dnsmasq 2.75: latest upstream patches
Message ID | 1448658701-20670-1-git-send-email-matthias.fischer@ipfire.org |
---|---|
State | Accepted |
Commit | 40e1bbda54635bfa6d9894044b7bce603b12e855 |
Headers |
Return-Path: <development-bounces@lists.ipfire.org> Received: from mail01.ipfire.org (mail01.tremer.info [172.28.1.200]) by septima.ipfire.org (Postfix) with ESMTP id 4AFBE60FF3 for <patchwork@ipfire.org>; Fri, 27 Nov 2015 22:11:49 +0100 (CET) Received: from hedwig.ipfire.org (localhost [IPv6:::1]) by mail01.ipfire.org (Postfix) with ESMTP id 94BFD4461; Fri, 27 Nov 2015 22:11:47 +0100 (CET) Received: from Devel.localdomain (p5DD824C6.dip0.t-ipconnect.de [93.216.36.198]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4C0AF4453 for <development@lists.ipfire.org>; Fri, 27 Nov 2015 22:11:44 +0100 (CET) From: Matthias Fischer <matthias.fischer@ipfire.org> To: development@lists.ipfire.org Subject: [PATCH] dnsmasq 2.75: latest upstream patches Date: Fri, 27 Nov 2015 22:11:41 +0100 Message-Id: <1448658701-20670-1-git-send-email-matthias.fischer@ipfire.org> X-Mailer: git-send-email 2.6.3 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: IPFire development talk <development.lists.ipfire.org> List-Unsubscribe: <http://lists.ipfire.org/mailman/options/development>, <mailto:development-request@lists.ipfire.org?subject=unsubscribe> List-Archive: <http://lists.ipfire.org/pipermail/development/> List-Post: <mailto:development@lists.ipfire.org> List-Help: <mailto:development-request@lists.ipfire.org?subject=help> List-Subscribe: <http://lists.ipfire.org/mailman/listinfo/development>, <mailto:development-request@lists.ipfire.org?subject=subscribe> Errors-To: development-bounces@lists.ipfire.org Sender: "Development" <development-bounces@lists.ipfire.org> |
Message
Matthias Fischer
Nov. 28, 2015, 8:11 a.m. UTC
dnsmasq 275: latest upstream patches
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
---
lfs/dnsmasq | 6 +++
..._5e3e464ac4022ee0b3794513abe510817e2cf3ca.patch | 26 ++++++++++++
...11-Catch_errors_from_sendmsg_in_DHCP_code.patch | 32 +++++++++++++++
...12-Update_list_of_subnet_for_--bogus-priv.patch | 48 ++++++++++++++++++++++
...y_address_from_DNS_overlays_A_record_from.patch | 43 +++++++++++++++++++
...14-Handle_unknown_DS_hash_algos_correctly.patch | 39 ++++++++++++++++++
.../015-Fix_crash_at_start_up_with_conf-dir.patch | 38 +++++++++++++++++
7 files changed, 232 insertions(+)
create mode 100644 src/patches/dnsmasq/010-Rationalise_5e3e464ac4022ee0b3794513abe510817e2cf3ca.patch
create mode 100644 src/patches/dnsmasq/011-Catch_errors_from_sendmsg_in_DHCP_code.patch
create mode 100644 src/patches/dnsmasq/012-Update_list_of_subnet_for_--bogus-priv.patch
create mode 100644 src/patches/dnsmasq/013-Fix_crash_when_empty_address_from_DNS_overlays_A_record_from.patch
create mode 100644 src/patches/dnsmasq/014-Handle_unknown_DS_hash_algos_correctly.patch
create mode 100644 src/patches/dnsmasq/015-Fix_crash_at_start_up_with_conf-dir.patch
Comments
