packages/dnsmasq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!5 upgrade to 2.82

Browse Source 
Merge pull request !5 from 通行百万/local
This commit is contained in:
openeuler-ci-bot 2020-07-29 20:38:24 +08:00 committed by Gitee
commit 2a1d574842
9 changed files with 2441 additions and 294 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
0141-Fix-memory-leak-in-helper.c.patch
View File

@ -1,46 +0,0 @@
From 69bc94779c2f035a9fffdb5327a54c3aeca73ed5 Mon Sep 17 00:00:00 2001
From: Simon Kelley <simon@thekelleys.org.uk>
Date: Wed, 14 Aug 2019 20:44:50 +0100
Subject: [PATCH 141/156] Fix memory leak in helper.c
Thanks to Xu Mingjie <xumingjie1995@outlook.com> for spotting this.
---
src/helper.c | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)
diff --git a/src/helper.c b/src/helper.c
index 33ba120..c392eec 100644
--- a/src/helper.c
+++ b/src/helper.c
@@ -80,7 +80,8 @@ int create_helper(int event_fd, int err_fd, uid_t uid, gid_t gid, long max_fd)
pid_t pid;
int i, pipefd[2];
struct sigaction sigact;
-
+ unsigned char *alloc_buff = NULL;
+
/* create the pipe through which the main program sends us commands,
then fork our process. */
if (pipe(pipefd) == -1 || !fix_fd(pipefd[1]) || (pid = fork()) == -1)
@@ -186,11 +187,16 @@ int create_helper(int event_fd, int err_fd, uid_t uid, gid_t gid, long max_fd)
struct script_data data;
char *p, *action_str, *hostname = NULL, *domain = NULL;
unsigned char *buf = (unsigned char *)daemon->namebuff;
- unsigned char *end, *extradata, *alloc_buff = NULL;
+ unsigned char *end, *extradata;
int is6, err = 0;
int pipeout[2];
- free(alloc_buff);
+ /* Free rarely-allocated memory from previous iteration. */
+ if (alloc_buff)
+ {
+ free(alloc_buff);
+ alloc_buff = NULL;
+ }
/* we read zero bytes when pipe closed: this is our signal to exit */
if (!read_write(pipefd[0], (unsigned char *)&data, sizeof(data), 1))
--
1.8.3.1

