SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for dnsmasq-utils-2.86-2.2.x86_64.rpm :

* Fri Sep 09 2022 Callum Farmer - Ensure the dnsmasq user\'s group is used- Remove nogroup requirement
* Wed Jun 08 2022 Callum Farmer - Move the dbus-1 system.d file to /usr (bsc#1200344)
* Tue Apr 05 2022 Reinhard Max - bsc#1197872, CVE-2022-0934, dnsmasq-CVE-2022-0934.patch: Heap use after free in dhcp6_no_relay
* Thu Nov 18 2021 Reinhard Max - bsc#1192529, dnsmasq-resolv-conf.patch: Fix a segfault when re-reading an empty resolv.conf- Remove \"nogroup\" membership from the dnsmasq user.
* Wed Oct 20 2021 Callum Farmer - Use systemd-sysusers from 15.3 onwards
* Thu Sep 23 2021 Reinhard Max - jsc#SLE-17936: Sync this state from Factory to SLE-15-SP1.- SLE bugs that got fixed upstream between 2.79 and 2.86, but for which we need to keep references when syncing:
* bsc#1176076: dnsmasq-servfail.patch
* bsc#1156543: dnsmasq-siocgstamp.patch
* bsc#1138743: dnsmasq-cache-size.patch
* bsc#1076958: CVE-2017-15107, dnsmasq-CVE-2017-15107.patch
* bsc#1180914: Open inotify socket only when used.
* removed dnsmasq-dnspooq.patch- bsc#1173646, CVE-2020-14312: Set --local-service by default.
* Fri Sep 17 2021 Reinhard Max - Update to 2.86:
* Handle DHCPREBIND requests in the DHCPv6 server code.
* Fix bug which caused dnsmasq to lose track of processes forked to handle TCP DNS connections under heavy load.
* Major rewrite of the DNS server and domain handling code. This should be largely transparent, but it drastically improves performance and reduces memory foot-print when configuring large numbers of domains.
* Revise resource handling for number of concurrent DNS queries.
* Improve efficiency of DNSSEC.
* Connection track mark based DNS query filtering.
* Allow smaller than 64 prefix lengths in synth-domain, with caveats. - -synth-domain=1234:4567::/56,example.com is now valid.
* Make domains generated by --synth-domain appear in replies when in authoritative mode.
* Ensure CAP_NET_ADMIN capability is available when conntrack is configured.
* When --dhcp-hostsfile --dhcp-optsfile and --addn-hosts are given a directory as argument, define the order in which files within that directory are read (alphabetical order of filename).
* Tue Sep 14 2021 Johannes Segitz - Added hardening to systemd service(s) (bsc#1181400).
* Sun Jun 13 2021 Callum Farmer - Add now working CONFIG parameter to sysusers generator
* Wed Jun 02 2021 Callum Farmer - Change to using systemd-sysusers on TW
* Mon Apr 19 2021 Reinhard Max - Update to 2.85:
* Fix problem with DNS retries in 2.83/2.84.
* Tweak sort order of tags in get-version.
* Avoid treating a --dhcp-host which has an IPv6 address as eligible for use with DHCPv4 on the grounds that it has no address, and vice-versa.
* Add --dynamic-host option: A and AAAA records which take their network part from the network of a local interface. Useful for routers with dynamically prefixes.
* Teach --bogus-nxdomain and --ignore-address to take an IPv4 subnet.
* CVE-2021-3448, bsc#1183709: Use random source ports where possible if source addresses/interfaces in use.
* Change the method of allocation of random source ports for DNS.
* Scale the size of the DNS random-port pool based on the value of the --dns-forward-max configuration.
* Tweak TFTP code to check sender of all received packets, as specified in RFC 1350 para 4.
* Mon Feb 08 2021 Dirk Müller - update to 2.84:
* Change HAVE_NETTLEHASH compile-time to HAVE_CRYPTOHASH
* Tidy initialisation in hash_questions.c
* Optimise sort_rrset for the case where the RR type
* Move fd into frec_src
* Wed Jan 27 2021 Callum Farmer - Fix building with lua54
* Tue Jan 19 2021 Reinhard Max - Update to 2.83:
* bsc#1177077: Fixed DNSpooq vulnerabilities
* Use the values of --min-port and --max-port in outgoing TCP connections to upstream DNS servers.
* Fix a remote buffer overflow problem in the DNSSEC code. Any dnsmasq with DNSSEC compiled in and enabled is vulnerable to this, referenced by CVE-2020-25681, CVE-2020-25682, CVE-2020-25683 CVE-2020-25687.
* Be sure to only accept UDP DNS query replies at the address from which the query was originated. This keeps as much entropy in the {query-ID, random-port} tuple as possible, to help defeat cache poisoning attacks. Refer: CVE-2020-25684.
* Use the SHA-256 hash function to verify that DNS answers received are for the questions originally asked. This replaces the slightly insecure SHA-1 (when compiled with DNSSEC) or the very insecure CRC32 (otherwise). Refer: CVE-2020-25685
* Handle multiple identical near simultaneous DNS queries better. Previously, such queries would all be forwarded independently. This is, in theory, inefficent but in practise not a problem, _except_ that is means that an answer for any of the forwarded queries will be accepted and cached. An attacker can send a query multiple times, and for each repeat, another {port, ID} becomes capable of accepting the answer he is sending in the blind, to random IDs and ports. The chance of a succesful attack is therefore multiplied by the number of repeats of the query. The new behaviour detects repeated queries and merely stores the clients sending repeats so that when the first query completes, the answer can be sent to all the clients who asked. Refer: CVE-2020-25686.
