rpms
/
dnsmasq
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Compare commits

merge into: rpms:c8
Branches Tags
rpms:c8
rpms:c9
rpms:c9-beta
rpms:c8-beta
rpms:c9s
rpms:c8s
rpms:imports/c8/dnsmasq-2.79-33.el8_10
rpms:imports/c9/dnsmasq-2.85-16.el9_4
rpms:imports/c9/dnsmasq-2.85-14.el9_3.1
rpms:imports/c8/dnsmasq-2.79-31.el8_9.2
rpms:imports/c8/dnsmasq-2.79-31.el8
rpms:imports/c8/dnsmasq-2.79-26.el8_8.1
rpms:imports/c9/dnsmasq-2.85-14.el9
rpms:imports/c8-beta/dnsmasq-2.79-31.el8
rpms:imports/c9-beta/dnsmasq-2.85-14.el9
rpms:imports/c8/dnsmasq-2.79-26.el8
rpms:imports/c9/dnsmasq-2.85-6.el9
rpms:imports/c8/dnsmasq-2.79-24.el8_7.1
rpms:imports/c9-beta/dnsmasq-2.85-6.el9
rpms:imports/c8-beta/dnsmasq-2.79-26.el8
rpms:imports/c8s/dnsmasq-2.79-26.el8
rpms:imports/c9/dnsmasq-2.85-5.el9
rpms:imports/c8/dnsmasq-2.79-24.el8
rpms:imports/c9-beta/dnsmasq-2.85-4.el9
rpms:imports/c8-beta/dnsmasq-2.79-24.el8
rpms:imports/c8/dnsmasq-2.79-21.el8_6.1
rpms:imports/c8s/dnsmasq-2.79-24.el8
rpms:imports/c8s/dnsmasq-2.79-23.el8
rpms:imports/c9/dnsmasq-2.85-3.el9
rpms:imports/c8/dnsmasq-2.79-21.el8
rpms:imports/c9-beta/dnsmasq-2.85-3.el9
rpms:imports/c8-beta/dnsmasq-2.79-21.el8
rpms:imports/c8s/dnsmasq-2.79-21.el8
rpms:imports/c9-beta/dnsmasq-2.85-2.el9
rpms:imports/c8s/dnsmasq-2.79-20.el8
rpms:imports/c8/dnsmasq-2.79-19.el8
rpms:imports/c8-beta/dnsmasq-2.79-19.el8
rpms:imports/c8-beta/dnsmasq-2.79-15.el8
rpms:imports/c8-beta/dnsmasq-2.79-13.el8
rpms:imports/c8-beta/dnsmasq-2.79-9.el8
rpms:imports/c8-beta/dnsmasq-2.79-4.el8
rpms:imports/c8s/dnsmasq-2.79-19.el8
rpms:imports/c8s/dnsmasq-2.79-18.el8
rpms:imports/c8s/dnsmasq-2.79-15.el8
rpms:imports/c8s/dnsmasq-2.79-14.el8
rpms:imports/c8s/dnsmasq-2.79-13.el8
rpms:imports/c8/dnsmasq-2.79-15.el8
rpms:imports/c8/dnsmasq-2.79-13.el8_3.1
rpms:imports/c8/dnsmasq-2.79-13.el8
rpms:imports/c8/dnsmasq-2.79-11.el8_2.1
rpms:imports/c8/dnsmasq-2.79-11.el8
...
pull from: rpms:c8s
Branches Tags
rpms:c8
rpms:c9
rpms:c9-beta
rpms:c8-beta
rpms:c9s
rpms:c8s
rpms:imports/c8/dnsmasq-2.79-33.el8_10
rpms:imports/c9/dnsmasq-2.85-16.el9_4
rpms:imports/c9/dnsmasq-2.85-14.el9_3.1
rpms:imports/c8/dnsmasq-2.79-31.el8_9.2
rpms:imports/c8/dnsmasq-2.79-31.el8
rpms:imports/c8/dnsmasq-2.79-26.el8_8.1
rpms:imports/c9/dnsmasq-2.85-14.el9
rpms:imports/c8-beta/dnsmasq-2.79-31.el8
rpms:imports/c9-beta/dnsmasq-2.85-14.el9
rpms:imports/c8/dnsmasq-2.79-26.el8
rpms:imports/c9/dnsmasq-2.85-6.el9
rpms:imports/c8/dnsmasq-2.79-24.el8_7.1
rpms:imports/c9-beta/dnsmasq-2.85-6.el9
rpms:imports/c8-beta/dnsmasq-2.79-26.el8
rpms:imports/c8s/dnsmasq-2.79-26.el8
rpms:imports/c9/dnsmasq-2.85-5.el9
rpms:imports/c8/dnsmasq-2.79-24.el8
rpms:imports/c9-beta/dnsmasq-2.85-4.el9
rpms:imports/c8-beta/dnsmasq-2.79-24.el8
rpms:imports/c8/dnsmasq-2.79-21.el8_6.1
rpms:imports/c8s/dnsmasq-2.79-24.el8
rpms:imports/c8s/dnsmasq-2.79-23.el8
rpms:imports/c9/dnsmasq-2.85-3.el9
rpms:imports/c8/dnsmasq-2.79-21.el8
rpms:imports/c9-beta/dnsmasq-2.85-3.el9
rpms:imports/c8-beta/dnsmasq-2.79-21.el8
rpms:imports/c8s/dnsmasq-2.79-21.el8
rpms:imports/c9-beta/dnsmasq-2.85-2.el9
rpms:imports/c8s/dnsmasq-2.79-20.el8
rpms:imports/c8/dnsmasq-2.79-19.el8
rpms:imports/c8-beta/dnsmasq-2.79-19.el8
rpms:imports/c8-beta/dnsmasq-2.79-15.el8
rpms:imports/c8-beta/dnsmasq-2.79-13.el8
rpms:imports/c8-beta/dnsmasq-2.79-9.el8
rpms:imports/c8-beta/dnsmasq-2.79-4.el8
rpms:imports/c8s/dnsmasq-2.79-19.el8
rpms:imports/c8s/dnsmasq-2.79-18.el8
rpms:imports/c8s/dnsmasq-2.79-15.el8
rpms:imports/c8s/dnsmasq-2.79-14.el8
rpms:imports/c8s/dnsmasq-2.79-13.el8
rpms:imports/c8/dnsmasq-2.79-15.el8
rpms:imports/c8/dnsmasq-2.79-13.el8_3.1
rpms:imports/c8/dnsmasq-2.79-13.el8
rpms:imports/c8/dnsmasq-2.79-11.el8_2.1
rpms:imports/c8/dnsmasq-2.79-11.el8

