This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, master has been updated via bfa284b41cb96f44e9dc1fa948d865e1b9205c1e (commit) via 888c41dea8eae268d3a9518e83b863f1bfa871f3 (commit) from 5f51d10373a8224027a14c055ec87e3109d58511 (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit bfa284b41cb96f44e9dc1fa948d865e1b9205c1e Author: Michael Tremer michael.tremer@ipfire.org Date: Wed May 20 23:37:54 2015 +0200
dnsmasq: Apply patches from upstream
commit 888c41dea8eae268d3a9518e83b863f1bfa871f3 Author: Michael Tremer michael.tremer@ipfire.org Date: Wed May 20 23:35:38 2015 +0200
dnsmasq: Import patches from upstream
-----------------------------------------------------------------------
Summary of changes: lfs/dnsmasq | 11 + ...newline-at-the-end-of-example-config-file.patch | 2 +- ...artup-when-an-empty-suffix-is-supplied-to.patch | 2 +- .../0003-Debian-build-fixes-for-kFreeBSD.patch | 2 +- ...04-Set-conntrack-mark-before-connect-call.patch | 2 +- .../dnsmasq/0005-Fix-typo-in-new-Dbus-code.patch | 2 +- .../dnsmasq/0006-Fit-example-conf-file-typo.patch | 2 +- ...-compliance-when-unable-to-supply-address.patch | 2 +- .../0008-Fix-conntrack-with-bind-interfaces.patch | 2 +- ...9-Use-inotify-instead-of-polling-on-Linux.patch | 2 +- ...Teach-the-new-inotify-code-about-symlinks.patch | 2 +- ...ve-floor-on-EDNS0-packet-size-with-DNSSEC.patch | 2 +- .../dnsmasq/0012-CHANGELOG-re.-inotify.patch | 2 +- ...ix-breakage-of-domain-domain-subnet-local.patch | 2 +- ...ve-redundant-IN6_IS_ADDR_ULA-a-macro-defn.patch | 2 +- ...Pv6-privacy-addresses-from-interface-name.patch | 2 +- ...-width-in-cache-dump-to-avoid-truncating-.patch | 2 +- ...n-DNSSEC-code-when-attempting-to-verify-l.patch | 2 +- ...g-work-for-CNAMEs-pointing-to-A-AAAA-reco.patch | 2 +- ...x-problems-validating-NSEC3-and-wildcards.patch | 2 +- .../dnsmasq/0020-Initialise-return-value.patch | 2 +- .../dnsmasq/0021-Add-ignore-address-option.patch | 2 +- .../dnsmasq/0022-Bad-packet-protection.patch | 2 +- ...-build-failure-in-new-inotify-code-on-BSD.patch | 2 +- ...t-makefile-dependencies-on-COPTS-variable.patch | 2 +- ...0025-Fix-race-condition-issue-in-makefile.patch | 2 +- ...op-down-search-for-limit-of-secure-delega.patch | 2 +- ...ries-extra-option-for-more-complete-loggi.patch | 2 +- .../dnsmasq/0028-Add-min-cache-ttl-option.patch | 2 +- ...ort-of-requestor-when-doing-extra-logging.patch | 2 +- ...r-from-cache-RRsets-from-wildcards-as-we-.patch | 2 +- .../0031-Logs-for-DS-records-consistent.patch | 2 +- ...ultiple-interfaces-with-the-same-LL-addre.patch | 2 +- ...n-t-treat-SERVFAIL-as-a-recoverable-error.patch | 2 +- .../0034-Add-dhcp-hostsdir-config-option.patch | 2 +- .../dnsmasq/0035-Update-German-translation.patch | 2 +- ...-to-DHCPv6-SOLICIT-messages-when-not-conf.patch | 2 +- ...fy-to-be-disabled-at-compile-time-on-Linu.patch | 2 +- ...ify-code-to-dhcp-hostsdir-dhcp-optsdir-an.patch | 2 +- .../0039-Update-copyrights-for-dawn-of-2015.patch | 2 +- .../0040-inotify-documentation-updates.patch | 2 +- .../0041-Fix-broken-ECDSA-DNSSEC-signatures.patch | 2 +- src/patches/dnsmasq/0042-BSD-make-support.patch | 2 +- .../0043-Fix-build-failure-on-openBSD.patch | 2 +- src/patches/dnsmasq/0044-Manpage-typo-fix.patch | 2 +- ...configs-after-reading-extra-hostfiles-wit.patch | 2 +- .../0046-Extra-logging-for-inotify-code.patch | 2 +- src/patches/dnsmasq/0047-man-page-typo.patch | 2 +- ...sion-script-which-returned-wrong-tag-in-s.patch | 2 +- src/patches/dnsmasq/0049-Typos.patch | 2 +- ...ynamic-hosts-files-work-when-no-hosts-set.patch | 2 +- ...-trivial-memory-leaks-to-quieten-valgrind.patch | 2 +- ...ninitialized-value-used-in-get_client_mac.patch | 2 +- ...-Log-parsing-utils-in-contrib-reverse-dns.patch | 2 +- ...-Add-dnssec-timestamp-option-and-facility.patch | 2 +- ...mmit-to-not-crash-if-uid-changing-not-con.patch | 2 +- .../0056-New-version-of-contrib-reverse-dns.patch | 2 +- ...C-timestamp-code-to-create-file-later-rem.patch | 2 +- ...late-code-for-re-running-system-calls-on-.patch | 2 +- ...s-example.com-equivalent-to-server-exampl.patch | 2 +- ...tbound-interface-via-cmsg-in-unicast-repl.patch | 2 +- ...DNSSEC-when-a-signed-CNAME-dangles-into-a.patch | 2 +- ...Return-SERVFAIL-when-validation-abandoned.patch | 2 +- ...3-Protect-against-broken-DNSSEC-upstreams.patch | 2 +- ...EC-fix-for-non-ascii-characters-in-labels.patch | 2 +- ...ol-characters-in-names-in-the-cache-handl.patch | 2 +- .../dnsmasq/0066-Fix-crash-in-last-commit.patch | 2 +- .../dnsmasq/0067-Merge-message-translations.patch | 2 +- ...-tftp-no-fail-to-ignore-missing-tftp-root.patch | 2 +- src/patches/dnsmasq/0069-Whitespace-fixes.patch | 2 +- ...CURE-rather-than-BOGUS-when-DS-proved-not.patch | 2 +- ...ompiler-warning-when-not-including-DNSSEC.patch | 2 +- ...aused-by-looking-up-servers.bind-when-man.patch | 2 +- ...n-receipt-of-certain-malformed-DNS-reques.patch | 2 +- ...crash-in-auth-code-with-odd-configuration.patch | 2 +- ...rect-replies-to-NS-and-SOA-in-.arpa-zones.patch | 2 +- ...rk-induced-crash-in-new-tftp_no_fail-code.patch | 2 +- src/patches/dnsmasq/0077-Note-CVE-2015-3294.patch | 2 +- ...-when-reporting-DNSSEC-validation-failure.patch | 2 +- ...ddress-command-line-arg-in-dhcp_release.c.patch | 2 +- ...38dd574c51d96fef100285a0d225824534f9-and-.patch | 2 +- ...-domain-names-with-.-or-000-within-labels.patch | 2 +- ...eaks-to-previous-DNS-label-charset-commit.patch | 2 +- ...s-in-DHCPv6-not-suppressed-by-dhcp6-quiet.patch | 2 +- ...version-work-when-repo-is-a-git-submodule.patch | 2 +- ...t-order-botch-which-broke-DNSSEC-for-TCP-.patch | 2 +- ...e-RRSIG-RR-from-answers-to-ANY-queries-wh.patch | 2 +- ...tify-some-DHCP-lease-management-functions.patch | 2 +- ...packet-loss-when-fragmentation-of-large-p.patch | 332 +++++++++++++++++++++ ...v4-mapped-IPv6-addresses-with-stop-rebind.patch | 59 ++++ .../dnsmasq/0090-Tweak-EDNS-timeout-code.patch | 29 ++ ...mail-archive-mailing-list-mirror-in-doc.h.patch | 28 ++ ...-Allow-T1-and-T2-DHCPv4-options-to-be-set.patch | 200 +++++++++++++ src/patches/dnsmasq/0093-Tweak-last-commit.patch | 37 +++ ...rect-DHCP-context-for-PXE-proxy-server-id.patch | 29 ++ ...Fix-buffer-overflow-introduced-in-2.73rc6.patch | 49 +++ ...move-support-for-DNS-Extended-Label-Types.patch | 89 ++++++ ...ect-DHCP-context-when-in-PXE-bootserver-m.patch | 26 ++ .../0098-Tweak-immediately-previous-patch.patch | 33 ++ 99 files changed, 1009 insertions(+), 87 deletions(-) create mode 100644 src/patches/dnsmasq/0088-Handle-UDP-packet-loss-when-fragmentation-of-large-p.patch create mode 100644 src/patches/dnsmasq/0089-Check-IPv4-mapped-IPv6-addresses-with-stop-rebind.patch create mode 100644 src/patches/dnsmasq/0090-Tweak-EDNS-timeout-code.patch create mode 100644 src/patches/dnsmasq/0091-Pointer-to-mail-archive-mailing-list-mirror-in-doc.h.patch create mode 100644 src/patches/dnsmasq/0092-Allow-T1-and-T2-DHCPv4-options-to-be-set.patch create mode 100644 src/patches/dnsmasq/0093-Tweak-last-commit.patch create mode 100644 src/patches/dnsmasq/0094-Use-correct-DHCP-context-for-PXE-proxy-server-id.patch create mode 100644 src/patches/dnsmasq/0095-Fix-buffer-overflow-introduced-in-2.73rc6.patch create mode 100644 src/patches/dnsmasq/0096-Remove-support-for-DNS-Extended-Label-Types.patch create mode 100644 src/patches/dnsmasq/0097-Select-correct-DHCP-context-when-in-PXE-bootserver-m.patch create mode 100644 src/patches/dnsmasq/0098-Tweak-immediately-previous-patch.patch
Difference in files: diff --git a/lfs/dnsmasq b/lfs/dnsmasq index b98e662..857434c 100644 --- a/lfs/dnsmasq +++ b/lfs/dnsmasq @@ -160,6 +160,17 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0085-Fix-argument-order-botch-which-broke-DNSSEC-for-TCP-.patch cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0086-Don-t-remove-RRSIG-RR-from-answers-to-ANY-queries-wh.patch cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0087-Constify-some-DHCP-lease-management-functions.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0088-Handle-UDP-packet-loss-when-fragmentation-of-large-p.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0089-Check-IPv4-mapped-IPv6-addresses-with-stop-rebind.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0090-Tweak-EDNS-timeout-code.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0091-Pointer-to-mail-archive-mailing-list-mirror-in-doc.h.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0092-Allow-T1-and-T2-DHCPv4-options-to-be-set.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0093-Tweak-last-commit.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0094-Use-correct-DHCP-context-for-PXE-proxy-server-id.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0095-Fix-buffer-overflow-introduced-in-2.73rc6.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0096-Remove-support-for-DNS-Extended-Label-Types.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0097-Select-correct-DHCP-context-when-in-PXE-bootserver-m.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0098-Tweak-immediately-previous-patch.patch cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq-Add-support-to-read-ISC-DHCP-lease-file.patch cd $(DIR_APP) && sed -i src/config.h \ -e 's|/* #define HAVE_IDN */|#define HAVE_IDN|g' \ diff --git a/src/patches/dnsmasq/0001-Add-newline-at-the-end-of-example-config-file.patch b/src/patches/dnsmasq/0001-Add-newline-at-the-end-of-example-config-file.patch index 1d6a657..57c9ff1 100644 --- a/src/patches/dnsmasq/0001-Add-newline-at-the-end-of-example-config-file.patch +++ b/src/patches/dnsmasq/0001-Add-newline-at-the-end-of-example-config-file.patch @@ -1,7 +1,7 @@ From f2658275b25ebfe691cdcb9fede85a3088cca168 Mon Sep 17 00:00:00 2001 From: Simon Kelley simon@thekelleys.org.uk Date: Thu, 25 Sep 2014 21:51:25 +0100 -Subject: [PATCH 01/87] Add newline at the end of example config file. +Subject: [PATCH 01/98] Add newline at the end of example config file.
