dnsmasq/dnsmasq.spec
Tomas Korbar f76916a4d7 Fix CVE 2023-50387 and CVE 2023-50868
Resolves: RHEL-25667
Resolves: RHEL-25629
2024-03-18 11:25:04 +01:00

796 lines
31 KiB
RPMSpec

%define testrelease 0
%define releasecandidate 0
%if 0%{testrelease}
%define extrapath test-releases/
%define extraversion test%{testrelease}
%endif
%if 0%{releasecandidate}
%define extrapath release-candidates/
%define extraversion rc%{releasecandidate}
%endif
%define _hardened_build 1
Name: dnsmasq
Version: 2.79
Release: 33%{?extraversion:.%{extraversion}}%{?dist}
Summary: A lightweight DHCP/caching DNS server
License: GPLv2 or GPLv3
URL: http://www.thekelleys.org.uk/dnsmasq/
Source0: http://www.thekelleys.org.uk/dnsmasq/%{?extrapath}%{name}-%{version}%{?extraversion}.tar.xz
Source1: %{name}.service
Source2: dnsmasq-systemd-sysusers.conf
# https://bugzilla.redhat.com/show_bug.cgi?id=1495409
Patch1: dnsmasq-2.77-underflow.patch
Patch3: dnsmasq-2.78-fips.patch
Patch4: dnsmasq-2.80-dnssec.patch
Patch5: dnsmasq-2.79-rh1602477.patch
# Few changes not yet in upstream
Patch6: dnsmasq-2.79-rh1602477-2.patch
# commit 60ac10d8d86e6f95ab0f06abe6c42596adcedcb8
Patch7: dnsmasq-2.76-rh1752569.patch
# Report failure when no release would be sent
Patch8: dnsmasq-2.79-rh1749092-fail.patch
Patch9: dnsmasq-2.76-rh1728698-1.patch
Patch10: dnsmasq-2.79-rh1728698-2.patch
Patch11: dnsmasq-2.76-rh1728698-3.patch
Patch12: dnsmasq-2.79-rh1728698-4.patch
Patch13: dnsmasq-2.79-rh1746411.patch
Patch14: dnsmasq-2.79-rh1700916.patch
Patch15: dnsmasq-2.80-rh1795370.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1779187
