packages/dnsmasq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update to 2.90

Browse Source
This commit is contained in:
renmingshuai 2024-02-21 06:55:48 +00:00
parent 998e230e77
commit b9eb052aaa
12 changed files with 197 additions and 183 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
backport-CVE-2023-28450-Set-the-default-maximum-DNS-UDP-packet.patch
View File

@ -1,45 +0,0 @@
From eb92fb32b746f2104b0f370b5b295bb8dd4bd5e5 Mon Sep 17 00:00:00 2001
From: Simon Kelley <simon@thekelleys.org.uk>
Date: Tue, 7 Mar 2023 22:07:46 +0000
Subject: [PATCH] Set the default maximum DNS UDP packet size to 1232.
http://www.dnsflagday.net/2020/ refers.
Thanks to Xiang Li for the prompt.
Conflict:NA
Reference:https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=eb92fb32b746f
---
man/dnsmasq.8 | 3 ++-
src/config.h | 2 +-
2 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/man/dnsmasq.8 b/man/dnsmasq.8
index 41e2e04..5acb935 100644
--- a/man/dnsmasq.8
+++ b/man/dnsmasq.8
@@ -183,7 +183,8 @@ to zero completely disables DNS function, leaving only DHCP and/or TFTP.
.TP
.B \-P, --edns-packet-max=<size>
Specify the largest EDNS.0 UDP packet which is supported by the DNS
-forwarder. Defaults to 4096, which is the RFC5625-recommended size.
+forwarder. Defaults to 1232, which is the recommended size following the
+DNS flag day in 2020. Only increase if you know what you are doing.
.TP
.B \-Q, --query-port=<query_port>
Send outbound DNS queries from, and listen for their replies on, the
diff --git a/src/config.h b/src/config.h
index 1e7b30f..37b374e 100644
--- a/src/config.h
+++ b/src/config.h
@@ -19,7 +19,7 @@
#define CHILD_LIFETIME 150 /* secs 'till terminated (RFC1035 suggests > 120s) */
#define TCP_MAX_QUERIES 100 /* Maximum number of queries per incoming TCP connection */
#define TCP_BACKLOG 32 /* kernel backlog limit for TCP connections */
-#define EDNS_PKTSZ 4096 /* default max EDNS.0 UDP packet from RFC5625 */
+#define EDNS_PKTSZ 1232 /* default max EDNS.0 UDP packet from from /dnsflagday.net/2020 */
#define SAFE_PKTSZ 1232 /* "go anywhere" UDP packet size, see https://dnsflagday.net/2020/ */
#define KEYBLOCK_LEN 40 /* choose to minimise fragmentation when storing DNSSEC keys */
#define DNSSEC_WORK 50 /* Max number of queries to validate one question */
--
2.23.0

39
backport-Fix-error-introduced-in-51471cafa5a4fa44d6fe49.patch Normal file
View File

@ -0,0 +1,39 @@
From ccff85ad72d2f858d9743d40525128e4f62d41a8 Mon Sep 17 00:00:00 2001
From: renmingshuai <renmingshuai@huawei.com>
Date: Wed, 21 Feb 2024 00:24:25 +0000
Subject: [PATCH] [PATCH] Fix error introduced in
51471cafa5a4fa44d6fe490885d9910bd72a5907
Signed-off-by: renmingshuai <renmingshuai@huawei.com>
Reference:https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=ccff85ad72d2f858d9743d40525128e4f62d41a8
Conflict:NA
---
src/dnssec.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/dnssec.c b/src/dnssec.c
index ed2f53f..291b43f 100644
--- a/src/dnssec.c
+++ b/src/dnssec.c
@@ -1547,7 +1547,7 @@ static int prove_non_existence_nsec3(struct dns_header *header, size_t plen, uns
nsecs[i] = NULL; /* Speculative, will be restored if OK. */
if (!(p = skip_name(nsec3p, header, plen, 15)))
- return 0; /* bad packet */
+ return DNSSEC_FAIL_BADPACKET; /* bad packet */
p += 10; /* type, class, TTL, rdlen */
@@ -1640,7 +1640,7 @@ static int prove_non_existence_nsec3(struct dns_header *header, size_t plen, uns
if (!wildname)
{
if (!(wildcard = strchr(next_closest, '.')) || wildcard == next_closest)
- return 0;
+ return DNSSEC_FAIL_NONSEC;
wildcard--;
*wildcard = '*';
--
2.33.0

