 = dst_addr.addr4 = listen->iface->addr.in.sin_addr;
+ 	  netmask = listen->iface->netmask;
+@@ -1322,9 +1323,9 @@ void receive_query(struct listener *listen, time_t now)
+      information disclosure. */
+   memset(daemon->packet + n, 0, daemon->edns_pktsz - n);
+   
+-  source_addr.sa.sa_family = listen->family;
++  source_addr.sa.sa_family = family;
+   
+-  if (listen->family == AF_INET)
++  if (family == AF_INET)
+     {
+        /* Source-port == 0 is an error, we can't send back to that. 
+ 	  http://www.ietf.org/mail-archive/web/dnsop/current/msg11441.html */
+@@ -1344,7 +1345,7 @@ void receive_query(struct listener *listen, time_t now)
+     {
+       struct addrlist *addr;
+ 
+-      if (listen->family == AF_INET6) 
++      if (family == AF_INET6)
+ 	{
+ 	  for (addr = daemon->interface_addrs; addr; addr = addr->next)
+ 	    if ((addr->flags & ADDRLIST_IPV6) &&
+@@ -1382,7 +1383,7 @@ void receive_query(struct listener *listen, time_t now)
+ 	return;
+ 
+ #if defined(HAVE_LINUX_NETWORK)
+-      if (listen->family == AF_INET)
++      if (family == AF_INET)
+ 	for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr))
+ 	  if (cmptr->cmsg_level == IPPROTO_IP && cmptr->cmsg_type == IP_PKTINFO)
+ 	    {
+@@ -1395,7 +1396,7 @@ void receive_query(struct listener *listen, time_t now)
+ 	      if_index = p.p->ipi_ifindex;
+ 	    }
+ #elif defined(IP_RECVDSTADDR) && defined(IP_RECVIF)
+-      if (listen->family == AF_INET)
++      if (family == AF_INET)
+ 	{
+ 	  for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr))
+ 	    {
+@@ -1420,7 +1421,7 @@ void receive_query(struct listener *listen, time_t now)
+ 	}
+ #endif
+       
+-      if (listen->family == AF_INET6)
++      if (family == AF_INET6)
+ 	{
+ 	  for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr))
+ 	    if (cmptr->cmsg_level == IPPROTO_IPV6 && cmptr->cmsg_type == daemon->v6pktinfo)
+@@ -1441,16 +1442,16 @@ void receive_query(struct listener *listen, time_t now)
+       if (!indextoname(listen->fd, if_index, ifr.ifr_name))
+ 	return;
+       
+-      if (!iface_check(listen->family, &dst_addr, ifr.ifr_name, &auth_dns))
++      if (!iface_check(family, &dst_addr, ifr.ifr_name, &auth_dns))
+ 	{
+ 	   if (!option_bool(OPT_CLEVERBIND))
+ 	     enumerate_interfaces(0); 
+-	   if (!loopback_exception(listen->fd, listen->family, &dst_addr, ifr.ifr_name) &&
+-	       !label_exception(if_index, listen->family, &dst_addr))
++	   if (!loopback_exception(listen->fd, family, &dst_addr, ifr.ifr_name) &&
++	       !label_exception(if_index, family, &dst_addr))
+ 	     return;
+ 	}
+ 
+-      if (listen->family == AF_INET && option_bool(OPT_LOCALISE))
++      if (family == AF_INET && option_bool(OPT_LOCALISE))
+ 	{
+ 	  struct irec *iface;
+ 	  
+@@ -1495,7 +1496,7 @@ void receive_query(struct listener *listen, time_t now)
+ #endif
+       char *types = querystr(auth_dns ? "auth" : "query", type);
+       
+-      if (listen->family == AF_INET) 
++      if (family == AF_INET)
+ 	log_query(F_QUERY | F_IPV4 | F_FORWARD, daemon->namebuff, 
+ 		  (union all_addr *)&source_addr.in.sin_addr, types);
+       else
+diff --git a/src/network.c b/src/network.c
+index 881d823..8c4b3bb 100644
+--- a/src/network.c
++++ b/src/network.c
+@@ -388,10 +388,11 @@ static int iface_allowed(struct iface_param *param, int if_index, char *label,
+   /* check whether the interface IP has been added already 
+      we call this routine multiple times. */
+   for (iface = daemon->interfaces; iface; iface = iface->next) 
+-    if (sockaddr_isequal(&iface->addr, addr))
++    if (sockaddr_isequal(&iface->addr, addr) && iface->index == if_index)
+       {
+ 	iface->dad = !!(iface_flags & IFACE_TENTATIVE);
+ 	iface->found = 1; /* for garbage collection */
++	iface->netmask = netmask;
+ 	return 1;
+       }
+ 
+@@ -532,7 +533,82 @@ static int iface_allowed_v4(struct in_addr local, int if_index, char *label,
+ 
+   return iface_allowed((struct iface_param *)vparam, if_index, label, &addr, netmask, prefix, 0);
+ }
+-   
++
++/*
++ * Clean old interfaces no longer found.
++ */
++static void clean_interfaces()
++{
++  struct irec *iface;
++  struct irec **up = &daemon->interfaces;
++
++  for (iface = *up; iface; iface = *up)
++  {
++    if (!iface->found && !iface->done)
++      {
++        *up = iface->next;
++        free(iface->name);
++        free(iface);
++      }
++    else
++      {
++        up = &iface->next;
++      }
++  }
++}
++
++/** Release listener if no other interface needs it.
++ *
++ * @return 1 if released, 0 if still required
++ */
++static int release_listener(struct listener *l)
++{
++  if (l->used > 1)
++    {
++      struct irec *iface;
++      for (iface = daemon->interfaces; iface; iface = iface->next)
++	if (iface->done && sockaddr_isequal(&l->addr, &iface->addr))
++	  {
++	    if (iface->found)
++	      {
++		/* update listener to point to active interface instead */
++		if (!l->iface->found)
++		  l->iface = iface;
++	      }
++	    else
++	      {
++		l->used--;
++		iface->done = 0;
++	      }
++	  }
++
++      /* Someone is still using this listener, skip its deletion */
++      if (l->used > 0)
++	return 0;
++    }
++
++  if (l->iface->done)
++    {
++      int port;
++
++      port = prettyprint_addr(&l->iface->addr, daemon->addrbuff);
++      my_syslog(LOG_DEBUG, _("stopped listening on %s(#%d): %s port %d"),
++		l->iface->name, l->iface->index, daemon->addrbuff, port);
++      /* In case it ever returns */
++      l->iface->done = 0;
++    }
++
++  if (l->fd != -1)
++    close(l->fd);
++  if (l->tcpfd != -1)
++    close(l->tcpfd);
++  if (l->tftpfd != -1)
++    close(l->tftpfd);
++
++  free(l);
++  return 1;
++}
++
+ int enumerate_interfaces(int reset)
+ {
+   static struct addrlist *spare = NULL;
+@@ -630,6 +706,7 @@ int enumerate_interfaces(int reset)
+ 	 in OPT_CLEVERBIND mode, that at listener will just disappear after
+ 	 a call to enumerate_interfaces, this is checked OK on all calls. */
+       struct listener *l, *tmp, **up;
++      int freed = 0;
+       
+       for (up = &daemon->listeners, l = daemon->listeners; l; l = tmp)
+ 	{
+@@ -637,25 +714,17 @@ int enumerate_interfaces(int reset)
+ 	  
+ 	  if (!l->iface || l->iface->found)
+ 	    up = &l->next;
+-	  else
++	  else if (release_listener(l))
+ 	    {
+-	      *up = l->next;
+-	      
+-	      /* In case it ever returns */
+-	      l->iface->done = 0;
+-	      
+-	      if (l->fd != -1)
+-		close(l->fd);
+-	      if (l->tcpfd != -1)
+-		close(l->tcpfd);
+-	      if (l->tftpfd != -1)
+-		close(l->tftpfd);
+-	      
+-	      free(l);
++	      *up = tmp;
++		freed = 1;
+ 	    }
+ 	}
++
++      if (freed)
++	clean_interfaces();
+     }
+-  
++
+   errno = errsave;
+   spare = param.spare;
+     
+@@ -893,10 +962,11 @@ static struct listener *create_listeners(union mysockaddr *addr, int do_tftp, in
+     {
+       l = safe_malloc(sizeof(struct listener));
+       l->next = NULL;
+-      l->family = addr->sa.sa_family;
+       l->fd = fd;
+       l->tcpfd = tcpfd;
+-      l->tftpfd = tftpfd;	
++      l->tftpfd = tftpfd;
++      l->addr = *addr;
++      l->used = 1;
+       l->iface = NULL;
+     }
+ 
+@@ -935,20 +1005,43 @@ void create_wildcard_listeners(void)
+   daemon->listeners = l;
+ }
+ 
++static struct listener *find_listener(union mysockaddr *addr)
++{
++  struct listener *l;
++  for (l = daemon->listeners; l; l = l->next)
++    if (sockaddr_isequal(&l->addr, addr))
++      return l;
++  return NULL;
++}
++
+ void create_bound_listeners(int dienow)
+ {
+   struct listener *new;
+   struct irec *iface;
+   struct iname *if_tmp;
++  struct listener *existing;
+ 
+   for (iface = daemon->interfaces; iface; iface = iface->next)
+-    if (!iface->done && !iface->dad && iface->found &&
+-	(new = create_listeners(&iface->addr, iface->tftp_ok, dienow)))
++    if (!iface->done && !iface->dad && iface->found)
+       {
+-	new->iface = iface;
+-	new->next = daemon->listeners;
+-	daemon->listeners = new;
+-	iface->done = 1;
++	existing = find_listener(&iface->addr);
++	if (existing)
++	  {
++	    iface->done = 1;
++	    existing->used++; /* increase usage counter */
++	  }
++	else if ((new = create_listeners(&iface->addr, iface->tftp_ok, dienow)))
++	  {
++	    int port;
++
++	    new->iface = iface;
++	    new->next = daemon->listeners;
++	    daemon->listeners = new;
++	    iface->done = 1;
++	    port = prettyprint_addr(&iface->addr, daemon->addrbuff);
