diff --git a/backport-Fix-address-which-was-lost-in-2.86.patch b/backport-Fix-address-which-was-lost-in-2.86.patch new file mode 100644 index 0000000..730b9c1 --- /dev/null +++ b/backport-Fix-address-which-was-lost-in-2.86.patch @@ -0,0 +1,67 @@ +From 26bbf5a314d833beaf0f147d24409969f05f3dba Mon Sep 17 00:00:00 2001 +From: Simon Kelley +Date: Thu, 23 Sep 2021 10:54:46 +0100 +Subject: [PATCH] Fix --address=/#/...... which was lost in 2.86 + +A victim of the domain-search rewrite. Apologies. + +Conflict:NA +Reference:https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=26bbf5a314d833beaf0f147d24409969f05f3dba +--- + src/network.c | 3 ++- + src/option.c | 17 ++++++++++++----- + 2 files changed, 14 insertions(+), 6 deletions(-) + +diff --git a/src/network.c b/src/network.c +index 296c7bd..3c1c176 100644 +--- a/src/network.c ++++ b/src/network.c +@@ -1626,7 +1626,8 @@ void check_servers(int no_loop_check) + continue; + + if ((serv->flags & SERV_LITERAL_ADDRESS) && +- !(serv->flags & (SERV_6ADDR | SERV_4ADDR | SERV_ALL_ZEROS))) ++ !(serv->flags & (SERV_6ADDR | SERV_4ADDR | SERV_ALL_ZEROS)) && ++ strlen(serv->domain)) + { + count--; + if (++locals <= LOCALS_LOGGED) +diff --git a/src/option.c b/src/option.c +index e64c3ab..54d89aa 100644 +--- a/src/option.c ++++ b/src/option.c +@@ -2764,7 +2764,7 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma + + if (!arg || !*arg) + flags = SERV_LITERAL_ADDRESS; +- else if (option == 'A') ++ else if (option != 'S') + { + /* # as literal address means return zero address for 4 and 6 */ + if (strcmp(arg, "#") == 0) +@@ -2788,11 +2788,18 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma + while (1) + { + /* server=//1.2.3.4 is special. */ +- if (strlen(domain) == 0 && lastdomain) +- flags |= SERV_FOR_NODOTS; +- else +- flags &= ~SERV_FOR_NODOTS; ++ if (lastdomain) ++ { ++ if (strlen(domain) == 0) ++ flags |= SERV_FOR_NODOTS; ++ else ++ flags &= ~SERV_FOR_NODOTS; + ++ /* address=/#/ matches the same as without domain */ ++ if (option != 'S' && domain[0] == '#' && domain[1] == 0) ++ domain[0] = 0; ++ } ++ + if (!add_update_server(flags, &serv_addr, &source_addr, interface, domain, &addr)) + ret_err(gen_err); + +-- +2.23.0 + diff --git a/backport-Fix-bad-interaction-between-address-ip-and-ser.patch b/backport-Fix-bad-interaction-between-address-ip-and-ser.patch new file mode 100644 index 0000000..9bd5f61 --- /dev/null +++ b/backport-Fix-bad-interaction-between-address-ip-and-ser.patch @@ -0,0 +1,65 @@ +From f4b281381853df6b275332d4cd0ec1d150bffa86 Mon Sep 17 00:00:00 2001 +From: Simon Kelley +Date: Mon, 8 Aug 2022 15:27:32 +0100 +Subject: [PATCH] Fix bad interaction between --address=/#/ and + --server=/some.domain/# + +This would return for queries in some.domain, rather than +forwarding the query via the default server(s) read from /etc/resolv.conf. + +Conflict:NA +Reference:https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=f4b281381853df6b275332d4cd0ec1d150bffa86 +--- + src/domain-match.c | 14 +++++++++----- + 1 files changed, 9 