diff --git a/Free-sockets-awaiting-upstream-DNS-replies-ASAP.patch b/Free-sockets-awaiting-upstream-DNS-replies-ASAP.patch deleted file mode 100644 index a080886..0000000 --- a/Free-sockets-awaiting-upstream-DNS-replies-ASAP.patch +++ /dev/null @@ -1,33 +0,0 @@ -From d6c69f6bdba8e2a138faa6c422f5fd29545f1f06 Mon Sep 17 00:00:00 2001 -From: Simon Kelley -Date: Tue, 6 Sep 2022 15:35:54 +0100 -Subject: [PATCH] Free sockets awaiting upstream DNS replies ASAP. - -Once we have a good answer, close the socket so that the fd can -be reused during DNSSEC validation and we don't have to read and -discard more replies from other servers. ---- - src/forward.c | 7 +++++++ - 1 file changed, 7 insertions(+) - -diff --git a/src/forward.c b/src/forward.c -index e8249a6..f90be2f 100644 ---- a/src/forward.c -+++ b/src/forward.c -@@ -1144,6 +1144,13 @@ void reply_query(int fd, time_t now) - } - - forward->sentto = server; -+ -+ /* We have a good answer, and will now validate it or return it. -+ It may be some time before this the validation completes, but we don't need -+ any more answers, so close the socket(s) on which we were expecting -+ answers, to conserve file descriptors, and to save work reading and -+ discarding answers for other upstreams. */ -+ free_rfds(&forward->rfds); - - #ifdef HAVE_DNSSEC - if ((forward->sentto->flags & SERV_DO_DNSSEC) && --- -2.25.1 - diff --git a/backport-Fix-bad-interaction-between-address-ip-and-ser.patch b/backport-Fix-bad-interaction-between-address-ip-and-ser.patch deleted file mode 100644 index 9bd5f61..0000000 --- a/backport-Fix-bad-interaction-between-address-ip-and-ser.patch +++ /dev/null @@ -1,65 +0,0 @@ -From f4b281381853df6b275332d4cd0ec1d150bffa86 Mon Sep 17 00:00:00 2001 -From: Simon Kelley -Date: Mon, 8 Aug 2022 15:27:32 +0100 -Subject: [PATCH] Fix bad interaction between --address=/#/ and - --server=/some.domain/# - -This would return for queries in some.domain, rather than -forwarding the query via the default server(s) read from /etc/resolv.conf. - -Conflict:NA -Reference:https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=f4b281381853df6b275332d4cd0ec1d150bffa86 ---- - src/domain-match.c | 14 +++++++++----- - 1 files changed, 9 insertions(+), 5 deletions(-) - -diff --git a/src/domain-match.c b/src/domain-match.c -index 3ec49b8..f7db0fe 100644 ---- a/src/domain-match.c -+++ b/src/domain-match.c -@@ -213,9 +213,13 @@ int lookup_domain(char *domain, int flags, int *lowout, int *highout) - to continue generalising */ - { - /* We've matched a setting which says to use servers without a domain. -- Continue the search with empty query */ -+ Continue the search with empty query. We set the F_SERVER flag -+ so that --address=/#/... doesn't match. */ - if (daemon->serverarray[nlow]->flags & SERV_USE_RESOLV) -- crop_query = qlen; -+ { -+ crop_query = qlen; -+ flags |= F_SERVER; -+ } - else - break; - } -@@ -299,7 +303,7 @@ int filter_servers(int seed, int flags, int *lowout, int *highout) - - for (i = nlow; i < nhigh && (daemon->serverarray[i]->flags & SERV_6ADDR); i++); - -- if (i != nlow && (flags & F_IPV6)) -+ if (!(flags & F_SERVER) && i != nlow && (flags & F_IPV6)) - nhigh = i; - else - { -@@ -307,7 +311,7 @@ int filter_servers(int seed, int flags, int *lowout, int *highout) - - for (i = nlow; i < nhigh && (daemon->serverarray[i]->flags & SERV_4ADDR); i++); - -- if (i != nlow && (flags & F_IPV4)) -+ if (!(flags & F_SERVER) && i != nlow && (flags & F_IPV4)) - nhigh = i; - else - { -@@ -315,7 +319,7 @@ int filter_servers(int seed, int flags, int *lowout, int *highout) - - for (i = nlow; i < nhigh && (daemon->serverarray[i]->flags & SERV_ALL_ZEROS); i++); - -- if (i != nlow && (flags & (F_IPV4 | F_IPV6))) -+ if (!