Commit Graph

21 Commits

Author SHA1 Message Date
Petr Menšík
73f4c86bcc fixup! Correct releasing of serv_domain
Ensure correct domain entries are prepared also for DBus specified
domains. Initialize server_domain when adding new nameserver, no matter
what is its source. Do not wait for check_servers() to domain
initialization.

Resolves: rhbz#2188712
2023-05-10 13:18:42 +02:00
Petr Menšík
9c7ec692aa Ensure search_servers domain is set on dnssec
When dnssec validation is enabled the domain variable used when fetching
dnssec key or domain were not properly initialized always. It were read
anyway inside search_servers. Because it is changed only sometime, do
not use its value on the end of function. domain can be NULL only at
that point, use that value right away.

Resolves: rhbz#2182342
2023-05-10 13:18:42 +02:00
Petr Menšík
0b70f00773 Correct releasing of serv_domain
In case the server->serv_domain points to domain also when it is not the
last server used, ensure the reference to last_server is always reset.
Some records might reference the server_domain, but cannot ever become
last_server. Such as server=/example.com/#

Do proper check also for above case and do not delete used serv_domain
structure. Also do optimization to reuse common server domains and do
not create new entry to already existing one.

Do two step cleaning during nameservers cleanup stage. Should avoid any
invalid pointer present.

Resolves: rhbz#2188712
2023-05-04 16:17:10 +02:00
Petr Menšík
a84d6321e9 Set the default maximum DNS UDP packet size to 1232
Resolves: CVE-2023-28450
2023-04-03 16:36:40 +02:00
Petr Menšík
ffed6aa9a4 Auto-waive bad_fucts in current release
rpminspect detects bad functs, which are not really a problem. They
occur only in IPv4 only code paths. Do not make them block gating.
2023-02-15 21:00:51 +01:00
Petr Menšík
af18e549c8 Use upstream version of CVE-2022-0934 fix
My previous downstream changes introduced a regression. Use instead
upstream tested change, which makes smaller change and does not create
new regression in relay code.

Resolves: rhbz#2126586
2023-01-26 18:42:54 +01:00
Petr Menšík
6734b8717a Ensure also server_domains_cleanup is called always
Fixes issue in patch dnsmasq-2.79-server-domain-rh1919894.patch.

When /etc/resolv.conf is changed, dnsmasq reloads used servers. But it
does not call cleanup of server domains in this case. It might cause
serv_domain->last_server to become non-null, but pointing released
server. Ensure it is checked before any cleanup_servers() action always
and from all other places, like dbus setting.

Caused unending loop in forward_query function, rhbz#2106361.

Resolves: rhbz#2120711
2022-08-30 13:46:48 +02:00
Petr Menšík
ea063256c7 Change message type by dedicated function
Long-term pointer to beginning of message does not work well. I case
outpacket is reallocated in any new_opt6() section, original outmsgtypep
pointer becomes invalid. Instead of using that pointer use dedicated
function, which will change just the first byte of the message.

This makes sure correct beginning of packet is always used.

Resolves: CVE-2022-0934
2022-04-27 21:55:10 +02:00
Petr Menšík
a787d2924a Support client arch and interface identifier options
Understand symbolic names for remaining boot option. Interface
identifier expects 3 byte hex encoding in 01:03:01 format.

Related: rhbz#2002871
2022-02-24 15:35:13 +01:00
Petr Menšík
c8b997fc6f Offer alternative address if requested is leased
In some cases booting firware requires multiple IPv6 addresses leased
from DHCP. Dnsmasq offers the same address to different IAIDs requests.
The first gets it successfully, but remaining requests would be denied
with address in use error. Change behaviour and supply alternative
address from the same range, just like Rapid Commit DHCP option allows.
Reuse the same code.

Resolves: rhbz#2002871
2022-02-24 15:34:12 +01:00
Petr Menšík
7524c9f8df dnsmasq option to query the last known working domain specific upstream server first
Similar functionality was implemented in upstream release 2.86 as part
of bigger optimization. While it should have introduce better
performance on bigger domain filter list, it caused several regressions
including crashes.

This is attempt to make similar functionality in different way, without
so heavy change to basic system. It instead adds new structure for each
unique domain, which tracks last tried server for a given domain. It
makes the same algorithm used for domain-less servers, such as those
read from /etc/resolv.conf. But uses that also for servers forwarding
only for subdomains.

It might slightly increase used memory on high number of local=/example/
or server=/example/::1.

Resolves: rhbz#2047510
2022-02-10 23:22:39 +01:00
Petr Menšík
41cf9dea97 Adjust gating.yaml for RHEL9 2021-08-26 12:55:07 +02:00
Mohan Boddu
38555922b3 Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
Signed-off-by: Mohan Boddu <mboddu@redhat.com>
2021-08-09 19:50:01 +00:00
Petr Menšík
1d340ea569 Remove broken and unnecessary patch
Upstream has merged patch dnsmasq-2.81-rh1834454.patch slightly
different way, but it is applied anyway. SIOCGSTAMP was fixed by
upstream different way.

Resolves: rhbz#1978728
2021-07-02 18:30:45 +02:00
Petr Menšík
2ed68fa38b Change default pid file into run directory
(cherry picked from commit 72ba11797c)

Related: rhbz#1978728
2021-07-02 18:10:26 +02:00
Petr Menšík
288c0613a9 Update to 2.85 (#1947198)
Change to production release.

(cherry picked from commit 7ce0e29ff5)

Resolves: rhbz#1978728
2021-07-02 18:07:30 +02:00
Mohan Boddu
85302dc0b8 - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
Signed-off-by: Mohan Boddu <mboddu@redhat.com>
2021-04-15 23:06:09 +00:00
DistroBaker
01975e83ad Merged update from upstream sources
This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.

Source: https://src.fedoraproject.org/rpms/dnsmasq.git#e2a508e666a6a3ebb47625e4c8185a1f8ce0584f
2021-01-26 13:17:33 +00:00
DistroBaker
498c522839 Merged update from upstream sources
This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.

Source: https://src.fedoraproject.org/rpms/dnsmasq.git#85b95520cf06f64468258b01a2594476d1c0cd2f
2021-01-19 22:39:57 +00:00
Petr Šabata
fa9ecc575b RHEL 9.0.0 Alpha bootstrap
The content of this branch was automatically imported from Fedora ELN
with the following as its source:
https://src.fedoraproject.org/rpms/dnsmasq#9d4a531b209034079edd34dc8b364672a9f6625f
2020-10-14 23:43:55 +02:00
Release Configuration Management
388f37f652 New branch setup 2020-10-08 11:42:11 +00:00