rpms
/
dnsmasq
7
0
Fork 0
Code Issues Pull Requests Releases Activity
250 Commits 7 Branches 45 Tags 1,009 KiB
Commit Graph

219 Commits

Author SHA1 Message Date
Petr Menšík b8e25263bb Add source GPG validation 
Verify signature of sources.
Disabled, because build failed on my machine.

Signed-off-by: Petr Menšík <pemensik@redhat.com>
 2020-04-16 21:37:32 +02:00
Petr Menšík cb7c105d3c Fix small typo with great effect 
Every query was refused because of forgotten ! from original line.
 2020-03-23 15:34:31 +01:00
Petr Menšík 0461a69019 Respond to any local name also withou rd bit set (#1647464) 2020-03-10 17:12:39 +01:00
Petr Menšík cde7b60662 Support multiple static leases for single mac on IPv6 (#1810172) 
In some cases, DUID will change for the same machine during network
boot. Support assigning small blocks of IPv6 addresses to work around
changing DUID.
 2020-03-06 22:44:46 +01:00
Fedora Release Engineering a491586574 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild 
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
 2020-01-28 16:03:36 +00:00
Petr Menšík 70d1413570 Fix RA flood (#1739797) 
Upstream commit introduced serious regression, taking a lot of cycles
and filling journal. Its benefits are not too high. Revert it until
proper fix is found.

http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=18547163b15bbbcb5ed5113360440387d89d0e15
 2019-08-28 19:33:58 +02:00
Petr Menšík bde34f977c Remove SO_TIMESTAMP support, DHCP was broken (#1739081) 
Quick made support of SO_TIMESTAMP is broken and it broke whole DHCP.
Until that is fixed and properly tested, remove its support. Just skip
call to unsupported ioctl.

Signed-off-by: Petr Menšík <pemensik@redhat.com>
 2019-08-09 15:19:39 +02:00
Petr Menšík 8503847793 Fix failed builds on F31 (#1735096) 2019-07-31 20:50:37 +02:00
Petr Menšík f5fd7025ab Fix TCP listener after interface recreated (#1728701) 
Signed-off-by: Petr Menšík <pemensik@redhat.com>
 2019-07-31 17:27:56 +02:00
Petr Menšík 6b2ad2c800 Fix NODATA instead of NXDOMAIN (#1674067) 
Fix bug added in 2.80 non-terminal code which returns NODATA instead of NXDOMAIN.

Thanks to Sven Muleller and Maciej Żenczykowski for work on this.
 2019-07-31 17:13:38 +02:00
Fedora Release Engineering d7adf990db - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild 
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
 2019-07-24 22:11:53 +00:00
Petr Menšík d2f1660dbc Fix autopatch macro errors 2019-04-08 19:17:44 +02:00
Petr Menšík 447db348ef Use more recent user creation macro 
Old macro changed signature a bit, requires argument now. Should fix
build on Rawhide.
 2019-04-08 18:32:16 +02:00
Petr Menšík 9dcc5a251f Apply patches by autosetup 2019-02-15 10:37:15 +01:00
Fedora Release Engineering ce162ba40a - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild 
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
 2019-01-31 17:24:16 +00:00
Petr Menšík d63c7d423a Update to dnsmasq 2.80 
Fix underflow patch
 2018-10-24 19:36:17 +02:00
Petr Menšík 8a0901a90e Randomize ports 2018-10-24 18:54:52 +02:00
Florian Weimer 72fa98ca1a Rebuild with fixed binutils 2018-07-31 11:00:20 +02:00
Igor Gnatenko ede8a252cf
Rebuild for new binutils 
Signed-off-by: Igor Gnatenko <ignatenkobrain@fedoraproject.org>
 2018-07-27 14:55:15 +02:00
Zbigniew Jędrzejewski-Szmek 6dcbc02fef Fix %pre scriptlet 2018-07-26 19:05:37 +02:00
Fedora Release Engineering e496bf0e23 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild 
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
 2018-07-12 23:00:28 +00:00
Petr Menšík 4c7e2b30a0 Make dnsmasq leases writeable by root again (#1554390) 2018-07-02 20:18:18 +02:00
Petr Menšík db0bc30a48 Fix DNSSEC passtrough 2018-07-02 16:51:26 +02:00
Petr Menšík 41e404dd4c Do not own sysusers.d directory, already depends on systemd providing it 2018-03-22 18:25:04 +01:00
Petr Menšík d198336fea Require nettle 3.4 2018-03-22 18:25:04 +01:00
Petr Menšík 1f9c5b6ea6 - Rebase to 2.79 
- Stop using nettle_hashes directly, use access function (#1548060)
- Do not break on cname with spaces (#1498667)