--- dnsmasq.conf.example | 2 +- diff --git a/src/patches/dnsmasq/0002-crash-at-startup-when-an-empty-suffix-is-supplied-to.patch b/src/patches/dnsmasq/0002-crash-at-startup-when-an-empty-suffix-is-supplied-to.patch index 54a36a7..86eb603 100644 --- a/src/patches/dnsmasq/0002-crash-at-startup-when-an-empty-suffix-is-supplied-to.patch +++ b/src/patches/dnsmasq/0002-crash-at-startup-when-an-empty-suffix-is-supplied-to.patch @@ -1,7 +1,7 @@ From 00cd9d551998307225312fd21f761cfa8868bd2c Mon Sep 17 00:00:00 2001 From: Simon Kelley simon@thekelleys.org.uk Date: Thu, 2 Oct 2014 21:44:21 +0100 -Subject: [PATCH 02/87] crash at startup when an empty suffix is supplied to +Subject: [PATCH 02/98] crash at startup when an empty suffix is supplied to --conf-dir
--- diff --git a/src/patches/dnsmasq/0003-Debian-build-fixes-for-kFreeBSD.patch b/src/patches/dnsmasq/0003-Debian-build-fixes-for-kFreeBSD.patch index eda9685..b0badb1 100644 --- a/src/patches/dnsmasq/0003-Debian-build-fixes-for-kFreeBSD.patch +++ b/src/patches/dnsmasq/0003-Debian-build-fixes-for-kFreeBSD.patch @@ -1,7 +1,7 @@ From 6ac3bc0452a74e16e3d620a0757b0f8caab182ec Mon Sep 17 00:00:00 2001 From: Simon Kelley simon@thekelleys.org.uk Date: Fri, 3 Oct 2014 08:48:11 +0100 -Subject: [PATCH 03/87] Debian build fixes for kFreeBSD +Subject: [PATCH 03/98] Debian build fixes for kFreeBSD
--- src/tables.c | 6 +++++- diff --git a/src/patches/dnsmasq/0004-Set-conntrack-mark-before-connect-call.patch b/src/patches/dnsmasq/0004-Set-conntrack-mark-before-connect-call.patch index 6374fef..b2725d4 100644 --- a/src/patches/dnsmasq/0004-Set-conntrack-mark-before-connect-call.patch +++ b/src/patches/dnsmasq/0004-Set-conntrack-mark-before-connect-call.patch @@ -1,7 +1,7 @@ From e9828b6f66b22ce8873f8d30a773137d1aef1b92 Mon Sep 17 00:00:00 2001 From: Karl Vogel karl.vogel@gmail.com Date: Fri, 3 Oct 2014 21:45:15 +0100 -Subject: [PATCH 04/87] Set conntrack mark before connect() call. +Subject: [PATCH 04/98] Set conntrack mark before connect() call.
SO_MARK has to be done before issuing the connect() call on the TCP socket. diff --git a/src/patches/dnsmasq/0005-Fix-typo-in-new-Dbus-code.patch b/src/patches/dnsmasq/0005-Fix-typo-in-new-Dbus-code.patch index 6052d45..84be7de 100644 --- a/src/patches/dnsmasq/0005-Fix-typo-in-new-Dbus-code.patch +++ b/src/patches/dnsmasq/0005-Fix-typo-in-new-Dbus-code.patch @@ -1,7 +1,7 @@ From 17b475912f6a4e72797a543dad59d4d5dde6bb1b Mon Sep 17 00:00:00 2001 From: Daniel Collins daniel.collins@smoothwall.net Date: Fri, 3 Oct 2014 21:58:43 +0100 -Subject: [PATCH 05/87] Fix typo in new Dbus code. +Subject: [PATCH 05/98] Fix typo in new Dbus code.
Simon's fault. --- diff --git a/src/patches/dnsmasq/0006-Fit-example-conf-file-typo.patch b/src/patches/dnsmasq/0006-Fit-example-conf-file-typo.patch index d7a0207..0cb139f 100644 --- a/src/patches/dnsmasq/0006-Fit-example-conf-file-typo.patch +++ b/src/patches/dnsmasq/0006-Fit-example-conf-file-typo.patch @@ -1,7 +1,7 @@ From 3d9d2dd0018603a2ae4b9cd65ac6ff959f4fd8c7 Mon Sep 17 00:00:00 2001 From: Tomas Hozza thozza@redhat.com Date: Mon, 6 Oct 2014 10:46:48 +0100 -Subject: [PATCH 06/87] Fit example conf file typo. +Subject: [PATCH 06/98] Fit example conf file typo.
--- dnsmasq.conf.example | 2 +- diff --git a/src/patches/dnsmasq/0007-Improve-RFC-compliance-when-unable-to-supply-address.patch b/src/patches/dnsmasq/0007-Improve-RFC-compliance-when-unable-to-supply-address.patch index 81e67b1..286ddcf 100644 --- a/src/patches/dnsmasq/0007-Improve-RFC-compliance-when-unable-to-supply-address.patch +++ b/src/patches/dnsmasq/0007-Improve-RFC-compliance-when-unable-to-supply-address.patch @@ -1,7 +1,7 @@ From b9ff5c8f435173cfa616e3c398bdc089ef690a07 Mon Sep 17 00:00:00 2001 From: Vladislav Grishenko themiron@mail.ru Date: Mon, 6 Oct 2014 14:34:24 +0100 -Subject: [PATCH 07/87] Improve RFC-compliance when unable to supply addresses +Subject: [PATCH 07/98] Improve RFC-compliance when unable to supply addresses in DHCPv6
While testing https://github.com/sbyx/odhcp6c client I have noticed it diff --git a/src/patches/dnsmasq/0008-Fix-conntrack-with-bind-interfaces.patch b/src/patches/dnsmasq/0008-Fix-conntrack-with-bind-interfaces.patch index a0706ba..f667cf3 100644 --- a/src/patches/dnsmasq/0008-Fix-conntrack-with-bind-interfaces.patch +++ b/src/patches/dnsmasq/0008-Fix-conntrack-with-bind-interfaces.patch @@ -1,7 +1,7 @@ From 98906275a02ae260fe3f82133bd79054f8315f06 Mon Sep 17 00:00:00 2001 From: Hans Dedecker dedeckeh@gmail.com Date: Tue, 9 Dec 2014 22:22:53 +0000 -Subject: [PATCH 08/87] Fix conntrack with --bind-interfaces +Subject: [PATCH 08/98] Fix conntrack with --bind-interfaces
Make sure dst_addr is assigned the correct address in receive_query when OPTNOWILD is enabled so the assigned mark can be correctly retrieved and set in forward_query when diff --git a/src/patches/dnsmasq/0009-Use-inotify-instead-of-polling-on-Linux.patch b/src/patches/dnsmasq/0009-Use-inotify-instead-of-polling-on-Linux.patch index 28dae8c..3d66540 100644 --- a/src/patches/dnsmasq/0009-Use-inotify-instead-of-polling-on-Linux.patch +++ b/src/patches/dnsmasq/0009-Use-inotify-instead-of-polling-on-Linux.patch @@ -1,7 +1,7 @@ From 193de4abf59e49c6b70d54cfe9720fcb95ca2f71 Mon Sep 17 00:00:00 2001 From: Simon Kelley simon@thekelleys.org.uk Date: Wed, 10 Dec 2014 17:32:16 +0000 -Subject: [PATCH 09/87] Use inotify instead of polling on Linux. +Subject: [PATCH 09/98] Use inotify instead of polling on Linux.
This should solve problems people are seeing when a file changes twice within a second and thus is missed for polling. diff --git a/src/patches/dnsmasq/0010-Teach-the-new-inotify-code-about-symlinks.patch b/src/patches/dnsmasq/0010-Teach-the-new-inotify-code-about-symlinks.patch index 34dbf3a..2ddef28 100644 --- a/src/patches/dnsmasq/0010-Teach-the-new-inotify-code-about-symlinks.patch +++ b/src/patches/dnsmasq/0010-Teach-the-new-inotify-code-about-symlinks.patch @@ -1,7 +1,7 @@ From 857973e6f7e0a3d03535a9df7f9373fd7a0b65cc Mon Sep 17 00:00:00 2001 From: Simon Kelley simon@thekelleys.org.uk Date: Mon, 15 Dec 2014 15:58:13 +0000 -Subject: [PATCH 10/87] Teach the new inotify code about symlinks. +Subject: [PATCH 10/98] Teach the new inotify code about symlinks.
--- src/inotify.c | 43 +++++++++++++++++++++++++++---------------- diff --git a/src/patches/dnsmasq/0011-Remove-floor-on-EDNS0-packet-size-with-DNSSEC.patch b/src/patches/dnsmasq/0011-Remove-floor-on-EDNS0-packet-size-with-DNSSEC.patch index b7c670f..c4dd777 100644 --- a/src/patches/dnsmasq/0011-Remove-floor-on-EDNS0-packet-size-with-DNSSEC.patch +++ b/src/patches/dnsmasq/0011-Remove-floor-on-EDNS0-packet-size-with-DNSSEC.patch @@ -1,7 +1,7 @@ From 800c5cc1e7438818fd80f08c2d472df249a6942d Mon Sep 17 00:00:00 2001 From: Simon Kelley simon@thekelleys.org.uk Date: Mon, 15 Dec 2014 17:50:15 +0000 -Subject: [PATCH 11/87] Remove floor on EDNS0 packet size with DNSSEC. +Subject: [PATCH 11/98] Remove floor on EDNS0 packet size with DNSSEC.
--- CHANGELOG | 6 +++++- diff --git a/src/patches/dnsmasq/0012-CHANGELOG-re.-inotify.patch b/src/patches/dnsmasq/0012-CHANGELOG-re.-inotify.patch index 8dbf7bd..0044a39 100644 --- a/src/patches/dnsmasq/0012-CHANGELOG-re.-inotify.patch +++ b/src/patches/dnsmasq/0012-CHANGELOG-re.-inotify.patch @@ -1,7 +1,7 @@ From ad946d555dce44eb690c7699933b6ff40ab85bb6 Mon Sep 17 00:00:00 2001 From: Simon Kelley simon@thekelleys.org.uk Date: Mon, 15 Dec 2014 17:52:22 +0000 -Subject: [PATCH 12/87] CHANGELOG re. inotify. +Subject: [PATCH 12/98] CHANGELOG re. inotify.
--- CHANGELOG | 4 ++++ diff --git a/src/patches/dnsmasq/0013-Fix-breakage-of-domain-domain-subnet-local.patch b/src/patches/dnsmasq/0013-Fix-breakage-of-domain-domain-subnet-local.patch index c102b72..8f67d2a 100644 --- a/src/patches/dnsmasq/0013-Fix-breakage-of-domain-domain-subnet-local.patch +++ b/src/patches/dnsmasq/0013-Fix-breakage-of-domain-domain-subnet-local.patch @@ -1,7 +1,7 @@ From 3ad3f3bbd4ee716a7d2fb1e115cf89bd1b1a5de9 Mon Sep 17 00:00:00 2001 From: Simon Kelley simon@thekelleys.org.uk Date: Tue, 16 Dec 2014 18:25:17 +0000 -Subject: [PATCH 13/87] Fix breakage of --domain=<domain>,<subnet>,local +Subject: [PATCH 13/98] Fix breakage of --domain=<domain>,<subnet>,local
--- CHANGELOG | 4 ++++ diff --git a/src/patches/dnsmasq/0014-Remove-redundant-IN6_IS_ADDR_ULA-a-macro-defn.patch b/src/patches/dnsmasq/0014-Remove-redundant-IN6_IS_ADDR_ULA-a-macro-defn.patch index 8d81825..19f0322 100644 --- a/src/patches/dnsmasq/0014-Remove-redundant-IN6_IS_ADDR_ULA-a-macro-defn.patch +++ b/src/patches/dnsmasq/0014-Remove-redundant-IN6_IS_ADDR_ULA-a-macro-defn.patch @@ -1,7 +1,7 @@ From bd9520b7ade7098ee423acc38965376aa57feb07 Mon Sep 17 00:00:00 2001 From: Simon Kelley simon@thekelleys.org.uk Date: Tue, 16 Dec 2014 20:41:29 +0000 -Subject: [PATCH 14/87] Remove redundant IN6_IS_ADDR_ULA(a) macro defn. +Subject: [PATCH 14/98] Remove redundant IN6_IS_ADDR_ULA(a) macro defn.
