import dnsmasq-2.79-9.el8

SOURCES/dnsmasq-2.76-rh1728698-1.patch

@@ -0,0 +1,52 @@
+From cae343c1f3bea9d1ca2e71d3709d3f02b799f94d Mon Sep 17 00:00:00 2001
+From: Petr Mensik <pemensik@redhat.com>
+Date: Thu, 4 Jul 2019 20:28:08 +0200
+Subject: [PATCH 1/5] Log listening on new interfaces
+
+Log in debug mode listening on interfaces. They can be dynamically
+found, include interface number, since it is checked on TCP connections.
+Print also addresses found on them.
+---
+ src/network.c | 12 ++++++++++++
+ 1 file changed, 12 insertions(+)
+
+diff --git a/src/network.c b/src/network.c
+index d75f560..fd90288 100644
+--- a/src/network.c
++++ b/src/network.c
+@@ -662,6 +662,13 @@ int enumerate_interfaces(int reset)
+ 	  else
+ 	    {
+ 	      *up = l->next;
++	      if (l->iface->done)
++	        {
++	          iface = l->iface;
++	          (void)prettyprint_addr(&iface->addr, daemon->addrbuff);
++	          my_syslog(LOG_DEBUG, _("stopped listening on %s(#%d): %s"),
++	                    iface->name, iface->index, daemon->addrbuff);
++	        }
+ 	      
+ 	      /* In case it ever returns */
+ 	      l->iface->done = 0;
+@@ -978,6 +985,9 @@ void create_bound_listeners(int dienow)
+ 	new->next = daemon->listeners;
+ 	daemon->listeners = new;
+ 	iface->done = 1;
++	(void)prettyprint_addr(&iface->addr, daemon->addrbuff);
++	my_syslog(LOG_DEBUG, _("listening on %s(#%d): %s"),
++	          iface->name, iface->index, daemon->addrbuff);
+       }
+ 
+   /* Check for --listen-address options that haven't been used because there's
+@@ -997,6 +1007,8 @@ void create_bound_listeners(int dienow)
+       {
+ 	new->next = daemon->listeners;
+ 	daemon->listeners = new;
++	(void)prettyprint_addr(&if_tmp->addr, daemon->addrbuff);
++	my_syslog(LOG_DEBUG, _("listening on %s"), daemon->addrbuff);
+       }
+ }
+ 
+-- 
+2.20.1
+

SOURCES/dnsmasq-2.76-rh1728698-3.patch

@@ -0,0 +1,74 @@
+From 527029312cbe37c0285240943ad02352d64d403d Mon Sep 17 00:00:00 2001
+From: Petr Mensik <pemensik@redhat.com>
+Date: Tue, 9 Jul 2019 14:05:59 +0200
+Subject: [PATCH 3/5] Cleanup interfaces no longer available
+
+Clean addresses and interfaces not found after enumerate. Free unused
+records to speed up checking active interfaces and reduce used memory.
+---
+ src/network.c | 32 ++++++++++++++++++++++++++++++--
+ 1 file changed, 30 insertions(+), 2 deletions(-)
+
+diff --git a/src/network.c b/src/network.c
+index f247811..d6d4b01 100644
+--- a/src/network.c
++++ b/src/network.c
+@@ -553,7 +553,30 @@ static int iface_allowed_v4(struct in_addr local, int if_index, char *label,
+ 
+   return iface_allowed((struct iface_param *)vparam, if_index, label, &addr, netmask, prefix, 0);
+ }
+-   
++
++/*
++ * Clean old interfaces no longer found.
++ */
++static void clean_interfaces()
++{
++  struct irec *iface;
++  struct irec **up = &daemon->interfaces;
++
++  for (iface = *up; iface; iface = *up)
++  {
++    if (!iface->found && !iface->done)
++      {
++        *up = iface->next;
++        free(iface->name);
++        free(iface);
++      }
++    else
++      {
++        up = &iface->next;
++      }
++  }
++}
++
+ int enumerate_interfaces(int reset)
+ {
+   static struct addrlist *spare = NULL;
+@@ -653,6 +676,7 @@ int enumerate_interfaces(int reset)
+ 	 in OPT_CLEVERBIND mode, that at listener will just disappear after
+ 	 a call to enumerate_interfaces, this is checked OK on all calls. */
+       struct listener *l, *tmp, **up;
++      int freed = 0;
+       
+       for (up = &daemon->listeners, l = daemon->listeners; l; l = tmp)
+ 	{
+@@ -682,10 +706,14 @@ int enumerate_interfaces(int reset)
+ 		close(l->tftpfd);
+ 	      
+ 	      free(l);
++	      freed = 1;
+ 	    }
+ 	}
++
++      if (freed)
++	clean_interfaces();
+     }
+-  
++
+   errno = errsave;
+   spare = param.spare;
+     
+-- 
+2.20.1
+