109
bugfix-allow-binding-mac-with-ipv6.patch
View File

@ -1,23 +1,20 @@
From 7d8a6199730a2fd0cd2a7cfa4fdb73b8399f110a Mon Sep 17 00:00:00 2001
From: Shufeng Cao <caoshufeng@huawei.com>
Date: Tue, 27 Nov 2018 15:03:59 +0800
Subject: [PATCH 1/2] allow binding mac address with ipv6
From 5db7b109af8f6967335806b50d628611be7b9cfd Mon Sep 17 00:00:00 2001
From: xiaoweiwei <xiaoweiwei5@huawei.com>
Date: Tue, 28 Jul 2020 15:22:54 +0800
Subject: [PATCH] bugfix allow binding mac with ipv6
This change introduces a new option --bind-mac-with-ip6, when this
option is enabled, a client of same mac address will always get the
bound ipv6 address, even when it's duid has been changed.
---
src/dnsmasq.c | 1 +
src/dnsmasq.h | 4 +++-
src/dnsmasq.h | 2 ++
src/option.c | 3 +++
src/rfc3315.c | 34 +++++++++++++++++++++++++++++++++-
4 files changed, 40 insertions(+), 2 deletions(-)
src/rfc3315.c | 32 +++++++++++++++++++++++++++++++-
4 files changed, 37 insertions(+), 1 deletion(-)
diff --git a/src/dnsmasq.c b/src/dnsmasq.c
index 9f6c020..32a4d22 100644
index bfad87f..b25e0c9 100644
--- a/src/dnsmasq.c
+++ b/src/dnsmasq.c
@@ -243,6 +243,7 @@ int main (int argc, char **argv)
@@ -261,6 +261,7 @@ int main (int argc, char **argv)
if (daemon->dhcp6)
{
daemon->doing_ra = option_bool(OPT_RA);
@ -26,20 +23,18 @@ index 9f6c020..32a4d22 100644
for (context = daemon->dhcp6; context; context = context->next)
{
diff --git a/src/dnsmasq.h b/src/dnsmasq.h
index 6773b69..8b31d42 100644
index 4220798..b9054b9 100644
--- a/src/dnsmasq.h
+++ b/src/dnsmasq.h
@@ -250,7 +250,8 @@ struct event_desc {
#define OPT_MAC_B64 54
#define OPT_MAC_HEX 55
#define OPT_TFTP_APREF_MAC 56
-#define OPT_LAST 57
+#define OPT_BIND_MAC_IP6 57
+#define OPT_LAST 58
@@ -270,6 +270,7 @@ struct event_desc {
#define OPT_SINGLE_PORT 60
#define OPT_LEASE_RENEW 61
#define OPT_LAST 62
+#define OPT_BIND_MAC_IP6 63
/* extra flags for my_syslog, we use a couple of facilities since they are known
not to occupy the same bits as priorities, no matter how syslog.h is set up. */
@@ -1000,6 +1001,7 @@ extern struct daemon {
#define OPTION_BITS (sizeof(unsigned int)*8)
#define OPTION_SIZE ( (OPT_LAST/OPTION_BITS)+((OPT_LAST%OPTION_BITS)!=0) )
@@ -1051,6 +1052,7 @@ extern struct daemon {
int override;
int enable_pxe;
int doing_ra, doing_dhcp6;
@ -48,60 +43,60 @@ index 6773b69..8b31d42 100644
struct dhcp_netid_list *force_broadcast, *bootp_dynamic;
struct hostsfile *dhcp_hosts_file, *dhcp_opts_file, *dynamic_dirs;
diff --git a/src/option.c b/src/option.c
index d358d99..919e5a3 100644
index dbe5f90..f8391d0 100644
--- a/src/option.c
+++ b/src/option.c
@@ -160,6 +160,7 @@ struct myoption {
#define LOPT_DHCPTTL 348
#define LOPT_TFTP_MTU 349
#define LOPT_REPLY_DELAY 350
+#define LOPT_BIND_MAC_IP6 351
@@ -167,6 +167,7 @@ struct myoption {
#define LOPT_IGNORE_CLID 358
#define LOPT_SINGLE_PORT 359
#define LOPT_SCRIPT_TIME 360
+#define LOPT_BIND_MAC_IP6 361
#ifdef HAVE_GETOPT_LONG
static const struct option opts[] =
@@ -325,6 +326,7 @@ static const struct myoption opts[] =
{ "script-arp", 0, 0, LOPT_SCRIPT_ARP },
{ "dhcp-ttl", 1, 0 , LOPT_DHCPTTL },
{ "dhcp-reply-delay", 1, 0, LOPT_REPLY_DELAY },
+ { "bind-mac-with-ip6", 0, 0 , LOPT_BIND_MAC_IP6 },
@@ -339,6 +340,7 @@ static const struct myoption opts[] =
{ "dumpfile", 1, 0, LOPT_DUMPFILE },
{ "dumpmask", 1, 0, LOPT_DUMPMASK },
{ "dhcp-ignore-clid", 0, 0, LOPT_IGNORE_CLID },
+ { "bind-mac-with-ip6",0, 0, LOPT_BIND_MAC_IP6},
{ NULL, 0, 0, 0 }
};
@@ -497,6 +499,7 @@ static struct {
{ LOPT_IGNORE_ADDR, ARG_DUP, "<ipaddr>", gettext_noop("Ignore DNS responses containing ipaddr."), NULL },
{ LOPT_DHCPTTL, ARG_ONE, "<ttl>", gettext_noop("Set TTL in DNS responses with DHCP-derived addresses."), NULL },
{ LOPT_REPLY_DELAY, ARG_ONE, "<integer>", gettext_noop("Delay DHCP replies for at least number of seconds."), NULL },