insertions(+), 5 deletions(-) + +diff --git a/src/domain-match.c b/src/domain-match.c +index 3ec49b8..f7db0fe 100644 +--- a/src/domain-match.c ++++ b/src/domain-match.c +@@ -213,9 +213,13 @@ int lookup_domain(char *domain, int flags, int *lowout, int *highout) + to continue generalising */ + { + /* We've matched a setting which says to use servers without a domain. +- Continue the search with empty query */ ++ Continue the search with empty query. We set the F_SERVER flag ++ so that --address=/#/... doesn't match. */ + if (daemon->serverarray[nlow]->flags & SERV_USE_RESOLV) +- crop_query = qlen; ++ { ++ crop_query = qlen; ++ flags |= F_SERVER; ++ } + else + break; + } +@@ -299,7 +303,7 @@ int filter_servers(int seed, int flags, int *lowout, int *highout) + + for (i = nlow; i < nhigh && (daemon->serverarray[i]->flags & SERV_6ADDR); i++); + +- if (i != nlow && (flags & F_IPV6)) ++ if (!(flags & F_SERVER) && i != nlow && (flags & F_IPV6)) + nhigh = i; + else + { +@@ -307,7 +311,7 @@ int filter_servers(int seed, int flags, int *lowout, int *highout) + + for (i = nlow; i < nhigh && (daemon->serverarray[i]->flags & SERV_4ADDR); i++); + +- if (i != nlow && (flags & F_IPV4)) ++ if (!(flags & F_SERVER) && i != nlow && (flags & F_IPV4)) + nhigh = i; + else + { +@@ -315,7 +319,7 @@ int filter_servers(int seed, int flags, int *lowout, int *highout) + + for (i = nlow; i < nhigh && (daemon->serverarray[i]->flags & SERV_ALL_ZEROS); i++); + +- if (i != nlow && (flags & (F_IPV4 | F_IPV6))) ++ if (!(flags & F_SERVER) && i != nlow && (flags & (F_IPV4 | F_IPV6))) + nhigh = i; + else + { +-- +2.23.0 + diff --git a/backport-Fix-parsing-of-IPv6-addresses-with-peer-from-netlink.patch b/backport-Fix-parsing-of-IPv6-addresses-with-peer-from-netlink.patch new file mode 100644 index 0000000..094dbc3 --- /dev/null +++ b/backport-Fix-parsing-of-IPv6-addresses-with-peer-from-netlink.patch @@ -0,0 +1,71 @@ +From 770bce967cfc9967273d0acfb3ea018fb7b17522 Mon Sep 17 00:00:00 2001 +From: Beniamino Galvani +Date: Fri, 27 May 2022 21:16:18 +0100 +Subject: [PATCH] Fix parsing of IPv6 addresses with peer from netlink. + +In the most common case, an IPv6 address doesn't have a peer and the +IFA_ADDRESS netlink attribute contains the address itself. + +But if the address has a peer (typically for point to point links), +then IFA_ADDRESS contains the peer address and IFA_LOCAL contains the +address [1]. + +[1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/net/ipv6/addrconf.c?h=v5.17#n5030 + +Fix the parsing of IPv6 addresses with peers, as currently dnsmasq +unsuccessfully tries to bind on the peer address. + +A simple reproducer is: + + dnsmasq --conf-file=/dev/null -i dummy1 -d --bind-dynamic & + sleep 2 + ip link add dummy1 type dummy + ip link set dummy1 up + ip addr add dev dummy1 fd01::1/64 peer fd01::2/64 + ip addr add dev dummy1 fd01::42/64 + sleep 2 + ss -lnp | grep dnsmasq | grep fd01 + +Before the patch: + dnsmasq: failed to create listening socket for fd01::2: Cannot assign requested address + dnsmasq: failed to