dnsmasq-utils-2.78-lp151.5.3.1 4>$  Ap] /=„lZ  wZR!^ER3 5훳]F Pff V0M'[=W< $p>?H??8d ! O 2X^d|    2 8Pn (89<:F9]G9tH9I9X9Y9\9]9^:Ub:tc;2d;e;f;l;u;v;w>x>y> z>>>>?4Cdnsmasq-utils2.78lp151.5.3.1Utilities for manipulating DHCP server leasesUtilities that use the standard DHCP protocol to query/remove a DHCP server's leases.]cloud124zopenSUSE Leap 15.1openSUSEGPL-2.0-only OR GPL-3.0-onlyhttp://bugs.opensuse.orgProductivity/Networking/DNS/Servershttp://www.thekelleys.org.uk/dnsmasq/linuxi586& 6p큤]]]]]]a4a97be47e9fa47e9004d28b0ce2af2be83e6d780c27d4c7b51fc62281449107db47ddf35a82a06b314c68fd72e5aff0282039b1381dc1c97f2cc1eb51cb4b7bc18fa11f942e3eab1ad2c6ee1bd85eb2b93a4e26ec49a16c815eb037eb7de164d73135fb1c722ec652e4039fa7f10adae56c8e4818396472b8fa64beb87e0651a1cf3820c235abafa640a16c575238ca5f73217fc66f8987d5d496c9250bf2505a71643d57ae14aac29d47eeab8120f130a8a67aebb0a8ee4ed88d981b7242d0rootrootrootrootrootrootrootrootrootrootrootrootdnsmasq-2.78-lp151.5.3.1.src.rpmdnsmasq-utilsdnsmasq-utils(x86-32)@@@@    libc.so.6libc.so.6(GLIBC_2.0)libc.so.6(GLIBC_2.1)libc.so.6(GLIBC_2.1.3)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)3.0.4-14.6.0-14.0-15.2-14.14.1]@[@[[LZ%8Z!D@Y*@Y@YXlWWbV@U@UUa@U4@T@TB@T@TT_W@Reinhard Max cgoll@suse.comdmueller@suse.comkukuk@suse.deidonmez@suse.comcbosdonnat@suse.commax@suse.comtchvatal@suse.comdmueller@suse.commartin.wilck@suse.commax@suse.commax@suse.commpluskal@suse.comstefan.bruens@rwth-aachen.destefan.bruens@rwth-aachen.decrrodriguez@opensuse.orgabergmann@suse.comjslaby@suse.comdimstar@opensuse.orgnemysis@gmx.chnemysis@gmx.chseife+obs@b1-systems.com- bsc#1154849, CVE-2019-14834, dnsmasq-CVE-2019-14834.patch: memory leak in the create_helper() function in /src/helper.c - bsc#1156543: include linux/sockios.h to get SIOCGSTAMP (dnsmasq-siocgstamp.patch). - bsc#1138743: remove cache size limit (dnsmasq-cache-size.patch). - bsc#1152539: include config files from /etc/dnsmasq.d/*.conf . - bsc#1076958, CVE-2017-15107, dnsmasq-CVE-2017-15107.patch: A vulnerability in DNSSEC implementation of Dnsmasq was found. Processing of wildcard synthesized NSEC records may result in improper validation for non-existance in some implementations of DNSSEC. While synthesis of NSEC records is allowed by RFC4592, the synthesized owner names should not be used in the NSEC processing. - Package contrib/lease-tools/dhcp_release6.- enabled lua scripting interface (FATE#327143).- add missing prereq on the group to be created (bsc#1106446)- Don't require systemd explicit, fix spec file to handle both cases correct. In containers we don't have systemd. - Adjust pre/post install for transactional updates. - Use %license instead of %doc [bsc#1082318]- Update keyring- Get rid of python dependency due to examples. (fate#323526)- Security update to version 2.78: * bsc#1060354, CVE-2017-14491: 2 byte heap based overflow. * bsc#1060355, CVE-2017-14492: heap based overflow. * bsc#1060360, CVE-2017-14493: stack based