No commits in common. "c8" and "c8s" have entirely different histories.
c8 ... c8s

8 changed files with 1 additions and 2800 deletions
Show Stats Expand all files Collapse all files

28
SOURCES/dnsmasq-2.80-synth-domain-RHEL-15216.patch
View File

@ -1,28 +0,0 @@
From 0a970b2a19c9fe5166e846d8a0c8b4f4fa5f1b4f Mon Sep 17 00:00:00 2001
From: Simon Kelley <simon@thekelleys.org.uk>
Date: Mon, 30 Jul 2018 14:55:39 +0100
Subject: [PATCH] Fix crash parsing a --synth-domain with no prefix. Problem
introduced in 2.79/6b2b564ac34cb3c862f168e6b1457f9f0b9ca69c
---
src/option.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/option.c b/src/option.c
index b22fc90..4e54afb 100644
--- a/src/option.c
+++ b/src/option.c
@@ -2347,7 +2347,9 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
char *star;
new->next = daemon->synth_domains;
daemon->synth_domains = new;
- if ((star = strrchr(new->prefix, '*')) && *(star+1) == 0)
+ if (new->prefix &&
+ (star = strrchr(new->prefix, '*'))
+ && *(star+1) == 0)
{
*star = 0;
new->indexed = 1;
--
2.41.0