# http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=97f876b64c22b2b18412e2e3d8506ee33e42db7c
Patch16: dnsmasq-2.80-unaligned-addresses-in-DHCPv6-packet.patch
# http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=f064188032a829efdcf3988b24ac795ff52785ec
# http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=137286e9baecf6a3ba97722ef1b49c851b531810
# http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=79aba0f10ad0157fb4f48afbbcb03f094caff97a
Patch17: dnsmasq-2.81-prefix-ranges-or-list-of-ipv6-addresses.patch
# http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=52ec7836139e7a11374971905e5ac0d2d02e32c0
Patch18: dnsmasq-2.81-tag-filtering-of-dhcp-host-directives.patch
Patch19: dnsmasq-2.81-correct-range-check-of-dhcp-host-prefix.patch
Patch20: dnsmasq-2.81-optimize-fds-close.patch
Patch21: dnsmasq-2.81-rh1829448.patch
Patch22: dnsmasq-2.79-CVE-2020-25681.patch
Patch23: dnsmasq-2.79-CVE-2020-25684.patch
Patch24: dnsmasq-2.79-CVE-2020-25685.patch
Patch25: dnsmasq-2.79-CVE-2020-25686.patch
Patch26: dnsmasq-2.79-CVE-2020-25686-2.patch
# http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=3f535da79e7a42104543ef5c7b5fa2bed819a78b
# http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=04490bf622ac84891aad6f2dd2edf83725decdee
Patch27: dnsmasq-2.79-mixed-family-failed.patch
# http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=b2ed691eb3ca6488a8878f5f3dd950a07b14a9db
Patch28: dnsmasq-2.81-netlink-table.patch
Patch29: dnsmasq-2.84-bind-dynamic-netlink.patch
# http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=74d4fcd756a85bc1823232ea74334f7ccfb9d5d2
Patch30: dnsmasq-2.85-CVE-2021-3448.patch
# http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=03212e533b1e07aba30d2f4112009dc3af867ea5
Patch31: dnsmasq-2.80-man-nameing.patch
Patch32: dnsmasq-2.79-alternative-lease.patch
Patch33: dnsmasq-2.86-dhcpv6-client-arch.patch
# Downstream only patch; https://bugzilla.redhat.com/show_bug.cgi?id=1919894
# Similar functionality is implemented since 2.86 in upstream, but introduced
# several regressions. This implements just limited change in different way.
Patch34: dnsmasq-2.79-server-domain-rh1919894.patch
# http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=03345ecefeb0d82e3c3a4c28f27c3554f0611b39
Patch35: dnsmasq-2.87-CVE-2022-0934.patch
# http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=dded78b2338147daf69064d6d48c16b12744e441
Patch36: dnsmasq-2.81-option6-ntp-server-suboption.patch
# https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;h=3052ce208acf602f0163166dcefb7330d537cedb
Patch37: dnsmasq-2.81-linux-SIOCGSTAMP.patch
# Downstream only patch; fixes Patch34 change
Patch38: dnsmasq-2.79-server-domain-fixup.patch
# https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;h=f8c77edbdffb8ada7753ea9fa104f0f6da70cfe3
Patch39: dnsmasq-2.81-dhcpv6-relay-link-address.patch
# https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;h=eb92fb32b746f2104b0f370b5b295bb8dd4bd5e5
Patch40: dnsmasq-2.89-edns0-size.patch
# Downstream only patch; https://bugzilla.redhat.com/show_bug.cgi?id=2186481
# Fixes issue in Patch4
Patch41: dnsmasq-2.85-serv_domain-rh2186481.patch
# Downstream only patch; https://bugzilla.redhat.com/show_bug.cgi?id=2186481
# complements patch10
Patch42: dnsmasq-2.85-serv_domain-rh2186481-2.patch
# http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=1f8f78a49b8fd6b2862a3882053b1c6e6e111e5c
Patch43: dnsmasq-2.87-log-root-writeable.patch
# Downstream only patch; https://bugzilla.redhat.com/show_bug.cgi?id=2209031
# complements patch42
Patch44: dnsmasq-2.85-domain-blocklist-speedup.patch
# http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=dd33e98da09c487a58b6cb6693b8628c0b234a3b
Patch45: dnsmasq-2.80-synth-domain-RHEL-15216.patch
# https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=214a046f47b9f7dd56f5eef3a8678ccbd6e973b7
Patch46: dnsmasq-2.90-CVE-2023-50387-CVE-2023-50868.patch
# This is workaround to nettle bug #1549190
# https://bugzilla.redhat.com/show_bug.cgi?id=1549190
Requires: nettle >= 3.4
BuildRequires: dbus-devel
BuildRequires: pkgconfig
BuildRequires: libidn2-devel
BuildRequires: nettle-devel
Buildrequires: gcc
