rpms
/
dnsmasq
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Update to 2.81rc3 

Remove patches that has been merged or have alternatives.
This commit is contained in:
Petr Menšík 2020-03-03 20:15:05 +01:00
parent b8e25263bb
commit 57b55437cd
9 changed files with 88 additions and 323 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -28,3 +28,5 @@ dnsmasq-2.52.tar.lzma
/dnsmasq-2.78.tar.xz
/dnsmasq-2.79.tar.xz
/dnsmasq-2.80.tar.xz
/dnsmasq-2.81rc3.tar.xz
/dnsmasq-2.81rc3.tar.xz.asc

27
dnsmasq-2.77-underflow.patch
View File

@ -1,4 +1,4 @@
From 0ef799244732871e043d848f2f845c797f5a0745 Mon Sep 17 00:00:00 2001
From 684bede049a006a0a47ce88f017ada9f73bf4430 Mon Sep 17 00:00:00 2001
From: Doran Moppert <dmoppert@redhat.com>
Date: Tue, 26 Sep 2017 14:48:20 +0930
Subject: [PATCH] google patch hand-applied
@ -6,11 +6,11 @@ Subject: [PATCH] google patch hand-applied
---
src/edns0.c | 10 +++++-----
src/forward.c | 4 ++++
src/rfc1035.c | 2 ++
3 files changed, 11 insertions(+), 5 deletions(-)
src/rfc1035.c | 3 +++
3 files changed, 12 insertions(+), 5 deletions(-)
diff --git a/src/edns0.c b/src/edns0.c
index af33877..ba6ff0c 100644
index d75d3cc..7d8cf7f 100644
--- a/src/edns0.c
+++ b/src/edns0.c
@@ -212,11 +212,11 @@ size_t add_pseudoheader(struct dns_header *header, size_t plen, unsigned char *l
@ -31,10 +31,10 @@ index af33877..ba6ff0c 100644
free(buff);
p += rdlen;
diff --git a/src/forward.c b/src/forward.c
index 3dd8633..64af66f 100644
index ed9c8f6..77059ed 100644
--- a/src/forward.c
+++ b/src/forward.c
@@ -1577,6 +1577,10 @@ void receive_query(struct listener *listen, time_t now)
@@ -1542,6 +1542,10 @@ void receive_query(struct listener *listen, time_t now)
udp_size = PACKETSZ; /* Sanity check - can't reduce below default. RFC 6891 6.2.3 */
}
@ -46,18 +46,19 @@ index 3dd8633..64af66f 100644
if (auth_dns)
{
diff --git a/src/rfc1035.c b/src/rfc1035.c
index 6290f22..a943ecb 100644
index f1edc45..15041cc 100644
--- a/src/rfc1035.c
+++ b/src/rfc1035.c
@@ -1292,6 +1292,8 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
int nxdomain = 0, auth = 1, trunc = 0, sec_data = 1;
struct mx_srv_record *rec;
@@ -1326,6 +1326,9 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
size_t len;
int rd_bit = (header->hb3 & HB3_RD);
+ // Make sure we do not underflow here too.
+ if (qlen > (limit - ((char *)header))) return 0;
+
/* never answer queries with RD unset, to avoid cache snooping. */
if (!(header->hb3 & HB3_RD) ||
if (ntohs(header->ancount) != 0 ||
ntohs(header->nscount) != 0 ||
--
2.14.4
2.21.1

