Commit Graph

177 Commits

Author SHA1 Message Date
Fedora Release Engineering
a02f732ecb - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2020-07-27 15:34:17 +00:00
Petr Menšík
688ad97e82 Update to 2.82
Fixes DNS over TCP issues with sockets and TTL 0 DNSKEY and DS
validation.

Announcement:
http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2020q3/014201.html
2020-07-20 11:17:37 +02:00
Petr Menšík
744ba31be7 Listen only localhost in default configuration
Require manual configuration to enable either local-service for any
connected networks or interface to listen all hosts on interface.
2020-06-30 19:13:15 +02:00
Petr Menšík
4c831af38b Prepare downstream patches on upstream
Enable nice checkout with --with sourcegit. It would not base sources
directory on tarball, but from git repository configured in spec.

Simplifies backporting a new patch from upstream.
2020-06-02 20:05:16 +02:00
Petr Menšík
a6995451dc Correct multiple entries with the same mac address (#1834454)
Make sure IPv4 requests search only in IPv4 contexts and vice versa. Do
not accept IPv4 record for IPv6 requests, as it would lead to defined
assignment.
2020-05-12 00:08:37 +02:00
Petr Menšík
e8e451a80c Update to 2.81 (#1823139) 2020-04-16 21:37:32 +02:00
Petr Menšík
8cb7aff90a Remove upstream merged downstream patches 2020-04-16 21:37:32 +02:00
Petr Menšík
57b55437cd Update to 2.81rc3
Remove patches that has been merged or have alternatives.
2020-04-16 21:37:32 +02:00
Petr Menšík
b8e25263bb Add source GPG validation
Verify signature of sources.
Disabled, because build failed on my machine.

Signed-off-by: Petr Menšík <pemensik@redhat.com>
2020-04-16 21:37:32 +02:00
Petr Menšík
cb7c105d3c Fix small typo with great effect
Every query was refused because of forgotten ! from original line.
2020-03-23 15:34:31 +01:00
Petr Menšík
0461a69019 Respond to any local name also withou rd bit set (#1647464) 2020-03-10 17:12:39 +01:00
Petr Menšík
cde7b60662 Support multiple static leases for single mac on IPv6 (#1810172)
In some cases, DUID will change for the same machine during network
boot. Support assigning small blocks of IPv6 addresses to work around
changing DUID.
2020-03-06 22:44:46 +01:00
Fedora Release Engineering
a491586574 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2020-01-28 16:03:36 +00:00
Petr Menšík
70d1413570 Fix RA flood (#1739797)
Upstream commit introduced serious regression, taking a lot of cycles
and filling journal. Its benefits are not too high. Revert it until
proper fix is found.

http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=18547163b15bbbcb5ed5113360440387d89d0e15
2019-08-28 19:33:58 +02:00
Petr Menšík
bde34f977c Remove SO_TIMESTAMP support, DHCP was broken (#1739081)
Quick made support of SO_TIMESTAMP is broken and it broke whole DHCP.
Until that is fixed and properly tested, remove its support. Just skip
call to unsupported ioctl.

Signed-off-by: Petr Menšík <pemensik@redhat.com>
2019-08-09 15:19:39 +02:00
Petr Menšík
8503847793 Fix failed builds on F31 (#1735096) 2019-07-31 20:50:37 +02:00
Petr Menšík
f5fd7025ab Fix TCP listener after interface recreated (#1728701)
Signed-off-by: Petr Menšík <pemensik@redhat.com>
2019-07-31 17:27:56 +02:00
Petr Menšík
6b2ad2c800 Fix NODATA instead of NXDOMAIN (#1674067)
Fix bug added in 2.80 non-terminal code which returns NODATA instead of NXDOMAIN.

Thanks to Sven Muleller and Maciej Żenczykowski for work on this.
2019-07-31 17:13:38 +02:00
Fedora Release Engineering
d7adf990db - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2019-07-24 22:11:53 +00:00
Petr Menšík
d2f1660dbc Fix autopatch macro errors 2019-04-08 19:17:44 +02:00
Petr Menšík
447db348ef Use more recent user creation macro
Old macro changed signature a bit, requires argument now. Should fix
build on Rawhide.
2019-04-08 18:32:16 +02:00
Petr Menšík
9dcc5a251f Apply patches by autosetup 2019-02-15 10:37:15 +01:00
Fedora Release Engineering
ce162ba40a - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2019-01-31 17:24:16 +00:00
Petr Menšík
d63c7d423a Update to dnsmasq 2.80
Fix underflow patch
2018-10-24 19:36:17 +02:00
Petr Menšík
8a0901a90e Randomize ports 2018-10-24 18:54:52 +02:00
Florian Weimer
72fa98ca1a Rebuild with fixed binutils 2018-07-31 11:00:20 +02:00
Igor Gnatenko
ede8a252cf
Rebuild for new binutils
Signed-off-by: Igor Gnatenko <ignatenkobrain@fedoraproject.org>
2018-07-27 14:55:15 +02:00
Zbigniew Jędrzejewski-Szmek
6dcbc02fef Fix %pre scriptlet 2018-07-26 19:05:37 +02:00
Fedora Release Engineering
e496bf0e23 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2018-07-12 23:00:28 +00:00
Petr Menšík
4c7e2b30a0 Make dnsmasq leases writeable by root again (#1554390) 2018-07-02 20:18:18 +02:00
Petr Menšík
db0bc30a48 Fix DNSSEC passtrough 2018-07-02 16:51:26 +02:00
Petr Menšík
41e404dd4c Do not own sysusers.d directory, already depends on systemd providing it 2018-03-22 18:25:04 +01:00
Petr Menšík
d198336fea Require nettle 3.4 2018-03-22 18:25:04 +01:00
Petr Menšík
1f9c5b6ea6 - Rebase to 2.79
- Stop using nettle_hashes directly, use access function (#1548060)
- Do not break on cname with spaces (#1498667)

