Update to 2.81rc3

Remove patches that has been merged or have alternatives.
This commit is contained in:
Petr Menšík 2020-03-03 20:15:05 +01:00
parent b8e25263bb
commit 57b55437cd
9 changed files with 88 additions and 323 deletions

2
.gitignore vendored
View File

@ -28,3 +28,5 @@ dnsmasq-2.52.tar.lzma
/dnsmasq-2.78.tar.xz /dnsmasq-2.78.tar.xz
/dnsmasq-2.79.tar.xz /dnsmasq-2.79.tar.xz
/dnsmasq-2.80.tar.xz /dnsmasq-2.80.tar.xz
/dnsmasq-2.81rc3.tar.xz
/dnsmasq-2.81rc3.tar.xz.asc

View File

@ -1,4 +1,4 @@
From 0ef799244732871e043d848f2f845c797f5a0745 Mon Sep 17 00:00:00 2001 From 684bede049a006a0a47ce88f017ada9f73bf4430 Mon Sep 17 00:00:00 2001
From: Doran Moppert <dmoppert@redhat.com> From: Doran Moppert <dmoppert@redhat.com>
Date: Tue, 26 Sep 2017 14:48:20 +0930 Date: Tue, 26 Sep 2017 14:48:20 +0930
Subject: [PATCH] google patch hand-applied Subject: [PATCH] google patch hand-applied
@ -6,11 +6,11 @@ Subject: [PATCH] google patch hand-applied
--- ---
src/edns0.c | 10 +++++----- src/edns0.c | 10 +++++-----
src/forward.c | 4 ++++ src/forward.c | 4 ++++
src/rfc1035.c | 2 ++ src/rfc1035.c | 3 +++
3 files changed, 11 insertions(+), 5 deletions(-) 3 files changed, 12 insertions(+), 5 deletions(-)
diff --git a/src/edns0.c b/src/edns0.c diff --git a/src/edns0.c b/src/edns0.c
index af33877..ba6ff0c 100644 index d75d3cc..7d8cf7f 100644
--- a/src/edns0.c --- a/src/edns0.c
+++ b/src/edns0.c +++ b/src/edns0.c
@@ -212,11 +212,11 @@ size_t add_pseudoheader(struct dns_header *header, size_t plen, unsigned char *l @@ -212,11 +212,11 @@ size_t add_pseudoheader(struct dns_header *header, size_t plen, unsigned char *l
@ -31,10 +31,10 @@ index af33877..ba6ff0c 100644
free(buff); free(buff);
p += rdlen; p += rdlen;
diff --git a/src/forward.c b/src/forward.c diff --git a/src/forward.c b/src/forward.c
index 3dd8633..64af66f 100644 index ed9c8f6..77059ed 100644
--- a/src/forward.c --- a/src/forward.c
+++ b/src/forward.c +++ b/src/forward.c
@@ -1577,6 +1577,10 @@ void receive_query(struct listener *listen, time_t now) @@ -1542,6 +1542,10 @@ void receive_query(struct listener *listen, time_t now)
udp_size = PACKETSZ; /* Sanity check - can't reduce below default. RFC 6891 6.2.3 */ udp_size = PACKETSZ; /* Sanity check - can't reduce below default. RFC 6891 6.2.3 */
} }
@ -46,18 +46,19 @@ index 3dd8633..64af66f 100644
if (auth_dns) if (auth_dns)
{ {
diff --git a/src/rfc1035.c b/src/rfc1035.c diff --git a/src/rfc1035.c b/src/rfc1035.c
index 6290f22..a943ecb 100644 index f1edc45..15041cc 100644
--- a/src/rfc1035.c --- a/src/rfc1035.c
+++ b/src/rfc1035.c +++ b/src/rfc1035.c
@@ -1292,6 +1292,8 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen, @@ -1326,6 +1326,9 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
int nxdomain = 0, auth = 1, trunc = 0, sec_data = 1;
struct mx_srv_record *rec;
size_t len; size_t len;
int rd_bit = (header->hb3 & HB3_RD);
+ // Make sure we do not underflow here too. + // Make sure we do not underflow here too.
+ if (qlen > (limit - ((char *)header))) return 0; + if (qlen > (limit - ((char *)header))) return 0;
+
/* never answer queries with RD unset, to avoid cache snooping. */ /* never answer queries with RD unset, to avoid cache snooping. */
if (!(header->hb3 & HB3_RD) || if (ntohs(header->ancount) != 0 ||
ntohs(header->nscount) != 0 ||
-- --
2.14.4 2.21.1