--- src/network.c | 4 ---- diff --git a/src/patches/dnsmasq/0015-Eliminate-IPv6-privacy-addresses-from-interface-name.patch b/src/patches/dnsmasq/0015-Eliminate-IPv6-privacy-addresses-from-interface-name.patch index 9544a16..2c9c2a6 100644 --- a/src/patches/dnsmasq/0015-Eliminate-IPv6-privacy-addresses-from-interface-name.patch +++ b/src/patches/dnsmasq/0015-Eliminate-IPv6-privacy-addresses-from-interface-name.patch @@ -1,7 +1,7 @@ From 476693678e778886b64d0b56e27eb7695cbcca99 Mon Sep 17 00:00:00 2001 From: Simon Kelley simon@thekelleys.org.uk Date: Wed, 17 Dec 2014 12:41:56 +0000 -Subject: [PATCH 15/87] Eliminate IPv6 privacy addresses from --interface-name +Subject: [PATCH 15/98] Eliminate IPv6 privacy addresses from --interface-name answers.
--- diff --git a/src/patches/dnsmasq/0016-Tweak-field-width-in-cache-dump-to-avoid-truncating-.patch b/src/patches/dnsmasq/0016-Tweak-field-width-in-cache-dump-to-avoid-truncating-.patch index 9fb6efb..3b984f3 100644 --- a/src/patches/dnsmasq/0016-Tweak-field-width-in-cache-dump-to-avoid-truncating-.patch +++ b/src/patches/dnsmasq/0016-Tweak-field-width-in-cache-dump-to-avoid-truncating-.patch @@ -1,7 +1,7 @@ From 3267804598047bd1781cab91508d1bc516e5ddbb Mon Sep 17 00:00:00 2001 From: Simon Kelley simon@thekelleys.org.uk Date: Wed, 17 Dec 2014 20:38:20 +0000 -Subject: [PATCH 16/87] Tweak field width in cache dump to avoid truncating +Subject: [PATCH 16/98] Tweak field width in cache dump to avoid truncating IPv6 addresses.
--- diff --git a/src/patches/dnsmasq/0017-Fix-crash-in-DNSSEC-code-when-attempting-to-verify-l.patch b/src/patches/dnsmasq/0017-Fix-crash-in-DNSSEC-code-when-attempting-to-verify-l.patch index 45370a6..0aa4fe9 100644 --- a/src/patches/dnsmasq/0017-Fix-crash-in-DNSSEC-code-when-attempting-to-verify-l.patch +++ b/src/patches/dnsmasq/0017-Fix-crash-in-DNSSEC-code-when-attempting-to-verify-l.patch @@ -1,7 +1,7 @@ From 094b5c3d904bae9aeb3206d9f3b8348926b84975 Mon Sep 17 00:00:00 2001 From: Simon Kelley simon@thekelleys.org.uk Date: Sun, 21 Dec 2014 16:11:52 +0000 -Subject: [PATCH 17/87] Fix crash in DNSSEC code when attempting to verify +Subject: [PATCH 17/98] Fix crash in DNSSEC code when attempting to verify large RRs.
--- diff --git a/src/patches/dnsmasq/0018-Make-caching-work-for-CNAMEs-pointing-to-A-AAAA-reco.patch b/src/patches/dnsmasq/0018-Make-caching-work-for-CNAMEs-pointing-to-A-AAAA-reco.patch index 11e5178..e80f0e3 100644 --- a/src/patches/dnsmasq/0018-Make-caching-work-for-CNAMEs-pointing-to-A-AAAA-reco.patch +++ b/src/patches/dnsmasq/0018-Make-caching-work-for-CNAMEs-pointing-to-A-AAAA-reco.patch @@ -1,7 +1,7 @@ From cbc652423403e3cef00e00240f6beef713142246 Mon Sep 17 00:00:00 2001 From: Simon Kelley simon@thekelleys.org.uk Date: Sun, 21 Dec 2014 21:21:53 +0000 -Subject: [PATCH 18/87] Make caching work for CNAMEs pointing to A/AAAA records +Subject: [PATCH 18/98] Make caching work for CNAMEs pointing to A/AAAA records shadowed in /etc/hosts
If the answer to an upstream query is a CNAME which points to an diff --git a/src/patches/dnsmasq/0019-Fix-problems-validating-NSEC3-and-wildcards.patch b/src/patches/dnsmasq/0019-Fix-problems-validating-NSEC3-and-wildcards.patch index 4fe15f0..7bd143e 100644 --- a/src/patches/dnsmasq/0019-Fix-problems-validating-NSEC3-and-wildcards.patch +++ b/src/patches/dnsmasq/0019-Fix-problems-validating-NSEC3-and-wildcards.patch @@ -1,7 +1,7 @@ From fbc5205702c7f6f431d9f1043c553d7fb62ddfdb Mon Sep 17 00:00:00 2001 From: Simon Kelley simon@thekelleys.org.uk Date: Tue, 23 Dec 2014 15:46:08 +0000 -Subject: [PATCH 19/87] Fix problems validating NSEC3 and wildcards. +Subject: [PATCH 19/98] Fix problems validating NSEC3 and wildcards.
--- src/dnssec.c | 253 ++++++++++++++++++++++++++++++----------------------------- diff --git a/src/patches/dnsmasq/0020-Initialise-return-value.patch b/src/patches/dnsmasq/0020-Initialise-return-value.patch index cfa39ce..27d1217 100644 --- a/src/patches/dnsmasq/0020-Initialise-return-value.patch +++ b/src/patches/dnsmasq/0020-Initialise-return-value.patch @@ -1,7 +1,7 @@ From 83d2ed09fc0216b567d7fb2197e4ff3eae150b0d Mon Sep 17 00:00:00 2001 From: Simon Kelley simon@thekelleys.org.uk Date: Tue, 23 Dec 2014 18:42:38 +0000 -Subject: [PATCH 20/87] Initialise return value. +Subject: [PATCH 20/98] Initialise return value.
--- src/dnssec.c | 7 +++++-- diff --git a/src/patches/dnsmasq/0021-Add-ignore-address-option.patch b/src/patches/dnsmasq/0021-Add-ignore-address-option.patch index d3fda4b..ab6e7a5 100644 --- a/src/patches/dnsmasq/0021-Add-ignore-address-option.patch +++ b/src/patches/dnsmasq/0021-Add-ignore-address-option.patch @@ -1,7 +1,7 @@ From 32fc6dbe03569d70dd394420ceb73532cf303c33 Mon Sep 17 00:00:00 2001 From: Glen Huang curvedmark@gmail.com Date: Sat, 27 Dec 2014 15:28:12 +0000 -Subject: [PATCH 21/87] Add --ignore-address option. +Subject: [PATCH 21/98] Add --ignore-address option.
--- CHANGELOG | 8 ++++++++ diff --git a/src/patches/dnsmasq/0022-Bad-packet-protection.patch b/src/patches/dnsmasq/0022-Bad-packet-protection.patch index 58ac5eb..0c82506 100644 --- a/src/patches/dnsmasq/0022-Bad-packet-protection.patch +++ b/src/patches/dnsmasq/0022-Bad-packet-protection.patch @@ -1,7 +1,7 @@ From 0b1008d367d44e77352134a4c5178f896f0db3e7 Mon Sep 17 00:00:00 2001 From: Simon Kelley simon@thekelleys.org.uk Date: Sat, 27 Dec 2014 15:33:32 +0000 -Subject: [PATCH 22/87] Bad packet protection. +Subject: [PATCH 22/98] Bad packet protection.
--- src/dnssec.c | 2 +- diff --git a/src/patches/dnsmasq/0023-Fix-build-failure-in-new-inotify-code-on-BSD.patch b/src/patches/dnsmasq/0023-Fix-build-failure-in-new-inotify-code-on-BSD.patch index ebfa6b1..5bf7d63 100644 --- a/src/patches/dnsmasq/0023-Fix-build-failure-in-new-inotify-code-on-BSD.patch +++ b/src/patches/dnsmasq/0023-Fix-build-failure-in-new-inotify-code-on-BSD.patch @@ -1,7 +1,7 @@ From d310ab7ecbffce79d3d90debba621e0222f9bced Mon Sep 17 00:00:00 2001 From: Matthias Andree matthias.andree@gmx.de Date: Sat, 27 Dec 2014 15:36:38 +0000 -Subject: [PATCH 23/87] Fix build failure in new inotify code on BSD. +Subject: [PATCH 23/98] Fix build failure in new inotify code on BSD.
--- src/inotify.c | 4 ++-- diff --git a/src/patches/dnsmasq/0024-Implement-makefile-dependencies-on-COPTS-variable.patch b/src/patches/dnsmasq/0024-Implement-makefile-dependencies-on-COPTS-variable.patch index 64219ff..41662b7 100644 --- a/src/patches/dnsmasq/0024-Implement-makefile-dependencies-on-COPTS-variable.patch +++ b/src/patches/dnsmasq/0024-Implement-makefile-dependencies-on-COPTS-variable.patch @@ -1,7 +1,7 @@ From 81c538efcebfce2ce4a1d3a420b6c885b8f08df9 Mon Sep 17 00:00:00 2001 From: Yousong Zhou yszhou4tech@gmail.com Date: Sat, 3 Jan 2015 16:36:14 +0000 -Subject: [PATCH 24/87] Implement makefile dependencies on COPTS variable. +Subject: [PATCH 24/98] Implement makefile dependencies on COPTS variable.
--- .gitignore | 2 +- diff --git a/src/patches/dnsmasq/0025-Fix-race-condition-issue-in-makefile.patch b/src/patches/dnsmasq/0025-Fix-race-condition-issue-in-makefile.patch index 2297e6f..4de4883 100644 --- a/src/patches/dnsmasq/0025-Fix-race-condition-issue-in-makefile.patch +++ b/src/patches/dnsmasq/0025-Fix-race-condition-issue-in-makefile.patch @@ -1,7 +1,7 @@ From d8dbd903d024f84a149dac2f8a674a68dfed47a3 Mon Sep 17 00:00:00 2001 From: Yousong Zhou yszhou4tech@gmail.com Date: Mon, 5 Jan 2015 17:03:35 +0000 -Subject: [PATCH 25/87] Fix race condition issue in makefile. +Subject: [PATCH 25/98] Fix race condition issue in makefile.
--- Makefile | 4 +++- diff --git a/src/patches/dnsmasq/0026-DNSSEC-do-top-down-search-for-limit-of-secure-delega.patch b/src/patches/dnsmasq/0026-DNSSEC-do-top-down-search-for-limit-of-secure-delega.patch index 6fb5db1..cb9c925 100644 --- a/src/patches/dnsmasq/0026-DNSSEC-do-top-down-search-for-limit-of-secure-delega.patch +++ b/src/patches/dnsmasq/0026-DNSSEC-do-top-down-search-for-limit-of-secure-delega.patch @@ -1,7 +1,7 @@ From 97e618a0e3f29465acc689d87288596b006f197e Mon Sep 17 00:00:00 2001 From: Simon Kelley simon@thekelleys.org.uk Date: Wed, 7 Jan 2015 21:55:43 +0000 -Subject: [PATCH 26/87] DNSSEC: do top-down search for limit of secure +Subject: [PATCH 26/98] DNSSEC: do top-down search for limit of secure delegation.
--- diff --git a/src/patches/dnsmasq/0027-Add-log-queries-extra-option-for-more-complete-loggi.patch b/src/patches/dnsmasq/0027-Add-log-queries-extra-option-for-more-complete-loggi.patch index 41e3649..6b75253 100644 --- a/src/patches/dnsmasq/0027-Add-log-queries-extra-option-for-more-complete-loggi.patch +++ b/src/patches/dnsmasq/0027-Add-log-queries-extra-option-for-more-complete-loggi.patch @@ -1,7 +1,7 @@ From 25cf5e373eb41c088d4ee5e625209c4cf6a5659e Mon Sep 17 00:00:00 2001 From: Simon Kelley simon@thekelleys.org.uk Date: Fri, 9 Jan 2015 15:53:03 +0000 -Subject: [PATCH 27/87] Add --log-queries=extra option for more complete +Subject: [PATCH 27/98] Add --log-queries=extra option for more complete logging.
