packages/dnsmasq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update to 2.89

Browse Source
This commit is contained in:
renmingshuai 2023-08-08 10:04:16 +08:00
parent a0b7fc240c
commit 02823d98c8
6 changed files with 26 additions and 120 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
Free-sockets-awaiting-upstream-DNS-replies-ASAP.patch
View File

@ -1,33 +0,0 @@
From d6c69f6bdba8e2a138faa6c422f5fd29545f1f06 Mon Sep 17 00:00:00 2001
From: Simon Kelley <simon@thekelleys.org.uk>
Date: Tue, 6 Sep 2022 15:35:54 +0100
Subject: [PATCH] Free sockets awaiting upstream DNS replies ASAP.
Once we have a good answer, close the socket so that the fd can
be reused during DNSSEC validation and we don't have to read and
discard more replies from other servers.
---
src/forward.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/src/forward.c b/src/forward.c
index e8249a6..f90be2f 100644
--- a/src/forward.c
+++ b/src/forward.c
@@ -1144,6 +1144,13 @@ void reply_query(int fd, time_t now)
}
forward->sentto = server;
+
+ /* We have a good answer, and will now validate it or return it.
+ It may be some time before this the validation completes, but we don't need
+ any more answers, so close the socket(s) on which we were expecting
+ answers, to conserve file descriptors, and to save work reading and
+ discarding answers for other upstreams. */
+ free_rfds(&forward->rfds);
#ifdef HAVE_DNSSEC
if ((forward->sentto->flags & SERV_DO_DNSSEC) &&
--
2.25.1

65
backport-Fix-bad-interaction-between-address-ip-and-ser.patch
View File

@ -1,65 +0,0 @@
From f4b281381853df6b275332d4cd0ec1d150bffa86 Mon Sep 17 00:00:00 2001
From: Simon Kelley <simon@thekelleys.org.uk>
Date: Mon, 8 Aug 2022 15:27:32 +0100
Subject: [PATCH] Fix bad interaction between --address=/#/<ip> and
--server=/some.domain/#
This would return <ip> for queries in some.domain, rather than
forwarding the query via the default server(s) read from /etc/resolv.conf.
Conflict:NA
Reference:https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=f4b281381853df6b275332d4cd0ec1d150bffa86
---
src/domain-match.c | 14 +++++++++-----
1 files changed, 9 insertions(+), 5 deletions(-)
diff --git a/src/domain-match.c b/src/domain-match.c
index 3ec49b8..f7db0fe 100644
--- a/src/domain-match.c
+++ b/src/domain-match.c
@@ -213,9 +213,13 @@ int lookup_domain(char *domain, int flags, int *lowout, int *highout)
to continue generalising */
{
/* We've matched a setting which says to use servers without a domain.
- Continue the search with empty query */
+ Continue the search with empty query. We set the F_SERVER flag
+ so that --address=/#/... doesn't match. */
if (daemon->serverarray[nlow]->flags & SERV_USE_RESOLV)
- crop_query = qlen;
+ {
+ crop_query = qlen;
+ flags |= F_SERVER;
+ }
else
break;
}
@@ -299,7 +303,7 @@ int filter_servers(int seed, int flags, int *lowout, int *highout)
for (i = nlow; i < nhigh && (daemon->serverarray[i]->flags & SERV_6ADDR); i++);
- if (i != nlow && (flags & F_IPV6))
+ if (!(flags & F_SERVER) && i != nlow && (flags & F_IPV6))
nhigh = i;
else
{
@@ -307,7 +311,7 @@ int filter_servers(int seed, int flags, int *lowout, int *highout)
for (i = nlow; i < nhigh && (daemon->serverarray[i]->flags & SERV_4ADDR); i++);
- if (i != nlow && (flags & F_IPV4))
+ if (!(flags & F_SERVER) && i != nlow && (flags & F_IPV4))
nhigh = i;
else
{
@@ -315,7 +319,7 @@ int filter_servers(int seed, int flags, int *lowout, int *highout)
for (i = nlow; i < nhigh && (daemon->serverarray[i]->flags & SERV_ALL_ZEROS); i++);
- if (i != nlow && (flags & (F_IPV4 | F_IPV6)))
+ if (!(flags & F_SERVER) && i != nlow && (flags & (F_IPV4 | F_IPV6)))
nhigh = i;
else
{
--
2.23.0