View File

@ -1,87 +0,0 @@
From 8455bcbe5311ee0d15bcebe494580fec8868a93a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
Date: Thu, 9 Aug 2018 18:17:26 +0200
Subject: [PATCH] Use OS random ports by default
Unless max-port or min-port is given, let OS allocate random ports for
DNS queries. Randomize similar to --query-port=0, but for each query
separately. Would use port according to system policy.
---
src/dnsmasq.c | 2 +-
src/network.c | 15 ++++++++++++---
src/option.c | 4 +++-
3 files changed, 16 insertions(+), 5 deletions(-)
diff --git a/src/dnsmasq.c b/src/dnsmasq.c
index ac5d8aa..6d51d3b 100644
--- a/src/dnsmasq.c
+++ b/src/dnsmasq.c
@@ -230,7 +230,7 @@ int main (int argc, char **argv)
die(_("Ubus not available: set HAVE_UBUS in src/config.h"), NULL, EC_BADCONF);
#endif
- if (daemon->max_port < daemon->min_port)
+ if (daemon->max_port >= 0 && daemon->max_port < daemon->min_port)
die(_("max_port cannot be smaller than min_port"), NULL, EC_BADCONF);
now = dnsmasq_time();
diff --git a/src/network.c b/src/network.c
index 8ae7a70..58a2819 100644
--- a/src/network.c
+++ b/src/network.c
@@ -1138,18 +1138,27 @@ int random_sock(int family)
if ((fd = socket(family, SOCK_DGRAM, 0)) != -1)
{
union mysockaddr addr;
- unsigned int ports_avail = ((unsigned short)daemon->max_port - (unsigned short)daemon->min_port) + 1;
- int tries = ports_avail < 30 ? 3 * ports_avail : 100;
+ unsigned short ports_avail = 0;
+ int tries = 100;
+ unsigned short port = 0;
memset(&addr, 0, sizeof(addr));
addr.sa.sa_family = family;
+ if (daemon->max_port >= 0)
+ {
+ ports_avail = ((unsigned short)daemon->max_port - (unsigned short)daemon->min_port) + 1;
+ if (ports_avail < 30)
+ tries = 3 * ports_avail;
+ }
+
/* don't loop forever if all ports in use. */
if (fix_fd(fd))
while(tries--)
{
- unsigned short port = htons(daemon->min_port + (rand16() % ((unsigned short)ports_avail)));
+ if (ports_avail)
+ port = htons(daemon->min_port + (rand16() % ports_avail));
if (family == AF_INET)
{
diff --git a/src/option.c b/src/option.c
index 7ccbdea..477dd52 100644
--- a/src/option.c
+++ b/src/option.c
@@ -2619,6 +2619,8 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
case LOPT_MINPORT: /* --min-port */
if (!atoi_check16(arg, &daemon->min_port))
ret_err(gen_err);
+ if (daemon->max_port < 0)
+ daemon->max_port = MAX_PORT;
break;
case LOPT_MAXPORT: /* --max-port */
@@ -4754,7 +4756,7 @@ void read_opts(int argc, char **argv, char *compile_opts)
daemon->soa_refresh = SOA_REFRESH;
daemon->soa_retry = SOA_RETRY;
daemon->soa_expiry = SOA_EXPIRY;
- daemon->max_port = MAX_PORT;
+ daemon->max_port = -1;
daemon->min_port = MIN_PORT;
#ifndef NO_ID
--
2.14.4

View File

@ -1,51 +0,0 @@
From f332e9e3c5d5671ed8435a06daa2b45272cd20cc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
Date: Wed, 31 Jul 2019 19:44:39 +0200
Subject: [PATCH] Compile with nettle 3.5
Nettle library no longer provides direct access to selected variables.
Use getter functions with backward compatibility with nettle 3.3.
---
src/crypto.c | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/src/crypto.c b/src/crypto.c
index ebb871e..24bfc76 100644
--- a/src/crypto.c
+++ b/src/crypto.c
@@ -26,6 +26,14 @@
#include <nettle/nettle-meta.h>
#include <nettle/bignum.h>
+#ifndef nettle_hashes
+/* nettle 3.4 introduced getters, but ecc-curve does not have its own.
+ * nettle_hashes were first defined in the same version.
+ * nettle 3.5 no longer provides globals without getter access. */
+#define nettle_get_secp_256r1 (&nettle_secp_256r1)
+#define nettle_get_secp_384r1 (&nettle_secp_384r1)
+#endif
+
/* Implement a "hash-function" to the nettle API, which simply returns
the input data, concatenated into a single, statically maintained, buffer.
@@ -294,7 +302,7 @@ static int dnsmasq_ecdsa_verify(struct blockdata *key_data, unsigned int key_len
if (!(key_256 = whine_malloc(sizeof(struct ecc_point))))
return 0;
- nettle_ecc_point_init(key_256, &nettle_secp_256r1);
+ nettle_ecc_point_init(key_256, nettle_get_secp_256r1());
}
key = key_256;
@@ -307,7 +315,7 @@ static int dnsmasq_ecdsa_verify(struct blockdata *key_data, unsigned int key_len
if (!(key_384 = whine_malloc(sizeof(struct ecc_point))))
return 0;
- nettle_ecc_point_init(key_384, &nettle_secp_384r1);
+ nettle_ecc_point_init(key_384, nettle_get_secp_384r1());
}
key = key_384;
--
2.20.1