overflow. * bsc#1060361, CVE-2017-14494: DHCP - info leak. * bsc#1060362, CVE-2017-14495: DNS - OOM DoS. * bsc#1060364, CVE-2017-14496: DNS - DoS Integer underflow. * Fix DHCP relaying, broken in 2.76 and 2.77. * For other changes, see http://www.thekelleys.org.uk/dnsmasq/CHANGELOG - Obsoleted patches: * Fix-crash-introduced-in-2675f2061525bc954be14988d643.patch * Handle-binding-upstream-servers-to-an-interface.patch- Fix /srv/tftpboot permissions wrt bsc#940608- reload system dbus to pick up policy change on install (bsc#1054429)- Handle binding upstream servers to an interface if interface is destroyed and recreated (boo#1018160) Added two patches from upstream: * added Handle-binding-upstream-servers-to-an-interface.patch * added Fix-crash-introduced-in-2675f2061525bc954be14988d643.patch- Update to 2.76: * Include 0.0.0.0/8 in DNS rebind checks. * Enhance --add-subnet to allow arbitrary subnet addresses. * Respect the --no-resolv flag in inotify code. Fixes bug which caused dnsmasq to fail to start if a resolv-file was a dangling symbolic link, even of --no-resolv set. * Fix crash when an A or AAAA record is defined locally, in a hosts file, and an upstream server sends a reply that the same name is empty (CVE-2015-8899, bsc#983273). * Fix failure to correctly calculate cache-size when reading a hosts-file fails. * Fix wrong answer to simple name query when --domain-needed set, but no upstream servers configured. * Return REFUSED when running out of forwarding table slots, not SERVFAIL. * Add --max-port configuration. * Add --script-arp and two new functions for the dhcp-script. * Extend --add-mac to allow a new encoding of the MAC address as base64, by configurting --add-mac=base64 * Add --add-cpe-id option. * Don't crash with divide-by-zero if an IPv6 dhcp-range is declared as a whole /64. (ie xx::0 to xx::ffff:ffff:ffff:ffff) * Add support for a TTL parameter in --host-record and --cname. * Add --dhcp-ttl option. * Add --tftp-mtu option. * Check return-code of inet_pton() when parsing dhcp-option. * Fix wrong value for EDNS UDP packet size when using - -servers-file to define upstream DNS servers. * Add dhcp_release6 to contrib/lease-tools.- dnsmasq-groups.patch: Initialize the supplementary groups of the dnsmasq user (bsc#859298).- Add gpg signature- spec file cleanup, get rid of redifinition warnings- Update to 2.75, announce message: Fix reversion on 2.74 which caused 100% CPU use when a dhcp-script is configured. Thanks to Adrian Davey for reporting the bug and testing the fix. - Update to 2.74, announce message: Fix reversion in 2.73 where --conf-file would attempt to read the default file, rather than no file. Fix inotify code to handle dangling symlinks better and not SEGV in some circumstances. DNSSEC fix. In the case of a signed CNAME generated by a wildcard which pointed to an unsigned domain, the wrong status would be logged, and some necessary checks omitted. - Update to 