This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, next has been updated
via 7fd716f81c2ef856be5e69645340aebc7d4d6901 (commit)
via 5a0ddc615deaf0268139c61930f9af986f9b8ba7 (commit)
via 40e1bbda54635bfa6d9894044b7bce603b12e855 (commit)
from e546449f6ac1203c397cd94e12a73640f35518cd (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 7fd716f81c2ef856be5e69645340aebc7d4d6901
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Tue Dec 1 22:37:07 2015 +0000
core96: Don't restart services that have not been updated
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 5a0ddc615deaf0268139c61930f9af986f9b8ba7
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Tue Dec 1 22:36:21 2015 +0000
core96: Ship updated dnsmasq
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 40e1bbda54635bfa6d9894044b7bce603b12e855
Author: Matthias Fischer <matthias.fischer(a)ipfire.org>
Date: Fri Nov 27 22:11:41 2015 +0100
dnsmasq 2.75: latest upstream patches
Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
-----------------------------------------------------------------------
Summary of changes:
.../{oldcore/94 => core/96}/filelists/dnsmasq | 0
config/rootfiles/core/96/update.sh | 4 +-
lfs/dnsmasq | 6 +++
..._5e3e464ac4022ee0b3794513abe510817e2cf3ca.patch | 26 ++++++++++++
...11-Catch_errors_from_sendmsg_in_DHCP_code.patch | 32 +++++++++++++++
...12-Update_list_of_subnet_for_--bogus-priv.patch | 48 ++++++++++++++++++++++
...y_address_from_DNS_overlays_A_record_from.patch | 43 +++++++++++++++++++
...14-Handle_unknown_DS_hash_algos_correctly.patch | 39 ++++++++++++++++++
.../015-Fix_crash_at_start_up_with_conf-dir.patch | 38 +++++++++++++++++
9 files changed, 233 insertions(+), 3 deletions(-)
copy config/rootfiles/{oldcore/94 => core/96}/filelists/dnsmasq (100%)
create mode 100644 src/patches/dnsmasq/010-Rationalise_5e3e464ac4022ee0b3794513abe510817e2cf3ca.patch
create mode 100644 src/patches/dnsmasq/011-Catch_errors_from_sendmsg_in_DHCP_code.patch
create mode 100644 src/patches/dnsmasq/012-Update_list_of_subnet_for_--bogus-priv.patch
create mode 100644 src/patches/dnsmasq/013-Fix_crash_when_empty_address_from_DNS_overlays_A_record_from.patch
create mode 100644 src/patches/dnsmasq/014-Handle_unknown_DS_hash_algos_correctly.patch
create mode 100644 src/patches/dnsmasq/015-Fix_crash_at_start_up_with_conf-dir.patch
Difference in files:
diff --git a/config/rootfiles/core/96/filelists/dnsmasq b/config/rootfiles/core/96/filelists/dnsmasq
new file mode 120000
index 0000000..d469c74
--- /dev/null
+++ b/config/rootfiles/core/96/filelists/dnsmasq
@@ -0,0 +1 @@
+../../../common/dnsmasq
\ No newline at end of file
diff --git a/config/rootfiles/core/96/update.sh b/config/rootfiles/core/96/update.sh
