Fix bug which caused dnsmasq to lose track of processes forked
to handle TCP DNS connections under heavy load. The code
checked that at least one free process table slot was
available before listening on TCP sockets, but didn't take
into account that more than one TCP connection could
arrive, so that check was not sufficient to ensure that
there would be slots for all new processes. It compounded
this error by silently failing to store the process when
it did run out of slots. Even when this bug is triggered,
all the right things happen, and answers are still returned.
Only under very exceptional circumstances, does the bug
manifest itself: see
https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2021q2/014976.html
Thanks to Tijs Van Buggenhout for finding the conditions under
which the bug manifests itself, and then working out
exactly what was going on.
Resolves: RHEL-6584
When log-facility is used to create a new file, make that file also
writeable by root. Systemd strips the ability to write into this file
even when started by root. Allow root explicitly.
Resolves: rhbz#2156789
--local=/example/ and --address=/example/# create records, which contain
no address or just NULL address. Some people generate quite large
blocklists, which then can take quite long to walk through. Because it
uses linear algorithm, it gets quite slow.
Similar to upstream in 2.86, avoid walking through literal addresses or
local blocks. Speeds up significantly loading of 50k or more records.
Fixed regression caused by commit 73f4c86bcc
Resolves: rhbz#2209031
Ensure correct domain entries are prepared also for DBus specified
domains. Initialize server_domain when adding new nameserver, no matter
what is its source. Do not wait for check_servers() to domain
initialization.
Resolves: rhbz#2188712
When dnssec validation is enabled the domain variable used when fetching
dnssec key or domain were not properly initialized always. It were read
anyway inside search_servers. Because it is changed only sometime, do
not use its value on the end of function. domain can be NULL only at
that point, use that value right away.
Resolves: rhbz#2182342
In case the server->serv_domain points to domain also when it is not the
last server used, ensure the reference to last_server is always reset.
Some records might reference the server_domain, but cannot ever become
last_server. Such as server=/example.com/#
Do proper check also for above case and do not delete used serv_domain
structure. Also do optimization to reuse common server domains and do
not create new entry to already existing one.
Do two step cleaning during nameservers cleanup stage. Should avoid any
invalid pointer present.
Resolves: rhbz#2188712
My previous downstream changes introduced a regression. Use instead
upstream tested change, which makes smaller change and does not create
new regression in relay code.
Resolves: rhbz#2126586
Fixes issue in patch dnsmasq-2.79-server-domain-rh1919894.patch.
When /etc/resolv.conf is changed, dnsmasq reloads used servers. But it
does not call cleanup of server domains in this case. It might cause
serv_domain->last_server to become non-null, but pointing released
server. Ensure it is checked before any cleanup_servers() action always
and from all other places, like dbus setting.
Caused unending loop in forward_query function, rhbz#2106361.
Resolves: rhbz#2120711
Long-term pointer to beginning of message does not work well. I case
outpacket is reallocated in any new_opt6() section, original outmsgtypep
pointer becomes invalid. Instead of using that pointer use dedicated
function, which will change just the first byte of the message.
This makes sure correct beginning of packet is always used.
Resolves: CVE-2022-0934
In some cases booting firware requires multiple IPv6 addresses leased
from DHCP. Dnsmasq offers the same address to different IAIDs requests.
The first gets it successfully, but remaining requests would be denied
with address in use error. Change behaviour and supply alternative
address from the same range, just like Rapid Commit DHCP option allows.
Reuse the same code.
Resolves: rhbz#2002871
Similar functionality was implemented in upstream release 2.86 as part
of bigger optimization. While it should have introduce better
performance on bigger domain filter list, it caused several regressions
including crashes.
This is attempt to make similar functionality in different way, without
so heavy change to basic system. It instead adds new structure for each
unique domain, which tracks last tried server for a given domain. It
makes the same algorithm used for domain-less servers, such as those
read from /etc/resolv.conf. But uses that also for servers forwarding
only for subdomains.
It might slightly increase used memory on high number of local=/example/
or server=/example/::1.
Resolves: rhbz#2047510
Upstream has merged patch dnsmasq-2.81-rh1834454.patch slightly
different way, but it is applied anyway. SIOCGSTAMP was fixed by
upstream different way.
Resolves: rhbz#1978728
