Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

dnsmasq-2.90-2.1 RPM for riscv64

From OpenSuSE Ports Tumbleweed for riscv64

Name: dnsmasq Distribution: openSUSE Tumbleweed
Version: 2.90 Vendor: openSUSE
Release: 2.1 Build date: Wed Feb 14 18:39:46 2024
Group: Productivity/Networking/DNS/Servers Build host: reproducible
Size: 1427723 Source RPM: dnsmasq-2.90-2.1.src.rpm
Packager: https://bugs.opensuse.org
Url: https://thekelleys.org.uk/dnsmasq/
Summary: DNS Forwarder and DHCP Server
 
Dnsmasq provides network infrastructure for small networks: DNS,
DHCP, router advertisement and network boot.

The DNS subsystem supprots forwarding of all query types, and caching
of common record types, DNSSEC included. The DHCP subsystem supports
DHCPv4, DHCPv6, BOOTP and PXE. RA can be used stand-alone or in
conjunction with DHCPv6.

Provides

Requires

License

GPL-2.0-only OR GPL-3.0-only

Changelog

* Wed Feb 14 2024 Reinhard Max <max@suse.com>
  - update to 2.90:
    * CVE-2023-50387, CVE-2023-50868, bsc#1219823, bsc#1219826:
      Denial Of Service while trying to validate specially crafted
      DNSSEC responses
    * CVE-2023-49441, bsc#1226091: integer overflow via forward_query
    * Fix reversion in --rev-server introduced in 2.88 which caused
      breakage if the prefix length is not exactly divisible by 8
      (IPv4) or 4 (IPv6).
    * Fix possible SEGV when there server(s) for a particular domain
      are configured, but no server which is not qualified for a
      particular domain.
    * Set the default maximum DNS UDP packet sice to 1232.
      Obsoletes: dnsmasq-CVE-2023-28450.patch
    * Add --no-dhcpv4-interface and --no-dhcpv6-interface for better
      control over which inetrfaces are providing DHCP service.
    * Fix issue with stale caching
    * Add configurable caching for arbitrary RR-types.
    * Add --filter-rr option, to filter arbitrary RR-types.
* Fri Oct 13 2023 Thorsten Kukuk <kukuk@suse.com>
  - SLP got dropped, remove config (bsc#1214884)
* Sat May 13 2023 Callum Farmer <gmbr3@opensuse.org>
  - Correct rundir from /var/run to /run for pid file
* Tue Apr 25 2023 Reinhard Max <max@suse.com>
  - bsc#1209358, CVE-2023-28450, dnsmasq-CVE-2023-28450.patch:
    default maximum EDNS.0 UDP packet size should be 1232
* Mon Feb 06 2023 Paolo Stivanin <info@paolostivanin.com>
  - update to 2.89:
    * Fix bug introduced in 2.88 (commit fe91134b) which can result
      in corruption of the DNS cache internal data structures and
      logging of "cache internal error". This has only been seen
      in one place in the wild, and it took considerable effort
      to even generate a test case to reproduce it, but there's
      no way to be sure it won't strike, and the effect is to break
      the cache badly. Installations with DNSSEC enabled are more
      likely to see the problem, but not running DNSSEC does not
      guarantee that it won't happen. Thanks to Timo van Roermund
      for reporting the bug and for his great efforts in chasing
      it down. (boo#1207174)
  - remove no longer needed rpmlintrc filters
* Fri Dec 23 2022 Dirk Müller <dmueller@suse.com>
  - update to 2.88:
    * Fix bug in --dynamic-host when an interface has /16 IPv4
    * address.
    * Add --fast-dns-retry option. This gives dnsmasq the ability
      to originate retries for upstream DNS queries itself, rather
      than relying on the downstream client. This is most useful
      when doing DNSSEC over unreliable upstream networks. It comes
      with some cost in memory usage and network bandwidth.
    * Add --use-stale-cache option. When set, if a DNS name exists
      in the cache, but its time-to-live has expired, dnsmasq will
      return the data anyway.
    * handle removal of whole files or entries within files.
* Wed Oct 26 2022 Dirk Müller <dmueller@suse.com>
  - update to 2.87 (bsc#1197872, CVE-2022-0934):
    * Allow arbitrary prefix lengths in --rev-server and
    - -domain=....,local
    * Replace --address=/#/..... functionality which got
      missed in the 2.86 domain search rewrite.
    * Add --nftset option, like --ipset but for the newer nftables.
    * Add --filter-A and --filter-AAAA options, to remove IPv4 or IPv6
      addresses from DNS answers.
    * Fix crash doing netbooting when --port is set to zero
      to disable the DNS server. Thanks to Drexl Johannes
      for the bug report.