index f40a075..7faf4b8 100644
--- a/config/rootfiles/core/96/update.sh
+++ b/config/rootfiles/core/96/update.sh
@@ -40,9 +40,7 @@ extract_files
# /usr/local/bin/update-lang-cache
# Start services
-/etc/init.d/dnsmasq start
-/etc/init.d/sshd start
-/etc/init.d/squid start
+/etc/init.d/dnsmasq restart
# This update need a reboot...
#touch /var/run/need_reboot
diff --git a/lfs/dnsmasq b/lfs/dnsmasq
index db56091..d166392 100644
--- a/lfs/dnsmasq
+++ b/lfs/dnsmasq
@@ -82,6 +82,12 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/007-handle_signed_dangling_CNAME_replies_to_DS_queries.patch
cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/008-DHCPv6_option_56_does_not_hold_an_address_list.patch
cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/009-Respect_the_--no_resolv_flag_in_inotify_code.patch
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/010-Rationalise_5e3e464ac4022ee0b3794513abe510817e2cf3ca.patch
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/011-Catch_errors_from_sendmsg_in_DHCP_code.patch
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/012-Update_list_of_subnet_for_--bogus-priv.patch
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/013-Fix_crash_when_empty_address_from_DNS_overlays_A_record_from.patch
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/014-Handle_unknown_DS_hash_algos_correctly.patch
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/015-Fix_crash_at_start_up_with_conf-dir.patch
cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq-Add-support-to-read-ISC-DHCP-lease-file.patch
cd $(DIR_APP) && sed -i src/config.h \
diff --git a/src/patches/dnsmasq/010-Rationalise_5e3e464ac4022ee0b3794513abe510817e2cf3ca.patch b/src/patches/dnsmasq/010-Rationalise_5e3e464ac4022ee0b3794513abe510817e2cf3ca.patch
new file mode 100644
index 0000000..281697f
--- /dev/null
+++ b/src/patches/dnsmasq/010-Rationalise_5e3e464ac4022ee0b3794513abe510817e2cf3ca.patch
@@ -0,0 +1,26 @@
+From 27b78d990b7cd901866ad6f1a17b9d633a95fdce Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon(a)thekelleys.org.uk>
+Date: Sat, 26 Sep 2015 21:40:45 +0100
+Subject: [PATCH] Rationalise 5e3e464ac4022ee0b3794513abe510817e2cf3ca
+
+---
+ src/rfc3315.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/src/rfc3315.c b/src/rfc3315.c
+index 3f1f9ee..3ed8623 100644
+--- a/src/rfc3315.c
++++ b/src/rfc3315.c
+@@ -1324,8 +1324,7 @@ static struct dhcp_netid *add_options(struct state *state, int do_refresh)
+ if (opt_cfg->opt == OPTION6_DNS_SERVER)
+ done_dns = 1;
+
+- /* Empty DNS_SERVER option will not set DHOPT_ADDR6 */
+- if ((opt_cfg->flags & DHOPT_ADDR6) || opt_cfg->opt == OPTION6_DNS_SERVER)
++ if (opt_cfg->flags & DHOPT_ADDR6)
+ {
+ int len, j;
+ struct in6_addr *a;
+--
+1.7.10.4
+
diff --git a/src/patches/dnsmasq/011-Catch_errors_from_sendmsg_in_DHCP_code.patch b/src/patches/dnsmasq/011-Catch_errors_from_sendmsg_in_DHCP_code.patch
new file mode 100644
index 0000000..631495f
--- /dev/null
+++ b/src/patches/dnsmasq/011-Catch_errors_from_sendmsg_in_DHCP_code.patch
@@ -0,0 +1,32 @@
+From 98079ea89851da1df4966dfdfa1852a98da02912 Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon(a)thekelleys.org.uk>
+Date: Tue, 13 Oct 2015 20:30:32 +0100
+Subject: [PATCH] Catch errors from sendmsg in DHCP code. Logs, eg, iptables
+ DROPS of dest 255.255.255.255
+
+---
+ src/dhcp.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/src/dhcp.c b/src/dhcp.c
+index e6fceb1..1c85e42 100644
+--- a/src/dhcp.c
++++ b/src/dhcp.c
+@@ -452,8 +452,13 @@ void dhcp_packet(time_t now, int pxe_fd)
+ #endif
+
+ while(retry_send(sendmsg(fd, &msg, 0)));
++
++ /* This can fail when, eg, iptables DROPS destination 255.255.255.255 */
++ if (errno != 0)
++ my_syslog(MS_DHCP | LOG_WARNING, _("Error sending DHCP packet to %s: %s"),
++ inet_ntoa(dest.sin_addr), strerror(errno));
+ }
+-
++
+ /* check against secondary interface addresses */
+ static int check_listen_addrs(struct in_addr local, int if_index, char *label,
+ struct in_addr netmask, struct in_addr broadcast, void *vparam)
+--
+1.7.10.4
+
diff --git a/src/patches/dnsmasq/012-Update_list_of_subnet_for_--bogus-priv.patch b/src/patches/dnsmasq/012-Update_list_of_subnet_for_--bogus-priv.patch
new file mode 100644
index 0000000..3ba98fc
--- /dev/null
+++ b/src/patches/dnsmasq/012-Update_list_of_subnet_for_--bogus-priv.patch
@@ -0,0 +1,48 @@
+From 90477fb79420a34124b66ebd808c578817a30e4c Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon(a)thekelleys.org.uk>
+Date: Tue, 20 Oct 2015 21:21:32 +0100
+Subject: [PATCH] Update list of subnet for --bogus-priv
+
+RFC6303 specifies & recommends following zones not be forwarded
+to globally facing servers.