BuildRequires: systemd
%{?systemd_requires}
%description
Dnsmasq is lightweight, easy to configure DNS forwarder and DHCP server.
It is designed to provide DNS and, optionally, DHCP, to a small network.
It can serve the names of local machines which are not in the global
DNS. The DHCP server integrates with the DNS server and allows machines
with DHCP-allocated addresses to appear in the DNS with names configured
either in each host or in a central configuration file. Dnsmasq supports
static and dynamic DHCP leases and BOOTP for network booting of diskless
machines.
%package utils
Summary: Utilities for manipulating DHCP server leases
%description utils
Utilities that use the standard DHCP protocol to query/remove a DHCP
server's leases.
%prep
%setup -q -n %{name}-%{version}%{?extraversion}
%patch1 -p1 -b .underflow
%patch3 -p1 -b .fips
%patch4 -p1 -b .dnssec
%patch5 -p1 -b .rh1602477
%patch6 -p1 -b .rh1602477-2
%patch7 -p1 -b .rh1752569
%patch8 -p1 -b .rh1752569
%patch9 -p1 -b .rh1728698-1
%patch10 -p1 -b .rh1728698-2
%patch11 -p1 -b .rh1728698-3
%patch12 -p1 -b .rh1728698-4
%patch13 -p1 -b .rh1746411
%patch14 -p1 -b .rh1700916
%patch15 -p1 -b .rh1795370
%patch16 -p1 -b .rh1779187-1
%patch17 -p1 -b .rh1779187-2
%patch18 -p1 -b .rh1779187-3
%patch19 -p1 -b .rh1779187-4
%patch20 -p1 -b .rh1816613
%patch21 -p1 -b .rh1829448
%patch22 -p1 -b .CVE-2020-25681
%patch23 -p1 -b .CVE-2020-25684
%patch24 -p1 -b .CVE-2020-25685
%patch25 -p1 -b .CVE-2020-25686
%patch26 -p1 -b .CVE-2020-25686-2
%patch27 -p1 -b .rh1921153
%patch28 -p1 -b .rh1887649-table
%patch29 -p1 -b .rh1887649
%patch30 -p1 -b .CVE-2021-3448
%patch31 -p1 -b .rh1947039
%patch32 -p1 -b .rh1998448
%patch33 -p1 -b .dhcpv6-client-arch
%patch34 -p1 -b .rh1919894
%patch35 -p1 -b .CVE-2022-0934
%patch36 -p1 -b .rh2049691
%patch37 -p1 -b .SIOCGSTAMP
%patch38 -p1 -b .rh2120357
%patch39 -p1 -b .rh2169355
%patch40 -p1 -b .CVE-2023-28450
%patch41 -p1 -b .rh2186481
%patch42 -p1 -b .rh2186481-2
%patch43 -p1 -b .rh2156789
%patch44 -p1 -b .rh2209031
%patch45 -p1 -b .RHEL-15216
%patch46 -p1 -b .CVE-2023-50387-CVE-2023-50868
# use /var/lib/dnsmasq instead of /var/lib/misc
for file in dnsmasq.conf.example man/dnsmasq.8 man/es/dnsmasq.8 src/config.h; do
sed -i 's|/var/lib/misc/dnsmasq.leases|/var/lib/dnsmasq/dnsmasq.leases|g' "$file"
done
# fix the path to the trust anchor
sed -i 's|%%%%PREFIX%%%%|%{_prefix}|' dnsmasq.conf.example
#set dnsmasq user / group
sed -i 's|#user=|user=dnsmasq|' dnsmasq.conf.example
sed -i 's|#group=|group=dnsmasq|' dnsmasq.conf.example
#set default user /group in src/config.h
sed -i 's|#define CHUSER "nobody"|#define CHUSER "dnsmasq"|' src/config.h
sed -i 's|#define CHGRP "dip"|#define CHGRP "dnsmasq"|' src/config.h
# optional parts
sed -i 's|^COPTS[[:space:]]*=|\0 -DHAVE_DBUS -DHAVE_LIBIDN2 -DHAVE_DNSSEC|' Makefile
#enable /etc/dnsmasq.d fix bz 526703, ignore RPM backup files
cat << EOF >> dnsmasq.conf.example
# Include all files in /etc/dnsmasq.d except RPM backup files
conf-dir=/etc/dnsmasq.d,.rpmnew,.rpmsave,.rpmorig
EOF
%build
%make_build CFLAGS="$RPM_OPT_FLAGS" LDFLAGS="$RPM_LD_FLAGS"
%make_build -C contrib/lease-tools CFLAGS="$RPM_OPT_FLAGS" LDFLAGS="$RPM_LD_FLAGS"
%install
# normally i'd do 'make install'...it's a bit messy, though
mkdir -p $RPM_BUILD_ROOT%{_sbindir} \
$RPM_BUILD_ROOT%{_mandir}/man8 \
$RPM_BUILD_ROOT%{_var}/lib/dnsmasq \
$RPM_BUILD_ROOT%{_sysconfdir}/dnsmasq.d \
$RPM_BUILD_ROOT%{_sysconfdir}/dbus-1/system.d
install src/dnsmasq $RPM_BUILD_ROOT%{_sbindir}/dnsmasq
install dnsmasq.conf.example $RPM_BUILD_ROOT%{_sysconfdir}/dnsmasq.conf
install dbus/dnsmasq.conf $RPM_BUILD_ROOT%{_sysconfdir}/dbus-1/system.d/
install -m 644 man/dnsmasq.8 $RPM_BUILD_ROOT%{_mandir}/man8/
install -D trust-anchors.conf $RPM_BUILD_ROOT%{_datadir}/%{name}/trust-anchors.conf
# utils sub package
mkdir -p $RPM_BUILD_ROOT%{_bindir} \
$RPM_BUILD_ROOT%{_mandir}/man1
install -m 755 contrib/lease-tools/dhcp_release $RPM_BUILD_ROOT%{_bindir}/dhcp_release
install -m 644 contrib/lease-tools/dhcp_release.1 $RPM_BUILD_ROOT%{_mandir}/man1/dhcp_release.1
install -m 755 contrib/lease-tools/dhcp_release6 $RPM_BUILD_ROOT%{_bindir}/dhcp_release6