106
SOURCES/dnsmasq-2.85-domain-blocklist-speedup.patch
View File

@ -1,106 +0,0 @@
From 4cab3d930f9236408b838adfdaaeb6508a928bbf Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
Date: Fri, 9 Jun 2023 22:11:01 +0200
Subject: [PATCH] Use serv_domain only for regular servers
Do not try to use it for --local=/x/ or --address=/x/#. Some users use
quite long list of blocks, which slows down walking trough domain list
considerably. But searching by server_domain_find_domain is needed only
for normal servers, which may store there last used server and number
of recent forwarded queries. Local addresses overrides store there no
useful information, avoid searching and adding new domains for such
records.
Would also speed up searching servers when blocklists are used, because
only domains of servers are tested.
Resolves: rhbz#2209031
---
src/forward.c | 4 ++--
src/option.c | 13 ++++++++-----
2 files changed, 10 insertions(+), 7 deletions(-)
diff --git a/src/forward.c b/src/forward.c
index d8e845a..989fb61 100644
--- a/src/forward.c
+++ b/src/forward.c
@@ -234,8 +234,8 @@ static unsigned int search_servers(time_t now, struct all_addr **addrpp, unsigne
*type = 0; /* use normal servers for this domain */
*domain = NULL;
}
- if (serv_domain && !*serv_domain)
- *serv_domain = server_domain_find_domain(*domain);
+ if (serv_domain && !*serv_domain && (*type & SERV_HAS_DOMAIN)==0)
+ *serv_domain = server_domain_find_domain(NULL);
return flags;
}
diff --git a/src/option.c b/src/option.c
index 1382c55..b22fc90 100644
--- a/src/option.c
+++ b/src/option.c
@@ -906,7 +906,7 @@ static struct server *add_rev4(struct in_addr addr, int msize)
p += sprintf(p, "in-addr.arpa");
serv->flags = SERV_HAS_DOMAIN;
- server_domain_new(serv);
+ serv->serv_domain = NULL;
serv->next = daemon->servers;
daemon->servers = serv;
@@ -931,7 +931,7 @@ static struct server *add_rev6(struct in6_addr *addr, int msize)
p += sprintf(p, "ip6.arpa");
serv->flags = SERV_HAS_DOMAIN;
- server_domain_new(serv);
+ serv->serv_domain = NULL;
serv->next = daemon->servers;
daemon->servers = serv;
@@ -2246,7 +2246,7 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
memset(serv, 0, sizeof(struct server));
serv->domain = d;
serv->flags = SERV_HAS_DOMAIN | SERV_NO_ADDR;
- server_domain_new(serv);
+ serv->serv_domain = NULL;
serv->next = daemon->servers;
daemon->servers = serv;
}
@@ -2291,7 +2291,7 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
memset(serv, 0, sizeof(struct server));
serv->domain = d;
serv->flags = SERV_HAS_DOMAIN | SERV_NO_ADDR;
- server_domain_new(serv);
+ serv->serv_domain = NULL;
serv->next = daemon->servers;
daemon->servers = serv;
}
@@ -2542,7 +2542,7 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
newlist = serv;
serv->domain = domain;
serv->flags = domain ? SERV_HAS_DOMAIN : SERV_FOR_NODOTS;
- server_domain_new(serv);
+ serv->serv_domain = NULL;
arg = end;
if (rebind)
break;
@@ -2594,6 +2594,8 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
server_list_free(newlist);
ret_err(err);
}
+ if ((newlist->flags & SERV_LITERAL_ADDRESS)==0)
+ server_domain_new(newlist);
}
serv = newlist;
@@ -2637,6 +2639,7 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
else
ret_err(gen_err);
+ server_domain_new(serv);
string = parse_server(comma, &serv->addr, &serv->source_addr, serv->interface, &serv->flags);
if (string)
--
2.41.0

