mbox

dnsmasq 2.75: latest upstream patches

Message ID 1448658701-20670-1-git-send-email-matthias.fischer@ipfire.org
State Accepted
Commit 40e1bbda54635bfa6d9894044b7bce603b12e855
Headers

Message

Matthias Fischer Nov. 28, 2015, 8:11 a.m. UTC 
  dnsmasq 275: latest upstream patches

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
---
 lfs/dnsmasq                                        |  6 +++
 ..._5e3e464ac4022ee0b3794513abe510817e2cf3ca.patch | 26 ++++++++++++
 ...11-Catch_errors_from_sendmsg_in_DHCP_code.patch | 32 +++++++++++++++
 ...12-Update_list_of_subnet_for_--bogus-priv.patch | 48 ++++++++++++++++++++++
 ...y_address_from_DNS_overlays_A_record_from.patch | 43 +++++++++++++++++++
 ...14-Handle_unknown_DS_hash_algos_correctly.patch | 39 ++++++++++++++++++
 .../015-Fix_crash_at_start_up_with_conf-dir.patch  | 38 +++++++++++++++++
 7 files changed, 232 insertions(+)
 create mode 100644 src/patches/dnsmasq/010-Rationalise_5e3e464ac4022ee0b3794513abe510817e2cf3ca.patch
 create mode 100644 src/patches/dnsmasq/011-Catch_errors_from_sendmsg_in_DHCP_code.patch
 create mode 100644 src/patches/dnsmasq/012-Update_list_of_subnet_for_--bogus-priv.patch
 create mode 100644 src/patches/dnsmasq/013-Fix_crash_when_empty_address_from_DNS_overlays_A_record_from.patch
 create mode 100644 src/patches/dnsmasq/014-Handle_unknown_DS_hash_algos_correctly.patch
 create mode 100644 src/patches/dnsmasq/015-Fix_crash_at_start_up_with_conf-dir.patch

Comments

Michael Tremer Dec. 2, 2015, 9:38 a.m. UTC | #1 
Thank you. Merged that.

Sad to not get any reviews on the patches any more.

