diff --git a/abi_used_libs b/abi_used_libs --- a/abi_used_libs +++ b/abi_used_libs @@ -1,3 +1,4 @@ libc.so.6 libgmp.so.10 +libhogweed.so.4 libnettle.so.6 diff --git a/files/0002-Fix-SIOCGSTAMP-import.patch b/files/0002-Fix-SIOCGSTAMP-import.patch new file mode 100644 --- /dev/null +++ b/files/0002-Fix-SIOCGSTAMP-import.patch @@ -0,0 +1,26 @@ +From 3052ce208acf602f0163166dcefb7330d537cedb Mon Sep 17 00:00:00 2001 +From: Jiri Slaby +Date: Wed, 24 Jul 2019 17:34:48 +0100 +Subject: [PATCH] Fix build after y2038 changes in glib. + +SIOCGSTAMP is defined in linux/sockios.h, not asm/sockios.h now. +--- + src/dnsmasq.h | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/dnsmasq.h b/src/dnsmasq.h +index ff3204a..3ef04ad 100644 +--- a/src/dnsmasq.h ++++ b/src/dnsmasq.h +@@ -137,6 +137,7 @@ typedef unsigned long long u64; + #endif + + #if defined(HAVE_LINUX_NETWORK) ++#include + #include + /* There doesn't seem to be a universally-available + userspace header for these. */ +-- +1.7.10.4 + + diff --git a/files/0003-Do-not-rebuild-when-installing.patch b/files/0003-Do-not-rebuild-when-installing.patch new file mode 100644 --- /dev/null +++ b/files/0003-Do-not-rebuild-when-installing.patch @@ -0,0 +1,42 @@ +From ba469c043c9c6e664696b8aa27bbf35c8d33afc0 Mon Sep 17 00:00:00 2001 +From: Fabio Forni +Date: Thu, 12 Mar 2020 23:25:27 +0100 +Subject: [PATCH] Do not rebuild when installing + +--- + Makefile | 8 +++----- + 1 file changed, 3 insertions(+), 5 deletions(-) + +diff --git a/Makefile b/Makefile +index e71cf86..fc28a24 100644 +--- a/Makefile ++++ b/Makefile +@@ -98,9 +98,7 @@ clean : mostly_clean + rm -f core */core + rm -f *~ contrib/*/*~ */*~ + +-install : all install-common +- +-install-common : ++install : + $(INSTALL) -d $(DESTDIR)$(BINDIR) + $(INSTALL) -d $(DESTDIR)$(MANDIR)/man8 + $(INSTALL) -m 644 $(MAN)/dnsmasq.8 $(DESTDIR)$(MANDIR)/man8 +@@ -117,7 +115,7 @@ all-i18n : $(BUILDDIR) + cd $(top) && cd $(BUILDDIR) && $(MAKE) top="$(top)" -f $(top)/Makefile $${f%.po}.mo; \ + done + +-install-i18n : all-i18n install-common ++install-i18n : install + cd $(BUILDDIR); $(top)/bld/install-mo $(DESTDIR)$(LOCALEDIR) $(INSTALL) + cd $(MAN); ../bld/install-man $(DESTDIR)$(MANDIR) $(INSTALL) + +@@ -169,4 +167,4 @@ dnsmasq.pot : $(objs:.o=.c) $(hdrs) + %.mo : $(top)/$(PO)/%.po dnsmasq.pot + $(MSGMERGE) -o - $(top)/$(PO)/$*.po dnsmasq.pot | $(MSGFMT) -o $*.mo - + +-.PHONY : all clean mostly_clean install install-common all-i18n install-i18n merge baseline bloatcheck ++.PHONY : all clean mostly_clean install all-i18n install-i18n merge baseline bloatcheck +-- +2.25.1 + diff --git a/files/dnsmasq.service b/files/dnsmasq.service new file mode 100644 --- /dev/null +++ b/files/dnsmasq.service @@ -0,0 +1,13 @@ +[Unit] +Description=dnsmasq - A lightweight DHCP and caching DNS server +After=network.target + +[Service] +Type=dbus +BusName=uk.org.thekelleys.dnsmasq +ExecStartPre=/usr/bin/dnsmasq --test +ExecStart=/usr/bin/dnsmasq -k +ExecReload=/bin/kill -HUP $MAINPID + +[Install] +WantedBy=multi-user.target diff --git a/files/security/cve-2017-15107.patch b/files/security/cve-2017-15107.patch