dnsmasq-2.78-lp150.2.3.1<>, ܉[sA/=„237Z9 0;Oďf;N.cw,)Q_gQEY^ =-շִSgO` JYx5~lf)9i9Jg O.wݜwܒ)@TzYݿwK=,e,+x K"AD`2+] vu^v⮯3fKuC'qBYMTC>F?d   X\`hl  aHa  a a Pa +a ,a-a/a1j1a33D36w(686=97=:;==>?@FG aHaIaXY\a]Xa^,b[cdefluav4waxay zhx|Cdnsmasq2.78lp150.2.3.1Lightweight, Easy-to-Configure DNS Forwarder and DHCP ServerDnsmasq is a lightweight, easy-to-configure DNS forwarder and DHCP server. It is designed to provide DNS and, optionally, DHCP, to a small network. It can serve the names of local machines that are not in the global DNS. The DHCP server integrates with the DNS server and allows machines with DHCP-allocated addresses to appear in DNS with names configured either in each host or in a central configuration file. Dnsmasq supports static and dynamic DHCP leases and BOOTP for network booting of diskless machines.[sAbuild84openSUSE Leap 15.0openSUSEGPL-2.0-only OR GPL-3.0-onlyhttp://bugs.opensuse.orgProductivity/Networking/DNS/Servershttp://www.thekelleys.org.uk/dnsmasq/linuxx86_64if ! /usr/bin/getent group tftp >/dev/null; then /usr/sbin/groupadd -r tftp 2>/dev/null || : fi if ! /usr/bin/getent passwd tftp >/dev/null; then /usr/sbin/useradd -c "TFTP account" -d /srv/tftpboot -G tftp -g tftp \ -r -s /bin/false tftp 2>/dev/null || : fi if ! /usr/bin/getent passwd dnsmasq >/dev/null; then /usr/sbin/useradd -r -d /var/lib/empty -s /bin/false -c "dnsmasq" -g nogroup -G tftp dnsmasq || : fi test -n "$FIRST_ARG" || FIRST_ARG="$1" # disable migration if initial install under systemd [ -d /var/lib/systemd/migrated ] || mkdir -p /var/lib/systemd/migrated || : if [ "$FIRST_ARG" -eq 1 ]; then for service in dnsmasq.service ; do sysv_service="${service%.*}" touch "/var/lib/systemd/migrated/$sysv_service" || : done else for service in dnsmasq.service ; do # The tag file might have been left by a preceding # update (see 1059627) rm -f "/run/rpm-dnsmasq-update-$service-new-in-upgrade" if [ ! -e "/usr/lib/systemd/system/$service" ]; then touch "/run/rpm-dnsmasq-update-$service-new-in-upgrade" fi done for service in dnsmasq.service ; do sysv_service="${service%.*}" if [ -e /var/lib/systemd/migrated/$sysv_service ]; then continue fi if [ ! -x /usr/sbin/systemd-sysv-convert ]; then continue fi /usr/sbin/systemd-sysv-convert --save $sysv_service || : done fi test -n "$FIRST_ARG" || FIRST_ARG="$1" [ -d /var/lib/systemd/migrated ] || mkdir -p /var/lib/systemd/migrated || : if [ "$YAST_IS_RUNNING" != "instsys" -a -x /usr/bin/systemctl ]; then /usr/bin/systemctl daemon-reload || : fi if [ "$FIRST_ARG" -eq 1 ]; then if [ -x /usr/bin/systemctl ]; then /usr/bin/systemctl preset dnsmasq.service || : fi elif [ "$FIRST_ARG" -gt 1 ]; then for service in dnsmasq.service ; do if [ ! -e "/run/rpm-dnsmasq-update-$service-new-in-upgrade" ]; then continue fi rm -f "/run/rpm-dnsmasq-update-$service-new-in-upgrade" if [ ! -x /usr/bin/systemctl ]; then continue fi /usr/bin/systemctl preset "$service" || : done for service in dnsmasq.service ; do sysv_service=${service%.*} if [ -e /var/lib/systemd/migrated/$sysv_service ]; then continue fi if [ ! -x /usr/sbin/systemd-sysv-convert ]; then continue fi /usr/sbin/systemd-sysv-convert --apply $sysv_service || : touch /var/lib/systemd/migrated/$sysv_service || : done fi # reload dbus after install or upgrade to apply new policies if [ -z "${TRANSACTIONAL_UPDATE}" -a -x /usr/bin/systemctl ]; then /usr/bin/systemctl reload dbus.service 2>/dev/null || : fi test -n "$FIRST_ARG" || FIRST_ARG="$1" if [ "$FIRST_ARG" -eq 0 -a -x /usr/bin/systemctl ]; then # Package removal, not upgrade /usr/bin/systemctl --no-reload disable dnsmasq.service || : ( test "$YAST_IS_RUNNING" = instsys && exit 0 test -f /etc/sysconfig/services -a \ -z "$DISABLE_STOP_ON_REMOVAL" && . /etc/sysconfig/services test "$DISABLE_STOP_ON_REMOVAL" = yes -o \ "$DISABLE_STOP_ON_REMOVAL" = 1 && exit 0 /usr/bin/systemctl stop dnsmasq.service ) || : fi test -n "$FIRST_ARG" || FIRST_ARG="$1" if [ "$FIRST_ARG" -ge 1 ]; then # Package upgrade, not uninstall if [ -x /usr/bin/systemctl ]; then /usr/bin/systemctl daemon-reload || : ( test "$YAST_IS_RUNNING" = instsys && exit 0 test -f /etc/sysconfig/services -a \ -z "$DISABLE_RESTART_ON_UPDATE" && . /etc/sysconfig/services test "$DISABLE_RESTART_ON_UPDATE" = yes -o \ "$DISABLE_RESTART_ON_UPDATE" = 1 && exit 0 /usr/bin/systemctl try-restart dnsmasq.service ) || : fi else # package uninstall for service in dnsmasq.service ; do sysv_service="${service%.*}" rm -f "/var/lib/systemd/migrated/$sysv_service" || : done if [ -x /usr/bin/systemctl ]; then /usr/bin/systemctl daemon-reload || : fi fi # reload dbus after uninstall, our policies are gone again if [ ${FIRST_ARG:-$1} -eq 0 -a -z "${TRANSACTIONAL_UPDATE}" \ -a -x /usr/bin/systemctl ]; then /usr/bin/systemctl reload dbus.service 2>/dev/null || : fihTEf`Vks <-fEwlAlS& W3Xd Z=l ?^ P# hT'.FWKþdFb22(K4#aA큤A큤A큤A큤AA큤A큤A큤A큤A큤큤AA큤A큤큤AA큤A큤A큤A큤A큤A큤A큤A큤A큤A큤[s?[s?[s?[s?[s?[s?[s?[s?[s?[s?[s?[s?[s@Y;Y;[s?Y;Y;Y;Y;Y;Y;Y;Y;Y;Y;Y;Y;Y;Y;Y;Y;Y;Y;[s?Y;Y;Y;Y;Y;[s>Y;Y;Y;Y;Y;Y;Y;Y;Y;Y;Y;Y;Y;Y;Y;Y;[s5Y;[s5Y;Y;Y;Y;Y;Y;Y;Y;Y;Y;Y;Y;Y;Y;Y;Y;Y;Y;[s5Y;Y;[s@Y;Y;[s>[s>[s>[s>[s>[s>[s>[s>[s>[s>[s>[s>[s>65b25dc51ba9fd414201ed8146f1d23af6c20c3feff364638f136759648d8a42915333fbdce852d3f084fe429866a7f38e1d4eff935e8e41290c2771aafe64a6751da48d283e73933d22c49422e488f701e0e51d8b73ad212fd060456d06867d7eb505f2605a3d121c0995399adf3f25c9f079c00335f5dda1afb9ed8e648a385a7ade166721fa1ba81bfabeea76ca9cd740887090a5b9553129e80e10675b0356f0859b9c71415928ccd9a15080b2a210148184188e618d3804bc5ab2e1ac181cc30f21b121e920ac4ec5c30619135aa8b771a3f91a38c71d596e81d35fc0b78d39f229d3ff9f8fd8c817fa1d8509b097484d54ba6db98d126609d48f99e2afa446d790e44f2d5280767758a948674be531400db87643b2bbc0351ee70d33a280791de58818788dbb3e54557b85aa0f71f5d8b7d30486d5efb7279007dfb6ebca5b78c85afaf92bf423f74562311e87f3affc52fa07c42a593659d51db7b4c72c174d8ec4f11d8b168e308715b63e2f066fb8f3fa90f3a6c48bdcf285ae1a0c66d732a843e2ae4c8acb678d1fd3715362484eff6ab23877df608ac933bc9164e30dc229f359483f95f6af0a2d886a8f9870585380f7de906f462e1b46a76cf4a021a74cd3ba67985484c2e23381226820266ed6cc46ef657fc8a12f8333f4e02777e4eeb3440bd834286c258bba713905fcaf3eaf38f86a646be53f6f62e1df525ba862047b58c71c645ad3b9af10e54dbdbc2f75292c4dc08470b219a0a6b72f7c3bfb9c73d182acd7d8751c9c3fc1926db100f22dae0d0f71c98de090c78fed0ec432aeda33fbbab97b82b9d4eae3a1ded3710243beab2f344c6ca588949ba7fd5d2bd7858a440ca1a10e85c87c4af8d11aa02717ad4c823f17689112fc131e61ba13d73df9acbed61bf16c2590a39f2c8a681afc569851916f80df6c100497db11f354b4bd156d178f055e0e25e2cfcdd6ee95f1dd3bb10ff184f3ca90c8b4a2fdfc7a6dd0e11e02a5d4e45e36440250cdb1f77e3b592b470ad563d68e3d679707b0e10b867bb7bd7e5a4fe4f002ff9fcdf5c2354ccaeb8bc59a8e5d29c5c938e734286f2e0796c7eb67a135be6a5fede02fe749daaaebe3510d2b023f4e502edd5eb324bcf19307b19f3d50fec7a44c54d54f4032c3b052a3d4b05da802e7b9eecfad4a92e27451eafe0e351126286fa766f7cab1b4d1eb96fe5852f9d3656b204b48f0bd8c5df471d37cc08246023dcf813c189b17482a66b0df0b25350c69e1d76b9cf57e2eef7397553da670a7981c10be01f34bfdeb54d7f61a1df