48
backport-Fix-memory-leak-when-using-dhcp-optsfile-with-DHCPv6.patch
View File

@ -1,48 +0,0 @@
From d16b995756dc079b1fdc2e63665793979f766a26 Mon Sep 17 00:00:00 2001
From: renmingshuai <renmingshuai@huawei.com>
Date: Sat, 30 Sep 2023 23:31:08 +0100
Subject: [PATCH] Fix memory leak when using --dhcp-optsfile with DHCPv6
options.
Conflict:NA
Reference:https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=d16b995756dc079b1fdc2e63665793979f766a26
---
src/option.c | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/src/option.c b/src/option.c
index 8322725..286f06b 100644
--- a/src/option.c
+++ b/src/option.c
@@ -5734,11 +5734,11 @@ static void clear_dynamic_conf(void)
}
}
-static void clear_dynamic_opt(void)
+static void clear_dhcp_opt(struct dhcp_opt **dhcp_opts)
{
struct dhcp_opt *opts, *cp, **up;
- for (up = &daemon->dhcp_opts, opts = daemon->dhcp_opts; opts; opts = cp)
+ for (up = dhcp_opts, opts = *dhcp_opts; opts; opts = cp)
{
cp = opts->next;
@@ -5752,6 +5752,14 @@ static void clear_dynamic_opt(void)
}
}
+static void clear_dynamic_opt(void)
+{
+ clear_dhcp_opt(&daemon->dhcp_opts);
+#ifdef HAVE_DHCP6
+ clear_dhcp_opt(&daemon->dhcp_opts6);
+#endif
+}
+
void reread_dhcp(void)
{
struct hostsfile *hf;
--
2.23.0

53
backport-Fix-spurious-resource-limit-exceeded-messages.patch Normal file
View File

@ -0,0 +1,53 @@
From 1ed783b8d7343c42910a61f12a8fc6237eb80417 Mon Sep 17 00:00:00 2001
From: Simon Kelley <simon@thekelleys.org.uk>
Date: Mon, 19 Feb 2024 12:22:43 +0000
Subject: [PATCH] Fix spurious "resource limit exceeded" messages.
Replies from upstream with a REFUSED rcode can result in
log messages stating that a resource limit has been exceeded,
which is not the case.
Thanks to Dominik Derigs and the Pi-hole project for
spotting this.
Reference:https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=1ed783b8d7343c42910a61f12a8fc6237eb80417
Conflict:NA
---
CHANGELOG | 5 +++++
src/forward.c | 6 +++---
2 files changed, 8 insertions(+), 3 deletions(-)
diff --git a/CHANGELOG b/CHANGELOG
index 713b785..f318ac0 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,3 +1,8 @@
+version 2.91
+ Fix spurious "resource limit exceeded messages". Thanks to
+ Dominik Derigs for the bug report.
+
+
version 2.90
Fix reversion in --rev-server introduced in 2.88 which
caused breakage if the prefix length is not exactly divisible
diff --git a/src/forward.c b/src/forward.c
index 32f37e4..10e7496 100644
--- a/src/forward.c
+++ b/src/forward.c
@@ -937,10 +937,10 @@ static void dnssec_validate(struct frec *forward, struct dns_header *header,
status = dnssec_validate_reply(now, header, plen, daemon->namebuff, daemon->keyname, &forward->class,
!option_bool(OPT_DNSSEC_IGN_NS) && (forward->sentto->flags & SERV_DO_DNSSEC),
NULL, NULL, NULL, &orig->validate_counter);
- }
- if (STAT_ISEQUAL(status, STAT_ABANDONED))
- log_resource = 1;
+ if (STAT_ISEQUAL(status, STAT_ABANDONED))
+ log_resource = 1;
+ }
/* Can't validate, as we're missing key data. Put this
answer aside, whilst we get that. */
--
2.33.0