@@ -518,6 +520,7 @@ static struct {
{ LOPT_DUMPFILE, ARG_ONE, "<path>", gettext_noop("Path to debug packet dump file"), NULL },
{ LOPT_DUMPMASK, ARG_ONE, "<hex>", gettext_noop("Mask which packets to dump"), NULL },
{ LOPT_SCRIPT_TIME, OPT_LEASE_RENEW, NULL, gettext_noop("Call dhcp-script when lease expiry changes."), NULL },
+ { LOPT_BIND_MAC_IP6, OPT_BIND_MAC_IP6, NULL, gettext_noop("Bind mac with ipv6 address. This is an experimental feature and it conflicts with rfc3315."), NULL },
{ 0, 0, NULL, NULL, NULL }
};
diff --git a/src/rfc3315.c b/src/rfc3315.c
index 21fcd9b..defd966 100644
index b3f0a0a..5781809 100644
--- a/src/rfc3315.c
+++ b/src/rfc3315.c
@@ -55,6 +55,7 @@ static struct prefix_class *prefix_class_from_context(struct dhcp_context *conte
@@ -49,6 +49,7 @@ static void end_ia(int t1cntr, unsigned int min_time, int do_fuzz);
static void mark_context_used(struct state *state, struct in6_addr *addr);
static void mark_config_used(struct dhcp_context *context, struct in6_addr *addr);
static int check_address(struct state *state, struct in6_addr *addr);
+static int check_and_try_preempte_address(struct state *state, struct in6_addr *addr, time_t now, struct dhcp_config *config);
static int config_valid(struct dhcp_config *config, struct dhcp_context *context, struct in6_addr *addr, struct state *state, time_t now);
static struct addrlist *config_implies(struct dhcp_config *config, struct dhcp_context *context, struct in6_addr *addr);
static void add_address(struct state *state, struct dhcp_context *context, unsigned int lease_time, void *ia_option,
unsigned int *min_time, struct in6_addr *addr, time_t now);
static void update_leases(struct state *state, struct dhcp_context *context, struct in6_addr *addr, unsigned int lease_time, time_t now);
@@ -746,7 +747,7 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
@@ -703,7 +704,8 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
for (c = state->context; c; c = c->current)
if (!(c->flags & CONTEXT_CONF_USED) &&
match_netid(c->filter, solicit_tags, plain_range) &&
config_valid(config, c, &addr) &&
- check_address(state, &addr))
+ check_and_try_preempte_address(state, &addr, now, config))
- config_valid(config, c, &addr, state, now))
+ config_valid(config, c, &addr, state, now) &&
+ check_and_try_preempte_address(state, &addr, now, config))
{
mark_config_used(state->context, &addr);
if (have_config(config, CONFIG_TIME))
@@ -1744,6 +1745,37 @@ static int check_address(struct state *state, struct in6_addr *addr)
@@ -1684,6 +1686,34 @@ static int check_address(struct state *state, struct in6_addr *addr)
return 1;
}
+static int check_and_try_preempte_address(struct state *state, struct in6_addr *addr, time_t now, struct dhcp_config *config)
+{
+static int check_and_try_preempte_address(struct state *state, struct in6_addr *addr, time_t now, struct dhcp_config *config){
+ struct dhcp_lease *lease;
+
+ if (!(lease = lease6_find_by_addr(addr, 128, 0)))
@ -109,8 +104,7 @@ index 21fcd9b..defd966 100644
+ return 1;
+ }
+
+
+ if(daemon->bind_mac_with_ip6) {
+ if (daemon->bind_mac_with_ip6) {
+ // break rfc3315 here
+ // bind mac address with a lease
+ if ((state->mac) && !(config->flags & CONFIG_CLID) &&
@ -124,16 +118,15 @@ index 21fcd9b..defd966 100644
+ if (lease->clid_len != state->clid_len ||
+ memcmp(lease->clid, state->clid, state->clid_len) != 0 ||
+ lease->iaid != state->iaid)
+ {
+ return 0;
+ }
+ {
+ return 0;
+ }
+
+ return 1;
+}
+
/* Calculate valid and preferred times to send in leases/renewals.
/* return true of *addr could have been generated from config. */
static struct addrlist *config_implies(struct dhcp_config *config, struct dhcp_context *context, struct in6_addr *addr)
--
2.19.1
1.8.3.1