-Michael

On Fri, 2015-11-27 at 22:11 +0100, Matthias Fischer wrote:
> dnsmasq 275: latest upstream patches
> 
> Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
> ---
>  lfs/dnsmasq                                        |  6 +++
>  ..._5e3e464ac4022ee0b3794513abe510817e2cf3ca.patch | 26 ++++++++++++
>  ...11-Catch_errors_from_sendmsg_in_DHCP_code.patch | 32
> +++++++++++++++
>  ...12-Update_list_of_subnet_for_--bogus-priv.patch | 48
> ++++++++++++++++++++++
>  ...y_address_from_DNS_overlays_A_record_from.patch | 43
> +++++++++++++++++++
>  ...14-Handle_unknown_DS_hash_algos_correctly.patch | 39
> ++++++++++++++++++
>  .../015-Fix_crash_at_start_up_with_conf-dir.patch  | 38
> +++++++++++++++++
>  7 files changed, 232 insertions(+)
>  create mode 100644 src/patches/dnsmasq/010
> -Rationalise_5e3e464ac4022ee0b3794513abe510817e2cf3ca.patch
>  create mode 100644 src/patches/dnsmasq/011
> -Catch_errors_from_sendmsg_in_DHCP_code.patch
>  create mode 100644 src/patches/dnsmasq/012
> -Update_list_of_subnet_for_--bogus-priv.patch
>  create mode 100644 src/patches/dnsmasq/013
> -Fix_crash_when_empty_address_from_DNS_overlays_A_record_from.patch
>  create mode 100644 src/patches/dnsmasq/014
> -Handle_unknown_DS_hash_algos_correctly.patch
>  create mode 100644 src/patches/dnsmasq/015
> -Fix_crash_at_start_up_with_conf-dir.patch
> 
> diff --git a/lfs/dnsmasq b/lfs/dnsmasq
> index db56091..d166392 100644
> --- a/lfs/dnsmasq
> +++ b/lfs/dnsmasq
> @@ -82,6 +82,12 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
>  	cd $(DIR_APP) && patch -Np1 -i
> $(DIR_SRC)/src/patches/dnsmasq/007
> -handle_signed_dangling_CNAME_replies_to_DS_queries.patch
>  	cd $(DIR_APP) && patch -Np1 -i
> $(DIR_SRC)/src/patches/dnsmasq/008
> -DHCPv6_option_56_does_not_hold_an_address_list.patch
>  	cd $(DIR_APP) && patch -Np1 -i
> $(DIR_SRC)/src/patches/dnsmasq/009-Respect_the_-
> -no_resolv_flag_in_inotify_code.patch
> +	cd $(DIR_APP) && patch -Np1 -i
> $(DIR_SRC)/src/patches/dnsmasq/010
> -Rationalise_5e3e464ac4022ee0b3794513abe510817e2cf3ca.patch
> +	cd $(DIR_APP) && patch -Np1 -i
> $(DIR_SRC)/src/patches/dnsmasq/011
> -Catch_errors_from_sendmsg_in_DHCP_code.patch
> +	cd $(DIR_APP) && patch -Np1 -i
> $(DIR_SRC)/src/patches/dnsmasq/012-Update_list_of_subnet_for_--bogus
> -priv.patch
> +	cd $(DIR_APP) && patch -Np1 -i
> $(DIR_SRC)/src/patches/dnsmasq/013
> -Fix_crash_when_empty_address_from_DNS_overlays_A_record_from.patch
> +	cd $(DIR_APP) && patch -Np1 -i
> $(DIR_SRC)/src/patches/dnsmasq/014
> -Handle_unknown_DS_hash_algos_correctly.patch
> +	cd $(DIR_APP) && patch -Np1 -i
> $(DIR_SRC)/src/patches/dnsmasq/015-Fix_crash_at_start_up_with_conf
> -dir.patch
>  	cd $(DIR_APP) && patch -Np1 -i
> $(DIR_SRC)/src/patches/dnsmasq-Add-support-to-read-ISC-DHCP-lease
> -file.patch
>  
>  	cd $(DIR_APP) && sed -i src/config.h \
> diff --git a/src/patches/dnsmasq/010
> -Rationalise_5e3e464ac4022ee0b3794513abe510817e2cf3ca.patch
> b/src/patches/dnsmasq/010
> -Rationalise_5e3e464ac4022ee0b3794513abe510817e2cf3ca.patch
> new file mode 100644
> index 0000000..281697f
> --- /dev/null
> +++ b/src/patches/dnsmasq/010
> -Rationalise_5e3e464ac4022ee0b3794513abe510817e2cf3ca.patch
> @@ -0,0 +1,26 @@
> +From 27b78d990b7cd901866ad6f1a17b9d633a95fdce Mon Sep 17 00:00:00
> 2001
> +From: Simon Kelley <simon@thekelleys.org.uk>
> +Date: Sat, 26 Sep 2015 21:40:45 +0100
> +Subject: [PATCH] Rationalise
> 5e3e464ac4022ee0b3794513abe510817e2cf3ca
> +
> +---
> + src/rfc3315.c |    3 +--
