rpms/dnsmasq
7
0
Fork 0
Code Issues Pull Requests Releases Activity

RHEL 9.0.0 Alpha bootstrap

Browse Source 
The content of this branch was automatically imported from Fedora ELN
with the following as its source:
https://src.fedoraproject.org/rpms/dnsmasq#9d4a531b209034079edd34dc8b364672a9f6625f
This commit is contained in:
Petr Šabata 2020-10-14 23:43:55 +02:00
parent 388f37f652
commit fa9ecc575b
15 changed files with 1765 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
.gitignore vendored
View File

@ -0,0 +1,36 @@
dnsmasq-2.52.tar.lzma
/dnsmasq-2.58.tar.lzma
/dnsmasq-2.59.tar.lzma
/dnsmasq-2.63.tar.gz
/dnsmasq-2.64.tar.gz
/dnsmasq-2.65.tar.gz
/dnsmasq-2.66rc1.tar.gz
/dnsmasq-2.66rc5.tar.gz
/dnsmasq-2.66.tar.gz
/dnsmasq-2.67test4.tar.gz
/dnsmasq-2.67test7.tar.gz
/dnsmasq-2.67test13.tar.xz
/dnsmasq-2.67test16.tar.xz
/dnsmasq-2.67rc2.tar.xz
/dnsmasq-2.67rc4.tar.xz
/dnsmasq-2.67.tar.xz
/dnsmasq-2.68rc3.tar.xz
/dnsmasq-2.68.tar.xz
/dnsmasq-2.69rc1.tar.xz
/dnsmasq-2.69.tar.xz
/dnsmasq-2.70.tar.xz
/dnsmasq-2.71.tar.xz
/dnsmasq-2.72.tar.xz
/dnsmasq-2.75.tar.xz
/dnsmasq-2.76.tar.xz
/dnsmasq-2.77rc2.tar.xz
/dnsmasq-2.77.tar.xz
/dnsmasq-2.78.tar.xz
/dnsmasq-2.79.tar.xz
/dnsmasq-2.80.tar.xz
/dnsmasq-2.81rc3.tar.xz
/dnsmasq-2.81rc3.tar.xz.asc
/dnsmasq-2.81.tar.xz
/dnsmasq-2.81.tar.xz.asc
/dnsmasq-2.82.tar.xz
/dnsmasq-2.82.tar.xz.asc

64
dnsmasq-2.77-underflow.patch Normal file
View File

@ -0,0 +1,64 @@
From 684bede049a006a0a47ce88f017ada9f73bf4430 Mon Sep 17 00:00:00 2001
From: Doran Moppert <dmoppert@redhat.com>
Date: Tue, 26 Sep 2017 14:48:20 +0930
Subject: [PATCH] google patch hand-applied
---
src/edns0.c | 10 +++++-----
src/forward.c | 4 ++++
src/rfc1035.c | 3 +++
3 files changed, 12 insertions(+), 5 deletions(-)
diff --git a/src/edns0.c b/src/edns0.c
index d75d3cc..7d8cf7f 100644
--- a/src/edns0.c
+++ b/src/edns0.c
@@ -212,11 +212,11 @@ size_t add_pseudoheader(struct dns_header *header, size_t plen, unsigned char *l
/* Copy back any options */
if (buff)
{
- if (p + rdlen > limit)
- {
- free(buff);
- return plen; /* Too big */
- }
+ if (p + rdlen > limit)
+ {
+ free(buff);
+ return plen; /* Too big */
+ }
memcpy(p, buff, rdlen);
free(buff);
p += rdlen;
diff --git a/src/forward.c b/src/forward.c
index ed9c8f6..77059ed 100644
--- a/src/forward.c
+++ b/src/forward.c
@@ -1542,6 +1542,10 @@ void receive_query(struct listener *listen, time_t now)
udp_size = PACKETSZ; /* Sanity check - can't reduce below default. RFC 6891 6.2.3 */
}
+ // Make sure the udp size is not smaller than the incoming message so that we
+ // do not underflow
+ if (udp_size < n) udp_size = n;
+
#ifdef HAVE_AUTH
if (auth_dns)
{
diff --git a/src/rfc1035.c b/src/rfc1035.c
index f1edc45..15041cc 100644
--- a/src/rfc1035.c
+++ b/src/rfc1035.c
@@ -1326,6 +1326,9 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
size_t len;
int rd_bit = (header->hb3 & HB3_RD);
+ // Make sure we do not underflow here too.
+ if (qlen > (limit - ((char *)header))) return 0;
+
/* never answer queries with RD unset, to avoid cache snooping. */
if (ntohs(header->ancount) != 0 ||
ntohs(header->nscount) != 0 ||
--
2.21.1

37
dnsmasq-2.78-fips.patch Normal file
View File

@ -0,0 +1,37 @@
From 7b1cce1d0bdb61c09946978d4bdeb05a3cd4202a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
Date: Fri, 2 Mar 2018 13:17:04 +0100
Subject: [PATCH] Print warning on FIPS machine with dnssec enabled. Dnsmasq
has no proper FIPS 140-2 compliant implementation.
---
src/dnsmasq.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/src/dnsmasq.c b/src/dnsmasq.c
index 480c5f9..5fd229e 100644
--- a/src/dnsmasq.c
+++ b/src/dnsmasq.c
@@ -187,6 +187,7 @@ int main (int argc, char **argv)
if (daemon->cachesize < CACHESIZ)
die(_("cannot reduce cache size from default when DNSSEC enabled"), NULL, EC_BADCONF);
+
#else
die(_("DNSSEC not available: set HAVE_DNSSEC in src/config.h"), NULL, EC_BADCONF);
#endif
@@ -786,7 +787,10 @@ int main (int argc, char **argv)
my_syslog(LOG_INFO, _("DNSSEC validation enabled but all unsigned answers are trusted"));
else
my_syslog(LOG_INFO, _("DNSSEC validation enabled"));
-
+
+ if (access("/etc/system-fips", F_OK) == 0)
+ my_syslog(LOG_WARNING, _("DNSSEC support is not FIPS 140-2 compliant"));
+
daemon->dnssec_no_time_check = option_bool(OPT_DNSSEC_TIME);
if (option_bool(OPT_DNSSEC_TIME) && !daemon->back_to_the_future)
my_syslog(LOG_INFO, _("DNSSEC signature timestamps not checked until receipt of SIGINT"));
--
2.14.4

59
dnsmasq-2.80-SIOCGSTAMP.patch Normal file
View File

@ -0,0 +1,59 @@
From 02b6209f8085cbe3443f8623ccdc31f020825507 Mon Sep 17 00:00:00 2001
From: Petr Mensik <pemensik@redhat.com>
Date: Wed, 31 Jul 2019 20:35:35 +0200
Subject: [PATCH] Recent kernel no longer supports SIOCGSTAMP
Build without it defined by kernel headers. Do not try SO_TIMESTAMP
until fixed properly.
---
src/dhcp.c | 30 +++++++++++++++++-------------
1 file changed, 17 insertions(+), 13 deletions(-)
diff --git a/src/dhcp.c b/src/dhcp.c
index bea4688..13373ae 100644
--- a/src/dhcp.c
+++ b/src/dhcp.c
@@ -178,23 +178,27 @@ void dhcp_packet(time_t now, int pxe_fd)
(sz < (ssize_t)(sizeof(*mess) - sizeof(mess->options))))
return;
- #if defined (HAVE_LINUX_NETWORK)
+#if defined (HAVE_LINUX_NETWORK)
+#ifdef SIOCGSTAMP
if (ioctl(fd, SIOCGSTAMP, &tv) == 0)
recvtime = tv.tv_sec;
+#endif
if (msg.msg_controllen >= sizeof(struct cmsghdr))
- for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr))
- if (cmptr->cmsg_level == IPPROTO_IP && cmptr->cmsg_type == IP_PKTINFO)
- {
- union {
- unsigned char *c;
- struct in_pktinfo *p;
- } p;
- p.c = CMSG_DATA(cmptr);
- iface_index = p.p->ipi_ifindex;
- if (p.p->ipi_addr.s_addr != INADDR_BROADCAST)
- unicast_dest = 1;
- }
+ {
+ for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr))
+ if (cmptr->cmsg_level == IPPROTO_IP && cmptr->cmsg_type == IP_PKTINFO)
+ {
+ union {
+ unsigned char *c;
+ struct in_pktinfo *p;
+ } p;
+ p.c = CMSG_DATA(cmptr);
+ iface_index = p.p->ipi_ifindex;
+ if (p.p->ipi_addr.s_addr != INADDR_BROADCAST)
+ unicast_dest = 1;
+ }
+ }
#elif defined(HAVE_BSD_NETWORK)
if (msg.msg_controllen >= sizeof(struct cmsghdr))
--
2.26.2