SOURCES/dnsmasq-2.76-rh1752569.patch

@@ -0,0 +1,75 @@
+From 3d27384fc5f2a437b7bce128c8ba62e8d6e12df7 Mon Sep 17 00:00:00 2001
+From: Brian Haley <haleyb.dev@gmail.com>
+Date: Wed, 28 Aug 2019 16:13:23 -0400
+Subject: [PATCH] Change dhcp_release to use default address when no IP subnet
+ matches
+
+Currently, dhcp_release will only send a 'fake' release
+when the address given is in the same subnet as an IP
+on the interface that was given.
+
+This doesn't work in an environment where dnsmasq is
+managing leases for remote subnets via a DHCP relay, as
+running dhcp_release locally will just cause it to
+silently exit without doing anything, leaving the lease
+in the database.
+
+Change it to use the default IP on the interface, as the
+dnsmasq source code at src/dhcp.c does, if no matching subnet
+IP is found, as a fall-back.  This fixes an issue we are
+seeing in certain Openstack deployments where we are using
+dnsmasq to provision baremetal systems in a datacenter.
+
+While using Dbus might have seemed like an obvious solution,
+because of our extensive use of network namespaces (which
+Dbus doesn't support), this seemed like a better solution
+than creating system.d policy files for each dnsmasq we
+might spawn and using --enable-dbus=$id in order to isolate
+messages to specific dnsmasq instances.
+
+Signed-off-by: Brian Haley <haleyb.dev@gmail.com>
+(cherry picked from commit d9f882bea2806799bf3d1f73937f5e72d0bfc650)
+---
+ contrib/lease-tools/dhcp_release.c | 12 +++++++++---
+ 1 file changed, 9 insertions(+), 3 deletions(-)
+
+diff --git a/contrib/lease-tools/dhcp_release.c b/contrib/lease-tools/dhcp_release.c
+index a51f04b..1dd8d32 100644
+--- a/contrib/lease-tools/dhcp_release.c
++++ b/contrib/lease-tools/dhcp_release.c
+@@ -178,7 +178,7 @@ static int is_same_net(struct in_addr a, struct in_addr b, struct in_addr mask)
+   return (a.s_addr & mask.s_addr) == (b.s_addr & mask.s_addr);
+ }
+ 
+-static struct in_addr find_interface(struct in_addr client, int fd, unsigned int index)
++static struct in_addr find_interface(struct in_addr client, int fd, unsigned int index, int ifrfd, struct ifreq *ifr)
+ {
+   struct sockaddr_nl addr;
+   struct nlmsghdr *h;
+@@ -218,7 +218,13 @@ static struct in_addr find_interface(struct in_addr client, int fd, unsigned int
+ 
+       for (h = (struct nlmsghdr *)iov.iov_base; NLMSG_OK(h, (size_t)len); h = NLMSG_NEXT(h, len))
+ 	if (h->nlmsg_type == NLMSG_DONE)
+-	  exit(0);
++          {
++	    /* No match found, return first address as src/dhcp.c code does */
++	    ifr->ifr_addr.sa_family = AF_INET;
++	    if (ioctl(ifrfd, SIOCGIFADDR, ifr) != -1)
++	      return ((struct sockaddr_in *)&ifr->ifr_addr)->sin_addr;
++	    exit(0);
++          }
+ 	else if (h->nlmsg_type == RTM_NEWADDR)
+           {
+             struct ifaddrmsg *ifa = NLMSG_DATA(h);  
+@@ -284,7 +290,7 @@ int main(int argc, char **argv)
+     }
+   
+   lease.s_addr = inet_addr(argv[2]);
+-  server = find_interface(lease, nl, if_nametoindex(argv[1]));
++  server = find_interface(lease, nl, if_nametoindex(argv[1]), fd, &ifr);
+   
+   memset(&packet, 0, sizeof(packet));
+  
+-- 
+2.20.1
+