Signed-off-by: Petr Menšík <pemensik@redhat.com>
 2018-03-22 18:25:04 +01:00
Petr Menšík 144c414c67 Emit warning with dnssec enabled on FIPS system (#1549507) 
Signed-off-by: Petr Menšík <pemensik@redhat.com>
 2018-03-02 13:18:01 +01:00
Zbigniew Jędrzejewski-Szmek d61ff2b613 Create user before installing files 2018-02-25 12:29:00 +01:00
Zbigniew Jędrzejewski-Szmek f5bcbb09d9 Modernize the spec file a bit 2018-02-25 12:24:56 +01:00
Petr Menšík dc378b565b Create user first and then restart service 
Signed-off-by: Petr Menšík <pemensik@redhat.com>
 2018-02-23 10:29:12 +01:00
Itamar Reis Peixoto c81a33501e fix bz #1548050 2018-02-22 23:38:17 -03:00
Igor Gnatenko 1250e53590
Remove %clean section 
None of currently supported distributions need that.
Last one was EL5 which is EOL for a while.

Signed-off-by: Igor Gnatenko <ignatenkobrain@fedoraproject.org>
 2018-02-14 07:58:06 +01:00
Igor Gnatenko d8871b193f Remove BuildRoot definition 
None of currently supported distributions need that.
It was needed last for EL5 which is EOL now

Signed-off-by: Igor Gnatenko <ignatenkobrain@fedoraproject.org>
 2018-02-13 23:13:50 +01:00
Fedora Release Engineering d2b4129eba - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild 
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
 2018-02-07 07:04:50 +00:00
Petr Menšík 8cd7421e9d DNSSEC fix for wildcard NSEC records (CVE-2017-15107) 
Signed-off-by: Petr Menšík <pemensik@redhat.com>
 2018-01-22 15:38:46 +01:00
Petr Menšík 1447e0aebc Rebase to 2.78 
Signed-off-by: Petr Menšík <pemensik@redhat.com>
 2017-10-03 17:30:29 +02:00
Petr Menšík 35c602043d More patches related to CVE-2017-14491 
Signed-off-by: Petr Menšík <pemensik@redhat.com>
 2017-10-03 13:53:42 +02:00
Petr Menšík d528970d82 Do not include stdio.h before dnsmasq.h 
We define some constants in dnsmasq.h, which have an influence on
stdio.h. So do not include stdio.h before dnsmasq.h.

Signed-off-by: Petr Menšík <pemensik@redhat.com>
 2017-10-02 17:25:16 +02:00
Petr Menšík 6379c5b2d4 Security fix, CVE-2017-14491, DNS heap buffer overflow. 
Further fix to 0549c73b7ea6b22a3c49beb4d432f185a81efcbc
Handles case when RR name is not a pointer to the question,
only occurs for some auth-mode replies, therefore not
detected by fuzzing (?)

Signed-off-by: Petr Menšík <pemensik@redhat.com>
 2017-10-02 17:17:17 +02:00
Petr Menšík dfac991c15 Misc code cleanups arising from Google analysis. 
No security impleications or CVEs.

Signed-off-by: Petr Menšík <pemensik@redhat.com>
 2017-10-02 17:14:22 +02:00
Petr Menšík ce9aecdce0 Security fix, CVE-2017-14495, OOM in DNS response 
creation.