87
dnsmasq-2.79-randomize-ports.patch
View File

@ -1,87 +0,0 @@
From 8455bcbe5311ee0d15bcebe494580fec8868a93a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
Date: Thu, 9 Aug 2018 18:17:26 +0200
Subject: [PATCH] Use OS random ports by default
Unless max-port or min-port is given, let OS allocate random ports for
DNS queries. Randomize similar to --query-port=0, but for each query
separately. Would use port according to system policy.
---
src/dnsmasq.c | 2 +-
src/network.c | 15 ++++++++++++---
src/option.c | 4 +++-
3 files changed, 16 insertions(+), 5 deletions(-)
diff --git a/src/dnsmasq.c b/src/dnsmasq.c
index ac5d8aa..6d51d3b 100644
--- a/src/dnsmasq.c
+++ b/src/dnsmasq.c
@@ -230,7 +230,7 @@ int main (int argc, char **argv)
die(_("Ubus not available: set HAVE_UBUS in src/config.h"), NULL, EC_BADCONF);
#endif
- if (daemon->max_port < daemon->min_port)
+ if (daemon->max_port >= 0 && daemon->max_port < daemon->min_port)
die(_("max_port cannot be smaller than min_port"), NULL, EC_BADCONF);
now = dnsmasq_time();
diff --git a/src/network.c b/src/network.c
index 8ae7a70..58a2819 100644
--- a/src/network.c
+++ b/src/network.c
@@ -1138,18 +1138,27 @@ int random_sock(int family)
if ((fd = socket(family, SOCK_DGRAM, 0)) != -1)
{
union mysockaddr addr;
- unsigned int ports_avail = ((unsigned short)daemon->max_port - (unsigned short)daemon->min_port) + 1;
- int tries = ports_avail < 30 ? 3 * ports_avail : 100;
+ unsigned short ports_avail = 0;
+ int tries = 100;
+ unsigned short port = 0;
memset(&addr, 0, sizeof(addr));
addr.sa.sa_family = family;
+ if (daemon->max_port >= 0)
+ {
+ ports_avail = ((unsigned short)daemon->max_port - (unsigned short)daemon->min_port) + 1;
+ if (ports_avail < 30)
+ tries = 3 * ports_avail;
+ }
+
/* don't loop forever if all ports in use. */
if (fix_fd(fd))
while(tries--)
{
- unsigned short port = htons(daemon->min_port + (rand16() % ((unsigned short)ports_avail)));
+ if (ports_avail)
+ port = htons(daemon->min_port + (rand16() % ports_avail));
if (family == AF_INET)
{
diff --git a/src/option.c b/src/option.c
index 7ccbdea..477dd52 100644
--- a/src/option.c
+++ b/src/option.c
@@ -2619,6 +2619,8 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
case LOPT_MINPORT: /* --min-port */
if (!atoi_check16(arg, &daemon->min_port))
ret_err(gen_err);
+ if (daemon->max_port < 0)
+ daemon->max_port = MAX_PORT;
break;
case LOPT_MAXPORT: /* --max-port */
@@ -4754,7 +4756,7 @@ void read_opts(int argc, char **argv, char *compile_opts)
daemon->soa_refresh = SOA_REFRESH;
daemon->soa_retry = SOA_RETRY;
daemon->soa_expiry = SOA_EXPIRY;
- daemon->max_port = MAX_PORT;
+ daemon->max_port = -1;
daemon->min_port = MIN_PORT;
#ifndef NO_ID
--
2.14.4

51
dnsmasq-2.80-nettle.patch
View File

@ -1,51 +0,0 @@
From f332e9e3c5d5671ed8435a06daa2b45272cd20cc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
Date: Wed, 31 Jul 2019 19:44:39 +0200
Subject: [PATCH] Compile with nettle 3.5
Nettle library no longer provides direct access to selected variables.
Use getter functions with backward compatibility with nettle 3.3.
---
src/crypto.c | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/src/crypto.c b/src/crypto.c
index ebb871e..24bfc76 100644
--- a/src/crypto.c
+++ b/src/crypto.c
@@ -26,6 +26,14 @@
#include <nettle/nettle-meta.h>
#include <nettle/bignum.h>
+#ifndef nettle_hashes
+/* nettle 3.4 introduced getters, but ecc-curve does not have its own.
+ * nettle_hashes were first defined in the same version.
+ * nettle 3.5 no longer provides globals without getter access. */
+#define nettle_get_secp_256r1 (&nettle_secp_256r1)
+#define nettle_get_secp_384r1 (&nettle_secp_384r1)
+#endif
+
/* Implement a "hash-function" to the nettle API, which simply returns
the input data, concatenated into a single, statically maintained, buffer.
@@ -294,7 +302,7 @@ static int dnsmasq_ecdsa_verify(struct blockdata *key_data, unsigned int key_len
if (!(key_256 = whine_malloc(sizeof(struct ecc_point))))
return 0;
- nettle_ecc_point_init(key_256, &nettle_secp_256r1);
+ nettle_ecc_point_init(key_256, nettle_get_secp_256r1());
}
key = key_256;
@@ -307,7 +315,7 @@ static int dnsmasq_ecdsa_verify(struct blockdata *key_data, unsigned int key_len
if (!(key_384 = whine_malloc(sizeof(struct ecc_point))))
return 0;
- nettle_ecc_point_init(key_384, &nettle_secp_384r1);
+ nettle_ecc_point_init(key_384, nettle_get_secp_384r1());
}
key = key_384;
--
2.20.1

