Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package dnsmasq for openSUSE:Factory checked
in at 2025-05-27 18:49:14
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/dnsmasq (Old)
and /work/SRC/openSUSE:Factory/.dnsmasq.new.2732 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "dnsmasq"
Tue May 27 18:49:14 2025 rev:101 rq:1279749 version:2.91
Changes:
--------
--- /work/SRC/openSUSE:Factory/dnsmasq/dnsmasq.changes 2025-01-23
18:02:39.925329854 +0100
+++ /work/SRC/openSUSE:Factory/.dnsmasq.new.2732/dnsmasq.changes
2025-05-27 18:49:22.710707885 +0200
@@ -1,0 +2,71 @@
+Sun May 18 03:21:42 UTC 2025 - Gerald Chen <gerald_c...@foxmail.com>
+
+- update to 2.91:
+ * Fix spurious "resource limit exceeded messages".
+ * Fix out-of-bounds heap read in order_qsort().
+ * Fix buffer overflow when configured lease-change script name
+ is too long.
+ * Improve behaviour in the face of non-responsive upstream TCP DNS
+ servers. Without shorter timeouts, clients are blocked for too long
+ and fail with their own timeouts.
+ * Set --fast-dns-retries by default when doing DNSSEC. A single
+ downstream query can trigger many upstream queries. On an
+ unreliable network, there may not be enough downstream retries
+ to ensure that all these queries complete.
+ * Improve behaviour in the face of truncated answers to queries
+ for DNSSEC records. Getting these answers by TCP doesn't now
+ involve a faked truncated answer to the downstream client to
+ force it to move to TCP. This improves performance and robustness
+ in the face of broken clients which can't fall back to TCP.
+ * No longer remove data from truncated upstream answers. If an
+ upstream replies with a truncated answer, but the answer has some
+ RRs included, return those RRs, rather than returning and
+ empty answer.
+ * Fix handling of EDNS0 UDP packet sizes.
+ * Modify the behaviour of --synth-domain for IPv6.
+ * Fix broken dhcp-relay on *BSD.
+ * Add --dhcp-option-pxe config. This acts almost exactly like
+ --dhcp-option except that the defined option is only sent when
+ replying to PXE clients. More importantly, these options are sent
+ in reply PXE clients when dnsmasq in acting in PXE proxy mode. In
+ PXE proxy mode, the set of options sent is defined by the PXE standard
+ and the normal set of options is not sent. This config allows arbitrary
+ options in PXE-proxy replies. A typical use-case is to send option
+ 175 to iPXE.
+ * Support PXE proxy-DHCP and DHCP-relay at the same time.
+ * Fix erroneous "DNSSEC validated" state with non-DNSSEC
+ upstream servers.
+ * Handle queries with EDNS client subnet fields better. If dnsmasq
+ is configured to add an EDNS client subnet to a query, it is careful
+ to suppress use of the cache, since a cached answer may not be valid
+ for a query with a different client subnet. Extend this behaviour
+ to queries which arrive a dnsmasq already carrying an EDNS client
+ subnet.
+ * Handle DS queries to auth zones. When dnsmasq is configured to
+ act as an authoritative server and has an authoritative zone
+ configured, and receives a query for that zone _as_forwarder_
+ it answers the query directly rather than forwarding it. This
+ doesn't affect the answer, but it saves dnsmasq forwarding the
+ query to the recursor upstream, which then bounces it back to dnsmasq
+ in auth mode. The exception should be when the query is for the root
+ of zone, for a DS RR. The answer to that has to come from the parent,
+ via the recursor, and will typically be a proof-of-non-existence
+ since dnsmasq doesn't support signed zones. This patch suppresses
+ local answers and forces forwarding to the upstream recursor for such
+ queries. It stops breakage when a DNSSEC validating client makes
+ queries to dnsmasq acting as forwarder for a zone for which it is
+ authoritative.
+ * Implement "DNS-0x20 encoding", for extra protection against
+ reply-spoof attacks. Since DNS queries are case-insensitive,
+ it's possible to randomly flip the case of letters in a query
+ and still get the correct answer back.
+ * Fix a long-standing problem when two queries which are identical
+ in every repect _except_ case, get combined by dnsmasq. If
+ dnsmasq gets eg, two queries for example.com and Example.com
+ in quick succession it will get the answer for example.com from
+ upstream and send that answer to both requestors. This means that
+ the query for Example.com will get an answer for example.com, and
+ in the modern DNS, that answer may not be accepted.
+
+
+-------------------------------------------------------------------
Old:
----
dnsmasq-2.90.tar.xz
dnsmasq-2.90.tar.xz.asc
New:
----
dnsmasq-2.91.tar.xz
dnsmasq-2.91.tar.xz.asc
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ dnsmasq.spec ++++++
--- /var/tmp/diff_new_pack.XL3VI8/_old 2025-05-27 18:49:24.854798199 +0200
+++ /var/tmp/diff_new_pack.XL3VI8/_new 2025-05-27 18:49:24.890799715 +0200
@@ -27,7 +27,7 @@
%define dnsmasq_group nogroup
%endif
Name: dnsmasq
-Version: 2.90
+Version: 2.91
Release: 0
Summary: DNS Forwarder and DHCP Server
License: GPL-2.0-only OR GPL-3.0-only
@@ -133,7 +133,7 @@
%make_build AWK=gawk all-i18n CFLAGS="$CFLAGS" LDFLAGS="$LDFLAGS"
COPTS=%{_copts}
# Make sure that compile time options don't change unnoticed
./src/dnsmasq --version |
-grep -q "Compile time options: IPv6 GNU-getopt DBus no-UBus i18n IDN2 DHCP
DHCPv6 Lua TFTP conntrack ipset %{!?with_nftset:no-}nftset auth cryptohash
DNSSEC loop-detect inotify dumpfile"
+grep -q "Compile time options: IPv6 GNU-getopt DBus no-UBus i18n IDN2 DHCP
DHCPv6 Lua TFTP conntrack ipset %{!?with_nftset:no-}nftset auth DNSSEC
loop-detect inotify dumpfile"
%if %{with tftp_user_package}
%sysusers_generate_pre %{SOURCE6} dnsmasq system-user-dnsmasq.conf
%endif
++++++ dnsmasq-2.90.tar.xz -> dnsmasq-2.91.tar.xz ++++++
++++ 8850 lines of diff (skipped)
++++++ dnsmasq-groups.patch ++++++
--- /var/tmp/diff_new_pack.XL3VI8/_old 2025-05-27 18:49:26.138852286 +0200
+++ /var/tmp/diff_new_pack.XL3VI8/_new 2025-05-27 18:49:26.166853465 +0200
@@ -1,6 +1,6 @@
--- src/dnsmasq.c.orig
+++ src/dnsmasq.c
-@@ -728,11 +728,10 @@ int main (int argc, char **argv)
+@@ -734,11 +734,10 @@ int main (int argc, char **argv)
if (!option_bool(OPT_DEBUG) && getuid() == 0)
{
int bad_capabilities = 0;
