dnsmasq: latest upstream patches
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org --- lfs/dnsmasq | 6 +++ .../004-fix_behaviour_of_empty_dhcp-option.patch | 38 ++++++++++++++++ ...ution_to_ENOMEM_error_with_IPv6_multicast.patch | 50 ++++++++++++++++++++++ ...page_on_RDNSS_set_in_router_advertisement.patch | 35 +++++++++++++++ ...gned_dangling_CNAME_replies_to_DS_queries.patch | 30 +++++++++++++ ...6_option_56_does_not_hold_an_address_list.patch | 25 +++++++++++ ...pect_the_--no_resolv_flag_in_inotify_code.patch | 47 ++++++++++++++++++++ 7 files changed, 231 insertions(+) create mode 100644 src/patches/dnsmasq/004-fix_behaviour_of_empty_dhcp-option.patch create mode 100644 src/patches/dnsmasq/005-suggest_solution_to_ENOMEM_error_with_IPv6_multicast.patch create mode 100644 src/patches/dnsmasq/006-clarify_man_page_on_RDNSS_set_in_router_advertisement.patch create mode 100644 src/patches/dnsmasq/007-handle_signed_dangling_CNAME_replies_to_DS_queries.patch create mode 100644 src/patches/dnsmasq/008-DHCPv6_option_56_does_not_hold_an_address_list.patch create mode 100644 src/patches/dnsmasq/009-Respect_the_--no_resolv_flag_in_inotify_code.patch
diff --git a/lfs/dnsmasq b/lfs/dnsmasq index f16c761..db56091 100644 --- a/lfs/dnsmasq +++ b/lfs/dnsmasq @@ -76,6 +76,12 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/001-include_0_0_0_0_8_in_DNS_rebind_checks.patch cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/002-enhance_add_subnet_to_allow_arbitary_subnet_addresses.patch cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/003-dont_answer_non_auth_queries_for_auth_zones_locally_when_localise_queries_set.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/004-fix_behaviour_of_empty_dhcp-option.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/005-suggest_solution_to_ENOMEM_error_with_IPv6_multicast.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/006-clarify_man_page_on_RDNSS_set_in_router_advertisement.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/007-handle_signed_dangling_CNAME_replies_to_DS_queries.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/008-DHCPv6_option_56_does_not_hold_an_address_list.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/009-Respect_the_--no_resolv_flag_in_inotify_code.patch cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq-Add-support-to-read-ISC-DHCP-lease-file.patch
cd $(DIR_APP) && sed -i src/config.h \ diff --git a/src/patches/dnsmasq/004-fix_behaviour_of_empty_dhcp-option.patch b/src/patches/dnsmasq/004-fix_behaviour_of_empty_dhcp-option.patch new file mode 100644 index 0000000..492ada9 --- /dev/null +++ b/src/patches/dnsmasq/004-fix_behaviour_of_empty_dhcp-option.patch @@ -0,0 +1,38 @@ +From 5e3e464ac4022ee0b3794513abe510817e2cf3ca Mon Sep 17 00:00:00 2001 +From: Simon Kelley simon@thekelleys.org.uk +Date: Tue, 25 Aug 2015 23:08:39 +0100 +Subject: [PATCH] Fix behaviour of empty dhcp-option=option6:dns-server, which + should inhibit sending option. + +--- + src/rfc3315.c | 9 +++++---- + 1 file changed, 5 insertions(+), 4 deletions(-) + +diff --git a/src/rfc3315.c b/src/rfc3315.c +index 2665d0d..3f1f9ee 100644 +--- a/src/rfc3315.c ++++ b/src/rfc3315.c +@@ -1320,15 +1320,16 @@ static struct dhcp_netid *add_options(struct state *state, int do_refresh) + + if (opt_cfg->opt == OPTION6_REFRESH_TIME) + done_refresh = 1; ++ ++ if (opt_cfg->opt == OPTION6_DNS_SERVER) ++ done_dns = 1; + +- if (opt_cfg->flags & DHOPT_ADDR6) ++ /* Empty DNS_SERVER option will not set DHOPT_ADDR6 */ ++ if ((opt_cfg->flags & DHOPT_ADDR6) || opt_cfg->opt == OPTION6_DNS_SERVER) + { + int len, j; + struct in6_addr *a; + +- if (opt_cfg->opt == OPTION6_DNS_SERVER) +- done_dns = 1; +- + for (a = (struct in6_addr *)opt_cfg->val, len = opt_cfg->len, j = 0; + j < opt_cfg->len; j += IN6ADDRSZ, a++) + if ((IN6_IS_ADDR_ULA_ZERO(a) && IN6_IS_ADDR_UNSPECIFIED(state->ula_addr)) || +-- +1.7.10.4 + diff --git a/src/patches/dnsmasq/005-suggest_solution_to_ENOMEM_error_with_IPv6_multicast.patch b/src/patches/dnsmasq/005-suggest_solution_to_ENOMEM_error_with_IPv6_multicast.patch new file mode 100644 index 0000000..c7cee60 --- /dev/null +++ b/src/patches/dnsmasq/005-suggest_solution_to_ENOMEM_error_with_IPv6_multicast.patch @@ -0,0 +1,50 @@ +From 9cdcfe9f19ffd45bac4e5b459879bf7c50a287ed Mon Sep 17 00:00:00 2001 +From: Simon Kelley simon@thekelleys.org.uk +Date: Wed, 26 Aug 2015 22:38:08 +0100 +Subject: [PATCH] Suggest solution to ENOMEM error with IPv6 multicast. + +--- + src/network.c | 13 ++++++++++--- + 1 file changed, 10 insertions(+), 3 deletions(-) + +diff --git a/src/network.c b/src/network.c +index a1d90c8..819302f 100644 +--- a/src/network.c ++++ b/src/network.c +@@ -1076,23 +1076,30 @@ void join_multicast(int dienow) + + if ((daemon->doing_dhcp6 || daemon->relay6) && + setsockopt(daemon->dhcp6fd, IPPROTO_IPV6, IPV6_JOIN_GROUP, &mreq, sizeof(mreq)) == -1) +- err = 1; ++ err = errno; + + inet_pton(AF_INET6, ALL_SERVERS, &mreq.ipv6mr_multiaddr); + + if (daemon->doing_dhcp6 && + setsockopt(daemon->dhcp6fd, IPPROTO_IPV6, IPV6_JOIN_GROUP, &mreq, sizeof(mreq)) == -1) +- err = 1; ++ err = errno; + + inet_pton(AF_INET6, ALL_ROUTERS, &mreq.ipv6mr_multiaddr); + + if (daemon->doing_ra && + setsockopt(daemon->icmp6fd, IPPROTO_IPV6, IPV6_JOIN_GROUP, &mreq, sizeof(mreq)) == -1) +- err = 1; ++ err = errno; + + if (err) + { + char *s = _("interface %s failed to join DHCPv6 multicast group: %s"); ++ errno = err; ++ ++#ifdef HAVE_LINUX_NETWORK ++ if (errno == ENOMEM) ++ my_syslog(LOG_ERR, _("try increasing /proc/sys/net/core/optmem_max")); ++#endif ++ + if (dienow) + die(s, iface->name, EC_BADNET); + else +-- +1.7.10.4 + diff --git a/src/patches/dnsmasq/006-clarify_man_page_on_RDNSS_set_in_router_advertisement.patch b/src/patches/dnsmasq/006-clarify_man_page_on_RDNSS_set_in_router_advertisement.patch new file mode 100644 index 0000000..19c76e6 --- /dev/null +++ b/src/patches/dnsmasq/006-clarify_man_page_on_RDNSS_set_in_router_advertisement.patch @@ -0,0 +1,35 @@ +From 20fd11e11a9d09edcea94de135396ae1541fbbab Mon Sep 17 00:00:00 2001 +From: Simon Kelley simon@thekelleys.org.uk +Date: Wed, 26 Aug 2015 22:48:13 +0100 +Subject: [PATCH] Clarify man page on RDNSS set in router advertisement. + +--- + man/dnsmasq.8 | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/man/dnsmasq.8 b/man/dnsmasq.8 +index a23c898..d51b10f 100644 +--- a/man/dnsmasq.8 ++++ b/man/dnsmasq.8 +@@ -1687,15 +1687,15 @@ creation are handled by a different protocol. When DHCP is in use, + only a subset of this is needed, and dnsmasq can handle it, using + existing DHCP configuration to provide most data. When RA is enabled, + dnsmasq will advertise a prefix for each dhcp-range, with default +-router and recursive DNS server as the relevant link-local address on +-the machine running dnsmasq. By default, he "managed address" bits are set, and ++router as the relevant link-local address on ++the machine running dnsmasq. By default, the "managed address" bits are set, and + the "use SLAAC" bit is reset. This can be changed for individual + subnets with the mode keywords described in + .B --dhcp-range. + RFC6106 DNS parameters are included in the advertisements. By default, + the relevant link-local address of the machine running dnsmasq is sent + as recursive DNS server. If provided, the DHCPv6 options dns-server and +-domain-search are used for RDNSS and DNSSL. ++domain-search are used for the DNS server (RDNSS) and the domain serach list (DNSSL). + .TP + .B --ra-param=<interface>,[high|low],[[<ra-interval>],<router lifetime>] + Set non-default values for router advertisements sent via an +-- +1.7.10.4 + diff --git a/src/patches/dnsmasq/007-handle_signed_dangling_CNAME_replies_to_DS_queries.patch b/src/patches/dnsmasq/007-handle_signed_dangling_CNAME_replies_to_DS_queries.patch