536
dnsmasq-2.80-rh1728701.patch Normal file
View File

@ -0,0 +1,536 @@
From d571d74b63382f52572f2b060c8caf867dea76dc Mon Sep 17 00:00:00 2001
From: Petr Mensik <pemensik@redhat.com>
Date: Wed, 31 Jul 2019 17:23:45 +0200
Subject: [PATCH] Fix TCP listener after interface is recreated
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Squashed commit of the following:
commit 023433cad60a47bf83037cd8f8d403d1086163e0
Author: Petr Menšík <pemensik@redhat.com>
Date: Mon Jul 15 17:16:44 2019 +0200
Remove duplicate address family from listener
Since address already contain family, remove separate family from
listener. Use now family from address itself.
commit d9b9235139b15a953ba9220e1d33a62d853f4e73
Author: Petr Menšík <pemensik@redhat.com>
Date: Mon Jul 15 17:13:12 2019 +0200
Handle listening on duplicate addresses
Save listening address into listener. Use it to find existing listeners
before creating new one. If it exist, increase just used counter.
Release only listeners not already used.
Duplicates family in listener.
commit a9836313966ecb0689c52bbc4ddbc7a78f7bb677
Author: Petr Mensik <pemensik@redhat.com>
Date: Tue Jul 9 14:05:59 2019 +0200
Cleanup interfaces no longer available
Clean addresses and interfaces not found after enumerate. Free unused
records to speed up checking active interfaces and reduce used memory.
commit 1474c5146b6278fc61df385a8e08b23ccc11b1ab
Author: Petr Mensik <pemensik@redhat.com>
Date: Wed Jul 3 17:02:16 2019 +0200
Compare address and interface index for allowed interface
If interface is recreated with the same address but different index, it
would not change any other parameter.
Test also address family on incoming TCP queries.
commit 94b2f5d33e043652a00b8c70e573994925cd26fe
Author: Petr Mensik <pemensik@redhat.com>
Date: Thu Jul 4 20:28:08 2019 +0200
Log listening on new interfaces
Log in debug mode listening on interfaces. They can be dynamically
found, include interface number, since it is checked on TCP connections.
Print also addresses found on them.
---
src/dnsmasq.c | 3 +-
src/dnsmasq.h | 3 +-
src/forward.c | 27 +++++-----
src/network.c | 147 +++++++++++++++++++++++++++++++++++++++++---------
src/tftp.c | 29 +++++-----
5 files changed, 155 insertions(+), 54 deletions(-)
diff --git a/src/dnsmasq.c b/src/dnsmasq.c
index 769e063..4755125 100644
--- a/src/dnsmasq.c
+++ b/src/dnsmasq.c
@@ -1820,7 +1820,8 @@ static void check_dns_listeners(time_t now)
addr.addr4 = tcp_addr.in.sin_addr;
for (iface = daemon->interfaces; iface; iface = iface->next)
- if (iface->index == if_index)
+ if (iface->index == if_index &&
+ iface->addr.sa.sa_family == tcp_addr.sa.sa_family)
break;
if (!iface && !loopback_exception(listener->tcpfd, tcp_addr.sa.sa_family, &addr, intr_name))
diff --git a/src/dnsmasq.h b/src/dnsmasq.h
index c46bfeb..17b5f4e 100644
--- a/src/dnsmasq.h
+++ b/src/dnsmasq.h
@@ -569,7 +569,8 @@ struct irec {
};
struct listener {
- int fd, tcpfd, tftpfd, family;
+ int fd, tcpfd, tftpfd, used;
+ union mysockaddr addr;
struct irec *iface; /* only sometimes valid for non-wildcard */
struct listener *next;
};
diff --git a/src/forward.c b/src/forward.c
index 77059ed..043c2e2 100644
--- a/src/forward.c
+++ b/src/forward.c
@@ -1279,8 +1279,9 @@ void receive_query(struct listener *listen, time_t now)
CMSG_SPACE(sizeof(struct sockaddr_dl))];
#endif
} control_u;
+ int family = listen->addr.sa.sa_family;
/* Can always get recvd interface for IPv6 */
- int check_dst = !option_bool(OPT_NOWILD) || listen->family == AF_INET6;
+ int check_dst = !option_bool(OPT_NOWILD) || family == AF_INET6;
/* packet buffer overwritten */
daemon->srv_save = NULL;
@@ -1292,7 +1293,7 @@ void receive_query(struct listener *listen, time_t now)
{
auth_dns = listen->iface->dns_auth;
- if (listen->family == AF_INET)
+ if (family == AF_INET)
{
dst_addr_4 = dst_addr.addr4 = listen->iface->addr.in.sin_addr;
netmask = listen->iface->netmask;
@@ -1322,9 +1323,9 @@ void receive_query(struct listener *listen, time_t now)
information disclosure. */
memset(daemon->packet + n, 0, daemon->edns_pktsz - n);
- source_addr.sa.sa_family = listen->family;
+ source_addr.sa.sa_family = family;
- if (listen->family == AF_INET)
+ if (family == AF_INET)
{
/* Source-port == 0 is an error, we can't send back to that.
http://www.ietf.org/mail-archive/web/dnsop/current/msg11441.html */
@@ -1344,7 +1345,7 @@ void receive_query(struct listener *listen, time_t now)
{
struct addrlist *addr;
- if (listen->family == AF_INET6)
+ if (family == AF_INET6)
{
for (addr = daemon->interface_addrs; addr; addr = addr->next)
if ((addr->flags & ADDRLIST_IPV6) &&
@@ -1382,7 +1383,7 @@ void receive_query(struct listener *listen, time_t now)
return;
#if defined(HAVE_LINUX_NETWORK)
- if (listen->family == AF_INET)
+ if (family == AF_INET)
for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr))
if (cmptr->cmsg_level == IPPROTO_IP && cmptr->cmsg_type == IP_PKTINFO)
{
@@ -1395,7 +1396,7 @@ void receive_query(struct listener *listen, time_t now)
if_index = p.p->ipi_ifindex;
}
#elif defined(IP_RECVDSTADDR) && defined(IP_RECVIF)
- if (listen->family == AF_INET)
+ if (family == AF_INET)
{
for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr))
{
@@ -1420,7 +1421,7 @@ void receive_query(struct listener *listen, time_t now)
}
#endif
- if (listen->family == AF_INET6)
+ if (family == AF_INET6)
{
for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr))
if (cmptr->cmsg_level == IPPROTO_IPV6 && cmptr->cmsg_type == daemon->v6pktinfo)
@@ -1441,16 +1442,16 @@ void receive_query(struct listener *listen, time_t now)
if (!indextoname(listen->fd, if_index, ifr.ifr_name))
return;
- if (!iface_check(listen->family, &dst_addr, ifr.ifr_name, &auth_dns))
+ if (!iface_check(family, &dst_addr, ifr.ifr_name, &auth_dns))
{
if (!option_bool(OPT_CLEVERBIND))
enumerate_interfaces(0);
- if (!loopback_exception(listen->fd, listen->family, &dst_addr, ifr.ifr_name) &&
- !label_exception(if_index, listen->family, &dst_addr))
+ if (!loopback_exception(listen->fd, family, &dst_addr, ifr.ifr_name) &&
+ !label_exception(if_index, family, &dst_addr))
return;
}
- if (listen->family == AF_INET && option_bool(OPT_LOCALISE))
+ if (family == AF_INET && option_bool(OPT_LOCALISE))
{
struct irec *iface;
@@ -1495,7 +1496,7 @@ void receive_query(struct listener *listen, time_t now)
#endif
char *types = querystr(auth_dns ? "auth" : "query", type);
- if (listen->family == AF_INET)
+ if (family == AF_INET)
log_query(F_QUERY | F_IPV4 | F_FORWARD, daemon->namebuff,
(union all_addr *)&source_addr.in.sin_addr, types);
else
diff --git a/src/network.c b/src/network.c
index 881d823..8c4b3bb 100644
--- a/src/network.c
+++ b/src/network.c
@@ -388,10 +388,11 @@ static int iface_allowed(struct iface_param *param, int if_index, char *label,
/* check whether the interface IP has been added already
we call this routine multiple times. */
for (iface = daemon->interfaces; iface; iface = iface->next)
- if (sockaddr_isequal(&iface->addr, addr))
+ if (sockaddr_isequal(&iface->addr, addr) && iface->index == if_index)
{
iface->dad = !!(iface_flags & IFACE_TENTATIVE);
iface->found = 1; /* for garbage collection */
+ iface->netmask = netmask;
return 1;
}
@@ -532,7 +533,82 @@ static int iface_allowed_v4(struct in_addr local, int if_index, char *label,
return iface_allowed((struct iface_param *)vparam, if_index, label, &addr, netmask, prefix, 0);
}
-
+
+/*
+ * Clean old interfaces no longer found.
+ */
+static void clean_interfaces()
+{
+ struct irec *iface;
+ struct irec **up = &daemon->interfaces;
+
+ for (iface = *up; iface; iface = *up)
+ {
+ if (!iface->found && !iface->done)
+ {
+ *up = iface->next;
+ free(iface->name);
+ free(iface);
+ }
+ else
+ {
+ up = &iface->next;
+ }
+ }
+}
+
+/** Release listener if no other interface needs it.
+ *
+ * @return 1 if released, 0 if still required
+ */
+static int release_listener(struct listener *l)
+{
+ if (l->used > 1)
+ {
+ struct irec *iface;
+ for (iface = daemon->interfaces; iface; iface = iface->next)
+ if (iface->done && sockaddr_isequal(&l->addr, &iface->addr))
+ {
+ if (iface->found)
+ {
+ /* update listener to point to active interface instead */
+ if (!l->iface->found)
+ l->iface = iface;
+ }
+ else
+ {
+ l->used--;
+ iface->done = 0;
+ }
+ }
+
+ /* Someone is still using this listener, skip its deletion */
+ if (l->used > 0)
+ return 0;
+ }
+
+ if (l->iface->done)
+ {
+ int port;
+
+ port = prettyprint_addr(&l->iface->addr, daemon->addrbuff);
+ my_syslog(LOG_DEBUG, _("stopped listening on %s(#%d): %s port %d"),
+ l->iface->name, l->iface->index, daemon->addrbuff, port);
+ /* In case it ever returns */
+ l->iface->done = 0;
+ }
+
+ if (l->fd != -1)
+ close(l->fd);
+ if (l->tcpfd != -1)
+ close(l->tcpfd);
+ if (l->tftpfd != -1)
+ close(l->tftpfd);
+
+ free(l);
+ return 1;
+}
+
int enumerate_interfaces(int reset)
{
static struct addrlist *spare = NULL;
@@ -630,6 +706,7 @@ int enumerate_interfaces(int reset)
in OPT_CLEVERBIND mode, that at listener will just disappear after
a call to enumerate_interfaces, this is checked OK on all calls. */
struct listener *l, *tmp, **up;
+ int freed = 0;
for (up = &daemon->listeners, l = daemon->listeners; l; l = tmp)
{
@@ -637,25 +714,17 @@ int enumerate_interfaces(int reset)
if (!l->iface || l->iface->found)
up = &l->next;
- else
+ else if (release_listener(l))
{
- *up = l->next;
-
- /* In case it ever returns */
- l->iface->done = 0;
-
- if (l->fd != -1)
- close(l->fd);
- if (l->tcpfd != -1)
- close(l->tcpfd);
- if (l->tftpfd != -1)
- close(l->tftpfd);
-
- free(l);
+ *up = tmp;
+ freed = 1;
}
}
+
+ if (freed)
+ clean_interfaces();
}
-
+
errno = errsave;
spare = param.spare;
@@ -893,10 +962,11 @@ static struct listener *create_listeners(union mysockaddr *addr, int do_tftp, in
{
l = safe_malloc(sizeof(struct listener));
l->next = NULL;
- l->family = addr->sa.sa_family;
l->fd = fd;
l->tcpfd = tcpfd;
- l->tftpfd = tftpfd;
+ l->tftpfd = tftpfd;
+ l->addr = *addr;
+ l->used = 1;
l->iface = NULL;
}
@@ -935,20 +1005,43 @@ void create_wildcard_listeners(void)
daemon->listeners = l;
}
+static struct listener *find_listener(union mysockaddr *addr)
+{
+ struct listener *l;
+ for (l = daemon->listeners; l; l = l->next)
+ if (sockaddr_isequal(&l->addr, addr))
+ return l;
+ return NULL;
+}
+
void create_bound_listeners(int dienow)
{
struct listener *new;
struct irec *iface;
struct iname *if_tmp;
+ struct listener *existing;
for (iface = daemon->interfaces; iface; iface = iface->next)
- if (!iface->done && !iface->dad && iface->found &&
- (new = create_listeners(&iface->addr, iface->tftp_ok, dienow)))
+ if (!iface->done && !iface->dad && iface->found)
{
- new->iface = iface;
- new->next = daemon->listeners;
- daemon->listeners = new;
- iface->done = 1;
+ existing = find_listener(&iface->addr);
+ if (existing)
+ {
+ iface->done = 1;
+ existing->used++; /* increase usage counter */
+ }
+ else if ((new = create_listeners(&iface->addr, iface->tftp_ok, dienow)))
+ {
+ int port;
+
+ new->iface = iface;
+ new->next = daemon->listeners;
+ daemon->listeners = new;
+ iface->done = 1;
+ port = prettyprint_addr(&iface->addr, daemon->addrbuff);
+ my_syslog(LOG_DEBUG, _("listening on %s(#%d): %s port %d"),
+ iface->name, iface->index, daemon->addrbuff, port);
+ }
}
/* Check for --listen-address options that haven't been used because there's
@@ -966,8 +1059,12 @@ void create_bound_listeners(int dienow)
if (!if_tmp->used &&
(new = create_listeners(&if_tmp->addr, !!option_bool(OPT_TFTP), dienow)))
{
+ int port;
+
new->next = daemon->listeners;
daemon->listeners = new;
+ port = prettyprint_addr(&if_tmp->addr, daemon->addrbuff);
+ my_syslog(LOG_DEBUG, _("listening on %s port %d"), daemon->addrbuff, port);
}
}
diff --git a/src/tftp.c b/src/tftp.c
index 4c18577..fdd2855 100644
--- a/src/tftp.c
+++ b/src/tftp.c
@@ -61,8 +61,9 @@ void tftp_request(struct listener *listen, time_t now)
char *prefix = daemon->tftp_prefix;
struct tftp_prefix *pref;
union all_addr addra;
+ int family = listen->addr.sa.sa_family;
/* Can always get recvd interface for IPv6 */
- int check_dest = !option_bool(OPT_NOWILD) || listen->family == AF_INET6;
+ int check_dest = !option_bool(OPT_NOWILD) || family == AF_INET6;
union {
struct cmsghdr align; /* this ensures alignment */
char control6[CMSG_SPACE(sizeof(struct in6_pktinfo))];
@@ -121,10 +122,10 @@ void tftp_request(struct listener *listen, time_t now)
if (msg.msg_controllen < sizeof(struct cmsghdr))
return;
- addr.sa.sa_family = listen->family;
+ addr.sa.sa_family = family;
#if defined(HAVE_LINUX_NETWORK)
- if (listen->family == AF_INET)
+ if (family == AF_INET)
for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr))
if (cmptr->cmsg_level == IPPROTO_IP && cmptr->cmsg_type == IP_PKTINFO)
{
@@ -138,7 +139,7 @@ void tftp_request(struct listener *listen, time_t now)
}
#elif defined(HAVE_SOLARIS_NETWORK)
- if (listen->family == AF_INET)
+ if (family == AF_INET)
for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr))
{
union {
@@ -154,7 +155,7 @@ void tftp_request(struct listener *listen, time_t now)
}
#elif defined(IP_RECVDSTADDR) && defined(IP_RECVIF)
- if (listen->family == AF_INET)
+ if (family == AF_INET)
for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr))
{
union {
@@ -171,7 +172,7 @@ void tftp_request(struct listener *listen, time_t now)
#endif
- if (listen->family == AF_INET6)
+ if (family == AF_INET6)
{
for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr))
if (cmptr->cmsg_level == IPPROTO_IPV6 && cmptr->cmsg_type == daemon->v6pktinfo)
@@ -194,7 +195,7 @@ void tftp_request(struct listener *listen, time_t now)
addra.addr4 = addr.in.sin_addr;
- if (listen->family == AF_INET6)
+ if (family == AF_INET6)
addra.addr6 = addr.in6.sin6_addr;
if (daemon->tftp_interfaces)
@@ -210,12 +211,12 @@ void tftp_request(struct listener *listen, time_t now)
else
{
/* Do the same as DHCP */
- if (!iface_check(listen->family, &addra, name, NULL))
+ if (!iface_check(family, &addra, name, NULL))
{
if (!option_bool(OPT_CLEVERBIND))
enumerate_interfaces(0);
- if (!loopback_exception(listen->tftpfd, listen->family, &addra, name) &&
- !label_exception(if_index, listen->family, &addra))
+ if (!loopback_exception(listen->tftpfd, family, &addra, name) &&
+ !label_exception(if_index, family, &addra))
return;
}
@@ -281,7 +282,7 @@ void tftp_request(struct listener *listen, time_t now)
prefix = pref->prefix;
}
- if (listen->family == AF_INET)
+ if (family == AF_INET)
{
addr.in.sin_port = htons(port);
#ifdef HAVE_SOCKADDR_SA_LEN
@@ -304,7 +305,7 @@ void tftp_request(struct listener *listen, time_t now)
if (option_bool(OPT_SINGLE_PORT))
transfer->sockfd = listen->tftpfd;
- else if ((transfer->sockfd = socket(listen->family, SOCK_DGRAM, 0)) == -1)
+ else if ((transfer->sockfd = socket(family, SOCK_DGRAM, 0)) == -1)
{
free(transfer);
return;
@@ -337,7 +338,7 @@ void tftp_request(struct listener *listen, time_t now)
{
if (++port <= daemon->end_tftp_port)
{
- if (listen->family == AF_INET)
+ if (family == AF_INET)
addr.in.sin_port = htons(port);
else
addr.in6.sin6_port = htons(port);
@@ -375,7 +376,7 @@ void tftp_request(struct listener *listen, time_t now)
if ((opt = next(&p, end)) && !option_bool(OPT_TFTP_NOBLOCK))
{
/* 32 bytes for IP, UDP and TFTP headers, 52 bytes for IPv6 */
- int overhead = (listen->family == AF_INET) ? 32 : 52;
+ int overhead = (family == AF_INET) ? 32 : 52;
transfer->blocksize = atoi(opt);
if (transfer->blocksize < 1)
transfer->blocksize = 1;
--
2.21.1

