Bug 2002475

Summary: dnsmasq-2.86 is available
Product: [Fedora] Fedora Reporter: Upstream Release Monitoring <upstream-release-monitoring>
Component: dnsmasqAssignee: Petr Menšík <pemensik>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: rawhideCC: aegorenk, code, dns-sig, dougsland, laine, pemensik, veillard
Target Milestone: ---Keywords: FutureFeature, Triaged
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: dnsmasq-2.86-1.fc36 dnsmasq-2.86-1.fc34 dnsmasq-2.86-2.fc35 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-09-15 18:20:04 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
[patch] Update to 2.86 (#2002475) none

Description Upstream Release Monitoring 2021-09-08 22:10:25 UTC 
Latest upstream release: 2.86
Current version/release in rawhide: 2.85-6.fc35
URL: http://www.thekelleys.org.uk/dnsmasq/doc.html

Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/


More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring


Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream.


Based on the information from anitya: https://release-monitoring.org/project/444/
Comment 1 Upstream Release Monitoring 2021-09-08 22:10:31 UTC 
Created attachment 1821650 [details]
[patch] Update to 2.86 (#2002475)
Comment 2 Upstream Release Monitoring 2021-09-08 22:15:01 UTC 
the-new-hotness/release-monitoring.org's scratch build of dnsmasq-2.86-1.fc32.src.rpm for rawhide failed http://koji.fedoraproject.org/koji/taskinfo?taskID=75369044
Comment 3 Petr Menšík 2021-09-09 08:30:34 UTC 
Built already on Rawhide. Updates for f35 and f34 would follow soon.
Comment 4 Petr Menšík 2021-09-09 08:49:35 UTC 
Citing CHANGELOG for changes included. A lot of bug fixes included. Full changes available at [1]


version 2.86
	Handle DHCPREBIND requests in the DHCPv6 server code.
	Thanks to Aichun Li for spotting this omission, and the initial
	patch.

	Fix bug which caused dnsmasq to lose track of processes forked
	to handle TCP DNS connections under heavy load. The code
	checked that at least one free process table slot was
	available before listening on TCP sockets, but didn't take
	into account that more than one TCP connection could
	arrive, so that check was not sufficient to ensure that
	there would be slots for all new processes. It compounded
	this error by silently failing to store the process when
	it did run out of slots. Even when this bug is triggered,
	all the right things happen, and answers are still returned.
	Only under very exceptional circumstances, does the bug
	manifest itself: see
	https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2021q2/014976.html
	Thanks to Tijs Van Buggenhout for finding the conditions under
	which the bug manifests itself, and then working out
	exactly what was going on.

	Major rewrite of the DNS server and domain handling code.
	This should be largely transparent, but it drastically
	improves performance and reduces memory foot-print when
	configuring large numbers domains of the form
	local=/adserver.com/
	or
	local=/adserver.com/#
	Lookup times now grow as log-to-base-2 of the number of domains,
	rather than greater than linearly, as before.
	The change makes multiple addresses associated with a domain work
	address=/example.com/1.2.3.4
	address=/example.com/5.6.7.8
	It also handles multiple upstream servers for a domain better; using
	the same try/retry algorithms as non domain-specific servers. This
	also applies to DNSSEC-generated queries.
	Finally, some of the oldest and gnarliest code in dnsmasq has had
	a significant clean-up. It's far from perfect, but it _is_ better.

	Revise resource handling for number of concurrent DNS queries. This
	used to have a global limit, but that has a problem when using
	different servers for different upstream domains. Queries which are
	routed by domain to an upstream server which is not responding will
	build up and trigger the limit, which breaks DNS service for
	all other domains which could be handled by other servers. The
	change is to make the limit per server-group, where a server group
	is the set of servers configured for a particular domain. In the
	common case, where only default servers are declared, there is
	no effective change.

	Improve efficiency of DNSSEC. The sharing point for DNSSEC RR data
	used to be when it entered the cache, having been validated. After
	that queries requiring the KEY or DS records would share the cached
	values. There is a common case in dual-stack hosts that queries for
	A and AAAA records for the same domain are made simultaneously.
	If required keys were not in the cache, this would result in two
	requests being sent upstream for the same key data (and all the
	subsequent chain-of-trust queries.) Now we combine these requests
	and elide the duplicates, resulting in fewer queries upstream
	and better performance. To keep a better handle on what's
	going on, the "extra" logging mode has been modified to associate
	queries and answers  for DNSSEC queries in the same way as ordinary
	queries. The requesting address and port have been removed from
	DNSSEC logging lines, since this is no longer strictly defined.

	Connection track mark based DNS query filtering. Thanks to
	Etan Kissling for implementing this It extends query filtering
	support beyond what is currently possible
	with the `--ipset` configuration option, by adding support for:
	1) Specifying allowlists on a per-client basis, based on their
	   associated Linux connection track mark.
	2) Dynamic configuration of allowlists via Ubus.
	3) Reporting when a DNS query resolves or is rejected via Ubus.
	4) DNS name patterns containing wildcards.
	Disallowed queries are not forwarded; they are rejected
	with a REFUSED error code.

	Allow smaller than 64 prefix lengths in synth-domain, with caveats.
	--synth-domain=1234:4567::/56,example.com is now valid.

	Make domains generated by --synth-domain appear in replies
	when in authoritative mode.

	Ensure CAP_NET_ADMIN capability is available when
	conntrack is configured. Thanks to Yick Xie for spotting
	the lack of this.

	When --dhcp-hostsfile --dhcp-optsfile and --addn-hosts are
	given a directory as argument, define the order in which
	files within that directory are read (alphabetical order
	of filename). Thanks to Ed Wildgoose for the initial patch
	and motivation for this.

1. https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=log;h=v2.86
Comment 5 Fedora Update System 2021-09-09 08:56:44 UTC 
FEDORA-2021-5945df5d64 has been submitted as an update to Fedora 35. https://bodhi.fedoraproject.org/updates/FEDORA-2021-5945df5d64
Comment 6 Fedora Update System 2021-09-09 08:57:37 UTC 
FEDORA-2021-3480d831cc has been submitted as an update to Fedora 34. https://bodhi.fedoraproject.org/updates/FEDORA-2021-3480d831cc
Comment 7 Fedora Update System 2021-09-09 17:38:57 UTC 
FEDORA-2021-3480d831cc has been pushed to the Fedora 34 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2021-3480d831cc`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2021-3480d831cc

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 8 Fedora Update System 2021-09-09 21:06:48 UTC 
FEDORA-2021-5945df5d64 has been pushed to the Fedora 35 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2021-5945df5d64`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2021-5945df5d64

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 9 Fedora Update System 2021-09-15 18:20:04 UTC 
FEDORA-2021-3480d831cc has been pushed to the Fedora 34 stable repository.
If problem still persists, please make note of it in this bug report.
Comment 10 Fedora Update System 2021-09-23 17:18:45 UTC 
FEDORA-2021-5945df5d64 has been submitted as an update to Fedora 35. https://bodhi.fedoraproject.org/updates/FEDORA-2021-5945df5d64
Comment 11 Fedora Update System 2021-09-24 02:51:04 UTC 
FEDORA-2021-5945df5d64 has been pushed to the Fedora 35 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2021-5945df5d64`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2021-5945df5d64

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 12 Fedora Update System 2021-10-04 00:15:12 UTC 
FEDORA-2021-5945df5d64 has been pushed to the Fedora 35 stable repository.
If problem still persists, please make note of it in this bug report.