Thank you. Merged that. Sad to not get any reviews on the patches any more. -Michael On Fri, 2015-11-27 at 22:11 +0100, Matthias Fischer wrote: > dnsmasq 275: latest upstream patches > > Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> > --- > lfs/dnsmasq | 6 +++ > ..._5e3e464ac4022ee0b3794513abe510817e2cf3ca.patch | 26 ++++++++++++ > ...11-Catch_errors_from_sendmsg_in_DHCP_code.patch | 32 > +++++++++++++++ > ...12-Update_list_of_subnet_for_--bogus-priv.patch | 48 > ++++++++++++++++++++++ > ...y_address_from_DNS_overlays_A_record_from.patch | 43 > +++++++++++++++++++ > ...14-Handle_unknown_DS_hash_algos_correctly.patch | 39 > ++++++++++++++++++ > .../015-Fix_crash_at_start_up_with_conf-dir.patch | 38 > +++++++++++++++++ > 7 files changed, 232 insertions(+) > create mode 100644 src/patches/dnsmasq/010 > -Rationalise_5e3e464ac4022ee0b3794513abe510817e2cf3ca.patch > create mode 100644 src/patches/dnsmasq/011 > -Catch_errors_from_sendmsg_in_DHCP_code.patch > create mode 100644 src/patches/dnsmasq/012 > -Update_list_of_subnet_for_--bogus-priv.patch > create mode 100644 src/patches/dnsmasq/013 > -Fix_crash_when_empty_address_from_DNS_overlays_A_record_from.patch > create mode 100644 src/patches/dnsmasq/014 > -Handle_unknown_DS_hash_algos_correctly.patch > create mode 100644 src/patches/dnsmasq/015 > -Fix_crash_at_start_up_with_conf-dir.patch > > diff --git a/lfs/dnsmasq b/lfs/dnsmasq > index db56091..d166392 100644 > --- a/lfs/dnsmasq > +++ b/lfs/dnsmasq > @@ -82,6 +82,12 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) > cd $(DIR_APP) && patch -Np1 -i > $(DIR_SRC)/src/patches/dnsmasq/007 > -handle_signed_dangling_CNAME_replies_to_DS_queries.patch > cd $(DIR_APP) && patch -Np1 -i > $(DIR_SRC)/src/patches/dnsmasq/008 > -DHCPv6_option_56_does_not_hold_an_address_list.patch > cd $(DIR_APP) && patch -Np1 -i > $(DIR_SRC)/src/patches/dnsmasq/009-Respect_the_- > -no_resolv_flag_in_inotify_code.patch > + cd $(DIR_APP) && patch -Np1 -i > $(DIR_SRC)/src/patches/dnsmasq/010 > -Rationalise_5e3e464ac4022ee0b3794513abe510817e2cf3ca.patch > + cd $(DIR_APP) && patch -Np1 -i > $(DIR_SRC)/src/patches/dnsmasq/011 > -Catch_errors_from_sendmsg_in_DHCP_code.patch > + cd $(DIR_APP) && patch -Np1 -i > $(DIR_SRC)/src/patches/dnsmasq/012-Update_list_of_subnet_for_--bogus > -priv.patch > + cd $(DIR_APP) && patch -Np1 -i > $(DIR_SRC)/src/patches/dnsmasq/013 > -Fix_crash_when_empty_address_from_DNS_overlays_A_record_from.patch > + cd $(DIR_APP) && patch -Np1 -i > $(DIR_SRC)/src/patches/dnsmasq/014 > -Handle_unknown_DS_hash_algos_correctly.patch > + cd $(DIR_APP) && patch -Np1 -i > $(DIR_SRC)/src/patches/dnsmasq/015-Fix_crash_at_start_up_with_conf > -dir.patch > cd $(DIR_APP) && patch -Np1 -i > $(DIR_SRC)/src/patches/dnsmasq-Add-support-to-read-ISC-DHCP-lease > -file.patch > > cd $(DIR_APP) && sed -i src/config.h \ > diff --git a/src/patches/dnsmasq/010 > -Rationalise_5e3e464ac4022ee0b3794513abe510817e2cf3ca.patch > b/src/patches/dnsmasq/010 > -Rationalise_5e3e464ac4022ee0b3794513abe510817e2cf3ca.patch > new file mode 100644 > index 0000000..281697f > --- /dev/null > +++ b/src/patches/dnsmasq/010 > -Rationalise_5e3e464ac4022ee0b3794513abe510817e2cf3ca.patch > @@ -0,0 +1,26 @@ > +From 27b78d990b7cd901866ad6f1a17b9d633a95fdce Mon Sep 17 00:00:00 > 2001 > +From: Simon Kelley <simon@thekelleys.org.uk> > +Date: Sat, 26 Sep 2015 21:40:45 +0100 > +Subject: [PATCH] Rationalise > 5e3e464ac4022ee0b3794513abe510817e2cf3ca > + > +--- > + src/rfc3315.c | 3 +-- > + 1 file changed, 1 insertion(+), 2 deletions(-) > + > +diff --git a/src/rfc3315.c b/src/rfc3315.c > +index 