    Fix out-of-memory Dos vulnerability. An attacker which can
    send malicious DNS queries to dnsmasq can trigger memory
    allocations in the add_pseudoheader function
    The allocated memory is never freed which leads to a DoS
    through memory exhaustion. dnsmasq is vulnerable only
    if one of the following option is specified:
    --add-mac, --add-cpe-id or --add-subnet.

Signed-off-by: Petr Menšík <pemensik@redhat.com>
 2017-10-02 17:08:22 +02:00
Petr Menšík d75aef2c01 Security fix, CVE-2017-14496, Integer underflow in DNS response creation. 
Fix DoS in DNS. Invalid boundary checks in the
    add_pseudoheader function allows a memcpy call with negative
    size An attacker which can send malicious DNS queries
    to dnsmasq can trigger a DoS remotely.
    dnsmasq is vulnerable only if one of the following option is
    specified: --add-mac, --add-cpe-id or --add-subnet.

Signed-off-by: Petr Menšík <pemensik@redhat.com>
 2017-10-02 17:08:22 +02:00
Petr Menšík e66c11835d Security fix, CVE-2017-14494, Infoleak handling DHCPv6 forwarded requests. 
Fix information leak in DHCPv6. A crafted DHCPv6 packet can
    cause dnsmasq to forward memory from outside the packet
    buffer to a DHCPv6 server when acting as a relay.

Signed-off-by: Petr Menšík <pemensik@redhat.com>
 2017-10-02 17:08:22 +02:00
Petr Menšík e84d4fc50e Security fix, CVE-2017-14493, DHCPv6 - Stack buffer overflow. 
Fix stack overflow in DHCPv6 code. An attacker who can send
a DHCPv6 request to dnsmasq can overflow the stack frame and
crash or control dnsmasq.

Signed-off-by: Petr Menšík <pemensik@redhat.com>
 2017-10-02 17:08:22 +02:00
Petr Menšík 2daf3ff20f Security fix, CVE-2017-14492, DHCPv6 RA heap overflow. 
Fix heap overflow in IPv6 router advertisement code.
This is a potentially serious security hole, as a
crafted RA request can overflow a buffer and crash or
control dnsmasq. Attacker must be on the local network.

Signed-off-by: Petr Menšík <pemensik@redhat.com>
 2017-10-02 17:08:22 +02:00
Petr Menšík bd80bf435e Security fix, CVE-2017-14491 DNS heap buffer overflow. 
Fix heap overflow in DNS code. This is a potentially serious
security hole. It allows an attacker who can make DNS
requests to dnsmasq, and who controls the contents of
a domain, which is thereby queried, to overflow
(by 2 bytes) a heap buffer and either crash, or
even take control of, dnsmasq.

