From e8e451a80cce2b9ae463043dfe5891076970c40d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
Date: Thu, 16 Apr 2020 21:13:46 +0200
Subject: [PATCH] Update to 2.81 (#1823139)

---
 .gitignore                                    |  2 +
 ...ity-to-answer-non-recursive-requests.patch | 91 -------------------
 dnsmasq.spec                                  | 11 ++-
 sources                                       |  4 +-
 4 files changed, 10 insertions(+), 98 deletions(-)
 delete mode 100644 dnsmasq-2.81-restore-ability-to-answer-non-recursive-requests.patch

diff --git a/.gitignore b/.gitignore
index bfce94a..dfca15a 100644
--- a/.gitignore
+++ b/.gitignore
@@ -30,3 +30,5 @@ dnsmasq-2.52.tar.lzma
 /dnsmasq-2.80.tar.xz
 /dnsmasq-2.81rc3.tar.xz
 /dnsmasq-2.81rc3.tar.xz.asc
+/dnsmasq-2.81.tar.xz
+/dnsmasq-2.81.tar.xz.asc
diff --git a/dnsmasq-2.81-restore-ability-to-answer-non-recursive-requests.patch b/dnsmasq-2.81-restore-ability-to-answer-non-recursive-requests.patch
deleted file mode 100644
index cc6d9a8..0000000
--- a/dnsmasq-2.81-restore-ability-to-answer-non-recursive-requests.patch
+++ /dev/null
@@ -1,91 +0,0 @@
-From bb7adef44c20e4271b0b8a6e55dac4e986c02fef Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
-Date: Fri, 12 Apr 2019 15:29:00 +0200
-Subject: [PATCH] Restore ability to answer non-recursive requests
-
-Instead, check only local configured entries are answered without
-rdbit set. All cached replies are still denied, but locally configured
-names are available with both recursion and without it.
-
-Fixes commit 4139298d287eb5c57f4aa53c459cb02fc5be2495 unintended
-behaviour.
-
-(cherry-picked from 29ae3083981ea82f535f77ea54bbd538f1224a9e)
----
- src/rfc1035.c | 23 ++++++++++++++---------
- 1 file changed, 14 insertions(+), 9 deletions(-)
-
-diff --git a/src/rfc1035.c b/src/rfc1035.c
-index a943ecb..74befef 100644
---- a/src/rfc1035.c
-+++ b/src/rfc1035.c
-@@ -1273,7 +1273,11 @@ static unsigned long crec_ttl(struct crec *crecp, time_t now)
-   else
-     return daemon->max_ttl;
- }
--  
-+
-+static int cache_validated(const struct crec *crecp)
-+{
-+  return (option_bool(OPT_DNSSEC_VALID) && !(crecp->flags & F_DNSSECOK));
-+}
- 
- /* return zero if we can't answer from cache, or packet size if we can */
- size_t answer_request(struct dns_header *header, char *limit, size_t qlen,  
-@@ -1292,17 +1296,20 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
-   int nxdomain = 0, auth = 1, trunc = 0, sec_data = 1;
-   struct mx_srv_record *rec;
-   size_t len;
-+  int rd_bit;
-+
-   // Make sure we do not underflow here too.
-   if (qlen > (limit - ((char *)header))) return 0;
- 
-   /* never answer queries with RD unset, to avoid cache snooping. */
--  if (!(header->hb3 & HB3_RD) ||
--      ntohs(header->ancount) != 0 ||
-+  if (ntohs(header->ancount) != 0 ||
-       ntohs(header->nscount) != 0 ||
-       ntohs(header->qdcount) == 0 || 
-       OPCODE(header) != QUERY )
-     return 0;
- 
-+  rd_bit = (header->hb3 & HB3_RD);
-+
-   /* Don't return AD set if checking disabled. */
-   if (header->hb4 & HB4_CD)
-     sec_data = 0;
-@@ -1467,9 +1474,8 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
- 		  /* Don't use cache when DNSSEC data required, unless we know that
- 		     the zone is unsigned, which implies that we're doing
- 		     validation. */
--		  if ((crecp->flags & (F_HOSTS | F_DHCP | F_CONFIG)) || 
--		      !do_bit || 
--		      (option_bool(OPT_DNSSEC_VALID) && !(crecp->flags & F_DNSSECOK)))
-+		  if ((crecp->flags & (F_HOSTS | F_DHCP | F_CONFIG)) ||
-+		      (rd_bit && (!do_bit || cache_validated(crecp)) ))
- 		    {
- 		      do 
- 			{ 
-@@ -1666,8 +1672,7 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
- 
- 		  /* If the client asked for DNSSEC  don't use cached data. */
- 		  if ((crecp->flags & (F_HOSTS | F_DHCP | F_CONFIG)) ||
--		      !do_bit ||
--		      (option_bool(OPT_DNSSEC_VALID) && !(crecp->flags & F_DNSSECOK)))
-+		      (rd_bit && (!do_bit || cache_validated(crecp)) ))
- 		    do
- 		      { 
- 			/* don't answer wildcard queries with data not from /etc/hosts
-@@ -1751,7 +1756,7 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
- 	    {
- 	      if ((crecp = cache_find_by_name(NULL, name, now, F_CNAME | (dryrun ? F_NO_RR : 0))) &&
- 		  (qtype == T_CNAME || (crecp->flags & F_CONFIG)) &&
--		  ((crecp->flags & F_CONFIG) || !do_bit || (option_bool(OPT_DNSSEC_VALID) && !(crecp->flags & F_DNSSECOK))))
-+		  ((crecp->flags & F_CONFIG) || (rd_bit && (!do_bit || (option_bool(OPT_DNSSEC_VALID) && !(crecp->flags & F_DNSSECOK))))))
- 		{
- 		  if (!(crecp->flags & F_DNSSECOK))
- 		    sec_data = 0;
--- 
-2.21.1
-
diff --git a/dnsmasq.spec b/dnsmasq.spec
index b0402f9..c4ebab3 100644
--- a/dnsmasq.spec
+++ b/dnsmasq.spec
@@ -1,5 +1,5 @@
 %define testrelease 0
-%define releasecandidate 3
+%define releasecandidate 0
 %if 0%{testrelease}
   %define extrapath test-releases/
   %define extraversion test%{testrelease}
@@ -13,7 +13,7 @@
 