--- diff --git a/src/patches/dnsmasq/0028-Add-min-cache-ttl-option.patch b/src/patches/dnsmasq/0028-Add-min-cache-ttl-option.patch index 85de912..6bb1c97 100644 --- a/src/patches/dnsmasq/0028-Add-min-cache-ttl-option.patch +++ b/src/patches/dnsmasq/0028-Add-min-cache-ttl-option.patch @@ -1,7 +1,7 @@ From 28de38768e2c7d763b9aa5b7a4d251d5e56bab0b Mon Sep 17 00:00:00 2001 From: RinSatsuki aa65535@live.com Date: Sat, 10 Jan 2015 15:22:21 +0000 -Subject: [PATCH 28/87] Add --min-cache-ttl option. +Subject: [PATCH 28/98] Add --min-cache-ttl option.
--- CHANGELOG | 7 +++++++ diff --git a/src/patches/dnsmasq/0029-Log-port-of-requestor-when-doing-extra-logging.patch b/src/patches/dnsmasq/0029-Log-port-of-requestor-when-doing-extra-logging.patch index afbece3..0e63180 100644 --- a/src/patches/dnsmasq/0029-Log-port-of-requestor-when-doing-extra-logging.patch +++ b/src/patches/dnsmasq/0029-Log-port-of-requestor-when-doing-extra-logging.patch @@ -1,7 +1,7 @@ From 9f79ee4ae34886c0319f06d8f162b81ef79d62fb Mon Sep 17 00:00:00 2001 From: Simon Kelley simon@thekelleys.org.uk Date: Mon, 12 Jan 2015 20:18:18 +0000 -Subject: [PATCH 29/87] Log port of requestor when doing extra logging. +Subject: [PATCH 29/98] Log port of requestor when doing extra logging.
--- src/cache.c | 6 +++--- diff --git a/src/patches/dnsmasq/0030-Don-t-answer-from-cache-RRsets-from-wildcards-as-we-.patch b/src/patches/dnsmasq/0030-Don-t-answer-from-cache-RRsets-from-wildcards-as-we-.patch index ac206e3..6817da1 100644 --- a/src/patches/dnsmasq/0030-Don-t-answer-from-cache-RRsets-from-wildcards-as-we-.patch +++ b/src/patches/dnsmasq/0030-Don-t-answer-from-cache-RRsets-from-wildcards-as-we-.patch @@ -1,7 +1,7 @@ From 5e321739db381a1d7b5964d76e9c81471d2564c9 Mon Sep 17 00:00:00 2001 From: Simon Kelley simon@thekelleys.org.uk Date: Mon, 12 Jan 2015 23:16:56 +0000 -Subject: [PATCH 30/87] Don't answer from cache RRsets from wildcards, as we +Subject: [PATCH 30/98] Don't answer from cache RRsets from wildcards, as we don't have NSECs.
--- diff --git a/src/patches/dnsmasq/0031-Logs-for-DS-records-consistent.patch b/src/patches/dnsmasq/0031-Logs-for-DS-records-consistent.patch index 20a0e4b..2b86121 100644 --- a/src/patches/dnsmasq/0031-Logs-for-DS-records-consistent.patch +++ b/src/patches/dnsmasq/0031-Logs-for-DS-records-consistent.patch @@ -1,7 +1,7 @@ From ae4624bf46b5e37ff1a9a2ba3c927e0dede95adb Mon Sep 17 00:00:00 2001 From: Simon Kelley simon@thekelleys.org.uk Date: Mon, 12 Jan 2015 23:22:08 +0000 -Subject: [PATCH 31/87] Logs for DS records consistent. +Subject: [PATCH 31/98] Logs for DS records consistent.
--- src/rfc1035.c | 2 +- diff --git a/src/patches/dnsmasq/0032-Cope-with-multiple-interfaces-with-the-same-LL-addre.patch b/src/patches/dnsmasq/0032-Cope-with-multiple-interfaces-with-the-same-LL-addre.patch index 5b5fc07..d3d1277 100644 --- a/src/patches/dnsmasq/0032-Cope-with-multiple-interfaces-with-the-same-LL-addre.patch +++ b/src/patches/dnsmasq/0032-Cope-with-multiple-interfaces-with-the-same-LL-addre.patch @@ -1,7 +1,7 @@ From 393415597c8b5b09558b789ab9ac238dbe3db65d Mon Sep 17 00:00:00 2001 From: Simon Kelley simon@thekelleys.org.uk Date: Sun, 18 Jan 2015 22:11:10 +0000 -Subject: [PATCH 32/87] Cope with multiple interfaces with the same LL address. +Subject: [PATCH 32/98] Cope with multiple interfaces with the same LL address.
--- CHANGELOG | 4 ++++ diff --git a/src/patches/dnsmasq/0033-Don-t-treat-SERVFAIL-as-a-recoverable-error.patch b/src/patches/dnsmasq/0033-Don-t-treat-SERVFAIL-as-a-recoverable-error.patch index 926885f..07cc080 100644 --- a/src/patches/dnsmasq/0033-Don-t-treat-SERVFAIL-as-a-recoverable-error.patch +++ b/src/patches/dnsmasq/0033-Don-t-treat-SERVFAIL-as-a-recoverable-error.patch @@ -1,7 +1,7 @@ From 2ae195f5a71f7c5a75717845de1bd72fc7dd67f3 Mon Sep 17 00:00:00 2001 From: Simon Kelley simon@thekelleys.org.uk Date: Sun, 18 Jan 2015 22:20:48 +0000 -Subject: [PATCH 33/87] Don't treat SERVFAIL as a recoverable error..... +Subject: [PATCH 33/98] Don't treat SERVFAIL as a recoverable error.....
--- src/forward.c | 2 +- diff --git a/src/patches/dnsmasq/0034-Add-dhcp-hostsdir-config-option.patch b/src/patches/dnsmasq/0034-Add-dhcp-hostsdir-config-option.patch index 4ca8cc5..b93d9cc 100644 --- a/src/patches/dnsmasq/0034-Add-dhcp-hostsdir-config-option.patch +++ b/src/patches/dnsmasq/0034-Add-dhcp-hostsdir-config-option.patch @@ -1,7 +1,7 @@ From 5f4dc5c6ca50655ab14f572c7e30815ed74cd51a Mon Sep 17 00:00:00 2001 From: Simon Kelley simon@thekelleys.org.uk Date: Tue, 20 Jan 2015 20:51:02 +0000 -Subject: [PATCH 34/87] Add --dhcp-hostsdir config option. +Subject: [PATCH 34/98] Add --dhcp-hostsdir config option.
--- CHANGELOG | 5 +++ diff --git a/src/patches/dnsmasq/0035-Update-German-translation.patch b/src/patches/dnsmasq/0035-Update-German-translation.patch index 23f1a5f..820bce1 100644 --- a/src/patches/dnsmasq/0035-Update-German-translation.patch +++ b/src/patches/dnsmasq/0035-Update-German-translation.patch @@ -1,7 +1,7 @@ From fbf01f7046e75f9aa73fd4aab2a94e43386d9052 Mon Sep 17 00:00:00 2001 From: Conrad Kostecki ck@conrad-kostecki.de Date: Tue, 20 Jan 2015 21:07:56 +0000 -Subject: [PATCH 35/87] Update German translation. +Subject: [PATCH 35/98] Update German translation.
--- po/de.po | 101 +++++++++++++++++++++++++++++---------------------------------- diff --git a/src/patches/dnsmasq/0036-Don-t-reply-to-DHCPv6-SOLICIT-messages-when-not-conf.patch b/src/patches/dnsmasq/0036-Don-t-reply-to-DHCPv6-SOLICIT-messages-when-not-conf.patch index c89b678..8856236 100644 --- a/src/patches/dnsmasq/0036-Don-t-reply-to-DHCPv6-SOLICIT-messages-when-not-conf.patch +++ b/src/patches/dnsmasq/0036-Don-t-reply-to-DHCPv6-SOLICIT-messages-when-not-conf.patch @@ -1,7 +1,7 @@ From 61b838dd574c51d96fef100285a0d225824534f9 Mon Sep 17 00:00:00 2001 From: Win King Wan pinwing+dnsmasq@gmail.com Date: Wed, 21 Jan 2015 20:41:48 +0000 -Subject: [PATCH 36/87] Don't reply to DHCPv6 SOLICIT messages when not +Subject: [PATCH 36/98] Don't reply to DHCPv6 SOLICIT messages when not configured for statefull DHCPv6.
--- diff --git a/src/patches/dnsmasq/0037-Allow-inotify-to-be-disabled-at-compile-time-on-Linu.patch b/src/patches/dnsmasq/0037-Allow-inotify-to-be-disabled-at-compile-time-on-Linu.patch index 1617095..2a4df45 100644 --- a/src/patches/dnsmasq/0037-Allow-inotify-to-be-disabled-at-compile-time-on-Linu.patch +++ b/src/patches/dnsmasq/0037-Allow-inotify-to-be-disabled-at-compile-time-on-Linu.patch @@ -1,7 +1,7 @@ From 0491805d2ff6e7727f0272c94fd97d9897d1e22c Mon Sep 17 00:00:00 2001 From: Simon Kelley simon@thekelleys.org.uk Date: Mon, 26 Jan 2015 11:23:43 +0000 -Subject: [PATCH 37/87] Allow inotify to be disabled at compile time on Linux. +Subject: [PATCH 37/98] Allow inotify to be disabled at compile time on Linux.
--- CHANGELOG | 4 +++- diff --git a/src/patches/dnsmasq/0038-Expand-inotify-code-to-dhcp-hostsdir-dhcp-optsdir-an.patch b/src/patches/dnsmasq/0038-Expand-inotify-code-to-dhcp-hostsdir-dhcp-optsdir-an.patch index fee3aae..cd35f36 100644 --- a/src/patches/dnsmasq/0038-Expand-inotify-code-to-dhcp-hostsdir-dhcp-optsdir-an.patch +++ b/src/patches/dnsmasq/0038-Expand-inotify-code-to-dhcp-hostsdir-dhcp-optsdir-an.patch @@ -1,7 +1,7 @@ From 70d1873dd9e70041ed4bb88c69d5b886b7cc634c Mon Sep 17 00:00:00 2001 From: Simon Kelley simon@thekelleys.org.uk Date: Sat, 31 Jan 2015 19:59:29 +0000 -Subject: [PATCH 38/87] Expand inotify code to dhcp-hostsdir, dhcp-optsdir and +Subject: [PATCH 38/98] Expand inotify code to dhcp-hostsdir, dhcp-optsdir and hostsdir.
--- diff --git a/src/patches/dnsmasq/0039-Update-copyrights-for-dawn-of-2015.patch b/src/patches/dnsmasq/0039-Update-copyrights-for-dawn-of-2015.patch index 58a4ce6..7cf3fa7 100644 --- a/src/patches/dnsmasq/0039-Update-copyrights-for-dawn-of-2015.patch +++ b/src/patches/dnsmasq/0039-Update-copyrights-for-dawn-of-2015.patch @@ -1,7 +1,7 @@ From aff3396280e944833f0e23d834aa6acd5fe2605a Mon Sep 17 00:00:00 2001 From: Simon Kelley simon@thekelleys.org.uk Date: Sat, 31 Jan 2015 20:13:40 +0000 -Subject: [PATCH 39/87] Update copyrights for dawn of 2015. +Subject: [PATCH 39/98] Update copyrights for dawn of 2015.
--- Makefile | 2 +- diff --git a/src/patches/dnsmasq/0040-inotify-documentation-updates.patch b/src/patches/dnsmasq/0040-inotify-documentation-updates.patch index bd0ce4d..3ed1b15 100644 --- a/src/patches/dnsmasq/0040-inotify-documentation-updates.patch +++ b/src/patches/dnsmasq/0040-inotify-documentation-updates.patch @@ -1,7 +1,7 @@ From 3d04f46334d0e345f589eda1372e638b946fe637 Mon Sep 17 00:00:00 2001 From: Simon Kelley simon@thekelleys.org.uk Date: Sat, 31 Jan 2015 21:59:13 +0000 -Subject: [PATCH 40/87] inotify documentation updates. +Subject: [PATCH 40/98] inotify documentation updates.