92
dnsmasq-2.81-configuration.patch Normal file
View File

@ -0,0 +1,92 @@
From 3a593d133f91c5126105efd03246b3f61f103dd4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
Date: Tue, 30 Jun 2020 18:06:29 +0200
Subject: [PATCH] Modify upstream configuration to safe defaults
Most important change would be to listen only on localhost. Default
configuration should not listen to request from remote hosts. Match also
user and paths to directories shipped in Fedora.
---
dnsmasq.conf.example | 24 +++++++++++++++++++-----
1 file changed, 19 insertions(+), 5 deletions(-)
diff --git a/dnsmasq.conf.example b/dnsmasq.conf.example
index bf19424..36fba33 100644
--- a/dnsmasq.conf.example
+++ b/dnsmasq.conf.example
@@ -22,7 +22,7 @@
# Uncomment these to enable DNSSEC validation and caching:
# (Requires dnsmasq to be built with DNSSEC option.)
-#conf-file=%%PREFIX%%/share/dnsmasq/trust-anchors.conf
+#conf-file=/usr/share/dnsmasq/trust-anchors.conf
#dnssec
# Replies which are not DNSSEC signed may be legitimate, because the domain
@@ -96,14 +96,16 @@
# If you want dnsmasq to change uid and gid to something other
# than the default, edit the following lines.
-#user=
-#group=
+user=dnsmasq
+group=dnsmasq
# If you want dnsmasq to listen for DHCP and DNS requests only on
# specified interfaces (and the loopback) give the name of the
# interface (eg eth0) here.
# Repeat the line for more than one interface.
#interface=
+# Listen only on localhost by default
+interface=lo
# Or you can specify which interface _not_ to listen on
#except-interface=
# Or which to listen on by address (remember to include 127.0.0.1 if
@@ -114,6 +116,10 @@
# disable DHCP and TFTP on it.
#no-dhcp-interface=
+# Serve DNS and DHCP only to networks directly connected to this machine.
+# Any interface= line will override it.
+#local-service
+
# On systems which support it, dnsmasq binds the wildcard address,
# even when it is listening on only some interfaces. It then discards
# requests that it shouldn't reply to. This has the advantage of
@@ -121,7 +127,11 @@
# want dnsmasq to really bind only the interfaces it is listening on,
# uncomment this option. About the only time you may need this is when
# running another nameserver on the same machine.
-#bind-interfaces
+#
+# To listen only on localhost and do not receive packets on other
+# interfaces, bind only to lo device. Comment out to bind on single
+# wildcard socket.
+bind-interfaces
# If you don't want dnsmasq to read /etc/hosts, uncomment the
# following line.
@@ -535,7 +545,7 @@
# The DHCP server needs somewhere on disk to keep its lease database.
# This defaults to a sane location, but if you want to change it, use
# the line below.
-#dhcp-leasefile=/var/lib/misc/dnsmasq.leases
+#dhcp-leasefile=/var/lib/dnsmasq/dnsmasq.leases
# Set the DHCP server to authoritative mode. In this mode it will barge in
# and take over the lease for any client which broadcasts on the network,
@@ -673,7 +683,11 @@
# Include all files in a directory which end in .conf
#conf-dir=/etc/dnsmasq.d/,*.conf
+# Include all files in /etc/dnsmasq.d except RPM backup files
+conf-dir=/etc/dnsmasq.d,.rpmnew,.rpmsave,.rpmorig
+
# If a DHCP client claims that its name is "wpad", ignore that.
# This fixes a security hole. see CERT Vulnerability VU#598349
#dhcp-name-match=set:wpad-ignore,wpad
#dhcp-ignore-names=tag:wpad-ignore
+
--
2.26.2

62
dnsmasq-2.81-rh1834454.patch Normal file
View File

@ -0,0 +1,62 @@
From 3d113137fd64cd0723cbecab6a36a75d3ecfb0a6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Harald=20Jens=C3=A5s?= <hjensas@redhat.com>
Date: Thu, 7 May 2020 00:33:54 +0200
Subject: [PATCH 1/1] Fix regression in s_config_in_context() method
Prior to commit 137286e9baecf6a3ba97722ef1b49c851b531810
a config would not be considered in context if:
a) it has no address family flags set
b) it has the address family flag of current context set
Since above commit config is considered in context if the
address family is the opposite of current context.
The result is that a config with two dhcp-host records,
one for IPv6 and another for IPv4 no longer works, for
example with the below config the config with the IPv6
address would be considered in context for a DHCP(v4)
request.
dhcp-host=52:54:00:bc:c3:fd,172.20.0.11,host2
dhcp-host=52:54:00:bc:c3:fd,[fd12:3456:789a:1::aadd],host2
This commit restores the previous behavior.
---
src/dhcp-common.c | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/src/dhcp-common.c b/src/dhcp-common.c
index eae9886..ffc78ca 100644
--- a/src/dhcp-common.c
+++ b/src/dhcp-common.c
@@ -280,14 +280,18 @@ static int is_config_in_context(struct dhcp_context *context, struct dhcp_config
{
if (!context) /* called via find_config() from lease_update_from_configs() */
return 1;
-
+
+ /* No address present in config == in context */
+ if (!(config->flags & (CONFIG_ADDR | CONFIG_ADDR6)))
+ return 1;
+
#ifdef HAVE_DHCP6
if (context->flags & CONTEXT_V6)
{
struct addrlist *addr_list;
if (!(config->flags & CONFIG_ADDR6))
- return 1;
+ return 0;
for (; context; context = context->current)
for (addr_list = config->addr6; addr_list; addr_list = addr_list->next)
@@ -303,7 +307,7 @@ static int is_config_in_context(struct dhcp_context *context, struct dhcp_config
#endif
{
if (!(config->flags & CONFIG_ADDR))
- return 1;
+ return 0;
for (; context; context = context->current)
if ((config->flags & CONFIG_ADDR) && is_same_net(config->addr, context->start, context->netmask))
--
2.25.4