View File

@ -1,31 +0,0 @@
From 162e5e0062ce923c494cc64282f293f0ed64fc10 Mon Sep 17 00:00:00 2001
From: Sven Mueller <smu@google.com>
Date: Wed, 27 Feb 2019 21:17:37 +0000
Subject: [PATCH] Fix bug added in 2.80 non-terminal code which returns NODATA
instead of NXDOMAIN.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Thanks to Sven Muleller and Maciej Żenczykowski for work on this.
https://bugzilla.redhat.com/show_bug.cgi?id=1674067 refers.
---
src/cache.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/cache.c b/src/cache.c
index 906f5e1..44c13e4 100644
--- a/src/cache.c
+++ b/src/cache.c
@@ -790,6 +790,7 @@ int cache_find_non_terminal(char *name, time_t now)
if (!is_outdated_cname_pointer(crecp) &&
!is_expired(now, crecp) &&
(crecp->flags & F_FORWARD) &&
+ !(crecp->flags & F_NXDOMAIN) &&
hostname_isequal(name, cache_get_name(crecp)))
return 1;
--
2.20.1

View File

@ -1,4 +1,4 @@
From f6ae1b90158ce1c4fa7ff803bd94e072c789497c Mon Sep 17 00:00:00 2001 From d571d74b63382f52572f2b060c8caf867dea76dc Mon Sep 17 00:00:00 2001
From: Petr Mensik <pemensik@redhat.com> From: Petr Mensik <pemensik@redhat.com>
Date: Wed, 31 Jul 2019 17:23:45 +0200 Date: Wed, 31 Jul 2019 17:23:45 +0200
Subject: [PATCH] Fix TCP listener after interface is recreated Subject: [PATCH] Fix TCP listener after interface is recreated
@ -67,11 +67,11 @@ Date: Thu Jul 4 20:28:08 2019 +0200
5 files changed, 155 insertions(+), 54 deletions(-) 5 files changed, 155 insertions(+), 54 deletions(-)
diff --git a/src/dnsmasq.c b/src/dnsmasq.c diff --git a/src/dnsmasq.c b/src/dnsmasq.c
index 3dc7c27..12e3621 100644 index 769e063..4755125 100644
--- a/src/dnsmasq.c --- a/src/dnsmasq.c
+++ b/src/dnsmasq.c +++ b/src/dnsmasq.c
@@ -1708,7 +1708,8 @@ static void check_dns_listeners(time_t now) @@ -1820,7 +1820,8 @@ static void check_dns_listeners(time_t now)
#endif addr.addr4 = tcp_addr.in.sin_addr;
for (iface = daemon->interfaces; iface; iface = iface->next) for (iface = daemon->interfaces; iface; iface = iface->next)
- if (iface->index == if_index) - if (iface->index == if_index)
@ -81,10 +81,10 @@ index 3dc7c27..12e3621 100644
if (!iface && !loopback_exception(listener->tcpfd, tcp_addr.sa.sa_family, &addr, intr_name)) if (!iface && !loopback_exception(listener->tcpfd, tcp_addr.sa.sa_family, &addr, intr_name))
diff --git a/src/dnsmasq.h b/src/dnsmasq.h diff --git a/src/dnsmasq.h b/src/dnsmasq.h
index f53e9a5..8d84714 100644 index c46bfeb..17b5f4e 100644
--- a/src/dnsmasq.h --- a/src/dnsmasq.h
+++ b/src/dnsmasq.h +++ b/src/dnsmasq.h
@@ -567,7 +567,8 @@ struct irec { @@ -569,7 +569,8 @@ struct irec {
}; };
struct listener { struct listener {
@ -95,30 +95,30 @@ index f53e9a5..8d84714 100644
struct listener *next; struct listener *next;
}; };
diff --git a/src/forward.c b/src/forward.c diff --git a/src/forward.c b/src/forward.c
index 64af66f..a883fb7 100644 index 77059ed..043c2e2 100644
--- a/src/forward.c --- a/src/forward.c
+++ b/src/forward.c +++ b/src/forward.c
@@ -1304,8 +1304,9 @@ void receive_query(struct listener *listen, time_t now) @@ -1279,8 +1279,9 @@ void receive_query(struct listener *listen, time_t now)
CMSG_SPACE(sizeof(struct sockaddr_dl))];
#endif #endif
} control_u; } control_u;
#ifdef HAVE_IPV6
+ int family = listen->addr.sa.sa_family; + int family = listen->addr.sa.sa_family;
/* Can always get recvd interface for IPv6 */ /* Can always get recvd interface for IPv6 */
- int check_dst = !option_bool(OPT_NOWILD) || listen->family == AF_INET6; - int check_dst = !option_bool(OPT_NOWILD) || listen->family == AF_INET6;
+ int check_dst = !option_bool(OPT_NOWILD) || family == AF_INET6; + int check_dst = !option_bool(OPT_NOWILD) || family == AF_INET6;
#else
int check_dst = !option_bool(OPT_NOWILD); /* packet buffer overwritten */
#endif daemon->srv_save = NULL;
@@ -1320,7 +1321,7 @@ void receive_query(struct listener *listen, time_t now) @@ -1292,7 +1293,7 @@ void receive_query(struct listener *listen, time_t now)
{ {
auth_dns = listen->iface->dns_auth; auth_dns = listen->iface->dns_auth;
- if (listen->family == AF_INET) - if (listen->family == AF_INET)
+ if (family == AF_INET) + if (family == AF_INET)
{ {
dst_addr_4 = dst_addr.addr.addr4 = listen->iface->addr.in.sin_addr; dst_addr_4 = dst_addr.addr4 = listen->iface->addr.in.sin_addr;
netmask = listen->iface->netmask; netmask = listen->iface->netmask;
@@ -1350,9 +1351,9 @@ void receive_query(struct listener *listen, time_t now) @@ -1322,9 +1323,9 @@ void receive_query(struct listener *listen, time_t now)
