Overview Repositories Revisions Requests Users Attributes Meta

Revisions of dnsmasq

buildservice-autocommit accepted request 864301 from Reinhard Max's avatar Reinhard Max (rmax) (revision 127) 
baserev update by copy to link target
Reinhard Max's avatar Reinhard Max (rmax) committed (revision 126) 
- Update to 2.83:
  * bsc#1177077: Fixed DNSpooq vulnerabilities
  * Use the values of --min-port and --max-port in outgoing
    TCP connections to upstream DNS servers.
  * Fix a remote buffer overflow problem in the DNSSEC code.
    Any dnsmasq with DNSSEC compiled in and enabled is vulnerable
    to this, referenced by CVE-2020-25681, CVE-2020-25682,
    CVE-2020-25683 CVE-2020-25687.
  * Be sure to only accept UDP DNS query replies at the address
    from which the query was originated. This keeps as much
    entropy in the {query-ID, random-port} tuple as possible, to
    help defeat cache poisoning attacks. Refer: CVE-2020-25684.
  * Use the SHA-256 hash function to verify that DNS answers
    received are for the questions originally asked. This replaces
    the slightly insecure SHA-1 (when compiled with DNSSEC) or
    the very insecure CRC32 (otherwise). Refer: CVE-2020-25685
  * Handle multiple identical near simultaneous DNS queries better.
    Previously, such queries would all be forwarded independently.
    This is, in theory, inefficent but in practise not a problem,
    _except_ that is means that an answer for any of the forwarded
    queries will be accepted and cached.
    An attacker can send a query multiple times, and for each
    repeat, another {port, ID} becomes capable of accepting the
    answer he is sending in the blind, to random IDs and ports.
    The chance of a succesful attack is therefore multiplied by the
    number of repeats of the query. The new behaviour detects
    repeated queries and merely stores the clients sending repeats
    so that when the first query completes, the answer can be sent
    to all the clients who asked. Refer: CVE-2020-25686.
buildservice-autocommit accepted request 823748 from Reinhard Max's avatar Reinhard Max (rmax) (revision 125) 
baserev update by copy to link target
Reinhard Max's avatar Reinhard Max (rmax) accepted request 823079 from Martin Rey's avatar Martin Rey (mrey) (revision 124) 
- Update to 2.82:
  * Improve behaviour in the face of network interfaces which come
    and go and change index.
  * Convert hard startup failure on NETLINK_NO_ENOBUFS under
    qemu-user to a warning.
  * Allow IPv6 addresses ofthe form [::ffff:1.2.3.4] in
    --dhcp-option.
  * Fix crash under heavy TCP connection load introduced in 2.81.
  * Change default lease time for DHCPv6 to one day.
  * Alter calculation of preferred and valid times in router
    advertisements, so that these do not have a floor applied of
    the lease time in the dhcp-range if this is not explicitly
    specified and is merely the default.
- Reformat spec file with spec-cleaner
buildservice-autocommit accepted request 807964 from Dirk Mueller's avatar Dirk Mueller (dirkmueller) (revision 123) 
baserev update by copy to link target
Dirk Mueller's avatar Dirk Mueller (dirkmueller) accepted request 800348 from Paolo Stivanin's avatar Paolo Stivanin (polslinux) (revision 122) 
- Update to 2.81:
  *	Improve cache behaviour for TCP connections
  *	Remove the NO_FORK compile-time option, and support for uclinux
  *	Fix line-counting when reading /etc/hosts and friends
  *	Fix bug in DNS non-terminal code, added in 2.80, which could
	sometimes cause a NODATA rather than an NXDOMAIN reply.
  *	Support TCP-fastopen (RFC-7413) on both incoming and
	outgoing TCP connections, if supported and enabled in the OS.
  *	Improve kernel-capability manipulation code under Linux
  *	Add --shared-network config. This enables allocation of addresses
	by the DHCP server in subnets where the server (or relay) does not
	have an interface on the network in that subnet. Many thanks to
	kamp.de for sponsoring this feature.
  *	Fix broken contrib/lease_tools/dhcp_lease_time.c. A packet
	validation check got borked in commit 2b38e382 and release 2.80.
	Thanks to Tomasz Szajner for spotting this.
  *	Fix compilation against nettle version 3.5 and later.
  *	Fix spurious DNSSEC validation failures when the auth section
	of a reply contains unsigned RRs from a signed zone,
	with the exception that NSEC and NSEC3 RRs must always be signed.
        Thanks to Tore Anderson for spotting and diagnosing the bug.
  *	Add --dhcp-ignore-clid. This disables reading of DHCP client
	identifier option (option 61), so clients are only identified by
	MAC addresses.
  *	Fix a bug which stopped --dhcp-name-match from working when a hostname
	is supplied in --dhcp-host. Thanks to James Feeney for spotting this.
  *	Fix bug which caused very rarely caused zero-length DHCPv6 packets.
	Thanks to Dereck Higgins for spotting this.
  *	Add --tftp-single-port option.
  *	Enhance --conf-dir to load files in a deterministic order
  * Add filtering by tag of --dhcp-host directives
  * Remove DSA signature verification from DNSSEC, as specified in
	RFC 8624
  *	Add --script-on-renewal option.
- Remove Fix-build-with-libnettle-3.5.patch
- Remove 0001-fix-build-after-y2038-changes-in-glibc.patch
- Remove dnsmasq-CVE-2019-14834.patch
buildservice-autocommit accepted request 752812 from Tomáš Chvátal's avatar Tomáš Chvátal (scarabeus_iv) (revision 121) 
baserev update by copy to link target
Tomáš Chvátal's avatar Tomáš Chvátal (scarabeus_iv) accepted request 752568 from Dominique Leuenberger's avatar Dominique Leuenberger (dimstar) (revision 120) 
- Remove redundant %else without meaning (if/else/else/endif?)