24
backport-dnsmasq-2.77-underflow.patch
View File

@ -1,18 +1,20 @@
From 0e581ae7b2d3b181f22f71d5a0b7ace0bf90089f Mon Sep 17 00:00:00 2001
From 6fda9cd7cba519a8aa96b43ebc34cb6c46b3bfe7 Mon Sep 17 00:00:00 2001
From: Doran Moppert <dmoppert@redhat.com>
Date: Tue, 26 Sep 2017 14:48:20 +0930
Subject: [PATCH] google patch hand-applied
Reference:
https://src.fedoraproject.org/rpms/dnsmasq/blob/f40/dnsmasq-2.77-underflow.patch
---
src/edns0.c | 10 +++++-----
src/rfc1035.c | 3 +++
2 files changed, 8 insertions(+), 5 deletions(-)
src/rfc1035.c | 5 ++++-
2 files changed, 9 insertions(+), 6 deletions(-)
diff --git a/src/edns0.c b/src/edns0.c
index c498eb1..0eb3873 100644
index 598478f..72127e5 100644
--- a/src/edns0.c
+++ b/src/edns0.c
@@ -212,11 +212,11 @@ size_t add_pseudoheader(struct dns_header *header, size_t plen, unsigned char *l
@@ -209,11 +209,11 @@ size_t add_pseudoheader(struct dns_header *header, size_t plen, unsigned char *l
/* Copy back any options */
if (buff)
{
@ -30,19 +32,21 @@ index c498eb1..0eb3873 100644
free(buff);
p += rdlen;
diff --git a/src/rfc1035.c b/src/rfc1035.c
index 5c0df56..7e01459 100644
index 387d894..7fb1468 100644
--- a/src/rfc1035.c
+++ b/src/rfc1035.c
@@ -1425,6 +1425,9 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
@@ -1581,7 +1581,10 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
size_t len;
int rd_bit = (header->hb3 & HB3_RD);
int count = 255; /* catch loops */
-
+
+ // Make sure we do not underflow here too.
+ if (qlen > (limit - ((char *)header))) return 0;
+
if (stale)
*stale = 0;
--
2.38.1
2.43.0

32
backport-dnsmasq-2.78-fips.patch
View File

@ -1,26 +1,38 @@
From 8c8ca24806d5ebfe5018279ec84538a17014a918 Mon Sep 17 00:00:00 2001
From: xiaoweiwei <xiaoweiwei5@huawei.com>
Date: Tue, 28 Jul 2020 10:57:56 +0800
Subject: [PATCH] fips
From 7b1cce1d0bdb61c09946978d4bdeb05a3cd4202a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
Date: Fri, 2 Mar 2018 13:17:04 +0100
Subject: [PATCH] Print warning on FIPS machine with dnssec enabled. Dnsmasq
has no proper FIPS 140-2 compliant implementation.
Reference:https://src.fedoraproject.org/rpms/dnsmasq/blob/f40/dnsmasq-2.78-fips.patch
---
src/dnsmasq.c | 3 +++
1 file changed, 3 insertions(+)
src/dnsmasq.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/src/dnsmasq.c b/src/dnsmasq.c
index 2306c48..bfad87f 100644
index 480c5f9..5fd229e 100644
--- a/src/dnsmasq.c
+++ b/src/dnsmasq.c
@@ -877,6 +877,9 @@ int main (int argc, char **argv)
@@ -187,6 +187,7 @@ int main (int argc, char **argv)
if (daemon->cachesize < CACHESIZ)
die(_("cannot reduce cache size from default when DNSSEC enabled"), NULL, EC_BADCONF);
+
#else
die(_("DNSSEC not available: set HAVE_DNSSEC in src/config.h"), NULL, EC_BADCONF);
#endif
@@ -786,7 +787,10 @@ int main (int argc, char **argv)
my_syslog(LOG_INFO, _("DNSSEC validation enabled but all unsigned answers are trusted"));
else
my_syslog(LOG_INFO, _("DNSSEC validation enabled"));
-
+
+ if (access("/etc/system-fips", F_OK) == 0)
+ my_syslog(LOG_WARNING, _("DNSSEC support is not FIPS 140-2 compliant"));
+
daemon->dnssec_no_time_check = option_bool(OPT_DNSSEC_TIME);
if (option_bool(OPT_DNSSEC_TIME) && !daemon->back_to_the_future)
my_syslog(LOG_INFO, _("DNSSEC signature timestamps not checked until receipt of SIGINT"));
--
1.8.3.1
2.14.4