7d7efb86bad399099dc7147a892bd47ba45c42bdf5d14a89665953b491126ba3bcd404f467ac923c398e89e29467519b740cff6bb1a842d56dd4a37bb4fc8384a8cbe71bf06395ac6bc6ff529e7238f89b08735eee3ff53b20552b23bfe8ac42dd20a519185c0ec606eac4e66e34020fd3703c8d4947cc73dfd13d473666f8f5c9fafe6be51614edf260539c9b47a46d955fc82d375eb30501eb17818a6ca5b21d0804b9a07ce1d0e0fbd58a736285a18713985817e2b408cb60e7f29ce0a115eb87ab8e96d6cf6d77d4181dddb7393ccf44c96d9967e10fb884b4a05affafd9f976004f8bd958fb65708f05dacfc4703972bf875b21bf9d0beefca382e274acd6a28853b7e40fb0f71d741aaf87d0da18e688efd697c39eb884efb0807ff9ee1fc47e062f1077e108f1dc4eddf91d04a7db2ad23d07929e2c91e28e4997104dc4cf493104bdef53e05c105465f3314384deda5c8553c81088b789b350ac6f1fdcd70cba62b3c56389dd4ad81b40ebca8a122bc020ac7bf4f724b7f494c6c896f9c98d4e1c4a33ec2d1325d57c47390cb46fd763aa1b30dd1c6b6ef813563cca1a1034e815282aa6265b2c9dc17d6b0df97874518db2515c073d16d845d13bcda98d196f00d6cacee33e78a2a8c56b2420902cf70c11bf3aeac54645c6bf093d85ad89524beeee4222c838354a43a29e747584b885a9f6288ee44747f80929c982e9fb863e933f682362933749abe46b6074226252dd68d09b3e86c26b1a77c0396fec5f060083f61900237d77f10604ea4d8e60ecff1bf4fae01f2d63d4a9865e94577c0c54e164dcb9324bfa2e6520a01b05f77899ac66105614b1582ff2445b8cb5eb2d16434e6c77fc760e98a8aaa3cc0df6695b91036505fe506b9b4f1891b01914b6ba8dc2696c1e6f75893d3337893124a44e2525018b4bfde9d858e11fed9db4f97eeb636244a5e1b5e93bd7423155ca3877211e916447a09843afccbd14385130a6d3e4101b049bf4f623c53e4a1ac9bfcc0471fe11d3f4047832473233e94f4b65ca2fcf075faa62447fadb508e26a52f1ef000dcd4fe8a0f8a7ff965b25dc51ba9fd414201ed8146f1d23af6c20c3feff364638f136759648d8a42915333fbdce852d3f084fe429866a7f38e1d4eff935e8e41290c2771aafe64a68a3f150473468ca14dbfaecda4bd71d2cf69ca2e4e0c230f20812121fc7793ace6b975abd418fc7a5313dbf29c3c4606f78e8290571396a8d1804c6665c43d2bdcc100d4161cc0b7177545ab6e47216f84857cda3843847c792a25289852dcaa8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903bb741ff510d87d358c8ba1af1fe76d4762f62cbce9ad114ca44cb7de7e1cf3327c0b02f403163f58a4eff84e8466bb79e290c5f568c0c918441d1fe1bf160678050e2ffb7f3e751b03447bf2dd21a0a12f75761ae3ecf8ceb82c1f7c8dab5b37ba7f617511a96e4f20c3288e1d847df324299db1f144229e98da41d48676cd36d96de10cf41dc023093fbede262b19b29370a166f60efa08da87e261ad7e378018368d9d73663859ce86c4f223edd3e7e1beafa0183c3a1c0410616c0e17b9c249f3585b0d8c73df0ef019f9a0f1307bc66f45a4fee19d214bd4c2a75a60480c59c37ae6b50244e9212f91b8bae9ab7c2cccda9286b0e6e2959a723571a2623d56e2c9e2363818bb125eed605f4e3d6dad8850060c330373d5636a21599289d7deea4984f35f287d2a3311fd5d4deb7c763d7799923295455d243628dacc904cf9d931427bc280f2051b257c4a92b3b450b27d7062900762921443a7e17f9b422b67d35cc54ff3316ff4475b43caf18100339545edeb18a570b2b197f1ce18d1abaab1a948fa972e42d149a0fcd094a631ccbce712924775204898dfb0e7b32bservicerootrootrootrootrootrootrootroottftprootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootroottftprootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootdnsmasq-2.78-lp150.2.3.1.src.rpmconfig(dnsmasq)dns_daemondnsmasqdnsmasq(x86-64)   @@@@@@@@@@@@@@@@@@    /bin/mkdir/bin/sh/bin/sh/bin/sh/bin/sh/usr/sbin/useraddconfig(dnsmasq)group(nogroup)libc.so.6()(64bit)libc.so.6(GLIBC_2.11)(64bit)libc.so.6(GLIBC_2.14)(64bit)libc.so.6(GLIBC_2.2.5)(64bit)libc.so.6(GLIBC_2.3)(64bit)libc.so.6(GLIBC_2.3.4)(64bit)libc.so.6(GLIBC_2.4)(64bit)libc.so.6(GLIBC_2.9)(64bit)libdbus-1.so.3()(64bit)libdbus-1.so.3(LIBDBUS_1_3)(64bit)libgmp.so.10()(64bit)libhogweed.so.4()(64bit)libhogweed.so.4(HOGWEED_4)(64bit)libidn.so.11()(64bit)libidn.so.11(LIBIDN_1.0)(64bit)libnetfilter_conntrack.so.3()(64bit)libnettle.so.6()(64bit)libnettle.so.6(NETTLE_6)(64bit)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)2.78-lp150.2.3.13.0.4-14.6.0-14.0-15.2-14.14.1[[LZ%8Z!D@Y*@Y@YXlWWbV@U@UUa@U4@T@TB@T@TT_W@SvS0SS@S@SDS2@Qu&@Qr@QiHQ\Q?Q']PPmz@O@OO-@OU@O2cO/OO@Nσ@N1N1N @Nj@Nu@NWMn1@L0L @K]KJ@J J7@J)I?@IV@dmueller@suse.comkukuk@suse.deidonmez@suse.comcbosdonnat@suse.commax@suse.comtchvatal@suse.comdmueller@suse.commartin.wilck@suse.commax@suse.commax@suse.commpluskal@suse.comstefan.bruens@rwth-aachen.destefan.bruens@rwth-aachen.decrrodriguez@opensuse.orgabergmann@suse.comjslaby@suse.comdimstar@opensuse.orgnemysis@gmx.chnemysis@gmx.chseife+obs@b1-systems.comdsterba@suse.czmeissner@suse.comvwallfahrer@suse.comvwallfahrer@suse.comcdenicolo@suse.comdmueller@suse.comcrrodriguez@opensuse.orgmeissner@suse.comcrrodriguez@opensuse.orgcoolo@suse.comcrrodriguez@opensuse.orgvuntz@suse.comrmilasan@suse.comtoganm@opensuse.orgcfarrell@suse.comcrrodriguez@opensuse.orgcrrodriguez@opensuse.orgpascal.bleser@opensuse.orgug@suse.deug@suse.decrrodriguez@opensuse.orgcrrodriguez@opensuse.orgcrrodriguez@opensuse.orgug@suse.decrrodriguez@opensuse.orgcrrodriguez@opensuse.orgug@suse.deug@suse.dejengelh@medozas.deug@suse.deug@suse.deug@suse.deug@suse.deug@suse.deug@suse.decoolo@novell.comug@suse.deug@suse.deug@suse.deug@suse.deug@suse.de- add missing prereq on the group to be created (bsc#1106446)- Don't require systemd explicit, fix spec file to handle both cases correct. In containers we don't have systemd. - Adjust pre/post install for transactional updates. - Use %license instead of %doc [bsc#1082318]- Update keyring- Get rid of python dependency due to examples. (fate#323526)- Security update to version 2.78: * bsc#1060354, CVE-2017-14491: 2 byte heap based overflow. * bsc#1060355, CVE-2017-14492: heap based overflow. * bsc#1060360, CVE-2017-14493: stack based overflow. * bsc#1060361, CVE-2017-14494: DHCP - info leak. * bsc#1060362, CVE-2017-14495: DNS - OOM DoS. * bsc#1060364, CVE-2017-14496: DNS - DoS Integer underflow. * Fix DHCP relaying, broken in 2.76 and 2.77. * For other changes, see http://www.thekelleys.org.uk/dnsmasq/CHANGELOG - Obsoleted patches: * Fix-crash-introduced-in-2675f2061525bc954be14988d643.patch * Handle-binding-upstream-servers-to-an-interface.patch- Fix /srv/tftpboot permissions wrt bsc#940608- reload system dbus to pick up policy change on install (bsc#1054429)- Handle binding upstream servers to an interface if interface is destroyed and recreated (boo#1018160) Added two patches from upstream: * added Handle-binding-upstream-servers-to-an-interface.patch * added Fix-crash-introduced-in-2675f2061525bc954be14988d643.patch- Update to 2.76: * Include 0.0.0.0/8 in DNS rebind checks. * Enhance --add-subnet to allow arbitrary subnet addresses. * Respect the --no-resolv flag in inotify code. Fixes bug which caused dnsmasq to fail to start if a resolv-file was a dangling symbolic link, even of --no-resolv set. * Fix crash when an A or AAAA record is defined locally, in a hosts file, and an upstream server sends a reply that the same name is empty (CVE-2015-8899, bsc#983273). * Fix failure to correctly calculate cache-size when reading a hosts-file fails. * Fix wrong answer to simple name query when --domain-needed set, but no upstream servers configured. * Return REFUSED when running out of forwarding table slots, not SERVFAIL. * Add --max-port configuration. * Add --script-arp and two new functions for the dhcp-script. * Extend --add-mac to allow a new encoding of the MAC address as base64, by configurting --add-mac=base64 * Add --add-cpe-id option. * Don't crash with divide-by-zero if an IPv6 dhcp-range is declared as a whole /64. (ie xx::0 to xx::ffff:ffff:ffff:ffff) * Add support for a TTL parameter in --host-record and --cname. * Add --dhcp-ttl option. * Add --tftp-mtu option. * Check return-code of inet_pton() when parsing dhcp-option. * Fix wrong value for EDNS UDP packet size when using - -servers-file to define upstream DNS servers. * Add dhcp_release6 to contrib/lease-tools.