> + 1 file changed, 1 insertion(+), 2 deletions(-)
> +
> +diff --git a/src/rfc3315.c b/src/rfc3315.c
> +index 3f1f9ee..3ed8623 100644
> +--- a/src/rfc3315.c
> ++++ b/src/rfc3315.c
> +@@ -1324,8 +1324,7 @@ static struct dhcp_netid *add_options(struct
> state *state, int do_refresh)
> +       if (opt_cfg->opt == OPTION6_DNS_SERVER)
> + 	done_dns = 1;
> +       
> +-      /* Empty DNS_SERVER option will not set DHOPT_ADDR6 */
> +-      if ((opt_cfg->flags & DHOPT_ADDR6) || opt_cfg->opt ==
> OPTION6_DNS_SERVER)
> ++      if (opt_cfg->flags & DHOPT_ADDR6)
> + 	{
> + 	  int len, j;
> + 	  struct in6_addr *a;
> +-- 
> +1.7.10.4
> +
> diff --git a/src/patches/dnsmasq/011
> -Catch_errors_from_sendmsg_in_DHCP_code.patch
> b/src/patches/dnsmasq/011
> -Catch_errors_from_sendmsg_in_DHCP_code.patch
> new file mode 100644
> index 0000000..631495f
> --- /dev/null
> +++ b/src/patches/dnsmasq/011
> -Catch_errors_from_sendmsg_in_DHCP_code.patch
> @@ -0,0 +1,32 @@
> +From 98079ea89851da1df4966dfdfa1852a98da02912 Mon Sep 17 00:00:00
> 2001
> +From: Simon Kelley <simon@thekelleys.org.uk>
> +Date: Tue, 13 Oct 2015 20:30:32 +0100
> +Subject: [PATCH] Catch errors from sendmsg in DHCP code.  Logs, eg, 
>  iptables
> + DROPS of dest 255.255.255.255
> +
> +---
> + src/dhcp.c |    7 ++++++-
> + 1 file changed, 6 insertions(+), 1 deletion(-)
> +
> +diff --git a/src/dhcp.c b/src/dhcp.c
> +index e6fceb1..1c85e42 100644
> +--- a/src/dhcp.c
> ++++ b/src/dhcp.c
> +@@ -452,8 +452,13 @@ void dhcp_packet(time_t now, int pxe_fd)
> + #endif
> +   
> +   while(retry_send(sendmsg(fd, &msg, 0)));
> ++
> ++  /* This can fail when, eg, iptables DROPS destination
> 255.255.255.255 */
> ++  if (errno != 0)
> ++    my_syslog(MS_DHCP | LOG_WARNING, _("Error sending DHCP packet
> to %s: %s"),
> ++	      inet_ntoa(dest.sin_addr), strerror(errno));
> + }
> +- 
> ++
> + /* check against secondary interface addresses */
> + static int check_listen_addrs(struct in_addr local, int if_index,
> char *label,
> + 			      struct in_addr netmask, struct
> in_addr broadcast, void *vparam)
> +-- 
> +1.7.10.4
> +
> diff --git a/src/patches/dnsmasq/012-Update_list_of_subnet_for_-
> -bogus-priv.patch b/src/patches/dnsmasq/012
> -Update_list_of_subnet_for_--bogus-priv.patch
> new file mode 100644
> index 0000000..3ba98fc
> --- /dev/null
> +++ b/src/patches/dnsmasq/012-Update_list_of_subnet_for_--bogus
> -priv.patch
> @@ -0,0 +1,48 @@
> +From 90477fb79420a34124b66ebd808c578817a30e4c Mon Sep 17 00:00:00
> 2001
> +From: Simon Kelley <simon@thekelleys.org.uk>
> +Date: Tue, 20 Oct 2015 21:21:32 +0100
> +Subject: [PATCH] Update list of subnet for --bogus-priv
> +
> +RFC6303 specifies & recommends following zones not be forwarded
> +to globally facing servers.
> ++------------------------------+-----------------------+
> +| Zone                         | Description           |
> ++------------------------------+-----------------------+
> +| 0.IN-ADDR.ARPA               | IPv4 "THIS" NETWORK   |
> +| 127.IN-ADDR.ARPA             | IPv4 Loopback NETWORK |
> +| 254.169.IN-ADDR.ARPA         | IPv4 LINK LOCAL       |
> +| 2.0.192.IN-ADDR.ARPA         | IPv4 TEST-NET-1       |
> +| 100.51.198.IN-ADDR.ARPA      | IPv4 TEST-NET-2       |
> +| 113.0.203.IN-ADDR.ARPA       | IPv4 TEST-NET-3       |
> +| 255.255.255.255.IN-ADDR.ARPA | IPv4 BROADCAST        |
> ++------------------------------+-----------------------+
> +
> +Signed-off-by: Kevin Darbyshire-Bryant <
> kevin@darbyshire-bryant.me.uk>
> +---
> + src/rfc1035.c |    8 ++++++--