--- man/dnsmasq.8 | 11 +++++++++-- diff --git a/src/patches/dnsmasq/0041-Fix-broken-ECDSA-DNSSEC-signatures.patch b/src/patches/dnsmasq/0041-Fix-broken-ECDSA-DNSSEC-signatures.patch index be9122c..56dcc5f 100644 --- a/src/patches/dnsmasq/0041-Fix-broken-ECDSA-DNSSEC-signatures.patch +++ b/src/patches/dnsmasq/0041-Fix-broken-ECDSA-DNSSEC-signatures.patch @@ -1,7 +1,7 @@ From 6ef15b34ca83c62a939f69356d5c3f7a6bfef3d0 Mon Sep 17 00:00:00 2001 From: Simon Kelley simon@thekelleys.org.uk Date: Sat, 31 Jan 2015 22:44:26 +0000 -Subject: [PATCH 41/87] Fix broken ECDSA DNSSEC signatures. +Subject: [PATCH 41/98] Fix broken ECDSA DNSSEC signatures.
--- CHANGELOG | 2 ++ diff --git a/src/patches/dnsmasq/0042-BSD-make-support.patch b/src/patches/dnsmasq/0042-BSD-make-support.patch index a60c1bd..6584253 100644 --- a/src/patches/dnsmasq/0042-BSD-make-support.patch +++ b/src/patches/dnsmasq/0042-BSD-make-support.patch @@ -1,7 +1,7 @@ From 106266761828a0acb006346ae47bf031dee46a5d Mon Sep 17 00:00:00 2001 From: Simon Kelley simon@thekelleys.org.uk Date: Sun, 1 Feb 2015 00:15:16 +0000 -Subject: [PATCH 42/87] BSD make support +Subject: [PATCH 42/98] BSD make support
--- Makefile | 6 ++++-- diff --git a/src/patches/dnsmasq/0043-Fix-build-failure-on-openBSD.patch b/src/patches/dnsmasq/0043-Fix-build-failure-on-openBSD.patch index 0fcc8cd..a8c26bf 100644 --- a/src/patches/dnsmasq/0043-Fix-build-failure-on-openBSD.patch +++ b/src/patches/dnsmasq/0043-Fix-build-failure-on-openBSD.patch @@ -1,7 +1,7 @@ From 8d8a54ec79d9f96979fabbd97b1dd2ddebc7d78f Mon Sep 17 00:00:00 2001 From: Simon Kelley simon@thekelleys.org.uk Date: Sun, 1 Feb 2015 21:48:46 +0000 -Subject: [PATCH 43/87] Fix build failure on openBSD. +Subject: [PATCH 43/98] Fix build failure on openBSD.
--- src/tables.c | 2 +- diff --git a/src/patches/dnsmasq/0044-Manpage-typo-fix.patch b/src/patches/dnsmasq/0044-Manpage-typo-fix.patch index dd45634..f8bd5fc 100644 --- a/src/patches/dnsmasq/0044-Manpage-typo-fix.patch +++ b/src/patches/dnsmasq/0044-Manpage-typo-fix.patch @@ -1,7 +1,7 @@ From d36b732c4cfa91ea09af64b5dc0f3a85a075e5bc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thi=C3=A9baud=20Weksteen?= thiebaud@weksteen.fr Date: Mon, 2 Feb 2015 21:37:27 +0000 -Subject: [PATCH 44/87] Manpage typo fix. +Subject: [PATCH 44/98] Manpage typo fix.
--- man/dnsmasq.8 | 2 +- diff --git a/src/patches/dnsmasq/0045-Fixup-dhcp-configs-after-reading-extra-hostfiles-wit.patch b/src/patches/dnsmasq/0045-Fixup-dhcp-configs-after-reading-extra-hostfiles-wit.patch index 7a719f8..7f6d39f 100644 --- a/src/patches/dnsmasq/0045-Fixup-dhcp-configs-after-reading-extra-hostfiles-wit.patch +++ b/src/patches/dnsmasq/0045-Fixup-dhcp-configs-after-reading-extra-hostfiles-wit.patch @@ -1,7 +1,7 @@ From 2941d3ac898cf84b544e47c9735c5e4111711db1 Mon Sep 17 00:00:00 2001 From: Simon Kelley simon@thekelleys.org.uk Date: Mon, 2 Feb 2015 22:36:42 +0000 -Subject: [PATCH 45/87] Fixup dhcp-configs after reading extra hostfiles with +Subject: [PATCH 45/98] Fixup dhcp-configs after reading extra hostfiles with inotify.
--- diff --git a/src/patches/dnsmasq/0046-Extra-logging-for-inotify-code.patch b/src/patches/dnsmasq/0046-Extra-logging-for-inotify-code.patch index 3db945d..b15ef9a 100644 --- a/src/patches/dnsmasq/0046-Extra-logging-for-inotify-code.patch +++ b/src/patches/dnsmasq/0046-Extra-logging-for-inotify-code.patch @@ -1,7 +1,7 @@ From f9c863708c6b0aea31ff7a466647685dc739de50 Mon Sep 17 00:00:00 2001 From: Simon Kelley simon@thekelleys.org.uk Date: Tue, 3 Feb 2015 21:52:48 +0000 -Subject: [PATCH 46/87] Extra logging for inotify code. +Subject: [PATCH 46/98] Extra logging for inotify code.
--- src/cache.c | 9 ++++----- diff --git a/src/patches/dnsmasq/0047-man-page-typo.patch b/src/patches/dnsmasq/0047-man-page-typo.patch index 5a81152..5557b51 100644 --- a/src/patches/dnsmasq/0047-man-page-typo.patch +++ b/src/patches/dnsmasq/0047-man-page-typo.patch @@ -1,7 +1,7 @@ From efb8b5566aafc1f3ce18514a2df93af5a2e4998c Mon Sep 17 00:00:00 2001 From: Simon Kelley simon@thekelleys.org.uk Date: Sat, 7 Feb 2015 22:36:34 +0000 -Subject: [PATCH 47/87] man page typo. +Subject: [PATCH 47/98] man page typo.
--- man/dnsmasq.8 | 1 + diff --git a/src/patches/dnsmasq/0048-Fix-get-version-script-which-returned-wrong-tag-in-s.patch b/src/patches/dnsmasq/0048-Fix-get-version-script-which-returned-wrong-tag-in-s.patch index e69e0a6..c70ca46 100644 --- a/src/patches/dnsmasq/0048-Fix-get-version-script-which-returned-wrong-tag-in-s.patch +++ b/src/patches/dnsmasq/0048-Fix-get-version-script-which-returned-wrong-tag-in-s.patch @@ -1,7 +1,7 @@ From f4f400776b3c1aa303d1a0fcd500f0ab5bc970f2 Mon Sep 17 00:00:00 2001 From: Shantanu Gadgil shantanugadgil@yahoo.com Date: Wed, 11 Feb 2015 20:16:59 +0000 -Subject: [PATCH 48/87] Fix get-version script which returned wrong tag in some +Subject: [PATCH 48/98] Fix get-version script which returned wrong tag in some situations.
--- diff --git a/src/patches/dnsmasq/0049-Typos.patch b/src/patches/dnsmasq/0049-Typos.patch index e78f185..1c71180 100644 --- a/src/patches/dnsmasq/0049-Typos.patch +++ b/src/patches/dnsmasq/0049-Typos.patch @@ -1,7 +1,7 @@ From 8ff70de618eb7de9147dbfbd4deca4a2dd62f0cb Mon Sep 17 00:00:00 2001 From: Simon Kelley simon@thekelleys.org.uk Date: Sat, 14 Feb 2015 20:02:37 +0000 -Subject: [PATCH 49/87] Typos. +Subject: [PATCH 49/98] Typos.
--- src/inotify.c | 3 ++- diff --git a/src/patches/dnsmasq/0050-Make-dynamic-hosts-files-work-when-no-hosts-set.patch b/src/patches/dnsmasq/0050-Make-dynamic-hosts-files-work-when-no-hosts-set.patch index 7b5a92d..38736c7 100644 --- a/src/patches/dnsmasq/0050-Make-dynamic-hosts-files-work-when-no-hosts-set.patch +++ b/src/patches/dnsmasq/0050-Make-dynamic-hosts-files-work-when-no-hosts-set.patch @@ -1,7 +1,7 @@ From caeea190f12efd20139f694aac4942d1ac00019f Mon Sep 17 00:00:00 2001 From: Simon Kelley simon@thekelleys.org.uk Date: Sat, 14 Feb 2015 20:08:56 +0000 -Subject: [PATCH 50/87] Make dynamic hosts files work when --no-hosts set. +Subject: [PATCH 50/98] Make dynamic hosts files work when --no-hosts set.
--- src/cache.c | 21 +++++++++++---------- diff --git a/src/patches/dnsmasq/0051-Fix-trivial-memory-leaks-to-quieten-valgrind.patch b/src/patches/dnsmasq/0051-Fix-trivial-memory-leaks-to-quieten-valgrind.patch index cfc7b00..fb15cc2 100644 --- a/src/patches/dnsmasq/0051-Fix-trivial-memory-leaks-to-quieten-valgrind.patch +++ b/src/patches/dnsmasq/0051-Fix-trivial-memory-leaks-to-quieten-valgrind.patch @@ -1,7 +1,7 @@ From 28b879ac47b872af6e8c5e86d76806c69338434d Mon Sep 17 00:00:00 2001 From: Chen Wei weichen302@icloud.com Date: Tue, 17 Feb 2015 22:07:35 +0000 -Subject: [PATCH 51/87] Fix trivial memory leaks to quieten valgrind. +Subject: [PATCH 51/98] Fix trivial memory leaks to quieten valgrind.
--- src/dnsmasq.c | 2 ++ diff --git a/src/patches/dnsmasq/0052-Fix-uninitialized-value-used-in-get_client_mac.patch b/src/patches/dnsmasq/0052-Fix-uninitialized-value-used-in-get_client_mac.patch index 0a50689..dabc770 100644 --- a/src/patches/dnsmasq/0052-Fix-uninitialized-value-used-in-get_client_mac.patch +++ b/src/patches/dnsmasq/0052-Fix-uninitialized-value-used-in-get_client_mac.patch @@ -1,7 +1,7 @@ From 0705a7e2d57654b27c7e14f35ca77241c1821f4d Mon Sep 17 00:00:00 2001 From: Tomas Hozza thozza@redhat.com Date: Mon, 23 Feb 2015 21:26:26 +0000 -Subject: [PATCH 52/87] Fix uninitialized value used in get_client_mac() +Subject: [PATCH 52/98] Fix uninitialized value used in get_client_mac()
--- src/dhcp6.c | 4 +++- diff --git a/src/patches/dnsmasq/0053-Log-parsing-utils-in-contrib-reverse-dns.patch b/src/patches/dnsmasq/0053-Log-parsing-utils-in-contrib-reverse-dns.patch index 854771a..82e38fc 100644 --- a/src/patches/dnsmasq/0053-Log-parsing-utils-in-contrib-reverse-dns.patch +++ b/src/patches/dnsmasq/0053-Log-parsing-utils-in-contrib-reverse-dns.patch @@ -1,7 +1,7 @@ From 47b9ac59c715827252ae6e6732903c3dabb697fb Mon Sep 17 00:00:00 2001 From: Joachim Zobel jz-2014@heute-morgen.de Date: Mon, 23 Feb 2015 21:38:11 +0000 -Subject: [PATCH 53/87] Log parsing utils in contrib/reverse-dns +Subject: [PATCH 53/98] Log parsing utils in contrib/reverse-dns
--- contrib/reverse-dns/README | 18 ++++++++++++++++++ diff --git a/src/patches/dnsmasq/0054-Add-dnssec-timestamp-option-and-facility.patch b/src/patches/dnsmasq/0054-Add-dnssec-timestamp-option-and-facility.patch index cb9e86f..6d57b65 100644 --- a/src/patches/dnsmasq/0054-Add-dnssec-timestamp-option-and-facility.patch +++ b/src/patches/dnsmasq/0054-Add-dnssec-timestamp-option-and-facility.patch @@ -1,7 +1,7 @@ From f6e62e2af96f5fa0d1e3d93167a93a8f09bf6e61 Mon Sep 17 00:00:00 2001 From: Simon Kelley simon@thekelleys.org.uk Date: Sun, 1 Mar 2015 18:17:54 +0000 -Subject: [PATCH 54/87] Add --dnssec-timestamp option and facility. +Subject: [PATCH 54/98] Add --dnssec-timestamp option and facility.