- dnsmasq-groups.patch: Initialize the supplementary groups of the dnsmasq user (bsc#859298).- Add gpg signature- spec file cleanup, get rid of redifinition warnings- Update to 2.75, announce message: Fix reversion on 2.74 which caused 100% CPU use when a dhcp-script is configured. Thanks to Adrian Davey for reporting the bug and testing the fix. - Update to 2.74, announce message: Fix reversion in 2.73 where --conf-file would attempt to read the default file, rather than no file. Fix inotify code to handle dangling symlinks better and not SEGV in some circumstances. DNSSEC fix. In the case of a signed CNAME generated by a wildcard which pointed to an unsigned domain, the wrong status would be logged, and some necessary checks omitted. - Update to 2.73, announce message: Fix crash at startup when an empty suffix is supplied to - -conf-dir, also trivial memory leak. Thanks to Tomas Hozza for spotting this. Remove floor of 4096 on advertised EDNS0 packet size when DNSSEC in use, the original rationale for this has long gone. Thanks to Anders Kaseorg for spotting this. Use inotify for checking on updates to /etc/resolv.conf and friends under Linux. This fixes race conditions when the files are updated rapidly and saves CPU by noy polling. To build a binary that runs on old Linux kernels without inotify, use make COPTS=-DNO_INOTIFY Fix breakage of --domain=,,local - only reverse queries were intercepted. THis appears to have been broken since 2.69. Thanks to Josh Stone for finding the bug. Eliminate IPv6 privacy addresses and deprecated addresses from the answers given by --interface-name. Note that reverse queries (ie looking for names, given addresses) are not affected. Thanks to Michael Gorbach for the suggestion. Fix crash in DNSSEC code with long RRs. Thanks to Marco Davids for the bug report. Add --ignore-address option. Ignore replies to A-record queries which include the specified address. No error is generated, dnsmasq simply continues to listen for another reply. This is useful to defeat blocking strategies which rely on quickly supplying a forged answer to a DNS request for certain domains, before the correct answer can arrive. Thanks to Glen Huang for the patch. Revisit the part of DNSSEC validation which determines if an unsigned answer is legit, or is in some part of the DNS tree which should be signed. Dnsmasq now works from the DNS root downward looking for the limit of signed delegations, rather than working bottom up. This is both more correct, and less likely to trip over broken nameservers in the unsigned parts of the DNS tree which don't respond well to DNSSEC queries. Add --log-queries=extra option, which makes logs easier to search automatically. Add --min-cache-ttl option. I've resisted this for a long time, on the grounds that disbelieving TTLs is never a good idea, but I've been persuaded that there are sometimes reasons to do it. (Step forward, GFW). To avoid misuse, there's a hard limit on the TTL floor of one hour. Thansk to RinSatsuki for the patch. Cope with multiple interfaces with the same link-local address. (IPv6 addresses are scoped, so this is allowed.) Thanks to Cory Benfield for help with this. Add --dhcp-hostsdir. This allows addition of new host configurations to a running dnsmasq instance much more cheaply than having dnsmasq re-read all its existing configuration each time. Don't reply to DHCPv6 SOLICIT messages if we're not configured to do stateful DHCPv6. Thanks to Win King Wan for the patch. Fix broken DNSSEC validation of ECDSA signatures. Add --dnssec-timestamp option, which provides an automatic way to detect when the system time becomes valid after boot on systems without an RTC, whilst allowing DNS queries before the clock is valid so that NTP can run. Thanks to Kevin Darbyshire-Bryant for developing this idea. Add --tftp-no-fail option. Thanks to Stefan Tomanek for the patch. Fix crash caused by looking up servers.bind, CHAOS text record, when more than about five --servers= lines are in the dnsmasq config. This causes memory corruption which causes a crash later. Thanks to Matt Coddington for sterling work chasing this down. Fix crash on receipt of certain malformed DNS requests. Thanks to Nick Sampanis for spotting the problem. Note that this is could allow the dnsmasq process's memory to be read by an attacker under certain circumstances, so it has a CVE, CVE-2015-3294 Fix crash in authoritative DNS code, if a .arpa zone is declared as authoritative, and then a PTR query which is not to be treated as authoritative arrived. Normally, directly declaring .arpa zone as authoritative is not done, so this crash wouldn't be seen. Instead the relevant .arpa zone should be specified as a subnet in the auth-zone declaration. Thanks to Johnny S. Lee for the bugreport and initial patch. Fix authoritative DNS code to correctly reply to NS and SOA queries for .arpa zones for which we are declared authoritative by means of a subnet in auth-zone. Previously we provided correct answers to PTR queries in such zones (including NS and SOA) but not direct NS and SOA queries. Thanks to Johnny S. Lee for pointing out the problem. Fix logging of DHCPREPLY which should be suppressed by quiet-dhcp6. Thanks to J. Pablo Abonia for spotting the problem. Try and handle net connections with broken fragmentation that lose large UDP packets. If a server times out, reduce the maximum UDP packet size field in the EDNS0 header to 1280 bytes. If it then answers, make that change permanent. Check IPv4-mapped IPv6 addresses when --stop-rebind is active. Thanks to Jordan Milne for spotting this. Allow DHCPv4 options T1 and T2 to be set using --dhcp-option. Thanks to Kevin Benton for patches and work on this. Fix code for DHCPCONFIRM DHCPv6 messages to confirm addresses in the correct subnet, even of not in dynamic address allocation range. Thanks to Steve Hirsch for spotting the problem. Add AddDhcpLease and DeleteDhcpLease DBus methods. Thanks to Nicolas Cavallari for the patch. Allow configuration of router advertisements without the "on-link" bit set. Thanks to Neil Jerram for the patch. Extend --bridge-interface to DHCPv6 and router advertisements. Thanks to Neil Jerram for the patch.- dnsmasq.service: Order Before=nss-lookup.target and Wants=nss-lookup.target as this service may provide name resolution even for the localhost.