* Tue Jul 28 2020 Martin Rey - Update to 2.82:
* Improve behaviour in the face of network interfaces which come and go and change index.
* Convert hard startup failure on NETLINK_NO_ENOBUFS under qemu-user to a warning.
* Allow IPv6 addresses ofthe form [::ffff:1.2.3.4] in - -dhcp-option.
* Fix crash under heavy TCP connection load introduced in 2.81.
* Change default lease time for DHCPv6 to one day.
* Alter calculation of preferred and valid times in router advertisements, so that these do not have a floor applied of the lease time in the dhcp-range if this is not explicitly specified and is merely the default.- Reformat spec file with spec-cleaner
* Tue May 05 2020 Paolo Stivanin - Update to 2.81:
* Improve cache behaviour for TCP connections
* Remove the NO_FORK compile-time option, and support for uclinux
* Fix line-counting when reading /etc/hosts and friends
* Fix bug in DNS non-terminal code, added in 2.80, which could sometimes cause a NODATA rather than an NXDOMAIN reply.
* Support TCP-fastopen (RFC-7413) on both incoming and outgoing TCP connections, if supported and enabled in the OS.
* Improve kernel-capability manipulation code under Linux
* Add --shared-network config. This enables allocation of addresses by the DHCP server in subnets where the server (or relay) does not have an interface on the network in that subnet. Many thanks to kamp.de for sponsoring this feature.
* Fix broken contrib/lease_tools/dhcp_lease_time.c. A packet validation check got borked in commit 2b38e382 and release 2.80. Thanks to Tomasz Szajner for spotting this.
* Fix compilation against nettle version 3.5 and later.
* Fix spurious DNSSEC validation failures when the auth section of a reply contains unsigned RRs from a signed zone, with the exception that NSEC and NSEC3 RRs must always be signed. Thanks to Tore Anderson for spotting and diagnosing the bug.
* Add --dhcp-ignore-clid. This disables reading of DHCP client identifier option (option 61), so clients are only identified by MAC addresses.
* Fix a bug which stopped --dhcp-name-match from working when a hostname is supplied in --dhcp-host. Thanks to James Feeney for spotting this.
* Fix bug which caused very rarely caused zero-length DHCPv6 packets. Thanks to Dereck Higgins for spotting this.
* Add --tftp-single-port option.
* Enhance --conf-dir to load files in a deterministic order
* Add filtering by tag of --dhcp-host directives
* Remove DSA signature verification from DNSSEC, as specified in RFC 8624
* Add --script-on-renewal option.- Remove Fix-build-with-libnettle-3.5.patch- Remove 0001-fix-build-after-y2038-changes-in-glibc.patch- Remove dnsmasq-CVE-2019-14834.patch
* Sat Nov 30 2019 Dominique Leuenberger - Remove redundant %else without meaning (if/else/else/endif?)
* Wed Nov 13 2019 Reinhard Max - bsc#1154849, CVE-2019-14834, dnsmasq-CVE-2019-14834.patch: memory leak in the create_helper() function in /src/helper.c- bsc#1143454: Require user(tftp) instead of creating it ourselves.- Package contrib/lease-tools/dhcp_release6.- bsc#1152539: include config files from /etc/dnsmasq.d/
*.conf .
* Wed Sep 04 2019 Stefan Brüns - Add Fix-build-with-libnettle-3.5.patch
* Tue Jul 23 2019 matthias.gerstnerAATTsuse.com- removal of SuSEfirewall2 service, since SuSEfirewall2 has been replaced by firewalld, see [1]. [1]: https://lists.opensuse.org/opensuse-factory/2019-01/msg00490.html
* Wed Jul 10 2019 Jiri Slaby - add 0001-fix-build-after-y2038-changes-in-glibc.patch
* Tue Jun 11 2019 Dominique Leuenberger - BuildRequire pkgconfig(systemd) instead of systemd: allow OBS to shortcut the build queues by allowing usage of systemd-mini
* Fri Feb 22 2019 Franck Bui - Drop use of $FIRST_ARG in .spec The use of $FIRST_ARG was probably required because of the %service_
* rpm macros were playing tricks with the shell positional parameters. This is bad practice and error prones so let\'s assume that no macros should do that anymore and hence it\'s safe to assume that positional parameters remains unchanged after any rpm macro call.
* Wed Jan 23 2019 Cristian Rodríguez - libidn should not be used anymore, switch to libidn2
* Mon Oct 22 2018 Jan Engelhardt - Ensure neutrality of descriptions. / Replace description with new upstream description.- Do not hide failures from user/group additions.- Replace old $RPM_
* shell vars by macros.
* Sun Oct 21 2018 seanAATTsuspend.net- Updated to dnsmasq 2.80
* Add support for RFC 4039 DHCP rapid commit
* Alter the default for dnssec-check-unsigned
* Fix DHCP when --no-ping and --dhcp-sequential-ip are set
* Allow zone transfer in authoritative mode if auth-peer is specified
* FIx missing fatal errors with some malformed options
* Fix crash on startup with a --synth-domain which has no prefix
* Fri Oct 19 2018 cgollAATTsuse.com- enabled lua scripting interface (FATE#327143).
* Wed Aug 29 2018 dmuellerAATTsuse.com- add missing prereq on the group to be created (bsc#1106446)
* Mon Jul 16 2018 kukukAATTsuse.de- Don\'t require systemd explicit, fix spec file to handle both cases correct. In containers we don\'t have systemd.- Adjust pre/post install for transactional updates.- Use %license instead of %doc [bsc#1082318]
  
ICM