SOURCES/dnsmasq-2.79-rh1602477-2.patch

@@ -0,0 +1,49 @@
+From dcb4fa04548ab2364f662b735be86e275bd50745 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
+Date: Fri, 19 Jul 2019 14:00:08 +0200
+Subject: [PATCH] Remove warnings in coverity
+
+Change in dnsmasq should never occur, because ent_pw would not change.
+But keep Coverity happy and prevent logic error. Second change avoids
+warning from compiler.
+---
+ src/dnsmasq.c | 9 ++++++++-
+ src/option.c  | 2 +-
+ 2 files changed, 9 insertions(+), 2 deletions(-)
+
+diff --git a/src/dnsmasq.c b/src/dnsmasq.c
+index ce44809..2984f55 100644
+--- a/src/dnsmasq.c
++++ b/src/dnsmasq.c
+@@ -608,7 +608,14 @@ int main (int argc, char **argv)
+   
+       if (ent_pw && ent_pw->pw_uid != 0)
+ 	{     
+-#if defined(HAVE_LINUX_NETWORK)	  
++#if defined(HAVE_LINUX_NETWORK)
++	  if (!hdr || !data)
++	    {
++	      /* Just failsafe for logic errors */
++	      send_event(err_pipe[1], EVENT_CAP_ERR, ENOMEM, NULL);
++	      _exit(0);
++	    }
++
+ 	  /* On linux, we keep CAP_NETADMIN (for ARP-injection) and
+ 	     CAP_NET_RAW (for icmp) if we're doing dhcp. If we have yet to bind 
+ 	     ports because of DAD, or we're doing it dynamically,
+diff --git a/src/option.c b/src/option.c
+index 9768efb..b12183b 100644
+--- a/src/option.c
++++ b/src/option.c
+@@ -4255,7 +4255,7 @@ err:
+ 		struct name_list *nl;
+ 		if (!canon)
+                   {
+-		    struct name_list *tmp = new->names, *next;
++		    struct name_list *tmp, *next;
+ 		    for (tmp = new->names; tmp; tmp = next)
+ 		      {
+ 			next = tmp->next;
+-- 
+2.20.1
+

