From 57b55437cd9bd8ae1ca7c5a19c56531a1a98eb1f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= Date: Tue, 3 Mar 2020 20:15:05 +0100 Subject: [PATCH] Update to 2.81rc3 Remove patches that has been merged or have alternatives. --- .gitignore | 2 + dnsmasq-2.77-underflow.patch | 27 +++--- dnsmasq-2.79-randomize-ports.patch | 87 -------------------- dnsmasq-2.80-nettle.patch | 51 ------------ dnsmasq-2.80-rh1674067.patch | 31 ------- dnsmasq-2.80-rh1728701.patch | 128 ++++++++++++++--------------- dnsmasq-2.80-rh1739797.patch | 65 --------------- dnsmasq.spec | 17 ++-- sources | 3 +- 9 files changed, 88 insertions(+), 323 deletions(-) delete mode 100644 dnsmasq-2.79-randomize-ports.patch delete mode 100644 dnsmasq-2.80-nettle.patch delete mode 100644 dnsmasq-2.80-rh1674067.patch delete mode 100644 dnsmasq-2.80-rh1739797.patch diff --git a/.gitignore b/.gitignore index 041189e..bfce94a 100644 --- a/.gitignore +++ b/.gitignore @@ -28,3 +28,5 @@ dnsmasq-2.52.tar.lzma /dnsmasq-2.78.tar.xz /dnsmasq-2.79.tar.xz /dnsmasq-2.80.tar.xz +/dnsmasq-2.81rc3.tar.xz +/dnsmasq-2.81rc3.tar.xz.asc diff --git a/dnsmasq-2.77-underflow.patch b/dnsmasq-2.77-underflow.patch index f42212e..2a04039 100644 --- a/dnsmasq-2.77-underflow.patch +++ b/dnsmasq-2.77-underflow.patch @@ -1,4 +1,4 @@ -From 0ef799244732871e043d848f2f845c797f5a0745 Mon Sep 17 00:00:00 2001 +From 684bede049a006a0a47ce88f017ada9f73bf4430 Mon Sep 17 00:00:00 2001 From: Doran Moppert Date: Tue, 26 Sep 2017 14:48:20 +0930 Subject: [PATCH] google patch hand-applied @@ -6,11 +6,11 @@ Subject: [PATCH] google patch hand-applied --- src/edns0.c | 10 +++++----- src/forward.c | 4 ++++ - src/rfc1035.c | 2 ++ - 3 files changed, 11 insertions(+), 5 deletions(-) + src/rfc1035.c | 3 +++ + 3 files changed, 12 insertions(+), 5 deletions(-) diff --git a/src/edns0.c b/src/edns0.c -index af33877..ba6ff0c 100644 +index d75d3cc..7d8cf7f 100644 --- a/src/edns0.c +++ b/src/edns0.c @@ -212,11 +212,11 @@ size_t add_pseudoheader(struct dns_header *header, size_t plen, unsigned char *l @@ -31,10 +31,10 @@ index af33877..ba6ff0c 100644 free(buff); p += rdlen; diff --git a/src/forward.c b/src/forward.c -index 3dd8633..64af66f 100644 +index ed9c8f6..77059ed 100644 --- a/src/forward.c +++ b/src/forward.c -@@ -1577,6 +1577,10 @@ void receive_query(struct listener *listen, time_t now) +@@ -1542,6 +1542,10 @@ void receive_query(struct listener *listen, time_t now) udp_size = PACKETSZ; /* Sanity check - can't reduce below default. RFC 6891 6.2.3 */ } @@ -46,18 +46,19 @@ index 3dd8633..64af66f 100644 if (auth_dns) { diff --git a/src/rfc1035.c b/src/rfc1035.c -index 6290f22..a943ecb 100644 +index f1edc45..15041cc 100644 --- a/src/rfc1035.c +++ b/src/rfc1035.c -@@ -1292,6 +1292,8 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen, - int nxdomain = 0, auth = 1, trunc = 0, sec_data = 1; - struct mx_srv_record *rec; +@@ -1326,6 +1326,9 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen, size_t len; + int rd_bit = (header->hb3 & HB3_RD); + + // Make sure we do not underflow here too. + if (qlen > (limit - ((char *)header))) return 0; - ++ /* never answer queries with RD unset, to avoid cache snooping. */ - if (!