83
SOURCES/dnsmasq-2.85-serv_domain-rh2186481-2.patch
View File

@ -1,83 +0,0 @@
From 312e9f812a6b2f5ca2c2db866ffed3a0b289b945 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
Date: Wed, 10 May 2023 12:57:17 +0200
Subject: [PATCH] fixup! Correct releasing of serv_domain
---
src/dnsmasq.h | 2 +-
src/network.c | 20 +++++++++++---------
2 files changed, 12 insertions(+), 10 deletions(-)
diff --git a/src/dnsmasq.h b/src/dnsmasq.h
index e8a1320..711ffd3 100644
--- a/src/dnsmasq.h
+++ b/src/dnsmasq.h
@@ -1331,7 +1331,7 @@ int label_exception(int index, int family, struct all_addr *addr);
int fix_fd(int fd);
int tcp_interface(int fd, int af);
struct server_domain *server_domain_find_domain(const char *domain);
-struct server_domain *server_domain_new(struct server *serv);
+void server_domain_new(struct server *serv);
#ifdef HAVE_IPV6
int set_ipv6pktinfo(int fd);
#endif
diff --git a/src/network.c b/src/network.c
index b8d77fe..6faaad4 100644
--- a/src/network.c
+++ b/src/network.c
@@ -1544,6 +1544,7 @@ void add_update_server(int flags,
serv->addr = *addr;
if (source_addr)
serv->source_addr = *source_addr;
+ server_domain_new(serv);
}
}
@@ -1571,14 +1572,20 @@ struct server_domain *server_domain_find_domain(const char *domain)
/**< Test structure has already set domain pointer.
*
* If not, create a new record. */
-struct server_domain *server_domain_new(struct server *serv)
+void server_domain_new(struct server *serv)
{
struct server_domain *sd;
+ const char *domain = server_get_domain(serv);
- if ((sd = whine_malloc(sizeof(struct server_domain))))
+ sd = server_domain_find_domain(domain);
+ if (sd)
{
- const char *domain = server_get_domain(serv);
+ serv->serv_domain = sd;
+ return;
+ }
+ if ((sd = whine_malloc(sizeof(struct server_domain))))
+ {
/* Ensure all serv->domain values have own record in server_domain.
* Add a new record. */
if (domain)
@@ -1592,7 +1599,6 @@ struct server_domain *server_domain_new(struct server *serv)
serv->serv_domain = sd;
daemon->server_domains = sd;
}
- return sd;
}
/**< Test structure has already set domain pointer.
@@ -1605,11 +1611,7 @@ static void server_domain_check(struct server *serv)
if (sd)
sd->flags &= (~SERV_MARK); /* found domain, mark active */
else
- {
- sd = server_domain_find_domain(serv->domain);
- if (!sd)
- server_domain_new(serv);
- }
+ server_domain_new(serv);
}
void check_servers(void)
--
2.40.1