--- CHANGELOG | 6 +++++ diff --git a/src/patches/dnsmasq/0055-Fix-last-commit-to-not-crash-if-uid-changing-not-con.patch b/src/patches/dnsmasq/0055-Fix-last-commit-to-not-crash-if-uid-changing-not-con.patch index 40b6607..53e1388 100644 --- a/src/patches/dnsmasq/0055-Fix-last-commit-to-not-crash-if-uid-changing-not-con.patch +++ b/src/patches/dnsmasq/0055-Fix-last-commit-to-not-crash-if-uid-changing-not-con.patch @@ -1,7 +1,7 @@ From 9003b50b13da624ca45f3e0cf99abb623b8d026b Mon Sep 17 00:00:00 2001 From: Simon Kelley simon@thekelleys.org.uk Date: Mon, 2 Mar 2015 22:47:23 +0000 -Subject: [PATCH 55/87] Fix last commit to not crash if uid changing not +Subject: [PATCH 55/98] Fix last commit to not crash if uid changing not configured.
--- diff --git a/src/patches/dnsmasq/0056-New-version-of-contrib-reverse-dns.patch b/src/patches/dnsmasq/0056-New-version-of-contrib-reverse-dns.patch index f6f7873..32cd743 100644 --- a/src/patches/dnsmasq/0056-New-version-of-contrib-reverse-dns.patch +++ b/src/patches/dnsmasq/0056-New-version-of-contrib-reverse-dns.patch @@ -1,7 +1,7 @@ From 4c960fa90a975d20f75a1ecabd217247f1922c8f Mon Sep 17 00:00:00 2001 From: Simon Kelley simon@thekelleys.org.uk Date: Wed, 4 Mar 2015 20:32:26 +0000 -Subject: [PATCH 56/87] New version of contrib/reverse-dns +Subject: [PATCH 56/98] New version of contrib/reverse-dns
--- contrib/reverse-dns/README | 22 +++--- diff --git a/src/patches/dnsmasq/0057-Tweak-DNSSEC-timestamp-code-to-create-file-later-rem.patch b/src/patches/dnsmasq/0057-Tweak-DNSSEC-timestamp-code-to-create-file-later-rem.patch index 924e3dc..d63c047 100644 --- a/src/patches/dnsmasq/0057-Tweak-DNSSEC-timestamp-code-to-create-file-later-rem.patch +++ b/src/patches/dnsmasq/0057-Tweak-DNSSEC-timestamp-code-to-create-file-later-rem.patch @@ -1,7 +1,7 @@ From 360f2513ab12a9bf1e262d388dd2ea8a566590a3 Mon Sep 17 00:00:00 2001 From: Simon Kelley simon@thekelleys.org.uk Date: Sat, 7 Mar 2015 18:28:06 +0000 -Subject: [PATCH 57/87] Tweak DNSSEC timestamp code to create file later, +Subject: [PATCH 57/98] Tweak DNSSEC timestamp code to create file later, removing need to chown it.
--- diff --git a/src/patches/dnsmasq/0058-Fix-boilerplate-code-for-re-running-system-calls-on-.patch b/src/patches/dnsmasq/0058-Fix-boilerplate-code-for-re-running-system-calls-on-.patch index ded0984..f746fcf 100644 --- a/src/patches/dnsmasq/0058-Fix-boilerplate-code-for-re-running-system-calls-on-.patch +++ b/src/patches/dnsmasq/0058-Fix-boilerplate-code-for-re-running-system-calls-on-.patch @@ -1,7 +1,7 @@ From ff841ebf5a5d6864ff48571f607c32ce80dbb75a Mon Sep 17 00:00:00 2001 From: Simon Kelley simon@thekelleys.org.uk Date: Wed, 11 Mar 2015 21:36:30 +0000 -Subject: [PATCH 58/87] Fix boilerplate code for re-running system calls on +Subject: [PATCH 58/98] Fix boilerplate code for re-running system calls on EINTR and EAGAIN etc.
The nasty code with static variable in retry_send() which diff --git a/src/patches/dnsmasq/0059-Make-address-example.com-equivalent-to-server-exampl.patch b/src/patches/dnsmasq/0059-Make-address-example.com-equivalent-to-server-exampl.patch index f8091d4..d986e8e 100644 --- a/src/patches/dnsmasq/0059-Make-address-example.com-equivalent-to-server-exampl.patch +++ b/src/patches/dnsmasq/0059-Make-address-example.com-equivalent-to-server-exampl.patch @@ -1,7 +1,7 @@ From 979fe86bc8693f660eddea232ae39cbbb50b294c Mon Sep 17 00:00:00 2001 From: Simon Kelley simon@thekelleys.org.uk Date: Thu, 19 Mar 2015 22:50:22 +0000 -Subject: [PATCH 59/87] Make --address=/example.com/ equivalent to +Subject: [PATCH 59/98] Make --address=/example.com/ equivalent to --server=/example.com/
--- diff --git a/src/patches/dnsmasq/0060-dhcp-set-outbound-interface-via-cmsg-in-unicast-repl.patch b/src/patches/dnsmasq/0060-dhcp-set-outbound-interface-via-cmsg-in-unicast-repl.patch index dcf1a3c..6810930 100644 --- a/src/patches/dnsmasq/0060-dhcp-set-outbound-interface-via-cmsg-in-unicast-repl.patch +++ b/src/patches/dnsmasq/0060-dhcp-set-outbound-interface-via-cmsg-in-unicast-repl.patch @@ -1,7 +1,7 @@ From 65c721200023ef0023114459a8d12f8b0a24cfd8 Mon Sep 17 00:00:00 2001 From: Lung-Pin Chang changlp@cs.nctu.edu.tw Date: Thu, 19 Mar 2015 23:22:21 +0000 -Subject: [PATCH 60/87] dhcp: set outbound interface via cmsg in unicast reply +Subject: [PATCH 60/98] dhcp: set outbound interface via cmsg in unicast reply
If multiple routes to the same network exist, Linux blindly picks the first interface (route) based on destination address, which might not be diff --git a/src/patches/dnsmasq/0061-Don-t-fail-DNSSEC-when-a-signed-CNAME-dangles-into-a.patch b/src/patches/dnsmasq/0061-Don-t-fail-DNSSEC-when-a-signed-CNAME-dangles-into-a.patch index 7f2b1b0..af79f15 100644 --- a/src/patches/dnsmasq/0061-Don-t-fail-DNSSEC-when-a-signed-CNAME-dangles-into-a.patch +++ b/src/patches/dnsmasq/0061-Don-t-fail-DNSSEC-when-a-signed-CNAME-dangles-into-a.patch @@ -1,7 +1,7 @@ From 8805283088d670baecb92569252c01cf754cda51 Mon Sep 17 00:00:00 2001 From: Simon Kelley simon@thekelleys.org.uk Date: Thu, 26 Mar 2015 21:15:43 +0000 -Subject: [PATCH 61/87] Don't fail DNSSEC when a signed CNAME dangles into an +Subject: [PATCH 61/98] Don't fail DNSSEC when a signed CNAME dangles into an unsigned zone.
--- diff --git a/src/patches/dnsmasq/0062-Return-SERVFAIL-when-validation-abandoned.patch b/src/patches/dnsmasq/0062-Return-SERVFAIL-when-validation-abandoned.patch index 496776d..0b64aa7 100644 --- a/src/patches/dnsmasq/0062-Return-SERVFAIL-when-validation-abandoned.patch +++ b/src/patches/dnsmasq/0062-Return-SERVFAIL-when-validation-abandoned.patch @@ -1,7 +1,7 @@ From 150162bc37170a6edae9d488435e836b1e4e3a4e Mon Sep 17 00:00:00 2001 From: Simon Kelley simon@thekelleys.org.uk Date: Fri, 27 Mar 2015 09:58:26 +0000 -Subject: [PATCH 62/87] Return SERVFAIL when validation abandoned. +Subject: [PATCH 62/98] Return SERVFAIL when validation abandoned.
--- src/forward.c | 11 +++++++++-- diff --git a/src/patches/dnsmasq/0063-Protect-against-broken-DNSSEC-upstreams.patch b/src/patches/dnsmasq/0063-Protect-against-broken-DNSSEC-upstreams.patch index 25ae12e..9ecd43b 100644 --- a/src/patches/dnsmasq/0063-Protect-against-broken-DNSSEC-upstreams.patch +++ b/src/patches/dnsmasq/0063-Protect-against-broken-DNSSEC-upstreams.patch @@ -1,7 +1,7 @@ From 0b8a5a30a77331974ba24a04e43e720585dfbc61 Mon Sep 17 00:00:00 2001 From: Simon Kelley simon@thekelleys.org.uk Date: Fri, 27 Mar 2015 11:44:55 +0000 -Subject: [PATCH 63/87] Protect against broken DNSSEC upstreams. +Subject: [PATCH 63/98] Protect against broken DNSSEC upstreams.
--- src/dnssec.c | 7 +++++-- diff --git a/src/patches/dnsmasq/0064-DNSSEC-fix-for-non-ascii-characters-in-labels.patch b/src/patches/dnsmasq/0064-DNSSEC-fix-for-non-ascii-characters-in-labels.patch index 41730b8..bfd703d 100644 --- a/src/patches/dnsmasq/0064-DNSSEC-fix-for-non-ascii-characters-in-labels.patch +++ b/src/patches/dnsmasq/0064-DNSSEC-fix-for-non-ascii-characters-in-labels.patch @@ -1,7 +1,7 @@ From 1e153945def3c50d1e59ceea6a768db0ac770f98 Mon Sep 17 00:00:00 2001 From: Simon Kelley simon@thekelleys.org.uk Date: Sat, 28 Mar 2015 21:34:07 +0000 -Subject: [PATCH 64/87] DNSSEC fix for non-ascii characters in labels. +Subject: [PATCH 64/98] DNSSEC fix for non-ascii characters in labels.
--- src/dnssec.c | 34 +++++++++++++++++----------------- diff --git a/src/patches/dnsmasq/0065-Allow-control-characters-in-names-in-the-cache-handl.patch b/src/patches/dnsmasq/0065-Allow-control-characters-in-names-in-the-cache-handl.patch index 212fe30..f67b65a 100644 --- a/src/patches/dnsmasq/0065-Allow-control-characters-in-names-in-the-cache-handl.patch +++ b/src/patches/dnsmasq/0065-Allow-control-characters-in-names-in-the-cache-handl.patch @@ -1,7 +1,7 @@ From 394ff492da6af5da7e7d356be9586683bc5fc011 Mon Sep 17 00:00:00 2001 From: Simon Kelley simon@thekelleys.org.uk Date: Sun, 29 Mar 2015 22:17:14 +0100 -Subject: [PATCH 65/87] Allow control characters in names in the cache, handle +Subject: [PATCH 65/98] Allow control characters in names in the cache, handle when logging.
--- diff --git a/src/patches/dnsmasq/0066-Fix-crash-in-last-commit.patch b/src/patches/dnsmasq/0066-Fix-crash-in-last-commit.patch index dbc4deb..7a227d5 100644 --- a/src/patches/dnsmasq/0066-Fix-crash-in-last-commit.patch +++ b/src/patches/dnsmasq/0066-Fix-crash-in-last-commit.patch @@ -1,7 +1,7 @@ From 794fccca7ffebfba4468bfffc6276b68bbf6afd9 Mon Sep 17 00:00:00 2001 From: Simon Kelley simon@thekelleys.org.uk Date: Sun, 29 Mar 2015 22:35:44 +0100 -Subject: [PATCH 66/87] Fix crash in last commit. +Subject: [PATCH 66/98] Fix crash in last commit.