    * Generalise --dhcp-relay. Sending via broadcast/multicast is
      now supported for both IPv4 and IPv6 and the configuration
      syntax made easier (but backwards compatible).
    * Add snooping of IPv6 prefix-delegations to the DHCP-relay system.
    * Finesse parsing of --dhcp-remoteid and --dhcp-subscrid. To be treated
      as hex, the pattern must consist of only hex digits AND contain
      at least one ':'. Thanks to Bengt-Erik Sandstrom who tripped
      over a pattern consisting of a decimal number which was interpreted
      surprisingly.
    * Include client address in TFTP file-not-found error reports.
      Thanks to Stefan Rink for the initial patch, which has been
      re-worked by me (srk). All bugs mine.
    * Note in manpage the change in behaviour of -address. This behaviour
      actually changed in v2.86, but was undocumented there. From 2.86 on,
      (eg) --address=/example.com/1.2.3.4 ONLY applies to A queries. All other
      types of query will be sent upstream. Pre 2.86, that would catch the
      whole example.com domain and queries for other types would get
      a local NODATA answer. The pre-2.86 behaviour is still available,
      by configuring --address=/example.com/1.2.3.4 --local=/example.com/
    * Fix problem with binding DHCP sockets to an individual interface.
      Despite the fact that the system call tales the interface _name_ as
      a parameter, it actually, binds the socket to interface _index_.
      Deleting the interface and creating a new one with the same name
      leaves the socket bound to the old index. (Creating new sockets
      always allocates a fresh index, they are not reused). We now
      take this behaviour into account and keep up with changing indexes.
    * Add --conf-script configuration option.
    * Enhance --domain to accept, for instance,
    - -domain=net2.thekelleys.org.uk,eth2 so that hosts get a domain
      which relects the interface they are attached to in a way which
      doesn't require hard-coding addresses. Thanks to Sten Spans for
      the idea.
    * Fix write-after-free error in DHCPv6 server code.
      CVE-2022-0934 refers.
    * Add the ability to specify destination port in
      DHCP-relay mode. This change also removes a previous bug
      where --dhcp-alternate-port would affect the port used
      to relay _to_ as well as the port being listened on.
      The new feature allows configuration to provide bug-for-bug
      compatibility, if required. Thanks to Damian Kaczkowski
      for the feature suggestion.
    * Bound the value of UDP packet size in the EDNS0 header of
      forwarded queries to the configured or default value of
      edns-packet-max. There's no point letting a client set a larger
      value if we're unable to return the answer. Thanks to Bertie
      Taylor for pointing out the problem and supplying the patch.
  - drop dnsmasq-CVE-2022-0934.patch, dnsmasq-resolv-conf.patch (upstream)
* Fri Sep 09 2022 Callum Farmer <gmbr3@opensuse.org>
  - Ensure the dnsmasq user's group is used
  - Remove nogroup requirement
* Wed Jun 08 2022 Callum Farmer <gmbr3@opensuse.org>
  - Move the dbus-1 system.d file to /usr (bsc#1200344)
* Tue Apr 05 2022 Reinhard Max <max@suse.com>
  - bsc#1197872, CVE-2022-0934, dnsmasq-CVE-2022-0934.patch:
    Heap use after free in dhcp6_no_relay
* Thu Nov 18 2021 Reinhard Max <max@suse.com>
  - bsc#1192529, dnsmasq-resolv-conf.patch:
    Fix a segfault when re-reading an empty resolv.conf
  - Remove "nogroup" membership from the dnsmasq user.
* Wed Oct 20 2021 Callum Farmer <gmbr3@opensuse.org>
  - Use systemd-sysusers from 15.3 onwards
* Thu Sep 23 2021 Reinhard Max <max@suse.com>
  - jsc#SLE-17936: Sync this state from Factory to SLE-15-SP1.
  - SLE bugs that got fixed upstream between 2.79 and 2.86, but for
    which we need to keep references when syncing:
    * bsc#1176076: dnsmasq-servfail.patch
    * bsc#1156543: dnsmasq-siocgstamp.patch
    * bsc#1138743: dnsmasq-cache-size.patch
    * bsc#1076958: CVE-2017-15107, dnsmasq-CVE-2017-15107.patch
    * bsc#1180914: Open inotify socket only when used.
    * removed dnsmasq-dnspooq.patch
  - bsc#1173646, CVE-2020-14312: Set --local-service by default.
* Fri Sep 17 2021 Reinhard Max <max@suse.com>
  - Update to 2.86:
    * Handle DHCPREBIND requests in the DHCPv6 server code.
    * Fix bug which caused dnsmasq to lose track of processes forked
      to handle TCP DNS connections under heavy load.