- Move trust-anchors.conf into /etc/dnsmasq.d to be AppArmor conform. (bnc#908137)- The change from Wed Dec 24 messed group w/ user IDs. Switch them back and be more careful w/ what is changed.- Fix symlink of rcFOO to /usr/sbin/service, resolving a dangling symlink lint warning (and remove the same from rpmlintrc).- Remove from spec group_and_isc.patch, forgotten in previous commit- Update to 2.72, announce message: Add ra-advrouter mode, for RFC-3775 mobile IPv6 support. Add support for "ipsets" in *BSD, using pf. Thanks to Sven Falempim for the patch. Fix race condition which could lock up dnsmasq when an interface goes down and up rapidly. Thanks to Conrad Kostecki for helping to chase this down. Add DBus methods SetFilterWin2KOption and SetBogusPrivOption Thanks to the Smoothwall project for the patch. Fix failure to build against Nettle-3.0. Thanks to Steven Barth for spotting this and finding the fix. When assigning existing DHCP leases to intefaces by comparing networks, handle the case that two or more interfaces have the same network part, but different prefix lengths (favour the longer prefix length.) Thanks to Lung-Pin Chang for the patch. Add a mode which detects and removes DNS forwarding loops, ie a query sent to an upstream server returns as a new query to dnsmasq, and would therefore be forwarded again, resulting in a query which loops many times before being dropped. Upstream servers which loop back are disabled and this event is logged. Thanks to Smoothwall for their sponsorship of this feature. Extend --conf-dir to allow filtering of files. So - -conf-dir=/etc/dnsmasq.d,\*.conf will load all the files in /etc/dnsmasq.d which end in .conf Fix bug when resulted in NXDOMAIN answers instead of NODATA in some circumstances. Fix bug which caused dnsmasq to become unresponsive if it failed to send packets due to a network interface disappearing. Thanks to Niels Peen for spotting this. Fix problem with --local-service option on big-endian platforms Thanks to Richard Genoud for the patch. - Add dnsmasq-rpmlintrc, for false positive scripts and symlink - Add BuildRequires for dos2unix - Use sed instead of simple patch group_and_isc.patch- fix logging, PrivateDevices=yes kills it (bnc#902511, bnc#904537)- enable DNSSEC - require libnettle - package trust-anchors.conf - spec fixes: - define HAVE_ flags on commandline, otherwise 'dnsmasq --version' will not correctly reflect the feature status- actually build with relro and pie. (bnc#893057)- Removed Suse and all other OS/Distribution related subdirs from contrib, so only the rest gets packaged. The subdirs are not necessary anymore (bnc#889028).- Removed README.SUSE file, it was to confusing and not necessary (bnc#889972). Information is already present in the upstream documentation. - Split up vendor-files.tar.bz2 into single files - Comply with systemd packaging guidlines- license update: GPL-2.0 or GPL-3.0 correct license is dual GPL-2.0 or GPL-3.0; please add COPYING-v3-file to RPM.- update to 2.71: Subtle change to error handling to help DNSSEC validation when servers fail to provide NODATA answers for non-existent DS records. Tweak code which removes DNSSEC records from answers when not required. Fixes broken answers when additional section has real records in it. Thanks to Marco Davids for the bug report. Fix DNSSEC validation of ANY queries. Thanks to Marco Davids for spotting that too. Fix total DNS failure and 100% CPU use if cachesize set to zero, regression introduced in 2.69. Thanks to James Hunt and the Ubuntu crowd for assistance in fixing this. Fix crash, introduced in 2.69, on TCP request when dnsmasq compiled with DNSSEC support, but running without DNSSEC enabled. Thanks to Manish Sing for spotting that one. Fix regression which broke ipset functionality. Thanks to Wang Jian for the bug report. Implement dynamic interface discovery on *BSD. This allows the contructor: syntax to be used in dhcp-range for DHCPv6 on the BSD platform. Thanks to Matthias Andree for valuable research on how to implement this. Fix infinite loop associated with some --bogus-nxdomain configs. Thanks fogobogo for the bug report. Fix missing RA RDNS option with configuration like - -dhcp-option=option6:23,[::] Thanks to Tsachi Kimeldorfer for spotting the problem. Add [fd00::] and [fe80::] as special addresses in DHCPv6 options, analogous to [::]. [fd00::] is replaced with the actual ULA of the interface on the machine running dnsmasq, [fe80::] with the link-local address. Thanks to Tsachi Kimeldorfer for championing this. DNSSEC validation and caching. Dnsmasq needs to be compiled with this enabled, with make dnsmasq COPTS=-DHAVE_DNSSEC this add dependencies on the nettle crypto library and the gmp maths library. It's possible to have these linked statically with make dnsmasq COPTS='-DHAVE_DNSSEC -DHAVE_DNSSEC_STATIC' which bloats the dnsmasq binary, but saves the size of the shared libraries which are much bigger. To enable, DNSSEC, you will need a set of trust-anchors. Now that the TLDs are signed, this can be the keys for the root zone, and for convenience they are included in trust-anchors.conf in the dnsmasq distribution. You should of course check that these are legitimate and up-to-date. So, adding conf-file=/path/to/trust-anchors.conf dnssec to your config is all thats needed to get things working. The upstream nameservers have to be DNSSEC-capable too, of course. Many ISP nameservers aren't, but the Google public nameservers (8.8.8.8 and 8.8.4.4) are. When DNSSEC is configured, dnsmasq validates any queries for domains which are signed. Query results which are bogus are replaced with SERVFAIL replies, and results which are correctly signed have the AD bit set. In addition, and just as importantly, dnsmasq supplies correct DNSSEC information to clients which are doing their own validation, and caches DNSKEY, DS and RRSIG records, which significantly improve the performance of downstream validators. Setting --log-queries will show DNSSEC in action. If a domain is returned from an upstream nameserver without DNSSEC signature, dnsmasq by default trusts this. This means that for unsigned zone (still the majority) there is effectively no cost for having DNSSEC enabled. Of course this allows an attacker to replace a signed record with a false unsigned record. This is addressed by the - -dnssec-check-unsigned flag, which instructs dnsmasq to prove that an unsigned record is legitimate, by finding a secure proof that the zone containing the record is not signed. Doing this has costs (typically one or two extra upstream queries). It also has a nasty failure mode if dnsmasq's upstream nameservers are not DNSSEC capable. Without --dnssec-check-unsigned using such an upstream server will simply result in not queries being validated; with --dnssec-check-unsigned enabled and a DNSSEC-ignorant upstream server, _all_ queries will fail. Note that DNSSEC requires that the local time is