!85 升级到社区最新稳定版本2.89

From: @renmingshuai 
Reviewed-by: @gebidelidaye 
Signed-off-by: @gebidelidaye

Free-sockets-awaiting-upstream-DNS-replies-ASAP.patch

@@ -1,33 +0,0 @@
-From d6c69f6bdba8e2a138faa6c422f5fd29545f1f06 Mon Sep 17 00:00:00 2001
-From: Simon Kelley <simon@thekelleys.org.uk>
-Date: Tue, 6 Sep 2022 15:35:54 +0100
-Subject: [PATCH] Free sockets awaiting upstream DNS replies ASAP.
-
-Once we have a good answer, close the socket so that the fd can
-be reused during DNSSEC validation and we don't have to read and
-discard more replies from other servers.
----
- src/forward.c | 7 +++++++
- 1 file changed, 7 insertions(+)
-
-diff --git a/src/forward.c b/src/forward.c
-index e8249a6..f90be2f 100644
---- a/src/forward.c
-+++ b/src/forward.c
-@@ -1144,6 +1144,13 @@ void reply_query(int fd, time_t now)
-     }
- 
-   forward->sentto = server;
-+
-+  /* We have a good answer, and will now validate it or return it. 
-+     It may be some time before this the validation completes, but we don't need
-+     any more answers, so close the socket(s) on which we were expecting
-+     answers, to conserve file descriptors, and to save work reading and
-+     discarding answers for other upstreams. */
-+  free_rfds(&forward->rfds);
-   
- #ifdef HAVE_DNSSEC
-   if ((forward->sentto->flags & SERV_DO_DNSSEC) && 
--- 
-2.25.1
-

backport-Fix-bad-interaction-between-address-ip-and-ser.patch

@@ -1,65 +0,0 @@
-From f4b281381853df6b275332d4cd0ec1d150bffa86 Mon Sep 17 00:00:00 2001
-From: Simon Kelley <simon@thekelleys.org.uk>
-Date: Mon, 8 Aug 2022 15:27:32 +0100
-Subject: [PATCH] Fix bad interaction between --address=/#/<ip> and
- --server=/some.domain/#
-
-This would return <ip> for queries in some.domain, rather than
-forwarding the query via the default server(s) read from /etc/resolv.conf.
-
-Conflict:NA
-Reference:https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=f4b281381853df6b275332d4cd0ec1d150bffa86
----
- src/domain-match.c | 14 +++++++++-----
- 1 files changed, 9 insertions(+), 5 deletions(-)
-
-diff --git a/src/domain-match.c b/src/domain-match.c
-index 3ec49b8..f7db0fe 100644
---- a/src/domain-match.c
-+++ b/src/domain-match.c
-@@ -213,9 +213,13 @@ int lookup_domain(char *domain, int flags, int *lowout, int *highout)
- 	       to continue generalising */
- 	    {
- 	      /* We've matched a setting which says to use servers without a domain.
--		 Continue the search with empty query */
-+		 Continue the search with empty query. We set the F_SERVER flag
-+		 so that --address=/#/... doesn't match. */
- 	      if (daemon->serverarray[nlow]->flags & SERV_USE_RESOLV)
--		crop_query = qlen;
-+		{
-+		  crop_query = qlen;
-+		  flags |= F_SERVER;
-+		}
- 	      else
- 		break;
- 	    }
-@@ -299,7 +303,7 @@ int filter_servers(int seed, int flags, int *lowout, int *highout)
-       
-       for (i = nlow; i < nhigh && (daemon->serverarray[i]->flags & SERV_6ADDR); i++);
-       
--      if (i != nlow && (flags & F_IPV6))
-+      if (!(flags & F_SERVER) && i != nlow && (flags & F_IPV6))
- 	nhigh = i;
-       else
- 	{
-@@ -307,7 +311,7 @@ int filter_servers(int seed, int flags, int *lowout, int *highout)
- 	  
- 	  for (i = nlow; i < nhigh && (daemon->serverarray[i]->flags & SERV_4ADDR); i++);
- 	  
--	  if (i != nlow && (flags & F_IPV4))
-+	  if (!(flags & F_SERVER) && i != nlow && (flags & F_IPV4))
- 	    nhigh = i;
- 	  else
- 	    {
-@@ -315,7 +319,7 @@ int filter_servers(int seed, int flags, int *lowout, int *highout)
- 	      
- 	      for (i = nlow; i < nhigh && (daemon->serverarray[i]->flags & SERV_ALL_ZEROS); i++);
- 	      
--	      if (i != nlow && (flags & (F_IPV4 | F_IPV6)))
-+	      if (!(flags & F_SERVER) && i != nlow && (flags & (F_IPV4 | F_IPV6)))
- 		nhigh = i;
- 	      else
- 		{
--- 
-2.23.0
-

bugfix-allow-binding-mac-with-ipv6.patch

@@ -2,8 +2,6 @@ From 53e1a09a06e11317bbde0e236837e5daa8d40593 Mon Sep 17 00:00:00 2001
 From: liaichun <liaichun@huawei.com>
 Date: Mon, 20 Apr 2020 16:06:51 +0800
 