SOURCES/dnsmasq-2.79-rh1700916.patch

@@ -0,0 +1,95 @@
+From 10642f9fb350e118d88e995b8dfa2badc7be1c30 Mon Sep 17 00:00:00 2001
+From: Petr Mensik <pemensik@redhat.com>
+Date: Wed, 11 Dec 2019 13:41:57 +0100
+Subject: [PATCH] Restore ability to answer non-recursive requests
+
+Instead, check only local configured entries are answered without
+rdbit set. All cached replies are still denied, but locally configured
+names are available with both recursion and without it.
+---
+ src/rfc1035.c | 27 ++++++++++++++-------------
+ 1 file changed, 14 insertions(+), 13 deletions(-)
+
+diff --git a/src/rfc1035.c b/src/rfc1035.c
+index 6b3bb27..6a7c154 100644
+--- a/src/rfc1035.c
++++ b/src/rfc1035.c
+@@ -1262,7 +1262,11 @@ static unsigned long crec_ttl(struct crec *crecp, time_t now)
+   else
+     return daemon->max_ttl;
+ }
+-  
++
++static int cache_validated(const struct crec *crecp)
++{
++  return (option_bool(OPT_DNSSEC_VALID) && !(crecp->flags & F_DNSSECOK));
++}
+ 
+ /* return zero if we can't answer from cache, or packet size if we can */
+ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,  
+@@ -1281,6 +1285,7 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
+   int nxdomain = 0, auth = 1, trunc = 0, sec_data = 1;
+   struct mx_srv_record *rec;
+   size_t len;
++  int rd_bit;
+   // Make sure we do not underflow here too.
+   if (qlen > (limit - ((char *)header))) return 0;
+ 
+@@ -1290,10 +1295,8 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
+       OPCODE(header) != QUERY )
+     return 0;
+ 
+-  /* always servfail queries with RD unset, to avoid cache snooping. */
+-  if (!(header->hb3 & HB3_RD))
+-    return setup_reply(header, qlen, NULL, F_SERVFAIL, 0);
+-  
++  rd_bit = (header->hb3 & HB3_RD);
++
+   /* Don't return AD set if checking disabled. */
+   if (header->hb4 & HB4_CD)
+     sec_data = 0;
+@@ -1458,9 +1461,8 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
+ 		  /* Don't use cache when DNSSEC data required, unless we know that
+ 		     the zone is unsigned, which implies that we're doing
+ 		     validation. */
+-		  if ((crecp->flags & (F_HOSTS | F_DHCP | F_CONFIG)) || 
+-		      !do_bit || 
+-		      (option_bool(OPT_DNSSEC_VALID) && !(crecp->flags & F_DNSSECOK)))
++		  if ((crecp->flags & (F_HOSTS | F_DHCP | F_CONFIG)) ||
++		      (rd_bit && (!do_bit || cache_validated(crecp)) ))
+ 		    {
+ 		      do 
+ 			{ 
+@@ -1657,8 +1659,7 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
+ 
+ 		  /* If the client asked for DNSSEC  don't use cached data. */
+ 		  if ((crecp->flags & (F_HOSTS | F_DHCP | F_CONFIG)) ||
+-		      !do_bit ||
+-		      (option_bool(OPT_DNSSEC_VALID) && !(crecp->flags & F_DNSSECOK)))
++		      (rd_bit && (!do_bit || cache_validated(crecp)) ))
+ 		    do
+ 		      { 
+ 			/* don't answer wildcard queries with data not from /etc/hosts
+@@ -1741,8 +1742,8 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
+ 	  if (qtype == T_CNAME || qtype == T_ANY)
+ 	    {
+ 	      if ((crecp = cache_find_by_name(NULL, name, now, F_CNAME | (dryrun ? F_NO_RR : 0))) &&
+-		  (qtype == T_CNAME || (crecp->flags & F_CONFIG)) &&
+-		  ((crecp->flags & F_CONFIG) || !do_bit || (option_bool(OPT_DNSSEC_VALID) && !(crecp->flags & F_DNSSECOK))))
++		  ((qtype == T_CNAME && rd_bit) || (crecp->flags & F_CONFIG)) &&
++		  ((crecp->flags & F_CONFIG) || (!do_bit || cache_validated(crecp))))
+ 		{
+ 		  if (!(crecp->flags & F_DNSSECOK))
+ 		    sec_data = 0;
+@@ -1780,7 +1781,7 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
+ 		    }
+ 		  }
+ 	      
+-	      if (!found && (option_bool(OPT_SELFMX) || option_bool(OPT_LOCALMX)) && 
++	      if (!found && (option_bool(OPT_SELFMX) || option_bool(OPT_LOCALMX)) &&
+ 		  cache_find_by_name(NULL, name, now, F_HOSTS | F_DHCP | F_NO_RR))
+ 		{ 
+ 		  ans = 1;
+-- 
+2.21.0
+