31
dnsmasq-2.80-rh1674067.patch
View File

@ -1,31 +0,0 @@
From 162e5e0062ce923c494cc64282f293f0ed64fc10 Mon Sep 17 00:00:00 2001
From: Sven Mueller <smu@google.com>
Date: Wed, 27 Feb 2019 21:17:37 +0000
Subject: [PATCH] Fix bug added in 2.80 non-terminal code which returns NODATA
instead of NXDOMAIN.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Thanks to Sven Muleller and Maciej Żenczykowski for work on this.
https://bugzilla.redhat.com/show_bug.cgi?id=1674067 refers.
---
src/cache.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/cache.c b/src/cache.c
index 906f5e1..44c13e4 100644
--- a/src/cache.c
+++ b/src/cache.c
@@ -790,6 +790,7 @@ int cache_find_non_terminal(char *name, time_t now)
if (!is_outdated_cname_pointer(crecp) &&
!is_expired(now, crecp) &&
(crecp->flags & F_FORWARD) &&
+ !(crecp->flags & F_NXDOMAIN) &&
hostname_isequal(name, cache_get_name(crecp)))
return 1;
--
2.20.1

128
dnsmasq-2.80-rh1728701.patch
View File

@ -1,4 +1,4 @@
From f6ae1b90158ce1c4fa7ff803bd94e072c789497c Mon Sep 17 00:00:00 2001
From d571d74b63382f52572f2b060c8caf867dea76dc Mon Sep 17 00:00:00 2001
From: Petr Mensik <pemensik@redhat.com>
Date: Wed, 31 Jul 2019 17:23:45 +0200
Subject: [PATCH] Fix TCP listener after interface is recreated
@ -67,11 +67,11 @@ Date: Thu Jul 4 20:28:08 2019 +0200
5 files changed, 155 insertions(+), 54 deletions(-)
diff --git a/src/dnsmasq.c b/src/dnsmasq.c
index 3dc7c27..12e3621 100644
index 769e063..4755125 100644
--- a/src/dnsmasq.c
+++ b/src/dnsmasq.c
@@ -1708,7 +1708,8 @@ static void check_dns_listeners(time_t now)
#endif
@@ -1820,7 +1820,8 @@ static void check_dns_listeners(time_t now)
addr.addr4 = tcp_addr.in.sin_addr;
for (iface = daemon->interfaces; iface; iface = iface->next)
- if (iface->index == if_index)
@ -81,10 +81,10 @@ index 3dc7c27..12e3621 100644
if (!iface && !loopback_exception(listener->tcpfd, tcp_addr.sa.sa_family, &addr, intr_name))
diff --git a/src/dnsmasq.h b/src/dnsmasq.h
index f53e9a5..8d84714 100644
index c46bfeb..17b5f4e 100644
--- a/src/dnsmasq.h
+++ b/src/dnsmasq.h
@@ -567,7 +567,8 @@ struct irec {
@@ -569,7 +569,8 @@ struct irec {
};
struct listener {
@ -95,30 +95,30 @@ index f53e9a5..8d84714 100644
struct listener *next;
};
diff --git a/src/forward.c b/src/forward.c
index 64af66f..a883fb7 100644
index 77059ed..043c2e2 100644
--- a/src/forward.c
+++ b/src/forward.c
@@ -1304,8 +1304,9 @@ void receive_query(struct listener *listen, time_t now)
@@ -1279,8 +1279,9 @@ void receive_query(struct listener *listen, time_t now)
CMSG_SPACE(sizeof(struct sockaddr_dl))];
#endif
} control_u;
#ifdef HAVE_IPV6
+ int family = listen->addr.sa.sa_family;
/* Can always get recvd interface for IPv6 */
- int check_dst = !option_bool(OPT_NOWILD) || listen->family == AF_INET6;
+ int check_dst = !option_bool(OPT_NOWILD) || family == AF_INET6;
#else
int check_dst = !option_bool(OPT_NOWILD);
#endif
@@ -1320,7 +1321,7 @@ void receive_query(struct listener *listen, time_t now)
/* packet buffer overwritten */
daemon->srv_save = NULL;
@@ -1292,7 +1293,7 @@ void receive_query(struct listener *listen, time_t now)
{
auth_dns = listen->iface->dns_auth;
- if (listen->family == AF_INET)
+ if (family == AF_INET)
{
dst_addr_4 = dst_addr.addr.addr4 = listen->iface->addr.in.sin_addr;
dst_addr_4 = dst_addr.addr4 = listen->iface->addr.in.sin_addr;
netmask = listen->iface->netmask;