2392
bugfix-deal-with-CONFRIM-when-binding-mac-with-ipv6.patch
View File

File diff suppressed because it is too large Load Diff

65
dnsmasq-2.77-underflow.patch
View File

@ -1,63 +1,26 @@
From c82a594d95431e8615126621397ea595eb037a6b Mon Sep 17 00:00:00 2001
From: Doran Moppert <dmoppert@redhat.com>
Date: Tue, 26 Sep 2017 14:48:20 +0930
Subject: [PATCH] google patch hand-applied
From 4d3ef152a5d0a3cf053d41ea950823bfcc0ea5c2 Mon Sep 17 00:00:00 2001
From: xiaoweiwei <xiaoweiwei5@huawei.com>
Date: Tue, 28 Jul 2020 10:32:50 +0800
Subject: [PATCH] underflow
---
src/edns0.c | 10 +++++-----
src/forward.c | 4 ++++
src/rfc1035.c | 2 ++
3 files changed, 11 insertions(+), 5 deletions(-)
src/rfc1035.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/edns0.c b/src/edns0.c
index af33877..ba6ff0c 100644
--- a/src/edns0.c
+++ b/src/edns0.c
@@ -212,11 +212,11 @@ size_t add_pseudoheader(struct dns_header *header, size_t plen, unsigned char *l
/* Copy back any options */
if (buff)
{
- if (p + rdlen > limit)
- {
- free(buff);
- return plen; /* Too big */
- }
+ if (p + rdlen > limit)
+ {
+ free(buff);
+ return plen; /* Too big */
+ }
memcpy(p, buff, rdlen);
free(buff);
p += rdlen;
diff --git a/src/forward.c b/src/forward.c
index cdd11d3..3078f64 100644
--- a/src/forward.c
+++ b/src/forward.c
@@ -1438,6 +1438,10 @@ void receive_query(struct listener *listen, time_t now)
udp_size = PACKETSZ; /* Sanity check - can't reduce below default. RFC 6891 6.2.3 */
}
+ // Make sure the udp size is not smaller than the incoming message so that we
+ // do not underflow
+ if (udp_size < n) udp_size = n;
+
#ifdef HAVE_AUTH
if (auth_dns)
{
diff --git a/src/rfc1035.c b/src/rfc1035.c
index b078b59..777911b 100644
index fefe63d..d3cce6f 100644
--- a/src/rfc1035.c
+++ b/src/rfc1035.c
@@ -1281,6 +1281,8 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
int nxdomain = 0, auth = 1, trunc = 0, sec_data = 1;
struct mx_srv_record *rec;
@@ -1340,6 +1340,9 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
size_t len;
+ // Make sure we do not underflow here too.
+ if (qlen > (limit - ((char *)header))) return 0;
int rd_bit = (header->hb3 & HB3_RD);
+ // Make sure we do not underflow here too
+ if (qlen > (limit - ((char *)header))) return 0;
+
/* never answer queries with RD unset, to avoid cache snooping. */
if (ntohs(header->ancount) != 0 ||
ntohs(header->nscount) != 0 ||
--
2.14.3
1.8.3.1

37
dnsmasq-2.78-fips.patch
View File

@ -1,37 +1,26 @@
From 89f57e39b69f92beacb6bad9c68d61f9c4fb0e77 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
Date: Fri, 2 Mar 2018 13:17:04 +0100
Subject: [PATCH] Print warning on FIPS machine with dnssec enabled. Dnsmasq
has no proper FIPS 140-2 compliant implementation.
From 8c8ca24806d5ebfe5018279ec84538a17014a918 Mon Sep 17 00:00:00 2001
From: xiaoweiwei <xiaoweiwei5@huawei.com>
Date: Tue, 28 Jul 2020 10:57:56 +0800
Subject: [PATCH] fips
---
src/dnsmasq.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
src/dnsmasq.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/dnsmasq.c b/src/dnsmasq.c
index ce44809..9f6c020 100644
index 2306c48..bfad87f 100644
--- a/src/dnsmasq.c
+++ b/src/dnsmasq.c
@@ -187,6 +187,7 @@ int main (int argc, char **argv)
if (daemon->cachesize < CACHESIZ)
die(_("cannot reduce cache size from default when DNSSEC enabled"), NULL, EC_BADCONF);
+
#else
die(_("DNSSEC not available: set HAVE_DNSSEC in src/config.h"), NULL, EC_BADCONF);
#endif
@@ -769,7 +770,10 @@ int main (int argc, char **argv)
}
my_syslog(LOG_INFO, _("DNSSEC validation enabled"));
-
@@ -877,6 +877,9 @@ int main (int argc, char **argv)
my_syslog(LOG_INFO, _("DNSSEC validation enabled but all unsigned answers are trusted"));
else
my_syslog(LOG_INFO, _("DNSSEC validation enabled"));
+
+ if (access("/etc/system-fips", F_OK) == 0)
+ my_syslog(LOG_WARNING, _("DNSSEC support is not FIPS 140-2 compliant"));
+
daemon->dnssec_no_time_check = option_bool(OPT_DNSSEC_TIME);
if (option_bool(OPT_DNSSEC_TIME) && !daemon->back_to_the_future)
my_syslog(LOG_INFO, _("DNSSEC signature timestamps not checked until receipt of SIGINT"));
--
2.14.4
1.8.3.1

BIN
dnsmasq-2.79.tar.xz
View File

Binary file not shown.