information disclosure. */ information disclosure. */
memset(daemon->packet + n, 0, daemon->edns_pktsz - n); memset(daemon->packet + n, 0, daemon->edns_pktsz - n);
@ -130,16 +130,16 @@ index 64af66f..a883fb7 100644
{ {
/* Source-port == 0 is an error, we can't send back to that. /* Source-port == 0 is an error, we can't send back to that.
http://www.ietf.org/mail-archive/web/dnsop/current/msg11441.html */ http://www.ietf.org/mail-archive/web/dnsop/current/msg11441.html */
@@ -1374,7 +1375,7 @@ void receive_query(struct listener *listen, time_t now) @@ -1344,7 +1345,7 @@ void receive_query(struct listener *listen, time_t now)
{ {
struct addrlist *addr; struct addrlist *addr;
#ifdef HAVE_IPV6
- if (listen->family == AF_INET6) - if (listen->family == AF_INET6)
+ if (family == AF_INET6) + if (family == AF_INET6)
{ {
for (addr = daemon->interface_addrs; addr; addr = addr->next) for (addr = daemon->interface_addrs; addr; addr = addr->next)
if ((addr->flags & ADDRLIST_IPV6) && if ((addr->flags & ADDRLIST_IPV6) &&
@@ -1413,7 +1414,7 @@ void receive_query(struct listener *listen, time_t now) @@ -1382,7 +1383,7 @@ void receive_query(struct listener *listen, time_t now)
return; return;
#if defined(HAVE_LINUX_NETWORK) #if defined(HAVE_LINUX_NETWORK)
@ -148,7 +148,7 @@ index 64af66f..a883fb7 100644
for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr)) for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr))
if (cmptr->cmsg_level == IPPROTO_IP && cmptr->cmsg_type == IP_PKTINFO) if (cmptr->cmsg_level == IPPROTO_IP && cmptr->cmsg_type == IP_PKTINFO)
{ {
@@ -1426,7 +1427,7 @@ void receive_query(struct listener *listen, time_t now) @@ -1395,7 +1396,7 @@ void receive_query(struct listener *listen, time_t now)
if_index = p.p->ipi_ifindex; if_index = p.p->ipi_ifindex;
} }
#elif defined(IP_RECVDSTADDR) && defined(IP_RECVIF) #elif defined(IP_RECVDSTADDR) && defined(IP_RECVIF)
@ -157,16 +157,16 @@ index 64af66f..a883fb7 100644
{ {
for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr)) for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr))
{ {
@@ -1452,7 +1453,7 @@ void receive_query(struct listener *listen, time_t now) @@ -1420,7 +1421,7 @@ void receive_query(struct listener *listen, time_t now)
}
#endif #endif
#ifdef HAVE_IPV6
- if (listen->family == AF_INET6) - if (listen->family == AF_INET6)
+ if (family == AF_INET6) + if (family == AF_INET6)
{ {
for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr)) for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr))
if (cmptr->cmsg_level == IPPROTO_IPV6 && cmptr->cmsg_type == daemon->v6pktinfo) if (cmptr->cmsg_level == IPPROTO_IPV6 && cmptr->cmsg_type == daemon->v6pktinfo)
@@ -1474,16 +1475,16 @@ void receive_query(struct listener *listen, time_t now) @@ -1441,16 +1442,16 @@ void receive_query(struct listener *listen, time_t now)
if (!indextoname(listen->fd, if_index, ifr.ifr_name)) if (!indextoname(listen->fd, if_index, ifr.ifr_name))
return; return;
@ -187,20 +187,20 @@ index 64af66f..a883fb7 100644
{ {
struct irec *iface; struct irec *iface;
@@ -1528,7 +1529,7 @@ void receive_query(struct listener *listen, time_t now) @@ -1495,7 +1496,7 @@ void receive_query(struct listener *listen, time_t now)
#endif #endif
char *types = querystr(auth_dns ? "auth" : "query", type); char *types = querystr(auth_dns ? "auth" : "query", type);
- if (listen->family == AF_INET) - if (listen->family == AF_INET)
+ if (family == AF_INET) + if (family == AF_INET)
log_query(F_QUERY | F_IPV4 | F_FORWARD, daemon->namebuff, log_query(F_QUERY | F_IPV4 | F_FORWARD, daemon->namebuff,
(struct all_addr *)&source_addr.in.sin_addr, types); (union all_addr *)&source_addr.in.sin_addr, types);
#ifdef HAVE_IPV6 else
diff --git a/src/network.c b/src/network.c diff --git a/src/network.c b/src/network.c
index 58a2819..979c223 100644 index 881d823..8c4b3bb 100644
--- a/src/network.c --- a/src/network.c
+++ b/src/network.c +++ b/src/network.c
@@ -404,10 +404,11 @@ static int iface_allowed(struct iface_param *param, int if_index, char *label, @@ -388,10 +388,11 @@ static int iface_allowed(struct iface_param *param, int if_index, char *label,
/* check whether the interface IP has been added already /* check whether the interface IP has been added already
we call this routine multiple times. */ we call this routine multiple times. */