38
backport-dnsmasq-2.81-configuration.patch
View File

@ -1,4 +1,4 @@
From 194e7521399048e37c5c2cff18b9c8d442b893ae Mon Sep 17 00:00:00 2001
From cba77f08dbded8af45de2ee985200b12de7c8d13 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
Date: Tue, 30 Jun 2020 18:06:29 +0200
Subject: [PATCH] Modify upstream configuration to safe defaults
@ -6,12 +6,14 @@ Subject: [PATCH] Modify upstream configuration to safe defaults
Most important change would be to listen only on localhost. Default
configuration should not listen to request from remote hosts. Match also
user and paths to directories shipped in Fedora.
Reference:https://src.fedoraproject.org/rpms/dnsmasq/blob/f40/dnsmasq-2.81-configuration.patch
---
dnsmasq.conf.example | 29 ++++++++++++++++++++++++-----
1 file changed, 24 insertions(+), 5 deletions(-)
dnsmasq.conf.example | 28 ++++++++++++++++++++++++----
1 file changed, 24 insertions(+), 4 deletions(-)
diff --git a/dnsmasq.conf.example b/dnsmasq.conf.example
index bf19424..8b85f44 100644
index 0cbf572..6c47c3c 100644
--- a/dnsmasq.conf.example
+++ b/dnsmasq.conf.example
@@ -22,7 +22,7 @@
@ -23,7 +25,7 @@ index bf19424..8b85f44 100644
#dnssec
# Replies which are not DNSSEC signed may be legitimate, because the domain
@@ -96,14 +96,16 @@
@@ -106,8 +106,8 @@
# If you want dnsmasq to change uid and gid to something other
# than the default, edit the following lines.
@ -34,36 +36,30 @@ index bf19424..8b85f44 100644
# If you want dnsmasq to listen for DHCP and DNS requests only on
# specified interfaces (and the loopback) give the name of the
# interface (eg eth0) here.
# Repeat the line for more than one interface.
#interface=
+# Listen only on localhost by default
+interface=lo
# Or you can specify which interface _not_ to listen on
#except-interface=
# Or which to listen on by address (remember to include 127.0.0.1 if
@@ -114,6 +116,10 @@
@@ -124,6 +124,14 @@
# disable DHCP and TFTP on it.
#no-dhcp-interface=
+# Serve DNS and DHCP only to networks directly connected to this machine.
+# Any interface= line will override it.
+#local-service
+# Accept queries in default configuration only from localhost
+# Comment out following option or explicitly configure interfaces or
+# listen-address
+local-service=host
+
# On systems which support it, dnsmasq binds the wildcard address,
# even when it is listening on only some interfaces. It then discards
# requests that it shouldn't reply to. This has the advantage of
@@ -121,7 +127,16 @@
@@ -131,7 +139,15 @@
# want dnsmasq to really bind only the interfaces it is listening on,
# uncomment this option. About the only time you may need this is when
# running another nameserver on the same machine.
-#bind-interfaces
+#
+# To listen only on localhost and do not receive packets on other
+# interfaces, bind only to lo device. Comment out to bind on single
+# wildcard socket.
+bind-interfaces
+
#bind-interfaces
+# Comment out above line and uncoment following 2 lines.
+# Update interface name, use ip link to get its name.
+#bind-dynamic
@ -71,7 +67,7 @@ index bf19424..8b85f44 100644
# If you don't want dnsmasq to read /etc/hosts, uncomment the
# following line.
@@ -535,7 +550,7 @@
@@ -545,7 +561,7 @@
# The DHCP server needs somewhere on disk to keep its lease database.
# This defaults to a sane location, but if you want to change it, use
# the line below.
@ -80,7 +76,7 @@ index bf19424..8b85f44 100644
# Set the DHCP server to authoritative mode. In this mode it will barge in
# and take over the lease for any client which broadcasts on the network,
@@ -673,7 +688,11 @@
@@ -683,7 +699,11 @@
# Include all files in a directory which end in .conf
#conf-dir=/etc/dnsmasq.d/,*.conf
@ -93,5 +89,5 @@ index bf19424..8b85f44 100644
#dhcp-ignore-names=tag:wpad-ignore
+
--
2.31.1
2.43.0