 Name:           dnsmasq
 Version:        2.81
-Release:        1%{?extraversion:.%{extraversion}}%{?dist}
+Release:        2%{?extraversion:.%{extraversion}}%{?dist}
 Summary:        A lightweight DHCP/caching DNS server
 
 License:        GPLv2 or GPLv3
@@ -35,9 +35,6 @@ Patch3:         dnsmasq-2.78-fips.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=1728701
 Patch7:         dnsmasq-2.80-rh1728701.patch
 Patch9:         dnsmasq-2.80-SIOCGSTAMP.patch
-# https://bugzilla.redhat.com/show_bug.cgi?id=1647464
-# http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=29ae3083981ea82f535f77ea54bbd538f1224a9e
-Patch15:        dnsmasq-2.81-restore-ability-to-answer-non-recursive-requests.patch
 
 # This is workaround to nettle bug #1549190
 # https://bugzilla.redhat.com/show_bug.cgi?id=1549190
@@ -174,8 +171,12 @@ install -Dpm 644 %{SOURCE2} %{buildroot}%{_sysusersdir}/%{name}.conf
 %{_mandir}/man1/dhcp_*
 
 %changelog
+* Thu Apr 16 2020 Petr Menšík <pemensik@redhat.com> - 2.81-2
+- Update to 2.81 (#1823139)
+
 * Mon Mar 23 2020 Petr Menšík <pemensik@redhat.com> - 2.81-1.rc3
 - Update to 2.81rc3
+
 * Mon Mar 23 2020 Petr Menšík <pemensik@redhat.com> - 2.80-14
 - Fix last build breakage of DNS (#1814468)
 
diff --git a/sources b/sources
index 8bcd8d2..974e9b0 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
-SHA512 (dnsmasq-2.81rc3.tar.xz) = 2bac2e01550c58f86c5f4be772eaeea59cc0c88531d425797efeedf146991d8d9ed0fe53977e6e6263b63f7441aafd90ccc3e64057e9a0959d7af15850bb05f1
-SHA512 (dnsmasq-2.81rc3.tar.xz.asc) = 9835b94f919d8750b667dc92584b5634e5dbd5e672f3337946d4ed5541a26358cbabf04dff4ae6f5ba380d4170889252587dbc704b9b40f56c86440e8b157264
+SHA512 (dnsmasq-2.81.tar.xz) = 85550c9782fef9b0710d0e233523ed1fe26e877a8bc53fcea3f7cf1fb17c3a79c46f284a99dab2bdaf6a107ea3f1a71cec476ab6d4e1b936da6591aaef42c88e
+SHA512 (dnsmasq-2.81.tar.xz.asc) = 8f102efb3f9ccf5509db60e81ef9fe2515cd4813dafdc7bb24a8f3246a3ededd62ca37171abbba3ef5b547313d344778d922ab8fd91bacd6351f4ab73ced74ef