@@ -1350,9 +1351,9 @@ void receive_query(struct listener *listen, time_t now)
@@ -1322,9 +1323,9 @@ void receive_query(struct listener *listen, time_t now)
information disclosure. */
memset(daemon->packet + n, 0, daemon->edns_pktsz - n);
@ -130,16 +130,16 @@ index 64af66f..a883fb7 100644
{
/* Source-port == 0 is an error, we can't send back to that.
http://www.ietf.org/mail-archive/web/dnsop/current/msg11441.html */
@@ -1374,7 +1375,7 @@ void receive_query(struct listener *listen, time_t now)
@@ -1344,7 +1345,7 @@ void receive_query(struct listener *listen, time_t now)
{
struct addrlist *addr;
#ifdef HAVE_IPV6
- if (listen->family == AF_INET6)
+ if (family == AF_INET6)
+ if (family == AF_INET6)
{
for (addr = daemon->interface_addrs; addr; addr = addr->next)
if ((addr->flags & ADDRLIST_IPV6) &&
@@ -1413,7 +1414,7 @@ void receive_query(struct listener *listen, time_t now)
@@ -1382,7 +1383,7 @@ void receive_query(struct listener *listen, time_t now)
return;
#if defined(HAVE_LINUX_NETWORK)
@ -148,7 +148,7 @@ index 64af66f..a883fb7 100644
for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr))
if (cmptr->cmsg_level == IPPROTO_IP && cmptr->cmsg_type == IP_PKTINFO)
{
@@ -1426,7 +1427,7 @@ void receive_query(struct listener *listen, time_t now)
@@ -1395,7 +1396,7 @@ void receive_query(struct listener *listen, time_t now)
if_index = p.p->ipi_ifindex;
}
#elif defined(IP_RECVDSTADDR) && defined(IP_RECVIF)
@ -157,16 +157,16 @@ index 64af66f..a883fb7 100644
{
for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr))
{
@@ -1452,7 +1453,7 @@ void receive_query(struct listener *listen, time_t now)
@@ -1420,7 +1421,7 @@ void receive_query(struct listener *listen, time_t now)
}
#endif
#ifdef HAVE_IPV6
- if (listen->family == AF_INET6)
+ if (family == AF_INET6)
{
for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr))
if (cmptr->cmsg_level == IPPROTO_IPV6 && cmptr->cmsg_type == daemon->v6pktinfo)
@@ -1474,16 +1475,16 @@ void receive_query(struct listener *listen, time_t now)
@@ -1441,16 +1442,16 @@ void receive_query(struct listener *listen, time_t now)
if (!indextoname(listen->fd, if_index, ifr.ifr_name))
return;
@ -187,20 +187,20 @@ index 64af66f..a883fb7 100644
{
struct irec *iface;
@@ -1528,7 +1529,7 @@ void receive_query(struct listener *listen, time_t now)
@@ -1495,7 +1496,7 @@ void receive_query(struct listener *listen, time_t now)
#endif
char *types = querystr(auth_dns ? "auth" : "query", type);
- if (listen->family == AF_INET)
+ if (family == AF_INET)
+ if (family == AF_INET)
log_query(F_QUERY | F_IPV4 | F_FORWARD, daemon->namebuff,
(struct all_addr *)&source_addr.in.sin_addr, types);
#ifdef HAVE_IPV6
(union all_addr *)&source_addr.in.sin_addr, types);
else
diff --git a/src/network.c b/src/network.c
index 58a2819..979c223 100644
index 881d823..8c4b3bb 100644
--- a/src/network.c
+++ b/src/network.c
@@ -404,10 +404,11 @@ static int iface_allowed(struct iface_param *param, int if_index, char *label,
@@ -388,10 +388,11 @@ static int iface_allowed(struct iface_param *param, int if_index, char *label,
/* check whether the interface IP has been added already
we call this routine multiple times. */
for (iface = daemon->interfaces; iface; iface = iface->next)
@ -213,7 +213,7 @@ index 58a2819..979c223 100644
return 1;
}
@@ -552,7 +553,82 @@ static int iface_allowed_v4(struct in_addr local, int if_index, char *label,