3f1f9ee..3ed8623 100644 > +--- a/src/rfc3315.c > ++++ b/src/rfc3315.c > +@@ -1324,8 +1324,7 @@ static struct dhcp_netid *add_options(struct > state *state, int do_refresh) > + if (opt_cfg->opt == OPTION6_DNS_SERVER) > + done_dns = 1; > + > +- /* Empty DNS_SERVER option will not set DHOPT_ADDR6 */ > +- if ((opt_cfg->flags & DHOPT_ADDR6) || opt_cfg->opt == > OPTION6_DNS_SERVER) > ++ if (opt_cfg->flags & DHOPT_ADDR6) > + { > + int len, j; > + struct in6_addr *a; > +-- > +1.7.10.4 > + > diff --git a/src/patches/dnsmasq/011 > -Catch_errors_from_sendmsg_in_DHCP_code.patch > b/src/patches/dnsmasq/011 > -Catch_errors_from_sendmsg_in_DHCP_code.patch > new file mode 100644 > index 0000000..631495f > --- /dev/null > +++ b/src/patches/dnsmasq/011 > -Catch_errors_from_sendmsg_in_DHCP_code.patch > @@ -0,0 +1,32 @@ > +From 98079ea89851da1df4966dfdfa1852a98da02912 Mon Sep 17 00:00:00 > 2001 > +From: Simon Kelley <simon@thekelleys.org.uk> > +Date: Tue, 13 Oct 2015 20:30:32 +0100 > +Subject: [PATCH] Catch errors from sendmsg in DHCP code. Logs, eg, > iptables > + DROPS of dest 255.255.255.255 > + > +--- > + src/dhcp.c | 7 ++++++- > + 1 file changed, 6 insertions(+), 1 deletion(-) > + > +diff --git a/src/dhcp.c b/src/dhcp.c > +index e6fceb1..1c85e42 100644 > +--- a/src/dhcp.c > ++++ b/src/dhcp.c > +@@ -452,8 +452,13 @@ void dhcp_packet(time_t now, int pxe_fd) > + #endif > + > + while(retry_send(sendmsg(fd, &msg, 0))); > ++ > ++ /* This can fail when, eg, iptables DROPS destination > 255.255.255.255 */ > ++ if (errno != 0) > ++ my_syslog(MS_DHCP | LOG_WARNING, _("Error sending DHCP packet > to %s: %s"), > ++ inet_ntoa(dest.sin_addr), strerror(errno)); > + } > +- > ++ > + /* check against secondary interface addresses */ > + static int check_listen_addrs(struct in_addr local, int if_index, > char *label, > + struct in_addr netmask, struct > in_addr broadcast, void *vparam) > +-- > +1.7.10.4 > + > diff --git a/src/patches/dnsmasq/012-Update_list_of_subnet_for_- > -bogus-priv.patch b/src/patches/dnsmasq/012 > -Update_list_of_subnet_for_--bogus-priv.patch > new file mode 100644 > index 0000000..3ba98fc > --- /dev/null > +++ b/src/patches/dnsmasq/012-Update_list_of_subnet_for_--bogus > -priv.patch > @@ -0,0 +1,48 @@ > +From 90477fb79420a34124b66ebd808c578817a30e4c Mon Sep 17 00:00:00 > 2001 > +From: Simon Kelley <simon@thekelleys.org.uk> > +Date: Tue, 20 Oct 2015 21:21:32 +0100 > +Subject: [PATCH] Update list of subnet for --bogus-priv > + > +RFC6303 specifies & recommends following zones not be forwarded > +to globally facing servers. > ++------------------------------+-----------------------+ > +| Zone | Description | > ++------------------------------+-----------------------+ > +| 0.IN-ADDR.ARPA | IPv4 "THIS" NETWORK | > +| 127.IN-ADDR.ARPA | IPv4 Loopback NETWORK | > +| 254.169.IN-ADDR.ARPA | IPv4 LINK LOCAL | > +| 2.0.192.IN-ADDR.ARPA | IPv4 TEST-NET-1 | > +| 100.51.198.IN-ADDR.ARPA | IPv4 TEST-NET-2 | > +| 113.0.203.IN-ADDR.ARPA | IPv4 TEST-NET-3 | > +| 255.255.255.255.IN-ADDR.ARPA | IPv4 BROADCAST | > ++------------------------------+-----------------------+ > + > +Signed-off-by: Kevin Darbyshire-Bryant < > kevin@darbyshire-bryant.me.uk> > +--- > + src/rfc1035.c | 8 ++++++-- > + 1 file changed, 6 insertions(+), 2 deletions(-) > + > +diff --git a/src/rfc1035.c