create listening socket for fd01::2: Cannot assign requested address + udp UNCONN 0 [fd01::42]:53 [::]:* users:(("dnsmasq",pid=23947,fd=14)) + tcp LISTEN 0 [fd01::42]:53 [::]:* users:(("dnsmasq",pid=23947,fd=15 + +After: + udp UNCONN 0 [fd01::42]:53 [::]:* users:(("dnsmasq",pid=23973,fd=16)) + udp UNCONN 0 [fd01::1]:53 [::]:* users:(("dnsmasq",pid=23973,fd=14)) + tcp LISTEN 0 [fd01::42]:53 [::]:* users:(("dnsmasq",pid=23973,fd=17)) + tcp LISTEN 0 [fd01::1]:53 [::]:* users:(("dnsmasq",pid=23973,fd=15)) + +Conflict:NA +Reference:https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=770bce967cfc9967273d0acfb3ea018fb7b17522 +--- + src/netlink.c | 11 ++++++++++- + 1 file changed, 10 insertions(+), 1 deletion(-) + +diff --git a/src/netlink.c b/src/netlink.c +index da82943..c156cde 100644 +--- a/src/netlink.c ++++ b/src/netlink.c +@@ -258,7 +258,16 @@ int iface_enumerate(int family, void *parm, int (*callback)()) + + while (RTA_OK(rta, len1)) + { +- if (rta->rta_type == IFA_ADDRESS) ++ /* ++ * Important comment: (from if_addr.h) ++ * IFA_ADDRESS is prefix address, rather than local interface address. ++ * It makes no difference for normally configured broadcast interfaces, ++ * but for point-to-point IFA_ADDRESS is DESTINATION address, ++ * local address is supplied in IFA_LOCAL attribute. ++ */ ++ if (rta->rta_type == IFA_LOCAL) ++ addrp = ((struct in6_addr *)(rta+1)); ++ else if (rta->rta_type == IFA_ADDRESS && !addrp) + addrp = ((struct in6_addr *)(rta+1)); + else if (rta->rta_type == IFA_CACHEINFO) + { +-- +2.23.0 + diff --git a/dnsmasq.spec b/dnsmasq.spec index 86d639d..0094c64 100644 --- a/dnsmasq.spec +++ b/dnsmasq.spec @@ -1,6 +1,6 @@ Name: dnsmasq Version: 2.86 -Release: 3 +Release: 4 Summary: Dnsmasq provides network infrastructure for small networks License: GPLv2 or GPLv3 URL: http://www.thekelleys.org.uk/dnsmasq/ @@ -33,8 +33,11 @@ Patch22: bugfix-allow-binding-mac-with-ipv6.patch Patch23: bugfix-deal-with-CONFRIM-when-binding-mac-with-ipv6.patch Patch24: backport-Fix-write-after-free-in-DHCPv6-code-CVE-2022-0934.patch Patch25: Fix-logic-when-a-SERVFAIL-reply-is-received-after-go.patch -Patch26: Free-sockets-awaiting-upstream-DNS-replies-ASAP.patch -Patch27: Fix-a-problem-in-overload-handling.patch +Patch26: Free-sockets-awaiting-upstream-DNS-replies-ASAP.patch +Patch27: Fix-a-problem-in-overload-handling.patch +Patch28: backport-Fix-parsing-of-IPv6-addresses-with-peer-from-netlink.patch +Patch29: backport-Fix-bad-interaction-between-address-ip-and-ser.patch +Patch30: backport-Fix-address-which-was-lost-in-2.86.patch BuildRequires: gcc @@ -125,6 +128,15 @@ install -Dpm644 %{SOURCE2} $RPM_BUILD_ROOT%{_sysusersdir}/dnsmasq.conf %{_mandir}/man8/dnsmasq* %changelog +* Thu Oct 27 2022 renmingshuai - 2.86-4 +- Type:bugfix +- Id:NA +- SUG:NA +- DESC:Fix parsing of IPv6 addresses with peer from netlink + Fix bad interaction between --address=/#/ and + --server=/some.domain/# + Fix --address=/#/...... which was lost in 2.86 + * Mon Oct 17 2022 zhangjun - 2.86-3 - Type:bugfix - Id:NA