108
SOURCES/dnsmasq-2.85-serv_domain-rh2186481.patch
View File

@ -1,108 +0,0 @@
From c0e0202736f55195104dad9fec98c20d0d15df21 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
Date: Fri, 21 Apr 2023 17:04:53 +0200
Subject: [PATCH] Correct releasing of serv_domain
In case the server->serv_domain points to domain also when it is not the
last server used, ensure the reference to last_server is always reset.
Some records might reference the server_domain, but cannot ever become
last_server. Such as server=/example.com/#
Correct detection of used server_domains for standard resolvers case.
Mark domain used even in that case, so it is not freed during
resolv.conf reading or other nameservers change.
---
src/network.c | 40 +++++++++++++++++++++++++++++++---------
1 file changed, 31 insertions(+), 9 deletions(-)
diff --git a/src/network.c b/src/network.c
index cf2f2e2..8152cac 100644
--- a/src/network.c
+++ b/src/network.c
@@ -1511,7 +1511,18 @@ void mark_servers(int flag)
}
}
-static void server_domains_cleanup(void)
+static void server_domains_pre_cleanup(void)
+{
+ struct server_domain *sd;
+
+ /* reset removed last_server. */
+ for (sd = daemon->server_domains; sd; sd = sd->next)
+ if ((sd->flags & SERV_MARK) == 0 && sd->last_server &&
+ (sd->last_server->flags & SERV_MARK) != 0)
+ sd->last_server = NULL;
+}
+
+static void server_domains_post_cleanup(void)
{
struct server_domain *sd, *tmp, **up;
@@ -1528,8 +1539,6 @@ static void server_domains_cleanup(void)
}
else {
up = &sd->next;
- if (sd->last_server && (sd->last_server->flags & SERV_MARK))
- sd->last_server = NULL;
}
}
}
@@ -1538,7 +1547,7 @@ void cleanup_servers(void)
{
struct server *serv, *tmp, **up;
- server_domains_cleanup();
+ server_domains_pre_cleanup();
/* unlink and free anything still marked. */
for (serv = daemon->servers, up = &daemon->servers; serv; serv = tmp)
@@ -1552,10 +1561,16 @@ void cleanup_servers(void)
free(serv->domain);
free(serv);
}
- else
- up = &serv->next;
+ else
+ {
+ up = &serv->next;
+ if (serv->serv_domain && (serv->serv_domain->flags & SERV_MARK) != 0)
+ serv->serv_domain = NULL;
+ }
}
+ server_domains_post_cleanup();
+
#ifdef HAVE_LOOP
/* Now we have a new set of servers, test for loops. */
loop_send_probes();
@@ -1699,7 +1714,11 @@ static void server_domain_check(struct server *serv)
if (sd)
sd->flags &= (~SERV_MARK); /* found domain, mark active */
else
- server_domain_new(serv);
+ {
+ sd = server_domain_find_domain(serv->domain);
+ if (!sd)
+ server_domain_new(serv);
+ }
}
void check_servers(void)
@@ -1808,8 +1827,11 @@ void check_servers(void)
else if (strlen(serv->domain) == 0)
s1 = _("default"), s2 = "";
else
- s1 = _("domain"), s2 = serv->domain;
-
+ {
+ s1 = _("domain"), s2 = serv->domain;
+ server_domain_check(serv);
+ }
+
if (serv->flags & SERV_NO_ADDR)
{
count--;
--
2.39.2

64
SOURCES/dnsmasq-2.87-log-root-writeable.patch
View File

@ -1,64 +0,0 @@
From e342e4d5c3093d8dd9e2d622e46d36f67bfb4925 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
Date: Mon, 10 Jan 2022 12:34:42 +0100
Subject: [PATCH] Add root group writeable flag to log file
Some systems strips even root process capability of writing to different
users file. That include systemd under Fedora. When
log-facility=/var/log/dnsmasq.log is used, log file with mode 0640
is created. But restart then fails, because such log file can be used
only when created new. Existing file cannot be opened by root when
starting, causing fatal error. Avoid that by adding root group writeable flag.
Ensure group is always root when granting write access. If it is
anything else, administrator has to configure correct rights.
(cherry picked from commit 1f8f78a49b8fd6b2862a3882053b1c6e6e111e5c)
---
src/log.c | 23 ++++++++++++++++++-----
1 file changed, 18 insertions(+), 5 deletions(-)
diff --git a/src/log.c b/src/log.c
index 1ec3447..bcd6e52 100644
--- a/src/log.c
+++ b/src/log.c
@@ -100,10 +100,23 @@ int log_start(struct passwd *ent_pw, int errfd)
/* If we're running as root and going to change uid later,
change the ownership here so that the file is always owned by
the dnsmasq user. Then logrotate can just copy the owner.
- Failure of the chown call is OK, (for instance when started as non-root) */
- if (log_to_file && !log_stderr && ent_pw && ent_pw->pw_uid != 0 &&
- fchown(log_fd, ent_pw->pw_uid, -1) != 0)
- ret = errno;
+ Failure of the chown call is OK, (for instance when started as non-root).
+
+ If we've created a file with group-id root, we also make
+ the file group-writable. This gives processes in the root group
+ write access to the file and avoids the problem that on some systems,
+ once the file is owned by the dnsmasq user, it can't be written
+ whilst dnsmasq is running as root during startup.
+ */
+ if (log_to_file && !log_stderr && ent_pw && ent_pw->pw_uid != 0)
+ {
+ struct stat ls;
+ if (getgid() == 0 && fstat(log_fd, &ls) == 0 && ls.st_gid == 0 &&
+ (ls.st_mode & S_IWGRP) == 0)
+ (void)fchmod(log_fd, S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP);
+ if (fchown(log_fd, ent_pw->pw_uid, -1) != 0)
+ ret = errno;
+ }
return ret;
}
@@ -118,7 +131,7 @@ int log_reopen(char *log_file)
/* NOTE: umask is set to 022 by the time this gets called */
if (log_file)
- log_fd = open(log_file, O_WRONLY|O_CREAT|O_APPEND, S_IRUSR|S_IWUSR|S_IRGRP);
+ log_fd = open(log_file, O_WRONLY|O_CREAT|O_APPEND, S_IRUSR|S_IWUSR|S_IRGRP);
else
{
#if defined(HAVE_SOLARIS_NETWORK) || defined(__ANDROID__)
--
2.40.1