++------------------------------+-----------------------+
+| Zone | Description |
++------------------------------+-----------------------+
+| 0.IN-ADDR.ARPA | IPv4 "THIS" NETWORK |
+| 127.IN-ADDR.ARPA | IPv4 Loopback NETWORK |
+| 254.169.IN-ADDR.ARPA | IPv4 LINK LOCAL |
+| 2.0.192.IN-ADDR.ARPA | IPv4 TEST-NET-1 |
+| 100.51.198.IN-ADDR.ARPA | IPv4 TEST-NET-2 |
+| 113.0.203.IN-ADDR.ARPA | IPv4 TEST-NET-3 |
+| 255.255.255.255.IN-ADDR.ARPA | IPv4 BROADCAST |
++------------------------------+-----------------------+
+
+Signed-off-by: Kevin Darbyshire-Bryant <kevin(a)darbyshire-bryant.me.uk>
+---
+ src/rfc1035.c | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/src/rfc1035.c b/src/rfc1035.c
+index 6a51b30..4eb1772 100644
+--- a/src/rfc1035.c
++++ b/src/rfc1035.c
+@@ -756,10 +756,14 @@ int private_net(struct in_addr addr, int ban_localhost)
+ return
+ (((ip_addr & 0xFF000000) == 0x7F000000) && ban_localhost) /* 127.0.0.0/8 (loopback) */ ||
+ ((ip_addr & 0xFF000000) == 0x00000000) /* RFC 5735 section 3. "here" network */ ||
+- ((ip_addr & 0xFFFF0000) == 0xC0A80000) /* 192.168.0.0/16 (private) */ ||
+ ((ip_addr & 0xFF000000) == 0x0A000000) /* 10.0.0.0/8 (private) */ ||
+ ((ip_addr & 0xFFF00000) == 0xAC100000) /* 172.16.0.0/12 (private) */ ||
+- ((ip_addr & 0xFFFF0000) == 0xA9FE0000) /* 169.254.0.0/16 (zeroconf) */ ;
++ ((ip_addr & 0xFFFF0000) == 0xC0A80000) /* 192.168.0.0/16 (private) */ ||
++ ((ip_addr & 0xFFFF0000) == 0xA9FE0000) /* 169.254.0.0/16 (zeroconf) */ ||
++ ((ip_addr & 0xFFFFFF00) == 0xC0000200) /* 192.0.2.0/24 (test-net) */ ||
++ ((ip_addr & 0xFFFFFF00) == 0xC6336400) /* 198.51.100.0/24(test-net) */ ||
++ ((ip_addr & 0xFFFFFF00) == 0xCB007100) /* 203.0.113.0/24 (test-net) */ ||
++ ((ip_addr & 0xFFFFFFFF) == 0xFFFFFFFF) /* 255.255.255.255/32 (broadcast)*/ ;
+ }
+
+ static unsigned char *do_doctor(unsigned char *p, int count, struct dns_header *header, size_t qlen, char *name, int *doctored)
+--
+1.7.10.4
+
diff --git a/src/patches/dnsmasq/013-Fix_crash_when_empty_address_from_DNS_overlays_A_record_from.patch b/src/patches/dnsmasq/013-Fix_crash_when_empty_address_from_DNS_overlays_A_record_from.patch
new file mode 100644
index 0000000..736cf38
--- /dev/null
+++ b/src/patches/dnsmasq/013-Fix_crash_when_empty_address_from_DNS_overlays_A_record_from.patch
@@ -0,0 +1,43 @@
+From 41a8d9e99be9f2cc8b02051dd322cb45e0faac87 Mon Sep 17 00:00:00 2001
+From: =?utf8?q?Edwin=20T=C3=B6r=C3=B6k?= <edwin+ml-cerowrt(a)etorok.net>
+Date: Sat, 14 Nov 2015 17:45:48 +0000
+Subject: [PATCH] Fix crash when empty address from DNS overlays A record from
+ hosts.
+
+---
+ CHANGELOG | 5 +++++
+ src/cache.c | 2 +-
+ 2 files changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/CHANGELOG b/CHANGELOG
+index d6e309f..93c73d0 100644
+--- a/CHANGELOG
++++ b/CHANGELOG
+@@ -13,6 +13,11 @@ version 2.76
+ was a dangling symbolic link, even of --no-resolv set.
+ Thanks to Alexander Kurtz for spotting the problem.
+
++ Fix crash when an A or AAAA record is defined locally,
++ in a hosts file, and an upstream server sends a reply
++ that the same name is empty. Thanks to Edwin Török for
++ the patch.
