Update to 2.81 (#1823139)
This commit is contained in:
parent
8cb7aff90a
commit
e8e451a80c
2
.gitignore
vendored
2
.gitignore
vendored
@ -30,3 +30,5 @@ dnsmasq-2.52.tar.lzma
|
|||||||
/dnsmasq-2.80.tar.xz
|
/dnsmasq-2.80.tar.xz
|
||||||
/dnsmasq-2.81rc3.tar.xz
|
/dnsmasq-2.81rc3.tar.xz
|
||||||
/dnsmasq-2.81rc3.tar.xz.asc
|
/dnsmasq-2.81rc3.tar.xz.asc
|
||||||
|
/dnsmasq-2.81.tar.xz
|
||||||
|
/dnsmasq-2.81.tar.xz.asc
|
||||||
|
@ -1,91 +0,0 @@
|
|||||||
From bb7adef44c20e4271b0b8a6e55dac4e986c02fef Mon Sep 17 00:00:00 2001
|
|
||||||
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
|
|
||||||
Date: Fri, 12 Apr 2019 15:29:00 +0200
|
|
||||||
Subject: [PATCH] Restore ability to answer non-recursive requests
|
|
||||||
|
|
||||||
Instead, check only local configured entries are answered without
|
|
||||||
rdbit set. All cached replies are still denied, but locally configured
|
|
||||||
names are available with both recursion and without it.
|
|
||||||
|
|
||||||
Fixes commit 4139298d287eb5c57f4aa53c459cb02fc5be2495 unintended
|
|
||||||
behaviour.
|
|
||||||
|
|
||||||
(cherry-picked from 29ae3083981ea82f535f77ea54bbd538f1224a9e)
|
|
||||||
---
|
|
||||||
src/rfc1035.c | 23 ++++++++++++++---------
|
|
||||||
1 file changed, 14 insertions(+), 9 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/src/rfc1035.c b/src/rfc1035.c
|
|
||||||
index a943ecb..74befef 100644
|
|
||||||
--- a/src/rfc1035.c
|
|
||||||
+++ b/src/rfc1035.c
|
|
||||||
@@ -1273,7 +1273,11 @@ static unsigned long crec_ttl(struct crec *crecp, time_t now)
|
|
||||||
else
|
|
||||||
return daemon->max_ttl;
|
|
||||||
}
|
|
||||||
-
|
|
||||||
+
|
|
||||||
+static int cache_validated(const struct crec *crecp)
|
|
||||||
+{
|
|
||||||
+ return (option_bool(OPT_DNSSEC_VALID) && !(crecp->flags & F_DNSSECOK));
|
|
||||||
+}
|
|
||||||
|
|
||||||
/* return zero if we can't answer from cache, or packet size if we can */
|
|
||||||
size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
|
|
||||||
@@ -1292,17 +1296,20 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
|
|
||||||
int nxdomain = 0, auth = 1, trunc = 0, sec_data = 1;
|
|
||||||
struct mx_srv_record *rec;
|
|
||||||
size_t len;
|
|
||||||
+ int rd_bit;
|
|
||||||
+
|
|
||||||
// Make sure we do not underflow here too.
|
|
||||||
if (qlen > (limit - ((char *)header))) return 0;
|
|
||||||
|
|
||||||
/* never answer queries with RD unset, to avoid cache snooping. */
|
|
||||||
- if (!(header->hb3 & HB3_RD) ||
|
|
||||||
- ntohs(header->ancount) != 0 ||
|
|
||||||
+ if (ntohs(header->ancount) != 0 ||
|
|
||||||
ntohs(header->nscount) != 0 ||
|
|
||||||
ntohs(header->qdcount) == 0 ||
|
|
||||||
OPCODE(header) != QUERY )
|
|
||||||
return 0;
|
|
||||||
|
|
||||||
+ rd_bit = (header->hb3 & HB3_RD);
|
|
||||||
+
|
|
||||||
/* Don't return AD set if checking disabled. */
|
|
||||||
if (header->hb4 & HB4_CD)
|
|
||||||
sec_data = 0;
|
|
||||||
@@ -1467,9 +1474,8 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
|
|
||||||
/* Don't use cache when DNSSEC data required, unless we know that
|
|
||||||
the zone is unsigned, which implies that we're doing
|
|
||||||
validation. */
|
|
||||||
- if ((crecp->flags & (F_HOSTS | F_DHCP | F_CONFIG)) ||
|
|
||||||
- !do_bit ||
|
|
||||||
- (option_bool(OPT_DNSSEC_VALID) && !(crecp->flags & F_DNSSECOK)))
|
|
||||||
+ if ((crecp->flags & (F_HOSTS | F_DHCP | F_CONFIG)) ||
|
|
||||||
+ (rd_bit && (!do_bit || cache_validated(crecp)) ))
|
|
||||||
{
|
|
||||||
do
|
|
||||||
{
|
|
||||||
@@ -1666,8 +1672,7 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
|
|
||||||
|
|
||||||
/* If the client asked for DNSSEC don't use cached data. */
|
|
||||||
if ((crecp->flags & (F_HOSTS | F_DHCP | F_CONFIG)) ||
|
|
||||||
- !do_bit ||
|
|
||||||
- (option_bool(OPT_DNSSEC_VALID) && !(crecp->flags & F_DNSSECOK)))
|
|
||||||
+ (rd_bit && (!do_bit || cache_validated(crecp)) ))
|
|
||||||
do
|
|
