%define _serverbuild_flags -fstack-protector-all %define subrel 3 Name: dnsmasq Version: 2.77 Release: %mkrel 1 Summary: A lightweight DHCP/caching DNS server License: GPLv2 or GPLv3 Group: System/Servers URL: http://www.thekelleys.org.uk/dnsmasq/ Conflicts: bind Source0: http://www.thekelleys.org.uk/dnsmasq/%{name}-%{version}.tar.xz Source1: %{name}.service Source4: README.update.urpmi Patch0: dnsmasq_Fix_CVE-2017-13704.patch Patch1: 0006-Security-fix-CVE-2017-14491-DNS-heap-buffer-overflow.patch Patch2: 0001-Security-fix-CVE-2017-14492-DHCPv6-RA-heap-overflow.patch Patch3: 0002-Security-fix-CVE-2017-14493-DHCPv6-Stack-buffer-over.patch Patch4: 0003-Security-fix-CVE-2017-14494-Infoleak-handling-DHCPv6.patch Patch5: 0004-Security-fix-CVE-2017-14496-Integer-underflow-in-DNS.patch Patch6: 0005-Security-fix-CVE-2017-14495-OOM-in-DNS-response-crea.patch Patch7: 0008-Security-fix-CVE-2017-14491-DNS-heap-buffer-overflow.patch BuildRequires: dbus-devel BuildRequires: libidn-devel BuildRequires: netfilter_conntrack-devel Requires: %{name}-base = %{version}-%{release} Requires(preun): rpm-helper Requires(post): rpm-helper %description Dnsmasq is lightweight, easy to configure DNS forwarder and DHCP server. It is designed to provide DNS and, optionally, DHCP, to a small network. It can serve the names of local machines which are not in the global DNS. The DHCP server integrates with the DNS server and allows machines with DHCP-allocated addresses to appear in the DNS with names configured either in each host or in a central configuration file. Dnsmasq supports static and dynamic DHCP leases and BOOTP for network booting of diskless machines. %package base Summary: A lightweight dhcp and caching nameserver - base files without init scripts Group: Networking/Remote access %description base Dnsmasq is lightweight, easy to configure DNS forwarder and DHCP server. It is designed to provide DNS and, optionally, DHCP, to a small network. It can serve the names of local machines which are not in the global DNS. The DHCP server integrates with the DNS server and allows machines with DHCP-allocated addresses to appear in the DNS with names configured either in each host or in a central configuration file. Dnsmasq supports static and dynamic DHCP leases and BOOTP for network booting of diskless machines. This package contains the base files of the Dnsmasq server, without the init scripts and global configuration files. %package utils Summary: Utilities for manipulating DHCP server leases Group: System/Servers %description utils Utilities that use the standard DHCP protocol to query/remove a DHCP server's leases. %prep %setup -q %autopatch -p1 # fix the path to the trust anchor sed -i 's|%%%%PREFIX%%%%|%{_prefix}|' dnsmasq.conf.example #set default user /group in src/config.h sed -i 's|#define CHUSER "nobody"|#define CHUSER "dnsmasq"|' src/config.h sed -i 's|#define CHGRP "dip"|#define CHGRP "dnsmasq"|' src/config.h # don't run build again with install sed -i 's/^install-i18n.*i18n/install-i18n :/' Makefile %build %make_build all-i18n \ CFLAGS="%{optflags}" \ LDFLAGS="%{ldflags}" \ PREFIX=%{_prefix} \ COPTS="-DHAVE_CONNTRACK -DHAVE_DBUS -DHAVE_IDN" %make_build -C contrib/lease-tools CFLAGS="%{optflags}" %install # we don't want to run %%make_install as we want to use install-i18n target %__make install-i18n PREFIX=%{_prefix} DESTDIR=%{?buildroot} %__install -pm644 %{SOURCE4} README.update.urpmi %__install -Dpm644 dnsmasq.conf.example %{buildroot}%{_sysconfdir}/dnsmasq.conf %__install -Dpm755 contrib/lease-tools/dhcp_release %{buildroot}%{_bindir}/dhcp_release %__install -Dpm644 contrib/lease-tools/dhcp_release.1 %{buildroot}%{_mandir}/man1/dhcp_release.1 %__install -Dpm755 contrib/lease-tools/dhcp_release6 %{buildroot}%{_bindir}/dhcp_release6 %__install -Dpm644 contrib/lease-tools/dhcp_release6.1 %{buildroot}%{_mandir}/man1/dhcp_release6.1 %__install -Dpm755 contrib/lease-tools/dhcp_lease_time %{buildroot}%{_bindir}/dhcp_lease_time %__install -Dpm644 contrib/lease-tools/dhcp_lease_time.1 %{buildroot}%{_mandir}/man1/dhcp_lease_time.1 # Systemd mkdir -p %{buildroot}%{_unitdir} install -m644 %{SOURCE1} %{buildroot}%{_unitdir} rm -rf %{buildroot}%{_initrddir} %find_lang %{name} --with-man %pre %_pre_useradd %{name} /dev/null /sbin/nologin %post %systemd_post dnsmasq.service %preun %systemd_preun dnsmasq.service %postun %systemd_postun_with_restart dnsmasq.service %_postun_userdel %{name} %files %config(noreplace) %{_sysconfdir}/dnsmasq.conf %{_unitdir}/%{name}.service %doc README.update.urpmi %files base -f %{name}.lang %doc CHANGELOG COPYING COPYING-v3 FAQ doc.html setup.html dbus/DBus-interface %{_sbindir}/dnsmasq %{_mandir}/man8/dnsmasq.8* %files utils %{_bindir}/dhcp_* %{_mandir}/man1/dhcp_* %changelog * Mon Oct 29 2018 julien <julien> 2.77-1.3.mga6 + Revision: 1326560 - don't run dnsmasq as nobody but with a specific user (MGA#22694) - add patch for CVE-2017-1449[1-6] ; bug MGA#21793 - Fix CVE-2017-13704, which resulted in a crash on a large DNS query (mga#21793) * Fri Jun 02 2017 julien <julien> 2.77-1.mga6 + Revision: 1105861 - new version 2.77 - drop merged patch * Tue May 02 2017 julien <julien> 2.76-4.mga6 + Revision: 1098692 - Restore PIDFile option in systemd unit. Seems to be necessary for systemd to properly remove pidfile when stopping dnsmasq. (mga#20766) * Mon Mar 27 2017 wally <wally> 2.76-3.mga6 + Revision: 1094970 - use our build time flags (for real) - enable IDN and i18n support - enable conntrack support * Tue Oct 04 2016 luigiwalser <luigiwalser> 2.76-2.mga6 + Revision: 1058617 - add upstream patches to fix issues found by mozilla security audit * Fri May 27 2016 julien <julien> 2.76-1.mga6 + Revision: 1018989 - new version 2.76 - fix build for tools & filelist - adjust update message as we don't carry sysconfig file anymore * Wed May 25 2016 tv <tv> 2.75-3.mga6 + Revision: 1018282 - add a %%postun with std systemd macro - use std systemd macros - fix a path in dnsmasq.conf (rhbz#1295143) - sync systemd service with FC (but keep our options handling) - do not ship sysconfig script when we already ship systemd seervice * Thu Feb 11 2016 umeabot <umeabot> 2.75-2.mga6 + Revision: 953794 - Mageia 6 Mass Rebuild * Mon Aug 17 2015 julien <julien> 2.75-1.mga6 + Revision: 865375 - new version 2.75 * Sun Jul 19 2015 julien <julien> 2.73-1.mga6 + Revision: 855216 - new version 2.73 * Tue May 05 2015 julien <julien> 2.71-4.mga5 + Revision: 821279 - add rediffed upstream patch to fix CVE-2015-3294 (MGA#15855) * Wed Oct 15 2014 umeabot <umeabot> 2.71-3.mga5 + Revision: 739076 - Second Mageia 5 Mass Rebuild * Tue Sep 16 2014 umeabot <umeabot> 2.71-2.mga5 + Revision: 678779 - Mageia 5 Mass Rebuild * Sun May 18 2014 julien <julien> 2.71-1.mga5 + Revision: 623620 - new version 2.71 * Tue Apr 29 2014 julien <julien> 2.70-1.mga5 + Revision: 618899 - new version 2.70 * Wed Mar 26 2014 julien <julien> 2.68-1.mga5 + Revision: 608833 - new version 2.68 * Sat Oct 19 2013 umeabot <umeabot> 2.66-3.mga4 + Revision: 531644 - Mageia 4 Mass Rebuild * Wed Aug 07 2013 joequant <joequant> 2.66-2.mga4 + Revision: 464380 - check group - add dnsmasq-utils to match fedora * Thu Jun 20 2013 julien <julien> 2.66-1.mga4 + Revision: 445287 - new version 2.66 * Thu Jan 31 2013 julien <julien> 2.65-3.mga3 + Revision: 393849 - add patch from redhat to fix CVE-2013-0198 * Fri Jan 11 2013 umeabot <umeabot> 2.65-2.mga3 + Revision: 349042 - Mass Rebuild - https://wiki.mageia.org/en/Feature:Mageia3MassRebuild * Fri Dec 14 2012 julien <julien> 2.65-1.mga3 + Revision: 331001 - new version 2.65 - remove initscript as mga3 is systemd only * Thu Dec 06 2012 julien <julien> 2.64-1.mga3 + Revision: 327523 - update to new version 2.64 * Tue Aug 21 2012 julien <julien> 2.63-1.mga3 + Revision: 282947 - new version 2.63 * Fri Jun 08 2012 julien <julien> 2.62-1.mga3 + Revision: 257965 - new version 2.62 * Mon Jun 04 2012 julien <julien> 2.61-1.mga3 + Revision: 254453 - update to version 2.61 - add systemd unit file - add a warning on update when using sysconfig file * Fri Oct 21 2011 julien <julien> 2.59-1.mga2 + Revision: 157280 - update to version 2.59 * Thu Oct 06 2011 julien <julien> 2.58-1.mga2 + Revision: 152534 - new version 2.58 - small cleanup of specfile * Sat Apr 16 2011 misc <misc> 2.57-1.mga1 + Revision: 86170 - update to 2.57 - remove and clean old conflict * Thu Jan 27 2011 erwan <erwan> 2.55-1.mga1 + Revision: 42235 - imported package dnsmasq