Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package dnsmasq for openSUSE:Factory checked in at 2022-11-08 10:53:18 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/dnsmasq (Old) and /work/SRC/openSUSE:Factory/.dnsmasq.new.1597 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "dnsmasq" Tue Nov 8 10:53:18 2022 rev:89 rq:1034136 version:2.87 Changes: -------- --- /work/SRC/openSUSE:Factory/dnsmasq/dnsmasq.changes 2022-09-20 19:23:04.854387522 +0200 +++ /work/SRC/openSUSE:Factory/.dnsmasq.new.1597/dnsmasq.changes 2022-11-08 10:53:23.089396810 +0100 @@ -1,0 +2,62 @@ +Wed Oct 26 09:21:37 UTC 2022 - Dirk M??ller <[email protected]> + +- update to 2.87 (bsc#1197872, CVE-2022-0934): + * Allow arbitrary prefix lengths in --rev-server and + --domain=....,local + * Replace --address=/#/..... functionality which got + missed in the 2.86 domain search rewrite. + * Add --nftset option, like --ipset but for the newer nftables. + * Add --filter-A and --filter-AAAA options, to remove IPv4 or IPv6 + addresses from DNS answers. + * Fix crash doing netbooting when --port is set to zero + to disable the DNS server. Thanks to Drexl Johannes + for the bug report. + * Generalise --dhcp-relay. Sending via broadcast/multicast is + now supported for both IPv4 and IPv6 and the configuration + syntax made easier (but backwards compatible). + * Add snooping of IPv6 prefix-delegations to the DHCP-relay system. + * Finesse parsing of --dhcp-remoteid and --dhcp-subscrid. To be treated + as hex, the pattern must consist of only hex digits AND contain + at least one ':'. Thanks to Bengt-Erik Sandstrom who tripped + over a pattern consisting of a decimal number which was interpreted + surprisingly. + * Include client address in TFTP file-not-found error reports. + Thanks to Stefan Rink for the initial patch, which has been + re-worked by me (srk). All bugs mine. + * Note in manpage the change in behaviour of -address. This behaviour + actually changed in v2.86, but was undocumented there. From 2.86 on, + (eg) --address=/example.com/1.2.3.4 ONLY applies to A queries. All other + types of query will be sent upstream. Pre 2.86, that would catch the + whole example.com domain and queries for other types would get + a local NODATA answer. The pre-2.86 behaviour is still available, + by configuring --address=/example.com/1.2.3.4 --local=/example.com/ + * Fix problem with binding DHCP sockets to an individual interface. + Despite the fact that the system call tales the interface _name_ as + a parameter, it actually, binds the socket to interface _index_. + Deleting the interface and creating a new one with the same name + leaves the socket bound to the old index. (Creating new sockets + always allocates a fresh index, they are not reused). We now + take this behaviour into account and keep up with changing indexes. + * Add --conf-script configuration option. + * Enhance --domain to accept, for instance, + --domain=net2.thekelleys.org.uk,eth2 so that hosts get a domain + which relects the interface they are attached to in a way which + doesn't require hard-coding addresses. Thanks to Sten Spans for + the idea. + * Fix write-after-free error in DHCPv6 server code. + CVE-2022-0934 refers. + * Add the ability to specify destination port in + DHCP-relay mode. This change also removes a previous bug + where --dhcp-alternate-port would affect the port used + to relay _to_ as well as the port being listened on. + The new feature allows configuration to provide bug-for-bug + compatibility, if required. Thanks to Damian Kaczkowski + for the feature suggestion. + * Bound the value of UDP packet size in the EDNS0 header of + forwarded queries to the configured or default value of + edns-packet-max. There's no point letting a client set a larger + value if we're unable to return the answer. Thanks to Bertie + Taylor for pointing out the problem and supplying the patch. +- drop dnsmasq-CVE-2022-0934.patch, dnsmasq-resolv-conf.patch (upstream) + +------------------------------------------------------------------- Old: ---- dnsmasq-2.86.tar.xz dnsmasq-2.86.tar.xz.asc dnsmasq-CVE-2022-0934.patch dnsmasq-resolv-conf.patch New: ---- dnsmasq-2.87.tar.xz dnsmasq-2.87.tar.xz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ dnsmasq.spec ++++++ --- /var/tmp/diff_new_pack.t3on6U/_old 2022-11-08 10:53:23.769400857 +0100 +++ /var/tmp/diff_new_pack.t3on6U/_new 2022-11-08 10:53:23.773400880 +0100 @@ -22,7 +22,7 @@ %bcond_with tftp_user_package %endif Name: dnsmasq -Version: 2.86 +Version: 2.87 Release: 0 Summary: DNS Forwarder and DHCP Server License: GPL-2.0-only OR GPL-3.0-only @@ -37,8 +37,6 @@ Source6: system-user-dnsmasq.conf Source8: %{name}-rpmlintrc Patch0: dnsmasq-groups.patch -Patch1: dnsmasq-resolv-conf.patch -Patch2: dnsmasq-CVE-2022-0934.patch BuildRequires: dbus-1-devel BuildRequires: dos2unix BuildRequires: libidn2-devel @@ -76,8 +74,6 @@ %prep %setup -q %patch0 -%patch1 -%patch2 # Remove the executable bit from python example files to # avoid unwanted automatic dependencies ++++++ dnsmasq-2.86.tar.xz -> dnsmasq-2.87.tar.xz ++++++ ++++ 8955 lines of diff (skipped)