b/src/rfc1035.c > +index 6a51b30..4eb1772 100644 > +--- a/src/rfc1035.c > ++++ b/src/rfc1035.c > +@@ -756,10 +756,14 @@ int private_net(struct in_addr addr, int > ban_localhost) > + return > + (((ip_addr & 0xFF000000) == 0x7F000000) && ban_localhost) /* > 127.0.0.0/8 (loopback) */ || > + ((ip_addr & 0xFF000000) == 0x00000000) /* RFC 5735 section 3. > "here" network */ || > +- ((ip_addr & 0xFFFF0000) == 0xC0A80000) /* 192.168.0.0/16 > (private) */ || > + ((ip_addr & 0xFF000000) == 0x0A000000) /* 10.0.0.0/8 > (private) */ || > + ((ip_addr & 0xFFF00000) == 0xAC100000) /* 172.16.0.0/12 > (private) */ || > +- ((ip_addr & 0xFFFF0000) == 0xA9FE0000) /* 169.254.0.0/16 > (zeroconf) */ ; > ++ ((ip_addr & 0xFFFF0000) == 0xC0A80000) /* 192.168.0.0/16 > (private) */ || > ++ ((ip_addr & 0xFFFF0000) == 0xA9FE0000) /* 169.254.0.0/16 > (zeroconf) */ || > ++ ((ip_addr & 0xFFFFFF00) == 0xC0000200) /* 192.0.2.0/24 (test > -net) */ || > ++ ((ip_addr & 0xFFFFFF00) == 0xC6336400) /* 198.51.100.0/24(test > -net) */ || > ++ ((ip_addr & 0xFFFFFF00) == 0xCB007100) /* 203.0.113.0/24 (test > -net) */ || > ++ ((ip_addr & 0xFFFFFFFF) == 0xFFFFFFFF) /* 255.255.255.255/32 > (broadcast)*/ ; > + } > + > + static unsigned char *do_doctor(unsigned char *p, int count, struct > dns_header *header, size_t qlen, char *name, int *doctored) > +-- > +1.7.10.4 > + > diff --git a/src/patches/dnsmasq/013 > -Fix_crash_when_empty_address_from_DNS_overlays_A_record_from.patch > b/src/patches/dnsmasq/013 > -Fix_crash_when_empty_address_from_DNS_overlays_A_record_from.patch > new file mode 100644 > index 0000000..736cf38 > --- /dev/null > +++ b/src/patches/dnsmasq/013 > -Fix_crash_when_empty_address_from_DNS_overlays_A_record_from.patch > @@ -0,0 +1,43 @@ > +From 41a8d9e99be9f2cc8b02051dd322cb45e0faac87 Mon Sep 17 00:00:00 > 2001 > +From: =?utf8?q?Edwin=20T=C3=B6r=C3=B6k?= < > edwin+ml-cerowrt@etorok.net> > +Date: Sat, 14 Nov 2015 17:45:48 +0000 > +Subject: [PATCH] Fix crash when empty address from DNS overlays A > record from > + hosts. > + > +--- > + CHANGELOG | 5 +++++ > + src/cache.c | 2 +- > + 2 files changed, 6 insertions(+), 1 deletion(-) > + > +diff --git a/CHANGELOG b/CHANGELOG > +index d6e309f..93c73d0 100644 > +--- a/CHANGELOG > ++++ b/CHANGELOG > +@@ -13,6 +13,11 @@ version 2.76 > + was a dangling symbolic link, even of --no-resolv set. > + Thanks to Alexander Kurtz for spotting the problem. > + > ++ Fix crash when an A or AAAA record is defined locally, > ++ in a hosts file, and an upstream server sends a reply > ++ that the same name is empty. Thanks to Edwin Török > for > ++ the patch. > ++ > + > + version 2.75 > + Fix reversion on 2.74 which caused 100% CPU use when a > +diff --git a/src/cache.c b/src/cache.c > +index 178d654..1b76b67 100644 > +--- a/src/cache.c > ++++ b/src/cache.c > +@@ -481,7 +481,7 @@ struct crec *cache_insert(char *name, struct > all_addr *addr, > + existing record is for an A or AAAA and > + the record we're trying to insert is the same, > + just drop the insert, but don't error the whole process. > */ > +- if ((flags & (F_IPV4 | F_IPV6)) && (flags & F_FORWARD)) > ++ if ((flags & (F_IPV4 | F_IPV6)) && (flags & F_FORWARD) && > addr) > + { > + if ((flags & F_IPV4) && (new->flags & F_IPV4) && > + new->addr.addr.addr.addr4.s_addr == addr > ->addr.addr4.s_addr) > +-- > +1.7.10.4 > + > diff --git a/src/patches/dnsmasq/014 > -Handle_unknown_DS_hash_algos_correctly.patch > b/src/patches/dnsmasq/014 > -Handle_unknown_DS_hash_algos_correctly.patch > new file mode 100644 > index 0000000..8b17431 > --- /dev/null > +++ b/src/patches/dnsmasq/014 > -Handle_unknown_DS_hash_algos_correctly.patch > @@ -0,0 +1,39 @@ > +From 67ab3285b5d9a1b1e20e034cf272867fdab8a0f9 Mon Sep 17 00:00:00 > 2001 > +From: Simon Kelley <simon@thekelleys.org.uk> > +Date: Fri, 20 Nov 2015 23:20:47 +0000 > +Subject: [PATCH] Handle unknown DS hash algos correctly. > + > +When we can validate a DS RRset, but don't speak the hash algo it > +contains, treat that the same as an NSEC/3 proving that the DS > +doesn't exist. 4025 5.2 > +--- > + src/dnssec.c | 13 +++++++++++++ > + 1 file changed, 13 insertions(+) > + > +diff --git a/src/dnssec.c b/src/dnssec.c > +index 67ce486..b4dc14e 100644 > +--- a/src/dnssec.c > ++++ b/src/dnssec.c > +@@ -1005,6 +1005,19 @@ int dnssec_validate_by_ds(time_t now, struct > dns_header *header, size_t plen, ch > + if (crecp->flags & F_NEG) > + return STAT_INSECURE_DS; > + > ++ /* 4035 5.2 > ++ If the validator does not support any of the algorithms listed > in an > ++ authenticated DS RRset, then the resolver has no supported > ++ authentication path leading from the parent to the child. The > ++ resolver should treat this case as it would the case of an > ++ authenticated NSEC RRset proving that no DS RRset exists, */ > ++ for (recp1 = crecp; recp1; recp1 = cache_find_by_name(recp1, > name, now, F_DS)) > ++ if (hash_find(ds_digest_name(recp1->addr.ds.digest))) > ++ break; > ++ > ++ if (!recp1) > ++ return STAT_INSECURE_DS; > ++ > + /* NOTE, we need to find ONE DNSKEY which matches the DS */ > + for (valid = 0, j = ntohs(header->ancount); j != 0 && !valid; j- > -) > + { > +-- > +1.7.10.4 > + > diff --git a/src/patches/dnsmasq/015-Fix_crash_at_start_up_with_conf > -dir.patch b/src/patches/dnsmasq/015-Fix_crash_at_start_up_with_conf > -dir.patch > new file mode 100644 > index 0000000..a9102c1 > --- /dev/null > +++ b/src/patches/dnsmasq/015-Fix_crash_at_start_up_with_conf > -dir.patch > @@ -0,0 +1,38 @@ > +From 0007ee90646a5a78a96ee729932e89d31c69513a Mon Sep 17 00:00:00 > 2001 > +From: Simon Kelley <simon@thekelleys.org.uk> > +Date: Sat, 21 Nov 2015 21:47:41 +0000 > +Subject: [PATCH] Fix crash at start up with conf-dir=/path,* > + > +Thanks to Brian Carpenter and American Fuzzy Lop for finding the > bug. > +--- > + src/option.c | 14 ++++++++++---- > + 1 file changed, 10 insertions(+), 4 deletions(-) > + > +diff --git a/src/option.c b/src/option.c > +index 746cd11..71beb98 100644 > +--- a/src/option.c > ++++ b/src/option.c > +@@ -1515,10 +1515,16 @@ static int one_opt(int option, char *arg, > char *errstr, char *gen_err, int comma > + li = opt_malloc(sizeof(struct list)); > + if (*arg == '*') > + { > +- li->next = match_suffix; > +- match_suffix = li; > +- /* Have to copy: buffer is overwritten */ > +- li->suffix = opt_string_alloc(arg+1); > ++ /* "*" with no suffix is a no-op */ > ++ if (arg[1] == 0) > ++ free(li); > ++ else > ++ { > ++ li->next = match_suffix; > ++ match_suffix = li; > ++ /* Have to copy: buffer is overwritten */ > ++ li->suffix = opt_string_alloc(arg+1); > ++ } > + } > + else > + { > +-- > +1.7.10.4 > +