SOURCES/dnsmasq-2.79-rh1728698-2.patch

@@ -0,0 +1,48 @@
+From 7e3250d52921b5f75bdbe0b794514bb78a209969 Mon Sep 17 00:00:00 2001
+From: Petr Mensik <pemensik@redhat.com>
+Date: Wed, 3 Jul 2019 17:02:16 +0200
+Subject: [PATCH 2/5] Compare address and interface index for allowed interface
+
+If interface is recreated with the same address but different index, it
+would not change any other parameter.
+
+Test also address family on incoming TCP queries.
+---
+ src/dnsmasq.c | 3 ++-
+ src/network.c | 3 ++-
+ 2 files changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/src/dnsmasq.c b/src/dnsmasq.c
+index f3d2671..7812be8 100644
+--- a/src/dnsmasq.c
++++ b/src/dnsmasq.c
+@@ -1667,7 +1667,8 @@ static void check_dns_listeners(time_t now)
+ #endif
+ 		  
+ 		  for (iface = daemon->interfaces; iface; iface = iface->next)
+-		    if (iface->index == if_index)
++		    if (iface->index == if_index &&
++		        iface->addr.sa.sa_family == tcp_addr.sa.sa_family)
+ 		      break;
+ 		  
+ 		  if (!iface && !loopback_exception(listener->tcpfd, tcp_addr.sa.sa_family, &addr, intr_name))
+diff --git a/src/network.c b/src/network.c
+index fd90288..f247811 100644
+--- a/src/network.c
++++ b/src/network.c
+@@ -404,10 +404,11 @@ static int iface_allowed(struct iface_param *param, int if_index, char *label,
+   /* check whether the interface IP has been added already 
+      we call this routine multiple times. */
+   for (iface = daemon->interfaces; iface; iface = iface->next) 
+-    if (sockaddr_isequal(&iface->addr, addr))
++    if (sockaddr_isequal(&iface->addr, addr) && iface->index == if_index)
+       {
+ 	iface->dad = !!(iface_flags & IFACE_TENTATIVE);
+ 	iface->found = 1; /* for garbage collection */
++	iface->netmask = netmask;
+ 	return 1;
+       }
+ 
+-- 
+2.20.1
+