@@ -532,7 +533,82 @@ static int iface_allowed_v4(struct in_addr local, int if_index, char *label,
return iface_allowed((struct iface_param *)vparam, if_index, label, &addr, netmask, prefix, 0);
}
@ -297,7 +297,7 @@ index 58a2819..979c223 100644
int enumerate_interfaces(int reset)
{
static struct addrlist *spare = NULL;
@@ -652,6 +728,7 @@ int enumerate_interfaces(int reset)
@@ -630,6 +706,7 @@ int enumerate_interfaces(int reset)
in OPT_CLEVERBIND mode, that at listener will just disappear after
a call to enumerate_interfaces, this is checked OK on all calls. */
struct listener *l, *tmp, **up;
@ -305,7 +305,7 @@ index 58a2819..979c223 100644
for (up = &daemon->listeners, l = daemon->listeners; l; l = tmp)
{
@@ -659,25 +736,17 @@ int enumerate_interfaces(int reset)
@@ -637,25 +714,17 @@ int enumerate_interfaces(int reset)
if (!l->iface || l->iface->found)
up = &l->next;
@ -338,7 +338,7 @@ index 58a2819..979c223 100644
errno = errsave;
spare = param.spare;
@@ -920,10 +989,11 @@ static struct listener *create_listeners(union mysockaddr *addr, int do_tftp, in
@@ -893,10 +962,11 @@ static struct listener *create_listeners(union mysockaddr *addr, int do_tftp, in
{
l = safe_malloc(sizeof(struct listener));
l->next = NULL;
@ -352,7 +352,7 @@ index 58a2819..979c223 100644
l->iface = NULL;
}
@@ -964,20 +1034,43 @@ void create_wildcard_listeners(void)
@@ -935,20 +1005,43 @@ void create_wildcard_listeners(void)
daemon->listeners = l;
}
@ -402,7 +402,7 @@ index 58a2819..979c223 100644
}
/* Check for --listen-address options that haven't been used because there's
@@ -995,8 +1088,12 @@ void create_bound_listeners(int dienow)
@@ -966,8 +1059,12 @@ void create_bound_listeners(int dienow)
if (!if_tmp->used &&
(new = create_listeners(&if_tmp->addr, !!option_bool(OPT_TFTP), dienow)))
{
@ -416,21 +416,21 @@ index 58a2819..979c223 100644
}
diff --git a/src/tftp.c b/src/tftp.c
index f2eccbc..9a01dca 100644
index 4c18577..fdd2855 100644
--- a/src/tftp.c
+++ b/src/tftp.c
@@ -61,8 +61,9 @@ void tftp_request(struct listener *listen, time_t now)
char *prefix = daemon->tftp_prefix;
struct tftp_prefix *pref;
struct all_addr addra;
#ifdef HAVE_IPV6
union all_addr addra;
+ int family = listen->addr.sa.sa_family;
/* Can always get recvd interface for IPv6 */
- int check_dest = !option_bool(OPT_NOWILD) || listen->family == AF_INET6;
+ int check_dest = !option_bool(OPT_NOWILD) || family == AF_INET6;
#else
int check_dest = !option_bool(OPT_NOWILD);
#endif
@@ -124,10 +125,10 @@ void tftp_request(struct listener *listen, time_t now)
union {
struct cmsghdr align; /* this ensures alignment */
char control6[CMSG_SPACE(sizeof(struct in6_pktinfo))];
@@ -121,10 +122,10 @@ void tftp_request(struct listener *listen, time_t now)
if (msg.msg_controllen < sizeof(struct cmsghdr))
return;
@ -443,7 +443,7 @@ index f2eccbc..9a01dca 100644
for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr))
if (cmptr->cmsg_level == IPPROTO_IP && cmptr->cmsg_type == IP_PKTINFO)
{
@@ -141,7 +142,7 @@ void tftp_request(struct listener *listen, time_t now)
@@ -138,7 +139,7 @@ void tftp_request(struct listener *listen, time_t now)
}
#elif defined(HAVE_SOLARIS_NETWORK)
@ -452,7 +452,7 @@ index f2eccbc..9a01dca 100644
for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr))
{
union {