new file mode 100644 index 0000000..832a22e --- /dev/null +++ b/src/patches/dnsmasq/007-handle_signed_dangling_CNAME_replies_to_DS_queries.patch @@ -0,0 +1,30 @@ +From 6de81f1250fd323c9155de065d5a9dc200a6f20b Mon Sep 17 00:00:00 2001 +From: Simon Kelley simon@thekelleys.org.uk +Date: Wed, 9 Sep 2015 22:51:13 +0100 +Subject: [PATCH] Handle signed dangling CNAME replies to DS queries. + +--- + src/dnssec.c | 7 ++----- + 1 file changed, 2 insertions(+), 5 deletions(-) + +diff --git a/src/dnssec.c b/src/dnssec.c +index 4deda24..67ce486 100644 +--- a/src/dnssec.c ++++ b/src/dnssec.c +@@ -1232,11 +1232,8 @@ int dnssec_validate_ds(time_t now, struct dns_header *header, size_t plen, char + + /* If we return STAT_NO_SIG, name contains the name of the DS query */ + if (val == STAT_NO_SIG) +- { +- *keyname = 0; +- return val; +- } +- ++ return val; ++ + /* If the key needed to validate the DS is on the same domain as the DS, we'll + loop getting nowhere. Stop that now. This can happen of the DS answer comes + from the DS's zone, and not the parent zone. */ +-- +1.7.10.4 + diff --git a/src/patches/dnsmasq/008-DHCPv6_option_56_does_not_hold_an_address_list.patch b/src/patches/dnsmasq/008-DHCPv6_option_56_does_not_hold_an_address_list.patch new file mode 100644 index 0000000..fdccd0e --- /dev/null +++ b/src/patches/dnsmasq/008-DHCPv6_option_56_does_not_hold_an_address_list.patch @@ -0,0 +1,25 @@ +From 102208df695e886a3086754d32bf7f8c541fbe46 Mon Sep 17 00:00:00 2001 +From: Simon Kelley simon@thekelleys.org.uk +Date: Thu, 10 Sep 2015 21:50:00 +0100 +Subject: [PATCH] DHCPv6 option 56 does not hold an address list. (RFC 5908). + +--- + src/dhcp-common.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/dhcp-common.c b/src/dhcp-common.c +index bc48f41..8fc171a 100644 +--- a/src/dhcp-common.c ++++ b/src/dhcp-common.c +@@ -599,7 +599,7 @@ static const struct opttab_t opttab6[] = { + { "sntp-server", 31, OT_ADDR_LIST }, + { "information-refresh-time", 32, OT_TIME }, + { "FQDN", 39, OT_INTERNAL | OT_RFC1035_NAME }, +- { "ntp-server", 56, OT_ADDR_LIST }, ++ { "ntp-server", 56, 0 }, + { "bootfile-url", 59, OT_NAME }, + { "bootfile-param", 60, OT_CSTRING }, + { NULL, 0, 0 } +-- +1.7.10.4 + diff --git a/src/patches/dnsmasq/009-Respect_the_--no_resolv_flag_in_inotify_code.patch b/src/patches/dnsmasq/009-Respect_the_--no_resolv_flag_in_inotify_code.patch new file mode 100644 index 0000000..2014fdb --- /dev/null +++ b/src/patches/dnsmasq/009-Respect_the_--no_resolv_flag_in_inotify_code.patch @@ -0,0 +1,47 @@ +From 77607cbea0ad0f876dfb79c8b2c121ee400d57d0 Mon Sep 17 00:00:00 2001 +From: Simon Kelley simon@thekelleys.org.uk +Date: Thu, 10 Sep 2015 23:08:43 +0100 +Subject: [PATCH] Respect the --no-resolv flag in inotify code. + +--- + CHANGELOG | 7 ++++++- + debian/changelog | 6 ++++++ + src/inotify.c | 3 +++ + 3 files changed, 15 insertions(+), 1 deletion(-) + +diff --git a/CHANGELOG b/CHANGELOG +index bbc2834..d6e309f 100644 +--- a/CHANGELOG ++++ b/CHANGELOG +@@ -7,8 +7,13 @@ version 2.76 + + Enhance --add-subnet to allow arbitrary subnet addresses. + Thanks to Ed Barsley for the patch. ++ ++ Respect the --no-resolv flag in inotify code. Fixes bug ++ which caused dnsmasq to fail to start if a resolv-file ++ was a dangling symbolic link, even of --no-resolv set. ++ Thanks to Alexander Kurtz for spotting the problem. ++ + +- + version 2.75 + Fix reversion on 2.74 which caused 100% CPU use when a + dhcp-script is configured. Thanks to Adrian Davey for +diff --git a/src/inotify.c b/src/inotify.c +index 52d412f..ef05c58 100644 +--- a/src/inotify.c ++++ b/src/inotify.c +@@ -90,6 +90,9 @@ void inotify_dnsmasq_init() + + if (daemon->inotifyfd == -1) + die(_("failed to create inotify: %s"), NULL, EC_MISC); ++ ++ if (option_bool(OPT_NO_RESOLV)) ++ return; + + for (res = daemon->resolv_files; res; res = res->next) + { +-- +1.7.10.4 +