(header->hb3 & HB3_RD) || + if (ntohs(header->ancount) != 0 || + ntohs(header->nscount) != 0 || -- -2.14.4 +2.21.1 diff --git a/dnsmasq-2.79-randomize-ports.patch b/dnsmasq-2.79-randomize-ports.patch deleted file mode 100644 index 0f6a815..0000000 --- a/dnsmasq-2.79-randomize-ports.patch +++ /dev/null @@ -1,87 +0,0 @@ -From 8455bcbe5311ee0d15bcebe494580fec8868a93a Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= -Date: Thu, 9 Aug 2018 18:17:26 +0200 -Subject: [PATCH] Use OS random ports by default - -Unless max-port or min-port is given, let OS allocate random ports for -DNS queries. Randomize similar to --query-port=0, but for each query -separately. Would use port according to system policy. ---- - src/dnsmasq.c | 2 +- - src/network.c | 15 ++++++++++++--- - src/option.c | 4 +++- - 3 files changed, 16 insertions(+), 5 deletions(-) - -diff --git a/src/dnsmasq.c b/src/dnsmasq.c -index ac5d8aa..6d51d3b 100644 ---- a/src/dnsmasq.c -+++ b/src/dnsmasq.c -@@ -230,7 +230,7 @@ int main (int argc, char **argv) - die(_("Ubus not available: set HAVE_UBUS in src/config.h"), NULL, EC_BADCONF); - #endif - -- if (daemon->max_port < daemon->min_port) -+ if (daemon->max_port >= 0 && daemon->max_port < daemon->min_port) - die(_("max_port cannot be smaller than min_port"), NULL, EC_BADCONF); - - now = dnsmasq_time(); -diff --git a/src/network.c b/src/network.c -index 8ae7a70..58a2819 100644 ---- a/src/network.c -+++ b/src/network.c -@@ -1138,18 +1138,27 @@ int random_sock(int family) - if ((fd = socket(family, SOCK_DGRAM, 0)) != -1) - { - union mysockaddr addr; -- unsigned int ports_avail = ((unsigned short)daemon->max_port - (unsigned short)daemon->min_port) + 1; -- int tries = ports_avail < 30 ? 3 * ports_avail : 100; -+ unsigned short ports_avail = 0; -+ int tries = 100; -+ unsigned short port = 0; - - memset(&addr, 0, sizeof(addr)); - addr.sa.sa_family = family; - -+ if (daemon->max_port >= 0) -+ { -+ ports_avail = ((unsigned short)daemon->max_port - (unsigned short)daemon->min_port) + 1; -+ if (ports_avail < 30) -+ tries = 3 * ports_avail; -+ } -+ - /* don't loop forever if all ports in use. */ - - if (fix_fd(fd)) - while(tries--) - { -- unsigned short port = htons(daemon->min_port + (rand16() % ((unsigned short)ports_avail))); -+ if (ports_avail) -+ port = htons(daemon->min_port + (rand16() % ports_avail)); - - if (family == AF_INET) - { -diff --git a/src/option.c b/src/option.c -index 7ccbdea..477dd52 100644 ---- a/src/option.c -+++ b/src/option.c -@@ -2619,6 +2619,8 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma - case LOPT_MINPORT: /* --min-port */ - if (!atoi_check16(arg, &daemon->min_port)) - ret_err(gen_err); -+ if (daemon->max_port < 0) -+ daemon->max_port = MAX_PORT; - break; - - case LOPT_MAXPORT: /* --max-port */ -@@ -4754,7 +4756,7 @@ void read_opts(int argc, char **argv, char *compile_opts) - daemon->soa_refresh = SOA_REFRESH; - daemon->soa_retry = SOA_RETRY; - daemon->soa_expiry = SOA_EXPIRY; -- daemon->max_port = MAX_PORT; -+ daemon->max_port = -1; - daemon->min_port = MIN_PORT; - - #ifndef NO_ID --- -2.14.4 - diff --git a/dnsmasq-2.80-nettle.patch b/dnsmasq-2.80-nettle.patch deleted file mode 100644 index d08fc8b..0000000 --- a/dnsmasq-2.80-nettle.patch +++ /dev/null @@ -1,51 +0,0 @@ -From f332e9e3c5d5671ed8435a06daa2b45272cd20cc Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= -Date: Wed, 31 Jul 2019 19:44:39 +0200 -Subject: [PATCH] Compile with nettle 3.5 - -Nettle library no longer provides direct access to selected variables. -Use getter functions with backward compatibility with nettle 3.3. ---- - src/crypto.c | 12 ++++++++++-- - 1 file changed, 10 insertions(+), 2 deletions(-) - -diff --git a/src/crypto.c b/src/crypto.c -index ebb871e..24bfc76 100644 ---- a/src/crypto.c -+++ b/src/crypto.c -@@ -26,6 +26,14 @@ - #include - #include - -+#ifndef nettle_hashes -+/* nettle 3.4 introduced getters, but ecc-curve does not have its own. -+ * nettle_hashes were first defined in the same version. -+ * nettle 3.5 no longer provides globals without getter access. */ -+#define nettle_get_secp_256r1 (&nettle_secp_256r1) -+#define nettle_get_secp_384r1 (&nettle_secp_384r1) -+#endif -+ - /* Implement a "hash-function" to the nettle API, which simply returns - the input data, concatenated into a single, statically maintained, buffer. - -@@ -294,7 +302,7 @@ static int dnsmasq_ecdsa_verify(struct blockdata *key_data, unsigned int key_len - if (!(key_256 = whine_malloc(sizeof(struct ecc_point)))) - return 0; - -- nettle_ecc_point_init(key_256, &nettle_secp_256r1); -+ nettle_ecc_point_init(key_256, nettle_get_secp_256r1()); - } - - key = key_256; -@@ -307,7 +315,7 @@ static int dnsmasq_ecdsa_verify(struct blockdata *key_data, unsigned int key_len - if (!(key_384 = whine_malloc(sizeof(struct ecc_point)))) - return 0; - -- nettle_ecc_point_init(key_384, &nettle_secp_384r1); -+ nettle_ecc_point_init(key_384, nettle_get_secp_384r1()); - } - - key = key_384; --- -2.20.1 - diff --git a/dnsmasq-2.80-rh1674067.patch b/dnsmasq-2.80-rh1674067.patch deleted file mode 100644 index b1f23b0..0000000 --- a/dnsmasq-2.80-rh1674067.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 162e5e0062ce923c494cc64282f293f0ed64fc10 Mon Sep 17 00:00:00 2001 -From: Sven Mueller -Date: Wed, 27 Feb 2019 21:17:37 +0000 -Subject: [PATCH] Fix bug added in 2.80 non-terminal code which returns NODATA - instead of NXDOMAIN. -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Thanks to Sven Muleller and Maciej Żenczykowski for work on this. - -https://bugzilla.redhat.com/show_bug.cgi?id=1674067 refers. ---- - src/cache.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/cache.c b/src/cache.c -index 906f5e1..44c13e4 100644 ---- a/src/cache.c -+++ b/src/cache.c -@@ -790,6 +790,7 @@ int cache_find_non_terminal(char *name, time_t now) - if (!is_outdated_cname_pointer(crecp) && - !is_expired(now, crecp) && - (crecp->flags & F_FORWARD) && -+ !(crecp->flags & F_NXDOMAIN) && - hostname_isequal(name, cache_get_name(crecp))) - return 1; - --- -2.20.1 - diff --git a/dnsmasq-2.80-rh1728701.patch b/dnsmasq-2.80-rh1728701.patch index fed120d..0213518 100644 --- a/dnsmasq-2.80-rh1728701.patch +++ b/dnsmasq-2.80-rh1728701.patch @@ -1,4 +1,4 @@ -From f6ae1b90158ce1c4fa7ff803bd94e072c789497c Mon Sep 17 00:00:00 2001 +From d571d74b63382f52572f2b060c8caf867dea76dc Mon Sep 17 00:00:00 2001 From: Petr Mensik Date: Wed, 31 Jul 2019 17:23:45 +0200 Subject: [PATCH] Fix TCP listener after interface is recreated @@ -67,11 +67,11 @@ Date: Thu Jul 4 20:28:08 2019 +0200 5 files changed, 155 insertions(+), 54 deletions(-) diff --git a/src/dnsmasq.c b/src/dnsmasq.c -index 3dc7c27..12e3621 100644 +index 769e063..4755125 100644 --- a/src/dnsmasq.c +++ b/src/dnsmasq.c -@@ -1708,7 +1708,8 @@ static void check_dns_listeners(time_t now) - #endif +@@ -1820,7 +1820,8 @@ static void check_dns_listeners(time_t now) + addr.addr4 = tcp_addr.in.sin_addr; for (iface = daemon->interfaces; iface; iface = iface->next) - if (iface->index == if_index) @@ -81,10 +81,10 @@ index 3dc7c27..12e3621 100644 if (!iface && !loopback_exception(listener->tcpfd, tcp_addr.sa.sa_family, &addr, intr_name)) diff --git a/src/dnsmasq.h b/src/dnsmasq.h -index f53e9a5..8d84714 100644 +index c46bfeb..17b5f4e 100644 --- a/src/dnsmasq.h +++ b/src/dnsmasq.h -@@ -567,7 +567,8 @@ struct irec { +@@ -569,7 +569,8 @@ struct irec { }; struct listener { @@ -95,30 +95,30 @@ index f53e9a5..8d84714 100644 struct listener *next; }; diff --git a/src/forward.c b/src/forward.c -index 64af66f..a883fb7 100644 +index 77059ed..043c2e2 100644 --- a/src/forward.c +++ b/src/forward.c -@@ -1304,8 +1304,9 @@ void receive_query(struct listener *listen, time_t now) +@@ -1279,8 +1279,9 @@ void receive_query(struct listener *listen, time_t now) + CMSG_SPACE(sizeof(struct sockaddr_dl))]; #endif } control_u; - #ifdef HAVE_IPV6 + int family = listen->addr.sa.sa_family; /* Can always get recvd interface for IPv6 */ - int check_dst = !option_bool(OPT_NOWILD) || listen->family == AF_INET6; + int check_dst = !option_bool(OPT_NOWILD) || family == AF_INET6; - #else - int check_dst = !option_bool(OPT_NOWILD); - #endif -@@ -1320,7 +1321,7 @@ void receive_query(struct listener *listen, time_t now) + + /* packet buffer overwritten */ + daemon->srv_save = NULL; +@@ -1292,7 +1293,7 @@ void receive_query(struct listener *listen, time_t now) { auth_dns = listen->iface->dns_auth; - if (listen->family == AF_INET) + if (family == AF_INET) { - dst_addr_4 = dst_addr.addr.addr4 = listen->iface->addr.in.sin_addr; + dst_addr_4 = dst_addr.addr4 = listen->iface->addr.in.sin_addr; netmask = listen->iface->netmask; -@@ -1350,9 +1351,9 @@ void receive_query(struct listener *listen, time_t now) +@@ -1322,9 +1323,9 @@ void receive_query(struct listener *listen, time_t now) information disclosure. */ memset(daemon->packet + n, 0, daemon->edns_pktsz - n); @@ -130,16 +130,16 @@ index 64af66f..a883fb7 100644 { /* Source-port == 0 is an error, we can't send back to that. http://www.ietf.org/mail-archive/web/dnsop/current/msg11441.html */ -@@ -1374,7 +1375,7 @@ void receive_query(struct listener *listen, time_t now) +@@ -1344,7 +1345,7 @@ void receive_query(struct listener *listen, time_t now) { struct addrlist *addr; - #ifdef HAVE_IPV6 + - if (listen->family == AF_INET6) -+ if (family == AF_INET6) ++ if (family == AF_INET6) { for (addr = daemon->interface_addrs; addr; addr = addr->next) if ((addr->flags & ADDRLIST_IPV6) && -@@ -1413,7 +1414,7 @@ void receive_query(struct listener *listen, time_t now) +@@ -1382,7 +1383,7 @@ void receive_query(struct listener *listen, time_t now) return; #if defined(HAVE_LINUX_NETWORK) @@ -148,7 +148,7 @@ index 64af66f..a883fb7 100644 for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr)) if (cmptr->cmsg_level == IPPROTO_IP && cmptr->cmsg_type == IP_PKTINFO) { -@@ -1426,7 +1427,7 @@ void receive_query(struct listener *listen, time_t now) +@@ -1395,7 +1396,7 @@ void receive_query(struct listener *listen, time_t now) if_index = p.p->ipi_ifindex; } #elif defined(IP_RECVDSTADDR) && defined(IP_RECVIF) @@ -157,16 +157,16 @@ index 64af66f..a883fb7 100644 { for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr)) { -@@ -1452,7 +1453,7 @@ void receive_query(struct listener *listen, time_t now) +@@ -1420,7 +1421,7 @@ void receive_query(struct listener *listen, time_t now) + } #endif - #ifdef HAVE_IPV6 - if (listen->family == AF_INET6) + if (family == AF_INET6) { for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr)) if (cmptr->cmsg_level == IPPROTO_IPV6 && cmptr->cmsg_type == daemon->v6pktinfo) -@@ -1474,16 +1475,16 @@ void receive_query(struct listener *listen, time_t now) +@@ -1441,16 +1442,16 @@ void receive_query(struct listener *listen, time_t now) if (!indextoname(listen->fd, if_index, ifr.ifr_name)) return; @@ -187,20 +187,20 @@ index 64af66f..a883fb7 100644 { struct irec *iface; -@@ -1528,7 +1529,7 @@ void receive_query(struct listener *listen, time_t now) +@@ -1495,7 +1496,7 @@ void receive_query(struct listener *listen, time_t now) #endif char *types = querystr(auth_dns ? "auth" : "query", type); - if (listen->family == AF_INET) -+ if (family == AF_INET) ++ if (family == AF_INET) log_query(F_QUERY | F_IPV4 | F_FORWARD, daemon->namebuff, - (struct all_addr *)&source_addr.in.sin_addr, types); - #ifdef HAVE_IPV6 + (union all_addr *)&source_addr.in.sin_addr, types); + else diff --git a/src/network.c b/src/network.c -index 58a2819..979c223 100644 +index 881d823..8c4b3bb 100644 --- a/src/network.c +++ b/src/network.c -@@ -404,10 +404,11 @@ static int iface_allowed(struct iface_param *param, int if_index, char *label, +@@ -388,10 +388,11 @@ static int iface_allowed(struct iface_param *param, int if_index, char *label, /* check whether the interface IP has been added already we call this routine multiple times. */ for (iface = daemon->interfaces; iface; iface = iface->next) @@ -213,7 +213,7 @@ index 58a2819..979c223 100644 return 1; } -@@ -552,7 +553,82 @@ static int iface_allowed_v4(struct in_addr local, int if_index, char *label, +@@ -532,7 +533,82 @@ static int iface_allowed_v4(struct in_addr local, int if_index, char *label, return iface_allowed((struct iface_param *)vparam, if_index, label, &addr, netmask, prefix, 0); } @@ -297,7 +297,7 @@ index 58a2819..979c223 100644 int enumerate_interfaces(int reset) { static struct addrlist *spare = NULL; -@@ -652,6 +728,7 @@ int enumerate_interfaces(int reset) +@@ -630,6 +706,7 @@ int enumerate_interfaces(int reset) in OPT_CLEVERBIND mode, that at listener will just disappear after a call to enumerate_interfaces, this is checked OK on all calls. */ struct listener *l, *tmp, **up; @@ -305,7 +305,7 @@ index 58a2819..979c223 100644 for (up = &daemon->listeners, l = daemon->listeners; l; l = tmp) { -@@ -659,25 +736,17 @@ int enumerate_interfaces(int reset) +@@ -637,25 +714,17 @@ int enumerate_interfaces(int reset) if (!l->iface || l->iface->found) up = &l->next; @@ -338,7 +338,7 @@ index 58a2819..979c223 100644 errno = errsave; spare = param.spare; -@@ -920,10 +989,11 @@ static struct listener *create_listeners(union mysockaddr *addr, int do_tftp, in +@@ -893,10 +962,11 @@ static struct listener *create_listeners(union mysockaddr *addr, int do_tftp, in { l = safe_malloc(sizeof(struct listener)); l->next = NULL; @@ -352,7 +352,7 @@ index 58a2819..979c223 100644 l->iface = NULL; } -@@ -964,20 +1034,43 @@ void create_wildcard_listeners(void) +@@ -935,20 +1005,43 @@ void create_wildcard_listeners(void) daemon->listeners = l; } @@ -402,7 +402,7 @@ index 58a2819..979c223 100644 } /* Check for --listen-address options that haven't been used because there's -@@ -995,8 +1088,12 @@ void create_bound_listeners(int dienow) +@@ -966,8 +1059,12 @@ void create_bound_listeners(int dienow) if (!if_tmp->used && (new = create_listeners(&if_tmp->addr, !!option_bool(OPT_TFTP), dienow))) { @@ -416,21 +416,21 @@ index 58a2819..979c223 100644 } diff --git a/src/tftp.c b/src/tftp.c -index f2eccbc..9a01dca 100644 +index 4c18577..fdd2855 100644 --- a/src/tftp.c +++ b/src/tftp.c @@ -61,8 +61,9 @@ void tftp_request(struct listener *listen, time_t now) + char *prefix = daemon->tftp_prefix; struct tftp_prefix *pref; - struct all_addr addra; - #ifdef HAVE_IPV6 + union all_addr addra; + int family = listen->addr.sa.sa_family; /* Can always get recvd interface for IPv6 */ - int check_dest = !option_bool(OPT_NOWILD) || listen->family == AF_INET6; + int check_dest = !option_bool(OPT_NOWILD) || family == AF_INET6; - #else - int check_dest = !option_bool(OPT_NOWILD); - #endif -@@ -124,10 +125,10 @@ void tftp_request(struct listener *listen, time_t now) + union { + struct cmsghdr align; /* this ensures alignment */ + char control6[CMSG_SPACE(sizeof(struct in6_pktinfo))]; +@@ -121,10 +122,10 @@ void tftp_request(struct listener *listen, time_t now) if (msg.msg_controllen < sizeof(struct cmsghdr)) return; @@ -443,7 +443,7 @@ index f2eccbc..9a01dca 100644 for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr)) if (cmptr->cmsg_level == IPPROTO_IP && cmptr->cmsg_type == IP_PKTINFO) { -@@ -141,7 +142,7 @@ void tftp_request(struct listener *listen, time_t now) +@@ -138,7 +139,7 @@ void tftp_request(struct listener *listen, time_t now) } #elif defined(HAVE_SOLARIS_NETWORK) @@ -452,7 +452,7 @@ index f2eccbc..9a01dca 100644 for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr)) { union { -@@ -157,7 +158,7 @@ void tftp_request(struct listener *listen, time_t now) +@@ -154,7 +155,7 @@ void tftp_request(struct listener *listen, time_t now) } #elif defined(IP_RECVDSTADDR) && defined(IP_RECVIF) @@ -461,25 +461,25 @@ index f2eccbc..9a01dca 100644 for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr)) { union { -@@ -175,7 +176,7 @@ void tftp_request(struct listener *listen, time_t now) +@@ -171,7 +172,7 @@ void tftp_request(struct listener *listen, time_t now) + #endif - #ifdef HAVE_IPV6 - if (listen->family == AF_INET6) + if (family == AF_INET6) { for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr)) if (cmptr->cmsg_level == IPPROTO_IPV6 && cmptr->cmsg_type == daemon->v6pktinfo) -@@ -200,7 +201,7 @@ void tftp_request(struct listener *listen, time_t now) - addra.addr.addr4 = addr.in.sin_addr; +@@ -194,7 +195,7 @@ void tftp_request(struct listener *listen, time_t now) + + addra.addr4 = addr.in.sin_addr; - #ifdef HAVE_IPV6 - if (listen->family == AF_INET6) + if (family == AF_INET6) - addra.addr.addr6 = addr.in6.sin6_addr; - #endif + addra.addr6 = addr.in6.sin6_addr; -@@ -217,12 +218,12 @@ void tftp_request(struct listener *listen, time_t now) + if (daemon->tftp_interfaces) +@@ -210,12 +211,12 @@ void tftp_request(struct listener *listen, time_t now) else { /* Do the same as DHCP */ @@ -489,13 +489,13 @@ index f2eccbc..9a01dca 100644 if (!option_bool(OPT_CLEVERBIND)) enumerate_interfaces(0); - if (!loopback_exception(listen->tftpfd, listen->family, &addra, name) && -- !label_exception(if_index, listen->family, &addra) ) +- !label_exception(if_index, listen->family, &addra)) + if (!loopback_exception(listen->tftpfd, family, &addra, name) && -+ !label_exception(if_index, family, &addra) ) ++ !label_exception(if_index, family, &addra)) return; } -@@ -255,7 +256,7 @@ void tftp_request(struct listener *listen, time_t now) +@@ -281,7 +282,7 @@ void tftp_request(struct listener *listen, time_t now) prefix = pref->prefix; } @@ -504,25 +504,25 @@ index f2eccbc..9a01dca 100644 { addr.in.sin_port = htons(port); #ifdef HAVE_SOCKADDR_SA_LEN -@@ -277,7 +278,7 @@ void tftp_request(struct listener *listen, time_t now) - if (!