73
dnsmasq-2.80-dnssec.patch
View File

@ -1,73 +0,0 @@
From a997ca0da044719a0ce8a232d14da8b30022592b Mon Sep 17 00:00:00 2001
From: Simon Kelley <simon@thekelleys.org.uk>
Date: Fri, 29 Jun 2018 14:39:41 +0100
Subject: [PATCH] Fix sometimes missing DNSSEC RRs when DNSSEC validation not
enabled.
Dnsmasq does pass on the do-bit, and return DNSSEC RRs, irrespective
of of having DNSSEC validation compiled in or enabled.
The thing to understand here is that the cache does not store all the
DNSSEC RRs, and dnsmasq doesn't have the (very complex) logic required
to determine the set of DNSSEC RRs required in an answer. Therefore if
the client wants the DNSSEC RRs, the query can not be answered from
the cache. When DNSSEC validation is enabled, any query with the
do-bit set is never answered from the cache, unless the domain is
known not to be signed: the query is always forwarded. This ensures
that the DNSEC RRs are included.
The same thing should be true when DNSSEC validation is not enabled,
but there's a bug in the logic.
line 1666 of src/rfc1035.c looks like this
if ((crecp->flags & (F_HOSTS | F_DHCP | F_CONFIG)) || !do_bit || !(crecp->flags & F_DNSSECOK))
{ ...answer from cache ... }
So local stuff (hosts, DHCP, ) get answered. If the do_bit is not set
then the query is answered, and if the domain is known not to be
signed, the query is answered.
Unfortunately, if DNSSEC validation is not turned on then the
F_DNSSECOK bit is not valid, and it's always zero, so the question
always gets answered from the cache, even when the do-bit is set.
This code should look like that at line 1468, dealing with PTR queries
if ((crecp->flags & (F_HOSTS | F_DHCP | F_CONFIG)) ||
!do_bit ||
(option_bool(OPT_DNSSEC_VALID) && !(crecp->flags & F_DNSSECOK)))
where the F_DNSSECOK bit is only used when validation is enabled.
---
src/rfc1035.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/src/rfc1035.c b/src/rfc1035.c
index ebb1f36..580f5ef 100644
--- a/src/rfc1035.c
+++ b/src/rfc1035.c
@@ -1663,7 +1663,9 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
}
/* If the client asked for DNSSEC don't use cached data. */
- if ((crecp->flags & (F_HOSTS | F_DHCP | F_CONFIG)) || !do_bit || !(crecp->flags & F_DNSSECOK))
+ if ((crecp->flags & (F_HOSTS | F_DHCP | F_CONFIG)) ||
+ !do_bit ||
+ (option_bool(OPT_DNSSEC_VALID) && !(crecp->flags & F_DNSSECOK)))
do
{
/* don't answer wildcard queries with data not from /etc/hosts
@@ -1747,7 +1749,7 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
{
if ((crecp = cache_find_by_name(NULL, name, now, F_CNAME | (dryrun ? F_NO_RR : 0))) &&
(qtype == T_CNAME || (crecp->flags & F_CONFIG)) &&
- ((crecp->flags & F_CONFIG) || !do_bit || !(crecp->flags & F_DNSSECOK)))
+ ((crecp->flags & F_CONFIG) || !do_bit || (option_bool(OPT_DNSSEC_VALID) && !(crecp->flags & F_DNSSECOK))))
{
if (!(crecp->flags & F_DNSSECOK))
sec_data = 0;
--
2.14.4

BIN
dnsmasq-2.82.tar.xz Normal file
View File

Binary file not shown.

13
dnsmasq.spec
View File

@ -1,6 +1,6 @@
Name: dnsmasq
Version: 2.79
Release: 11
Version: 2.82
Release: 1
Summary: Dnsmasq provides network infrastructure for small networks
License: GPLv2 or GPLv3
URL: http://www.thekelleys.org.uk/dnsmasq/
@ -8,12 +8,9 @@ Source0: http://www.thekelleys.org.uk/dnsmasq/%{name}-%{version}.tar.xz
Source1: dnsmasq.service
Source2: dnsmasq-systemd-sysusers.conf
#patches from the opensource fedora/redhat repository
Patch0001: dnsmasq-2.77-underflow.patch
Patch0002: dnsmasq-2.78-fips.patch
Patch0003: dnsmasq-2.80-dnssec.patch
Patch6000: 0141-Fix-memory-leak-in-helper.c.patch
Patch9000: bugfix-allow-binding-mac-with-ipv6.patch
Patch9001: bugfix-deal-with-CONFRIM-when-binding-mac-with-ipv6.patch
@ -109,6 +106,12 @@ install -Dpm644 %{SOURCE2} $RPM_BUILD_ROOT%{_sysusersdir}/dnsmasq.conf
%{_mandir}/man8/dnsmasq*
%changelog
* Tue Jul 28 2020 xiaoweiwei <xiaoweiwei5@huawei.com> - 2.82-1
- Type:upgrade
- Id:NA
- SUG:NA
- DESC:upgrade to 2.82
* Sat Dec 21 2019 openEuler Buildteam <buildteam@openeuler.org> - 2.79-11
- Type:bugfix
- Id:NA