> + 1 file changed, 6 insertions(+), 2 deletions(-)
> +
> +diff --git a/src/rfc1035.c b/src/rfc1035.c
> +index 6a51b30..4eb1772 100644
> +--- a/src/rfc1035.c
> ++++ b/src/rfc1035.c
> +@@ -756,10 +756,14 @@ int private_net(struct in_addr addr, int
> ban_localhost)
> +   return
> +     (((ip_addr & 0xFF000000) == 0x7F000000) && ban_localhost)  /*
> 127.0.0.0/8    (loopback) */ ||
> +     ((ip_addr & 0xFF000000) == 0x00000000)  /* RFC 5735 section 3.
> "here" network */ ||
> +-    ((ip_addr & 0xFFFF0000) == 0xC0A80000)  /* 192.168.0.0/16
> (private)  */ ||
> +     ((ip_addr & 0xFF000000) == 0x0A000000)  /* 10.0.0.0/8    
>  (private)  */ ||
> +     ((ip_addr & 0xFFF00000) == 0xAC100000)  /* 172.16.0.0/12 
>  (private)  */ ||
> +-    ((ip_addr & 0xFFFF0000) == 0xA9FE0000)  /* 169.254.0.0/16
> (zeroconf) */ ;
> ++    ((ip_addr & 0xFFFF0000) == 0xC0A80000)  /* 192.168.0.0/16
> (private)  */ ||
> ++    ((ip_addr & 0xFFFF0000) == 0xA9FE0000)  /* 169.254.0.0/16
> (zeroconf) */ ||
> ++    ((ip_addr & 0xFFFFFF00) == 0xC0000200)  /* 192.0.2.0/24   (test
> -net) */ ||
> ++    ((ip_addr & 0xFFFFFF00) == 0xC6336400)  /* 198.51.100.0/24(test
> -net) */ ||
> ++    ((ip_addr & 0xFFFFFF00) == 0xCB007100)  /* 203.0.113.0/24 (test
> -net) */ ||
> ++    ((ip_addr & 0xFFFFFFFF) == 0xFFFFFFFF)  /* 255.255.255.255/32
> (broadcast)*/ ;
> + }
> + 
> + static unsigned char *do_doctor(unsigned char *p, int count, struct
> dns_header *header, size_t qlen, char *name, int *doctored)
> +-- 
> +1.7.10.4
> +
> diff --git a/src/patches/dnsmasq/013
> -Fix_crash_when_empty_address_from_DNS_overlays_A_record_from.patch
> b/src/patches/dnsmasq/013
> -Fix_crash_when_empty_address_from_DNS_overlays_A_record_from.patch
> new file mode 100644
> index 0000000..736cf38
> --- /dev/null
> +++ b/src/patches/dnsmasq/013
> -Fix_crash_when_empty_address_from_DNS_overlays_A_record_from.patch
> @@ -0,0 +1,43 @@
> +From 41a8d9e99be9f2cc8b02051dd322cb45e0faac87 Mon Sep 17 00:00:00
> 2001
> +From: =?utf8?q?Edwin=20T=C3=B6r=C3=B6k?= <
> edwin+ml-cerowrt@etorok.net>
> +Date: Sat, 14 Nov 2015 17:45:48 +0000
> +Subject: [PATCH] Fix crash when empty address from DNS overlays A
> record from
> + hosts.
> +
> +---
> + CHANGELOG   |    5 +++++
> + src/cache.c |    2 +-
> + 2 files changed, 6 insertions(+), 1 deletion(-)
> +
> +diff --git a/CHANGELOG b/CHANGELOG
> +index d6e309f..93c73d0 100644
> +--- a/CHANGELOG
> ++++ b/CHANGELOG
> +@@ -13,6 +13,11 @@ version 2.76
> + 	    was a dangling symbolic link, even of --no-resolv set.
> + 	    Thanks to Alexander Kurtz for spotting the problem.
> + 
> ++	    Fix crash when an A or AAAA record is defined locally,
> ++	    in a hosts file, and an upstream server sends a reply
> ++	    that the same name is empty. Thanks to Edwin Török
> for
> ++	    the patch.
> ++
> + 	
> + version 2.75
> +             Fix reversion on 2.74 which caused 100% CPU use when a 
> +diff --git a/src/cache.c b/src/cache.c
> +index 178d654..1b76b67 100644
> +--- a/src/cache.c
> ++++ b/src/cache.c
> +@@ -481,7 +481,7 @@ struct crec *cache_insert(char *name, struct
> all_addr *addr,
> + 	 existing record is for an A or AAAA and
> + 	 the record we're trying to insert is the same, 
> + 	 just drop the insert, but don't error the whole process.
> */
> +-      if ((flags & (F_IPV4 | F_IPV6)) && (flags & F_FORWARD))
> ++      if ((flags & (F_IPV4 | F_IPV6)) && (flags & F_FORWARD) &&
> addr)
> + 	{
> + 	  if ((flags & F_IPV4) && (new->flags & F_IPV4) &&
> + 	      new->addr.addr.addr.addr4.s_addr == addr