for (iface = daemon->interfaces; iface; iface = iface->next) for (iface = daemon->interfaces; iface; iface = iface->next)
@ -213,7 +213,7 @@ index 58a2819..979c223 100644
return 1; return 1;
} }
@@ -552,7 +553,82 @@ static int iface_allowed_v4(struct in_addr local, int if_index, char *label, @@ -532,7 +533,82 @@ static int iface_allowed_v4(struct in_addr local, int if_index, char *label,
return iface_allowed((struct iface_param *)vparam, if_index, label, &addr, netmask, prefix, 0); return iface_allowed((struct iface_param *)vparam, if_index, label, &addr, netmask, prefix, 0);
} }
@ -297,7 +297,7 @@ index 58a2819..979c223 100644
int enumerate_interfaces(int reset) int enumerate_interfaces(int reset)
{ {
static struct addrlist *spare = NULL; static struct addrlist *spare = NULL;
@@ -652,6 +728,7 @@ int enumerate_interfaces(int reset) @@ -630,6 +706,7 @@ int enumerate_interfaces(int reset)
in OPT_CLEVERBIND mode, that at listener will just disappear after in OPT_CLEVERBIND mode, that at listener will just disappear after
a call to enumerate_interfaces, this is checked OK on all calls. */ a call to enumerate_interfaces, this is checked OK on all calls. */
struct listener *l, *tmp, **up; struct listener *l, *tmp, **up;
@ -305,7 +305,7 @@ index 58a2819..979c223 100644
for (up = &daemon->listeners, l = daemon->listeners; l; l = tmp) for (up = &daemon->listeners, l = daemon->listeners; l; l = tmp)
{ {
@@ -659,25 +736,17 @@ int enumerate_interfaces(int reset) @@ -637,25 +714,17 @@ int enumerate_interfaces(int reset)
if (!l->iface || l->iface->found) if (!l->iface || l->iface->found)
up = &l->next; up = &l->next;
@ -338,7 +338,7 @@ index 58a2819..979c223 100644
errno = errsave; errno = errsave;
spare = param.spare; spare = param.spare;
@@ -920,10 +989,11 @@ static struct listener *create_listeners(union mysockaddr *addr, int do_tftp, in @@ -893,10 +962,11 @@ static struct listener *create_listeners(union mysockaddr *addr, int do_tftp, in
{ {
l = safe_malloc(sizeof(struct listener)); l = safe_malloc(sizeof(struct listener));
l->next = NULL; l->next = NULL;
@ -352,7 +352,7 @@ index 58a2819..979c223 100644
l->iface = NULL; l->iface = NULL;
} }
@@ -964,20 +1034,43 @@ void create_wildcard_listeners(void) @@ -935,20 +1005,43 @@ void create_wildcard_listeners(void)
daemon->listeners = l; daemon->listeners = l;
} }
@ -402,7 +402,7 @@ index 58a2819..979c223 100644
} }
/* Check for --listen-address options that haven't been used because there's /* Check for --listen-address options that haven't been used because there's
@@ -995,8 +1088,12 @@ void create_bound_listeners(int dienow) @@ -966,8 +1059,12 @@ void create_bound_listeners(int dienow)
if (!if_tmp->used && if (!if_tmp->used &&
(new = create_listeners(&if_tmp->addr, !!option_bool(OPT_TFTP), dienow))) (new = create_listeners(&if_tmp->addr, !!option_bool(OPT_TFTP), dienow)))
{ {
@ -416,21 +416,21 @@ index 58a2819..979c223 100644
} }
diff --git a/src/tftp.c b/src/tftp.c diff --git a/src/tftp.c b/src/tftp.c
index f2eccbc..9a01dca 100644 index 4c18577..fdd2855 100644
--- a/src/tftp.c --- a/src/tftp.c
+++ b/src/tftp.c +++ b/src/tftp.c
@@ -61,8 +61,9 @@ void tftp_request(struct listener *listen, time_t now) @@ -61,8 +61,9 @@ void tftp_request(struct listener *listen, time_t now)
char *prefix = daemon->tftp_prefix;
struct tftp_prefix *pref; struct tftp_prefix *pref;
struct all_addr addra; union all_addr addra;
#ifdef HAVE_IPV6
+ int family = listen->addr.sa.sa_family; + int family = listen->addr.sa.sa_family;
/* Can always get recvd interface for IPv6 */ /* Can always get recvd interface for IPv6 */
- int check_dest = !option_bool(OPT_NOWILD) || listen->family == AF_INET6; - int check_dest = !option_bool(OPT_NOWILD) || listen->family == AF_INET6;
+ int check_dest = !option_bool(OPT_NOWILD) || family == AF_INET6; + int check_dest = !option_bool(OPT_NOWILD) || family == AF_INET6;
#else union {
int check_dest = !option_bool(OPT_NOWILD); struct cmsghdr align; /* this ensures alignment */
#endif char control6[CMSG_SPACE(sizeof(struct in6_pktinfo))];
@@ -124,10 +125,10 @@ void tftp_request(struct listener *listen, time_t now) @@ -121,10 +122,10 @@ void tftp_request(struct listener *listen, time_t now)
if (msg.msg_controllen < sizeof(struct cmsghdr)) if (msg.msg_controllen < sizeof(struct cmsghdr))
return; return;
@ -443,7 +443,7 @@ index f2eccbc..9a01dca 100644
for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr)) for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr))