1
dnsmasq-systemd-sysusers.conf Normal file
View File

@ -0,0 +1 @@
u dnsmasq - "Dnsmasq DHCP and DNS server" /var/lib/dnsmasq

9
dnsmasq.service Normal file
View File

@ -0,0 +1,9 @@
[Unit]
Description=DNS caching server.
After=network.target
[Service]
ExecStart=/usr/sbin/dnsmasq -k
[Install]
WantedBy=multi-user.target

690
dnsmasq.spec Normal file
View File

@ -0,0 +1,690 @@
%define testrelease 0
%define releasecandidate 0
%if 0%{testrelease}
%define extrapath test-releases/
%define extraversion test%{testrelease}
%endif
%if 0%{releasecandidate}
%define extrapath release-candidates/
%define extraversion rc%{releasecandidate}
%endif
%define _hardened_build 1
# path to upstream git repository
%global git_upstream git://thekelleys.org.uk/dnsmasq.git
# tag of selected version
%global gittag v%{version}%{?extraversion}
# Attempt to prepare source-git with downstream repos
%bcond_with sourcegit
Name: dnsmasq
Version: 2.82
Release: 4%{?extraversion:.%{extraversion}}%{?dist}
Summary: A lightweight DHCP/caching DNS server
License: GPLv2 or GPLv3
URL: http://www.thekelleys.org.uk/dnsmasq/
Source0: %{url}%{?extrapath}%{name}-%{version}%{?extraversion}.tar.xz
Source1: %{name}.service
Source2: dnsmasq-systemd-sysusers.conf
Source3: %{url}%{?extrapath}%{name}-%{version}%{?extraversion}.tar.xz.asc
# GPG public key
%if 0%{?testrelease} || 0%{?releasecandidate}
Source4: %{url}%{?extrapath}test-release-public-key
%else
Source4: http://www.thekelleys.org.uk/srkgpg.txt
%endif
# https://bugzilla.redhat.com/show_bug.cgi?id=1495409
Patch1: dnsmasq-2.77-underflow.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1852373
Patch2: dnsmasq-2.81-configuration.patch
Patch3: dnsmasq-2.78-fips.patch
Patch9: dnsmasq-2.80-SIOCGSTAMP.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1834454
Patch17: dnsmasq-2.81-rh1834454.patch
# This is workaround to nettle bug #1549190
# https://bugzilla.redhat.com/show_bug.cgi?id=1549190
Requires: nettle >= 3.4
BuildRequires: dbus-devel
BuildRequires: pkgconfig
BuildRequires: libidn2-devel
BuildRequires: nettle-devel
Buildrequires: gcc
BuildRequires: gnupg2
BuildRequires: systemd
%{?systemd_requires}
%if %{with sourcegit}
BuildRequires: git-core
%endif
%description
Dnsmasq is lightweight, easy to configure DNS forwarder and DHCP server.
It is designed to provide DNS and, optionally, DHCP, to a small network.
It can serve the names of local machines which are not in the global
DNS. The DHCP server integrates with the DNS server and allows machines
with DHCP-allocated addresses to appear in the DNS with names configured
either in each host or in a central configuration file. Dnsmasq supports
static and dynamic DHCP leases and BOOTP for network booting of diskless
machines.
%package utils
Summary: Utilities for manipulating DHCP server leases
%description utils
Utilities that use the standard DHCP protocol to query/remove a DHCP
server's leases.
%prep
%if 0%{?gpgverify:1}
%gpgverify -k 4 -s 3 -d 0
%endif
%if %{with sourcegit}
%autosetup -n %{name}-%{version}%{?extraversion} -N -S git_am
# If preparing with sourcegit, drop again source directory
# and clone git repository
# FIXME: deleting just unpacked sources is dangerous
# But using %%setup changes used directories in %%build and %%install
rm -rf %{_builddir}/%{name}-%{version}%{?extraversion}
cd %{_builddir}
git clone -b %{gittag} %{git_upstream} %{name}-%{version}%{?extraversion}
cd %{name}-%{version}%{?extraversion}
git checkout -b rpmbuild
%else
%autosetup -n %{name}-%{version}%{?extraversion} -N
%endif
# Apply patches on top
%autopatch -p1
# use /var/lib/dnsmasq instead of /var/lib/misc
for file in dnsmasq.conf.example man/dnsmasq.8 man/es/dnsmasq.8 src/config.h; do
sed -i 's|/var/lib/misc/dnsmasq.leases|/var/lib/dnsmasq/dnsmasq.leases|g' "$file"
done
#set default user /group in src/config.h
sed -i 's|#define CHUSER "nobody"|#define CHUSER "dnsmasq"|' src/config.h
sed -i 's|#define CHGRP "dip"|#define CHGRP "dnsmasq"|' src/config.h
# optional parts
sed -i 's|^COPTS[[:space:]]*=|\0 -DHAVE_DBUS -DHAVE_LIBIDN2 -DHAVE_DNSSEC|' Makefile
%build
%make_build CFLAGS="$RPM_OPT_FLAGS" LDFLAGS="$RPM_LD_FLAGS"
%make_build -C contrib/lease-tools CFLAGS="$RPM_OPT_FLAGS" LDFLAGS="$RPM_LD_FLAGS"
%install
# normally i'd do 'make install'...it's a bit messy, though
mkdir -p $RPM_BUILD_ROOT%{_sbindir} \
$RPM_BUILD_ROOT%{_mandir}/man8 \
$RPM_BUILD_ROOT%{_var}/lib/dnsmasq \
$RPM_BUILD_ROOT%{_sysconfdir}/dnsmasq.d \
$RPM_BUILD_ROOT%{_sysconfdir}/dbus-1/system.d
install src/dnsmasq $RPM_BUILD_ROOT%{_sbindir}/dnsmasq
install dnsmasq.conf.example $RPM_BUILD_ROOT%{_sysconfdir}/dnsmasq.conf
install dbus/dnsmasq.conf $RPM_BUILD_ROOT%{_sysconfdir}/dbus-1/system.d/
install -m 644 man/dnsmasq.8 $RPM_BUILD_ROOT%{_mandir}/man8/
install -D trust-anchors.conf $RPM_BUILD_ROOT%{_datadir}/%{name}/trust-anchors.conf
# utils sub package
mkdir -p $RPM_BUILD_ROOT%{_bindir} \
$RPM_BUILD_ROOT%{_mandir}/man1
install -m 755 contrib/lease-tools/dhcp_release $RPM_BUILD_ROOT%{_bindir}/dhcp_release
install -m 644 contrib/lease-tools/dhcp_release.1 $RPM_BUILD_ROOT%{_mandir}/man1/dhcp_release.1
install -m 755 contrib/lease-tools/dhcp_release6 $RPM_BUILD_ROOT%{_bindir}/dhcp_release6
install -m 644 contrib/lease-tools/dhcp_release6.1 $RPM_BUILD_ROOT%{_mandir}/man1/dhcp_release6.1
install -m 755 contrib/lease-tools/dhcp_lease_time $RPM_BUILD_ROOT%{_bindir}/dhcp_lease_time
install -m 644 contrib/lease-tools/dhcp_lease_time.1 $RPM_BUILD_ROOT%{_mandir}/man1/dhcp_lease_time.1
# Systemd
mkdir -p %{buildroot}%{_unitdir}
install -m644 %{SOURCE1} %{buildroot}%{_unitdir}
rm -rf %{buildroot}%{_initrddir}
#install systemd sysuser file
install -Dpm 644 %{SOURCE2} %{buildroot}%{_sysusersdir}/%{name}.conf
%pre
#precreate users so that rpm can install files owned by that user
%sysusers_create_package %{name} %{SOURCE2}
%post
%systemd_post dnsmasq.service
%preun
%systemd_preun dnsmasq.service
%postun
%systemd_postun_with_restart dnsmasq.service
%files
%doc CHANGELOG FAQ doc.html setup.html dbus/DBus-interface
%license COPYING COPYING-v3
%defattr(0644,root,dnsmasq,0755)
%config(noreplace) %{_sysconfdir}/dnsmasq.conf
%dir %{_sysconfdir}/dnsmasq.d
%dir %{_var}/lib/dnsmasq
%defattr(-,root,root,-)
%config(noreplace) %{_sysconfdir}/dbus-1/system.d/dnsmasq.conf
%{_unitdir}/%{name}.service
%{_sbindir}/dnsmasq
%{_mandir}/man8/dnsmasq*
%dir %{_datadir}/%{name}
%{_datadir}/%{name}/trust-anchors.conf
%{_sysusersdir}/dnsmasq.conf
%files utils
%license COPYING COPYING-v3
%{_bindir}/dhcp_*
%{_mandir}/man1/dhcp_*
%changelog
* Fri Oct 09 2020 Petr Menšík <pemensik@redhat.com> - 2.82-4
- Remove uninitialized condition from downstream patch
* Wed Sep 30 2020 Petr Menšík <pemensik@redhat.com> - 2.82-3
- Listen only on localhost interface, return port unreachable on all others
(#1852373)
* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.82-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Mon Jul 20 2020 Petr Menšík <pemensik@redhat.com> - 2.82-1
- Update to 2.82
* Tue Jun 30 2020 Petr Menšík <pemensik@redhat.com> - 2.81-4
- Accept queries only from localhost (CVE-2020-14312)
* Mon May 11 2020 Petr Menšík <pemensik@redhat.com> - 2.81-3
- Correct multiple entries with the same mac address (#1834454)
* Thu Apr 16 2020 Petr Menšík <pemensik@redhat.com> - 2.81-2
- Update to 2.81 (#1823139)
* Mon Mar 23 2020 Petr Menšík <pemensik@redhat.com> - 2.81-1.rc3
- Update to 2.81rc3
* Mon Mar 23 2020 Petr Menšík <pemensik@redhat.com> - 2.80-14
- Fix last build breakage of DNS (#1814468)
* Tue Mar 10 2020 Petr Menšík <pemensik@redhat.com> - 2.80-13
- Respond to any local name also withou rd bit set (#1647464)
* Wed Mar 04 2020 Petr Menšík <pemensik@redhat.com> - 2.80-12
- Support multiple static leases for single mac on IPv6 (#1810172)
* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.80-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Wed Aug 28 2019 Petr Menšík <pemensik@redhat.com> - 2.80-10
- Fix CPU intensive RA flood (#1739797)
* Fri Aug 09 2019 Petr Menšík <pemensik@redhat.com> - 2.80-9
- Remove SO_TIMESTAMP support, DHCP was broken (#1739081)
* Wed Jul 31 2019 Petr Menšík <pemensik@redhat.com> - 2.80-8
- Compile with nettle 3.5
- Support missing SIOCGSTAMP ioctl
* Wed Jul 31 2019 Petr Menšík <pemensik@redhat.com> - 2.80-7
- Fix TCP listener after interface recreated (#1728701)
* Wed Jul 24 2019 Petr Menšík <pemensik@redhat.com> - 2.80-6
- Do not return NXDOMAIN on empty non-terminals (#1674067)