install -m 644 contrib/lease-tools/dhcp_release6.1 $RPM_BUILD_ROOT%{_mandir}/man1/dhcp_release6.1
install -m 755 contrib/lease-tools/dhcp_lease_time $RPM_BUILD_ROOT%{_bindir}/dhcp_lease_time
install -m 644 contrib/lease-tools/dhcp_lease_time.1 $RPM_BUILD_ROOT%{_mandir}/man1/dhcp_lease_time.1
# Systemd
mkdir -p %{buildroot}%{_unitdir}
install -m644 %{SOURCE1} %{buildroot}%{_unitdir}
rm -rf %{buildroot}%{_initrddir}
#install systemd sysuser file
install -Dpm 644 %{SOURCE2} %{buildroot}%{_sysusersdir}/dnsmasq.conf
%pre
#precreate users so that rpm can install files owned by that user
%sysusers_create_package %{name} %{SOURCE2}
%post
#https://fedoraproject.org/wiki/Changes/SystemdSysusers
%systemd_post dnsmasq.service
%preun
%systemd_preun dnsmasq.service
%postun
%systemd_postun_with_restart dnsmasq.service
%files
%doc CHANGELOG FAQ doc.html setup.html dbus/DBus-interface
%license COPYING COPYING-v3
%defattr(0644,root,dnsmasq,0755)
%config(noreplace) %{_sysconfdir}/dnsmasq.conf
%dir %{_sysconfdir}/dnsmasq.d
%dir %{_var}/lib/dnsmasq
%defattr(-,root,root,-)
%config(noreplace) %{_sysconfdir}/dbus-1/system.d/dnsmasq.conf
%{_unitdir}/%{name}.service
%{_sbindir}/dnsmasq
%{_mandir}/man8/dnsmasq*
%dir %{_datadir}/%{name}
%{_datadir}/%{name}/trust-anchors.conf
%{_sysusersdir}/dnsmasq.conf
%files utils
%license COPYING COPYING-v3
%{_bindir}/dhcp_*
%{_mandir}/man1/dhcp_*
%changelog
* Mon Mar 18 2024 Tomas Korbar <tkorbar@redhat.com> - 2.79-33
- Fix CVE 2023-50387 and CVE 2023-50868
- Resolves: RHEL-25667
- Resolves: RHEL-25629
* Wed Nov 01 2023 Petr Menšík <pemensik@redhat.com> - 2.79-32
- Do not crash on invalid domain in --synth-domain option (RHEL-15216)
* Wed Jun 14 2023 Petr Menšík <pemensik@redhat.com> - 2.79-31
- Do not create and search --local and --address=/x/# domains (#2233542)
* Wed Jun 14 2023 Petr Menšík <pemensik@redhat.com> - 2.79-30
- Make create logfile writeable by root (#2156789)
* Wed May 10 2023 Petr Menšík <pemensik@redhat.com> - 2.79-29
- Fix also dynamically set resolvers over dbus (#2186481)
* Fri Apr 21 2023 Petr Menšík <pemensik@redhat.com> - 2.79-28
- Correct possible crashes when server=/example.net/# is used (#2186481)
* Mon Apr 03 2023 Petr Menšík <pemensik@redhat.com> - 2.79-27
- Limit offered EDNS0 size to 1232 (CVE-2023-28450)
* Wed Feb 15 2023 Petr Menšík <pemensik@redhat.com> - 2.79-26
- Avoid DHCPv6 relayed replies with Client Link-Layer Address (#2169355)
* Thu Jan 26 2023 Petr Menšík <pemensik@redhat.com> - 2.79-25
- Use upstream change for CVE-2022-0934 (#2164859)
* Mon Aug 22 2022 Petr Menšík <pemensik@redhat.com> - 2.79-24
- Prevent endless loop in forward_query (#2120357)
* Thu May 12 2022 Petr Menšík <pemensik@redhat.com> - 2.79-23
- Add IPv6 ntp-server suboptions support (#2049691)
* Fri Mar 25 2022 Petr Menšík <pemensik@redhat.com> - 2.79-22
- Prevent use after free in dhcp6_no_relay (CVE-2022-0934)
* Thu Jan 27 2022 Petr Menšík <pemensik@redhat.com> - 2.79-21
- Send queries only to best domain-specific server (#1919894)
* Mon Sep 20 2021 Petr Menšík <pemensik@redhat.com> - 2.79-20
- Offer alternate DHCPv6 address if requested is already leased (#1998448)
* Tue Jun 29 2021 Petr Menšík <pemensik@redhat.com> - 2.79-19
- Correct typo in man page (#1947039)
* Thu Mar 18 2021 Petr Menšík <pemensik@redhat.com> - 2.79-18
- Properly randomize outgoing ports also with bound interface (CVE-2021-3448)
* Fri Feb 12 2021 Petr Menšík <pemensik@redhat.com> - 2.79-17
- Fix sporadic bind-dynamic failures (#1887649)
* Wed Jan 27 2021 Petr Menšík <pemensik@redhat.com> - 2.79-16
- Fix network errors on queries both from ipv4 and ipv6 (#1921153)
* Wed Nov 25 2020 Petr Menšík <pemensik@redhat.com> - 2.79-15
- Fix various issues in dnssec validation (CVE-2020-25681)
- Accept responses only on correct sockets (CVE-2020-25684)
- Use strong verification on queries (CVE-2020-25685)
* Wed Aug 26 2020 Tomas Korbar <tkorbar@redhat.com> - 2.79-14
- Honor sysusers.d during installation (#1819684)
* Tue May 05 2020 Petr Menšík <pemensik@redhat.com> - 2.79-13
- Fix mixed address family reservations on DHCP (#1829448)
* Mon Mar 30 2020 Tomas Korbar <tkorbar@redhat.com> - 2.79-12
- Minimize count of close syscalls on startup (#1816613)
