From mboxrd@z Thu Jan 1 00:00:00 1970 From: Matthias Fischer To: development@lists.ipfire.org Subject: [PATCH] dnsmasq 2.76: latest patches (015-016) Date: Wed, 17 Aug 2016 18:30:02 +0200 Message-ID: <20160817163002.2985-1-matthias.fischer@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============4206861089456791003==" List-Id: --===============4206861089456791003== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Signed-off-by: Matthias Fischer --- lfs/dnsmasq | 4 +- ..._IPv6_addresses_sanely_for_--synth-domain.patch | 101 ++++++++++++++ ...ode_to_remove_blatant_copyright_violation.patch | 149 +++++++++++++++++++= ++ 3 files changed, 253 insertions(+), 1 deletion(-) create mode 100644 src/patches/dnsmasq/015-Handle_v4-mapped_IPv6_addresses_s= anely_for_--synth-domain.patch create mode 100644 src/patches/dnsmasq/016-Refactor_openBSD_pftables_code_to= _remove_blatant_copyright_violation.patch diff --git a/lfs/dnsmasq b/lfs/dnsmasq index 474dacc..7a11061 100644 --- a/lfs/dnsmasq +++ b/lfs/dnsmasq @@ -1,7 +1,7 @@ ############################################################################= ### # = # # IPFire.org - A linux based firewall = # -# Copyright (C) 2016 Michael Tremer & Christian Schmidt = # +# Copyright (C) 2007-2016 IPFire Team = # # = # # This program is free software: you can redistribute it and/or modify = # # it under the terms of the GNU General Public License as published by = # @@ -87,6 +87,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/012-Compile-t= ime_check_on_buffer_sizes_for_leasefile_parsing_code.patch cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/013-auth-zone= _allow_to_exclude_ip_addresses_from_answer.patch cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/014-Bump_auth= _zone_serial_when_reloading_etc_hosts_and_friends.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/015-Handle_v4= -mapped_IPv6_addresses_sanely_for_--synth-domain.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/016-Refactor_= openBSD_pftables_code_to_remove_blatant_copyright_violation.patch cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq-Add-support-t= o-read-ISC-DHCP-lease-file.patch =20 cd $(DIR_APP) && sed -i src/config.h \ diff --git a/src/patches/dnsmasq/015-Handle_v4-mapped_IPv6_addresses_sanely_f= or_--synth-domain.patch b/src/patches/dnsmasq/015-Handle_v4-mapped_IPv6_addre= sses_sanely_for_--synth-domain.patch new file mode 100644 index 0000000..7ebef83 --- /dev/null +++ b/src/patches/dnsmasq/015-Handle_v4-mapped_IPv6_addresses_sanely_for_--sy= nth-domain.patch @@ -0,0 +1,101 @@ +From 6d95099c56a926d672e0407d6017fef9714f40c4 Mon Sep 17 00:00:00 2001 +From: Simon Kelley +Date: Thu, 11 Aug 2016 23:38:54 +0100 +Subject: [PATCH] Handle v4-mapped IPv6 addresses sanely for --synth-domain. + +--- + CHANGELOG | 7 ++++++- + man/dnsmasq.8 | 2 ++ + src/domain.c | 34 ++++++++++++++++++++++++---------- + 3 files changed, 32 insertions(+), 11 deletions(-) + +diff --git a/CHANGELOG b/CHANGELOG +index 4f89799..2731cc4 100644 +--- a/CHANGELOG ++++ b/CHANGELOG +@@ -24,7 +24,12 @@ version 2.77 + Bump zone serial on reloading /etc/hosts and friends + when providing authoritative DNS. Thanks to Harrald + Dunkel for spotting this. +-=09 ++ ++ Handle v4-mapped IPv6 addresses sanely in --synth-domain. ++ These have standard representation like ::ffff:1.2.3.4 ++ and are now converted to names like ++ --ffff-1-2-3-4. ++ +=20 + version 2.76 + Include 0.0.0.0/8 in DNS rebind checks. This range=20 +diff --git a/man/dnsmasq.8 b/man/dnsmasq.8 +index 8910947..91fe672 100644 +--- a/man/dnsmasq.8 ++++ b/man/dnsmasq.8 +@@ -619,6 +619,8 @@ but IPv6 addresses may start with '::' + but DNS labels may not start with '-' so in this case if no prefix is + configured a zero is added in front of the label. ::1 becomes 0--1. +=20 ++V4 mapped IPv6 addresses, which have a representation like ::ffff:1.2.3.4 a= re handled specially, and become like 0--ffff-1-2-3-4 ++ + The address range can be of the form + , or / + .TP +diff --git a/src/domain.c b/src/domain.c +index 1dd5027..a007acd 100644 +--- a/src/domain.c ++++ b/src/domain.c +@@ -77,18 +77,31 @@ int is_name_synthetic(int flags, char *name, struct all_= addr *addr) + =20 + *p =3D 0;=09 + =20 +- /* swap . or : for - */ +- for (p =3D tail; *p; p++) +- if (*p =3D=3D '-') +- { +- if (prot =3D=3D AF_INET) ++ #ifdef HAVE_IPV6 ++ if (prot =3D=3D AF_INET6 && strstr(tail, "--ffff-") =3D=3D tail) ++ { ++ /* special hack for v4-mapped. */ ++ memcpy(tail, "::ffff:", 7); ++ for (p =3D tail + 7; *p; p++) ++ if (*p =3D=3D '-') + *p =3D '.'; ++ } ++ else ++#endif ++ { ++ /* swap . or : for - */ ++ for (p =3D tail; *p; p++) ++ if (*p =3D=3D '-') ++ { ++ if (prot =3D=3D AF_INET) ++ *p =3D '.'; + #ifdef HAVE_IPV6 +- else +- *p =3D ':'; ++ else ++ *p =3D ':'; + #endif +- } +- =20 ++ } ++ } ++ + if (hostname_isequal(c->domain, p+1) && inet_pton(prot, tail, addr)) + { + if (prot =3D=3D AF_INET) +@@ -169,8 +182,9 @@ int is_rev_synth(int flag, struct all_addr *addr, char *= name) + inet_ntop(AF_INET6, &addr->addr.addr6, name+1, ADDRSTRLEN); + } +=20 ++ /* V4-mapped have periods.... */ + for (p =3D name; *p; p++) +- if (*p =3D=3D ':') ++ if (*p =3D=3D ':' || *p =3D=3D '.') + *p =3D '-'; +=20 + strncat(name, ".", MAXDNAME); +--=20 +1.7.10.4 + diff --git a/src/patches/dnsmasq/016-Refactor_openBSD_pftables_code_to_remove= _blatant_copyright_violation.patch b/src/patches/dnsmasq/016-Refactor_openBSD= _pftables_code_to_remove_blatant_copyright_violation.patch new file mode 100644 index 0000000..db27f90 --- /dev/null +++ b/src/patches/dnsmasq/016-Refactor_openBSD_pftables_code_to_remove_blatan= t_copyright_violation.patch @@ -0,0 +1,149 @@ +From 396750cef533cf72c7e6a72e47a9c93e2e431cb7 Mon Sep 17 00:00:00 2001 +From: Simon Kelley +Date: Sat, 13 Aug 2016 22:34:11 +0100 +Subject: [PATCH] Refactor openBSD pftables code to remove blatant copyright + violation. + +--- + src/tables.c | 90 +++++++++++++++++++++----------------------------------= --- + 1 file changed, 32 insertions(+), 58 deletions(-) + +diff --git a/src/tables.c b/src/tables.c +index aae1252..4fa3487 100644 +--- a/src/tables.c ++++ b/src/tables.c +@@ -53,52 +53,6 @@ static char *pfr_strerror(int errnum) + } + } +=20 +-static int pfr_add_tables(struct pfr_table *tbl, int size, int *nadd, int f= lags) +-{ +- struct pfioc_table io; +- =20 +- if (size < 0 || (size && tbl =3D=3D NULL))=20 +- { +- errno =3D EINVAL; +- return (-1); +- } +- bzero(&io, sizeof io); +- io.pfrio_flags =3D flags; +- io.pfrio_buffer =3D tbl; +- io.pfrio_esize =3D sizeof(*tbl); +- io.pfrio_size =3D size; +- if (ioctl(dev, DIOCRADDTABLES, &io)) +- return (-1); +- if (nadd !