    * Major rewrite of the DNS server and domain handling code. This
      should be largely transparent, but it drastically improves
      performance and reduces memory foot-print when configuring
      large numbers of domains.
    * Revise resource handling for number of concurrent DNS queries.
    * Improve efficiency of DNSSEC.
    * Connection track mark based DNS query filtering.
    * Allow smaller than 64 prefix lengths in synth-domain, with
      caveats.
    - -synth-domain=1234:4567::/56,example.com is now valid.
    * Make domains generated by --synth-domain appear in replies
      when in authoritative mode.
    * Ensure CAP_NET_ADMIN capability is available when conntrack
      is configured.
    * When --dhcp-hostsfile --dhcp-optsfile and --addn-hosts are
      given a directory as argument, define the order in which files
      within that directory are read (alphabetical order of filename).
* Tue Sep 14 2021 Johannes Segitz <jsegitz@suse.com>
  - Added hardening to systemd service(s) (bsc#1181400).
* Sun Jun 13 2021 Callum Farmer <gmbr3@opensuse.org>
  - Add now working CONFIG parameter to sysusers generator
* Wed Jun 02 2021 Callum Farmer <gmbr3@opensuse.org>
  - Change to using systemd-sysusers on TW
* Mon Apr 19 2021 Reinhard Max <max@suse.com>
  - Update to 2.85:
    * Fix problem with DNS retries in 2.83/2.84.
    * Tweak sort order of tags in get-version.
    * Avoid treating a --dhcp-host which has an IPv6 address as
      eligible for use with DHCPv4 on the grounds that it has
      no address, and vice-versa.
    * Add --dynamic-host option: A and AAAA records which take their
      network part from the network of a local interface. Useful
      for routers with dynamically prefixes.
    * Teach --bogus-nxdomain and --ignore-address to take an IPv4
      subnet.
    * CVE-2021-3448, bsc#1183709: Use random source ports where
      possible if source addresses/interfaces in use.
    * Change the method of allocation of random source ports for DNS.
    * Scale the size of the DNS random-port pool based on the
      value of the --dns-forward-max configuration.
    * Tweak TFTP code to check sender of all received packets, as
      specified in RFC 1350 para 4.
* Mon Feb 08 2021 Dirk Müller <dmueller@suse.com>
  - update to 2.84:
    * Change HAVE_NETTLEHASH compile-time to HAVE_CRYPTOHASH
    * Tidy initialisation in hash_questions.c
    * Optimise sort_rrset for the case where the RR type
    * Move fd into frec_src
* Wed Jan 27 2021 Callum Farmer <gmbr3@opensuse.org>
  - Fix building with lua54
* Tue Jan 19 2021 Reinhard Max <max@suse.com>
  - Update to 2.83:
    * bsc#1177077: Fixed DNSpooq vulnerabilities
    * Use the values of --min-port and --max-port in outgoing
      TCP connections to upstream DNS servers.
    * Fix a remote buffer overflow problem in the DNSSEC code.
      Any dnsmasq with DNSSEC compiled in and enabled is vulnerable
      to this, referenced by CVE-2020-25681, CVE-2020-25682,
      CVE-2020-25683 CVE-2020-25687.
    * Be sure to only accept UDP DNS query replies at the address
      from which the query was originated. This keeps as much
      entropy in the {query-ID, random-port} tuple as possible, to
      help defeat cache poisoning attacks. Refer: CVE-2020-25684.
    * Use the SHA-256 hash function to verify that DNS answers
      received are for the questions originally asked. This replaces
      the slightly insecure SHA-1 (when compiled with DNSSEC) or
      the very insecure CRC32 (otherwise). Refer: CVE-2020-25685
    * Handle multiple identical near simultaneous DNS queries better.
      Previously, such queries would all be forwarded independently.
      This is, in theory, inefficent but in practise not a problem,
      _except_ that is means that an answer for any of the forwarded
      queries will be accepted and cached.
      An attacker can send a query multiple times, and for each
      repeat, another {port, ID} becomes capable of accepting the
      answer he is sending in the blind, to random IDs and ports.
      The chance of a succesful attack is therefore multiplied by the
      number of repeats of the query. The new behaviour detects
      repeated queries and merely stores the clients sending repeats
      so that when the first query completes, the answer can be sent
      to all the clients who asked. Refer: CVE-2020-25686.