--- src/cache.c | 7 ++++--- diff --git a/src/patches/dnsmasq/0067-Merge-message-translations.patch b/src/patches/dnsmasq/0067-Merge-message-translations.patch index ac735bd..a88db22 100644 --- a/src/patches/dnsmasq/0067-Merge-message-translations.patch +++ b/src/patches/dnsmasq/0067-Merge-message-translations.patch @@ -1,7 +1,7 @@ From fd6ad9e481ab7c812a6b1515244908818cbb0442 Mon Sep 17 00:00:00 2001 From: Simon Kelley simon@thekelleys.org.uk Date: Mon, 30 Mar 2015 07:52:21 +0100 -Subject: [PATCH 67/87] Merge message translations. +Subject: [PATCH 67/98] Merge message translations.
--- po/de.po | 803 +++++++++++++++++++++++++++++++++-------------------------- diff --git a/src/patches/dnsmasq/0068-add-tftp-no-fail-to-ignore-missing-tftp-root.patch b/src/patches/dnsmasq/0068-add-tftp-no-fail-to-ignore-missing-tftp-root.patch index b61ad0a..b273220 100644 --- a/src/patches/dnsmasq/0068-add-tftp-no-fail-to-ignore-missing-tftp-root.patch +++ b/src/patches/dnsmasq/0068-add-tftp-no-fail-to-ignore-missing-tftp-root.patch @@ -1,7 +1,7 @@ From 30d0879ed55cb67b1b735beab3d93f3bb3ef1dd2 Mon Sep 17 00:00:00 2001 From: Stefan Tomanek stefan.tomanek+dnsmasq@wertarbyte.de Date: Tue, 31 Mar 2015 22:32:11 +0100 -Subject: [PATCH 68/87] add --tftp-no-fail to ignore missing tftp root +Subject: [PATCH 68/98] add --tftp-no-fail to ignore missing tftp root
--- CHANGELOG | 3 +++ diff --git a/src/patches/dnsmasq/0069-Whitespace-fixes.patch b/src/patches/dnsmasq/0069-Whitespace-fixes.patch index 865e9a9..684ef64 100644 --- a/src/patches/dnsmasq/0069-Whitespace-fixes.patch +++ b/src/patches/dnsmasq/0069-Whitespace-fixes.patch @@ -1,7 +1,7 @@ From 7aa970e2c7043201663d86a4b5d8cd5c592cef39 Mon Sep 17 00:00:00 2001 From: Stefan Tomanek stefan.tomanek+dnsmasq@wertarbyte.de Date: Wed, 1 Apr 2015 17:55:07 +0100 -Subject: [PATCH 69/87] Whitespace fixes. +Subject: [PATCH 69/98] Whitespace fixes.
--- src/dnsmasq.c | 14 +++++++------- diff --git a/src/patches/dnsmasq/0070-Return-INSECURE-rather-than-BOGUS-when-DS-proved-not.patch b/src/patches/dnsmasq/0070-Return-INSECURE-rather-than-BOGUS-when-DS-proved-not.patch index a2f9638..aa24c01 100644 --- a/src/patches/dnsmasq/0070-Return-INSECURE-rather-than-BOGUS-when-DS-proved-not.patch +++ b/src/patches/dnsmasq/0070-Return-INSECURE-rather-than-BOGUS-when-DS-proved-not.patch @@ -1,7 +1,7 @@ From fe3992f9fa69fa975ea31919c53933b5f6a63527 Mon Sep 17 00:00:00 2001 From: Simon Kelley simon@thekelleys.org.uk Date: Fri, 3 Apr 2015 21:25:05 +0100 -Subject: [PATCH 70/87] Return INSECURE, rather than BOGUS when DS proved not +Subject: [PATCH 70/98] Return INSECURE, rather than BOGUS when DS proved not to exist.
Return INSECURE when validating DNS replies which have RRSIGs, but diff --git a/src/patches/dnsmasq/0071-Fix-compiler-warning-when-not-including-DNSSEC.patch b/src/patches/dnsmasq/0071-Fix-compiler-warning-when-not-including-DNSSEC.patch index 723c492..ac57b8b 100644 --- a/src/patches/dnsmasq/0071-Fix-compiler-warning-when-not-including-DNSSEC.patch +++ b/src/patches/dnsmasq/0071-Fix-compiler-warning-when-not-including-DNSSEC.patch @@ -1,7 +1,7 @@ From 982faf402487e265ed11ac03524531d42b03c966 Mon Sep 17 00:00:00 2001 From: Simon Kelley simon@thekelleys.org.uk Date: Fri, 3 Apr 2015 21:42:30 +0100 -Subject: [PATCH 71/87] Fix compiler warning when not including DNSSEC. +Subject: [PATCH 71/98] Fix compiler warning when not including DNSSEC.
--- src/forward.c | 3 ++- diff --git a/src/patches/dnsmasq/0072-Fix-crash-caused-by-looking-up-servers.bind-when-man.patch b/src/patches/dnsmasq/0072-Fix-crash-caused-by-looking-up-servers.bind-when-man.patch index 3f579bd..2303ec3 100644 --- a/src/patches/dnsmasq/0072-Fix-crash-caused-by-looking-up-servers.bind-when-man.patch +++ b/src/patches/dnsmasq/0072-Fix-crash-caused-by-looking-up-servers.bind-when-man.patch @@ -1,7 +1,7 @@ From 04b0ac05377936d121a36873bb63d492cde292c9 Mon Sep 17 00:00:00 2001 From: Simon Kelley simon@thekelleys.org.uk Date: Mon, 6 Apr 2015 17:19:13 +0100 -Subject: [PATCH 72/87] Fix crash caused by looking up servers.bind when many +Subject: [PATCH 72/98] Fix crash caused by looking up servers.bind when many servers defined.
--- diff --git a/src/patches/dnsmasq/0073-Fix-crash-on-receipt-of-certain-malformed-DNS-reques.patch b/src/patches/dnsmasq/0073-Fix-crash-on-receipt-of-certain-malformed-DNS-reques.patch index 27e4cde..82471ae 100644 --- a/src/patches/dnsmasq/0073-Fix-crash-on-receipt-of-certain-malformed-DNS-reques.patch +++ b/src/patches/dnsmasq/0073-Fix-crash-on-receipt-of-certain-malformed-DNS-reques.patch @@ -1,7 +1,7 @@ From ad4a8ff7d9097008d7623df8543df435bfddeac8 Mon Sep 17 00:00:00 2001 From: Simon Kelley simon@thekelleys.org.uk Date: Thu, 9 Apr 2015 21:48:00 +0100 -Subject: [PATCH 73/87] Fix crash on receipt of certain malformed DNS requests. +Subject: [PATCH 73/98] Fix crash on receipt of certain malformed DNS requests.
--- CHANGELOG | 3 +++ diff --git a/src/patches/dnsmasq/0074-Fix-crash-in-auth-code-with-odd-configuration.patch b/src/patches/dnsmasq/0074-Fix-crash-in-auth-code-with-odd-configuration.patch index 2435371..6a7d798 100644 --- a/src/patches/dnsmasq/0074-Fix-crash-in-auth-code-with-odd-configuration.patch +++ b/src/patches/dnsmasq/0074-Fix-crash-in-auth-code-with-odd-configuration.patch @@ -1,7 +1,7 @@ From 38440b204db65f9be16c4c3daa7e991e4356f6ed Mon Sep 17 00:00:00 2001 From: Simon Kelley simon@thekelleys.org.uk Date: Sun, 12 Apr 2015 21:52:47 +0100 -Subject: [PATCH 74/87] Fix crash in auth code with odd configuration. +Subject: [PATCH 74/98] Fix crash in auth code with odd configuration.
--- CHANGELOG | 32 +++++++++++++++++++++----------- diff --git a/src/patches/dnsmasq/0075-Auth-correct-replies-to-NS-and-SOA-in-.arpa-zones.patch b/src/patches/dnsmasq/0075-Auth-correct-replies-to-NS-and-SOA-in-.arpa-zones.patch index fbc3802..76f3143 100644 --- a/src/patches/dnsmasq/0075-Auth-correct-replies-to-NS-and-SOA-in-.arpa-zones.patch +++ b/src/patches/dnsmasq/0075-Auth-correct-replies-to-NS-and-SOA-in-.arpa-zones.patch @@ -1,7 +1,7 @@ From 78c6184752dce27849e36cce4360abc27b8d76d2 Mon Sep 17 00:00:00 2001 From: Simon Kelley simon@thekelleys.org.uk Date: Thu, 16 Apr 2015 15:05:30 +0100 -Subject: [PATCH 75/87] Auth: correct replies to NS and SOA in .arpa zones. +Subject: [PATCH 75/98] Auth: correct replies to NS and SOA in .arpa zones.
--- CHANGELOG | 8 ++++++++ diff --git a/src/patches/dnsmasq/0076-Fix-srk-induced-crash-in-new-tftp_no_fail-code.patch b/src/patches/dnsmasq/0076-Fix-srk-induced-crash-in-new-tftp_no_fail-code.patch index 1598460..9401cb9 100644 --- a/src/patches/dnsmasq/0076-Fix-srk-induced-crash-in-new-tftp_no_fail-code.patch +++ b/src/patches/dnsmasq/0076-Fix-srk-induced-crash-in-new-tftp_no_fail-code.patch @@ -1,7 +1,7 @@ From b4c0f092d8ce63ea4763c0ac17aa8d24318ad301 Mon Sep 17 00:00:00 2001 From: Stefan Tomanek stefan.tomanek+dnsmasq@wertarbyte.de Date: Thu, 16 Apr 2015 15:20:59 +0100 -Subject: [PATCH 76/87] Fix (srk induced) crash in new tftp_no_fail code. +Subject: [PATCH 76/98] Fix (srk induced) crash in new tftp_no_fail code.
--- src/dnsmasq.c | 6 ++++-- diff --git a/src/patches/dnsmasq/0077-Note-CVE-2015-3294.patch b/src/patches/dnsmasq/0077-Note-CVE-2015-3294.patch index a68ac4c..a14b1a8 100644 --- a/src/patches/dnsmasq/0077-Note-CVE-2015-3294.patch +++ b/src/patches/dnsmasq/0077-Note-CVE-2015-3294.patch @@ -1,7 +1,7 @@ From 0df29f5e23fd2f16181847db1fcf3a8b392d869a Mon Sep 17 00:00:00 2001 From: Simon Kelley simon@thekelleys.org.uk Date: Thu, 16 Apr 2015 15:24:52 +0100 -Subject: [PATCH 77/87] Note CVE-2015-3294 +Subject: [PATCH 77/98] Note CVE-2015-3294
--- CHANGELOG | 3 +++ diff --git a/src/patches/dnsmasq/0078-Log-domain-when-reporting-DNSSEC-validation-failure.patch b/src/patches/dnsmasq/0078-Log-domain-when-reporting-DNSSEC-validation-failure.patch index 2e040e3..2204d24 100644 --- a/src/patches/dnsmasq/0078-Log-domain-when-reporting-DNSSEC-validation-failure.patch +++ b/src/patches/dnsmasq/0078-Log-domain-when-reporting-DNSSEC-validation-failure.patch @@ -1,7 +1,7 @@ From 554b580e970275d5a869cb4fbfb2716f92b2f664 Mon Sep 17 00:00:00 2001 From: Simon Kelley simon@thekelleys.org.uk Date: Fri, 17 Apr 2015 22:50:20 +0100 -Subject: [PATCH 78/87] Log domain when reporting DNSSEC validation failure. +Subject: [PATCH 78/98] Log domain when reporting DNSSEC validation failure.