Signed-off-by: Petr Menšík <pemensik@redhat.com>
 2017-10-02 17:08:22 +02:00
Petr Menšík 9d2935df23 Actually apply CVE fix 2017-09-26 13:42:46 +02:00
Petr Menšík 234a50f2b7 Fix CVE-2017-13704 2017-09-14 18:14:52 +02:00
Petr Menšík 81f0dbf828 Own the /usr/share/dnsmasq dir (#1480856) 2017-08-14 15:40:33 +02:00
Fedora Release Engineering 5ffdeda31f - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild 2017-08-02 19:40:59 +00:00
Fedora Release Engineering d47ff42c98 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild 2017-07-26 06:22:31 +00:00
Petr Menšík 4b7ea7ea04 Update to 2.77 2017-06-07 11:35:10 +02:00
Petr Menšík a26c714178 Fix unresponsible DHCP 2017-05-12 16:23:10 +02:00
Petr Menšík 389f40bfd5 Update to 2.77rc2 2017-05-11 19:42:38 +02:00
Petr Menšík 1db48a66a4 Support for IDN 2008 (#1449150) 2017-05-11 17:58:36 +02:00
Petr Menšík 323f116aa8 Include dhcp_release6 tool and license in utils 2017-05-11 17:56:41 +02:00
Fedora Release Engineering 1e0b4d4c56 - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild 2017-02-10 08:29:47 +00:00
Pavel Šimerda cfdd2cf764 Resolves: #1373485 - dns not updated after sleep and resume laptop 2016-10-19 16:00:41 +02:00
Pavel Šimerda 30dfb66768 New version 2.76 2016-07-15 14:30:31 +02:00
Dennis Gilmore 566245555d - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild 2016-02-03 18:51:06 +00:00
Tomas Hozza 14e228cae8 Fixed minor bug in dnsmasq.conf (#1295143) 2016-01-25 11:16:36 +01:00
Pavel Šimerda e6ea56c2ab Resolves: #1239256 - install trust-anchors.conf 2015-10-02 16:24:49 +02:00
Pavel Šimerda 68c179ea5c new version 2.75 2015-08-05 16:10:25 +02:00
Dennis Gilmore aca4e7adb5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild 2015-06-17 04:14:11 +00:00
Nils Philippsen b707570673 drop %triggerun 
We're not supposed to automatically migrate from SysV to systemd anyway.
 2014-10-06 15:28:13 +02:00
Nils Philippsen c4cad4212b bump release 2014-10-06 14:27:16 +02:00
Nils Philippsen f638f9b864 only require systemd-sysv and chkconfig for %triggerun 2014-10-06 14:26:58 +02:00
Nils Philippsen a333098036 package is dual-licensed GPL v2 or v3 2014-10-06 14:26:33 +02:00
Nils Philippsen faf594624d don't include /etc/dnsmasq.d in triplicate 
ignore RPM backup files instead
 2014-10-06 14:25:38 +02:00
Tomas Hozza c0cb2fb429 Fix typo in default configuration (#1149459) 
Signed-off-by: Tomas Hozza <thozza@redhat.com>
 2014-10-06 10:35:08 +02:00
Tomas Hozza 848bf9f984 Update to 2.72 stable 
Signed-off-by: Tomas Hozza <thozza@redhat.com>
 2014-09-25 17:36:51 +02:00
Peter Robinson 7bb1482771 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild 2014-08-16 03:08:55 +00:00
Dennis Gilmore 4134a56cf6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild 2014-06-07 02:43:15 -05:00
Tomas Hozza aed8f846f6 Update to 2.71 stable 
Signed-off-by: Tomas Hozza <thozza@redhat.com>
 2014-05-20 10:24:23 +02:00
Tomas Hozza ed23cea08b Update to 2.70 stable 
Resolves: rhbz#1091193
Signed-off-by: Tomas Hozza <thozza@redhat.com>
 2014-04-25 10:38:07 +02:00
Tomas Hozza 695b79525b Update to 2.69 stable 
Signed-off-by: Tomas Hozza <thozza@redhat.com>
 2014-04-11 09:17:26 +02:00
Tomas Hozza 9f1463102a Update to 2.69rc1 
- enable DNSSEC implementation

Signed-off-by: Tomas Hozza <thozza@redhat.com>
 2014-03-24 15:09:51 +01:00
Tomas Hozza f828140df3 Update to 2.68 stable 
Signed-off-by: Tomas Hozza <thozza@redhat.com>
 2013-12-09 10:11:48 +01:00
Tomas Hozza fad2ab1eb0 Update to 2.68rc3 
Signed-off-by: Tomas Hozza <thozza@redhat.com>
 2013-11-26 14:09:59 +01:00
Tomas Hozza ad9a1ef487 Update to 2.67 stable 
- Include one post release upstream fix for CNAME

Signed-off-by: Tomas Hozza <thozza@redhat.com>
 2013-11-01 08:55:04 +01:00
Tomas Hozza c43d685d66 update to 2.67rc4 
Signed-off-by: Tomas Hozza <thozza@redhat.com>
 2013-10-18 16:14:39 +02:00
Tomas Hozza ad8cf52062 update to 2.67rc2 
Signed-off-by: Tomas Hozza <thozza@redhat.com>
 2013-10-02 17:05:33 +02:00
Tomas Hozza 2f4ab38b51 update to 2.67test13 
- use .tar.xz upstream archives

Signed-off-by: Tomas Hozza <thozza@redhat.com>
 2013-09-12 10:56:50 +02:00
Tomas Hozza b6153d9e1e Use SO_REUSEPORT and SO_REUSEADDR if possible for DHCPv4/6 (#981973) 
Change fix for the Bug #981973 after discussion with the upstream.