* Wed Jul 24 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.80-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Mon Apr 08 2019 Petr Menšík <pemensik@redhat.com> - 2.80-4
- Use more recent macro to create dnsmasq user
* Fri Feb 15 2019 Petr Menšík <pemensik@redhat.com> - 2.80-3
- Apply patches by autosetup
* Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.80-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Mon Aug 20 2018 Petr Menšík <pemensik@redhat.com> - 2.80-1
- Update to 2.80
* Thu Aug 09 2018 Petr Menšík <pemensik@redhat.com> - 2.79-8
- Better randomize ports
* Tue Jul 31 2018 Florian Weimer <fweimer@redhat.com> - 2.79-7
- Rebuild with fixed binutils
* Fri Jul 27 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 2.79-6
- Rebuild for new binutils
* Thu Jul 26 2018 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 2.79-5
- Fix %%pre scriptlet (#1548050)
* Thu Jul 12 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.79-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Mon Jul 02 2018 Petr Menšík <pemensik@redhat.com> - 2.79-3
- Make dnsmasq leases writeable by root again (#1554390)
* Mon Jul 02 2018 Petr Menšík <pemensik@redhat.com> - 2.79-2
- Fix passing of dnssec enabled queries (#1597309)
* Thu Mar 15 2018 Petr Menšík <pemensik@redhat.com> - 2.79-1
- Rebase to 2.79
- Stop using nettle_hashes directly, use access function (#1548060)
- Do not break on cname with spaces (#1498667)
- Require nettle 3.4+
- Do not own sysusers.d directory, already depends on systemd providing it
* Fri Mar 02 2018 Petr Menšík <pemensik@redhat.com> - 2.78-7
- Emit warning with dnssec enabled on FIPS system (#1549507)
* Sun Feb 25 2018 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 2.78-6
- Create user before installing files (#1548050)
* Fri Feb 23 2018 Petr Menšík <pemensik@redhat.com> - 2.78-5
- Create user first and then restart service
* Thu Feb 22 2018 Itamar Reis Peixoto <itamar@ispbrasil.com.br> - 2.78-4
- add gcc into buildrequires
- deliver an extra sysusers.d file to create dnsmasq user/group
- set CHUSER and CHGRP to dnsmasq in src/config.h
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.78-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Mon Jan 22 2018 Petr Menšík <pemensik@redhat.com> - 2.78-2
- DNSSEC fix for wildcard NSEC records (CVE-2017-15107)
* Tue Oct 03 2017 Petr Menšík <pemensik@redhat.com> - 2.78-1
- Rebase to 2.78
* Tue Oct 03 2017 Petr Menšík <pemensik@redhat.com> - 2.77-9
- More patches related to CVE-2017-14491
* Mon Oct 02 2017 Petr Menšík <pemensik@redhat.com> - 2.77-8
- Security fix, CVE-2017-14491, DNS heap buffer overflow
- Security fix, CVE-2017-14492, DHCPv6 RA heap overflow
- Security fix, CVE-2017-14493, DHCPv6 - Stack buffer overflow
- Security fix, CVE-2017-14494, Infoleak handling DHCPv6
- Security fix, CVE-2017-14496, Integer underflow in DNS response creation
- Security fix, CVE-2017-14495, OOM in DNS response creation
- Misc code cleanups arising from Google analysis
- Do not include stdio.h before dnsmasq.h
* Thu Sep 14 2017 Petr Menšík <pemensik@redhat.com> - 2.77-7
- Fix CVE-2017-13704
* Mon Aug 14 2017 Petr Menšík <pemensik@redhat.com> - 2.77-6
- Own the /usr/share/dnsmasq dir (#1480856)
* Wed Aug 02 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.77-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.77-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Wed Jun 07 2017 Petr Menšík <pemensik@redhat.com> - 2.77-3
- Update to 2.77
* Fri May 12 2017 Petr Menšík <pemensik@redhat.com> - 2.77-2.rc2
- Fix dhcp
* Thu May 11 2017 Petr Menšík <pemensik@redhat.com> - 2.77-1
- Update to 2.77rc2
* Thu May 11 2017 Petr Menšík <pemensik@redhat.com>
- Include dhcp_release6 tool and license in utils
- Support for IDN 2008 (#1449150)
* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.76-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
* Wed Oct 19 2016 Pavel Šimerda <psimerda@redhat.com> - 2.76-2
- Resolves: #1373485 - dns not updated after sleep and resume laptop
* Fri Jul 15 2016 Pavel Šimerda <psimerda@redhat.com> - 2.76-1
- New version 2.76
* Wed Feb 03 2016 Fedora Release Engineering <releng@fedoraproject.org> - 2.75-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
* Mon Jan 25 2016 Tomas Hozza <thozza@redhat.com> - 2.75-3
- Fixed minor bug in dnsmasq.conf (#1295143)
* Fri Oct 02 2015 Pavel Šimerda <psimerda@redhat.com> - 2.75-2
- Resolves: #1239256 - install trust-anchors.conf
* Wed Aug 05 2015 Pavel Šimerda <psimerda@redhat.com> - 2.75-1
- new version 2.75
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.72-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
* Mon Oct 06 2014 Nils Philippsen <nils@redhat.com> - 2.72-3
- don't include /etc/dnsmasq.d in triplicate, ignore RPM backup files instead
- package is dual-licensed GPL v2 or v3
- drop %%triggerun, we're not supposed to automatically migrate from SysV to
systemd anyway
* Mon Oct 06 2014 Tomas Hozza <thozza@redhat.com> - 2.72-2
- Fix typo in default configuration (#1149459)
* Thu Sep 25 2014 Tomas Hozza <thozza@redhat.com> - 2.72-1
- Update to 2.72 stable
* Sat Aug 16 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.71-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.71-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Tue May 20 2014 Tomas Hozza <thozza@redhat.com> - 2.71-1
- Update to 2.71 stable
* Fri Apr 25 2014 Tomas Hozza <thozza@redhat.com> - 2.70-1
- Update to 2.70 stable
* Fri Apr 11 2014 Tomas Hozza <thozza@redhat.com> - 2.69-1
- Update to 2.69 stable
* Mon Mar 24 2014 Tomas Hozza <thozza@redhat.com> - 2.69-0.1.rc1
- Update to 2.69rc1
- enable DNSSEC implementation
* Mon Dec 09 2013 Tomas Hozza <thozza@redhat.com> - 2.68-1
- Update to 2.68 stable
* Tue Nov 26 2013 Tomas Hozza <thozza@redhat.com> - 2.68-0.1.rc3
- Update to 2.68rc3
* Fri Nov 01 2013 Tomas Hozza <thozza@redhat.com> - 2.67-1
- Update to 2.67 stable
- Include one post release upstream fix for CNAME
* Fri Oct 18 2013 Tomas Hozza <thozza@redhat.com> - 2.67-0.9.rc4
- update to 2.67rc4
* Wed Oct 02 2013 Tomas Hozza <thozza@redhat.com> - 2.67-0.8.rc2
- update to 2.67rc2
* Thu Sep 12 2013 Tomas Hozza <thozza@redhat.com> - 2.67-0.7.test13
- update to 2.67test13
- use .tar.xz upstream archives
* Thu Aug 15 2013 Tomas Hozza <thozza@redhat.com> - 2.67-0.6.test7
- Use SO_REUSEPORT and SO_REUSEADDR if possible for DHCPv4/6 (#981973)
* Mon Aug 12 2013 Tomas Hozza <thozza@redhat.com> - 2.67-0.5.test7
- Don't use SO_REUSEPORT on DHCPv4 socket to prevent conflicts with ISC DHCP (#981973)
* Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.67-0.4.test7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Tue Jun 11 2013 Tomas Hozza <thozza@redhat.com> - 2.67-0.3.test7
- update to 2.67test7
- drop merged patch
- use _hardened_build macro instead of hardcoded flags
* Fri May 17 2013 Tomas Hozza <thozza@redhat.com> - 2.67-0.2.test4
- Fix failure to start with ENOTSOCK (#962874)
* Wed May 15 2013 Tomas Hozza <thozza@redhat.com> - 2.67-0.1.test4
- update to the latest testing release 2.67test4 (#962246)
- drop mergerd patches
* Tue Apr 30 2013 Tomas Hozza <thozza@redhat.com> - 2.66-5
- dnsmasq unit file cleanup
- drop forking Type and PIDfile and rather start dnsmasq with "-k" option
- drop After syslog.target as this is by default
* Thu Apr 25 2013 Tomas Hozza <thozza@redhat.com> - 2.66-4
- include several fixes from upstream repo:
- Send TCP DNS messages in one packet
- Fix crash on SERVFAIL when using --conntrack option
- Fix regression in dhcp_lease_time utility
- Man page typos fixes
- Note that dhcp_lease_time and dhcp_release work only for IPv4
- Fix for --dhcp-match option to work also with BOOTP protocol
* Sat Apr 20 2013 Tomas Hozza <thozza@redhat.com> - 2.66-3
- Use Full RELRO when linking the daemon
- compile the daemon with PIE
- include two fixes from upstream git repo
* Thu Apr 18 2013 Tomas Hozza <thozza@redhat.com> - 2.66-2
- New stable version dnsmasq-2.66
- Drop of merged patch
* Fri Apr 12 2013 Tomas Hozza <thozza@redhat.com> - 2.66-1.rc5
- Update to latest dnsmasq-2.66rc5
- Include fix for segfault when lease limit is reached
* Fri Mar 22 2013 Tomas Hozza <thozza@redhat.com> - 2.66-1.rc1
- Update to latest dnsmasq-2.66rc1
- Dropping unneeded patches
- Enable IDN support
* Fri Mar 15 2013 Tomas Hozza <thozza@redhat.com> - 2.65-5
- Allocate dhcp_buff-ers also if daemon->ra_contexts to prevent SIGSEGV (#920300)