++	    my_syslog(LOG_DEBUG, _("listening on %s(#%d): %s port %d"),
++		      iface->name, iface->index, daemon->addrbuff, port);
++	  }
+       }
+ 
+   /* Check for --listen-address options that haven't been used because there's
+@@ -966,8 +1059,12 @@ void create_bound_listeners(int dienow)
+     if (!if_tmp->used && 
+ 	(new = create_listeners(&if_tmp->addr, !!option_bool(OPT_TFTP), dienow)))
+       {
++	int port;
++
+ 	new->next = daemon->listeners;
+ 	daemon->listeners = new;
++	port = prettyprint_addr(&if_tmp->addr, daemon->addrbuff);
++	my_syslog(LOG_DEBUG, _("listening on %s port %d"), daemon->addrbuff, port);
+       }
+ }
+ 
+diff --git a/src/tftp.c b/src/tftp.c
+index 4c18577..fdd2855 100644
+--- a/src/tftp.c
++++ b/src/tftp.c
+@@ -61,8 +61,9 @@ void tftp_request(struct listener *listen, time_t now)
+   char *prefix = daemon->tftp_prefix;
+   struct tftp_prefix *pref;
+   union all_addr addra;
++  int family = listen->addr.sa.sa_family;
+   /* Can always get recvd interface for IPv6 */
+-  int check_dest = !option_bool(OPT_NOWILD) || listen->family == AF_INET6;
++  int check_dest = !option_bool(OPT_NOWILD) || family == AF_INET6;
+   union {
+     struct cmsghdr align; /* this ensures alignment */
+     char control6[CMSG_SPACE(sizeof(struct in6_pktinfo))];
+@@ -121,10 +122,10 @@ void tftp_request(struct listener *listen, time_t now)
+       if (msg.msg_controllen < sizeof(struct cmsghdr))
+         return;
+       
+-      addr.sa.sa_family = listen->family;
++      addr.sa.sa_family = family;
+       
+ #if defined(HAVE_LINUX_NETWORK)
+-      if (listen->family == AF_INET)
++      if (family == AF_INET)
+ 	for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr))
+ 	  if (cmptr->cmsg_level == IPPROTO_IP && cmptr->cmsg_type == IP_PKTINFO)
+ 	    {
+@@ -138,7 +139,7 @@ void tftp_request(struct listener *listen, time_t now)
+ 	    }
+       
+ #elif defined(HAVE_SOLARIS_NETWORK)
+-      if (listen->family == AF_INET)
++      if (family == AF_INET)
+ 	for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr))
+ 	  {
+ 	    union {
+@@ -154,7 +155,7 @@ void tftp_request(struct listener *listen, time_t now)
+ 	  }
+       
+ #elif defined(IP_RECVDSTADDR) && defined(IP_RECVIF)
+-      if (listen->family == AF_INET)
++      if (family == AF_INET)
+ 	for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr))
+ 	  {
+ 	    union {
+@@ -171,7 +172,7 @@ void tftp_request(struct listener *listen, time_t now)
+ 	  
+ #endif
+ 
+-      if (listen->family == AF_INET6)
++      if (family == AF_INET6)
+         {
+           for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr))
+             if (cmptr->cmsg_level == IPPROTO_IPV6 && cmptr->cmsg_type == daemon->v6pktinfo)
+@@ -194,7 +195,7 @@ void tftp_request(struct listener *listen, time_t now)
+       
+       addra.addr4 = addr.in.sin_addr;
+ 
+-      if (listen->family == AF_INET6)
++      if (family == AF_INET6)
+ 	addra.addr6 = addr.in6.sin6_addr;
+ 
+       if (daemon->tftp_interfaces)
+@@ -210,12 +211,12 @@ void tftp_request(struct listener *listen, time_t now)
+       else
+ 	{
+ 	  /* Do the same as DHCP */
+-	  if (!iface_check(listen->family, &addra, name, NULL))
++	  if (!iface_check(family, &addra, name, NULL))
+ 	    {
+ 	      if (!option_bool(OPT_CLEVERBIND))
+ 		enumerate_interfaces(0); 
+-	      if (!loopback_exception(listen->tftpfd, listen->family, &addra, name) &&
+-		  !label_exception(if_index, listen->family, &addra))
++	      if (!loopback_exception(listen->tftpfd, family, &addra, name) &&
++		  !label_exception(if_index, family, &addra))
+ 		return;
+ 	    }
+ 	  
+@@ -281,7 +282,7 @@ void tftp_request(struct listener *listen, time_t now)
+ 	  prefix = pref->prefix;  
+     }
+ 
+-  if (listen->family == AF_INET)
++  if (family == AF_INET)
+     {
+       addr.in.sin_port = htons(port);
+ #ifdef HAVE_SOCKADDR_SA_LEN
+@@ -304,7 +305,7 @@ void tftp_request(struct listener *listen, time_t now)
+   
+   if (option_bool(OPT_SINGLE_PORT))
+     transfer->sockfd = listen->tftpfd;
+-  else if ((transfer->sockfd = socket(listen->family, SOCK_DGRAM, 0)) == -1)
++  else if ((transfer->sockfd = socket(family, SOCK_DGRAM, 0)) == -1)
+     {
+       free(transfer);
+       return;
+@@ -337,7 +338,7 @@ void tftp_request(struct listener *listen, time_t now)
+ 	    {
+ 	      if (++port <= daemon->end_tftp_port)
+ 		{ 
+-		  if (listen->family == AF_INET)
++		  if (family == AF_INET)
+ 		    addr.in.sin_port = htons(port);
+ 		  else
+ 		    addr.in6.sin6_port = htons(port);
+@@ -375,7 +376,7 @@ void tftp_request(struct listener *listen, time_t now)
+ 	      if ((opt = next(&p, end)) && !option_bool(OPT_TFTP_NOBLOCK))
+ 		{
+ 		  /* 32 bytes for IP, UDP and TFTP headers, 52 bytes for IPv6 */
+-		  int overhead = (listen->family == AF_INET) ? 32 : 52;
++		  int overhead = (family == AF_INET) ? 32 : 52;
+ 		  transfer->blocksize = atoi(opt);
+ 		  if (transfer->blocksize < 1)
+ 		    transfer->blocksize = 1;
+-- 
+2.21.1
+
diff --git a/dnsmasq-2.81-configuration.patch b/dnsmasq-2.81-configuration.patch
new file mode 100644
index 0000000..3b3cadd
--- /dev/null
+++ b/dnsmasq-2.81-configuration.patch
@@ -0,0 +1,92 @@
+From 3a593d133f91c5126105efd03246b3f61f103dd4 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
+Date: Tue, 30 Jun 2020 18:06:29 +0200
+Subject: [PATCH] Modify upstream configuration to safe defaults
+
+Most important change would be to listen only on localhost. Default
+configuration should not listen to request from remote hosts. Match also
+user and paths to directories shipped in Fedora.
+---
+ dnsmasq.conf.example | 24 +++++++++++++++++++-----
+ 1 file changed, 19 insertions(+), 5 deletions(-)
+
+diff --git a/dnsmasq.conf.example b/dnsmasq.conf.example
+index bf19424..36fba33 100644
+--- a/dnsmasq.conf.example
++++ b/dnsmasq.conf.example
+@@ -22,7 +22,7 @@
+ 
+ # Uncomment these to enable DNSSEC validation and caching:
+ # (Requires dnsmasq to be built with DNSSEC option.)
+-#conf-file=%%PREFIX%%/share/dnsmasq/trust-anchors.conf
++#conf-file=/usr/share/dnsmasq/trust-anchors.conf
+ #dnssec
+ 
+ # Replies which are not DNSSEC signed may be legitimate, because the domain
+@@ -96,14 +96,16 @@
+ 
+ # If you want dnsmasq to change uid and gid to something other
+ # than the default, edit the following lines.
+-#user=
+-#group=
++user=dnsmasq
++group=dnsmasq
+ 
+ # If you want dnsmasq to listen for DHCP and DNS requests only on
+ # specified interfaces (and the loopback) give the name of the
+ # interface (eg eth0) here.
+ # Repeat the line for more than one interface.
+ #interface=
++# Listen only on localhost by default
++interface=lo
+ # Or you can specify which interface _not_ to listen on
+ #except-interface=
+ # Or which to listen on by address (remember to include 127.0.0.1 if
+@@ -114,6 +116,10 @@
+ # disable DHCP and TFTP on it.
+ #no-dhcp-interface=
+ 
++# Serve DNS and DHCP only to networks directly connected to this machine.
++# Any interface= line will override it.
++#local-service
++
+ # On systems which support it, dnsmasq binds the wildcard address,
+ # even when it is listening on only some interfaces. It then discards
+ # requests that it shouldn't reply to. This has the advantage of
+@@ -121,7 +127,11 @@
+ # want dnsmasq to really bind only the interfaces it is listening on,
+ # uncomment this option. About the only time you may need this is when
+ # running another nameserver on the same machine.
+-#bind-interfaces
++#
++# To listen only on localhost and do not receive packets on other
++# interfaces, bind only to lo device. Comment out to bind on single
++# wildcard socket.
++bind-interfaces
+ 
+ # If you don't want dnsmasq to read /etc/hosts, uncomment the
+ # following line.
+@@ -535,7 +545,7 @@
+ # The DHCP server needs somewhere on disk to keep its lease database.
+ # This defaults to a sane location, but if you want to change it, use
+ # the line below.
+-#dhcp-leasefile=/var/lib/misc/dnsmasq.leases
++#dhcp-leasefile=/var/lib/dnsmasq/dnsmasq.leases
+ 
+ # Set the DHCP server to authoritative mode. In this mode it will barge in
+ # and take over the lease for any client which broadcasts on the network,
+@@ -673,7 +683,11 @@
+ # Include all files in a directory which end in .conf
+ #conf-dir=/etc/dnsmasq.d/,*.conf
+ 
++# Include all files in /etc/dnsmasq.d except RPM backup files
++conf-dir=/etc/dnsmasq.d,.rpmnew,.rpmsave,.rpmorig
++
+ # If a DHCP client claims that its name is "wpad", ignore that.