* Mon Mar 02 2020 Petr Menšík <pemensik@redhat.com> - 2.79-11
- Support multiple static leases for single mac on IPv6 (#1779187)
* Mon Feb 17 2020 Tomas Korbar <tkorbar@redhat.com> - 2.79-10
- Fix memory leak in helper.c (#1795370)
* Tue Dec 10 2019 Tomas Korbar <tkorbar@redhat.com> - 2.79-9
- Fix replies to non-recursive queries (#1700916)
* Mon Dec 09 2019 Tomas Korbar <tkorbar@redhat.com> - 2.79-8
- Fix dhcp_lease_time (#1746411)
* Mon Dec 09 2019 Tomas Korbar <tkorbar@redhat.com> - 2.79-7
- Fix TCP queries after interface recreation (#1728698)
* Mon Sep 30 2019 Petr Menšík <pemensik@redhat.com> - 2.79-6
- Send dhcp_release even for addresses not on local network (#1749092)
* Thu Jul 18 2019 Petr Menšík <pemensik@redhat.com> - 2.79-5
- Fix Coverity detected issues (#1602477)
* Thu Jul 26 2018 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 2.79-4
- Fix %%pre scriptlet (#1548050)
* Mon Jul 02 2018 Petr Menšík <pemensik@redhat.com> - 2.79-3
- Make dnsmasq leases writeable by root again (#1554390)
* Mon Jul 02 2018 Petr Menšík <pemensik@redhat.com> - 2.79-2
- Fix passing of dnssec enabled queries (#1597309)
* Thu Mar 15 2018 Petr Menšík <pemensik@redhat.com> - 2.79-1
- Rebase to 2.79
- Stop using nettle_hashes directly, use access function (#1548060)
- Do not break on cname with spaces (#1498667)
- Require nettle 3.4+
- Do not own sysusers.d directory, already depends on systemd providing it
* Fri Mar 02 2018 Petr Menšík <pemensik@redhat.com> - 2.78-7
- Emit warning with dnssec enabled on FIPS system (#1549507)
* Sun Feb 25 2018 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 2.78-6
- Create user before installing files (#1548050)
* Fri Feb 23 2018 Petr Menšík <pemensik@redhat.com> - 2.78-5
- Create user first and then restart service
* Thu Feb 22 2018 Itamar Reis Peixoto <itamar@ispbrasil.com.br> - 2.78-4
- add gcc into buildrequires
- deliver an extra sysusers.d file to create dnsmasq user/group
- set CHUSER and CHGRP to dnsmasq in src/config.h
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.78-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Mon Jan 22 2018 Petr Menšík <pemensik@redhat.com> - 2.78-2
- DNSSEC fix for wildcard NSEC records (CVE-2017-15107)
* Tue Oct 03 2017 Petr Menšík <pemensik@redhat.com> - 2.78-1
- Rebase to 2.78
* Tue Oct 03 2017 Petr Menšík <pemensik@redhat.com> - 2.77-9
- More patches related to CVE-2017-14491
* Mon Oct 02 2017 Petr Menšík <pemensik@redhat.com> - 2.77-8
- Security fix, CVE-2017-14491, DNS heap buffer overflow
- Security fix, CVE-2017-14492, DHCPv6 RA heap overflow
- Security fix, CVE-2017-14493, DHCPv6 - Stack buffer overflow
- Security fix, CVE-2017-14494, Infoleak handling DHCPv6
- Security fix, CVE-2017-14496, Integer underflow in DNS response creation
- Security fix, CVE-2017-14495, OOM in DNS response creation
- Misc code cleanups arising from Google analysis
- Do not include stdio.h before dnsmasq.h
* Thu Sep 14 2017 Petr Menšík <pemensik@redhat.com> - 2.77-7
- Fix CVE-2017-13704
* Mon Aug 14 2017 Petr Menšík <pemensik@redhat.com> - 2.77-6
- Own the /usr/share/dnsmasq dir (#1480856)
* Wed Aug 02 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.77-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.77-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Wed Jun 07 2017 Petr Menšík <pemensik@redhat.com> - 2.77-3
- Update to 2.77
* Fri May 12 2017 Petr Menšík <pemensik@redhat.com> - 2.77-2.rc2
- Fix dhcp
* Thu May 11 2017 Petr Menšík <pemensik@redhat.com> - 2.77-1
- Update to 2.77rc2
* Thu May 11 2017 Petr Menšík <pemensik@redhat.com>
- Include dhcp_release6 tool and license in utils
- Support for IDN 2008 (#1449150)
* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.76-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
* Wed Oct 19 2016 Pavel Šimerda <psimerda@redhat.com> - 2.76-2
- Resolves: #1373485 - dns not updated after sleep and resume laptop
* Fri Jul 15 2016 Pavel Šimerda <psimerda@redhat.com> - 2.76-1
- New version 2.76
* Wed Feb 03 2016 Fedora Release Engineering <releng@fedoraproject.org> - 2.75-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
* Mon Jan 25 2016 Tomas Hozza <thozza@redhat.com> - 2.75-3