=3D NULL) +- *nadd =3D io.pfrio_nadd; +- return (0); +-} +- +-static int fill_addr(const struct all_addr *ipaddr, int flags, struct pfr_a= ddr* addr) { +- if ( !addr || !ipaddr) +- { +- my_syslog(LOG_ERR, _("error: fill_addr missused")); +- return -1; +- } +- bzero(addr, sizeof(*addr)); +-#ifdef HAVE_IPV6 +- if (flags & F_IPV6)=20 +- { +- addr->pfra_af =3D AF_INET6; +- addr->pfra_net =3D 0x80; +- memcpy(&(addr->pfra_ip6addr), &(ipaddr->addr), sizeof(struct in6_addr= )); +- }=20 +- else=20 +-#endif +- { +- addr->pfra_af =3D AF_INET; +- addr->pfra_net =3D 0x20; +- addr->pfra_ip4addr.s_addr =3D ipaddr->addr.addr4.s_addr; +- } +- return 1; +-} +- +-/**************************************************************************= ***/ +=20 + void ipset_init(void)=20 + { +@@ -111,14 +65,13 @@ void ipset_init(void) + } +=20 + int add_to_ipset(const char *setname, const struct all_addr *ipaddr, +- int flags, int remove) ++ int flags, int remove) + { + struct pfr_addr addr; + struct pfioc_table io; + struct pfr_table table; +- int n =3D 0, rc =3D 0; +=20 +- if ( dev =3D=3D -1 )=20 ++ if (dev =3D=3D -1)=20 + { + my_syslog(LOG_ERR, _("warning: no opened pf devices %s"), pf_device); + return -1; +@@ -126,31 +79,52 @@ int add_to_ipset(const char *setname, const struct all_= addr *ipaddr, +=20 + bzero(&table, sizeof(struct pfr_table)); + table.pfrt_flags |=3D PFR_TFLAG_PERSIST; +- if ( strlen(setname) >=3D PF_TABLE_NAME_SIZE ) ++ if (strlen(setname) >=3D PF_TABLE_NAME_SIZE) + { + my_syslog(LOG_ERR, _("error: cannot use table name %s"), setname); + errno =3D ENAMETOOLONG; + return -1; + } + =20 +- if ( strlcpy(table.pfrt_name, setname, +- sizeof(table.pfrt_name)) >=3D sizeof(table.pfrt_name))=20 ++ if (strlcpy(table.pfrt_name, setname, ++ sizeof(table.pfrt_name)) >=3D sizeof(table.pfrt_name))=20 + { + my_syslog(LOG_ERR, _("error: cannot strlcpy table name %s"), setname); + return -1; + } + =20 +- if ((rc =3D pfr_add_tables(&table, 1, &n, 0)))=20 ++ bzero(&io, sizeof io); ++ io.pfrio_flags =3D 0; ++ io.pfrio_buffer =3D &table; ++ io.pfrio_esize =3D sizeof(table); ++ io.pfrio_size =3D 1; ++ if (ioctl(dev, DIOCRADDTABLES, &io)) + { +- my_syslog(LOG_WARNING, _("warning: pfr_add_tables: %s(%d)"), +- pfr_strerror(errno),rc); ++ my_syslog(LOG_WARNING, _("IPset: error:%s"), pfr_strerror(errno)); ++ =20 + return -1; + } ++ =20 + table.pfrt_flags &=3D ~PFR_TFLAG_PERSIST; +- if (n) ++ if (io.pfrio_nadd) + my_syslog(LOG_INFO, _("info: table created")); +- =20 +- fill_addr(ipaddr,flags,&addr); ++=20 ++ bzero(&addr, sizeof(addr)); ++#ifdef HAVE_IPV6 ++ if (flags & F_IPV6)=20 ++ { ++ addr.pfra_af =3D AF_INET6; ++ addr.pfra_net =3D 0x80; ++ memcpy(&(addr.pfra_ip6addr), &(ipaddr->addr), sizeof(struct in6_addr)= ); ++ }=20 ++ else=20 ++#endif ++ { ++ addr.pfra_af =3D AF_INET; ++ addr.pfra_net =3D 0x20; ++ addr.pfra_ip4addr.s_addr =3D ipaddr->addr.addr4.s_addr; ++ } ++ + bzero(&io, sizeof(io)); + io.pfrio_flags =3D 0; + io.pfrio_table =3D table; +--=20 +1.7.10.4 + --=20 2.9.3 --===============4206861089456791003==--