@@ -157,7 +158,7 @@ void tftp_request(struct listener *listen, time_t now)
@@ -154,7 +155,7 @@ void tftp_request(struct listener *listen, time_t now)
}
#elif defined(IP_RECVDSTADDR) && defined(IP_RECVIF)
@ -461,25 +461,25 @@ index f2eccbc..9a01dca 100644
for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr))
{
union {
@@ -175,7 +176,7 @@ void tftp_request(struct listener *listen, time_t now)
@@ -171,7 +172,7 @@ void tftp_request(struct listener *listen, time_t now)
#endif
#ifdef HAVE_IPV6
- if (listen->family == AF_INET6)
+ if (family == AF_INET6)
{
for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr))
if (cmptr->cmsg_level == IPPROTO_IPV6 && cmptr->cmsg_type == daemon->v6pktinfo)
@@ -200,7 +201,7 @@ void tftp_request(struct listener *listen, time_t now)
addra.addr.addr4 = addr.in.sin_addr;
@@ -194,7 +195,7 @@ void tftp_request(struct listener *listen, time_t now)
addra.addr4 = addr.in.sin_addr;
#ifdef HAVE_IPV6
- if (listen->family == AF_INET6)
+ if (family == AF_INET6)
addra.addr.addr6 = addr.in6.sin6_addr;
#endif
addra.addr6 = addr.in6.sin6_addr;
@@ -217,12 +218,12 @@ void tftp_request(struct listener *listen, time_t now)
if (daemon->tftp_interfaces)
@@ -210,12 +211,12 @@ void tftp_request(struct listener *listen, time_t now)
else
{
/* Do the same as DHCP */
@ -489,13 +489,13 @@ index f2eccbc..9a01dca 100644
if (!option_bool(OPT_CLEVERBIND))
enumerate_interfaces(0);
- if (!loopback_exception(listen->tftpfd, listen->family, &addra, name) &&
- !label_exception(if_index, listen->family, &addra) )
- !label_exception(if_index, listen->family, &addra))
+ if (!loopback_exception(listen->tftpfd, family, &addra, name) &&
+ !label_exception(if_index, family, &addra) )
+ !label_exception(if_index, family, &addra))
return;
}
@@ -255,7 +256,7 @@ void tftp_request(struct listener *listen, time_t now)
@@ -281,7 +282,7 @@ void tftp_request(struct listener *listen, time_t now)
prefix = pref->prefix;
}
@ -504,25 +504,25 @@ index f2eccbc..9a01dca 100644
{
addr.in.sin_port = htons(port);
#ifdef HAVE_SOCKADDR_SA_LEN
@@ -277,7 +278,7 @@ void tftp_request(struct listener *listen, time_t now)
if (!(transfer = whine_malloc(sizeof(struct tftp_transfer))))
return;
@@ -304,7 +305,7 @@ void tftp_request(struct listener *listen, time_t now)
- if ((transfer->sockfd = socket(listen->family, SOCK_DGRAM, 0)) == -1)
+ if ((transfer->sockfd = socket(family, SOCK_DGRAM, 0)) == -1)
if (option_bool(OPT_SINGLE_PORT))
transfer->sockfd = listen->tftpfd;
- else if ((transfer->sockfd = socket(listen->family, SOCK_DGRAM, 0)) == -1)
+ else if ((transfer->sockfd = socket(family, SOCK_DGRAM, 0)) == -1)
{
free(transfer);
return;
@@ -308,7 +309,7 @@ void tftp_request(struct listener *listen, time_t now)
@@ -337,7 +338,7 @@ void tftp_request(struct listener *listen, time_t now)
{
if (++port <= daemon->end_tftp_port)
{
- if (listen->family == AF_INET)
+ if (family == AF_INET)
addr.in.sin_port = htons(port);
#ifdef HAVE_IPV6
else
@@ -347,7 +348,7 @@ void tftp_request(struct listener *listen, time_t now)
addr.in6.sin6_port = htons(port);
@@ -375,7 +376,7 @@ void tftp_request(struct listener *listen, time_t now)
if ((opt = next(&p, end)) && !option_bool(OPT_TFTP_NOBLOCK))
{
/* 32 bytes for IP, UDP and TFTP headers, 52 bytes for IPv6 */
@ -532,5 +532,5 @@ index f2eccbc..9a01dca 100644
if (transfer->blocksize < 1)
transfer->blocksize = 1;
--
2.20.1
2.21.1