- Fixed minor bug in dnsmasq.conf (#1295143)
* Fri Oct 02 2015 Pavel Šimerda <psimerda@redhat.com> - 2.75-2
- Resolves: #1239256 - install trust-anchors.conf
* Wed Aug 05 2015 Pavel Šimerda <psimerda@redhat.com> - 2.75-1
- new version 2.75
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.72-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
* Mon Oct 06 2014 Nils Philippsen <nils@redhat.com> - 2.72-3
- don't include /etc/dnsmasq.d in triplicate, ignore RPM backup files instead
- package is dual-licensed GPL v2 or v3
- drop %%triggerun, we're not supposed to automatically migrate from SysV to
systemd anyway
* Mon Oct 06 2014 Tomas Hozza <thozza@redhat.com> - 2.72-2
- Fix typo in default configuration (#1149459)
* Thu Sep 25 2014 Tomas Hozza <thozza@redhat.com> - 2.72-1
- Update to 2.72 stable
* Sat Aug 16 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.71-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.71-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Tue May 20 2014 Tomas Hozza <thozza@redhat.com> - 2.71-1
- Update to 2.71 stable
* Fri Apr 25 2014 Tomas Hozza <thozza@redhat.com> - 2.70-1
- Update to 2.70 stable
* Fri Apr 11 2014 Tomas Hozza <thozza@redhat.com> - 2.69-1
- Update to 2.69 stable
* Mon Mar 24 2014 Tomas Hozza <thozza@redhat.com> - 2.69-0.1.rc1
- Update to 2.69rc1
- enable DNSSEC implementation
* Mon Dec 09 2013 Tomas Hozza <thozza@redhat.com> - 2.68-1
- Update to 2.68 stable
* Tue Nov 26 2013 Tomas Hozza <thozza@redhat.com> - 2.68-0.1.rc3
- Update to 2.68rc3
* Fri Nov 01 2013 Tomas Hozza <thozza@redhat.com> - 2.67-1
- Update to 2.67 stable
- Include one post release upstream fix for CNAME
* Fri Oct 18 2013 Tomas Hozza <thozza@redhat.com> - 2.67-0.9.rc4
- update to 2.67rc4
* Wed Oct 02 2013 Tomas Hozza <thozza@redhat.com> - 2.67-0.8.rc2
- update to 2.67rc2
* Thu Sep 12 2013 Tomas Hozza <thozza@redhat.com> - 2.67-0.7.test13
- update to 2.67test13
- use .tar.xz upstream archives
* Thu Aug 15 2013 Tomas Hozza <thozza@redhat.com> - 2.67-0.6.test7
- Use SO_REUSEPORT and SO_REUSEADDR if possible for DHCPv4/6 (#981973)
* Mon Aug 12 2013 Tomas Hozza <thozza@redhat.com> - 2.67-0.5.test7
- Don't use SO_REUSEPORT on DHCPv4 socket to prevent conflicts with ISC DHCP (#981973)
* Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.67-0.4.test7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Tue Jun 11 2013 Tomas Hozza <thozza@redhat.com> - 2.67-0.3.test7
- update to 2.67test7
- drop merged patch
- use _hardened_build macro instead of hardcoded flags
* Fri May 17 2013 Tomas Hozza <thozza@redhat.com> - 2.67-0.2.test4
- Fix failure to start with ENOTSOCK (#962874)
* Wed May 15 2013 Tomas Hozza <thozza@redhat.com> - 2.67-0.1.test4
- update to the latest testing release 2.67test4 (#962246)
- drop mergerd patches
* Tue Apr 30 2013 Tomas Hozza <thozza@redhat.com> - 2.66-5
- dnsmasq unit file cleanup
- drop forking Type and PIDfile and rather start dnsmasq with "-k" option
- drop After syslog.target as this is by default
* Thu Apr 25 2013 Tomas Hozza <thozza@redhat.com> - 2.66-4
- include several fixes from upstream repo:
- Send TCP DNS messages in one packet
- Fix crash on SERVFAIL when using --conntrack option
- Fix regression in dhcp_lease_time utility
- Man page typos fixes
- Note that dhcp_lease_time and dhcp_release work only for IPv4
- Fix for --dhcp-match option to work also with BOOTP protocol
* Sat Apr 20 2013 Tomas Hozza <thozza@redhat.com> - 2.66-3
- Use Full RELRO when linking the daemon
- compile the daemon with PIE
- include two fixes from upstream git repo
* Thu Apr 18 2013 Tomas Hozza <thozza@redhat.com> - 2.66-2
- New stable version dnsmasq-2.66
- Drop of merged patch
* Fri Apr 12 2013 Tomas Hozza <thozza@redhat.com> - 2.66-1.rc5
- Update to latest dnsmasq-2.66rc5
- Include fix for segfault when lease limit is reached
* Fri Mar 22 2013 Tomas Hozza <thozza@redhat.com> - 2.66-1.rc1
- Update to latest dnsmasq-2.66rc1
- Dropping unneeded patches
- Enable IDN support
* Fri Mar 15 2013 Tomas Hozza <thozza@redhat.com> - 2.65-5
- Allocate dhcp_buff-ers also if daemon->ra_contexts to prevent SIGSEGV (#920300)
* Thu Jan 31 2013 Tomas Hozza <thozza@redhat.com> - 2.65-4
- Handle locally-routed DNS Queries (#904940)