if (cmptr->cmsg_level == IPPROTO_IP && cmptr->cmsg_type == IP_PKTINFO) if (cmptr->cmsg_level == IPPROTO_IP && cmptr->cmsg_type == IP_PKTINFO)
{ {
@@ -141,7 +142,7 @@ void tftp_request(struct listener *listen, time_t now) @@ -138,7 +139,7 @@ void tftp_request(struct listener *listen, time_t now)
} }
#elif defined(HAVE_SOLARIS_NETWORK) #elif defined(HAVE_SOLARIS_NETWORK)
@ -452,7 +452,7 @@ index f2eccbc..9a01dca 100644
for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr)) for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr))
{ {
union { union {
@@ -157,7 +158,7 @@ void tftp_request(struct listener *listen, time_t now) @@ -154,7 +155,7 @@ void tftp_request(struct listener *listen, time_t now)
} }
#elif defined(IP_RECVDSTADDR) && defined(IP_RECVIF) #elif defined(IP_RECVDSTADDR) && defined(IP_RECVIF)
@ -461,25 +461,25 @@ index f2eccbc..9a01dca 100644
for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr)) for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr))
{ {
union { union {
@@ -175,7 +176,7 @@ void tftp_request(struct listener *listen, time_t now) @@ -171,7 +172,7 @@ void tftp_request(struct listener *listen, time_t now)
#endif #endif
#ifdef HAVE_IPV6
- if (listen->family == AF_INET6) - if (listen->family == AF_INET6)
+ if (family == AF_INET6) + if (family == AF_INET6)
{ {
for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr)) for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr))
if (cmptr->cmsg_level == IPPROTO_IPV6 && cmptr->cmsg_type == daemon->v6pktinfo) if (cmptr->cmsg_level == IPPROTO_IPV6 && cmptr->cmsg_type == daemon->v6pktinfo)
@@ -200,7 +201,7 @@ void tftp_request(struct listener *listen, time_t now) @@ -194,7 +195,7 @@ void tftp_request(struct listener *listen, time_t now)
addra.addr.addr4 = addr.in.sin_addr;
addra.addr4 = addr.in.sin_addr;
#ifdef HAVE_IPV6
- if (listen->family == AF_INET6) - if (listen->family == AF_INET6)
+ if (family == AF_INET6) + if (family == AF_INET6)
addra.addr.addr6 = addr.in6.sin6_addr; addra.addr6 = addr.in6.sin6_addr;
#endif
@@ -217,12 +218,12 @@ void tftp_request(struct listener *listen, time_t now) if (daemon->tftp_interfaces)
@@ -210,12 +211,12 @@ void tftp_request(struct listener *listen, time_t now)
else else
{ {
/* Do the same as DHCP */ /* Do the same as DHCP */
@ -495,7 +495,7 @@ index f2eccbc..9a01dca 100644
return; return;
} }
@@ -255,7 +256,7 @@ void tftp_request(struct listener *listen, time_t now) @@ -281,7 +282,7 @@ void tftp_request(struct listener *listen, time_t now)
prefix = pref->prefix; prefix = pref->prefix;
} }
@ -504,25 +504,25 @@ index f2eccbc..9a01dca 100644
{ {
addr.in.sin_port = htons(port); addr.in.sin_port = htons(port);
#ifdef HAVE_SOCKADDR_SA_LEN #ifdef HAVE_SOCKADDR_SA_LEN
@@ -277,7 +278,7 @@ void tftp_request(struct listener *listen, time_t now) @@ -304,7 +305,7 @@ void tftp_request(struct listener *listen, time_t now)
if (!(transfer = whine_malloc(sizeof(struct tftp_transfer))))
return;
- if ((transfer->sockfd = socket(listen->family, SOCK_DGRAM, 0)) == -1) if (option_bool(OPT_SINGLE_PORT))
+ if ((transfer->sockfd = socket(family, SOCK_DGRAM, 0)) == -1) transfer->sockfd = listen->tftpfd;
- else if ((transfer->sockfd = socket(listen->family, SOCK_DGRAM, 0)) == -1)
+ else if ((transfer->sockfd = socket(family, SOCK_DGRAM, 0)) == -1)
{ {
free(transfer); free(transfer);
return; return;
@@ -308,7 +309,7 @@ void tftp_request(struct listener *listen, time_t now) @@ -337,7 +338,7 @@ void tftp_request(struct listener *listen, time_t now)
{ {
if (++port <= daemon->end_tftp_port) if (++port <= daemon->end_tftp_port)
{ {
- if (listen->family == AF_INET) - if (listen->family == AF_INET)
+ if (family == AF_INET) + if (family == AF_INET)
addr.in.sin_port = htons(port); addr.in.sin_port = htons(port);
#ifdef HAVE_IPV6
else else
@@ -347,7 +348,7 @@ void tftp_request(struct listener *listen, time_t now) addr.in6.sin6_port = htons(port);
@@ -375,7 +376,7 @@ void tftp_request(struct listener *listen, time_t now)
if ((opt = next(&p, end)) && !option_bool(OPT_TFTP_NOBLOCK)) if ((opt = next(&p, end)) && !option_bool(OPT_TFTP_NOBLOCK))
{ {
/* 32 bytes for IP, UDP and TFTP headers, 52 bytes for IPv6 */ /* 32 bytes for IP, UDP and TFTP headers, 52 bytes for IPv6 */
@ -532,5 +532,5 @@ index f2eccbc..9a01dca 100644
if (transfer->blocksize < 1) if (transfer->blocksize < 1)
transfer->blocksize = 1; transfer->blocksize = 1;
-- --
2.20.1 2.21.1