SOURCES/dnsmasq-2.79-rh1728698-4.patch

@@ -0,0 +1,188 @@
+From 11ab42e63f9089c4c14a391f30175d4c2d071e99 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
+Date: Mon, 15 Jul 2019 17:13:12 +0200
+Subject: [PATCH 4/5] Handle listening on duplicate addresses
+
+Save listening address into listener. Use it to find existing listeners
+before creating new one. If it exist, increase just used counter.
+Release only listeners not already used.
+
+Duplicates family in listener.
+---
+ src/dnsmasq.h |   3 +-
+ src/network.c | 115 ++++++++++++++++++++++++++++++++++++--------------
+ 2 files changed, 85 insertions(+), 33 deletions(-)
+
+diff --git a/src/dnsmasq.h b/src/dnsmasq.h
+index 89d138a..3b3f6ef 100644
+--- a/src/dnsmasq.h
++++ b/src/dnsmasq.h
+@@ -552,7 +552,8 @@ struct irec {
+ };
+ 
+ struct listener {
+-  int fd, tcpfd, tftpfd, family;
++  int fd, tcpfd, tftpfd, family, used;
++  union mysockaddr addr;
+   struct irec *iface; /* only sometimes valid for non-wildcard */
+   struct listener *next;
+ };
+diff --git a/src/network.c b/src/network.c
+index d6d4b01..4bbd810 100644
+--- a/src/network.c
++++ b/src/network.c
+@@ -577,6 +577,56 @@ static void clean_interfaces()
+   }
+ }
+ 
++/** Release listener if no other interface needs it.
++ *
++ * @return 1 if released, 0 if still required
++ */
++static int release_listener(struct listener *l)
++{
++  if (l->used > 1)
++    {
++      struct irec *iface;
++      for (iface = daemon->interfaces; iface; iface = iface->next)
++	if (iface->done && sockaddr_isequal(&l->addr, &iface->addr))
++	  {
++	    if (iface->found)
++	      {
++		/* update listener to point to active interface instead */
++		if (!l->iface->found)
++		  l->iface = iface;
++	      }
++	    else
++	      {
++		l->used--;
++		iface->done = 0;
++	      }
++	  }
++
++      /* Someone is still using this listener, skip its deletion */
++      if (l->used > 0)
++	return 0;
++    }
++
++  if (l->iface->done)
++    {
++      (void)prettyprint_addr(&l->iface->addr, daemon->addrbuff);
++      my_syslog(LOG_DEBUG, _("stopped listening on %s(#%d): %s"),
++		l->iface->name, l->iface->index, daemon->addrbuff);
++      /* In case it ever returns */
++      l->iface->done = 0;
++    }
++
++  if (l->fd != -1)
++    close(l->fd);
++  if (l->tcpfd != -1)
++    close(l->tcpfd);
++  if (l->tftpfd != -1)
++    close(l->tftpfd);
++
++  free(l);
++  return 1;
++}
++
+ int enumerate_interfaces(int reset)
+ {
+   static struct addrlist *spare = NULL;
+@@ -684,29 +734,10 @@ int enumerate_interfaces(int reset)
+ 	  
+ 	  if (!l->iface || l->iface->found)
+ 	    up = &l->next;
+-	  else
++	  else if (release_listener(l))
+ 	    {
+-	      *up = l->next;
+-	      if (l->iface->done)
+-	        {
+-	          iface = l->iface;
+-	          (void)prettyprint_addr(&iface->addr, daemon->addrbuff);
+-	          my_syslog(LOG_DEBUG, _("stopped listening on %s(#%d): %s"),
+-	                    iface->name, iface->index, daemon->addrbuff);
+-	        }
+-	      
+-	      /* In case it ever returns */
+-	      l->iface->done = 0;
+-	      
+-	      if (l->fd != -1)
+-		close(l->fd);
+-	      if (l->tcpfd != -1)
+-		close(l->tcpfd);
+-	      if (l->tftpfd != -1)
+-		close(l->tftpfd);
+-	      
+-	      free(l);
+-	      freed = 1;
++	      *up = tmp;
++		freed = 1;
+ 	    }
+ 	}
+ 
+@@ -959,7 +990,9 @@ static struct listener *create_listeners(union mysockaddr *addr, int do_tftp, in
+       l->family = addr->sa.sa_family;
+       l->fd = fd;
+       l->tcpfd = tcpfd;
+-      l->tftpfd = tftpfd;	
++      l->tftpfd = tftpfd;
++      l->addr = *addr;
++      l->used = 1;
+       l->iface = NULL;
+     }
+ 
+@@ -1000,23 +1033,41 @@ void create_wildcard_listeners(void)
+   daemon->listeners = l;
+ }
+ 
++static struct listener *find_listener(union mysockaddr *addr)
++{
++  struct listener *l;
++  for (l = daemon->listeners; l; l = l->next)
++    if (sockaddr_isequal(&l->addr, addr))
++      return l;
++  return NULL;
++}
++
+ void create_bound_listeners(int dienow)
+ {
+   struct listener *new;
+   struct irec *iface;
+   struct iname *if_tmp;
++  struct listener *existing;
+ 
+   for (iface = daemon->interfaces; iface; iface = iface->next)
+-    if (!iface->done && !iface->dad && iface->found &&
+-	(new = create_listeners(&iface->addr, iface->tftp_ok, dienow)))
++    if (!iface->done && !iface->dad && iface->found)
+       {
+-	new->iface = iface;
+-	new->next = daemon->listeners;
+-	daemon->listeners = new;
+-	iface->done = 1;
+-	(void)prettyprint_addr(&iface->addr, daemon->addrbuff);
+-	my_syslog(LOG_DEBUG, _("listening on %s(#%d): %s"),
+-	          iface->name, iface->index, daemon->addrbuff);
++	existing = find_listener(&iface->addr);
++	if (existing)
++	  {
++	    iface->done = 1;
++	    existing->used++; /* increase usage counter */
++	  }
++	else if ((new = create_listeners(&iface->addr, iface->tftp_ok, dienow)))
++	  {
++	    new->iface = iface;
++	    new->next = daemon->listeners;
++	    daemon->listeners = new;
++	    iface->done = 1;
++	    (void)prettyprint_addr(&iface->addr, daemon->addrbuff);
++	    my_syslog(LOG_DEBUG, _("listening on %s(#%d): %s"),
++		      iface->name, iface->index, daemon->addrbuff);
++	  }
+       }
+ 
+   /* Check for --listen-address options that haven't been used because there's
+-- 
+2.20.1
+