45
SOURCES/dnsmasq-2.89-edns0-size.patch
View File

@ -1,45 +0,0 @@
From 9d8270be2e2b31437684f2d87add9a28a41f0c75 Mon Sep 17 00:00:00 2001
From: Simon Kelley <simon@thekelleys.org.uk>
Date: Tue, 7 Mar 2023 22:07:46 +0000
Subject: [PATCH] Set the default maximum DNS UDP packet size to 1232.
http://www.dnsflagday.net/2020/ refers.
Thanks to Xiang Li for the prompt.
(cherry picked from commit eb92fb32b746f2104b0f370b5b295bb8dd4bd5e5)
---
man/dnsmasq.8 | 3 ++-
src/config.h | 2 +-
2 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/man/dnsmasq.8 b/man/dnsmasq.8
index fce580f..4b0b180 100644
--- a/man/dnsmasq.8
+++ b/man/dnsmasq.8
@@ -171,7 +171,8 @@ to zero completely disables DNS function, leaving only DHCP and/or TFTP.
.TP
.B \-P, --edns-packet-max=<size>
Specify the largest EDNS.0 UDP packet which is supported by the DNS
-forwarder. Defaults to 4096, which is the RFC5625-recommended size.
+forwarder. Defaults to 1232, which is the recommended size following the
+DNS flag day in 2020. Only increase if you know what you are doing.
.TP
.B \-Q, --query-port=<query_port>
Send outbound DNS queries from, and listen for their replies on, the
diff --git a/src/config.h b/src/config.h
index 8c41943..62b7fa1 100644
--- a/src/config.h
+++ b/src/config.h
@@ -19,7 +19,7 @@
#define CHILD_LIFETIME 150 /* secs 'till terminated (RFC1035 suggests > 120s) */
#define TCP_MAX_QUERIES 100 /* Maximum number of queries per incoming TCP connection */
#define TCP_BACKLOG 32 /* kernel backlog limit for TCP connections */
-#define EDNS_PKTSZ 4096 /* default max EDNS.0 UDP packet from RFC5625 */
+#define EDNS_PKTSZ 1232 /* default max EDNS.0 UDP packet from from /dnsflagday.net/2020 */
#define SAFE_PKTSZ 1280 /* "go anywhere" UDP packet size */
#define KEYBLOCK_LEN 40 /* choose to minimise fragmentation when storing DNSSEC keys */
#define DNSSEC_WORK 50 /* Max number of queries to validate one question */
--
2.39.2