(transfer = whine_malloc(sizeof(struct tftp_transfer)))) - return; +@@ -304,7 +305,7 @@ void tftp_request(struct listener *listen, time_t now) -- if ((transfer->sockfd = socket(listen->family, SOCK_DGRAM, 0)) == -1) -+ if ((transfer->sockfd = socket(family, SOCK_DGRAM, 0)) == -1) + if (option_bool(OPT_SINGLE_PORT)) + transfer->sockfd = listen->tftpfd; +- else if ((transfer->sockfd = socket(listen->family, SOCK_DGRAM, 0)) == -1) ++ else if ((transfer->sockfd = socket(family, SOCK_DGRAM, 0)) == -1) { free(transfer); return; -@@ -308,7 +309,7 @@ void tftp_request(struct listener *listen, time_t now) +@@ -337,7 +338,7 @@ void tftp_request(struct listener *listen, time_t now) { if (++port <= daemon->end_tftp_port) { - if (listen->family == AF_INET) + if (family == AF_INET) addr.in.sin_port = htons(port); - #ifdef HAVE_IPV6 else -@@ -347,7 +348,7 @@ void tftp_request(struct listener *listen, time_t now) + addr.in6.sin6_port = htons(port); +@@ -375,7 +376,7 @@ void tftp_request(struct listener *listen, time_t now) if ((opt = next(&p, end)) && !option_bool(OPT_TFTP_NOBLOCK)) { /* 32 bytes for IP, UDP and TFTP headers, 52 bytes for IPv6 */ @@ -532,5 +532,5 @@ index f2eccbc..9a01dca 100644 if (transfer->blocksize < 1) transfer->blocksize = 1; -- -2.20.1 +2.21.1 diff --git a/dnsmasq-2.80-rh1739797.patch b/dnsmasq-2.80-rh1739797.patch deleted file mode 100644 index c6530ff..0000000 --- a/dnsmasq-2.80-rh1739797.patch +++ /dev/null @@ -1,65 +0,0 @@ -From 515ba97595e60c762c448657f3c0e545c1e365f9 Mon Sep 17 00:00:00 2001 -From: Simon Kelley -Date: Mon, 27 Jan 2020 23:30:10 +0000 -Subject: [PATCH] Fix infinite-loop router advert problems. - -The previous code here, which started fast-RA whenever that local -address associated with a DHCP context changed, is very vulnerable -to flapping due to dynamically created addresses in the same net. - -Simplify so that if a context which has never found an interface now -finds one, that gets advertised, but not for other changes. That satisfies -the original intention that prefixes not in place when dnsmasq starts -should be recognised. - -Also totally ignore all interfaces where we are configured not to do DHCP, -to preclude flapping of they have prefixes in common with interfaces -where we do DHCP. ---- - src/dhcp6.c | 15 +++++++++++---- - 1 file changed, 11 insertions(+), 4 deletions(-) - -diff --git a/src/dhcp6.c b/src/dhcp6.c -index 041ad07..51788ed 100644 ---- a/src/dhcp6.c -+++ b/src/dhcp6.c -@@ -658,7 +658,8 @@ static int construct_worker(struct in6_addr *local, int prefix, - char ifrn_name[IFNAMSIZ]; - struct in6_addr start6, end6; - struct dhcp_context *template, *context; -- -+ struct iname *tmp; -+ - (void)scope; - (void)flags; - (void)valid; -@@ -677,9 +678,15 @@ static int construct_worker(struct in6_addr *local, int prefix, - if (flags & IFACE_DEPRECATED) - return 1; - -- if (!indextoname(daemon->icmp6fd, if_index, ifrn_name)) -- return 0; -+ /* Ignore interfaces where we're not doing RA/DHCP6 */ -+ if (!indextoname(daemon->icmp6fd, if_index, ifrn_name) || -+ !iface_check(AF_LOCAL, NULL, ifrn_name, NULL)) -+ return 1; - -+ for (tmp = daemon->dhcp_except; tmp; tmp = tmp->next) -+ if (tmp->name && wildcard_match(tmp->name, ifrn_name)) -+ return 1; -+ - for (template = daemon->dhcp6; template; template = template->next) - if (!