View File

@ -1,65 +0,0 @@
From 515ba97595e60c762c448657f3c0e545c1e365f9 Mon Sep 17 00:00:00 2001
From: Simon Kelley <simon@thekelleys.org.uk>
Date: Mon, 27 Jan 2020 23:30:10 +0000
Subject: [PATCH] Fix infinite-loop router advert problems.
The previous code here, which started fast-RA whenever that local
address associated with a DHCP context changed, is very vulnerable
to flapping due to dynamically created addresses in the same net.
Simplify so that if a context which has never found an interface now
finds one, that gets advertised, but not for other changes. That satisfies
the original intention that prefixes not in place when dnsmasq starts
should be recognised.
Also totally ignore all interfaces where we are configured not to do DHCP,
to preclude flapping of they have prefixes in common with interfaces
where we do DHCP.
---
src/dhcp6.c | 15 +++++++++++----
1 file changed, 11 insertions(+), 4 deletions(-)
diff --git a/src/dhcp6.c b/src/dhcp6.c
index 041ad07..51788ed 100644
--- a/src/dhcp6.c
+++ b/src/dhcp6.c
@@ -658,7 +658,8 @@ static int construct_worker(struct in6_addr *local, int prefix,
char ifrn_name[IFNAMSIZ];
struct in6_addr start6, end6;
struct dhcp_context *template, *context;
-
+ struct iname *tmp;
+
(void)scope;
(void)flags;
(void)valid;
@@ -677,9 +678,15 @@ static int construct_worker(struct in6_addr *local, int prefix,
if (flags & IFACE_DEPRECATED)
return 1;
- if (!indextoname(daemon->icmp6fd, if_index, ifrn_name))
- return 0;
+ /* Ignore interfaces where we're not doing RA/DHCP6 */
+ if (!indextoname(daemon->icmp6fd, if_index, ifrn_name) ||
+ !iface_check(AF_LOCAL, NULL, ifrn_name, NULL))
+ return 1;
+ for (tmp = daemon->dhcp_except; tmp; tmp = tmp->next)
+ if (tmp->name && wildcard_match(tmp->name, ifrn_name))
+ return 1;
+
for (template = daemon->dhcp6; template; template = template->next)
if (!(template->flags & (CONTEXT_TEMPLATE | CONTEXT_CONSTRUCTED)))
{
@@ -689,7 +696,7 @@ static int construct_worker(struct in6_addr *local, int prefix,
is_same_net6(local, &template->end6, template->prefix))
{
/* First time found, do fast RA. */
- if (template->if_index != if_index || !IN6_ARE_ADDR_EQUAL(&template->local6, local))
+ if (template->if_index == 0)
{
ra_start_unsolicited(param->now, template);
param->newone = 1;
--
2.21.1