2.73, announce message: Fix crash at startup when an empty suffix is supplied to - -conf-dir, also trivial memory leak. Thanks to Tomas Hozza for spotting this. Remove floor of 4096 on advertised EDNS0 packet size when DNSSEC in use, the original rationale for this has long gone. Thanks to Anders Kaseorg for spotting this. Use inotify for checking on updates to /etc/resolv.conf and friends under Linux. This fixes race conditions when the files are updated rapidly and saves CPU by noy polling. To build a binary that runs on old Linux kernels without inotify, use make COPTS=-DNO_INOTIFY Fix breakage of --domain=,,local - only reverse queries were intercepted. THis appears to have been broken since 2.69. Thanks to Josh Stone for finding the bug. Eliminate IPv6 privacy addresses and deprecated addresses from the answers given by --interface-name. Note that reverse queries (ie looking for names, given addresses) are not affected. Thanks to Michael Gorbach for the suggestion. Fix crash in DNSSEC code with long RRs. Thanks to Marco Davids for the bug report. Add --ignore-address option. Ignore replies to A-record queries which include the specified address. No error is generated, dnsmasq simply continues to listen for another reply. This is useful to defeat blocking strategies which rely on quickly supplying a forged answer to a DNS request for certain domains, before the correct answer can arrive. Thanks to Glen Huang for the patch. Revisit the part of DNSSEC validation which determines if an unsigned answer is legit, or is in some part of the DNS tree which should be signed. Dnsmasq now works from the DNS root downward looking for the limit of signed delegations, rather than working bottom up. This is both more correct, and less likely to trip over broken nameservers in the unsigned parts of the DNS tree which don't respond well to DNSSEC queries. Add --log-queries=extra option, which makes logs easier to search automatically. Add --min-cache-ttl option. I've resisted this for a long time, on the grounds that disbelieving TTLs is never a good idea, but I've been persuaded that there are sometimes reasons to do it. (Step forward, GFW). To avoid misuse, there's a hard limit on the TTL floor of one hour. Thansk to RinSatsuki for the patch. Cope with multiple interfaces with the same link-local address. (IPv6 addresses are scoped, so this is allowed.) Thanks to Cory Benfield for help with this. Add --dhcp-hostsdir. This allows addition of new host configurations to a running dnsmasq instance much more cheaply than having dnsmasq re-read all its existing configuration each time. Don't reply to DHCPv6 SOLICIT messages if we're not configured to do stateful DHCPv6. Thanks to Win King Wan for the patch. Fix broken DNSSEC validation of ECDSA signatures. Add --dnssec-timestamp option, which provides an automatic way to detect when the system time becomes valid after boot on systems without an RTC, whilst allowing