backport some upstream patches

Signed-off-by: renmingshuai <renmingshuai@huawei.com>
2022-10-27 15:41:41 +08:00 · 2022-10-27 15:41:41 +08:00 · db68f8a323
commit db68f8a323
parent bfb72884d9
4 changed files with 218 additions and 3 deletions
--- a/backport-Fix-address-which-was-lost-in-2.86.patch
+++ b/backport-Fix-address-which-was-lost-in-2.86.patch
@ -0,0 +1,67 @@
+From 26bbf5a314d833beaf0f147d24409969f05f3dba Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Thu, 23 Sep 2021 10:54:46 +0100
+Subject: [PATCH] Fix --address=/#/...... which was lost in 2.86
+
+A victim of the domain-search rewrite. Apologies.
+
+Conflict:NA
+Reference:https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=26bbf5a314d833beaf0f147d24409969f05f3dba
+---
+ src/network.c |  3 ++-
+ src/option.c  | 17 ++++++++++++-----
+ 2 files changed, 14 insertions(+), 6 deletions(-)
+
+diff --git a/src/network.c b/src/network.c
+index 296c7bd..3c1c176 100644
+--- a/src/network.c
+++ b/src/network.c
+@@ -1626,7 +1626,8 @@ void check_servers(int no_loop_check)
+ 	 continue;
+        
+        if ((serv->flags & SERV_LITERAL_ADDRESS) &&
+-	   !(serv->flags & (SERV_6ADDR | SERV_4ADDR | SERV_ALL_ZEROS)))
+	   !(serv->flags & (SERV_6ADDR | SERV_4ADDR | SERV_ALL_ZEROS)) &&
+	   strlen(serv->domain))
+ 	 {
+ 	   count--;
+ 	   if (++locals <= LOCALS_LOGGED)
+diff --git a/src/option.c b/src/option.c
+index e64c3ab..54d89aa 100644
+--- a/src/option.c
+++ b/src/option.c
+@@ -2764,7 +2764,7 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
+ 	
+ 	if (!arg || !*arg)
+ 	  flags = SERV_LITERAL_ADDRESS;
+-	else if (option == 'A')
+	else if (option != 'S')
+ 	  {
+ 	    /* # as literal address means return zero address for 4 and 6 */
+ 	    if (strcmp(arg, "#") == 0)
+@@ -2788,11 +2788,18 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
+ 	while (1)
+ 	  {
+ 	    /* server=//1.2.3.4 is special. */
+-	    if (strlen(domain) == 0 && lastdomain)
+-	      flags |= SERV_FOR_NODOTS;
+-	    else
+-	      flags &= ~SERV_FOR_NODOTS;
+	    if (lastdomain)
+	      {
+		if (strlen(domain) == 0)
+		  flags |= SERV_FOR_NODOTS;
+		else
+		  flags &= ~SERV_FOR_NODOTS;
+ 
+		/* address=/#/ matches the same as without domain */
+		if (option != 'S' && domain[0] == '#' && domain[1] == 0)
+		  domain[0] = 0;
+	      }
+	    
+ 	    if (!add_update_server(flags, &serv_addr, &source_addr, interface, domain, &addr))
+ 	      ret_err(gen_err);
+ 	    
+-- 
+2.23.0
+
--- a/backport-Fix-bad-interaction-between-address-ip-and-ser.patch
+++ b/backport-Fix-bad-interaction-between-address-ip-and-ser.patch
@ -0,0 +1,65 @@
+From f4b281381853df6b275332d4cd0ec1d150bffa86 Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Mon, 8 Aug 2022 15:27:32 +0100
+Subject: [PATCH] Fix bad interaction between --address=/#/<ip> and
+ --server=/some.domain/#
+
+This would return <ip> for queries in some.domain, rather than
+forwarding the query via the default server(s) read from /etc/resolv.conf.
+
+Conflict:NA
+Reference:https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=f4b281381853df6b275332d4cd0ec1d150bffa86
+---
+ src/domain-match.c | 14 +++++++++-----
+ 1 files changed, 9 insertions(+), 5 deletions(-)
+
+diff --git a/src/domain-match.c b/src/domain-match.c
+index 3ec49b8..f7db0fe 100644
+--- a/src/domain-match.c
+++ b/src/domain-match.c
+@@ -213,9 +213,13 @@ int lookup_domain(char *domain, int flags, int *lowout, int *highout)
+ 	       to continue generalising */
+ 	    {
+ 	      /* We've matched a setting which says to use servers without a domain.