45
bugfix-allow-binding-mac-with-ipv6.patch
View File

@ -1,7 +1,6 @@
From 53e1a09a06e11317bbde0e236837e5daa8d40593 Mon Sep 17 00:00:00 2001
From: liaichun <liaichun@huawei.com>
Date: Mon, 20 Apr 2020 16:06:51 +0800
---
src/dnsmasq.c | 1 +
src/dnsmasq.h | 4 +++-
@ -10,10 +9,10 @@ Date: Mon, 20 Apr 2020 16:06:51 +0800
4 files changed, 41 insertions(+), 2 deletions(-)
diff --git a/src/dnsmasq.c b/src/dnsmasq.c
index 9f326ed..70ea6fa 100644
index 5d64ceb..04c3be2 100644
--- a/src/dnsmasq.c
+++ b/src/dnsmasq.c
@@ -292,6 +292,7 @@ int main (int argc, char **argv)
@@ -281,6 +281,7 @@ int main (int argc, char **argv)
{
daemon->doing_ra = option_bool(OPT_RA);
@ -22,20 +21,20 @@ index 9f326ed..70ea6fa 100644
{
if (context->flags & CONTEXT_DHCP)
diff --git a/src/dnsmasq.h b/src/dnsmasq.h
index fe9aa07..dbbeab1 100644
index e455c3f..ef32f06 100644
--- a/src/dnsmasq.h
+++ b/src/dnsmasq.h
@@ -282,7 +282,8 @@ struct event_desc {
#define OPT_STRIP_MAC 70
#define OPT_NORR 71
#define OPT_NO_IDENT 72
#define OPT_NO_IDENT 70
#define OPT_CACHE_RR 71
#define OPT_LOCALHOST_SERVICE 72
-#define OPT_LAST 73
+#define OPT_BIND_MAC_IP6 73
+#define OPT_LAST 74
#define OPTION_BITS (sizeof(unsigned int)*8)
#define OPTION_SIZE ( (OPT_LAST/OPTION_BITS)+((OPT_LAST%OPTION_BITS)!=0) )
@@ -1180,6 +1181,7 @@ extern struct daemon {
@@ -1211,6 +1212,7 @@ extern struct daemon {
int override;
int enable_pxe;
int doing_ra, doing_dhcp6;
@ -44,35 +43,35 @@ index fe9aa07..dbbeab1 100644
struct dhcp_netid_list *force_broadcast, *bootp_dynamic;
struct hostsfile *dhcp_hosts_file, *dhcp_opts_file;
diff --git a/src/option.c b/src/option.c
index e4810fd..8efd687 100644
index f4ff7c0..c36bf63 100644
--- a/src/option.c
+++ b/src/option.c
@@ -186,6 +186,7 @@ struct myoption {
#define LOPT_STALE_CACHE 377
#define LOPT_NORR 378
#define LOPT_NO_IDENT 379
+#define LOPT_BIND_MAC_IP6 380
@@ -192,6 +192,7 @@ struct myoption {
#define LOPT_NO_DHCP4 383
#define LOPT_MAX_PROCS 384
#define LOPT_DNSSEC_LIMITS 385
+#define LOPT_BIND_MAC_IP6 386
#ifdef HAVE_GETOPT_LONG
static const struct option opts[] =
@@ -376,6 +377,7 @@ static const struct myoption opts[] =
{ "fast-dns-retry", 2, 0, LOPT_FAST_RETRY },
@@ -388,6 +389,7 @@ static const struct myoption opts[] =
{ "use-stale-cache", 2, 0 , LOPT_STALE_CACHE },
{ "no-ident", 0, 0, LOPT_NO_IDENT },