SOURCES/dnsmasq-2.79-rh1746411.patch

@@ -0,0 +1,22 @@
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Wed, 14 Aug 2019 20:52:50 +0000 (+0100)
+Subject: Fix breakage of dhcp_lease_time utility.
+X-Git-Url: http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commitdiff_plain;h=225accd235a09413ca253e710d7d691a3475c523
+
+Fix breakage of dhcp_lease_time utility.
+---
+
+diff --git a/contrib/lease-tools/dhcp_lease_time.c b/contrib/lease-tools/dhcp_lease_time.c
+index 697d627..91edbfa 100644
+--- a/contrib/lease-tools/dhcp_lease_time.c
++++ b/contrib/lease-tools/dhcp_lease_time.c
+@@ -83,7 +83,7 @@ static unsigned char *option_find1(unsigned char *p, unsigned char *end, int opt
+           if (p >= end - 2)
+             return NULL; /* malformed packet */
+           opt_len = option_len(p);
+-          if (end - p >= (2 + opt_len))
++          if (end - p < (2 + opt_len))
+             return NULL; /* malformed packet */
+           if (*p == opt && opt_len >= minsize)
+             return p;
+

SOURCES/dnsmasq-2.79-rh1749092-fail.patch

@@ -0,0 +1,34 @@
+From 8fda4b4620ca2b23152ca805d14c7cde1083fe31 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
+Date: Tue, 1 Oct 2019 16:08:28 +0200
+Subject: [PATCH] Report error on dhcp_release
+
+If no IPv4 address is present on given interface, the tool would not
+send any request. It would not report any error at the same time. Report
+error if request send failed.
+
+Signed-off-by: Petr Mensik <pemensik@redhat.com>
+---
+ contrib/lease-tools/dhcp_release.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/contrib/lease-tools/dhcp_release.c b/contrib/lease-tools/dhcp_release.c
+index c866cd9..30e77c6 100644
+--- a/contrib/lease-tools/dhcp_release.c
++++ b/contrib/lease-tools/dhcp_release.c
+@@ -223,7 +223,11 @@ static struct in_addr find_interface(struct in_addr client, int fd, unsigned int
+ 	    ifr->ifr_addr.sa_family = AF_INET;
+ 	    if (ioctl(ifrfd, SIOCGIFADDR, ifr) != -1)
+ 	      return ((struct sockaddr_in *)&ifr->ifr_addr)->sin_addr;
+-	    exit(0);
++	    else
++	      {
++		fprintf(stderr, "error: local IPv4 address not found\n");
++		exit(1);
++	      }
+           }
+ 	else if (h->nlmsg_type == RTM_NEWADDR)
+           {
+-- 
+2.20.1
+