++
+
+ version 2.75
+ Fix reversion on 2.74 which caused 100% CPU use when a
+diff --git a/src/cache.c b/src/cache.c
+index 178d654..1b76b67 100644
+--- a/src/cache.c
++++ b/src/cache.c
+@@ -481,7 +481,7 @@ struct crec *cache_insert(char *name, struct all_addr *addr,
+ existing record is for an A or AAAA and
+ the record we're trying to insert is the same,
+ just drop the insert, but don't error the whole process. */
+- if ((flags & (F_IPV4 | F_IPV6)) && (flags & F_FORWARD))
++ if ((flags & (F_IPV4 | F_IPV6)) && (flags & F_FORWARD) && addr)
+ {
+ if ((flags & F_IPV4) && (new->flags & F_IPV4) &&
+ new->addr.addr.addr.addr4.s_addr == addr->addr.addr4.s_addr)
+--
+1.7.10.4
+
diff --git a/src/patches/dnsmasq/014-Handle_unknown_DS_hash_algos_correctly.patch b/src/patches/dnsmasq/014-Handle_unknown_DS_hash_algos_correctly.patch
new file mode 100644
index 0000000..8b17431
--- /dev/null
+++ b/src/patches/dnsmasq/014-Handle_unknown_DS_hash_algos_correctly.patch
@@ -0,0 +1,39 @@
+From 67ab3285b5d9a1b1e20e034cf272867fdab8a0f9 Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon(a)thekelleys.org.uk>
+Date: Fri, 20 Nov 2015 23:20:47 +0000
+Subject: [PATCH] Handle unknown DS hash algos correctly.
+
+When we can validate a DS RRset, but don't speak the hash algo it
+contains, treat that the same as an NSEC/3 proving that the DS
+doesn't exist. 4025 5.2
+---
+ src/dnssec.c | 13 +++++++++++++
+ 1 file changed, 13 insertions(+)
+
+diff --git a/src/dnssec.c b/src/dnssec.c
+index 67ce486..b4dc14e 100644
+--- a/src/dnssec.c
++++ b/src/dnssec.c
+@@ -1005,6 +1005,19 @@ int dnssec_validate_by_ds(time_t now, struct dns_header *header, size_t plen, ch
+ if (crecp->flags & F_NEG)
+ return STAT_INSECURE_DS;
+
++ /* 4035 5.2
++ If the validator does not support any of the algorithms listed in an
++ authenticated DS RRset, then the resolver has no supported
++ authentication path leading from the parent to the child. The
++ resolver should treat this case as it would the case of an
++ authenticated NSEC RRset proving that no DS RRset exists, */
++ for (recp1 = crecp; recp1; recp1 = cache_find_by_name(recp1, name, now, F_DS))
++ if (hash_find(ds_digest_name(recp1->addr.ds.digest)))
++ break;
++
++ if (!recp1)
++ return STAT_INSECURE_DS;
++
+ /* NOTE, we need to find ONE DNSKEY which matches the DS */
+ for (valid = 0, j = ntohs(header->ancount); j != 0 && !valid; j--)
+ {
+--
+1.7.10.4
+
diff --git a/src/patches/dnsmasq/015-Fix_crash_at_start_up_with_conf-dir.patch b/src/patches/dnsmasq/015-Fix_crash_at_start_up_with_conf-dir.patch
new file mode 100644
index 0000000..a9102c1
--- /dev/null
+++ b/src/patches/dnsmasq/015-Fix_crash_at_start_up_with_conf-dir.patch
@@ -0,0 +1,38 @@
+From 0007ee90646a5a78a96ee729932e89d31c69513a Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon(a)thekelleys.org.uk>
+Date: Sat, 21 Nov 2015 21:47:41 +0000
+Subject: [PATCH] Fix crash at start up with conf-dir=/path,*
+
+Thanks to Brian Carpenter and American Fuzzy Lop for finding the bug.
+---
+ src/option.c | 14 ++++++++++----
+ 1 file changed, 10 insertions(+), 4 deletions(-)
+
+diff --git a/src/option.c b/src/option.c
+index 746cd11..71beb98 100644
+--- a/src/option.c
++++ b/src/option.c
+@@ -1515,10 +1515,16 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
+ li = opt_malloc(sizeof(struct list));
+ if (*arg == '*')
+ {
+- li->next = match_suffix;
+- match_suffix = li;
+- /* Have to copy: buffer is overwritten */
+- li->suffix = opt_string_alloc(arg+1);
++ /* "*" with no suffix is a no-op */
++ if (arg[1] == 0)
++ free(li);
++ else
++ {
++ li->next = match_suffix;
++ match_suffix = li;
++ /* Have to copy: buffer is overwritten */
++ li->suffix = opt_string_alloc(arg+1);
++ }
+ }
+ else
+ {
+--
+1.7.10.4
+
hooks/post-receive
--
IPFire 2.x development tree