> ->addr.addr4.s_addr)
> +-- 
> +1.7.10.4
> +
> diff --git a/src/patches/dnsmasq/014
> -Handle_unknown_DS_hash_algos_correctly.patch
> b/src/patches/dnsmasq/014
> -Handle_unknown_DS_hash_algos_correctly.patch
> new file mode 100644
> index 0000000..8b17431
> --- /dev/null
> +++ b/src/patches/dnsmasq/014
> -Handle_unknown_DS_hash_algos_correctly.patch
> @@ -0,0 +1,39 @@
> +From 67ab3285b5d9a1b1e20e034cf272867fdab8a0f9 Mon Sep 17 00:00:00
> 2001
> +From: Simon Kelley <simon@thekelleys.org.uk>
> +Date: Fri, 20 Nov 2015 23:20:47 +0000
> +Subject: [PATCH] Handle unknown DS hash algos correctly.
> +
> +When we can validate a DS RRset, but don't speak the hash algo it
> +contains, treat that the same as an NSEC/3 proving that the DS
> +doesn't exist. 4025 5.2
> +---
> + src/dnssec.c |   13 +++++++++++++
> + 1 file changed, 13 insertions(+)
> +
> +diff --git a/src/dnssec.c b/src/dnssec.c
> +index 67ce486..b4dc14e 100644
> +--- a/src/dnssec.c
> ++++ b/src/dnssec.c
> +@@ -1005,6 +1005,19 @@ int dnssec_validate_by_ds(time_t now, struct
> dns_header *header, size_t plen, ch
> +   if (crecp->flags & F_NEG)
> +     return STAT_INSECURE_DS;
> +   
> ++  /* 4035 5.2 
> ++     If the validator does not support any of the algorithms listed
> in an
> ++     authenticated DS RRset, then the resolver has no supported
> ++     authentication path leading from the parent to the child.  The
> ++     resolver should treat this case as it would the case of an
> ++     authenticated NSEC RRset proving that no DS RRset exists,  */
> ++  for (recp1 = crecp; recp1; recp1 = cache_find_by_name(recp1,
> name, now, F_DS))
> ++    if (hash_find(ds_digest_name(recp1->addr.ds.digest)))
> ++      break;
> ++  
> ++  if (!recp1)
> ++    return STAT_INSECURE_DS;
> ++
> +   /* NOTE, we need to find ONE DNSKEY which matches the DS */
> +   for (valid = 0, j = ntohs(header->ancount); j != 0 && !valid; j-
> -) 
> +     {
> +-- 
> +1.7.10.4
> +
> diff --git a/src/patches/dnsmasq/015-Fix_crash_at_start_up_with_conf
> -dir.patch b/src/patches/dnsmasq/015-Fix_crash_at_start_up_with_conf
> -dir.patch
> new file mode 100644
> index 0000000..a9102c1
> --- /dev/null
> +++ b/src/patches/dnsmasq/015-Fix_crash_at_start_up_with_conf
> -dir.patch
> @@ -0,0 +1,38 @@
> +From 0007ee90646a5a78a96ee729932e89d31c69513a Mon Sep 17 00:00:00
> 2001
> +From: Simon Kelley <simon@thekelleys.org.uk>
> +Date: Sat, 21 Nov 2015 21:47:41 +0000
> +Subject: [PATCH] Fix crash at start up with conf-dir=/path,*
> +
> +Thanks to Brian Carpenter and American Fuzzy Lop for finding the
> bug.
> +---
> + src/option.c |   14 ++++++++++----
> + 1 file changed, 10 insertions(+), 4 deletions(-)
> +
> +diff --git a/src/option.c b/src/option.c
> +index 746cd11..71beb98 100644
> +--- a/src/option.c
> ++++ b/src/option.c
> +@@ -1515,10 +1515,16 @@ static int one_opt(int option, char *arg,
> char *errstr, char *gen_err, int comma
> + 		li = opt_malloc(sizeof(struct list));
> + 		if (*arg == '*')
> + 		  {
> +-		    li->next = match_suffix;
> +-		    match_suffix = li;
> +-		    /* Have to copy: buffer is overwritten */
> +-		    li->suffix = opt_string_alloc(arg+1);
> ++		    /* "*" with no suffix is a no-op */
> ++		    if (arg[1] == 0)
> ++		      free(li);
> ++		    else
> ++		      {
> ++			li->next = match_suffix;
> ++			match_suffix = li;
> ++			/* Have to copy: buffer is overwritten */
> ++			li->suffix = opt_string_alloc(arg+1);
> ++		      }
> + 		  }
> + 		else
> + 		  {
> +-- 
> +1.7.10.4
> +