DNS queries before the clock is valid so that NTP can run. Thanks to Kevin Darbyshire-Bryant for developing this idea. Add --tftp-no-fail option. Thanks to Stefan Tomanek for the patch. Fix crash caused by looking up servers.bind, CHAOS text record, when more than about five --servers= lines are in the dnsmasq config. This causes memory corruption which causes a crash later. Thanks to Matt Coddington for sterling work chasing this down. Fix crash on receipt of certain malformed DNS requests. Thanks to Nick Sampanis for spotting the problem. Note that this is could allow the dnsmasq process's memory to be read by an attacker under certain circumstances, so it has a CVE, CVE-2015-3294 Fix crash in authoritative DNS code, if a .arpa zone is declared as authoritative, and then a PTR query which is not to be treated as authoritative arrived. Normally, directly declaring .arpa zone as authoritative is not done, so this crash wouldn't be seen. Instead the relevant .arpa zone should be specified as a subnet in the auth-zone declaration. Thanks to Johnny S. Lee for the bugreport and initial patch. Fix authoritative DNS code to correctly reply to NS and SOA queries for .arpa zones for which we are declared authoritative by means of a subnet in auth-zone. Previously we provided correct answers to PTR queries in such zones (including NS and SOA) but not direct NS and SOA queries. Thanks to Johnny S. Lee for pointing out the problem. Fix logging of DHCPREPLY which should be suppressed by quiet-dhcp6. Thanks to J. Pablo Abonia for spotting the problem. Try and handle net connections with broken fragmentation that lose large UDP packets. If a server times out, reduce the maximum UDP packet size field in the EDNS0 header to 1280 bytes. If it then answers, make that change permanent. Check IPv4-mapped IPv6 addresses when --stop-rebind is active. Thanks to Jordan Milne for spotting this. Allow DHCPv4 options T1 and T2 to be set using --dhcp-option. Thanks to Kevin Benton for patches and work on this. Fix code for DHCPCONFIRM DHCPv6 messages to confirm addresses in the correct subnet, even of not in dynamic address allocation range. Thanks to Steve Hirsch for spotting the problem. Add AddDhcpLease and DeleteDhcpLease DBus methods. Thanks to Nicolas Cavallari for the patch. Allow configuration of router advertisements without the "on-link" bit set. Thanks to Neil Jerram for the patch. Extend --bridge-interface to DHCPv6 and router advertisements. Thanks to Neil Jerram for the patch.- dnsmasq.service: Order Before=nss-lookup.target and Wants=nss-lookup.target as this service may provide name resolution even for the localhost.- Move trust-anchors.conf into /etc/dnsmasq.d to be AppArmor conform. (bnc#908137)- The change from Wed Dec 24 messed group w/ user IDs. Switch them back and be more careful w/ what is changed.- Fix symlink of rcFOO to /usr/sbin/service, resolving a dangling symlink lint warning (and remove the same from rpmlintrc).