+ # This fixes a security hole. see CERT Vulnerability VU#598349
+ #dhcp-name-match=set:wpad-ignore,wpad
+ #dhcp-ignore-names=tag:wpad-ignore
++
+-- 
+2.26.2
+
diff --git a/dnsmasq-2.81-rh1834454.patch b/dnsmasq-2.81-rh1834454.patch
new file mode 100644
index 0000000..f31b230
--- /dev/null
+++ b/dnsmasq-2.81-rh1834454.patch
@@ -0,0 +1,62 @@
+From 3d113137fd64cd0723cbecab6a36a75d3ecfb0a6 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Harald=20Jens=C3=A5s?= <hjensas@redhat.com>
+Date: Thu, 7 May 2020 00:33:54 +0200
+Subject: [PATCH 1/1] Fix regression in s_config_in_context() method
+
+Prior to commit 137286e9baecf6a3ba97722ef1b49c851b531810
+a config would not be considered in context if:
+a) it has no address family flags set
+b) it has the address family flag of current context set
+
+Since above commit config is considered in context if the
+address family is the opposite of current context.
+
+The result is that a config with two dhcp-host records,
+one for IPv6 and another for IPv4 no longer works, for
+example with the below config the config with the IPv6
+address would be considered in context for a DHCP(v4)
+request.
+ dhcp-host=52:54:00:bc:c3:fd,172.20.0.11,host2
+ dhcp-host=52:54:00:bc:c3:fd,[fd12:3456:789a:1::aadd],host2
+
+This commit restores the previous behavior.
+---
+ src/dhcp-common.c | 10 +++++++---
+ 1 file changed, 7 insertions(+), 3 deletions(-)
+
+diff --git a/src/dhcp-common.c b/src/dhcp-common.c
+index eae9886..ffc78ca 100644
+--- a/src/dhcp-common.c
++++ b/src/dhcp-common.c
+@@ -280,14 +280,18 @@ static int is_config_in_context(struct dhcp_context *context, struct dhcp_config
+ {
+   if (!context) /* called via find_config() from lease_update_from_configs() */
+     return 1; 
+-  
++
++  /* No address present in config == in context */
++  if (!(config->flags & (CONFIG_ADDR | CONFIG_ADDR6)))
++    return 1;
++
+ #ifdef HAVE_DHCP6
+   if (context->flags & CONTEXT_V6)
+     {
+        struct addrlist *addr_list;
+ 
+        if (!(config->flags & CONFIG_ADDR6))
+-	 return 1;
++	 return 0;
+        
+         for (; context; context = context->current)
+ 	  for (addr_list = config->addr6; addr_list; addr_list = addr_list->next)
+@@ -303,7 +307,7 @@ static int is_config_in_context(struct dhcp_context *context, struct dhcp_config
+ #endif
+     {
+       if (!(config->flags & CONFIG_ADDR))
+-	return 1;
++	return 0;
+       
+       for (; context; context = context->current)
+ 	if ((config->flags & CONFIG_ADDR) && is_same_net(config->addr, context->start, context->netmask))
+-- 
+2.25.4
diff --git a/dnsmasq-systemd-sysusers.conf b/dnsmasq-systemd-sysusers.conf
new file mode 100644
index 0000000..2106ae5
--- /dev/null
+++ b/dnsmasq-systemd-sysusers.conf
@@ -0,0 +1 @@
+u dnsmasq - "Dnsmasq DHCP and DNS server" /var/lib/dnsmasq
diff --git a/dnsmasq.service b/dnsmasq.service
new file mode 100644
index 0000000..07fa92e
--- /dev/null
+++ b/dnsmasq.service
@@ -0,0 +1,9 @@
+[Unit]
+Description=DNS caching server.
+After=network.target
+
+[Service]
+ExecStart=/usr/sbin/dnsmasq -k
+
+[Install]
+WantedBy=multi-user.target
diff --git a/dnsmasq.spec b/dnsmasq.spec
new file mode 100644
index 0000000..169aadc
--- /dev/null
+++ b/dnsmasq.spec
@@ -0,0 +1,690 @@
+%define testrelease 0
+%define releasecandidate 0
+%if 0%{testrelease}
+  %define extrapath test-releases/
+  %define extraversion test%{testrelease}
+%endif
+%if 0%{releasecandidate}
+  %define extrapath release-candidates/
+  %define extraversion rc%{releasecandidate}
+%endif
+
+%define _hardened_build 1
+# path to upstream git repository
+%global git_upstream git://thekelleys.org.uk/dnsmasq.git
+# tag of selected version
+%global gittag v%{version}%{?extraversion}
+
+# Attempt to prepare source-git with downstream repos
+%bcond_with sourcegit
+
+Name:           dnsmasq
+Version:        2.82
+Release:        4%{?extraversion:.%{extraversion}}%{?dist}
+Summary:        A lightweight DHCP/caching DNS server
+
+License:        GPLv2 or GPLv3
+URL:            http://www.thekelleys.org.uk/dnsmasq/
+Source0:        %{url}%{?extrapath}%{name}-%{version}%{?extraversion}.tar.xz
+Source1:        %{name}.service
+Source2:        dnsmasq-systemd-sysusers.conf
+Source3:        %{url}%{?extrapath}%{name}-%{version}%{?extraversion}.tar.xz.asc
+# GPG public key
+%if 0%{?testrelease} || 0%{?releasecandidate}
+Source4:        %{url}%{?extrapath}test-release-public-key
+%else
+Source4:        http://www.thekelleys.org.uk/srkgpg.txt
+%endif
+
+# https://bugzilla.redhat.com/show_bug.cgi?id=1495409
+Patch1:         dnsmasq-2.77-underflow.patch
+# https://bugzilla.redhat.com/show_bug.cgi?id=1852373
+Patch2:         dnsmasq-2.81-configuration.patch
+Patch3:         dnsmasq-2.78-fips.patch
+Patch9:         dnsmasq-2.80-SIOCGSTAMP.patch
+# https://bugzilla.redhat.com/show_bug.cgi?id=1834454
+Patch17:        dnsmasq-2.81-rh1834454.patch
+
+# This is workaround to nettle bug #1549190
+# https://bugzilla.redhat.com/show_bug.cgi?id=1549190
+Requires:       nettle >= 3.4
+
+BuildRequires:  dbus-devel
+BuildRequires:  pkgconfig
+BuildRequires:  libidn2-devel
+BuildRequires:  nettle-devel
+Buildrequires:  gcc
+BuildRequires:  gnupg2
+
+BuildRequires:  systemd
+%{?systemd_requires}
+%if %{with sourcegit}
+BuildRequires:  git-core
+%endif
+
+%description
+Dnsmasq is lightweight, easy to configure DNS forwarder and DHCP server.
+It is designed to provide DNS and, optionally, DHCP, to a small network.
+It can serve the names of local machines which are not in the global
+DNS. The DHCP server integrates with the DNS server and allows machines
+with DHCP-allocated addresses to appear in the DNS with names configured
+either in each host or in a central configuration file. Dnsmasq supports
+static and dynamic DHCP leases and BOOTP for network booting of diskless
+machines.
+
+%package        utils
+Summary:        Utilities for manipulating DHCP server leases
+
+%description    utils
+Utilities that use the standard DHCP protocol to query/remove a DHCP
+server's leases.
+
+
+%prep
+%if 0%{?gpgverify:1}
+%gpgverify -k 4 -s 3 -d 0
+%endif
+%if %{with sourcegit}
+%autosetup -n %{name}-%{version}%{?extraversion} -N -S git_am
+# If preparing with sourcegit, drop again source directory
+# and clone git repository
+# FIXME: deleting just unpacked sources is dangerous
+# But using %%setup changes used directories in %%build and %%install
+rm -rf %{_builddir}/%{name}-%{version}%{?extraversion}
+cd %{_builddir}
+git clone -b %{gittag} %{git_upstream} %{name}-%{version}%{?extraversion}
+cd %{name}-%{version}%{?extraversion}
+git checkout -b rpmbuild
+%else
+%autosetup -n %{name}-%{version}%{?extraversion} -N
+%endif
+# Apply patches on top
+%autopatch -p1
+
+# use /var/lib/dnsmasq instead of /var/lib/misc
+for file in dnsmasq.conf.example man/dnsmasq.8 man/es/dnsmasq.8 src/config.h; do
+    sed -i 's|/var/lib/misc/dnsmasq.leases|/var/lib/dnsmasq/dnsmasq.leases|g' "$file"
+done
+
+#set default user /group in src/config.h
+sed -i 's|#define CHUSER "nobody"|#define CHUSER "dnsmasq"|' src/config.h
+sed -i 's|#define CHGRP "dip"|#define CHGRP "dnsmasq"|' src/config.h
+
+# optional parts
+sed -i 's|^COPTS[[:space:]]*=|\0 -DHAVE_DBUS -DHAVE_LIBIDN2 -DHAVE_DNSSEC|' Makefile
+
+%build
+%make_build CFLAGS="$RPM_OPT_FLAGS" LDFLAGS="$RPM_LD_FLAGS"
+%make_build -C contrib/lease-tools CFLAGS="$RPM_OPT_FLAGS" LDFLAGS="$RPM_LD_FLAGS"
+
+
+%install
+# normally i'd do 'make install'...it's a bit messy, though
+mkdir -p $RPM_BUILD_ROOT%{_sbindir} \
+        $RPM_BUILD_ROOT%{_mandir}/man8 \
+        $RPM_BUILD_ROOT%{_var}/lib/dnsmasq \
+        $RPM_BUILD_ROOT%{_sysconfdir}/dnsmasq.d \
+        $RPM_BUILD_ROOT%{_sysconfdir}/dbus-1/system.d
+install src/dnsmasq $RPM_BUILD_ROOT%{_sbindir}/dnsmasq
+install dnsmasq.conf.example $RPM_BUILD_ROOT%{_sysconfdir}/dnsmasq.conf
+install dbus/dnsmasq.conf $RPM_BUILD_ROOT%{_sysconfdir}/dbus-1/system.d/
+install -m 644 man/dnsmasq.8 $RPM_BUILD_ROOT%{_mandir}/man8/