||||||
{
|
|
||||||
/* don't answer wildcard queries with data not from /etc/hosts
|
|
||||||
@@ -1751,7 +1756,7 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
|
|
||||||
{
|
|
||||||
if ((crecp = cache_find_by_name(NULL, name, now, F_CNAME | (dryrun ? F_NO_RR : 0))) &&
|
|
||||||
(qtype == T_CNAME || (crecp->flags & F_CONFIG)) &&
|
|
||||||
- ((crecp->flags & F_CONFIG) || !do_bit || (option_bool(OPT_DNSSEC_VALID) && !(crecp->flags & F_DNSSECOK))))
|
|
||||||
+ ((crecp->flags & F_CONFIG) || (rd_bit && (!do_bit || (option_bool(OPT_DNSSEC_VALID) && !(crecp->flags & F_DNSSECOK))))))
|
|
||||||
{
|
|
||||||
if (!(crecp->flags & F_DNSSECOK))
|
|
||||||
sec_data = 0;
|
|
||||||
--
|
|
||||||
2.21.1
|
|
||||||
|
|
11
dnsmasq.spec
11
dnsmasq.spec
@ -1,5 +1,5 @@
|
|||||||
%define testrelease 0
|
%define testrelease 0
|
||||||
%define releasecandidate 3
|
%define releasecandidate 0
|
||||||
%if 0%{testrelease}
|
%if 0%{testrelease}
|
||||||
%define extrapath test-releases/
|
%define extrapath test-releases/
|
||||||
%define extraversion test%{testrelease}
|
%define extraversion test%{testrelease}
|
||||||
@ -13,7 +13,7 @@
|
|||||||
|
|
||||||
Name: dnsmasq
|
Name: dnsmasq
|
||||||
Version: 2.81
|
Version: 2.81
|
||||||
Release: 1%{?extraversion:.%{extraversion}}%{?dist}
|
Release: 2%{?extraversion:.%{extraversion}}%{?dist}
|
||||||
Summary: A lightweight DHCP/caching DNS server
|
Summary: A lightweight DHCP/caching DNS server
|
||||||
|
|
||||||
License: GPLv2 or GPLv3
|
License: GPLv2 or GPLv3
|
||||||
@ -35,9 +35,6 @@ Patch3: dnsmasq-2.78-fips.patch
|
|||||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1728701
|
# https://bugzilla.redhat.com/show_bug.cgi?id=1728701
|
||||||
Patch7: dnsmasq-2.80-rh1728701.patch
|
Patch7: dnsmasq-2.80-rh1728701.patch
|
||||||
Patch9: dnsmasq-2.80-SIOCGSTAMP.patch
|
Patch9: dnsmasq-2.80-SIOCGSTAMP.patch
|
||||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1647464
|
|
||||||
# http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=29ae3083981ea82f535f77ea54bbd538f1224a9e
|
|
||||||
Patch15: dnsmasq-2.81-restore-ability-to-answer-non-recursive-requests.patch
|
|
||||||
|
|
||||||
# This is workaround to nettle bug #1549190
|
# This is workaround to nettle bug #1549190
|
||||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1549190
|
# https://bugzilla.redhat.com/show_bug.cgi?id=1549190
|
||||||
@ -174,8 +171,12 @@ install -Dpm 644 %{SOURCE2} %{buildroot}%{_sysusersdir}/%{name}.conf
|
|||||||
%{_mandir}/man1/dhcp_*
|
%{_mandir}/man1/dhcp_*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Apr 16 2020 Petr Menšík <pemensik@redhat.com> - 2.81-2
|
||||||
|
- Update to 2.81 (#1823139)
|
||||||
|
|
||||||
* Mon Mar 23 2020 Petr Menšík <pemensik@redhat.com> - 2.81-1.rc3
|
* Mon Mar 23 2020 Petr Menšík <pemensik@redhat.com> - 2.81-1.rc3
|
||||||
- Update to 2.81rc3
|
- Update to 2.81rc3
|
||||||
|
|
||||||
* Mon Mar 23 2020 Petr Menšík <pemensik@redhat.com> - 2.80-14
|
* Mon Mar 23 2020 Petr Menšík <pemensik@redhat.com> - 2.80-14
|
||||||
- Fix last build breakage of DNS (#1814468)
|
- Fix last build breakage of DNS (#1814468)
|
||||||
|
|
||||||
|
4
sources
4
sources
@ -1,2 +1,2 @@
|
|||||||
SHA512 (dnsmasq-2.81rc3.tar.xz) = 2bac2e01550c58f86c5f4be772eaeea59cc0c88531d425797efeedf146991d8d9ed0fe53977e6e6263b63f7441aafd90ccc3e64057e9a0959d7af15850bb05f1
|
SHA512 (dnsmasq-2.81.tar.xz) = 85550c9782fef9b0710d0e233523ed1fe26e877a8bc53fcea3f7cf1fb17c3a79c46f284a99dab2bdaf6a107ea3f1a71cec476ab6d4e1b936da6591aaef42c88e
|
||||||
SHA512 (dnsmasq-2.81rc3.tar.xz.asc) = 9835b94f919d8750b667dc92584b5634e5dbd5e672f3337946d4ed5541a26358cbabf04dff4ae6f5ba380d4170889252587dbc704b9b40f56c86440e8b157264
|
SHA512 (dnsmasq-2.81.tar.xz.asc) = 8f102efb3f9ccf5509db60e81ef9fe2515cd4813dafdc7bb24a8f3246a3ededd62ca37171abbba3ef5b547313d344778d922ab8fd91bacd6351f4ab73ced74ef
|
||||||
|
Loading…
Reference in New Issue
Block a user