(template->flags & (CONTEXT_TEMPLATE | CONTEXT_CONSTRUCTED))) - { -@@ -689,7 +696,7 @@ static int construct_worker(struct in6_addr *local, int prefix, - is_same_net6(local, &template->end6, template->prefix)) - { - /* First time found, do fast RA. */ -- if (template->if_index != if_index || !IN6_ARE_ADDR_EQUAL(&template->local6, local)) -+ if (template->if_index == 0) - { - ra_start_unsolicited(param->now, template); - param->newone = 1; --- -2.21.1 - diff --git a/dnsmasq.spec b/dnsmasq.spec index 06b32a7..e71610b 100644 --- a/dnsmasq.spec +++ b/dnsmasq.spec @@ -1,5 +1,5 @@ %define testrelease 0 -%define releasecandidate 0 +%define releasecandidate 3 %if 0%{testrelease} %define extrapath test-releases/ %define extraversion test%{testrelease} @@ -12,13 +12,13 @@ %define _hardened_build 1 Name: dnsmasq -Version: 2.80 -Release: 14%{?extraversion:.%{extraversion}}%{?dist} +Version: 2.81 +Release: 1%{?extraversion:.%{extraversion}}%{?dist} Summary: A lightweight DHCP/caching DNS server License: GPLv2 or GPLv3 URL: http://www.thekelleys.org.uk/dnsmasq/ -Source0: http://www.thekelleys.org.uk/dnsmasq/%{?extrapath}%{name}-%{version}%{?extraversion}.tar.xz +Source0: %{url}%{?extrapath}%{name}-%{version}%{?extraversion}.tar.xz Source1: %{name}.service Source2: dnsmasq-systemd-sysusers.conf Source3: %{url}%{?extrapath}%{name}-%{version}%{?extraversion}.tar.xz.asc @@ -32,16 +32,9 @@ Source4: http://www.thekelleys.org.uk/srkgpg.txt # https://bugzilla.redhat.com/show_bug.cgi?id=1495409 Patch1: dnsmasq-2.77-underflow.patch Patch3: dnsmasq-2.78-fips.patch -Patch5: dnsmasq-2.79-randomize-ports.patch -# https://bugzilla.redhat.com/show_bug.cgi?id=1674067 -Patch6: dnsmasq-2.80-rh1674067.patch # https://bugzilla.redhat.com/show_bug.cgi?id=1728701 Patch7: dnsmasq-2.80-rh1728701.patch -# https://bugzilla.redhat.com/show_bug.cgi?id=1735096 -Patch8: dnsmasq-2.80-nettle.patch Patch9: dnsmasq-2.80-SIOCGSTAMP.patch -# https://bugzilla.redhat.com/show_bug.cgi?id=1739797 -Patch10: dnsmasq-2.80-rh1739797.patch # https://bugzilla.redhat.com/show_bug.cgi?id=1810172 # http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=79aba0f10ad0157fb4f48afbbcb03f094caff97a Patch11: dnsmasq-2.81-prefix-ranges-or-list-of-ipv6-addresses.patch @@ -189,6 +182,8 @@ install -Dpm 644 %{SOURCE2} %{buildroot}%{_sysusersdir}/%{name}.conf %{_mandir}/man1/dhcp_* %changelog +* Mon Mar 23 2020 Petr Menšík - 2.81-1.rc3 +- Update to 2.81rc3 * Mon Mar 23 2020 Petr Menšík - 2.80-14 - Fix last build breakage of DNS (#1814468) diff --git a/sources b/sources index fd1fa6d..8bcd8d2 100644 --- a/sources +++ b/sources @@ -1 +1,2 @@ -SHA512 (dnsmasq-2.80.tar.xz) = 58e56beb553fc41311e5dc16d8b0eb3b6801e2bdfbcd0e7a6659703f08960b6ad10d48b0b14a4d727636faf35483e01597cff2ae49e7fe9fa9e214f437b1c068 +SHA512 (dnsmasq-2.81rc3.tar.xz) = 2bac2e01550c58f86c5f4be772eaeea59cc0c88531d425797efeedf146991d8d9ed0fe53977e6e6263b63f7441aafd90ccc3e64057e9a0959d7af15850bb05f1 +SHA512 (dnsmasq-2.81rc3.tar.xz.asc) = 9835b94f919d8750b667dc92584b5634e5dbd5e672f3337946d4ed5541a26358cbabf04dff4ae6f5ba380d4170889252587dbc704b9b40f56c86440e8b157264