+install -D trust-anchors.conf $RPM_BUILD_ROOT%{_datadir}/%{name}/trust-anchors.conf
+
+# utils sub package
+mkdir -p $RPM_BUILD_ROOT%{_bindir} \
+         $RPM_BUILD_ROOT%{_mandir}/man1
+install -m 755 contrib/lease-tools/dhcp_release $RPM_BUILD_ROOT%{_bindir}/dhcp_release
+install -m 644 contrib/lease-tools/dhcp_release.1 $RPM_BUILD_ROOT%{_mandir}/man1/dhcp_release.1
+install -m 755 contrib/lease-tools/dhcp_release6 $RPM_BUILD_ROOT%{_bindir}/dhcp_release6
+install -m 644 contrib/lease-tools/dhcp_release6.1 $RPM_BUILD_ROOT%{_mandir}/man1/dhcp_release6.1
+install -m 755 contrib/lease-tools/dhcp_lease_time $RPM_BUILD_ROOT%{_bindir}/dhcp_lease_time
+install -m 644 contrib/lease-tools/dhcp_lease_time.1 $RPM_BUILD_ROOT%{_mandir}/man1/dhcp_lease_time.1
+
+# Systemd
+mkdir -p %{buildroot}%{_unitdir}
+install -m644 %{SOURCE1} %{buildroot}%{_unitdir}
+rm -rf %{buildroot}%{_initrddir}
+
+#install systemd sysuser file
+install -Dpm 644 %{SOURCE2} %{buildroot}%{_sysusersdir}/%{name}.conf
+
+%pre
+#precreate users so that rpm can install files owned by that user
+%sysusers_create_package %{name} %{SOURCE2}
+
+%post
+%systemd_post dnsmasq.service
+
+%preun
+%systemd_preun dnsmasq.service
+
+%postun
+%systemd_postun_with_restart dnsmasq.service
+
+%files
+%doc CHANGELOG FAQ doc.html setup.html dbus/DBus-interface
+%license COPYING COPYING-v3
+%defattr(0644,root,dnsmasq,0755)
+%config(noreplace) %{_sysconfdir}/dnsmasq.conf
+%dir %{_sysconfdir}/dnsmasq.d
+%dir %{_var}/lib/dnsmasq
+%defattr(-,root,root,-)
+%config(noreplace) %{_sysconfdir}/dbus-1/system.d/dnsmasq.conf
+%{_unitdir}/%{name}.service
+%{_sbindir}/dnsmasq
+%{_mandir}/man8/dnsmasq*
+%dir %{_datadir}/%{name}
+%{_datadir}/%{name}/trust-anchors.conf
+%{_sysusersdir}/dnsmasq.conf
+
+%files utils
+%license COPYING COPYING-v3
+%{_bindir}/dhcp_*
+%{_mandir}/man1/dhcp_*
+
+%changelog
+* Fri Oct 09 2020 Petr Menšík <pemensik@redhat.com> - 2.82-4
+- Remove uninitialized condition from downstream patch
+
+* Wed Sep 30 2020 Petr Menšík <pemensik@redhat.com> - 2.82-3
+- Listen only on localhost interface, return port unreachable on all others
+  (#1852373)
+
+* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.82-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Mon Jul 20 2020 Petr Menšík <pemensik@redhat.com> - 2.82-1
+- Update to 2.82
+
+* Tue Jun 30 2020 Petr Menšík <pemensik@redhat.com> - 2.81-4
+- Accept queries only from localhost (CVE-2020-14312)
+
+* Mon May 11 2020 Petr Menšík <pemensik@redhat.com> - 2.81-3
+- Correct multiple entries with the same mac address (#1834454)
+
+* Thu Apr 16 2020 Petr Menšík <pemensik@redhat.com> - 2.81-2
+- Update to 2.81 (#1823139)
+
+* Mon Mar 23 2020 Petr Menšík <pemensik@redhat.com> - 2.81-1.rc3
+- Update to 2.81rc3
+
+* Mon Mar 23 2020 Petr Menšík <pemensik@redhat.com> - 2.80-14
+- Fix last build breakage of DNS (#1814468)
+
+* Tue Mar 10 2020 Petr Menšík <pemensik@redhat.com> - 2.80-13
+- Respond to any local name also withou rd bit set (#1647464)
+
+* Wed Mar 04 2020 Petr Menšík <pemensik@redhat.com> - 2.80-12
+- Support multiple static leases for single mac on IPv6 (#1810172)
+
+* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.80-11
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+
+* Wed Aug 28 2019 Petr Menšík <pemensik@redhat.com> - 2.80-10
+- Fix CPU intensive RA flood (#1739797)
+
+* Fri Aug 09 2019 Petr Menšík <pemensik@redhat.com> - 2.80-9
+- Remove SO_TIMESTAMP support, DHCP was broken (#1739081)
+
+* Wed Jul 31 2019 Petr Menšík <pemensik@redhat.com> - 2.80-8
+- Compile with nettle 3.5
+- Support missing SIOCGSTAMP ioctl
+
+* Wed Jul 31 2019 Petr Menšík <pemensik@redhat.com> - 2.80-7
+- Fix TCP listener after interface recreated (#1728701)
+
+* Wed Jul 24 2019 Petr Menšík <pemensik@redhat.com> - 2.80-6
+- Do not return NXDOMAIN on empty non-terminals (#1674067)
+
+* Wed Jul 24 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.80-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
+* Mon Apr 08 2019 Petr Menšík <pemensik@redhat.com> - 2.80-4
+- Use more recent macro to create dnsmasq user
+
+* Fri Feb 15 2019 Petr Menšík <pemensik@redhat.com> - 2.80-3
+- Apply patches by autosetup
+
+* Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.80-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
+
+* Mon Aug 20 2018 Petr Menšík <pemensik@redhat.com> - 2.80-1
+- Update to 2.80
+
+* Thu Aug 09 2018 Petr Menšík <pemensik@redhat.com> - 2.79-8
+- Better randomize ports
+
+* Tue Jul 31 2018 Florian Weimer <fweimer@redhat.com> - 2.79-7
+- Rebuild with fixed binutils
+
+* Fri Jul 27 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 2.79-6
+- Rebuild for new binutils
+
+* Thu Jul 26 2018 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 2.79-5
+- Fix %%pre scriptlet (#1548050)
+
+* Thu Jul 12 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.79-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
+
+* Mon Jul 02 2018 Petr Menšík <pemensik@redhat.com> - 2.79-3
+- Make dnsmasq leases writeable by root again (#1554390)
+
+* Mon Jul 02 2018 Petr Menšík <pemensik@redhat.com> - 2.79-2
+- Fix passing of dnssec enabled queries (#1597309)
+
+* Thu Mar 15 2018 Petr Menšík <pemensik@redhat.com> - 2.79-1
+- Rebase to 2.79
+- Stop using nettle_hashes directly, use access function (#1548060)
+- Do not break on cname with spaces (#1498667)
+- Require nettle 3.4+
+- Do not own sysusers.d directory, already depends on systemd providing it
+
+* Fri Mar 02 2018 Petr Menšík <pemensik@redhat.com> - 2.78-7
+- Emit warning with dnssec enabled on FIPS system (#1549507)
+
+* Sun Feb 25 2018 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 2.78-6
+- Create user before installing files (#1548050)
+
+* Fri Feb 23 2018 Petr Menšík <pemensik@redhat.com> - 2.78-5
+- Create user first and then restart service
+
+* Thu Feb 22 2018 Itamar Reis Peixoto <itamar@ispbrasil.com.br> - 2.78-4
+- add gcc into buildrequires
+- deliver an extra sysusers.d file to create dnsmasq user/group
+- set CHUSER and CHGRP to dnsmasq in src/config.h
+
+* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.78-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
+
+* Mon Jan 22 2018 Petr Menšík <pemensik@redhat.com> - 2.78-2
+- DNSSEC fix for wildcard NSEC records (CVE-2017-15107)
+
+* Tue Oct 03 2017 Petr Menšík <pemensik@redhat.com> - 2.78-1
+- Rebase to 2.78
+
+* Tue Oct 03 2017 Petr Menšík <pemensik@redhat.com> - 2.77-9
+- More patches related to CVE-2017-14491
+
+* Mon Oct 02 2017 Petr Menšík <pemensik@redhat.com> - 2.77-8
+- Security fix, CVE-2017-14491, DNS heap buffer overflow
+- Security fix, CVE-2017-14492, DHCPv6 RA heap overflow
+- Security fix, CVE-2017-14493, DHCPv6 - Stack buffer overflow
+- Security fix, CVE-2017-14494, Infoleak handling DHCPv6
+- Security fix, CVE-2017-14496, Integer underflow in DNS response creation
+- Security fix, CVE-2017-14495, OOM in DNS response creation
+- Misc code cleanups arising from Google analysis
+- Do not include stdio.h before dnsmasq.h
+
+* Thu Sep 14 2017 Petr Menšík <pemensik@redhat.com> - 2.77-7
+- Fix CVE-2017-13704
+
+* Mon Aug 14 2017 Petr Menšík <pemensik@redhat.com> - 2.77-6
+- Own the /usr/share/dnsmasq dir (#1480856)
+
+* Wed Aug 02 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.77-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
+
+* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.77-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
+
+* Wed Jun 07 2017 Petr Menšík <pemensik@redhat.com> - 2.77-3
+- Update to 2.77
+
+* Fri May 12 2017 Petr Menšík <pemensik@redhat.com> - 2.77-2.rc2
+- Fix dhcp
+
+* Thu May 11 2017 Petr Menšík <pemensik@redhat.com> - 2.77-1
+- Update to 2.77rc2
+
+* Thu May 11 2017 Petr Menšík <pemensik@redhat.com>
+- Include dhcp_release6 tool and license in utils
+- Support for IDN 2008 (#1449150)
+
+* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.76-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
+