Files

/etc/dnsmasq.conf
/etc/dnsmasq.d
/etc/dnsmasq.d/trust-anchors.conf
/usr/lib/systemd/system/dnsmasq.service
/usr/lib/sysusers.d/system-user-dnsmasq.conf
/usr/sbin/dnsmasq
/usr/sbin/rcdnsmasq
/usr/share/dbus-1/system.d/dnsmasq.conf
/usr/share/doc/packages/dnsmasq
/usr/share/doc/packages/dnsmasq/CHANGELOG
/usr/share/doc/packages/dnsmasq/FAQ
/usr/share/doc/packages/dnsmasq/contrib
/usr/share/doc/packages/dnsmasq/contrib/CPE-WAN
/usr/share/doc/packages/dnsmasq/contrib/CPE-WAN/README
/usr/share/doc/packages/dnsmasq/contrib/conntrack
/usr/share/doc/packages/dnsmasq/contrib/conntrack/README
/usr/share/doc/packages/dnsmasq/contrib/dbus-test
/usr/share/doc/packages/dnsmasq/contrib/dbus-test/dbus-test.py
/usr/share/doc/packages/dnsmasq/contrib/dns-loc
/usr/share/doc/packages/dnsmasq/contrib/dns-loc/README
/usr/share/doc/packages/dnsmasq/contrib/dns-loc/dnsmasq2-loc-rfc1876.patch
/usr/share/doc/packages/dnsmasq/contrib/dnslist
/usr/share/doc/packages/dnsmasq/contrib/dnslist/dhcp.css
/usr/share/doc/packages/dnsmasq/contrib/dnslist/dnslist.pl
/usr/share/doc/packages/dnsmasq/contrib/dnslist/dnslist.tt2
/usr/share/doc/packages/dnsmasq/contrib/dynamic-dnsmasq
/usr/share/doc/packages/dnsmasq/contrib/dynamic-dnsmasq/dynamic-dnsmasq.pl
/usr/share/doc/packages/dnsmasq/contrib/lease-access
/usr/share/doc/packages/dnsmasq/contrib/lease-access/README
/usr/share/doc/packages/dnsmasq/contrib/lease-access/lease.access.patch
/usr/share/doc/packages/dnsmasq/contrib/lease-tools
/usr/share/doc/packages/dnsmasq/contrib/lease-tools/Makefile
/usr/share/doc/packages/dnsmasq/contrib/lease-tools/dhcp_lease_time.1
/usr/share/doc/packages/dnsmasq/contrib/lease-tools/dhcp_lease_time.c
/usr/share/doc/packages/dnsmasq/contrib/lease-tools/dhcp_release.1
/usr/share/doc/packages/dnsmasq/contrib/lease-tools/dhcp_release.c
/usr/share/doc/packages/dnsmasq/contrib/lease-tools/dhcp_release6.1
/usr/share/doc/packages/dnsmasq/contrib/lease-tools/dhcp_release6.c
/usr/share/doc/packages/dnsmasq/contrib/mactable
/usr/share/doc/packages/dnsmasq/contrib/mactable/macscript
/usr/share/doc/packages/dnsmasq/contrib/openvpn
/usr/share/doc/packages/dnsmasq/contrib/openvpn/README
/usr/share/doc/packages/dnsmasq/contrib/openvpn/dhclient-enter-hooks
/usr/share/doc/packages/dnsmasq/contrib/openvpn/dnsmasq.patch
/usr/share/doc/packages/dnsmasq/contrib/port-forward
/usr/share/doc/packages/dnsmasq/contrib/port-forward/dnsmasq-portforward
/usr/share/doc/packages/dnsmasq/contrib/port-forward/portforward