* Thu Jan 24 2013 Tomas Hozza <thozza@redhat.com> - 2.65-3
- build dnsmasq with $RPM_OPT_FLAGS, $RPM_LD_FLAGS explicitly (#903362)
* Tue Jan 22 2013 Tomas Hozza <thozza@redhat.com> - 2.65-2
- Fix for CVE-2013-0198 (checking of TCP connection interfaces) (#901555)
* Sat Dec 15 2012 Tomas Hozza <thozza@redhat.com> - 2.65-1
- new version 2.65
* Wed Dec 05 2012 Tomas Hozza <thozza@redhat.com> - 2.64-1
- New version 2.64
- Merged patches dropped
* Tue Nov 20 2012 Tomas Hozza <thozza@redhat.com> - 2.63-4
- Remove EnvironmentFile from service file (#878343)
* Mon Nov 19 2012 Tomas Hozza <thozza@redhat.com> - 2.63-3
- dhcp6 support fixes (#867054)
- removed "-s $HOSTNAME" from .service file (#753656, #822797)
* Tue Oct 23 2012 Tomas Hozza <thozza@redhat.com> - 2.63-2
- Introduce new systemd-rpm macros in dnsmasq spec file (#850096)
* Thu Aug 23 2012 Douglas Schilling Landgraf <dougsland@redhat.com> - 2.63-1
- Use .tar.gz compression, in upstream site there is no .lzma anymore
- New version 2.63
* Sat Feb 11 2012 Pádraig Brady <P@draigBrady.com> - 2.59-5
- Compile DHCP lease management utils with RPM_OPT_FLAGS
* Thu Feb 9 2012 Pádraig Brady <P@draigBrady.com> - 2.59-4
- Include DHCP lease management utils in a subpackage
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.59-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
* Fri Aug 26 2011 Douglas Schilling Landgraf <dougsland@redhat.com> - 2.59-2
- do not enable service by default
* Fri Aug 26 2011 Douglas Schilling Landgraf <dougsland@redhat.com> - 2.59-1
- New version 2.59
- Fix regression in 2.58 (IPv6 issue) - bz 744814
* Fri Aug 26 2011 Douglas Schilling Landgraf <dougsland@redhat.com> - 2.58-1
- Fixed License
- New version 2.58
* Mon Aug 08 2011 Patrick "Jima" Laughton <jima@fedoraproject.org> - 2.52-5
- Include systemd unit file
* Mon Aug 08 2011 Patrick "Jima" Laughton <jima@fedoraproject.org> - 2.52-3
- Applied Jóhann's patch, minor cleanup
* Tue Jul 26 2011 Jóhann B. Guðmundsson <johannbg@gmail.com> - 2.52-3
- Introduce systemd unit file, drop SysV support
* Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.52-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Tue Jan 26 2010 Itamar Reis Peixoto <itamar@ispbrasil.com.br> - 2.52-1
- New Version 2.52
- fix condrestart() in initscript bz 547605
- fix sed to enable DBUS(the '*' need some escaping) bz 553161
* Sun Nov 22 2009 Itamar Reis Peixoto <itamar@ispbrasil.com.br> - 2.51-2
- fix bz 512664
* Sat Oct 17 2009 Itamar Reis Peixoto <itamar@ispbrasil.com.br> - 2.51-1
- move initscript from patch to a plain text file
- drop (dnsmasq-configuration.patch) and use sed instead
- enable /etc/dnsmasq.d fix bz 526703
- change requires to package name instead of file
- new version 2.51
* Mon Oct 5 2009 Mark McLoughlin <markmc@redhat.com> - 2.48-4
- Fix multiple TFTP server vulnerabilities (CVE-2009-2957, CVE-2009-2958)
* Wed Aug 12 2009 Ville Skyttä <ville.skytta@iki.fi> - 2.48-3
- Use lzma compressed upstream tarball.
* Fri Jul 24 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.48-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
* Wed Jun 10 2009 Patrick "Jima" Laughton <jima@beer.tclug.org> 2.48-1
- Bugfix/feature enhancement update
- Fixing BZ#494094
* Fri May 29 2009 Patrick "Jima" Laughton <jima@beer.tclug.org> 2.47-1
- Bugfix/feature enhancement update
* Tue Feb 24 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.46-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
* Mon Dec 29 2008 Matěj Cepl <mcepl@redhat.com> - 2.45-2
- rebuilt
* Mon Jul 21 2008 Patrick "Jima" Laughton <jima@beer.tclug.org> 2.45-1
- Upstream release (bugfixes)
* Wed Jul 16 2008 Patrick "Jima" Laughton <jima@beer.tclug.org> 2.43-2
- New upstream release, contains fixes for CVE-2008-1447/CERT VU#800113
- Dropped patch for newer glibc (merged upstream)
* Wed Feb 13 2008 Patrick "Jima" Laughton <jima@beer.tclug.org> 2.41-0.8
- Added upstream-authored patch for newer glibc (thanks Simon!)
* Wed Feb 13 2008 Patrick "Jima" Laughton <jima@beer.tclug.org> 2.41-0.7
- New upstream release
* Wed Jan 30 2008 Patrick "Jima" Laughton <jima@beer.tclug.org> 2.41-0.6.rc1
- Release candidate
- Happy Birthday Isaac!