65
dnsmasq-2.80-rh1739797.patch
View File

@ -1,65 +0,0 @@
From 515ba97595e60c762c448657f3c0e545c1e365f9 Mon Sep 17 00:00:00 2001
From: Simon Kelley <simon@thekelleys.org.uk>
Date: Mon, 27 Jan 2020 23:30:10 +0000
Subject: [PATCH] Fix infinite-loop router advert problems.
The previous code here, which started fast-RA whenever that local
address associated with a DHCP context changed, is very vulnerable
to flapping due to dynamically created addresses in the same net.
Simplify so that if a context which has never found an interface now
finds one, that gets advertised, but not for other changes. That satisfies
the original intention that prefixes not in place when dnsmasq starts
should be recognised.
Also totally ignore all interfaces where we are configured not to do DHCP,
to preclude flapping of they have prefixes in common with interfaces
where we do DHCP.
---
src/dhcp6.c | 15 +++++++++++----
1 file changed, 11 insertions(+), 4 deletions(-)
diff --git a/src/dhcp6.c b/src/dhcp6.c
index 041ad07..51788ed 100644
--- a/src/dhcp6.c
+++ b/src/dhcp6.c
@@ -658,7 +658,8 @@ static int construct_worker(struct in6_addr *local, int prefix,
char ifrn_name[IFNAMSIZ];
struct in6_addr start6, end6;
struct dhcp_context *template, *context;
-
+ struct iname *tmp;
+
(void)scope;
(void)flags;
(void)valid;
@@ -677,9 +678,15 @@ static int construct_worker(struct in6_addr *local, int prefix,
if (flags & IFACE_DEPRECATED)
return 1;
- if (!indextoname(daemon->icmp6fd, if_index, ifrn_name))
- return 0;
+ /* Ignore interfaces where we're not doing RA/DHCP6 */
+ if (!indextoname(daemon->icmp6fd, if_index, ifrn_name) ||
+ !iface_check(AF_LOCAL, NULL, ifrn_name, NULL))
+ return 1;
+ for (tmp = daemon->dhcp_except; tmp; tmp = tmp->next)
+ if (tmp->name && wildcard_match(tmp->name, ifrn_name))
+ return 1;
+
for (template = daemon->dhcp6; template; template = template->next)
if (!(template->flags & (CONTEXT_TEMPLATE | CONTEXT_CONSTRUCTED)))
{
@@ -689,7 +696,7 @@ static int construct_worker(struct in6_addr *local, int prefix,
is_same_net6(local, &template->end6, template->prefix))
{
/* First time found, do fast RA. */
- if (template->if_index != if_index || !IN6_ARE_ADDR_EQUAL(&template->local6, local))
+ if (template->if_index == 0)
{
ra_start_unsolicited(param->now, template);
param->newone = 1;
--
2.21.1