Signed-off-by: Tomas Hozza <thozza@redhat.com>
 2013-08-15 11:57:29 +02:00
Tomas Hozza ea5468d6a1 Don't use SO_REUSEPORT on DHCPv4 socket to prevent conflicts with ISC DHCP (#981973) 
Signed-off-by: Tomas Hozza <thozza@redhat.com>
 2013-08-12 15:15:08 +02:00
Dennis Gilmore d4631ba788 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild 2013-08-03 02:32:42 -05:00
Tomas Hozza fb84f79daf update to 2.67test7 
- drop merged patch
- use _hardened_build macro instead of hardcoded flags

Signed-off-by: Tomas Hozza <thozza@redhat.com>
 2013-06-11 12:25:52 +02:00
Tomas Hozza 4b348e1002 Fix failure to start with ENOTSOCK (#962874) 
Signed-off-by: Tomas Hozza <thozza@redhat.com>
 2013-05-17 15:30:55 +02:00
Tomas Hozza f9818256f6 update to the latest testing release 2.67test4 (#962246) 
- drop mergerd patches

Signed-off-by: Tomas Hozza <thozza@redhat.com>
 2013-05-15 09:31:14 +02:00
Tomas Hozza c925f9e48a dnsmasq unit file cleanup 
- drop forking Type and PIDfile and rather start dnsmasq with "-k" option
- drop After syslog.target as this is by default

Signed-off-by: Tomas Hozza <thozza@redhat.com>
 2013-04-30 17:24:27 +02:00
Tomas Hozza c47bd50841 Include several fixes from upstream repo 
- Send TCP DNS messages in one packet
- Fix crash on SERVFAIL when using --conntrack option
- Fix regression in dhcp_lease_time utility
- Man page typos fixes
- Note that dhcp_lease_time and dhcp_release work only for IPv4
- Fix for --dhcp-match option to work also with BOOTP protocol

Signed-off-by: Tomas Hozza <thozza@redhat.com>
 2013-04-25 10:29:58 +02:00
Tomas Hozza 4db4008b50 Use Full RELRO when linking the daemon 
Signed-off-by: Tomas Hozza <thozza@redhat.com>
 2013-04-20 21:19:03 +02:00
Tomas Hozza e34aa6b7a4 Compile the daemon with PIE 
Signed-off-by: Tomas Hozza <thozza@redhat.com>
 2013-04-20 21:18:21 +02:00
Tomas Hozza c217afdb53 Include two fixes from upstream git repo 
Signed-off-by: Tomas Hozza <thozza@redhat.com>
 2013-04-20 19:56:35 +02:00
Tomas Hozza 33f9cfc8b8 Corrected bad dates in changelog 
Signed-off-by: Tomas Hozza <thozza@redhat.com>
 2013-04-19 14:34:28 +02:00
Tomas Hozza 609b978ebe New stable version dnsmasq-2.66 
+ Drop of merged patch

Signed-off-by: Tomas Hozza <thozza@redhat.com>
 2013-04-18 09:27:37 +02:00
Tomas Hozza 16e329b64e Update to latest dnsmasq-2.66rc5 
Also Include fix for segfault when lease limit is reached

Signed-off-by: Tomas Hozza <thozza@redhat.com>
 2013-04-12 09:27:21 +02:00
Tomas Hozza 24df3be371 Enable IDN support 
Signed-off-by: Tomas Hozza <thozza@redhat.com>
 2013-03-22 13:08:35 +01:00
Tomas Hozza b0df409e18 Update to latest dnsmasq-2.66rc1 
- Dropping unneeded patches

Signed-off-by: Tomas Hozza <thozza@redhat.com>
 2013-03-22 12:51:18 +01:00
Tomas Hozza bebbe6c7d0 Allocate dhcp_buff-ers also if daemon->ra_contexts to prevent SIGSEGV (#920300) 
Signed-off-by: Tomas Hozza <thozza@redhat.com>
 2013-03-15 11:41:41 +01:00