{ "max-tcp-connections", 1, 0, LOPT_MAX_PROCS },
+ { "bind-mac-with-ip6", 0, 0 , LOPT_BIND_MAC_IP6 },
{ NULL, 0, 0, 0 }
};
@@ -573,6 +575,7 @@ static struct {
{ LOPT_QUIET_TFTP, OPT_QUIET_TFTP, NULL, gettext_noop("Do not log routine TFTP."), NULL },
{ LOPT_NORR, OPT_NORR, NULL, gettext_noop("Suppress round-robin ordering of DNS records."), NULL },
@@ -591,6 +593,7 @@ static struct {
{ LOPT_NO_IDENT, OPT_NO_IDENT, NULL, gettext_noop("Do not add CHAOS TXT records."), NULL },
{ LOPT_CACHE_RR, ARG_DUP, "<RR-type>", gettext_noop("Cache this DNS resource record type."), NULL },
{ LOPT_MAX_PROCS, ARG_ONE, "<integer>", gettext_noop("Maximum number of concurrent tcp connections."), NULL },
+ { LOPT_BIND_MAC_IP6, OPT_BIND_MAC_IP6, NULL, gettext_noop("Bind mac with ipv6 address. This is an experimental feature and it conflicts with rfc3315."), NULL },
{ 0, 0, NULL, NULL, NULL }
};
diff --git a/src/rfc3315.c b/src/rfc3315.c
index 8754481..f093a5c 100644
index 400d939..004ebb8 100644
--- a/src/rfc3315.c
+++ b/src/rfc3315.c
@@ -49,6 +49,7 @@ static void end_ia(int t1cntr, unsigned int min_time, int do_fuzz);
@ -83,7 +82,7 @@ index 8754481..f093a5c 100644
static int config_valid(struct dhcp_config *config, struct dhcp_context *context, struct in6_addr *addr, struct state *state, time_t now);
static struct addrlist *config_implies(struct dhcp_config *config, struct dhcp_context *context, struct in6_addr *addr);
static void add_address(struct state *state, struct dhcp_context *context, unsigned int lease_time, void *ia_option,
@@ -704,7 +705,8 @@ static int dhcp6_no_relay(struct state *state, int msg_type, unsigned char *inbu
@@ -723,7 +724,8 @@ static int dhcp6_no_relay(struct state *state, int msg_type, unsigned char *inbu
for (c = state->context; c; c = c->current)
if (!(c->flags & CONTEXT_CONF_USED) &&
match_netid(c->filter, solicit_tags, plain_range) &&
@ -93,7 +92,7 @@ index 8754481..f093a5c 100644
{
mark_config_used(state->context, &addr);
if (have_config(config, CONFIG_TIME))
@@ -1289,6 +1291,37 @@ static int dhcp6_no_relay(struct state *state, int msg_type, unsigned char *inbu
@@ -1313,6 +1315,37 @@ static int dhcp6_no_relay(struct state *state, int msg_type, unsigned char *inbu
}
@ -132,5 +131,5 @@ index 8754481..f093a5c 100644
{
void *oro;
--
2.23.0
2.33.0