17
dnsmasq.spec
View File

@ -1,5 +1,5 @@
%define testrelease 0
%define releasecandidate 0
%define releasecandidate 3
%if 0%{testrelease}
%define extrapath test-releases/
%define extraversion test%{testrelease}
@ -12,13 +12,13 @@
%define _hardened_build 1
Name: dnsmasq
Version: 2.80
Release: 14%{?extraversion:.%{extraversion}}%{?dist}
Version: 2.81
Release: 1%{?extraversion:.%{extraversion}}%{?dist}
Summary: A lightweight DHCP/caching DNS server
License: GPLv2 or GPLv3
URL: http://www.thekelleys.org.uk/dnsmasq/
Source0: http://www.thekelleys.org.uk/dnsmasq/%{?extrapath}%{name}-%{version}%{?extraversion}.tar.xz
Source0: %{url}%{?extrapath}%{name}-%{version}%{?extraversion}.tar.xz
Source1: %{name}.service
Source2: dnsmasq-systemd-sysusers.conf
Source3: %{url}%{?extrapath}%{name}-%{version}%{?extraversion}.tar.xz.asc
@ -32,16 +32,9 @@ Source4: http://www.thekelleys.org.uk/srkgpg.txt
# https://bugzilla.redhat.com/show_bug.cgi?id=1495409
Patch1: dnsmasq-2.77-underflow.patch
Patch3: dnsmasq-2.78-fips.patch
Patch5: dnsmasq-2.79-randomize-ports.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1674067
Patch6: dnsmasq-2.80-rh1674067.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1728701
Patch7: dnsmasq-2.80-rh1728701.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1735096
Patch8: dnsmasq-2.80-nettle.patch
Patch9: dnsmasq-2.80-SIOCGSTAMP.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1739797
Patch10: dnsmasq-2.80-rh1739797.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1810172
# http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=79aba0f10ad0157fb4f48afbbcb03f094caff97a
Patch11: dnsmasq-2.81-prefix-ranges-or-list-of-ipv6-addresses.patch
@ -189,6 +182,8 @@ install -Dpm 644 %{SOURCE2} %{buildroot}%{_sysusersdir}/%{name}.conf
%{_mandir}/man1/dhcp_*
%changelog
* Mon Mar 23 2020 Petr Menšík <pemensik@redhat.com> - 2.81-1.rc3
- Update to 2.81rc3
* Mon Mar 23 2020 Petr Menšík <pemensik@redhat.com> - 2.80-14
- Fix last build breakage of DNS (#1814468)

3
sources
View File

@ -1 +1,2 @@
SHA512 (dnsmasq-2.80.tar.xz) = 58e56beb553fc41311e5dc16d8b0eb3b6801e2bdfbcd0e7a6659703f08960b6ad10d48b0b14a4d727636faf35483e01597cff2ae49e7fe9fa9e214f437b1c068
SHA512 (dnsmasq-2.81rc3.tar.xz) = 2bac2e01550c58f86c5f4be772eaeea59cc0c88531d425797efeedf146991d8d9ed0fe53977e6e6263b63f7441aafd90ccc3e64057e9a0959d7af15850bb05f1
SHA512 (dnsmasq-2.81rc3.tar.xz.asc) = 9835b94f919d8750b667dc92584b5634e5dbd5e672f3337946d4ed5541a26358cbabf04dff4ae6f5ba380d4170889252587dbc704b9b40f56c86440e8b157264