deleted file mode 100644 --- a/files/security/cve-2017-15107.patch +++ /dev/null @@ -1,188 +0,0 @@ -diff --git a/src/dnssec.c b/src/dnssec.c -index eb6c11c..a54a0b4 100644 ---- a/src/dnssec.c -+++ b/src/dnssec.c -@@ -103,15 +103,17 @@ static void from_wire(char *name) - static int count_labels(char *name) - { - int i; -- -+ char *p; -+ - if (*name == 0) - return 0; - -- for (i = 0; *name; name++) -- if (*name == '.') -+ for (p = name, i = 0; *p; p++) -+ if (*p == '.') - i++; - -- return i+1; -+ /* Don't count empty first label. */ -+ return *name == '.' ? i : i+1; - } - - /* Implement RFC1982 wrapped compare for 32-bit numbers */ -@@ -1094,8 +1096,8 @@ static int hostname_cmp(const char *a, const char *b) - } - } - --static int prove_non_existence_nsec(struct dns_header *header, size_t plen, unsigned char **nsecs, int nsec_count, -- char *workspace1, char *workspace2, char *name, int type, int *nons) -+static int prove_non_existence_nsec(struct dns_header *header, size_t plen, unsigned char **nsecs, unsigned char **labels, int nsec_count, -+ char *workspace1_in, char *workspace2, char *name, int type, int *nons) - { - int i, rc, rdlen; - unsigned char *p, *psave; -@@ -1108,6 +1110,9 @@ static int prove_non_existence_nsec(struct dns_header *header, size_t plen, unsi - /* Find NSEC record that proves name doesn't exist */ - for (i = 0; i < nsec_count; i++) - { -+ char *workspace1 = workspace1_in; -+ int sig_labels, name_labels; -+ - p = nsecs[i]; - if (!extract_name(header, plen, &p, workspace1, 1, 10)) - return 0; -@@ -1116,7 +1121,27 @@ static int prove_non_existence_nsec(struct dns_header *header, size_t plen, unsi - psave = p; - if (!extract_name(header, plen, &p, workspace2, 1, 10)) - return 0; -- -+ -+ /* If NSEC comes from wildcard expansion, use original wildcard -+ as name for computation. */ -+ sig_labels = *labels[i]; -+ name_labels = count_labels(workspace1); -+ -+ if (sig_labels < name_labels) -+ { -+ int k; -+ for (k = name_labels - sig_labels; k != 0; k--) -+ { -+ while (*workspace1 != '.' && *workspace1 != 0) -+ workspace1++; -+ if (k != 1 && *workspace1 == '.') -+ workspace1++; -+ } -+ -+ workspace1--; -+ *workspace1 = '*'; -+ } -+ - rc = hostname_cmp(workspace1, name); - - if (rc == 0) -@@ -1514,24 +1539,26 @@ static int prove_non_existence_nsec3(struct dns_header *header, size_t plen, uns - - static int prove_non_existence(struct dns_header *header, size_t plen, char *keyname, char *name, int qtype, int qclass, char *wildname, int *nons) - { -- static unsigned char **nsecset = NULL; -- static int nsecset_sz = 0; -+ static unsigned char **nsecset = NULL, **rrsig_labels = NULL; -+ static int nsecset_sz = 0, rrsig_labels_sz = 0; - - int type_found = 0; -- unsigned char *p = skip_questions(header, plen); -+ unsigned char *auth_start, *p = skip_questions(header, plen); - int type, class, rdlen, i, nsecs_found; - - /* Move to NS section */ - if (!p || !(p = skip_section(p, ntohs(header->ancount), header, plen))) - return 0; -+ -+ auth_start = p; - - for (nsecs_found = 0, i = ntohs(header->nscount); i != 0; i--) - { - unsigned char *pstart = p; - -- if (!