-Reference: NA
-Conflict: NA
 ---
  src/dnsmasq.c |  1 +
  src/dnsmasq.h |  4 +++-
@@ -24,20 +22,20 @@ index 9f326ed..70ea6fa 100644
  	{
  	  if (context->flags & CONTEXT_DHCP)
 diff --git a/src/dnsmasq.h b/src/dnsmasq.h
-index aaa6d62..c843238 100644
+index fe9aa07..dbbeab1 100644
 --- a/src/dnsmasq.h
 +++ b/src/dnsmasq.h
-@@ -281,7 +281,8 @@ struct event_desc {
+@@ -282,7 +282,8 @@ struct event_desc {
- #define OPT_STRIP_ECS      69
  #define OPT_STRIP_MAC      70
  #define OPT_NORR           71
--#define OPT_LAST           72
+ #define OPT_NO_IDENT       72
-+#define OPT_BIND_MAC_IP6   72
+-#define OPT_LAST           73
-+#define OPT_LAST           73
++#define OPT_BIND_MAC_IP6   73
++#define OPT_LAST           74
  
  #define OPTION_BITS (sizeof(unsigned int)*8)
  #define OPTION_SIZE ( (OPT_LAST/OPTION_BITS)+((OPT_LAST%OPTION_BITS)!=0) )
-@@ -1179,6 +1180,7 @@ extern struct daemon {
+@@ -1180,6 +1181,7 @@ extern struct daemon {
    int override;
    int enable_pxe;
    int doing_ra, doing_dhcp6;
@@ -46,29 +44,29 @@ index aaa6d62..c843238 100644
    struct dhcp_netid_list *force_broadcast, *bootp_dynamic;
    struct hostsfile *dhcp_hosts_file, *dhcp_opts_file;
 diff --git a/src/option.c b/src/option.c
-index 8e61a6b..9d4db5a 100644
+index e4810fd..8efd687 100644
 --- a/src/option.c
 +++ b/src/option.c
-@@ -185,6 +185,7 @@ struct myoption {
+@@ -186,6 +186,7 @@ struct myoption {
- #define LOPT_FAST_RETRY    376
  #define LOPT_STALE_CACHE   377
  #define LOPT_NORR          378
-+#define LOPT_BIND_MAC_IP6  379
+ #define LOPT_NO_IDENT      379
++#define LOPT_BIND_MAC_IP6  380
  
  #ifdef HAVE_GETOPT_LONG
  static const struct option opts[] =  
-@@ -374,6 +375,7 @@ static const struct myoption opts[] =
+@@ -376,6 +377,7 @@ static const struct myoption opts[] =
-     { "port-limit", 1, 0, LOPT_RANDPORT_LIM },
      { "fast-dns-retry", 2, 0, LOPT_FAST_RETRY },
      { "use-stale-cache", 2, 0 , LOPT_STALE_CACHE },
+     { "no-ident", 0, 0, LOPT_NO_IDENT },
 +    { "bind-mac-with-ip6", 0, 0 , LOPT_BIND_MAC_IP6 },
      { NULL, 0, 0, 0 }
    };
  
-@@ -570,6 +572,7 @@ static struct {
+@@ -573,6 +575,7 @@ static struct {
-   { LOPT_UMBRELLA, ARG_ONE, "[=<optspec>]", gettext_noop("Send Cisco Umbrella identifiers including remote IP."), NULL },
    { LOPT_QUIET_TFTP, OPT_QUIET_TFTP, NULL, gettext_noop("Do not log routine TFTP."), NULL },
    { LOPT_NORR, OPT_NORR, NULL, gettext_noop("Suppress round-robin ordering of DNS records."), NULL },
+   { LOPT_NO_IDENT, OPT_NO_IDENT, NULL, gettext_noop("Do not add CHAOS TXT records."), NULL },
 +  { LOPT_BIND_MAC_IP6, OPT_BIND_MAC_IP6, NULL, gettext_noop("Bind mac with ipv6 address. This is an experimental feature and it conflicts with rfc3315."), NULL },
    { 0, 0, NULL, NULL, NULL }
  }; 

dnsmasq.spec

@@ -1,6 +1,6 @@
 Name:           dnsmasq
-Version:        2.88
+Version:        2.89
-Release:        3
+Release:        1
 Summary:        Dnsmasq provides network infrastructure for small networks
 License:        GPLv2 or GPLv3
 URL:            http://www.thekelleys.org.uk/dnsmasq/
@@ -11,9 +11,9 @@ Source2:        dnsmasq-systemd-sysusers.conf
 Patch1:         backport-dnsmasq-2.77-underflow.patch
 Patch2:         backport-dnsmasq-2.81-configuration.patch
 Patch3:         backport-dnsmasq-2.78-fips.patch
-Patch4:         bugfix-allow-binding-mac-with-ipv6.patch
+Patch4:         backport-CVE-2023-28450-Set-the-default-maximum-DNS-UDP-packet.patch
-Patch5:         bugfix-deal-with-CONFRIM-when-binding-mac-with-ipv6.patch
+Patch5:         bugfix-allow-binding-mac-with-ipv6.patch
-Patch6:         backport-CVE-2023-28450-Set-the-default-maximum-DNS-UDP-packet.patch
+Patch6:         bugfix-deal-with-CONFRIM-when-binding-mac-with-ipv6.patch
 
 BuildRequires:  gcc
 BuildRequires:  dbus-devel pkgconfig libidn2-devel nettle-devel systemd
@@ -103,6 +103,12 @@ install -Dpm644 %{SOURCE2} $RPM_BUILD_ROOT%{_sysusersdir}/dnsmasq.conf
 %{_mandir}/man8/dnsmasq*
 
 %changelog
+* Tue Aug 8 2023 renmingshuai <renmingshuai@huawei.com> - 2.89-1
+- Type:requirement
+- Id:NA
+- SUG:NA
+- DESC:update to 2.89
+
 * Thu Apr 27 2023 yanglu <yanglu72@h-partners.com> - 2.88-3
 - Type:bugfix
 - Id:NA