valid and accurate, if not then DNSSEC validation will fail. NTP should be running. This presents a problem for routers without a battery-backed clock. To set the time needs NTP to do DNS lookups, but lookups will fail until NTP has run. To address this, there's a flag, --dnssec-no-timecheck which disables the time checks (only) in DNSSEC. When dnsmasq is started and the clock is not synced, this flag should be used. As soon as the clock is synced, SIGHUP dnsmasq. The SIGHUP clears the cache of partially-validated data and resets the no-timecheck flag, so that all DNSSEC checks henceforward will be complete. The development of DNSSEC in dnsmasq was started by Giovanni Bajo, to whom huge thanks are owed. It has been supported by Comcast, whose techfund grant has allowed for an invaluable period of full-time work to get it to a workable state. Add --rev-server. Thanks to Dave Taht for suggesting this. Add --servers-file. Allows dynamic update of upstream servers full access to configuration. Add --local-service. Accept DNS queries only from hosts whose address is on a local subnet, ie a subnet for which an interface exists on the server. This option only has effect if there are no --interface --except-interface, - -listen-address or --auth-server options. It is intended to be set as a default on installation, to allow unconfigured installations to be useful but also safe from being used for DNS amplification attacks. Fix crashes in cache_get_cname_target() when dangling CNAMEs encountered. Thanks to Andy and the rt-n56u project for find this and helping to chase it down. Fix wrong RCODE in authoritative DNS replies to PTR queries. The correct answer was included, but the RCODE was set to NXDOMAIN. Thanks to Craig McQueen for spotting this. Make statistics available as DNS queries in the .bind TLD as well as logging them. Use random addresses for DHCPv6 temporary address allocations, instead of algorithmically determined stable addresses. Fix bug which meant that the DHCPv6 DUID was not available in DHCP script runs during the lifetime of the dnsmasq process which created the DUID de-novo. Once the DUID was created and stored in the lease file and dnsmasq restarted, this bug disappeared. Fix bug introduced in 2.67 which could result in erroneous NXDOMAIN returns to CNAME queries. Fix build failures on MacOS X and openBSD. Allow subnet specifications in --auth-zone to be interface names as well as address literals. This makes it possible to configure authoritative DNS when local address ranges are dynamic and works much better than the previous work-around which exempted contructed DHCP ranges from the IP address filtering. As a consequence, that work-around is removed. Under certain circumstances, this change wil break existing configuration: if you're relying on the contructed-range exception, you need to change --auth-zone to specify the same interface as is used to construct your DHCP ranges, probably with a trailing "/6" like this: - -auth-zone=example.com,eth0/6 to limit the addresses to IPv6 addresses of eth0. Fix problems when advertising deleted IPv6 prefixes. If the prefix is deleted (rather than replaced), it doesn't get advertised with zero preferred time. Thanks to Tsachi for the bug report. Fix segfault with some locally configured CNAMEs. Thanks to Andrew Childs for spotting the problem. Fix memory leak on re-reading /etc/hosts and friends, introduced in 2.67. Check the arrival interface of incoming DNS and TFTP requests via IPv6, even in --bind-interfaces mode. This isn't possible for IPv4 and can generate scary warnings, but as it's always possible for IPv6 (the API always exists) then we should do it always. Tweak the rules on prefix-lengths in --dhcp-range for IPv6. The new rule is that the specified prefix length must be larger than or equal to the prefix length of the corresponding address on the local interface. Fix crash if upstream server returns SERVFAIL when - -conntrack in use. Thanks to Giacomo Tazzari for finding this and supplying the patch. Repair regression in 2.64. That release stopped sending lease-time information in the reply to DHCPINFORM requests, on the correct grounds that it was a standards violation. However, this broke the dnsmasq-specific dhcp_lease_time utility. Now, DHCPINFORM returns lease-time only if it's specifically requested (maintaining standards) and the dhcp_lease_time utility has been taught to ask for it (restoring functionality). Fix --dhcp-match, --dhcp-vendorclass and --dhcp-userclass to work with BOOTP and well as DHCP. Thanks to Peter Korsgaard for spotting the problem. Add --synth-domain. Thanks to Vishvananda Ishaya for suggesting this. Fix failure to compile ipset.c if old kernel headers are in use. Thanks to Eugene Rudoy for pointing this out. Handle IPv4 interface-address labels in Linux. These are often used to emulate the old IP-alias addresses. Before, using --interface=eth0 would service all the addresses of eth0, including ones configured as aliases, which appear in ifconfig as eth0:0. Now, only addresses with the label eth0 are active. This is not backwards compatible: if you want to continue to bind the aliases too, you need to add eg. --interface=eth0:0 to the config. Fix "failed to set SO_BINDTODEVICE on DHCP socket: Socket operation on non-socket" error on startup with configurations which have exactly one --interface option and do RA but _not_ DHCPv6. Thanks to Trever Adams for the bug report. Generalise --interface-name to cope with IPv6 addresses and multiple addresses per interface per address family. Fix option parsing for --dhcp-host, which was generating a spurious error when all seven possible items were included. Thanks to Zhiqiang Wang for the bug report. Remove restriction on prefix-length in --auth-zone. Thanks to Toke Hoiland-Jorgensen for suggesting this. Log when the maximum number of concurrent DNS queries is reached. Thanks to Marcelo Salhab Brogliato for the patch. If wildcards are used in --interface, don't assume that there will only ever be one available interface for DHCP just because there is one at start-up. More may appear, so we can't use SO_BINDTODEVICE. Thanks to Natrio for the bug report. Increase timeout/number of retries in TFTP to accomodate AudioCodes Voice Gateways doing streaming writes to flash. Thanks to Damian Kaczkowski for spotting the problem. Fix crash with empty DHCP string options when adding zero terminator. Thanks to Patrick McLean for the bug report. Allow hostnames to start with a number, as allowed in RFC-1123. Thanks to Kyle Mestery for the patch. Fixes to DHCP FQDN option handling: don't terminate FQDN if domain not known and allow a FQDN option with blank name to request that a FQDN option is returned in the reply. Thanks to Roy Marples for the patch. Make --clear-on-reload apply to setting upstream servers via DBus too. When the address which triggered the construction of an advertised IPv6 prefix disappears, continue