Signed-off-by: Petr Menšík <pemensik@redhat.com>
2018-03-22 18:25:04 +01:00
Petr Menšík
144c414c67 Emit warning with dnssec enabled on FIPS system (#1549507)
Signed-off-by: Petr Menšík <pemensik@redhat.com>
2018-03-02 13:18:01 +01:00
Zbigniew Jędrzejewski-Szmek
d61ff2b613 Create user before installing files 2018-02-25 12:29:00 +01:00
Zbigniew Jędrzejewski-Szmek
f5bcbb09d9 Modernize the spec file a bit 2018-02-25 12:24:56 +01:00
Petr Menšík
dc378b565b Create user first and then restart service
Signed-off-by: Petr Menšík <pemensik@redhat.com>
2018-02-23 10:29:12 +01:00
Itamar Reis Peixoto
c81a33501e fix bz #1548050 2018-02-22 23:38:17 -03:00
Igor Gnatenko
1250e53590
Remove %clean section
None of currently supported distributions need that.
Last one was EL5 which is EOL for a while.

Signed-off-by: Igor Gnatenko <ignatenkobrain@fedoraproject.org>
2018-02-14 07:58:06 +01:00
Igor Gnatenko
d8871b193f Remove BuildRoot definition
None of currently supported distributions need that.
It was needed last for EL5 which is EOL now

Signed-off-by: Igor Gnatenko <ignatenkobrain@fedoraproject.org>
2018-02-13 23:13:50 +01:00
Fedora Release Engineering
d2b4129eba - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2018-02-07 07:04:50 +00:00
Petr Menšík
8cd7421e9d DNSSEC fix for wildcard NSEC records (CVE-2017-15107)
Signed-off-by: Petr Menšík <pemensik@redhat.com>
2018-01-22 15:38:46 +01:00
Petr Menšík
1447e0aebc Rebase to 2.78
Signed-off-by: Petr Menšík <pemensik@redhat.com>
2017-10-03 17:30:29 +02:00
Petr Menšík
35c602043d More patches related to CVE-2017-14491
Signed-off-by: Petr Menšík <pemensik@redhat.com>
2017-10-03 13:53:42 +02:00
Petr Menšík
d528970d82 Do not include stdio.h before dnsmasq.h
We define some constants in dnsmasq.h, which have an influence on
stdio.h. So do not include stdio.h before dnsmasq.h.

Signed-off-by: Petr Menšík <pemensik@redhat.com>
2017-10-02 17:25:16 +02:00
Petr Menšík
6379c5b2d4 Security fix, CVE-2017-14491, DNS heap buffer overflow.
Further fix to 0549c73b7ea6b22a3c49beb4d432f185a81efcbc
Handles case when RR name is not a pointer to the question,
only occurs for some auth-mode replies, therefore not
detected by fuzzing (?)

Signed-off-by: Petr Menšík <pemensik@redhat.com>
2017-10-02 17:17:17 +02:00
Petr Menšík
dfac991c15 Misc code cleanups arising from Google analysis.
No security impleications or CVEs.

Signed-off-by: Petr Menšík <pemensik@redhat.com>
2017-10-02 17:14:22 +02:00
Petr Menšík
ce9aecdce0 Security fix, CVE-2017-14495, OOM in DNS response
creation.

    Fix out-of-memory Dos vulnerability. An attacker which can
    send malicious DNS queries to dnsmasq can trigger memory
    allocations in the add_pseudoheader function
    The allocated memory is never freed which leads to a DoS
    through memory exhaustion. dnsmasq is vulnerable only
    if one of the following option is specified:
    --add-mac, --add-cpe-id or --add-subnet.

Signed-off-by: Petr Menšík <pemensik@redhat.com>
2017-10-02 17:08:22 +02:00
Petr Menšík
d75aef2c01 Security fix, CVE-2017-14496, Integer underflow in DNS response creation.
Fix DoS in DNS. Invalid boundary checks in the
    add_pseudoheader function allows a memcpy call with negative
    size An attacker which can send malicious DNS queries
    to dnsmasq can trigger a DoS remotely.
    dnsmasq is vulnerable only if one of the following option is
    specified: --add-mac, --add-cpe-id or --add-subnet.

Signed-off-by: Petr Menšík <pemensik@redhat.com>
2017-10-02 17:08:22 +02:00