(p = skip_name(p, header, plen, 10))) -+ if (!extract_name(header, plen, &p, daemon->workspacename, 1, 10)) - return 0; -- -+ - GETSHORT(type, p); - GETSHORT(class, p); - p += 4; /* TTL */ -@@ -1548,7 +1575,69 @@ static int prove_non_existence(struct dns_header *header, size_t plen, char *key - if (!expand_workspace(&nsecset, &nsecset_sz, nsecs_found)) - return 0; - -- nsecset[nsecs_found++] = pstart; -+ if (type == T_NSEC) -+ { -+ /* If we're looking for NSECs, find the corresponding SIGs, to -+ extract the labels value, which we need in case the NSECs -+ are the result of wildcard expansion. -+ Note that the NSEC may not have been validated yet -+ so if there are multiple SIGs, make sure the label value -+ is the same in all, to avoid be duped by a rogue one. -+ If there are no SIGs, that's an error */ -+ unsigned char *p1 = auth_start; -+ int res, j, rdlen1, type1, class1; -+ -+ if (!expand_workspace(&rrsig_labels, &rrsig_labels_sz, nsecs_found)) -+ return 0; -+ -+ rrsig_labels[nsecs_found] = NULL; -+ -+ for (j = ntohs(header->nscount); j != 0; j--) -+ { -+ if (!(res = extract_name(header, plen, &p1, daemon->workspacename, 0, 10))) -+ return 0; -+ -+ GETSHORT(type1, p1); -+ GETSHORT(class1, p1); -+ p1 += 4; /* TTL */ -+ GETSHORT(rdlen1, p1); -+ -+ if (!CHECK_LEN(header, p1, plen, rdlen1)) -+ return 0; -+ -+ if (res == 1 && class1 == qclass && type1 == T_RRSIG) -+ { -+ int type_covered; -+ unsigned char *psav = p1; -+ -+ if (rdlen < 18) -+ return 0; /* bad packet */ -+ -+ GETSHORT(type_covered, p1); -+ -+ if (type_covered == T_NSEC) -+ { -+ p1++; /* algo */ -+ -+ /* labels field must be the same in every SIG we find. */ -+ if (!rrsig_labels[nsecs_found]) -+ rrsig_labels[nsecs_found] = p1; -+ else if (*rrsig_labels[nsecs_found] != *p1) /* algo */ -+ return 0; -+ } -+ p1 = psav; -+ } -+ -+ if (!ADD_RDLEN(header, p1, plen, rdlen1)) -+ return 0; -+ } -+ -+ /* Must have found at least one sig. */ -+ if (!rrsig_labels[nsecs_found]) -+ return 0; -+ } -+ -+ nsecset[nsecs_found++] = pstart; - } - - if (!ADD_RDLEN(header, p, plen, rdlen)) -@@ -1556,7 +1645,7 @@ static int prove_non_existence(struct dns_header *header, size_t plen, char *key - } - - if (type_found == T_NSEC) -- return prove_non_existence_nsec(header, plen, nsecset, nsecs_found, daemon->workspacename, keyname, name, qtype, nons); -+ return prove_non_existence_nsec(header, plen, nsecset, rrsig_labels, nsecs_found, daemon->workspacename, keyname, name, qtype, nons); - else if (type_found == T_NSEC3) - return prove_non_existence_nsec3(header, plen, nsecset, nsecs_found, daemon->workspacename, keyname, name, qtype, wildname, nons); - else diff --git a/package.yml b/package.yml --- a/package.yml +++ b/package.yml @@ -1,24 +1,26 @@ name : dnsmasq -version : '2.78' -release : 9 +version : '2.80' +release : 10 source : - - http://www.thekelleys.org.uk/dnsmasq/dnsmasq-2.78.tar.xz : 89949f438c74b0c7543f06689c319484bd126cc4b1f8c745c742ab397681252b -license : GPL-2.0 + - http://www.thekelleys.org.uk/dnsmasq/dnsmasq-2.80.tar.xz : cdaba2785e92665cf090646cba6f94812760b9d7d8c8d0cfb07ac819377a63bb +license : GPL-2.0-or-later summary : DNS