+-		 Continue the search with empty query */
+		 Continue the search with empty query. We set the F_SERVER flag
+		 so that --address=/#/... doesn't match. */
+ 	      if (daemon->serverarray[nlow]->flags & SERV_USE_RESOLV)
+-		crop_query = qlen;
+		{
+		  crop_query = qlen;
+		  flags |= F_SERVER;
+		}
+ 	      else
+ 		break;
+ 	    }
+@@ -299,7 +303,7 @@ int filter_servers(int seed, int flags, int *lowout, int *highout)
+       
+       for (i = nlow; i < nhigh && (daemon->serverarray[i]->flags & SERV_6ADDR); i++);
+       
+-      if (i != nlow && (flags & F_IPV6))
+      if (!(flags & F_SERVER) && i != nlow && (flags & F_IPV6))
+ 	nhigh = i;
+       else
+ 	{
+@@ -307,7 +311,7 @@ int filter_servers(int seed, int flags, int *lowout, int *highout)
+ 	  
+ 	  for (i = nlow; i < nhigh && (daemon->serverarray[i]->flags & SERV_4ADDR); i++);
+ 	  
+-	  if (i != nlow && (flags & F_IPV4))
+	  if (!(flags & F_SERVER) && i != nlow && (flags & F_IPV4))
+ 	    nhigh = i;
+ 	  else
+ 	    {
+@@ -315,7 +319,7 @@ int filter_servers(int seed, int flags, int *lowout, int *highout)
+ 	      
+ 	      for (i = nlow; i < nhigh && (daemon->serverarray[i]->flags & SERV_ALL_ZEROS); i++);
+ 	      
+-	      if (i != nlow && (flags & (F_IPV4 | F_IPV6)))
+	      if (!(flags & F_SERVER) && i != nlow && (flags & (F_IPV4 | F_IPV6)))
+ 		nhigh = i;
+ 	      else
+ 		{
+-- 
+2.23.0
+
--- a/backport-Fix-parsing-of-IPv6-addresses-with-peer-from-netlink.patch
+++ b/backport-Fix-parsing-of-IPv6-addresses-with-peer-from-netlink.patch
@ -0,0 +1,71 @@
+From 770bce967cfc9967273d0acfb3ea018fb7b17522 Mon Sep 17 00:00:00 2001
+From: Beniamino Galvani <bgalvani@redhat.com>
+Date: Fri, 27 May 2022 21:16:18 +0100
+Subject: [PATCH] Fix parsing of IPv6 addresses with peer from netlink.
+
+In the most common case, an IPv6 address doesn't have a peer and the
+IFA_ADDRESS netlink attribute contains the address itself.
+
+But if the address has a peer (typically for point to point links),
+then IFA_ADDRESS contains the peer address and IFA_LOCAL contains the
+address [1].
+
+[1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/net/ipv6/addrconf.c?h=v5.17#n5030
+
+Fix the parsing of IPv6 addresses with peers, as currently dnsmasq
+unsuccessfully tries to bind on the peer address.