(flags & F_SERVER) && i != nlow && (flags & (F_IPV4 | F_IPV6))) - nhigh = i; - else - { --- -2.23.0 - diff --git a/bugfix-allow-binding-mac-with-ipv6.patch b/bugfix-allow-binding-mac-with-ipv6.patch index 5b073a0..c018050 100644 --- a/bugfix-allow-binding-mac-with-ipv6.patch +++ b/bugfix-allow-binding-mac-with-ipv6.patch @@ -2,8 +2,6 @@ From 53e1a09a06e11317bbde0e236837e5daa8d40593 Mon Sep 17 00:00:00 2001 From: liaichun Date: Mon, 20 Apr 2020 16:06:51 +0800 -Reference: NA -Conflict: NA --- src/dnsmasq.c | 1 + src/dnsmasq.h | 4 +++- @@ -24,20 +22,20 @@ index 9f326ed..70ea6fa 100644 { if (context->flags & CONTEXT_DHCP) diff --git a/src/dnsmasq.h b/src/dnsmasq.h -index aaa6d62..c843238 100644 +index fe9aa07..dbbeab1 100644 --- a/src/dnsmasq.h +++ b/src/dnsmasq.h -@@ -281,7 +281,8 @@ struct event_desc { - #define OPT_STRIP_ECS 69 +@@ -282,7 +282,8 @@ struct event_desc { #define OPT_STRIP_MAC 70 #define OPT_NORR 71 --#define OPT_LAST 72 -+#define OPT_BIND_MAC_IP6 72 -+#define OPT_LAST 73 + #define OPT_NO_IDENT 72 +-#define OPT_LAST 73 ++#define OPT_BIND_MAC_IP6 73 ++#define OPT_LAST 74 #define OPTION_BITS (sizeof(unsigned int)*8) #define OPTION_SIZE ( (OPT_LAST/OPTION_BITS)+((OPT_LAST%OPTION_BITS)!=0) ) -@@ -1179,6 +1180,7 @@ extern struct daemon { +@@ -1180,6 +1181,7 @@ extern struct daemon { int override; int enable_pxe; int doing_ra, doing_dhcp6; @@ -46,29 +44,29 @@ index aaa6d62..c843238 100644 struct dhcp_netid_list *force_broadcast, *bootp_dynamic; struct hostsfile *dhcp_hosts_file, *dhcp_opts_file; diff --git a/src/option.c b/src/option.c -index 8e61a6b..9d4db5a 100644 +index e4810fd..8efd687 100644 --- a/src/option.c +++ b/src/option.c -@@ -185,6 +185,7 @@ struct myoption { - #define LOPT_FAST_RETRY 376 +@@ -186,6 +186,7 @@ struct myoption { #define LOPT_STALE_CACHE 377 #define LOPT_NORR 378 -+#define LOPT_BIND_MAC_IP6 379 + #define LOPT_NO_IDENT 379 ++#define LOPT_BIND_MAC_IP6 380 #ifdef HAVE_GETOPT_LONG static const struct option opts[] = -@@ -374,6 +375,7 @@ static const struct myoption opts[] = - { "port-limit", 1, 0, LOPT_RANDPORT_LIM }, +@@ -376,6 +377,7 @@ static const struct myoption opts[] = { "fast-dns-retry", 2, 0, LOPT_FAST_RETRY }, { "use-stale-cache", 2, 0 , LOPT_STALE_CACHE }, + { "no-ident", 0, 0, LOPT_NO_IDENT }, + { "bind-mac-with-ip6", 0, 0 , LOPT_BIND_MAC_IP6 }, { NULL, 0, 0, 0 } }; -@@ -570,6 +572,7 @@ static struct { - { LOPT_UMBRELLA, ARG_ONE, "[=]", gettext_noop("Send Cisco Umbrella identifiers including remote IP."), NULL }, +@@ -573,6 +575,7 @@ static struct { { LOPT_QUIET_TFTP, OPT_QUIET_TFTP, NULL, gettext_noop("Do not log routine TFTP."), NULL }, { LOPT_NORR, OPT_NORR, NULL, gettext_noop("Suppress round-robin ordering of DNS records."), NULL }, + { LOPT_NO_IDENT, OPT_NO_IDENT, NULL, gettext_noop("Do not add CHAOS TXT records."), NULL }, + { LOPT_BIND_MAC_IP6, OPT_BIND_MAC_IP6, NULL, gettext_noop("Bind mac with ipv6 address. This is an experimental feature and it conflicts with rfc3315."), NULL }, { 0, 0, NULL, NULL, NULL } }; diff --git a/dnsmasq-2.88.tar.xz b/dnsmasq-2.88.tar.xz deleted file mode 100644 index 5259014..0000000 Binary files a/dnsmasq-2.88.tar.xz and /dev/null differ diff --git a/dnsmasq-2.89.tar.xz b/dnsmasq-2.89.tar.xz new file mode 100644 index 0000000..d870d14 Binary files /dev/null and b/dnsmasq-2.89.tar.xz differ diff --git a/dnsmasq.spec b/dnsmasq.spec index 30f8a4d..1d758ad 100644 --- a/dnsmasq.spec +++ b/dnsmasq.spec @@ -1,6 +1,6 @@ Name: dnsmasq -Version: 2.88 -Release: 3 +Version: 2.89 +Release: 1 Summary: Dnsmasq provides network infrastructure for small networks License: GPLv2 or GPLv3 URL: http://www.thekelleys.org.uk/dnsmasq/ @@ -11,9 +11,9 @@ Source2: dnsmasq-systemd-sysusers.conf Patch1: backport-dnsmasq-2.77-underflow.patch Patch2: backport-dnsmasq-2.81-configuration.patch Patch3: backport-dnsmasq-2.78-fips.patch -Patch4: bugfix-allow-binding-mac-with-ipv6.patch -Patch5: bugfix-deal-with-CONFRIM-when-binding-mac-with-ipv6.patch -Patch6: backport-CVE-2023-28450-Set-the-default-maximum-DNS-UDP-packet.patch +Patch4: backport-CVE-2023-28450-Set-the-default-maximum-DNS-UDP-packet.patch +Patch5: bugfix-allow-binding-mac-with-ipv6.patch +Patch6: bugfix-deal-with-CONFRIM-when-binding-mac-with-ipv6.patch BuildRequires: gcc BuildRequires: dbus-devel pkgconfig libidn2-devel nettle-devel systemd @@ -103,6 +103,12 @@ install -Dpm644 %{SOURCE2} $RPM_BUILD_ROOT%{_sysusersdir}/dnsmasq.conf %{_mandir}/man8/dnsmasq* %changelog +* Tue Aug 8 2023 renmingshuai - 2.89-1 +- Type:requirement +- Id:NA +- SUG:NA +- DESC:update to 2.89 + * Thu Apr 27 2023 yanglu - 2.88-3 - Type:bugfix - Id:NA