2318
SOURCES/dnsmasq-2.90-CVE-2023-50387-CVE-2023-50868.patch
View File

File diff suppressed because it is too large Load Diff

49
SPECS/dnsmasq.spec
View File

@ -13,7 +13,7 @@
Name: dnsmasq
Version: 2.79
Release: 33%{?extraversion:.%{extraversion}}%{?dist}
Release: 26%{?extraversion:.%{extraversion}}%{?dist}
Summary: A lightweight DHCP/caching DNS server
License: GPLv2 or GPLv3
@ -83,23 +83,6 @@ Patch37: dnsmasq-2.81-linux-SIOCGSTAMP.patch
Patch38: dnsmasq-2.79-server-domain-fixup.patch
# https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;h=f8c77edbdffb8ada7753ea9fa104f0f6da70cfe3
Patch39: dnsmasq-2.81-dhcpv6-relay-link-address.patch
# https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;h=eb92fb32b746f2104b0f370b5b295bb8dd4bd5e5
Patch40: dnsmasq-2.89-edns0-size.patch
# Downstream only patch; https://bugzilla.redhat.com/show_bug.cgi?id=2186481
# Fixes issue in Patch4
Patch41: dnsmasq-2.85-serv_domain-rh2186481.patch
# Downstream only patch; https://bugzilla.redhat.com/show_bug.cgi?id=2186481
# complements patch10
Patch42: dnsmasq-2.85-serv_domain-rh2186481-2.patch
# http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=1f8f78a49b8fd6b2862a3882053b1c6e6e111e5c
Patch43: dnsmasq-2.87-log-root-writeable.patch
# Downstream only patch; https://bugzilla.redhat.com/show_bug.cgi?id=2209031
# complements patch42
Patch44: dnsmasq-2.85-domain-blocklist-speedup.patch
# http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=dd33e98da09c487a58b6cb6693b8628c0b234a3b
Patch45: dnsmasq-2.80-synth-domain-RHEL-15216.patch
# https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=214a046f47b9f7dd56f5eef3a8678ccbd6e973b7
Patch46: dnsmasq-2.90-CVE-2023-50387-CVE-2023-50868.patch
# This is workaround to nettle bug #1549190
# https://bugzilla.redhat.com/show_bug.cgi?id=1549190
@ -172,13 +155,6 @@ server's leases.
%patch37 -p1 -b .SIOCGSTAMP
%patch38 -p1 -b .rh2120357
%patch39 -p1 -b .rh2169355
%patch40 -p1 -b .CVE-2023-28450
%patch41 -p1 -b .rh2186481
%patch42 -p1 -b .rh2186481-2
%patch43 -p1 -b .rh2156789
%patch44 -p1 -b .rh2209031
%patch45 -p1 -b .RHEL-15216
%patch46 -p1 -b .CVE-2023-50387-CVE-2023-50868
# use /var/lib/dnsmasq instead of /var/lib/misc
for file in dnsmasq.conf.example man/dnsmasq.8 man/es/dnsmasq.8 src/config.h; do
@ -278,29 +254,6 @@ install -Dpm 644 %{SOURCE2} %{buildroot}%{_sysusersdir}/dnsmasq.conf
%{_mandir}/man1/dhcp_*
%changelog
* Mon Mar 18 2024 Tomas Korbar <tkorbar@redhat.com> - 2.79-33
- Fix CVE 2023-50387 and CVE 2023-50868
- Resolves: RHEL-25667
- Resolves: RHEL-25629
* Wed Nov 01 2023 Petr Menšík <pemensik@redhat.com> - 2.79-32
- Do not crash on invalid domain in --synth-domain option (RHEL-15216)
* Wed Jun 14 2023 Petr Menšík <pemensik@redhat.com> - 2.79-31
- Do not create and search --local and --address=/x/# domains (#2233542)
* Wed Jun 14 2023 Petr Menšík <pemensik@redhat.com> - 2.79-30
- Make create logfile writeable by root (#2156789)
* Wed May 10 2023 Petr Menšík <pemensik@redhat.com> - 2.79-29
- Fix also dynamically set resolvers over dbus (#2186481)
* Fri Apr 21 2023 Petr Menšík <pemensik@redhat.com> - 2.79-28
- Correct possible crashes when server=/example.net/# is used (#2186481)
* Mon Apr 03 2023 Petr Menšík <pemensik@redhat.com> - 2.79-27
- Limit offered EDNS0 size to 1232 (CVE-2023-28450)
* Wed Feb 15 2023 Petr Menšík <pemensik@redhat.com> - 2.79-26
- Avoid DHCPv6 relayed replies with Client Link-Layer Address (#2169355)