+
+A simple reproducer is:
+
+  dnsmasq --conf-file=/dev/null -i dummy1 -d --bind-dynamic &
+  sleep 2
+  ip link add dummy1 type dummy
+  ip link set dummy1 up
+  ip addr add dev dummy1 fd01::1/64 peer fd01::2/64
+  ip addr add dev dummy1 fd01::42/64
+  sleep 2
+  ss -lnp | grep dnsmasq | grep fd01
+
+Before the patch:
+  dnsmasq: failed to create listening socket for fd01::2: Cannot assign requested address
+  dnsmasq: failed to create listening socket for fd01::2: Cannot assign requested address
+  udp   UNCONN 0   [fd01::42]:53   [::]:*    users:(("dnsmasq",pid=23947,fd=14))
+  tcp   LISTEN 0   [fd01::42]:53   [::]:*    users:(("dnsmasq",pid=23947,fd=15
+
+After:
+  udp   UNCONN 0   [fd01::42]:53   [::]:*    users:(("dnsmasq",pid=23973,fd=16))
+  udp   UNCONN 0    [fd01::1]:53   [::]:*    users:(("dnsmasq",pid=23973,fd=14))
+  tcp   LISTEN 0   [fd01::42]:53   [::]:*    users:(("dnsmasq",pid=23973,fd=17))
+  tcp   LISTEN 0    [fd01::1]:53   [::]:*    users:(("dnsmasq",pid=23973,fd=15))
+
+Conflict:NA
+Reference:https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=770bce967cfc9967273d0acfb3ea018fb7b17522
+---
+ src/netlink.c | 11 ++++++++++-
+ 1 file changed, 10 insertions(+), 1 deletion(-)
+
+diff --git a/src/netlink.c b/src/netlink.c
+index da82943..c156cde 100644
+--- a/src/netlink.c
+++ b/src/netlink.c
+@@ -258,7 +258,16 @@ int iface_enumerate(int family, void *parm, int (*callback)())
+ 		    
+ 		    while (RTA_OK(rta, len1))
+ 		      {
+-			if (rta->rta_type == IFA_ADDRESS)
+			/*
+			 * Important comment: (from if_addr.h)
+			 * IFA_ADDRESS is prefix address, rather than local interface address.
+			 * It makes no difference for normally configured broadcast interfaces,
+			 * but for point-to-point IFA_ADDRESS is DESTINATION address,
+			 * local address is supplied in IFA_LOCAL attribute.
+			 */
+			if (rta->rta_type == IFA_LOCAL)
+			  addrp = ((struct in6_addr *)(rta+1));
+			else if (rta->rta_type == IFA_ADDRESS && !addrp)
+ 			  addrp = ((struct in6_addr *)(rta+1)); 
+ 			else if (rta->rta_type == IFA_CACHEINFO)
+ 			  {
+-- 
+2.23.0
+
--- a/dnsmasq.spec
+++ b/dnsmasq.spec
@ -1,6 +1,6 @@
 Name:           dnsmasq
 Version:        2.86
-Release:        3
+Release:        4
 Summary:        Dnsmasq provides network infrastructure for small networks
 License:        GPLv2 or GPLv3
 URL:            http://www.thekelleys.org.uk/dnsmasq/
@ -33,8 +33,11 @@ Patch22:        bugfix-allow-binding-mac-with-ipv6.patch
 Patch23:        bugfix-deal-with-CONFRIM-when-binding-mac-with-ipv6.patch
 Patch24:      	backport-Fix-write-after-free-in-DHCPv6-code-CVE-2022-0934.patch 
 Patch25:      	Fix-logic-when-a-SERVFAIL-reply-is-received-after-go.patch
-Patch26:	Free-sockets-awaiting-upstream-DNS-replies-ASAP.patch
-Patch27:	Fix-a-problem-in-overload-handling.patch
+Patch26:        Free-sockets-awaiting-upstream-DNS-replies-ASAP.patch
+Patch27:        Fix-a-problem-in-overload-handling.patch
+Patch28:        backport-Fix-parsing-of-IPv6-addresses-with-peer-from-netlink.patch
+Patch29:        backport-Fix-bad-interaction-between-address-ip-and-ser.patch
+Patch30:        backport-Fix-address-which-was-lost-in-2.86.patch


 BuildRequires:  gcc
@ -125,6 +128,15 @@ install -Dpm644 %{SOURCE2} $RPM_BUILD_ROOT%{_sysusersdir}/dnsmasq.conf
 %{_mandir}/man8/dnsmasq*

 %changelog
+* Thu Oct 27 2022 renmingshuai <renmingshuai@huawei.com> - 2.86-4
+- Type:bugfix
+- Id:NA
+- SUG:NA
+- DESC:Fix parsing of IPv6 addresses with peer from netlink
+       Fix bad interaction between --address=/#/<ip> and
+            --server=/some.domain/#
+       Fix --address=/#/...... which was lost in 2.86
+
 * Mon Oct 17 2022 zhangjun <zhangjun@kylinos.cn> - 2.86-3
 - Type:bugfix
 - Id:NA