* Thu Jan 31 2013 Tomas Hozza <thozza@redhat.com> - 2.65-4
- Handle locally-routed DNS Queries (#904940)
* Thu Jan 24 2013 Tomas Hozza <thozza@redhat.com> - 2.65-3
- build dnsmasq with $RPM_OPT_FLAGS, $RPM_LD_FLAGS explicitly (#903362)
* Tue Jan 22 2013 Tomas Hozza <thozza@redhat.com> - 2.65-2
- Fix for CVE-2013-0198 (checking of TCP connection interfaces) (#901555)
* Sat Dec 15 2012 Tomas Hozza <thozza@redhat.com> - 2.65-1
- new version 2.65
* Wed Dec 05 2012 Tomas Hozza <thozza@redhat.com> - 2.64-1
- New version 2.64
- Merged patches dropped
* Tue Nov 20 2012 Tomas Hozza <thozza@redhat.com> - 2.63-4
- Remove EnvironmentFile from service file (#878343)
* Mon Nov 19 2012 Tomas Hozza <thozza@redhat.com> - 2.63-3
- dhcp6 support fixes (#867054)
- removed "-s $HOSTNAME" from .service file (#753656, #822797)
* Tue Oct 23 2012 Tomas Hozza <thozza@redhat.com> - 2.63-2
- Introduce new systemd-rpm macros in dnsmasq spec file (#850096)
* Thu Aug 23 2012 Douglas Schilling Landgraf <dougsland@redhat.com> - 2.63-1
- Use .tar.gz compression, in upstream site there is no .lzma anymore
- New version 2.63
* Sat Feb 11 2012 Pádraig Brady <P@draigBrady.com> - 2.59-5
- Compile DHCP lease management utils with RPM_OPT_FLAGS
* Thu Feb 9 2012 Pádraig Brady <P@draigBrady.com> - 2.59-4
- Include DHCP lease management utils in a subpackage
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.59-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
* Fri Aug 26 2011 Douglas Schilling Landgraf <dougsland@redhat.com> - 2.59-2
- do not enable service by default
* Fri Aug 26 2011 Douglas Schilling Landgraf <dougsland@redhat.com> - 2.59-1
- New version 2.59
- Fix regression in 2.58 (IPv6 issue) - bz 744814
* Fri Aug 26 2011 Douglas Schilling Landgraf <dougsland@redhat.com> - 2.58-1
- Fixed License
- New version 2.58
* Mon Aug 08 2011 Patrick "Jima" Laughton <jima@fedoraproject.org> - 2.52-5
- Include systemd unit file
* Mon Aug 08 2011 Patrick "Jima" Laughton <jima@fedoraproject.org> - 2.52-3
- Applied Jóhann's patch, minor cleanup
* Tue Jul 26 2011 Jóhann B. Guðmundsson <johannbg@gmail.com> - 2.52-3
- Introduce systemd unit file, drop SysV support
* Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.52-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Tue Jan 26 2010 Itamar Reis Peixoto <itamar@ispbrasil.com.br> - 2.52-1
- New Version 2.52
- fix condrestart() in initscript bz 547605
- fix sed to enable DBUS(the '*' need some escaping) bz 553161
* Sun Nov 22 2009 Itamar Reis Peixoto <itamar@ispbrasil.com.br> - 2.51-2
- fix bz 512664
* Sat Oct 17 2009 Itamar Reis Peixoto <itamar@ispbrasil.com.br> - 2.51-1
- move initscript from patch to a plain text file
- drop (dnsmasq-configuration.patch) and use sed instead
- enable /etc/dnsmasq.d fix bz 526703
- change requires to package name instead of file
- new version 2.51
* Mon Oct 5 2009 Mark McLoughlin <markmc@redhat.com> - 2.48-4
- Fix multiple TFTP server vulnerabilities (CVE-2009-2957, CVE-2009-2958)
* Wed Aug 12 2009 Ville Skyttä <ville.skytta@iki.fi> - 2.48-3
- Use lzma compressed upstream tarball.
* Fri Jul 24 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.48-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
* Wed Jun 10 2009 Patrick "Jima" Laughton <jima@beer.tclug.org> 2.48-1
- Bugfix/feature enhancement update
- Fixing BZ#494094
* Fri May 29 2009 Patrick "Jima" Laughton <jima@beer.tclug.org> 2.47-1
- Bugfix/feature enhancement update
* Tue Feb 24 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.46-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
* Mon Dec 29 2008 Matěj Cepl <mcepl@redhat.com> - 2.45-2
- rebuilt
* Mon Jul 21 2008 Patrick "Jima" Laughton <jima@beer.tclug.org> 2.45-1
- Upstream release (bugfixes)
* Wed Jul 16 2008 Patrick "Jima" Laughton <jima@beer.tclug.org> 2.43-2
- New upstream release, contains fixes for CVE-2008-1447/CERT VU#800113
- Dropped patch for newer glibc (merged upstream)
* Wed Feb 13 2008 Patrick "Jima" Laughton <jima@beer.tclug.org> 2.41-0.8
- Added upstream-authored patch for newer glibc (thanks Simon!)
* Wed Feb 13 2008 Patrick "Jima" Laughton <jima@beer.tclug.org> 2.41-0.7
- New upstream release
* Wed Jan 30 2008 Patrick "Jima" Laughton <jima@beer.tclug.org> 2.41-0.6.rc1
- Release candidate
- Happy Birthday Isaac!
* Wed Jan 23 2008 Patrick "Jima" Laughton <jima@beer.tclug.org> 2.41-0.5.test30
- Bugfix update
* Mon Dec 31 2007 Patrick "Jima" Laughton <jima@beer.tclug.org> 2.41-0.4.test26
- Bugfix/feature enhancement update
* Thu Dec 13 2007 Patrick "Jima" Laughton <jima@beer.tclug.org> 2.41-0.3.test24
- Upstream fix for fairly serious regression
* Tue Dec 04 2007 Patrick "Jima" Laughton <jima@beer.tclug.org> 2.41-0.2.test20
- New upstream test release
- Moving dnsmasq.leases to /var/lib/dnsmasq/ as per BZ#407901
- Ignoring dangerous-command-in-%%post rpmlint warning (as per above fix)
- Patch consolidation/cleanup
- Removed conditionals for Fedora <= 3 and Aurora 2.0
* Tue Sep 18 2007 Patrick "Jima" Laughton <jima@beer.tclug.org> 2.40-1
- Finalized upstream release
- Removing URLs from patch lines (CVS is the authoritative source)
- Added more magic to make spinning rc/test packages more seamless
* Sun Aug 26 2007 Patrick "Jima" Laughton <jima@beer.tclug.org> 2.40-0.1.rc2
- New upstream release candidate (feature-frozen), thanks Simon!
- License clarification
* Tue May 29 2007 Patrick "Jima" Laughton <jima@beer.tclug.org> 2.39-1
- New upstream version (bugfixes, enhancements)
* Mon Feb 12 2007 Patrick "Jima" Laughton <jima@beer.tclug.org> 2.38-1
- New upstream version with bugfix for potential hang
* Tue Feb 06 2007 Patrick "Jima" Laughton <jima@beer.tclug.org> 2.37-1
- New upstream version
* Wed Jan 24 2007 Patrick "Jima" Laughton <jima@beer.tclug.org> 2.36-1
- New upstream version
* Mon Nov 06 2006 Patrick "Jima" Laughton <jima@beer.tclug.org> 2.35-2
- Stop creating /etc/sysconfig on %%install
- Create /etc/dnsmasq.d on %%install
* Mon Nov 06 2006 Patrick "Jima" Laughton <jima@beer.tclug.org> 2.35-1
- Update to 2.35
- Removed UPGRADING_to_2.0 from %%doc as per upstream change
- Enabled conf-dir in default config as per RFE BZ#214220 (thanks Chris!)
- Added %%dir /etc/dnsmasq.d to %%files as per above RFE
* Tue Oct 24 2006 Patrick "Jima" Laughton <jima@beer.tclug.org> 2.34-2
- Fixed BZ#212005
- Moved %%postun scriptlet to %%post, where it made more sense
- Render scriptlets safer
- Minor cleanup for consistency
* Thu Oct 19 2006 Patrick "Jima" Laughton <jima@beer.tclug.org> 2.34-1
- Hardcoded version in patches, as I'm getting tired of updating them
- Update to 2.34
* Mon Aug 28 2006 Patrick "Jima" Laughton <jima@beer.tclug.org> 2.33-2
- Rebuild for FC6
* Tue Aug 15 2006 Patrick "Jima" Laughton <jima@beer.tclug.org> 2.33-1
- Update
* Sat Jul 22 2006 Patrick "Jima" Laughton <jima@beer.tclug.org> 2.32-3
- Added pkgconfig BuildReq due to reduced buildroot
* Thu Jul 20 2006 Patrick "Jima" Laughton <jima@beer.tclug.org> 2.32-2
- Forced update due to dbus version bump
* Mon Jun 12 2006 Patrick "Jima" Laughton <jima@beer.tclug.org> 2.32-1
- Update from upstream
- Patch from Dennis Gilmore fixed the conditionals to detect Aurora Linux
* Mon May 8 2006 Patrick "Jima" Laughton <jima@auroralinux.org> 2.31-1
- Removed dbus config patch (now provided upstream)
- Patched in init script (no longer provided upstream)
- Added DBus-interface to docs
* Tue May 2 2006 Patrick "Jima" Laughton <jima@auroralinux.org> 2.30-4.2
- More upstream-recommended cleanups :)
- Killed sysconfig file (provides unneeded functionality)
- Tweaked init script a little more
* Tue May 2 2006 Patrick "Jima" Laughton <jima@auroralinux.org> 2.30-4
- Moved options out of init script and into /etc/sysconfig/dnsmasq
- Disabled DHCP_LEASE in sysconfig file, fixing bug #190379
- Simon Kelley provided dbus/dnsmasq.conf, soon to be part of the tarball
* Thu Apr 27 2006 Patrick "Jima" Laughton <jima@auroralinux.org> 2.30-3
- Un-enabled HAVE_ISC_READER, a hack to enable a deprecated feature (request)
- Split initscript & enable-dbus patches, conditionalized dbus for FC3
- Tweaked name field in changelog entries (trying to be consistent)
* Mon Apr 24 2006 Patrick "Jima" Laughton <jima@auroralinux.org> 2.30-2
- Disabled stripping of binary while installing (oops)
- Enabled HAVE_ISC_READER/HAVE_DBUS via patch
- Added BuildReq for dbus-devel
* Mon Apr 24 2006 Patrick "Jima" Laughton <jima@auroralinux.org> 2.30-1
- Initial Fedora Extras RPM