SPECS/dnsmasq.spec

@@ -13,7 +13,7 @@
 
 Name:           dnsmasq
 Version:        2.79
-Release:        4%{?extraversion:.%{extraversion}}%{?dist}
+Release:        9%{?extraversion:.%{extraversion}}%{?dist}
 Summary:        A lightweight DHCP/caching DNS server
 
 License:        GPLv2 or GPLv3
@@ -26,6 +26,19 @@ Source2:        dnsmasq-systemd-sysusers.conf
 Patch1:         dnsmasq-2.77-underflow.patch
 Patch3:         dnsmasq-2.78-fips.patch
 Patch4:         dnsmasq-2.80-dnssec.patch
+Patch5:         dnsmasq-2.79-rh1602477.patch
+# Few changes not yet in upstream
+Patch6:         dnsmasq-2.79-rh1602477-2.patch
+# commit 60ac10d8d86e6f95ab0f06abe6c42596adcedcb8
+Patch7:         dnsmasq-2.76-rh1752569.patch
+# Report failure when no release would be sent
+Patch8:         dnsmasq-2.79-rh1749092-fail.patch
+Patch9:         dnsmasq-2.76-rh1728698-1.patch
+Patch10:        dnsmasq-2.79-rh1728698-2.patch
+Patch11:        dnsmasq-2.76-rh1728698-3.patch
+Patch12:        dnsmasq-2.79-rh1728698-4.patch
+Patch13:        dnsmasq-2.79-rh1746411.patch
+Patch14:        dnsmasq-2.79-rh1700916.patch
 
 # This is workaround to nettle bug #1549190
 # https://bugzilla.redhat.com/show_bug.cgi?id=1549190
@@ -63,6 +76,16 @@ server's leases.
 %patch1 -p1 -b .underflow
 %patch3 -p1 -b .fips
 %patch4 -p1 -b .dnssec
+%patch5 -p1 -b .rh1602477
+%patch6 -p1 -b .rh1602477-2
+%patch7 -p1 -b .rh1752569
+%patch8 -p1 -b .rh1752569
+%patch9 -p1 -b .rh1728698-1
+%patch10 -p1 -b .rh1728698-2
+%patch11 -p1 -b .rh1728698-3
+%patch12 -p1 -b .rh1728698-4
+%patch13 -p1 -b .rh1746411
+%patch14 -p1 -b .rh1700916
 
 # use /var/lib/dnsmasq instead of /var/lib/misc
 for file in dnsmasq.conf.example man/dnsmasq.8 man/es/dnsmasq.8 src/config.h; do
@@ -163,6 +186,21 @@ install -Dpm 644 %{SOURCE2} %{buildroot}%{_sysusersdir}/dnsmasq.conf
 %{_mandir}/man1/dhcp_*
 
 %changelog
+* Tue Dec 10 2019 Tomas Korbar <tkorbar@redhat.com> - 2.79-9
+- Fix replies to non-recursive queries (#1700916)
+
+* Mon Dec 09 2019 Tomas Korbar <tkorbar@redhat.com> - 2.79-8
+- Fix dhcp_lease_time (#1746411)
+
+* Mon Dec 09 2019 Tomas Korbar <tkorbar@redhat.com> - 2.79-7
+- Fix TCP queries after interface recreation (#1728698)
+
+* Mon Sep 30 2019 Petr Menšík <pemensik@redhat.com> - 2.79-6
+- Send dhcp_release even for addresses not on local network (#1749092)
+
+* Thu Jul 18 2019 Petr Menšík <pemensik@redhat.com> - 2.79-5
+- Fix Coverity detected issues (#1602477)
+
 * Thu Jul 26 2018 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 2.79-4
 - Fix %%pre scriptlet (#1548050)