+* Wed Oct 19 2016 Pavel Šimerda <psimerda@redhat.com> - 2.76-2
+- Resolves: #1373485 - dns not updated after sleep and resume laptop
+
+* Fri Jul 15 2016 Pavel Šimerda <psimerda@redhat.com> - 2.76-1
+- New version 2.76
+
+* Wed Feb 03 2016 Fedora Release Engineering <releng@fedoraproject.org> - 2.75-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
+
+* Mon Jan 25 2016 Tomas Hozza <thozza@redhat.com> - 2.75-3
+- Fixed minor bug in dnsmasq.conf (#1295143)
+
+* Fri Oct 02 2015 Pavel Šimerda <psimerda@redhat.com> - 2.75-2
+- Resolves: #1239256 - install trust-anchors.conf
+
+* Wed Aug 05 2015 Pavel Šimerda <psimerda@redhat.com> - 2.75-1
+- new version 2.75
+
+* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.72-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
+
+* Mon Oct 06 2014 Nils Philippsen <nils@redhat.com> - 2.72-3
+- don't include /etc/dnsmasq.d in triplicate, ignore RPM backup files instead
+- package is dual-licensed GPL v2 or v3
+- drop %%triggerun, we're not supposed to automatically migrate from SysV to
+  systemd anyway
+
+* Mon Oct 06 2014 Tomas Hozza <thozza@redhat.com> - 2.72-2
+- Fix typo in default configuration (#1149459)
+
+* Thu Sep 25 2014 Tomas Hozza <thozza@redhat.com> - 2.72-1
+- Update to 2.72 stable
+
+* Sat Aug 16 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.71-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
+
+* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.71-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
+
+* Tue May 20 2014 Tomas Hozza <thozza@redhat.com> - 2.71-1
+- Update to 2.71 stable
+
+* Fri Apr 25 2014 Tomas Hozza <thozza@redhat.com> - 2.70-1
+- Update to 2.70 stable
+
+* Fri Apr 11 2014 Tomas Hozza <thozza@redhat.com> - 2.69-1
+- Update to 2.69 stable
+
+* Mon Mar 24 2014 Tomas Hozza <thozza@redhat.com> - 2.69-0.1.rc1
+- Update to 2.69rc1
+- enable DNSSEC implementation
+
+* Mon Dec 09 2013 Tomas Hozza <thozza@redhat.com> - 2.68-1
+- Update to 2.68 stable
+
+* Tue Nov 26 2013 Tomas Hozza <thozza@redhat.com> - 2.68-0.1.rc3
+- Update to 2.68rc3
+
+* Fri Nov 01 2013 Tomas Hozza <thozza@redhat.com> - 2.67-1
+- Update to 2.67 stable
+- Include one post release upstream fix for CNAME
+
+* Fri Oct 18 2013 Tomas Hozza <thozza@redhat.com> - 2.67-0.9.rc4
+- update to 2.67rc4
+
+* Wed Oct 02 2013 Tomas Hozza <thozza@redhat.com> - 2.67-0.8.rc2
+- update to 2.67rc2
+
+* Thu Sep 12 2013 Tomas Hozza <thozza@redhat.com> - 2.67-0.7.test13
+- update to 2.67test13
+- use .tar.xz upstream archives
+
+* Thu Aug 15 2013 Tomas Hozza <thozza@redhat.com> - 2.67-0.6.test7
+- Use SO_REUSEPORT and SO_REUSEADDR if possible for DHCPv4/6 (#981973)
+
+* Mon Aug 12 2013 Tomas Hozza <thozza@redhat.com> - 2.67-0.5.test7
+- Don't use SO_REUSEPORT on DHCPv4 socket to prevent conflicts with ISC DHCP (#981973)
+
+* Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.67-0.4.test7
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
+
+* Tue Jun 11 2013 Tomas Hozza <thozza@redhat.com> - 2.67-0.3.test7
+- update to 2.67test7
+- drop merged patch
+- use _hardened_build macro instead of hardcoded flags
+
+* Fri May 17 2013 Tomas Hozza <thozza@redhat.com> - 2.67-0.2.test4
+- Fix failure to start with ENOTSOCK (#962874)
+
+* Wed May 15 2013 Tomas Hozza <thozza@redhat.com> - 2.67-0.1.test4
+- update to the latest testing release 2.67test4 (#962246)
+- drop mergerd patches
+
+* Tue Apr 30 2013 Tomas Hozza <thozza@redhat.com> - 2.66-5
+- dnsmasq unit file cleanup
+  - drop forking Type and PIDfile and rather start dnsmasq with "-k" option
+  - drop After syslog.target as this is by default
+
+* Thu Apr 25 2013 Tomas Hozza <thozza@redhat.com> - 2.66-4
+- include several fixes from upstream repo:
+  - Send TCP DNS messages in one packet
+  - Fix crash on SERVFAIL when using --conntrack option
+  - Fix regression in dhcp_lease_time utility
+  - Man page typos fixes
+  - Note that dhcp_lease_time and dhcp_release work only for IPv4
+  - Fix for --dhcp-match option to work also with BOOTP protocol
+
+* Sat Apr 20 2013 Tomas Hozza <thozza@redhat.com> - 2.66-3
+- Use Full RELRO when linking the daemon
+- compile the daemon with PIE
+- include two fixes from upstream git repo
+
+* Thu Apr 18 2013 Tomas Hozza <thozza@redhat.com> - 2.66-2
+- New stable version dnsmasq-2.66
+- Drop of merged patch
+
+* Fri Apr 12 2013 Tomas Hozza <thozza@redhat.com> - 2.66-1.rc5
+- Update to latest dnsmasq-2.66rc5
+- Include fix for segfault when lease limit is reached
+
+* Fri Mar 22 2013 Tomas Hozza <thozza@redhat.com> - 2.66-1.rc1
+- Update to latest dnsmasq-2.66rc1
+- Dropping unneeded patches
+- Enable IDN support
+
+* Fri Mar 15 2013 Tomas Hozza <thozza@redhat.com> - 2.65-5
+- Allocate dhcp_buff-ers also if daemon->ra_contexts to prevent SIGSEGV (#920300)
+
+* Thu Jan 31 2013 Tomas Hozza <thozza@redhat.com> - 2.65-4
+- Handle locally-routed DNS Queries (#904940)
+
+* Thu Jan 24 2013 Tomas Hozza <thozza@redhat.com> - 2.65-3
+- build dnsmasq with $RPM_OPT_FLAGS, $RPM_LD_FLAGS explicitly (#903362) 
+
+* Tue Jan 22 2013 Tomas Hozza <thozza@redhat.com> - 2.65-2
+- Fix for CVE-2013-0198 (checking of TCP connection interfaces) (#901555)
+
+* Sat Dec 15 2012 Tomas Hozza <thozza@redhat.com> - 2.65-1
+- new version 2.65
+
+* Wed Dec 05 2012 Tomas Hozza <thozza@redhat.com> - 2.64-1
+- New version 2.64
+- Merged patches dropped
+
+* Tue Nov 20 2012 Tomas Hozza <thozza@redhat.com> - 2.63-4
+- Remove EnvironmentFile from service file (#878343)
+
+* Mon Nov 19 2012 Tomas Hozza <thozza@redhat.com> - 2.63-3
+- dhcp6 support fixes (#867054)
+- removed "-s $HOSTNAME" from .service file (#753656, #822797)
+
+* Tue Oct 23 2012 Tomas Hozza <thozza@redhat.com> - 2.63-2
+- Introduce new systemd-rpm macros in dnsmasq spec file (#850096)
+
+* Thu Aug 23 2012 Douglas Schilling Landgraf <dougsland@redhat.com> - 2.63-1
+- Use .tar.gz compression, in upstream site there is no .lzma anymore
+- New version 2.63
+
+* Sat Feb 11 2012 Pádraig Brady <P@draigBrady.com> - 2.59-5
+- Compile DHCP lease management utils with RPM_OPT_FLAGS
+
+* Thu Feb  9 2012 Pádraig Brady <P@draigBrady.com> - 2.59-4
+- Include DHCP lease management utils in a subpackage
+
+* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.59-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
+
+* Fri Aug 26 2011 Douglas Schilling Landgraf <dougsland@redhat.com> - 2.59-2
+- do not enable service by default
+
+* Fri Aug 26 2011 Douglas Schilling Landgraf <dougsland@redhat.com> - 2.59-1
+- New version 2.59
+- Fix regression in 2.58 (IPv6 issue) - bz 744814
+
+* Fri Aug 26 2011 Douglas Schilling Landgraf <dougsland@redhat.com> - 2.58-1
+- Fixed License
+- New version 2.58
+
+* Mon Aug 08 2011 Patrick "Jima" Laughton <jima@fedoraproject.org> - 2.52-5
+- Include systemd unit file
+
+* Mon Aug 08 2011 Patrick "Jima" Laughton <jima@fedoraproject.org> - 2.52-3
+- Applied Jóhann's patch, minor cleanup
+
+* Tue Jul 26 2011 Jóhann B. Guðmundsson <johannbg@gmail.com> - 2.52-3
+- Introduce systemd unit file, drop SysV support
+
+* Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.52-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
+
+* Tue Jan 26 2010 Itamar Reis Peixoto <itamar@ispbrasil.com.br> - 2.52-1
+- New Version 2.52
+- fix condrestart() in initscript bz 547605
+- fix sed to enable DBUS(the '*' need some escaping) bz 553161
+
+* Sun Nov 22 2009 Itamar Reis Peixoto <itamar@ispbrasil.com.br> - 2.51-2
+- fix bz 512664
+
+* Sat Oct 17 2009 Itamar Reis Peixoto <itamar@ispbrasil.com.br> - 2.51-1
+- move initscript from patch to a plain text file
+- drop (dnsmasq-configuration.patch) and use sed instead
+- enable /etc/dnsmasq.d fix bz 526703
+- change requires to package name instead of file
+- new version 2.51
+
+* Mon Oct  5 2009 Mark McLoughlin <markmc@redhat.com> - 2.48-4
+- Fix multiple TFTP server vulnerabilities (CVE-2009-2957, CVE-2009-2958)
+
+* Wed Aug 12 2009 Ville Skyttä <ville.skytta@iki.fi> - 2.48-3
+- Use lzma compressed upstream tarball.