to advertise the prefix for up to 2 hours, with the preferred lifetime set to zero. This satisfies RFC 6204 4.3 L-13 and makes things work better if a prefix disappears without being deprecated first. Thanks to Uwe Schindler for persuasively arguing for this. Fix MAC address enumeration on *BSD. Thanks to Brad Smith for the bug report. Support RFC-4242 information-refresh-time options in the reply to DHCPv6 information-request. The lease time of the smallest valid dhcp-range is sent. Thanks to Uwe Schindler for suggesting this. Make --listen-address higher priority than --except-interface in all circumstances. Thanks to Thomas Hood for the bugreport. Provide independent control over which interfaces get TFTP service. If enable-tftp is given a list of interfaces, then TFTP is provided on those. Without the list, the previous behaviour (provide TFTP to the same interfaces we provide DHCP to) is retained. Thanks to Lonnie Abelbeck for the suggestion. Add --dhcp-relay config option. Many thanks to vtsl.net for sponsoring this development. Fix crash with empty tag: in --dhcp-range. Thanks to Kaspar Schleiser for the bug report. Add "baseline" and "bloatcheck" makefile targets, for revealing size changes during development. Thanks to Vladislav Grishenko for the patch. Cope with DHCPv6 clients which send REQUESTs without address options - treat them as SOLICIT with rapid commit. Support identification of clients by MAC address in DHCPv6. When using a relay, the relay must support RFC 6939 for this to work. It always works for directly connected clients. Thanks to Vladislav Grishenko for prompting this feature. Remove the rule for constructed DHCP ranges that the local address must be either the first or last address in the range. This was originally to avoid SLAAC addresses, but we now explicitly autoconfig and privacy addresses instead. Update Polish translation. Thanks to Jan Psota. Fix problem in DHCPv6 vendorclass/userclass matching code. Thanks to Tanguy Bouzeloc for the patch. Update Spanish transalation. Thanks to Vicente Soriano. Add --ra-param option. Thanks to Vladislav Grishenko for inspiration on this. Add --add-subnet configuration, to tell upstream DNS servers where the original client is. Thanks to DNSthingy for sponsoring this feature. Add --quiet-dhcp, --quiet-dhcp6 and --quiet-ra. Thanks to Kevin Darbyshire-Bryant for the initial patch. Allow A/AAAA records created by --interface-name to be the target of --cname. Thanks to Hadmut Danisch for the suggestion. Avoid treating a --dhcp-host which has an IPv6 address as eligable for use with DHCPv4 on the grounds that it has no address, and vice-versa. Thanks to Yury Konovalov for spotting the problem. Do a better job caching dangling CNAMEs. Thanks to Yves Dorfsman for spotting the problem. Add the ability to act as an authoritative DNS server. Dnsmasq can now answer queries from the wider 'net with local data, as long as the correct NS records are set up. Only local data is provided, to avoid creating an open DNS relay. Zone transfer is supported, to allow secondary servers to be configured. Add "constructed DHCP ranges" for DHCPv6. This is intended for IPv6 routers which get prefixes dynamically via prefix delegation. With suitable configuration, stateful DHCPv6 and RA can happen automatically as prefixes are delegated and then deprecated, without having to re-write the dnsmasq configuration file or restart the daemon. Thanks to Steven Barth for extensive testing and development work on this idea. Fix crash on startup on Solaris 11. Regression probably introduced in 2.61. Thanks to Geoff Johnstone for the patch. Add code to make behaviour for TCP DNS requests that same as for UDP requests, when a request arrives for an allowed address, but via a banned interface. This change is only active on Linux, since the relevant API is missing (AFAIK) on other platforms. Many thanks to Tomas Hozza for spotting the problem, and doing invaluable discovery of the obscure and undocumented API required for the solution. Don't send the default DHCP option advertising dnsmasq as the local DNS server if dnsmasq is configured to not act as DNS server, or it's configured to a non-standard port. Add DNSMASQ_CIRCUIT_ID, DNSMASQ_SUBCRIBER_ID, DNSMASQ_REMOTE_ID variables to the environment of the lease-change script (and the corresponding Lua). These hold information inserted into the DHCP request by a DHCP relay agent. Thanks to Lakefield Communications for providing a bounty for this addition. Fixed crash, introduced in 2.64, whilst handling DHCPv6 information-requests with some common configurations. Thanks to Robert M. Albrecht for the bug report and chasing the problem. Add --ipset option. Thanks to Jason A. Donenfeld for the patch. Don't erroneously reject some option names in --dhcp-match options. Thanks to Benedikt Hochstrasser for the bug report. Allow a trailing '*' wildcard in all interface-name configurations. Thanks to Christian Parpart for the patch. Handle the situation where libc headers define SO_REUSEPORT, but the kernel in use doesn't, to cope with the introduction of this option to Linux. Thanks to Rich Felker for the bug report. Update Polish translation. Thanks to Jan Psota. Fix crash if the configured DHCP lease limit is reached. Regression occurred in 2.61. Thanks to Tsachi for the bug report. Update the French translation. Thanks to Gildas le Nadan.- dnsmasq.service: Set PrivateDevices=yes so we run in a separate namespace with the bare minimum device nodes isolated from the host.- reintroduced /sbin/rcdnsmasq as /sbin/service link.- Do not order after syslog.target which it is neither required not recommended and currently no longer even exists.- sync /srv/tftpboot directory attributes with atftp package- remove all sysvinit support- Create a utils subpackage to include DHCP lease management utils (that are living in contrib/wrt): + Explicitly build them in %build and install the files in %install. + Summary and description of the new subpackage are taken from Fedora.- Install dnsmasq.service accordingly (/usr/lib/systemd for 12.3 and up or /lib/systemd for older versions).- Update to version 2.65. For other changes relating to other versions in between please see the CHANGELOG * Fix regression which broke forwarding orgf queries sent via TCP which are not for A and AAAA and which were directed to non-default servers. Thanks to Niax for the bug reportst. Fix failure to build with DHCP support excluded. Thanks to Gustavo Zacarias for the patch. Fix nasty regression in 27.64 which completely broke cacheing. - renamed group_and_isc.diff to group_and_isc.patch rebasinp to -p1 level as outlined in the documentation at http://en.opensuse.org/openSUSE:Packaging_Patches_guidelines- license update: GPL-2.0 Most of the source code files give a choice of either GPL-2.0 or GPL-3.0 (not GPL-2.0+). The website states that the COPYING file in the distribution is the official license - in this case it is GPL-2.0. This is consistent with what Fedora state about the package. Accordingly, I^d be ok with License: GPL-2.0 or License: (GPL-2.0 or GPL-3.0) but not License: GPL-2.0+- Update to version 2.62, misc bugfixes - Fix CFLAGS/LDFLAGS usage - fix the small cache size problem in a different way by tweaking the build config instead.