- Remove from spec group_and_isc.patch, forgotten in previous commit- Update to 2.72, announce message: Add ra-advrouter mode, for RFC-3775 mobile IPv6 support. Add support for "ipsets" in *BSD, using pf. Thanks to Sven Falempim for the patch. Fix race condition which could lock up dnsmasq when an interface goes down and up rapidly. Thanks to Conrad Kostecki for helping to chase this down. Add DBus methods SetFilterWin2KOption and SetBogusPrivOption Thanks to the Smoothwall project for the patch. Fix failure to build against Nettle-3.0. Thanks to Steven Barth for spotting this and finding the fix. When assigning existing DHCP leases to intefaces by comparing networks, handle the case that two or more interfaces have the same network part, but different prefix lengths (favour the longer prefix length.) Thanks to Lung-Pin Chang for the patch. Add a mode which detects and removes DNS forwarding loops, ie a query sent to an upstream server returns as a new query to dnsmasq, and would therefore be forwarded again, resulting in a query which loops many times before being dropped. Upstream servers which loop back are disabled and this event is logged. Thanks to Smoothwall for their sponsorship of this feature. Extend --conf-dir to allow filtering of files. So - -conf-dir=/etc/dnsmasq.d,\*.conf will load all the files in /etc/dnsmasq.d which end in .conf Fix bug when resulted in NXDOMAIN answers instead of NODATA in some circumstances. Fix bug which caused dnsmasq to become unresponsive if it failed to send packets due to a network interface disappearing. Thanks to Niels Peen for spotting this. Fix problem with --local-service option on big-endian platforms Thanks to Richard Genoud for the patch. - Add dnsmasq-rpmlintrc, for false positive scripts and symlink - Add BuildRequires for dos2unix - Use sed instead of simple patch group_and_isc.patch- fix logging, PrivateDevices=yes kills it (bnc#902511, bnc#904537)cloud124 15755438272.78-lp151.5.3.12.78-lp151.5.3.1dhcp_lease_timedhcp_releasedhcp_release6dhcp_lease_time.1.gzdhcp_release.1.gzdhcp_release6.1.gz/usr/bin//usr/share/man/man1/-fomit-frame-pointer -fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.opensuse.org/openSUSE:Maintenance:11657/openSUSE_Leap_15.1_Update/9012d8b55973bf1bf6165279d62def20-dnsmasq.openSUSE_Leap_15.1_Updatecpioxz5i586-suse-linuxELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, interpreter /lib, BuildID[sha1]=451641d316093807c7e2271ac0382b2be8a60bd6, for GNU/Linux 3.2.0, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, interpreter /lib, BuildID[sha1]=0b9f8610b8c330949fd5f2006e4e9eabfb3a3f0d, for GNU/Linux 3.2.0, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, interpreter /lib, BuildID[sha1]=d46a463a4c2aeb87e8d7ab9f0d6b38dc4457b160, for GNU/Linux 3.2.0, strippedtroff or preprocessor input, ASCII text (gzip compressed data, max compression, from Unix)RRRRRRRRRR& ?h9Dutf-836329fafd7f6e69c0150623baca4a3712b65d35c439320376c22fa66a03bccc8? 