+
+* Fri Jul 24 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.48-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
+
+* Wed Jun 10 2009 Patrick "Jima" Laughton <jima@beer.tclug.org> 2.48-1
+- Bugfix/feature enhancement update
+- Fixing BZ#494094
+
+* Fri May 29 2009 Patrick "Jima" Laughton <jima@beer.tclug.org> 2.47-1
+- Bugfix/feature enhancement update
+
+* Tue Feb 24 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.46-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
+
+* Mon Dec 29 2008 Matěj Cepl <mcepl@redhat.com> - 2.45-2
+- rebuilt
+
+* Mon Jul 21 2008 Patrick "Jima" Laughton <jima@beer.tclug.org> 2.45-1
+- Upstream release (bugfixes)
+
+* Wed Jul 16 2008 Patrick "Jima" Laughton <jima@beer.tclug.org> 2.43-2
+- New upstream release, contains fixes for CVE-2008-1447/CERT VU#800113
+- Dropped patch for newer glibc (merged upstream)
+
+* Wed Feb 13 2008 Patrick "Jima" Laughton <jima@beer.tclug.org> 2.41-0.8
+- Added upstream-authored patch for newer glibc (thanks Simon!)
+
+* Wed Feb 13 2008 Patrick "Jima" Laughton <jima@beer.tclug.org> 2.41-0.7
+- New upstream release
+
+* Wed Jan 30 2008 Patrick "Jima" Laughton <jima@beer.tclug.org> 2.41-0.6.rc1
+- Release candidate
+- Happy Birthday Isaac!
+
+* Wed Jan 23 2008 Patrick "Jima" Laughton <jima@beer.tclug.org> 2.41-0.5.test30
+- Bugfix update
+
+* Mon Dec 31 2007 Patrick "Jima" Laughton <jima@beer.tclug.org> 2.41-0.4.test26
+- Bugfix/feature enhancement update
+
+* Thu Dec 13 2007 Patrick "Jima" Laughton <jima@beer.tclug.org> 2.41-0.3.test24
+- Upstream fix for fairly serious regression
+
+* Tue Dec 04 2007 Patrick "Jima" Laughton <jima@beer.tclug.org> 2.41-0.2.test20
+- New upstream test release
+- Moving dnsmasq.leases to /var/lib/dnsmasq/ as per BZ#407901
+- Ignoring dangerous-command-in-%%post rpmlint warning (as per above fix)
+- Patch consolidation/cleanup
+- Removed conditionals for Fedora <= 3 and Aurora 2.0
+
+* Tue Sep 18 2007 Patrick "Jima" Laughton <jima@beer.tclug.org> 2.40-1
+- Finalized upstream release
+- Removing URLs from patch lines (CVS is the authoritative source)
+- Added more magic to make spinning rc/test packages more seamless
+
+* Sun Aug 26 2007 Patrick "Jima" Laughton <jima@beer.tclug.org> 2.40-0.1.rc2
+- New upstream release candidate (feature-frozen), thanks Simon!
+- License clarification
+
+* Tue May 29 2007 Patrick "Jima" Laughton <jima@beer.tclug.org> 2.39-1
+- New upstream version (bugfixes, enhancements)
+
+* Mon Feb 12 2007 Patrick "Jima" Laughton <jima@beer.tclug.org> 2.38-1
+- New upstream version with bugfix for potential hang
+
+* Tue Feb 06 2007 Patrick "Jima" Laughton <jima@beer.tclug.org> 2.37-1
+- New upstream version
+
+* Wed Jan 24 2007 Patrick "Jima" Laughton <jima@beer.tclug.org> 2.36-1
+- New upstream version
+
+* Mon Nov 06 2006 Patrick "Jima" Laughton <jima@beer.tclug.org> 2.35-2
+- Stop creating /etc/sysconfig on %%install
+- Create /etc/dnsmasq.d on %%install
+
+* Mon Nov 06 2006 Patrick "Jima" Laughton <jima@beer.tclug.org> 2.35-1
+- Update to 2.35
+- Removed UPGRADING_to_2.0 from %%doc as per upstream change
+- Enabled conf-dir in default config as per RFE BZ#214220 (thanks Chris!)
+- Added %%dir /etc/dnsmasq.d to %%files as per above RFE
+
+* Tue Oct 24 2006 Patrick "Jima" Laughton <jima@beer.tclug.org> 2.34-2
+- Fixed BZ#212005
+- Moved %%postun scriptlet to %%post, where it made more sense
+- Render scriptlets safer
+- Minor cleanup for consistency
+
+* Thu Oct 19 2006 Patrick "Jima" Laughton <jima@beer.tclug.org> 2.34-1
+- Hardcoded version in patches, as I'm getting tired of updating them
+- Update to 2.34
+
+* Mon Aug 28 2006 Patrick "Jima" Laughton <jima@beer.tclug.org> 2.33-2
+- Rebuild for FC6
+
+* Tue Aug 15 2006 Patrick "Jima" Laughton <jima@beer.tclug.org> 2.33-1
+- Update
+
+* Sat Jul 22 2006 Patrick "Jima" Laughton <jima@beer.tclug.org> 2.32-3
+- Added pkgconfig BuildReq due to reduced buildroot
+
+* Thu Jul 20 2006 Patrick "Jima" Laughton <jima@beer.tclug.org> 2.32-2
+- Forced update due to dbus version bump
+
+* Mon Jun 12 2006 Patrick "Jima" Laughton <jima@beer.tclug.org> 2.32-1
+- Update from upstream
+- Patch from Dennis Gilmore fixed the conditionals to detect Aurora Linux
+
+* Mon May  8 2006 Patrick "Jima" Laughton <jima@auroralinux.org> 2.31-1
+- Removed dbus config patch (now provided upstream)
+- Patched in init script (no longer provided upstream)
+- Added DBus-interface to docs
+
+* Tue May  2 2006 Patrick "Jima" Laughton <jima@auroralinux.org> 2.30-4.2
+- More upstream-recommended cleanups :)
+- Killed sysconfig file (provides unneeded functionality)
+- Tweaked init script a little more
+
+* Tue May  2 2006 Patrick "Jima" Laughton <jima@auroralinux.org> 2.30-4
+- Moved options out of init script and into /etc/sysconfig/dnsmasq
+- Disabled DHCP_LEASE in sysconfig file, fixing bug #190379
+- Simon Kelley provided dbus/dnsmasq.conf, soon to be part of the tarball
+
+* Thu Apr 27 2006 Patrick "Jima" Laughton <jima@auroralinux.org> 2.30-3
+- Un-enabled HAVE_ISC_READER, a hack to enable a deprecated feature (request)
+- Split initscript & enable-dbus patches, conditionalized dbus for FC3
+- Tweaked name field in changelog entries (trying to be consistent)
+
+* Mon Apr 24 2006 Patrick "Jima" Laughton <jima@auroralinux.org> 2.30-2
+- Disabled stripping of binary while installing (oops)
+- Enabled HAVE_ISC_READER/HAVE_DBUS via patch
+- Added BuildReq for dbus-devel
+
+* Mon Apr 24 2006 Patrick "Jima" Laughton <jima@auroralinux.org> 2.30-1
+- Initial Fedora Extras RPM
diff --git a/gating.yaml b/gating.yaml