/usr/share/doc/packages/dnsmasq/contrib/reverse-dns
/usr/share/doc/packages/dnsmasq/contrib/reverse-dns/README
/usr/share/doc/packages/dnsmasq/contrib/reverse-dns/reverse_replace.sh
/usr/share/doc/packages/dnsmasq/contrib/static-arp
/usr/share/doc/packages/dnsmasq/contrib/static-arp/static-arp
/usr/share/doc/packages/dnsmasq/contrib/systemd
/usr/share/doc/packages/dnsmasq/contrib/systemd/README
/usr/share/doc/packages/dnsmasq/contrib/systemd/dbus_activation
/usr/share/doc/packages/dnsmasq/contrib/systemd/dnsmasq.service
/usr/share/doc/packages/dnsmasq/contrib/try-all-ns
/usr/share/doc/packages/dnsmasq/contrib/try-all-ns/README
/usr/share/doc/packages/dnsmasq/contrib/try-all-ns/README-2.47
/usr/share/doc/packages/dnsmasq/contrib/try-all-ns/README-2.78
/usr/share/doc/packages/dnsmasq/contrib/try-all-ns/dnsmasq-2.35-try-all-ns.patch
/usr/share/doc/packages/dnsmasq/contrib/try-all-ns/dnsmasq-2.47_no_nxdomain_until_end.patch
/usr/share/doc/packages/dnsmasq/contrib/try-all-ns/dnsmasq-2.68-try-all-ns
/usr/share/doc/packages/dnsmasq/contrib/try-all-ns/dnsmasq-2.78xx-try-all-ns.patch
/usr/share/doc/packages/dnsmasq/contrib/webmin
/usr/share/doc/packages/dnsmasq/contrib/webmin/README
/usr/share/doc/packages/dnsmasq/contrib/webmin/dnsmasq.wbm
/usr/share/doc/packages/dnsmasq/contrib/wrt
/usr/share/doc/packages/dnsmasq/contrib/wrt/README
/usr/share/doc/packages/dnsmasq/contrib/wrt/lease_update.sh
/usr/share/doc/packages/dnsmasq/dbus
/usr/share/doc/packages/dnsmasq/dbus/DBus-interface
/usr/share/doc/packages/dnsmasq/dbus/dnsmasq.conf
/usr/share/doc/packages/dnsmasq/dnsmasq.conf.example
/usr/share/doc/packages/dnsmasq/doc.html
/usr/share/doc/packages/dnsmasq/setup.html
/usr/share/licenses/dnsmasq
/usr/share/licenses/dnsmasq/COPYING
/usr/share/licenses/dnsmasq/COPYING-v3
/usr/share/locale/de/LC_MESSAGES/dnsmasq.mo
/usr/share/locale/es/LC_MESSAGES/dnsmasq.mo
/usr/share/locale/fi/LC_MESSAGES/dnsmasq.mo
/usr/share/locale/fr/LC_MESSAGES/dnsmasq.mo
/usr/share/locale/id/LC_MESSAGES/dnsmasq.mo
/usr/share/locale/it/LC_MESSAGES/dnsmasq.mo
/usr/share/locale/ka/LC_MESSAGES/dnsmasq.mo
/usr/share/locale/nb/LC_MESSAGES/dnsmasq.mo
/usr/share/locale/pl/LC_MESSAGES/dnsmasq.mo
/usr/share/locale/pt_BR/LC_MESSAGES/dnsmasq.mo
/usr/share/locale/ro/LC_MESSAGES/dnsmasq.mo
/usr/share/man/es/man8/dnsmasq.8.gz
/usr/share/man/fr/man8/dnsmasq.8.gz
/usr/share/man/man8/dnsmasq.8.gz

Generated by rpm2html 1.8.1

Fabrice Bellet, Wed Nov 13 00:41:02 2024