- The default cache size is way too small (150 entries) use a sane default of 2000 as used in *WRT embeeded routers which is still very conservative for a desktop/server machine. - use async logging- update to 2.61: * add ra-names, ra-stateless and slaac keywords for DHCPv6: dnsmasq can now synthesise AAAA records for dual-stack hosts which get IPv6 addresses via SLAAC; it is also now possible to use SLAAC and stateless DHCPv6, and to tell clients to use SLAAC addresses as well as DHCP ones * add --dhcp-duid to allow DUID-EN uids to be used * explicity send DHCPv6 replies to the correct port, instead of relying on clients to send requests with the correct source address, since at least one client in the wild gets this wrong * send a preference value of 255 in DHCPv6 replies when --dhcp-authoritative is in effect: his tells clients not to wait around for other DHCP servers * better logging of DHCPv6 options * add --host-record * invoke the DHCP script with action "tftp" when a TFTP file transfer completes: the size of the file, address to which it was sent and complete pathname are supplied; note that version 2.60 introduced some script incompatibilties associated with DHCPv6, and this is a further change; to be safe, scripts should ignore unknown actions, and if not IPv6-aware, should exit if the environment variable DNSMASQ_IAID is set; the use-case for this is to track netboot/install * update contrib/port-forward/dnsmasq-portforward to reflect the above * set the environment variable DNSMASQ_LOG_DHCP when running the script id - -log-dhcp is in effect, so that script can taylor their logging verbosity * arrange that addresses specified with --listen-address work even if there is no interface carrying the address; this is chiefly useful for IPv4 loopback addresses, where any address in 127.0.0.0/8 is a valid loopback address, but normally only 127.0.0.1 appears on the lo interface * fix crash, introduced in 2.60, when a DHCPINFORM is received from a network which has no valid dhcp-range * add a new DHCP lease time keyword, "deprecated" for --dhcp-range: this is only valid for IPv6, and sets the preffered lease time for both DHCP and RA to zero; the effect is that clients can continue to use the address for existing connections, but new connections will use other addresses, if they exist; this makes hitless renumbering at least possible * fix bug in address6_available() which caused DHCPv6 lease aquistion to fail if more than one dhcp-range in use * provide RDNSS and DNSSL data in router advertisements, using the settings provided for DHCP options option6:domain-search and option6:dns-server * don't cache data from non-recursive nameservers, since it may erroneously look like a valid CNAME to a non-exitant name * call SO_BINDTODEVICE on the DHCP socket(s) when doing DHCP on exacly one interface and --bind-interfaces is set; this makes the OpenStack use-case of one dnsmasq per virtual interface work * give correct from-cache answers to explict CNAME queries * add --tftp-lowercase option * ensure that the DBus DhcpLeaseUpdated events are generated when a lease goes through INIT_REBOOT state, even if the dhcp-script is not in use- some dhcp fixes - Add Lua integration - Set TOS on DHCP sockets - Improve start-up speed when reading large hosts files - Fix problem if dnsmasq is started without the stdin - Allow the TFP server or boot server in --pxe-service - Support DHCPv6. Support is there for the sort of things the existing v4 server does, including tags, options, static addresses and relay support - Support IPv6 router advertisements - Fix long-standing wrinkle with --localise-queries that could result in wrong answers when DNS packets arrive via an interface other than the expected one - 2.60- added correct group for tftp (bnc#738905)- Use systemd macros correctly - build with PIE and full RELRO.- --enable-dbus must be explicit in systemd unit - default user is provided in config file or takes defaults on group_and_isc.diff- dnsmasq has dbus support, use it for systemd service.- removed systemd config for pre-12.1- Must be of type forking and change uid to dnsmasq- Add systemd startup script- dnsmasq still announced itself as 2.59-RC1 no other code changes than just the correct version string- fixed binding to IPv6 link-local addresses (regression from 2.58) - 2.59- Remove redundant tags/sections from specfile (cf. packaging guidelines) - Use %_smp_mflags for parallel build- Support scope-ids in IPv6 addresses of nameservers from /etc/resolv.conf and in --server options - Fix bug which resulted in truncated files and timeouts for some TFTP transfers - Allow the TFTP-server address in --dhcp-boot to be a domain-name which is looked up in /etc/hosts - Tweak the behaviour of --domain-needed - Add support for Linux conntrack connection marking - Don't return NXDOMAIN to an AAAA query if we have CNAME which points to an A record only - logging fixes - many DHCP fixes and features (see Changelog) - update to 2.58- Add IPv6 support to the TFTP server - Log DNS queries at level LOG_INFO - Add --add-mac option - some logging fixes - Don't complain about strings longer than 255 characters in txt records - extended the --domain option - Never cache DNS replies which have the 'cd' bit set - Add --proxy-dnssec flag - Allow a filename of "-" for --conf-file - some smaller bugfixes - update to 2.57* Fix crash when /etc/ethers is in use. * Fix crash in netlink_multicast(). * Allow the empty domain "." in dhcp domain-search (119) options. * 2.55 (there was no 2.54)* Fixed bug which caused bad things to happen if a resolv.conf file which exists is subsequently removed * Rationalised the DHCP tag system * Added --tag-if to allow boolean operations on tags * Add broadcast/unicast information to DHCP logging * Allow --dhcp-broadcast to be unconditional * Fixed incorrect behaviour with NOT conditionals in dhcp-options * If we send vendor-class encapsulated options based on the vendor-class supplied by the client, and no explicit vendor-class option is given, echo back the vendor-class from the client. * Fix bug which stopped dnsmasq from matching both a circuitid and a remoteid * Add --dhcp-proxy * Added interface: part to dhcp-range * and a lot more ... checke the CHANGELOG in the package * 2.53* adds support for RFC 3925 vendor identifying vendor options. * has some minor enhancements to the PXE subsystem and external hooks for tracking DHCP leases. * 2.52* Add support for internationalised DNS. * Add two more environment variables for lease-change scripts: First, DNSMASQ_SUPPLIED_HOSTNAME; this is set to the hostname