new file mode 100644
index 0000000..c2182c7
--- /dev/null
+++ b/gating.yaml
@@ -0,0 +1,6 @@
+--- !Policy
+product_versions:
+  - fedora-*
+decision_context: bodhi_update_push_stable
+rules:
+  - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional}
diff --git a/sources b/sources
new file mode 100644
index 0000000..f1e2285
--- /dev/null
+++ b/sources
@@ -0,0 +1,2 @@
+SHA512 (dnsmasq-2.82.tar.xz) = faf36efdaa3abe84994e46aea018b0a324218d42814baac056ca635f6d03f1301e7b4d958f92b272a8e3a7ac358f3a4e2606129a217587b471aedb3ce23e903b
+SHA512 (dnsmasq-2.82.tar.xz.asc) = e52a9b6589b37a97313654f78f86cf9f9c501dc8f38b3775b8b6ebfe6e4f4a54d3aa73ac9cf0472eac3a32ec930a8b4fc5a6a809b396e7ade16988d3c034b5bd
diff --git a/srkgpg.txt b/srkgpg.txt
new file mode 100644
index 0000000..be1f1f2
--- /dev/null
+++ b/srkgpg.txt
@@ -0,0 +1,117 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v2.0.22 (GNU/Linux)
+
+mQINBFMbjUMBEACsU1Xk8+uu/EsGVJTh9Tn31C2e0ycd0voBVT7cTdtXpzeiNR+o
+/zUAi95ds7FiecpZJp1nRO4vNzvaaAPZhFsFVLzZYyIVABgTXsskT88xbZvzb4W5
+KKRWVhoTQxVDgj1+dXLUXULTB6rg02WEhqnix/qf/zFdM9I4/3pRHJn9k+3XKygR
+on+nYtljfn3AKBelCo1y28istC6wCncoH11b/qdQtlfxVXaJY4HF27V0MqFFmDMg
+cuhOHR7DnhymeDh7GmLfTHJ4LUFG+TecqCjiYhyWcuv2wuSb0EPXUKHJQVViQ8qg
+KyPm1ly6uFP0CYdVavO7/oJwKFBIChECrj7BQ4GsImMHeuSzfWno7qy6Fxoxx2+g
+0F9cdXWvcxFDGPQsL5vXp8KYNwBrzmijRzQ2ZAnrbG+ilFCkJCbxXcrhzpd4tKwE
+0dgcyPL1Ma/lrznhL4ZuOzjVMgLNne7WiPpBNRqI1GoT0pUn6as4pU3En8B+K7zy
+MLVfHvI1+iH45fP5bZwYSbXCa85v4+xqljYrzs9giaROEsXe/tsXvuc6JPCcmJXk
+CUO3c3QVxqDFt9OYuTHIR8hqehDPLgFgzKqVuoAwMkhTf/zZNGlsy4jvKXQNcZ50
+uD4mWO3e+gykNW/OH+88IoCR0rgjQ6trMLOceZFnrtvxwRL//lMndGCTYQARAQAB
+tCZTaW1vbiBLZWxsZXkgPHNpbW9uQHRoZWtlbGxleXMub3JnLnVrPokCOgQTAQgA
+JAIbAwULCQgHAwUVCgkICwUWAgMBAAIeAQIXgAUCUyDDjgIZAQAKCRAVzdpq4ZE1
+otpmD/49HjUnc/uiYa/pcP5OIBd8lChHlF/NCh4s1RASeKv9cG6WDjnbTdxgcS6t
+yESFJOfZ/hZW0WDEmuAh3tcZh1/yghkiMF3zZ+nB0zCFt9y//qKrNYvT7a9o+YGo
+TuLANNq0jzzyrlPJemkZ7wvn9WNfRoG+ZUg/IQT0EVBqz6+/lvJSRTnjYXE8Ckay
+/RbQ/WkppsuXQXsi08U+5oPT4rWTAGtZu4aEEoxX2MYcHip1f/bUUFzOAB/cn3In
+ba+bqisLDCGm3F174NKfu+pk2MO0cauRRYPMoBAHLWDgGZOXoihWBgplcBUEYy1h
+SNL7zRVX5AT2Z5Wqa1fVokkSd/T8FF2/0J4PjqFkCvBfCL8BYWzfTSkR/PBwL71P
+nFzeOVJ1h1bF5ANXtfArZUI6HGMWpOb56E/YaHXhZ+lzfiM32Mwnc6jDHM3mJnEZ
+jOQcsWEz7QgoR5YSPFFY6gmBXk+Y28bsgFvO3w73GjnnSHsmZdlWx9KmQWnMk/LQ
++7PUl7If+eIJ4PAqSEQddBOT/g74Q4NHGu4lvAhgZ47aU18+fYdxvVoe9JyXHsYY
+5gPMjiM3RRxiugmm8dlT7RfYKWkJMBbkiyGAeQ6R1RDVztL7nM9N4ttb6nFOVtYK
+UDQ1gxtKfrz/+L8Myy3IETC1NZgkuaDlXcdbNF3/oHApl8NK64hGBBARCAAGBQJT
+G43BAAoJECj8hpoom4K3QrUAn1VftUxazQQJ/j6HJ/p3Soa60fJyAJ4xLJCBpov9
+duJRuE9rF1OBaMZDeIhGBBARCAAGBQJTIekzAAoJECnhT5k5GzkoyOgAnjreKaWc
+cEpEZSZnjlnc7DEnHuS+AJ4+Xq87WVKj9cJ05o8TRSkKxJYlEIkCHAQQAQgABgUC
+UyHp8gAKCRAC0CBFCPsO9yHSD/9xYHSECwwneMFAO4nEGHyAQnhvyDzX3RutZeX1
+9pc+qOm5iLUD+1EVx8+AvjTw0337yIHOa5nZI3CpgmBhmj18Q9vEgmtZn6EMXaRE
+CvedsRjUSd3Q5+CF0AUbo1JQqZhVUdYLEZYcvfNgEmKl6IoVHwP8moH/cxDFc5Y6
+GdlFAeJylynPdZ3Lb94DEya8VQc2mSG8L6y6ZDW8yf6M8npQG7f1cyJb9lPJJqlH
+ZaFnpK2Df1DvOJXB88FQH1qW++w9uIoszdWjDOSGmwOuazO3GMmpfZPJPkH5lXoF
+XKN5BO/l/gvEQ1jsmp14VZHJqdcO7HRHksLQLvNDQSi3am4ok2xm3Kn2NryJ1K2Q
+mUBGrWu4CtwabgvhoKGxr0GADCQJVlLqRCC+UIp97J0kOsZj8FYjwA3I1U5w8wJi
+SUqw8u+8OCCFGm1rS6XQy/wbGDPwZjCZnaNHICSj8zeXE9YkhTf2fMs/S8NLQUPy
+u1g3/IoIGNnadETzEmAd02FJncUlUo05yDAcVg/IqwgM8atJQqEWLYE0QHrcqOWi
+eaCCJ9+fx2KhxKnRqpKAXSov+M0KYDkIV9OQE+KioGzxdlrN2ZFmbfIKLLYMwH0s
+xMkgJjbbhP8KhfxDIUoSky9gUTwwyrpJVjKkXZ6yNFpSo+Mtn8OHL12nLqzyQONT
+waerx4hGBBARCAAGBQJTL0SDAAoJEBbi9PX8geFZBbUAnR3I/MdzG4kBtCecwePz
+MvKdKS1SAJ9CyGUhzb8coURtMzbIlH9F7jm6L4kCHAQQAQgABgUCUy9EpAAKCRBj
+ziC6xJxBSLhYD/9qBBxVex2nxavrMV4Vd0AhYJa5iI148NbqD7EZLnuCDWwi+wrq
+nfMi0ToUHlh1Lp36vXd06W8JySHIiAxL0zDpq6tdT65f6iOTRZ6W6xuebxKgqC3k
+ZsxcEzceYR1dOCKlRhQAsZ7Q9BJP/ZafSD/NOm2sxdPOneYm8IA4QXwWDVOayrV8
+FOIDBkBLmPhm1BGNErdhCBCYsvqYSN7gFJBNszXciNMJtBmXWNyTsHtNAeKIQuzE
+RgYCC2/LuTOIloeI6z6mM7mVZuPsraqRa5iGITvGI4qeQziTp+xqIu8YPQrE67iQ
+MqSZZCxv3aheiiJd06l4FFpEYEg5H4FMD9JW4rvnaxLwXc8x1/ZVQQhylughetE9
+j7oPQbA353oyUCCAukd4UiNYtULNCbZzfKdKCFCajnIfIY8IqNGuWvmujKViDAk2
+7bIlKQeyNKExIx8Jkr4WPQBLFmXCkT+jYQMJx/R6SoNwrpa50SofTT+y+43GpSQ5
+5e3Kffky0SZk+O/m7oW7gKPjwzh/UmLsOb9INXJ3gYS/CDT3fwA+UsAA+gXneT3I
+ygYqfU8dnk2umV20gIm8q/SQYiyhMM+PZCkKXeHyoeU/SbO72DWKw/ZtZI/1b9xX
+ruc1HBKJ/UXNPJRyoHIi4dZ/ARQ/zk839beBMnGm0AsB1y1+leTlrNZM5rQdU2lt
+b24gS2VsbGV5IDxzcmtAZGViaWFuLm9yZz6JAjcEEwEIACEFAlMgw3QCGwMFCwkI
+BwMFFQoJCAsFFgIDAQACHgECF4AACgkQFc3aauGRNaKhRg//S5G2RYoHNY22ecyG
+5hpBr354lqdZiYRHKYCjX29jDIrtZSlC3HCL31ciGOVg666aD5xy54WAPTlx3MFQ
+AxgWsqFTkICHj6zFdFduLmI1IffvcxkcEKwi6NK5f5dOxih9EtXcQ1HsoSUWGRmB
+Kltvt1wyaiG37A80pjzQso1b6kr5JLdGMrjWx9PnFRKCdUNh5nxIb4HeC5R2Q8oT
+FaipSppZwmvA5ocCvhMsyYCyiE6o8QTtzTqj5mGZafIqy18hwB9bA2n2gcEY1fXD
+V9ky08J98A3VJqAMDM9Y6KYv+tQNJBIJRDWGmvjR/1J6n1jqO64l7mTcBlT/xfyp
+TFfiXVzGN+H3EiEDFpPXKcc4abjiY8IaCu4P8qvKvee/EF7+FUep3R/i3hw0a5th
+bZ4of1LfLp6qg7XjCZ3d2MUitxKe/FoFQS/ctkKNwsimOlUl5bIVmaJMMq8FUvLi
+6iBgFMy8LCk2ItZ5rA2+5kGalGzwcWDdpq66A+z69f1wFfKDccOpfOJ838zmxCrz
+WSxbVnLTaRSV4VobZvwHkAXZGCnDMk68ELfUNFzGClBhNOVPqAHbU74AkSS5bas5
+recjKUz53DZl1aAOWLxFXQlOvxsaZ9wHmvHJAZiKscUGNUBXRK9p78TzQEm5Lxwz
+Q6/V1JSkA6o4Xq7qygSARIigjJyIRgQQEQgABgUCUyHpMwAKCRAp4U+ZORs5KI+v
+AKC2OnBT8TZ5cnTQwleYshUsxJddkQCgpecrsb8ysVtau7lXBgrA/X/Wef2JAhwE
+EAEIAAYFAlMh6fIACgkQAtAgRQj7DvcWsQ//SF+g3zMRYeZ+qNC3m7slibJNCPdM
+Cied05owZfN6oHhfBaRDc7nAC6mSdwFF76ird5/bSg2HzR6Tp4hIy/5M5WXFv4jt
+m+0KXYKnDjHv1297sSALFoYKlm4K4lnE7T/qJknc/mGlLWfWm5Y5jV/QfV9Zwxvy
+kT5Oh5xxzeNiOdvkmV4pCCk+bt15tGD0pII2n/TMPVfDVADLlhrWBrBp7laKyn6Q
+5VvI4GiVBnHSiKsGVEaX0yUuDYzGZSU2RLaJG4BPNHqlHqSQYvsyo6QHPpHg0K6v