* Wed Jan 23 2008 Patrick "Jima" Laughton <jima@beer.tclug.org> 2.41-0.5.test30
- Bugfix update
* Mon Dec 31 2007 Patrick "Jima" Laughton <jima@beer.tclug.org> 2.41-0.4.test26
- Bugfix/feature enhancement update
* Thu Dec 13 2007 Patrick "Jima" Laughton <jima@beer.tclug.org> 2.41-0.3.test24
- Upstream fix for fairly serious regression
* Tue Dec 04 2007 Patrick "Jima" Laughton <jima@beer.tclug.org> 2.41-0.2.test20
- New upstream test release
- Moving dnsmasq.leases to /var/lib/dnsmasq/ as per BZ#407901
- Ignoring dangerous-command-in-%%post rpmlint warning (as per above fix)
- Patch consolidation/cleanup
- Removed conditionals for Fedora <= 3 and Aurora 2.0
* Tue Sep 18 2007 Patrick "Jima" Laughton <jima@beer.tclug.org> 2.40-1
- Finalized upstream release
- Removing URLs from patch lines (CVS is the authoritative source)
- Added more magic to make spinning rc/test packages more seamless
* Sun Aug 26 2007 Patrick "Jima" Laughton <jima@beer.tclug.org> 2.40-0.1.rc2
- New upstream release candidate (feature-frozen), thanks Simon!
- License clarification
* Tue May 29 2007 Patrick "Jima" Laughton <jima@beer.tclug.org> 2.39-1
- New upstream version (bugfixes, enhancements)
* Mon Feb 12 2007 Patrick "Jima" Laughton <jima@beer.tclug.org> 2.38-1
- New upstream version with bugfix for potential hang
* Tue Feb 06 2007 Patrick "Jima" Laughton <jima@beer.tclug.org> 2.37-1
- New upstream version
* Wed Jan 24 2007 Patrick "Jima" Laughton <jima@beer.tclug.org> 2.36-1
- New upstream version
* Mon Nov 06 2006 Patrick "Jima" Laughton <jima@beer.tclug.org> 2.35-2
- Stop creating /etc/sysconfig on %%install
- Create /etc/dnsmasq.d on %%install
* Mon Nov 06 2006 Patrick "Jima" Laughton <jima@beer.tclug.org> 2.35-1
- Update to 2.35
- Removed UPGRADING_to_2.0 from %%doc as per upstream change
- Enabled conf-dir in default config as per RFE BZ#214220 (thanks Chris!)
- Added %%dir /etc/dnsmasq.d to %%files as per above RFE
* Tue Oct 24 2006 Patrick "Jima" Laughton <jima@beer.tclug.org> 2.34-2
- Fixed BZ#212005
- Moved %%postun scriptlet to %%post, where it made more sense
- Render scriptlets safer
- Minor cleanup for consistency
* Thu Oct 19 2006 Patrick "Jima" Laughton <jima@beer.tclug.org> 2.34-1
- Hardcoded version in patches, as I'm getting tired of updating them
- Update to 2.34
* Mon Aug 28 2006 Patrick "Jima" Laughton <jima@beer.tclug.org> 2.33-2
- Rebuild for FC6
* Tue Aug 15 2006 Patrick "Jima" Laughton <jima@beer.tclug.org> 2.33-1
- Update
* Sat Jul 22 2006 Patrick "Jima" Laughton <jima@beer.tclug.org> 2.32-3
- Added pkgconfig BuildReq due to reduced buildroot
* Thu Jul 20 2006 Patrick "Jima" Laughton <jima@beer.tclug.org> 2.32-2
- Forced update due to dbus version bump
* Mon Jun 12 2006 Patrick "Jima" Laughton <jima@beer.tclug.org> 2.32-1
- Update from upstream
- Patch from Dennis Gilmore fixed the conditionals to detect Aurora Linux
* Mon May 8 2006 Patrick "Jima" Laughton <jima@auroralinux.org> 2.31-1
- Removed dbus config patch (now provided upstream)
- Patched in init script (no longer provided upstream)
- Added DBus-interface to docs
* Tue May 2 2006 Patrick "Jima" Laughton <jima@auroralinux.org> 2.30-4.2
- More upstream-recommended cleanups :)
- Killed sysconfig file (provides unneeded functionality)
- Tweaked init script a little more
* Tue May 2 2006 Patrick "Jima" Laughton <jima@auroralinux.org> 2.30-4
- Moved options out of init script and into /etc/sysconfig/dnsmasq
- Disabled DHCP_LEASE in sysconfig file, fixing bug #190379
- Simon Kelley provided dbus/dnsmasq.conf, soon to be part of the tarball
* Thu Apr 27 2006 Patrick "Jima" Laughton <jima@auroralinux.org> 2.30-3
- Un-enabled HAVE_ISC_READER, a hack to enable a deprecated feature (request)
- Split initscript & enable-dbus patches, conditionalized dbus for FC3
- Tweaked name field in changelog entries (trying to be consistent)
* Mon Apr 24 2006 Patrick "Jima" Laughton <jima@auroralinux.org> 2.30-2
- Disabled stripping of binary while installing (oops)
- Enabled HAVE_ISC_READER/HAVE_DBUS via patch
- Added BuildReq for dbus-devel
* Mon Apr 24 2006 Patrick "Jima" Laughton <jima@auroralinux.org> 2.30-1
- Initial Fedora Extras RPM