38
bugfix-deal-with-CONFRIM-when-binding-mac-with-ipv6.patch
View File

@ -1,22 +1,20 @@
From 068fe05737fe86185b5d55da7de6ea6b2668c911 Mon Sep 17 00:00:00 2001
From: liaichun <liaichun@huawei.com>
Date: Mon, 20 Apr 2020 16:17:24 +0800
Subject: [PATCH] bugfix-deal-with-CONFRIM-when-binding-mac-with-ipv6
Conflict: NA
Reference: NA
From 068fe05737fe86185b5d55da7de6ea6b2668c911 Mon Sep 17 00:00:00 2001
From: liaichun <liaichun@huawei.com>
Date: Mon, 20 Apr 2020 16:17:24 +0800
Subject: [PATCH] bugfix-deal-with-CONFRIM-when-binding-mac-with-ipv6
---
src/rfc3315.c | 32 ++++++++++++++++++++++++++++++--
1 file changed, 30 insertions(+), 2 deletions(-)
src/rfc3315.c | 32 +++++++++++++++++++++++++++++++-
1 file changed, 31 insertions(+), 1 deletion(-)
diff --git a/src/rfc3315.c b/src/rfc3315.c
index f093a5c..7ec4e8a 100644
index 004ebb8..8c22ded 100644
--- a/src/rfc3315.c
+++ b/src/rfc3315.c
@@ -1058,12 +1058,32 @@ static int dhcp6_no_relay(struct state *state, int msg_type, unsigned char *inbu
@@ -1077,12 +1077,32 @@ static int dhcp6_no_relay(struct state *state, int msg_type, unsigned char *inbu
case DHCP6CONFIRM:
{
int good_addr = 0;
int good_addr = 0, bad_addr = 0;
+ int find_bind = 0;
+ struct dhcp_config *find_config = NULL;
@ -34,7 +32,7 @@ index f093a5c..7ec4e8a 100644
+ break;
+ }
+ }
+ /* requires all mac has binding ipv6 address. */
+ /* requires all mac has binding ipv6 address. */
+ if (find_bind == 0) {
+ o1 = new_opt6(OPTION6_STATUS_CODE);
+ put_opt6_short(DHCP6NOTONLINK);
@ -47,11 +45,11 @@ index f093a5c..7ec4e8a 100644
for (opt = state->packet_options; opt; opt = opt6_next(opt, state->end))
{
void *ia_option, *ia_end;
@@ -1086,7 +1106,15 @@ static int dhcp6_no_relay(struct state *state, int msg_type, unsigned char *inbu
log6_quiet(state, "DHCPREPLY", &req_addr, _("confirm failed"));
return 1;
@@ -1106,6 +1126,16 @@ static int dhcp6_no_relay(struct state *state, int msg_type, unsigned char *inbu
good_addr = 1;
log6_quiet(state, "DHCPREPLY", &req_addr, state->hostname);
}
-
+
+ if(daemon->bind_mac_with_ip6) {
+ if (!is_same_net6(&req_addr, &find_config->addr6, 128)) {
+ o1 = new_opt6(OPTION6_STATUS_CODE);
@ -61,9 +59,9 @@ index f093a5c..7ec4e8a 100644
+ return 1;
+ }
+ }
good_addr = 1;
log6_quiet(state, "DHCPREPLY", &req_addr, state->hostname);
}
}
--
2.23.0
2.33.0

BIN
dnsmasq-2.89.tar.xz
View File

Binary file not shown.

BIN
dnsmasq-2.90.tar.xz Normal file
View File

Binary file not shown.

18
dnsmasq.spec
View File

@ -1,6 +1,6 @@
Name: dnsmasq
Version: 2.89
Release: 2
Version: 2.90
Release: 1
Summary: Dnsmasq provides network infrastructure for small networks
License: GPLv2 or GPLv3
URL: http://www.thekelleys.org.uk/dnsmasq/
@ -11,10 +11,10 @@ Source2: dnsmasq-systemd-sysusers.conf
Patch1: backport-dnsmasq-2.77-underflow.patch
Patch2: backport-dnsmasq-2.81-configuration.patch
Patch3: backport-dnsmasq-2.78-fips.patch
Patch4: backport-CVE-2023-28450-Set-the-default-maximum-DNS-UDP-packet.patch
Patch5: bugfix-allow-binding-mac-with-ipv6.patch
Patch6: bugfix-deal-with-CONFRIM-when-binding-mac-with-ipv6.patch
Patch7: backport-Fix-memory-leak-when-using-dhcp-optsfile-with-DHCPv6.patch
Patch4: backport-Fix-spurious-resource-limit-exceeded-messages.patch
Patch5: backport-Fix-error-introduced-in-51471cafa5a4fa44d6fe49.patch
Patch6: bugfix-allow-binding-mac-with-ipv6.patch
Patch7: bugfix-deal-with-CONFRIM-when-binding-mac-with-ipv6.patch
BuildRequires: gcc
BuildRequires: dbus-devel pkgconfig libidn2-devel nettle-devel systemd
@ -104,6 +104,12 @@ install -Dpm644 %{SOURCE2} $RPM_BUILD_ROOT%{_sysusersdir}/dnsmasq.conf
%{_mandir}/man8/dnsmasq*
%changelog
* Thu Feb 22 2024 renmingshuai <renmingshuai@huawei.com> - 2.90-1
- Type:requirement
- Id:NA
- SUG:NA
- DESC:Update to 2.90
* Wed Nov 22 2023 renmingshuai <renmingshuai@huawei.com> - 2.89-2
- Type:bugfix
- Id:NA