+WWZFpgFOXHlLYMNJ91NS+DX7BqlEib2ndWQqCYzZtgRUJK/Dd6G6r2e60/5CPn6H
+CwqQZr1MRdY6vEJS9Lpd5uGIOeQFTEDBZ22pcUAb20cZNdK1J+BgilfVuMvLAs2W
+7fANxLtAHsXdNCvlkqr68odMI8C6w3Zd4R6XL4tfoYXl9emOKiN5SiCpK9HHJNxS
+AuX6vH3lTyR+/sG1haxntu4Tn1T2zBJRgh2DiKuJLH6hnn7F7pf1fZEUUE/A6VSf
+bmp+a6CXfn9mvgnF51QylKkFCauXhV5WsusEtWlNACeJjKXBg+d8LkA6FmJecMbY
+ZzBTdcaN5OwLfXRpAkCsODWk2lXJNlhOntmVfa6MLDnll64S/3j+1wnKOHihf+c2
+exRMy5eQCUKwqVSIRgQQEQgABgUCUy9EgwAKCRAW4vT1/IHhWZwLAJwLPSUf/VMW
+NUJ1hRwNo+7kpUGLdQCeMzNtz3H0smfUn84CSRBFYIJDIhCJAhwEEAEIAAYFAlMv
+RKoACgkQY84gusScQUiSfxAAuNSMXCUGs02xdJvnQRc10HkJxm/wg7YngVa4WZfd
+eqyP2tQOjTdf65OMSIOCIrfpWHPDscJfsP3fjbHojFfx81iJnFmOdxx9aqB9KD15
+FD4Whgq+Eyk8TiPZUEHiVU9RR8N6T/7mIe+lVNJ6GZ1iSk29D1g6+oM56Gox2d3y
+0c8FnCK1Ts6D1peRiIiMq+gjGccdVJyim/yZI3WqzHvul//WmdEFzwgXqh03wbx3
+iQS2zXdvwgyB+gBbVpk+6axOIbYupAvTNXYQV9Hz4imWoDFlXGdYzCMzb6QyH46R
+NgfElAb8UcCknQjLwnawAjXPEHgrH6yaruYR9H1LBLxYIHA4oBYQCUxmn4ArDLOF
+6kZ68eM8efBxVu4uAtklil9X8NUynhyI9DDWJoQET52ekojtOr31NCXHCtUmTkYb
+PEwJxAORMBf3JEPlz2brGRgcSbacJG5RE4Qw2hfKJTOQTiNk4DpLwYrChLK8Ctmn
+RS7jAZth3U2W7Fqc7OFfKs3zuo/2RRRCG3fjOVX7aIOp4Cnobvk0NxXDhEtUpMeP
+0o7qPW8OdxrFyQ3YCoxu94ix1S6da3m143OujdmlM0Gs7Acyeq4bN3FokLzrMxci
+oO6swXzgh9RGCzMkRrBztWgEpXQf8PbcBliF+sDV2aYerGBN9qmbN9FX30IKGaWn
+QsK5Ag0EUyDDoQEQAMfQfa2tw3+OJFGMQEzLJSoXYN8/HnZEgKNlcMuYzhheQLgu
+/MfcQJ7mnCIdn6xdPaalfLmYx63tM47/NGEM1+MSEvovPiRG0OLxzSgwei9DiGeN
+EgsPTLXSZ5EVSXCM1+e9mT1ExT9aGLNnpCd6kIyWIcKCVMot+XC70R9prWLeyKSh
+0FAZ0Pwv9i23osJVGOtJjND+WZ0uCeN29ocfN0b64yF4nPRc9IbcmYIDgNU3RybK
+2Z/dupbthTisRjHRI3iX3/tiymXF3J0sSvsCluWIJWmyltS3Xyk/wfKVJz6OouiJ
+jTj5utXVnCGptCDw+DCcj89vx1N0+0Dhm1cQcNZvXjMbVDTsuU+eVpJbxU6y8N+n
+XpAXjEw4jMi3zNpqKtkyv2YpoqY5HhGLybgrY0zwSQOyMNf9lZ5J7znq5gEmiMXn
+G9OPEw7PPSvm6QfbHPY/jAOgxsu7Fme7k303D5KkyGkkbzQiYyEtMZvbOMH/uECi
+2uHGB72qiGpEYjMtHhihaRCBl+0bY8sH83He690qNQHSdStjaKXcecduE/v5iO0m
+OYIHdsEHhKlWsE1GXXVLofBr68UBhYV6/AGXko4Pr+dXLzauN4kALDx6WltFu3qU
+voD+uEoLq7IXULMo5Pyd7bO4qGQMKykaXTb5o6dqdu4GzWIUw1fr9kLEmo29ABEB
+AAGJAh8EGAEIAAkFAlMgw6ECGwwACgkQFc3aauGRNaIjqA/+PXuaM6JHuudLycmB
+0iKAwyB5csOFGpF3b9FgMR68TC4jzi5J5hJZASl0cO/e0ytQsrDUBbH74y+WaA4l
+dwBVYr0j/2hqzIjrnGMtgWeHFPLV3sKw8DGuNx1/cOoljJXzi1WWSHIwDvaj3uZ9
+CwHt+4/abR7kdvMcnFhQVA4zuzZWFqpp+CDkkJNVwB9zxtAQwGTGF4cQ0IvTkhCo
+6DQhZZVTeyn+nBKxzzWijniWc0LyRsum03MxZ6E7UVIInCTjdXTalnO8wColwIx5
+FV4nTMxdsKKgnIXmLexBdd03bW9TkowWf2C2XfDN+pDS8X3MzO6zAyogqJhAiBFj
+nRzkOw0cw1VTL00o8uiWdMeu7OKOKeQbUilMAn4MweKB57mc582kjeGmwdZgWFA4
+BJ2eiH7HwjxiynwMdZwQEBdOTNLbggHk3/mScF8U1KcJhjAFf7Ne+Z0feG/8GgKl
+5aj3ucl821+dfpzB79lLo+kmd1qkDyDiUR5yN6P8l8k6IAUJz2KUe0BjtO6VFFw0
+xni05dkrXdfo7IO79ictHmEn+g3QO8ZLUGRwdtZ1cMhTkm7FhH8Bdby0y4Soqluv
+Hbri++cC91i1I3a92kHi/8O45rnLhVt+sOfxY1QnSIYh5OFwGMqMCNDTEL7ESiFa
+FhSXkmzzVntlyvOBMlgz3IGh2hA=
+=TM0e
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/test-release-public-key b/test-release-public-key
new file mode 100644
index 0000000..a4afa01
--- /dev/null
+++ b/test-release-public-key
@@ -0,0 +1,32 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v1
+
+mQENBFM4adMBCADDTxhfWayeNd99OtOZyzzq5OSR3FeL4mWXWPFwRAwXfJwWuJot
+HTU5dqEega18LyFlR/aGivCj9iUiWuUBJgK8zoRccgp/QxfiFZbY9myZwQRCtQvp
+j/AgSNSsJmtbOvjFNKpaYXDtky1zhGoyit/05CGj1h4floWJhHD8rnuRCABZrwN8
+I3GgHDnPzMMUKacTLCqRR4O6XXn4jCxVHoPQYk9lzINcKG32tgVQLl9qPNSx/twA
+0Y0yf3FcwQr2svhBAYvQk6yhGqDe6PMhj9NHyQJEGZzMfC+z7EK9ZzvbCQIfulu+
+UL/0gsXKiZpZu93Eow1/+0muaa0pfxY6867fABEBAAG0QVNpbW9uIEtlbGxleSAo
+dGVzdCByZWxlYXNlIHNpZ25pbmcga2V5KSA8c2ltb25AdGhla2VsbGV5cy5vcmcu
+dWs+iQE3BBMBCAAhBQJTOGnTAhsDBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJ
+ENP8mkR/fvI0+g0H/j4Y4IUraDCo9FKV15mgelyCyCBsbTvyODMwc83ueALp9Osp
+in2ytYShha2T1LqnrXHCGKogecpNYjVbCKI4x1L6TXOw2IB/x3LBHFu9ycj2w6ml
+bExz35jcDvZg2c/3WNWjZQKewQEZ/8Go/AAcwW2zwv5DwB/30IaPNSTQrvIwuTpr
+Txjxybz64s+IiUDpqMxfPGNzcnWLWZVmUEjxyhGtp8ZPOF72FeVW2FBI8TCnrXXI
+UazVLIMr1aS/QFHi5iExZ2ipeyC2ZZnKruUlFIzWE70922xR97lTU+326xlFzJyv
+zMQjtSvdaZCvGGV9N3Coj7iJT1KhKy1wzVrJzz+IRgQQEQgABgUCUzhqLwAKCRAo
+/IaaKJuCt8ovAJ0fR2hGPR7LpGb8zEpJ1YQM/z6ziACgghldWFdy4i0KQ270UvkY
+zU6eMbqJAhwEEAEIAAYFAlkgZjwACgkQFc3aauGRNaI/WA/+KdJGRtMBX8RQN9yq
+Ltf9p9/aZ+k7P3xgQIwnD12vz32+F/dkl3IBniwrKKjG51M59qXJ3b7/44xyQ9v3
+kc9PhQGRUaNfmGzUeQ5qOovgSvZjlbREQAlGWQmkC+0fMgB7TbmDOVe6/MdGWTAn
+COG192OlGnzCgrIwY9iBnqs8wFYKCfGUGAHL+Oa+MTkUYkpMldEPJ3HkR5/gvLjH
+LHoHHycJZ4xXDCx/KDPTBcj0w/40D5xkQvb1SJ/K4HR4Nd+DewRgkLGBqnceQd+t
+f4SIFBZ2Yik2j3yDbtht5Gi4s41ZV2pjx/EQwXgHqk7eWII1k8hl0uBr4DVt4tLD
+nc6/YfEuseQDv+TMdzenMN2UdHEDOMxAxoY5Vm2w0hGW8C0t/Qcuo67tDoqfpW+K
+smd1GdeAwxpF32y5ITCJw19voZvCGYMpSWBgvZnHhdIyITCqN7fmp67gbDACc78f
+T81ICeGfiHLt1vPpYXD4ZVSlUc6bImdE6/BbvkXVhqS9pZ59vVnyMxQwQmQCNyz5
+/flT2WC95iEjcFE4jZIc4itBRGb+p3Wr56fANy8kJmjD5ulpqsrUOAtzRLiEOvkm
+mekUSwe61xooeWNfUO0zNnwPg6BR3rQYYnOW56cxSwe1BIaDhivwoDXob377fqs2
+z/99c0hz1iAchDiArEHfqlFy+YQ=
+=UI2C
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/tests/tests.yml b/tests/tests.yml
new file mode 100644
index 0000000..31fb8f3
--- /dev/null
+++ b/tests/tests.yml
@@ -0,0 +1,22 @@
+# Tests for NetworkManager
+- hosts: localhost
+  roles:
+  - role: standard-test-basic
+    tags:
+    - classic
+    repositories:
+    - repo: "https://github.com/NetworkManager/NetworkManager-ci"
+      dest: "NetworkManager-ci"
+    tests:
+    - sanity-tests:
+        dir: NetworkManager-ci
+        run: run/osci/run-tests dnsmasq
+    environment:
+      LC_ALL: C.UTF-8
+  - role: standard-test-beakerlib
+    tags:
+    - classic
+    repositories:
+    - repo: "https://github.com/InfrastructureServices/dnsmasq-tests.git"
+      dest: "dnsmasq-tests"
+      fmf_filter: "tier: 1"