View File

@ -1,5 +1,5 @@
%define testrelease 0 %define testrelease 0
%define releasecandidate 0 %define releasecandidate 3
%if 0%{testrelease} %if 0%{testrelease}
%define extrapath test-releases/ %define extrapath test-releases/
%define extraversion test%{testrelease} %define extraversion test%{testrelease}
@ -12,13 +12,13 @@
%define _hardened_build 1 %define _hardened_build 1
Name: dnsmasq Name: dnsmasq
Version: 2.80 Version: 2.81
Release: 14%{?extraversion:.%{extraversion}}%{?dist} Release: 1%{?extraversion:.%{extraversion}}%{?dist}
Summary: A lightweight DHCP/caching DNS server Summary: A lightweight DHCP/caching DNS server
License: GPLv2 or GPLv3 License: GPLv2 or GPLv3
URL: http://www.thekelleys.org.uk/dnsmasq/ URL: http://www.thekelleys.org.uk/dnsmasq/
Source0: http://www.thekelleys.org.uk/dnsmasq/%{?extrapath}%{name}-%{version}%{?extraversion}.tar.xz Source0: %{url}%{?extrapath}%{name}-%{version}%{?extraversion}.tar.xz
Source1: %{name}.service Source1: %{name}.service
Source2: dnsmasq-systemd-sysusers.conf Source2: dnsmasq-systemd-sysusers.conf
Source3: %{url}%{?extrapath}%{name}-%{version}%{?extraversion}.tar.xz.asc Source3: %{url}%{?extrapath}%{name}-%{version}%{?extraversion}.tar.xz.asc
@ -32,16 +32,9 @@ Source4: http://www.thekelleys.org.uk/srkgpg.txt
# https://bugzilla.redhat.com/show_bug.cgi?id=1495409 # https://bugzilla.redhat.com/show_bug.cgi?id=1495409
Patch1: dnsmasq-2.77-underflow.patch Patch1: dnsmasq-2.77-underflow.patch
Patch3: dnsmasq-2.78-fips.patch Patch3: dnsmasq-2.78-fips.patch
Patch5: dnsmasq-2.79-randomize-ports.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1674067
Patch6: dnsmasq-2.80-rh1674067.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1728701 # https://bugzilla.redhat.com/show_bug.cgi?id=1728701
Patch7: dnsmasq-2.80-rh1728701.patch Patch7: dnsmasq-2.80-rh1728701.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1735096
Patch8: dnsmasq-2.80-nettle.patch
Patch9: dnsmasq-2.80-SIOCGSTAMP.patch Patch9: dnsmasq-2.80-SIOCGSTAMP.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1739797
Patch10: dnsmasq-2.80-rh1739797.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1810172 # https://bugzilla.redhat.com/show_bug.cgi?id=1810172
# http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=79aba0f10ad0157fb4f48afbbcb03f094caff97a # http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=79aba0f10ad0157fb4f48afbbcb03f094caff97a
Patch11: dnsmasq-2.81-prefix-ranges-or-list-of-ipv6-addresses.patch Patch11: dnsmasq-2.81-prefix-ranges-or-list-of-ipv6-addresses.patch
@ -189,6 +182,8 @@ install -Dpm 644 %{SOURCE2} %{buildroot}%{_sysusersdir}/%{name}.conf
%{_mandir}/man1/dhcp_* %{_mandir}/man1/dhcp_*
%changelog %changelog
* Mon Mar 23 2020 Petr Menšík <pemensik@redhat.com> - 2.81-1.rc3
- Update to 2.81rc3
* Mon Mar 23 2020 Petr Menšík <pemensik@redhat.com> - 2.80-14 * Mon Mar 23 2020 Petr Menšík <pemensik@redhat.com> - 2.80-14
- Fix last build breakage of DNS (#1814468) - Fix last build breakage of DNS (#1814468)

View File

@ -1 +1,2 @@
SHA512 (dnsmasq-2.80.tar.xz) = 58e56beb553fc41311e5dc16d8b0eb3b6801e2bdfbcd0e7a6659703f08960b6ad10d48b0b14a4d727636faf35483e01597cff2ae49e7fe9fa9e214f437b1c068 SHA512 (dnsmasq-2.81rc3.tar.xz) = 2bac2e01550c58f86c5f4be772eaeea59cc0c88531d425797efeedf146991d8d9ed0fe53977e6e6263b63f7441aafd90ccc3e64057e9a0959d7af15850bb05f1
SHA512 (dnsmasq-2.81rc3.tar.xz.asc) = 9835b94f919d8750b667dc92584b5634e5dbd5e672f3337946d4ed5541a26358cbabf04dff4ae6f5ba380d4170889252587dbc704b9b40f56c86440e8b157264