6
gating.yaml Normal file
View File

@ -0,0 +1,6 @@
--- !Policy
product_versions:
- fedora-*
decision_context: bodhi_update_push_stable
rules:
- !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional}

2
sources Normal file
View File

@ -0,0 +1,2 @@
SHA512 (dnsmasq-2.82.tar.xz) = faf36efdaa3abe84994e46aea018b0a324218d42814baac056ca635f6d03f1301e7b4d958f92b272a8e3a7ac358f3a4e2606129a217587b471aedb3ce23e903b
SHA512 (dnsmasq-2.82.tar.xz.asc) = e52a9b6589b37a97313654f78f86cf9f9c501dc8f38b3775b8b6ebfe6e4f4a54d3aa73ac9cf0472eac3a32ec930a8b4fc5a6a809b396e7ade16988d3c034b5bd

117
srkgpg.txt Normal file
View File

@ -0,0 +1,117 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2.0.22 (GNU/Linux)
mQINBFMbjUMBEACsU1Xk8+uu/EsGVJTh9Tn31C2e0ycd0voBVT7cTdtXpzeiNR+o
/zUAi95ds7FiecpZJp1nRO4vNzvaaAPZhFsFVLzZYyIVABgTXsskT88xbZvzb4W5
KKRWVhoTQxVDgj1+dXLUXULTB6rg02WEhqnix/qf/zFdM9I4/3pRHJn9k+3XKygR
on+nYtljfn3AKBelCo1y28istC6wCncoH11b/qdQtlfxVXaJY4HF27V0MqFFmDMg
cuhOHR7DnhymeDh7GmLfTHJ4LUFG+TecqCjiYhyWcuv2wuSb0EPXUKHJQVViQ8qg
KyPm1ly6uFP0CYdVavO7/oJwKFBIChECrj7BQ4GsImMHeuSzfWno7qy6Fxoxx2+g
0F9cdXWvcxFDGPQsL5vXp8KYNwBrzmijRzQ2ZAnrbG+ilFCkJCbxXcrhzpd4tKwE
0dgcyPL1Ma/lrznhL4ZuOzjVMgLNne7WiPpBNRqI1GoT0pUn6as4pU3En8B+K7zy
MLVfHvI1+iH45fP5bZwYSbXCa85v4+xqljYrzs9giaROEsXe/tsXvuc6JPCcmJXk
CUO3c3QVxqDFt9OYuTHIR8hqehDPLgFgzKqVuoAwMkhTf/zZNGlsy4jvKXQNcZ50
uD4mWO3e+gykNW/OH+88IoCR0rgjQ6trMLOceZFnrtvxwRL//lMndGCTYQARAQAB
tCZTaW1vbiBLZWxsZXkgPHNpbW9uQHRoZWtlbGxleXMub3JnLnVrPokCOgQTAQgA
JAIbAwULCQgHAwUVCgkICwUWAgMBAAIeAQIXgAUCUyDDjgIZAQAKCRAVzdpq4ZE1
otpmD/49HjUnc/uiYa/pcP5OIBd8lChHlF/NCh4s1RASeKv9cG6WDjnbTdxgcS6t
yESFJOfZ/hZW0WDEmuAh3tcZh1/yghkiMF3zZ+nB0zCFt9y//qKrNYvT7a9o+YGo
TuLANNq0jzzyrlPJemkZ7wvn9WNfRoG+ZUg/IQT0EVBqz6+/lvJSRTnjYXE8Ckay
/RbQ/WkppsuXQXsi08U+5oPT4rWTAGtZu4aEEoxX2MYcHip1f/bUUFzOAB/cn3In
ba+bqisLDCGm3F174NKfu+pk2MO0cauRRYPMoBAHLWDgGZOXoihWBgplcBUEYy1h
SNL7zRVX5AT2Z5Wqa1fVokkSd/T8FF2/0J4PjqFkCvBfCL8BYWzfTSkR/PBwL71P
nFzeOVJ1h1bF5ANXtfArZUI6HGMWpOb56E/YaHXhZ+lzfiM32Mwnc6jDHM3mJnEZ
jOQcsWEz7QgoR5YSPFFY6gmBXk+Y28bsgFvO3w73GjnnSHsmZdlWx9KmQWnMk/LQ
+7PUl7If+eIJ4PAqSEQddBOT/g74Q4NHGu4lvAhgZ47aU18+fYdxvVoe9JyXHsYY
5gPMjiM3RRxiugmm8dlT7RfYKWkJMBbkiyGAeQ6R1RDVztL7nM9N4ttb6nFOVtYK
UDQ1gxtKfrz/+L8Myy3IETC1NZgkuaDlXcdbNF3/oHApl8NK64hGBBARCAAGBQJT
G43BAAoJECj8hpoom4K3QrUAn1VftUxazQQJ/j6HJ/p3Soa60fJyAJ4xLJCBpov9
duJRuE9rF1OBaMZDeIhGBBARCAAGBQJTIekzAAoJECnhT5k5GzkoyOgAnjreKaWc
cEpEZSZnjlnc7DEnHuS+AJ4+Xq87WVKj9cJ05o8TRSkKxJYlEIkCHAQQAQgABgUC
UyHp8gAKCRAC0CBFCPsO9yHSD/9xYHSECwwneMFAO4nEGHyAQnhvyDzX3RutZeX1
9pc+qOm5iLUD+1EVx8+AvjTw0337yIHOa5nZI3CpgmBhmj18Q9vEgmtZn6EMXaRE
CvedsRjUSd3Q5+CF0AUbo1JQqZhVUdYLEZYcvfNgEmKl6IoVHwP8moH/cxDFc5Y6
GdlFAeJylynPdZ3Lb94DEya8VQc2mSG8L6y6ZDW8yf6M8npQG7f1cyJb9lPJJqlH
ZaFnpK2Df1DvOJXB88FQH1qW++w9uIoszdWjDOSGmwOuazO3GMmpfZPJPkH5lXoF
XKN5BO/l/gvEQ1jsmp14VZHJqdcO7HRHksLQLvNDQSi3am4ok2xm3Kn2NryJ1K2Q
mUBGrWu4CtwabgvhoKGxr0GADCQJVlLqRCC+UIp97J0kOsZj8FYjwA3I1U5w8wJi
SUqw8u+8OCCFGm1rS6XQy/wbGDPwZjCZnaNHICSj8zeXE9YkhTf2fMs/S8NLQUPy
u1g3/IoIGNnadETzEmAd02FJncUlUo05yDAcVg/IqwgM8atJQqEWLYE0QHrcqOWi
eaCCJ9+fx2KhxKnRqpKAXSov+M0KYDkIV9OQE+KioGzxdlrN2ZFmbfIKLLYMwH0s
xMkgJjbbhP8KhfxDIUoSky9gUTwwyrpJVjKkXZ6yNFpSo+Mtn8OHL12nLqzyQONT
waerx4hGBBARCAAGBQJTL0SDAAoJEBbi9PX8geFZBbUAnR3I/MdzG4kBtCecwePz
MvKdKS1SAJ9CyGUhzb8coURtMzbIlH9F7jm6L4kCHAQQAQgABgUCUy9EpAAKCRBj
ziC6xJxBSLhYD/9qBBxVex2nxavrMV4Vd0AhYJa5iI148NbqD7EZLnuCDWwi+wrq
nfMi0ToUHlh1Lp36vXd06W8JySHIiAxL0zDpq6tdT65f6iOTRZ6W6xuebxKgqC3k
ZsxcEzceYR1dOCKlRhQAsZ7Q9BJP/ZafSD/NOm2sxdPOneYm8IA4QXwWDVOayrV8
FOIDBkBLmPhm1BGNErdhCBCYsvqYSN7gFJBNszXciNMJtBmXWNyTsHtNAeKIQuzE
RgYCC2/LuTOIloeI6z6mM7mVZuPsraqRa5iGITvGI4qeQziTp+xqIu8YPQrE67iQ
MqSZZCxv3aheiiJd06l4FFpEYEg5H4FMD9JW4rvnaxLwXc8x1/ZVQQhylughetE9
j7oPQbA353oyUCCAukd4UiNYtULNCbZzfKdKCFCajnIfIY8IqNGuWvmujKViDAk2
7bIlKQeyNKExIx8Jkr4WPQBLFmXCkT+jYQMJx/R6SoNwrpa50SofTT+y+43GpSQ5
5e3Kffky0SZk+O/m7oW7gKPjwzh/UmLsOb9INXJ3gYS/CDT3fwA+UsAA+gXneT3I
ygYqfU8dnk2umV20gIm8q/SQYiyhMM+PZCkKXeHyoeU/SbO72DWKw/ZtZI/1b9xX
ruc1HBKJ/UXNPJRyoHIi4dZ/ARQ/zk839beBMnGm0AsB1y1+leTlrNZM5rQdU2lt
b24gS2VsbGV5IDxzcmtAZGViaWFuLm9yZz6JAjcEEwEIACEFAlMgw3QCGwMFCwkI
BwMFFQoJCAsFFgIDAQACHgECF4AACgkQFc3aauGRNaKhRg//S5G2RYoHNY22ecyG
5hpBr354lqdZiYRHKYCjX29jDIrtZSlC3HCL31ciGOVg666aD5xy54WAPTlx3MFQ
AxgWsqFTkICHj6zFdFduLmI1IffvcxkcEKwi6NK5f5dOxih9EtXcQ1HsoSUWGRmB
Kltvt1wyaiG37A80pjzQso1b6kr5JLdGMrjWx9PnFRKCdUNh5nxIb4HeC5R2Q8oT
FaipSppZwmvA5ocCvhMsyYCyiE6o8QTtzTqj5mGZafIqy18hwB9bA2n2gcEY1fXD
V9ky08J98A3VJqAMDM9Y6KYv+tQNJBIJRDWGmvjR/1J6n1jqO64l7mTcBlT/xfyp
TFfiXVzGN+H3EiEDFpPXKcc4abjiY8IaCu4P8qvKvee/EF7+FUep3R/i3hw0a5th
bZ4of1LfLp6qg7XjCZ3d2MUitxKe/FoFQS/ctkKNwsimOlUl5bIVmaJMMq8FUvLi
6iBgFMy8LCk2ItZ5rA2+5kGalGzwcWDdpq66A+z69f1wFfKDccOpfOJ838zmxCrz
WSxbVnLTaRSV4VobZvwHkAXZGCnDMk68ELfUNFzGClBhNOVPqAHbU74AkSS5bas5
recjKUz53DZl1aAOWLxFXQlOvxsaZ9wHmvHJAZiKscUGNUBXRK9p78TzQEm5Lxwz
Q6/V1JSkA6o4Xq7qygSARIigjJyIRgQQEQgABgUCUyHpMwAKCRAp4U+ZORs5KI+v
AKC2OnBT8TZ5cnTQwleYshUsxJddkQCgpecrsb8ysVtau7lXBgrA/X/Wef2JAhwE
EAEIAAYFAlMh6fIACgkQAtAgRQj7DvcWsQ//SF+g3zMRYeZ+qNC3m7slibJNCPdM
Cied05owZfN6oHhfBaRDc7nAC6mSdwFF76ird5/bSg2HzR6Tp4hIy/5M5WXFv4jt
m+0KXYKnDjHv1297sSALFoYKlm4K4lnE7T/qJknc/mGlLWfWm5Y5jV/QfV9Zwxvy
kT5Oh5xxzeNiOdvkmV4pCCk+bt15tGD0pII2n/TMPVfDVADLlhrWBrBp7laKyn6Q
5VvI4GiVBnHSiKsGVEaX0yUuDYzGZSU2RLaJG4BPNHqlHqSQYvsyo6QHPpHg0K6v
WWZFpgFOXHlLYMNJ91NS+DX7BqlEib2ndWQqCYzZtgRUJK/Dd6G6r2e60/5CPn6H
CwqQZr1MRdY6vEJS9Lpd5uGIOeQFTEDBZ22pcUAb20cZNdK1J+BgilfVuMvLAs2W
7fANxLtAHsXdNCvlkqr68odMI8C6w3Zd4R6XL4tfoYXl9emOKiN5SiCpK9HHJNxS
AuX6vH3lTyR+/sG1haxntu4Tn1T2zBJRgh2DiKuJLH6hnn7F7pf1fZEUUE/A6VSf
bmp+a6CXfn9mvgnF51QylKkFCauXhV5WsusEtWlNACeJjKXBg+d8LkA6FmJecMbY
ZzBTdcaN5OwLfXRpAkCsODWk2lXJNlhOntmVfa6MLDnll64S/3j+1wnKOHihf+c2
exRMy5eQCUKwqVSIRgQQEQgABgUCUy9EgwAKCRAW4vT1/IHhWZwLAJwLPSUf/VMW
NUJ1hRwNo+7kpUGLdQCeMzNtz3H0smfUn84CSRBFYIJDIhCJAhwEEAEIAAYFAlMv
RKoACgkQY84gusScQUiSfxAAuNSMXCUGs02xdJvnQRc10HkJxm/wg7YngVa4WZfd
eqyP2tQOjTdf65OMSIOCIrfpWHPDscJfsP3fjbHojFfx81iJnFmOdxx9aqB9KD15
FD4Whgq+Eyk8TiPZUEHiVU9RR8N6T/7mIe+lVNJ6GZ1iSk29D1g6+oM56Gox2d3y
0c8FnCK1Ts6D1peRiIiMq+gjGccdVJyim/yZI3WqzHvul//WmdEFzwgXqh03wbx3
iQS2zXdvwgyB+gBbVpk+6axOIbYupAvTNXYQV9Hz4imWoDFlXGdYzCMzb6QyH46R
NgfElAb8UcCknQjLwnawAjXPEHgrH6yaruYR9H1LBLxYIHA4oBYQCUxmn4ArDLOF
6kZ68eM8efBxVu4uAtklil9X8NUynhyI9DDWJoQET52ekojtOr31NCXHCtUmTkYb
PEwJxAORMBf3JEPlz2brGRgcSbacJG5RE4Qw2hfKJTOQTiNk4DpLwYrChLK8Ctmn
RS7jAZth3U2W7Fqc7OFfKs3zuo/2RRRCG3fjOVX7aIOp4Cnobvk0NxXDhEtUpMeP
0o7qPW8OdxrFyQ3YCoxu94ix1S6da3m143OujdmlM0Gs7Acyeq4bN3FokLzrMxci
oO6swXzgh9RGCzMkRrBztWgEpXQf8PbcBliF+sDV2aYerGBN9qmbN9FX30IKGaWn
QsK5Ag0EUyDDoQEQAMfQfa2tw3+OJFGMQEzLJSoXYN8/HnZEgKNlcMuYzhheQLgu
/MfcQJ7mnCIdn6xdPaalfLmYx63tM47/NGEM1+MSEvovPiRG0OLxzSgwei9DiGeN
EgsPTLXSZ5EVSXCM1+e9mT1ExT9aGLNnpCd6kIyWIcKCVMot+XC70R9prWLeyKSh
0FAZ0Pwv9i23osJVGOtJjND+WZ0uCeN29ocfN0b64yF4nPRc9IbcmYIDgNU3RybK
2Z/dupbthTisRjHRI3iX3/tiymXF3J0sSvsCluWIJWmyltS3Xyk/wfKVJz6OouiJ
jTj5utXVnCGptCDw+DCcj89vx1N0+0Dhm1cQcNZvXjMbVDTsuU+eVpJbxU6y8N+n
XpAXjEw4jMi3zNpqKtkyv2YpoqY5HhGLybgrY0zwSQOyMNf9lZ5J7znq5gEmiMXn
G9OPEw7PPSvm6QfbHPY/jAOgxsu7Fme7k303D5KkyGkkbzQiYyEtMZvbOMH/uECi
2uHGB72qiGpEYjMtHhihaRCBl+0bY8sH83He690qNQHSdStjaKXcecduE/v5iO0m
OYIHdsEHhKlWsE1GXXVLofBr68UBhYV6/AGXko4Pr+dXLzauN4kALDx6WltFu3qU
voD+uEoLq7IXULMo5Pyd7bO4qGQMKykaXTb5o6dqdu4GzWIUw1fr9kLEmo29ABEB
AAGJAh8EGAEIAAkFAlMgw6ECGwwACgkQFc3aauGRNaIjqA/+PXuaM6JHuudLycmB
0iKAwyB5csOFGpF3b9FgMR68TC4jzi5J5hJZASl0cO/e0ytQsrDUBbH74y+WaA4l
dwBVYr0j/2hqzIjrnGMtgWeHFPLV3sKw8DGuNx1/cOoljJXzi1WWSHIwDvaj3uZ9
CwHt+4/abR7kdvMcnFhQVA4zuzZWFqpp+CDkkJNVwB9zxtAQwGTGF4cQ0IvTkhCo
6DQhZZVTeyn+nBKxzzWijniWc0LyRsum03MxZ6E7UVIInCTjdXTalnO8wColwIx5
FV4nTMxdsKKgnIXmLexBdd03bW9TkowWf2C2XfDN+pDS8X3MzO6zAyogqJhAiBFj
nRzkOw0cw1VTL00o8uiWdMeu7OKOKeQbUilMAn4MweKB57mc582kjeGmwdZgWFA4
BJ2eiH7HwjxiynwMdZwQEBdOTNLbggHk3/mScF8U1KcJhjAFf7Ne+Z0feG/8GgKl
5aj3ucl821+dfpzB79lLo+kmd1qkDyDiUR5yN6P8l8k6IAUJz2KUe0BjtO6VFFw0
xni05dkrXdfo7IO79ictHmEn+g3QO8ZLUGRwdtZ1cMhTkm7FhH8Bdby0y4Soqluv
Hbri++cC91i1I3a92kHi/8O45rnLhVt+sOfxY1QnSIYh5OFwGMqMCNDTEL7ESiFa
FhSXkmzzVntlyvOBMlgz3IGh2hA=
=TM0e
-----END PGP PUBLIC KEY BLOCK-----