Fixes build with rpm 4.15,
see https://build.opensuse.org/package/live_build_log/openSUSE:Factory:Staging:N/dnsmasq/standard/x86_64
buildservice-autocommit accepted request 748378 from Reinhard Max's avatar Reinhard Max (rmax) (revision 119) 
baserev update by copy to link target
Reinhard Max's avatar Reinhard Max (rmax) committed (revision 118)
Reinhard Max's avatar Reinhard Max (rmax) committed (revision 117)
Reinhard Max's avatar Reinhard Max (rmax) committed (revision 116)
buildservice-autocommit accepted request 728482 from Dirk Mueller's avatar Dirk Mueller (dirkmueller) (revision 115) 
baserev update by copy to link target
Dirk Mueller's avatar Dirk Mueller (dirkmueller) accepted request 728337 from Stefan Brüns's avatar Stefan Brüns (StefanBruens) (revision 114) 
Fix build with libnettle 3.5, unbreak Staging:L
buildservice-autocommit accepted request 718597 from Dirk Mueller's avatar Dirk Mueller (dirkmueller) (revision 113) 
baserev update by copy to link target
Dirk Mueller's avatar Dirk Mueller (dirkmueller) accepted request 717919 from Matthias Gerstner's avatar Matthias Gerstner (mgerstner) (revision 112) 
- removal of SuSEfirewall2 service, since SuSEfirewall2 has been replaced by
  firewalld, see [1].
  [1]: https://lists.opensuse.org/opensuse-factory/2019-01/msg00490.html
buildservice-autocommit accepted request 714386 from Tomáš Chvátal's avatar Tomáš Chvátal (scarabeus_iv) (revision 111) 
baserev update by copy to link target
Tomáš Chvátal's avatar Tomáš Chvátal (scarabeus_iv) accepted request 714370 from Jiri Slaby's avatar Jiri Slaby (jirislaby) (revision 110) 
- add 0001-fix-build-after-y2038-changes-in-glibc.patch
buildservice-autocommit accepted request 709322 from Tomáš Chvátal's avatar Tomáš Chvátal (scarabeus_iv) (revision 109) 
baserev update by copy to link target
Tomáš Chvátal's avatar Tomáš Chvátal (scarabeus_iv) accepted request 709153 from Dominique Leuenberger's avatar Dominique Leuenberger (dimstar) (revision 108) 
Allow OBS to pick better candidates to shorten rebuild queues
Displaying revisions 41 - 60 of 167
openSUSE Build Service is sponsored by
Places