32
bugfix-allow-binding-mac-with-ipv6.patch
View File

@ -2,8 +2,6 @@ From 53e1a09a06e11317bbde0e236837e5daa8d40593 Mon Sep 17 00:00:00 2001
From: liaichun <liaichun@huawei.com>
Date: Mon, 20 Apr 2020 16:06:51 +0800
Reference: NA
Conflict: NA
---
src/dnsmasq.c | 1 +
src/dnsmasq.h | 4 +++-
@ -24,20 +22,20 @@ index 9f326ed..70ea6fa 100644
{
if (context->flags & CONTEXT_DHCP)
diff --git a/src/dnsmasq.h b/src/dnsmasq.h
index aaa6d62..c843238 100644
index fe9aa07..dbbeab1 100644
--- a/src/dnsmasq.h
+++ b/src/dnsmasq.h
@@ -281,7 +281,8 @@ struct event_desc {
#define OPT_STRIP_ECS 69
@@ -282,7 +282,8 @@ struct event_desc {
#define OPT_STRIP_MAC 70
#define OPT_NORR 71
-#define OPT_LAST 72
+#define OPT_BIND_MAC_IP6 72
+#define OPT_LAST 73
#define OPT_NO_IDENT 72
-#define OPT_LAST 73
+#define OPT_BIND_MAC_IP6 73
+#define OPT_LAST 74
#define OPTION_BITS (sizeof(unsigned int)*8)
#define OPTION_SIZE ( (OPT_LAST/OPTION_BITS)+((OPT_LAST%OPTION_BITS)!=0) )
@@ -1179,6 +1180,7 @@ extern struct daemon {
@@ -1180,6 +1181,7 @@ extern struct daemon {
int override;
int enable_pxe;
int doing_ra, doing_dhcp6;
@ -46,29 +44,29 @@ index aaa6d62..c843238 100644
struct dhcp_netid_list *force_broadcast, *bootp_dynamic;
struct hostsfile *dhcp_hosts_file, *dhcp_opts_file;
diff --git a/src/option.c b/src/option.c
index 8e61a6b..9d4db5a 100644
index e4810fd..8efd687 100644
--- a/src/option.c
+++ b/src/option.c
@@ -185,6 +185,7 @@ struct myoption {
#define LOPT_FAST_RETRY 376
@@ -186,6 +186,7 @@ struct myoption {
#define LOPT_STALE_CACHE 377
#define LOPT_NORR 378
+#define LOPT_BIND_MAC_IP6 379
#define LOPT_NO_IDENT 379
+#define LOPT_BIND_MAC_IP6 380
#ifdef HAVE_GETOPT_LONG
static const struct option opts[] =
@@ -374,6 +375,7 @@ static const struct myoption opts[] =
{ "port-limit", 1, 0, LOPT_RANDPORT_LIM },
@@ -376,6 +377,7 @@ static const struct myoption opts[] =
{ "fast-dns-retry", 2, 0, LOPT_FAST_RETRY },
{ "use-stale-cache", 2, 0 , LOPT_STALE_CACHE },
{ "no-ident", 0, 0, LOPT_NO_IDENT },
+ { "bind-mac-with-ip6", 0, 0 , LOPT_BIND_MAC_IP6 },
{ NULL, 0, 0, 0 }
};
@@ -570,6 +572,7 @@ static struct {
{ LOPT_UMBRELLA, ARG_ONE, "[=<optspec>]", gettext_noop("Send Cisco Umbrella identifiers including remote IP."), NULL },
@@ -573,6 +575,7 @@ static struct {
{ LOPT_QUIET_TFTP, OPT_QUIET_TFTP, NULL, gettext_noop("Do not log routine TFTP."), NULL },
{ LOPT_NORR, OPT_NORR, NULL, gettext_noop("Suppress round-robin ordering of DNS records."), NULL },
{ LOPT_NO_IDENT, OPT_NO_IDENT, NULL, gettext_noop("Do not add CHAOS TXT records."), NULL },
+ { LOPT_BIND_MAC_IP6, OPT_BIND_MAC_IP6, NULL, gettext_noop("Bind mac with ipv6 address. This is an experimental feature and it conflicts with rfc3315."), NULL },
{ 0, 0, NULL, NULL, NULL }
};

BIN
dnsmasq-2.88.tar.xz
View File

Binary file not shown.

BIN
dnsmasq-2.89.tar.xz Normal file
View File

Binary file not shown.

16
dnsmasq.spec
View File

@ -1,6 +1,6 @@
Name: dnsmasq
Version: 2.88
Release: 3
Version: 2.89
Release: 1
Summary: Dnsmasq provides network infrastructure for small networks
License: GPLv2 or GPLv3
URL: http://www.thekelleys.org.uk/dnsmasq/
@ -11,9 +11,9 @@ Source2: dnsmasq-systemd-sysusers.conf
Patch1: backport-dnsmasq-2.77-underflow.patch
Patch2: backport-dnsmasq-2.81-configuration.patch
Patch3: backport-dnsmasq-2.78-fips.patch
Patch4: bugfix-allow-binding-mac-with-ipv6.patch
Patch5: bugfix-deal-with-CONFRIM-when-binding-mac-with-ipv6.patch
Patch6: backport-CVE-2023-28450-Set-the-default-maximum-DNS-UDP-packet.patch
Patch4: backport-CVE-2023-28450-Set-the-default-maximum-DNS-UDP-packet.patch
Patch5: bugfix-allow-binding-mac-with-ipv6.patch
Patch6: bugfix-deal-with-CONFRIM-when-binding-mac-with-ipv6.patch
BuildRequires: gcc
BuildRequires: dbus-devel pkgconfig libidn2-devel nettle-devel systemd
@ -103,6 +103,12 @@ install -Dpm644 %{SOURCE2} $RPM_BUILD_ROOT%{_sysusersdir}/dnsmasq.conf
%{_mandir}/man8/dnsmasq*
%changelog
* Tue Aug 8 2023 renmingshuai <renmingshuai@huawei.com> - 2.89-1
- Type:requirement
- Id:NA
- SUG:NA
- DESC:update to 2.89
* Thu Apr 27 2023 yanglu <yanglu72@h-partners.com> - 2.88-3
- Type:bugfix
- Id:NA