32
test-release-public-key Normal file
View File

@ -0,0 +1,32 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1
mQENBFM4adMBCADDTxhfWayeNd99OtOZyzzq5OSR3FeL4mWXWPFwRAwXfJwWuJot
HTU5dqEega18LyFlR/aGivCj9iUiWuUBJgK8zoRccgp/QxfiFZbY9myZwQRCtQvp
j/AgSNSsJmtbOvjFNKpaYXDtky1zhGoyit/05CGj1h4floWJhHD8rnuRCABZrwN8
I3GgHDnPzMMUKacTLCqRR4O6XXn4jCxVHoPQYk9lzINcKG32tgVQLl9qPNSx/twA
0Y0yf3FcwQr2svhBAYvQk6yhGqDe6PMhj9NHyQJEGZzMfC+z7EK9ZzvbCQIfulu+
UL/0gsXKiZpZu93Eow1/+0muaa0pfxY6867fABEBAAG0QVNpbW9uIEtlbGxleSAo
dGVzdCByZWxlYXNlIHNpZ25pbmcga2V5KSA8c2ltb25AdGhla2VsbGV5cy5vcmcu
dWs+iQE3BBMBCAAhBQJTOGnTAhsDBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJ
ENP8mkR/fvI0+g0H/j4Y4IUraDCo9FKV15mgelyCyCBsbTvyODMwc83ueALp9Osp
in2ytYShha2T1LqnrXHCGKogecpNYjVbCKI4x1L6TXOw2IB/x3LBHFu9ycj2w6ml
bExz35jcDvZg2c/3WNWjZQKewQEZ/8Go/AAcwW2zwv5DwB/30IaPNSTQrvIwuTpr
Txjxybz64s+IiUDpqMxfPGNzcnWLWZVmUEjxyhGtp8ZPOF72FeVW2FBI8TCnrXXI
UazVLIMr1aS/QFHi5iExZ2ipeyC2ZZnKruUlFIzWE70922xR97lTU+326xlFzJyv
zMQjtSvdaZCvGGV9N3Coj7iJT1KhKy1wzVrJzz+IRgQQEQgABgUCUzhqLwAKCRAo
/IaaKJuCt8ovAJ0fR2hGPR7LpGb8zEpJ1YQM/z6ziACgghldWFdy4i0KQ270UvkY
zU6eMbqJAhwEEAEIAAYFAlkgZjwACgkQFc3aauGRNaI/WA/+KdJGRtMBX8RQN9yq
Ltf9p9/aZ+k7P3xgQIwnD12vz32+F/dkl3IBniwrKKjG51M59qXJ3b7/44xyQ9v3
kc9PhQGRUaNfmGzUeQ5qOovgSvZjlbREQAlGWQmkC+0fMgB7TbmDOVe6/MdGWTAn
COG192OlGnzCgrIwY9iBnqs8wFYKCfGUGAHL+Oa+MTkUYkpMldEPJ3HkR5/gvLjH
LHoHHycJZ4xXDCx/KDPTBcj0w/40D5xkQvb1SJ/K4HR4Nd+DewRgkLGBqnceQd+t
f4SIFBZ2Yik2j3yDbtht5Gi4s41ZV2pjx/EQwXgHqk7eWII1k8hl0uBr4DVt4tLD
nc6/YfEuseQDv+TMdzenMN2UdHEDOMxAxoY5Vm2w0hGW8C0t/Qcuo67tDoqfpW+K
smd1GdeAwxpF32y5ITCJw19voZvCGYMpSWBgvZnHhdIyITCqN7fmp67gbDACc78f
T81ICeGfiHLt1vPpYXD4ZVSlUc6bImdE6/BbvkXVhqS9pZ59vVnyMxQwQmQCNyz5
/flT2WC95iEjcFE4jZIc4itBRGb+p3Wr56fANy8kJmjD5ulpqsrUOAtzRLiEOvkm
mekUSwe61xooeWNfUO0zNnwPg6BR3rQYYnOW56cxSwe1BIaDhivwoDXob377fqs2
z/99c0hz1iAchDiArEHfqlFy+YQ=
=UI2C
-----END PGP PUBLIC KEY BLOCK-----

22
tests/tests.yml Normal file
View File

@ -0,0 +1,22 @@
# Tests for NetworkManager
- hosts: localhost
roles:
- role: standard-test-basic
tags:
- classic
repositories:
- repo: "https://github.com/NetworkManager/NetworkManager-ci"
dest: "NetworkManager-ci"
tests:
- sanity-tests:
dir: NetworkManager-ci
run: run/osci/run-tests dnsmasq
environment:
LC_ALL: C.UTF-8
- role: standard-test-beakerlib
tags:
- classic
repositories:
- repo: "https://github.com/InfrastructureServices/dnsmasq-tests.git"
dest: "dnsmasq-tests"
fmf_filter: "tier: 1"