supplied by a client, even if the actual hostname used is over-ridden by dhcp-host or dhcp-ignore-names directives. Also DNSMASQ_RELAY_ADDRESS which gives the address of a DHCP relay, if used. * Fix regression which broke echo of relay-agent options. Thanks to Michael Rack for spotting this. * Don't treat option 67 as being interchangeable with dhcp-boot parameters if it's specified as dhcp-option-force. * Make the code to call scripts on lease-change compile-time optional. It can be switched off by editing src/config.h or building with "make COPTS=-DNO_SCRIPT". * Make the TFTP server cope with filenames from Windows/DOS which use '\' as pathname separator. Thanks to Ralf for the patch. * Warn if an IP address is duplicated in /etc/ethers. * Teach --conf-dir to take an option list of file suffices which will be ignored when scanning the directory. Useful for backup files etc. Thanks to Helmut Hullen for the suggestion. * Add new DHCP option named tftpserver-address * Don't do any PXE processing, even for clients with the correct vendorclass, unless at least one pxe-prompt or pxe-service option is given. * Limit the blocksize used for TFTP transfers to a value which avoids packet fragmentation, based on the MTU of the local interface. Many netboot ROMs can't cope with fragmented packets. * Honour dhcp-ignore configuration for PXE and proxy-PXE requests. * 2.51- updated patches to apply with fuzz=0- Fix security problem which allowed any host permitted to do TFTP to possibly compromise dnsmasq by remote buffer overflow when TFTP enabled. - version 2.50- Fix regression in 2.48 which disables the lease-change script - version 2.49-Fixed bug which broke binding of servers to physical interfaces when interface names were longer than four characters. - Fixed netlink code - Don't read included configuration files more than once - Mark log messages from the various subsystems in dnsmasq - Fix possible infinite DHCP protocol loop when an IP address nailed to a hostname - Allow --addn-hosts to take a directory - Support --bridge-interface on all platforms - Added support for advanced PXE functions - Improvements to DHCP logging - Added --test command-line switch - version 2.48- dbus documentation added- Enable dbus support by jnelson/bin/sh/bin/sh/bin/sh/bin/shbuild84 1539339073  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`adeesfifriditnbplptroesfr2.78-lp150.2.3.12.78-lp150.2.3.12.78-lp150.2.3.1                 !"#$%&'()*+dnsmasq.confdnsmasq.confdnsmasq.dtrust-anchors.confslp.reg.ddnsmasq.regdnsmasq-dhcpdnsmasq-dnstftpbootdnsmasq.servicednsmasqrcdnsmasqdnsmasqCHANGELOGFAQcontribCPE-WANREADMEconntrackREADMEdbus-testdbus-test.pydns-locREADMEdnsmasq2-loc-rfc1876.patchdnslistdhcp.cssdnslist.pldnslist.tt2dynamic-dnsmasqdynamic-dnsmasq.pllease-accessREADMElease.access.patchlease-toolsMakefiledhcp_lease_time.1dhcp_lease_time.cdhcp_release.1dhcp_release.cdhcp_release6dhcp_release6.1dhcp_release6.cmactablemacscriptopenvpnREADMEdhclient-enter-hooksdnsmasq.patchport-forwarddnsmasq-portforwardportforwardreverse-dnsREADMEreverse_replace.shstatic-arpstatic-arpsystemdREADMEdbus_activationdnsmasq.servicetry-all-nsREADMEREADME-2.47README-2.78dnsmasq-2.35-try-all-ns.patchdnsmasq-2.47_no_nxdomain_until_end.patchdnsmasq-2.68-try-all-nsdnsmasq-2.78xx-try-all-ns.patchwebminREADMEdnsmasq.wbmwrtREADMElease_update.shdbusDBus-interfacednsmasq.confdnsmasq.conf.exampledoc.htmlsetup.htmldnsmasqCOPYINGCOPYING-v3dnsmasq.modnsmasq.modnsmasq.modnsmasq.modnsmasq.modnsmasq.modnsmasq.modnsmasq.modnsmasq.modnsmasq.modnsmasq.8.gzdnsmasq.8.gzdnsmasq.8.gz/etc/dbus-1/system.d//etc//etc/dnsmasq.d//etc/slp.reg.d//etc/sysconfig/SuSEfirewall2.d/services//srv//usr/lib/systemd/system//usr/sbin//usr/share/doc/packages//usr/share/doc/packages/dnsmasq//usr/share/doc/packages/dnsmasq/contrib//usr/share/doc/packages/dnsmasq/contrib/CPE-WAN//usr/share/doc/packages/dnsmasq/contrib/conntrack//usr/share/doc/packages/dnsmasq/contrib/dbus-test//usr/share/doc/packages/dnsmasq/contrib/dns-loc//usr/share/doc/packages/dnsmasq/contrib/dnslist//usr/share/doc/packages/dnsmasq/contrib/dynamic-dnsmasq//usr/share/doc/packages/dnsmasq/contrib/lease-access//usr/share/doc/packages/dnsmasq/contrib/lease-tools//usr/share/doc/packages/dnsmasq/contrib/mactable//usr/share/doc/packages/dnsmasq/contrib/openvpn//usr/share/doc/packages/dnsmasq/contrib/port-forward//usr/share/doc/packages/dnsmasq/contrib/reverse-dns//usr/share/doc/packages/dnsmasq/contrib/static-arp//usr/share/doc/packages/dnsmasq/contrib/systemd//usr/share/doc/packages/dnsmasq/contrib/try-all-ns//usr/share/doc/packages/dnsmasq/contrib/webmin//usr/share/doc/packages/dnsmasq/contrib/wrt//usr/share/doc/packages/dnsmasq/dbus//usr/share/licenses//usr/share/licenses/dnsmasq//usr/share/locale/de/LC_MESSAGES//usr/share/locale/es/LC_MESSAGES//usr/share/locale/fi/LC_MESSAGES//usr/share/locale/fr/LC_MESSAGES//usr/share/locale/id/LC_MESSAGES//usr/share/locale/it/LC_MESSAGES//usr/share/locale/nb/LC_MESSAGES//usr/share/locale/pl/LC_MESSAGES//usr/share/locale/pt_BR/LC_MESSAGES//usr/share/locale/ro/LC_MESSAGES//usr/share/man/es/man8//usr/share/man/fr/man8//usr/share/man/man8/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.opensuse.org/openSUSE:Maintenance:8912/openSUSE_Leap_15.0_Update/0a0cecaa58724c321d3bc3114c167782-dnsmasq.openSUSE_Leap_15.0_Updatedrpmxz5x86_64-suse-linux   exported SGML document, ASCII textASCII textdirectoryELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=34073c0e9730fd9b480c81ad991d4b897cf985ff, strippedUTF-8 Unicode textPython script, ASCII text executableunified diff output, ASCII textPerl script text executableHTML document, ASCII textmakefile script, ASCII texttroff or preprocessor input, ASCII textC source, ASCII textELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=21d0788378a2f5d0e11c3c79506bd89589ceaab9, with debug_info, not strippedBourne-Again shell script, ASCII text executableASCII text, with CRLF line terminatorsa /bin/ash script, ASCII text executablePOSIX shell script, ASCII text executablePOSIX tar archive (GNU)HTML document, UTF-8 Unicode texttroff or preprocessor input, ISO-8859 text, with very long lines (gzip compressed data, max compression, from Unix)troff or preprocessor input, UTF-8 Unicode text (gzip compressed data, max compression, from Unix)troff or preprocessor input, ASCII text (gzip compressed data, max compression, from Unix)RRRRR RRR R R R RRRRRRR  І ͋@utf-84bbf153642c63deec6407aa46ebc46fae37d4d8fd524ace0af47e6cf35e5c65f?7zXZ !t/#S <]"k%jYӿ8`Qg-%N:\|CDO!bR$!Iq@/Ecivׇ͆í0mX8 9kz[)GYrSxg%lM q%BߔkwTiV7CV')='wR,4O9zl%59Ψ>?H6B6̎hG\FHH;kpMFz]H#Sq%=6),S/sR4,}0b.^(ӏYX+U!7qԨQZ]_nCrOlN)qNXԱ$Cͬ s ܫ^@(UW ⠆˷*G,bWܵvYޠA۾'L&0tZr4_9+C*!_u֯`r̾r|<&sg!5)Ώ55v{* +.mǚ/Dp5>%)KbƖy"p*nCG 1DaH0L f8sl{oþqZǤ8ƕ. I+vq̿ Uh9WxBxyvZ,VmsO:Suz6EզBh&=Nѐ!ֵ 45E&=7Q \cF:2I[*}lCo:08ukp X~Ө^uH(x"HZ( u~,΅L XEZ{]R ~2B|3L_w\b1QhSZ#d3}G|k ƳFeURJ`b"AjW\ޫvM% _$ݔ욋xhK9huA~ct㵷/iY,S1TvB3:*3ʜYz:ia~pu,鋠x*cvBf>J06_=I $=kyfF"f4w>&3d͋B4xZF:# YZ