7zXZ !t/}&5] crv9u֕fQvG1[I4'(㯽n(ye;}~M}ֱnƾ5k~Y6F?ee ")A94FCCfr9н eu7!SDZ,b$u#lyi=<-e(A-U几,-m[YaFz' p-@HoPז1FH;/o;8Dx[Ęk/8!X;A쨈ZbЖȑ n)cWrM( Yͯd׆ pX,? W=yolWVDd0ʝ gxa#qpAG+& L[Ft[.%o]lD #8SD\m`ꔘ4P?ek!Dz{FuGLbЇ,N׌HJ^&N&<T''3p[U51g'd8u39HX3SZIUޔ-wSͯNEu}F$6r}g;M^wХRX𷣄O !k "gVz!|(pRKx5E°(VPK){a9Y1d6bzXEFY>-+.k` @{J["_ٜ;!pQlYT K%5gQO&{.Msef.ra8@1yjGs/g_C8əvljstM=0=jg0{*kV eϠLs}X419Z$|q5V cXȈؠ;eD[]m2ܴzT-SӍv=`U#\]Q\47G`W&]ZY/uO/l"={==e x3zmzy7:MDڃE)Ȩ1r7_NjBpq!0 $P>(U3 PgȠ~'CEP3=1FuXS775"OVYx]'4xh!.56';+F`[ i ZpE%a((!oܺϐUu0sD 5{K3Cu\ ϘKh'-F'~p]!gܶThɛ+jTtdmV :wʴw'LYw\ HW4t¤4i]]!^p\fzԪ1KdoIpOVJ۪Eg^<׷LY9ſy3_bT5 nܢ,Y(^ iZ6? , ]/zK+r͈]G*y$p%OjeP7WyU G|81hgpf,#Bog'-\f33 0)C!ZL7SgKP5"hUȐ^$q 4 kC@1?),zw X _A%H8=Ca?B|.rǘɥŀsiMP\1L;֒Q u׹'7π*Uh7q=R>[E_IFTG,!.7DIjQa$"cgU1 tJf֝L}p6J]X=~ &Iu+ⱛGxjߙTL?e2Y<+[ v46@c:*G47bbU~^Hn6j͜GX\LmF nLϲOc{WOY.p)%)Nm^%)nS@fPW$\-zф?Ӛe&-l{[q&ԓa% *G{`!r:Aָy:bR iA&n5TCIRZ(sQ"F{腦4aG<ტlx UMrsd4F:;VB^q ZWP-.z"RlClBwp-3Ij]%urb@~s s15 (ZacI9fNh$MHSn.YHVEXb(8*Ei g;/gz~l9jr9pnSzcuI$?xQ#jC2N}R.91t;CtwM'tЄ ? LuiWE|Q%[;z[lKȢ5.h7is3.ۣX97?9c ,rBd`ȭ:S8"%n!Wy1 vғ<%M nYİVhySƵ_ +}o۶n|.dz6bUx7%J)ћAyjSjn¦ikcexd'|YXOlr̬QP b(<z )$r9Z]dVum^L(1 Qg&ݕ-9qEQHѡ^~mВ0)vG6 B޽x2iSZ]5Q!@3Wq Lef3r WT\9YX:-1YG2 ]=%huS|DeI/X5,,qZXFWZP4\h ;1u5b{Wos96iQc[<żk!gNh_x*ܩGlQj耰GnςP&#VXOJuX`oX7Q@< D 0<^!QDazb9"^ǠfiGZn\dc Lt)5Yf(E34Wej Z+J~P/aeI/ԗ(l`=_6 Mfv>.Yb#K5޾zGmCŗa#d=9^+of lR|'sR #`&'8!Qs ĩ`Ew^\F.jNqZ_'{!#ReK ż:DL^ ||80JSWЉC6>0 Au VDzJ]XI~xV5?d2F 5sٽ6Zl:{ЄwNT: vH€rQn +WimÂbxOm4FDb,_Rg_/}'n0V⤏vlo|-oCa˵!ʮ$0ߥ ܼu6S,:Io=Gת]V;j$/ jVQ>I!),mr E7,bnA Q'N)괶".-rvk|qe]]7rɱB|b>̡+u@XKZwa+QG^ ! {&RQU:Y8' #kWē:q-Agʵ""Xc @=CRcq]p٧k%T6-}%-Z:~Bezd8#&[VBKӑgޚfW8<`[1T,h%ofp=c#lhvV)`a)N4d oX: ߭ ,{WQS/aJ":= 0Ȑ=ZAH57BF9 |aco,ՌpmGzj ]3_t[dz숣8p0Fb7uud eҸo" [cWlPjO֚AgTvL~h Ng a-~x6%GdP0{p,}]ͫRܽȸJ9 ~lZG@JN;j!( }C" P:M!{$]*e~>CtHF;^0w(dEرo,F ?z #:{.yG YRTe^6B }A‘jNBm !vj^{^D2=h1]5w/޸PQZ ]¬D^+8" #W31=2G~s'O*>0\ZwYzW (•$Ly8pÿR!&L]nNj B]+q3sVH_g0%=+:M@ɍgz$ôbZ꾮$4¦{X-yW+d @PW|Na NsMh0`(b;2"7!%8З̞$wpE++v abkvFh} =Ph›υyRiھ$\.IwmQ`~Y[8VоК3].! {i5"pD"&yѺrY1U7fs_Qz:D>.OɎ. e~[b sHJ<X&.zֺҭڻ6޾ֱ[Nzijk6s9><^w$*Q%miɬa.=f(?_qo:#/7mO!_)WG^XuZѺkp9NTܴpl?Q6lʙʞt AܴˎK-(B?Bu< _]'i`RtY"y E옔L_'"3Fv}Э9-R{2԰S|:X}T5pkR/|Z-WQȏjvԺ"aqZ#YTu3\И"#ƥ`Ok3D2Z>+D+^mEf뤸a7<V *nиPV8EqT z'G4'R%:(0d=+ЇSQћ_q@ lEu[.^j BԝE>:Y'8A"=kU] aQXOzk0?vSلQ{/wA`{"8|XC$; (c|p삤YLf|>(Yr[16>t?@i%߭R_zq" B6%ܭ #$js.!r c!j^4&hh+t 6#:@ Y2e~^,4ܐ].08ZE#\WSX_j=03dxiCz7ZjJ X sr_H5"y/TxC"TO o&xՄԔ܎.רt`cMgby8es/gՄW<:.ᄅ.ru{ɠ'QʚKTY}\r:ȔMvĕق Bk8W+RHsև(t֗Wh}It6wgp8.Pbi BϳtةH e4k 32.ET:iPiäTa (yiP[ J|;q4~fg"ya\*|⑩dk f"2N>ɑe1A!)W'H5G<jt<9A?8=CЎ S%^Pk %3OuFBĠi_K4҉&ս㻳:P`i anZٻ6[BK]o^ꘘF vBAn)A"K Ie+?/N7;:'3p*٢ڂ^$Dn7X_V,4ǟMblM%]TV,4GT1]~1SI3vum&S˪ϧ qWV3řHH=:!wl.|ņzkOy- 1x'blr^z|@v$&#CzCNGdƚB RQZXяH߾H)_AŭE_5Aj 5 4"Lg4ީFlnGmX(,3nyꋑI>W₉ѽ.;fBW8 (|Q B"ο&X:"փJ{2[ߗxrP}wNxZ`QߔI[Miu3.eޠp^H6\(GgǛ<6Hʓb#ΖKE@xX+C*x,sbi*H2K(aF A%.픮FlO&Ca}a_y;d`:QhIV7u*MGfgo\2/`y<+d^ž~O>[taa RWsj> ӀS-9h]&(Q^k%R{1)ԞiYY!yf%QJq:Ye]j