forwarder component : network.base description: | - DNS forwarder + dnsmasq in Solus is used to forward all query types to upstream recursive DNS servers, and to cache common record types (A, AAAA, CNAME and PTR, also DNSKEY and DS when DNSSEC is enabled). builddeps : - pkgconfig(nettle) setup : | # Causes severe delays otherwise %patch -p1 < $pkgfiles/0001-Disable-ICMP-echo-address-checking.patch - %patch -p1 < $pkgfiles/security/cve-2017-15107.patch + %patch -p1 < $pkgfiles/0002-Fix-SIOCGSTAMP-import.patch + %patch -p1 < $pkgfiles/0003-Do-not-rebuild-when-installing.patch build : | - %make COPTS="-DHAVE_DNSSEC" CFLAGS="$CFLAGS" LDFLAGS="$LDFLAGS" + %make all-i18n COPTS="-DHAVE_DNSSEC" CFLAGS="$CFLAGS" LDFLAGS="$LDFLAGS" install : | - %make_install COPTS="-DHAVE_DNSSEC" PREFIX=/usr BINDIR=/usr/bin - install -D -m 00644 "dnsmasq.conf.example" $installdir/etc/dnsmasq.conf - sed -i 's@%%PREFIX%%@/usr@' $installdir/etc/dnsmasq.conf - install -D -m 00644 trust-anchors.conf $installdir/usr/share/dnsmasq/trust-anchors.conf + %make install-i18n DESTDIR=$installdir PREFIX=/usr BINDIR=/usr/bin + install -Dm00644 "dnsmasq.conf.example" $installdir/etc/dnsmasq.conf + sed -i 's|%%PREFIX%%|/usr|' $installdir/etc/dnsmasq.conf + install -Dm00644 trust-anchors.conf $installdir/usr/share/dnsmasq/trust-anchors.conf + install -Dm00644 $pkgfiles/dnsmasq.service -t $installdir/usr/lib64/systemd/system diff --git a/pspec_x86_64.xml b/pspec_x86_64.xml --- a/pspec_x86_64.xml +++ b/pspec_x86_64.xml @@ -2,36 +2,49 @@ dnsmasq - Peter O'Connor - peter@solus-project.com + Fabio Forni + livingsilver94.solus@redaril.me - GPL-2.0 + GPL-2.0-or-later network.base DNS forwarder - DNS forwarder + dnsmasq in Solus is used to forward all query types to upstream recursive DNS servers, and to cache common record types (A, AAAA, CNAME and PTR, also DNSKEY and DS when DNSSEC is enabled). - https://solus-project.com/sources/README.Solus + https://getsol.us/sources/README.Solus dnsmasq DNS forwarder - DNS forwarder + dnsmasq in Solus is used to forward all query types to upstream recursive DNS servers, and to cache common record types (A, AAAA, CNAME and PTR, also DNSKEY and DS when DNSSEC is enabled). network.base /etc/dnsmasq.conf - /usr/bin - /usr/share/dnsmasq - /usr/share/man + /usr/bin/dnsmasq + /usr/lib64/systemd/system/dnsmasq.service + /usr/share/dnsmasq/trust-anchors.conf + /usr/share/locale/de/LC_MESSAGES/dnsmasq.mo + /usr/share/locale/es/LC_MESSAGES/dnsmasq.mo + /usr/share/locale/fi/LC_MESSAGES/dnsmasq.mo + /usr/share/locale/fr/LC_MESSAGES/dnsmasq.mo + /usr/share/locale/id/LC_MESSAGES/dnsmasq.mo + /usr/share/locale/it/LC_MESSAGES/dnsmasq.mo + /usr/share/locale/no/LC_MESSAGES/dnsmasq.mo + /usr/share/locale/pl/LC_MESSAGES/dnsmasq.mo + /usr/share/locale/pt_BR/LC_MESSAGES/dnsmasq.mo + /usr/share/locale/ro/LC_MESSAGES/dnsmasq.mo + /usr/share/man/es/man8/dnsmasq.8 + /usr/share/man/fr/man8/dnsmasq.8 + /usr/share/man/man8/dnsmasq.8 - - 2018-01-31 - 2.78 + + 2020-03-12 + 2.80 Packaging update - Peter O'Connor - peter@solus-project.com + Fabio Forni + livingsilver94.solus@redaril.me \ No newline at end of file