--- src/forward.c | 15 ++++++++++----- diff --git a/src/patches/dnsmasq/0079-Check-IP-address-command-line-arg-in-dhcp_release.c.patch b/src/patches/dnsmasq/0079-Check-IP-address-command-line-arg-in-dhcp_release.c.patch index 6b0453e..6db33bb 100644 --- a/src/patches/dnsmasq/0079-Check-IP-address-command-line-arg-in-dhcp_release.c.patch +++ b/src/patches/dnsmasq/0079-Check-IP-address-command-line-arg-in-dhcp_release.c.patch @@ -1,7 +1,7 @@ From a006eb7e1486023480ea40244720ef7aab51de71 Mon Sep 17 00:00:00 2001 From: Moshe Levi moshele@mellanox.com Date: Sun, 19 Apr 2015 22:10:40 +0100 -Subject: [PATCH 79/87] Check IP address command line arg in dhcp_release.c +Subject: [PATCH 79/98] Check IP address command line arg in dhcp_release.c
--- contrib/wrt/dhcp_release.c | 5 +++++ diff --git a/src/patches/dnsmasq/0080-Revert-61b838dd574c51d96fef100285a0d225824534f9-and-.patch b/src/patches/dnsmasq/0080-Revert-61b838dd574c51d96fef100285a0d225824534f9-and-.patch index 8aa5c5c..4fe26ac 100644 --- a/src/patches/dnsmasq/0080-Revert-61b838dd574c51d96fef100285a0d225824534f9-and-.patch +++ b/src/patches/dnsmasq/0080-Revert-61b838dd574c51d96fef100285a0d225824534f9-and-.patch @@ -1,7 +1,7 @@ From 338b340be9e7198f5c0f68133d070d6598a0814c Mon Sep 17 00:00:00 2001 From: Simon Kelley simon@thekelleys.org.uk Date: Mon, 20 Apr 2015 21:34:05 +0100 -Subject: [PATCH 80/87] Revert 61b838dd574c51d96fef100285a0d225824534f9 and +Subject: [PATCH 80/98] Revert 61b838dd574c51d96fef100285a0d225824534f9 and just quieten log instead.
--- diff --git a/src/patches/dnsmasq/0081-Handle-domain-names-with-.-or-000-within-labels.patch b/src/patches/dnsmasq/0081-Handle-domain-names-with-.-or-000-within-labels.patch index 4fb78d4..13ff059 100644 --- a/src/patches/dnsmasq/0081-Handle-domain-names-with-.-or-000-within-labels.patch +++ b/src/patches/dnsmasq/0081-Handle-domain-names-with-.-or-000-within-labels.patch @@ -1,7 +1,7 @@ From cbe379ad6b52a538a4416a7cd992817e5637ccf9 Mon Sep 17 00:00:00 2001 From: Simon Kelley simon@thekelleys.org.uk Date: Tue, 21 Apr 2015 22:57:06 +0100 -Subject: [PATCH 81/87] Handle domain names with '.' or /000 within labels. +Subject: [PATCH 81/98] Handle domain names with '.' or /000 within labels.
Only in DNSSEC mode, where we might need to validate or store such names. In none-DNSSEC mode, simply don't cache these, as before. diff --git a/src/patches/dnsmasq/0082-Tweaks-to-previous-DNS-label-charset-commit.patch b/src/patches/dnsmasq/0082-Tweaks-to-previous-DNS-label-charset-commit.patch index ea6f08d..2429e99 100644 --- a/src/patches/dnsmasq/0082-Tweaks-to-previous-DNS-label-charset-commit.patch +++ b/src/patches/dnsmasq/0082-Tweaks-to-previous-DNS-label-charset-commit.patch @@ -1,7 +1,7 @@ From b8f16556d36924cd8dc7663cb4129d7b1f3fc2be Mon Sep 17 00:00:00 2001 From: Simon Kelley simon@thekelleys.org.uk Date: Wed, 22 Apr 2015 21:14:31 +0100 -Subject: [PATCH 82/87] Tweaks to previous, DNS label charset commit. +Subject: [PATCH 82/98] Tweaks to previous, DNS label charset commit.
--- src/dns-protocol.h | 6 +++++- diff --git a/src/patches/dnsmasq/0083-Logs-in-DHCPv6-not-suppressed-by-dhcp6-quiet.patch b/src/patches/dnsmasq/0083-Logs-in-DHCPv6-not-suppressed-by-dhcp6-quiet.patch index 96dc14b..423b40e 100644 --- a/src/patches/dnsmasq/0083-Logs-in-DHCPv6-not-suppressed-by-dhcp6-quiet.patch +++ b/src/patches/dnsmasq/0083-Logs-in-DHCPv6-not-suppressed-by-dhcp6-quiet.patch @@ -1,7 +1,7 @@ From a5ae1f85873829efe473075ad77806cc02792622 Mon Sep 17 00:00:00 2001 From: Simon Kelley simon@thekelleys.org.uk Date: Sat, 25 Apr 2015 21:46:10 +0100 -Subject: [PATCH 83/87] Logs in DHCPv6 not suppressed by dhcp6-quiet. +Subject: [PATCH 83/98] Logs in DHCPv6 not suppressed by dhcp6-quiet.
--- CHANGELOG | 6 +++++- diff --git a/src/patches/dnsmasq/0084-Make-get-version-work-when-repo-is-a-git-submodule.patch b/src/patches/dnsmasq/0084-Make-get-version-work-when-repo-is-a-git-submodule.patch index 38670a8..555bd6c 100644 --- a/src/patches/dnsmasq/0084-Make-get-version-work-when-repo-is-a-git-submodule.patch +++ b/src/patches/dnsmasq/0084-Make-get-version-work-when-repo-is-a-git-submodule.patch @@ -1,7 +1,7 @@ From 8efd731cc4ed2baa42aa69d0a9d336392e9987cb Mon Sep 17 00:00:00 2001 From: "Johnny S. Lee" _@jsl.io Date: Sun, 26 Apr 2015 22:23:57 +0100 -Subject: [PATCH 84/87] Make get-version work when repo is a git submodule. +Subject: [PATCH 84/98] Make get-version work when repo is a git submodule.
--- bld/get-version | 5 +++-- diff --git a/src/patches/dnsmasq/0085-Fix-argument-order-botch-which-broke-DNSSEC-for-TCP-.patch b/src/patches/dnsmasq/0085-Fix-argument-order-botch-which-broke-DNSSEC-for-TCP-.patch index 04bee99..828c21f 100644 --- a/src/patches/dnsmasq/0085-Fix-argument-order-botch-which-broke-DNSSEC-for-TCP-.patch +++ b/src/patches/dnsmasq/0085-Fix-argument-order-botch-which-broke-DNSSEC-for-TCP-.patch @@ -1,7 +1,7 @@ From e66b4dff3c562c7836d5be4c26972d665ad783f1 Mon Sep 17 00:00:00 2001 From: Simon Kelley simon@thekelleys.org.uk Date: Tue, 28 Apr 2015 20:45:57 +0100 -Subject: [PATCH 85/87] Fix argument-order botch which broke DNSSEC for TCP +Subject: [PATCH 85/98] Fix argument-order botch which broke DNSSEC for TCP queries.
--- diff --git a/src/patches/dnsmasq/0086-Don-t-remove-RRSIG-RR-from-answers-to-ANY-queries-wh.patch b/src/patches/dnsmasq/0086-Don-t-remove-RRSIG-RR-from-answers-to-ANY-queries-wh.patch index 1fa5c7a..9d3aadc 100644 --- a/src/patches/dnsmasq/0086-Don-t-remove-RRSIG-RR-from-answers-to-ANY-queries-wh.patch +++ b/src/patches/dnsmasq/0086-Don-t-remove-RRSIG-RR-from-answers-to-ANY-queries-wh.patch @@ -1,7 +1,7 @@ From 2ed162ac204f3609fe4d9f9a0430baeaa352d88f Mon Sep 17 00:00:00 2001 From: Simon Kelley simon@thekelleys.org.uk Date: Tue, 28 Apr 2015 21:26:35 +0100 -Subject: [PATCH 86/87] Don't remove RRSIG RR from answers to ANY queries when +Subject: [PATCH 86/98] Don't remove RRSIG RR from answers to ANY queries when the do bit is not set.
--- diff --git a/src/patches/dnsmasq/0087-Constify-some-DHCP-lease-management-functions.patch b/src/patches/dnsmasq/0087-Constify-some-DHCP-lease-management-functions.patch index 8d1ca9e..743548e 100644 --- a/src/patches/dnsmasq/0087-Constify-some-DHCP-lease-management-functions.patch +++ b/src/patches/dnsmasq/0087-Constify-some-DHCP-lease-management-functions.patch @@ -1,7 +1,7 @@ From 64bcff1c7c72eecda8750bc2dca8b4c5dc38a837 Mon Sep 17 00:00:00 2001 From: Nicolas Cavallari nicolas.cavallari@green-communications.fr Date: Tue, 28 Apr 2015 21:55:18 +0100 -Subject: [PATCH 87/87] Constify some DHCP lease management functions. +Subject: [PATCH 87/98] Constify some DHCP lease management functions.
--- src/dnsmasq.h | 7 ++++--- diff --git a/src/patches/dnsmasq/0088-Handle-UDP-packet-loss-when-fragmentation-of-large-p.patch b/src/patches/dnsmasq/0088-Handle-UDP-packet-loss-when-fragmentation-of-large-p.patch new file mode 100644 index 0000000..af4d6d7 --- /dev/null +++ b/src/patches/dnsmasq/0088-Handle-UDP-packet-loss-when-fragmentation-of-large-p.patch @@ -0,0 +1,332 @@ +From a77cec8d58231d71cbc26615f0c0f0292c09ef54 Mon Sep 17 00:00:00 2001 +From: Simon Kelley simon@thekelleys.org.uk +Date: Fri, 8 May 2015 16:25:38 +0100 +Subject: [PATCH 88/98] Handle UDP packet loss when fragmentation of large + packets is broken. + +--- + CHANGELOG | 6 ++++++ + src/config.h | 1 + + src/dnsmasq.h | 5 +++-- + src/dnssec.c | 11 +++++++++-- + src/forward.c | 37 +++++++++++++++++++++++++++++-------- + src/network.c | 1 + + src/option.c | 18 +++++++++++------- + src/rfc1035.c | 22 ++++++---------------- + 8 files changed, 66 insertions(+), 35 deletions(-) + +diff --git a/CHANGELOG b/CHANGELOG +index af2b22cf8f73..d8fc57a418bb 100644 +--- a/CHANGELOG ++++ b/CHANGELOG +@@ -109,6 +109,12 @@ version 2.73 + by quiet-dhcp6. Thanks to J. Pablo Abonia for + spotting the problem. + ++ Try and handle net connections with broken fragmentation ++ that lose large UDP packets. If a server times out, ++ reduce the maximum UDP packet size field in the EDNS0 ++ header to 1280 bytes. If it then answers, make that ++ change permanent. ++ + + version 2.72 + Add ra-advrouter mode, for RFC-3775 mobile IPv6 support. +diff --git a/src/config.h b/src/config.h +index 8def6f200461..f75fe9db7081 100644 +--- a/src/config.h ++++ b/src/config.h +@@ -19,6 +19,7 @@ + #define CHILD_LIFETIME 150 /* secs 'till terminated (RFC1035 suggests > 120s) */ + #define TCP_MAX_QUERIES 100 /* Maximum number of queries per incoming TCP connection */ + #define EDNS_PKTSZ 4096 /* default max EDNS.0 UDP packet from RFC5625 */ ++#define SAFE_PKTSZ 1280 /* "go anywhere" UDP packet size */ + #define KEYBLOCK_LEN 40 /* choose to mininise fragmentation when storing DNSSEC keys */ + #define DNSSEC_WORK 50 /* Max number of queries to validate one question */ + #define TIMEOUT 10 /* drop UDP queries after TIMEOUT seconds */ +diff --git a/src/dnsmasq.h b/src/dnsmasq.h +index 824a86009439..ab16f79b3ec9 100644 +--- a/src/dnsmasq.h ++++ b/src/dnsmasq.h +@@ -504,7 +504,7 @@ struct server { + char interface[IF_NAMESIZE+1]; + struct serverfd *sfd; + char *domain; /* set if this server only handles a domain. */ +- int flags, tcpfd; ++ int flags, tcpfd, edns_pktsz; + unsigned int queries, failed_queries; + #ifdef HAVE_LOOP + u32 uid; +@@ -594,6 +594,7 @@ struct hostsfile { + #define FREC_DO_QUESTION 64 + #define FREC_ADDED_PHEADER 128 + #define FREC_CHECK_NOSIGN 256 ++#define FREC_TEST_PKTSZ 512 + + #ifdef HAVE_DNSSEC + #define HASH_SIZE 20 /* SHA-1 digest size */ +@@ -1148,7 +1149,7 @@ int in_zone(struct auth_zone *zone, char *name, char **cut); + #endif + + /* dnssec.c */ +-size_t dnssec_generate_query(struct dns_header *header, char *end, char *name, int class, int type, union mysockaddr *addr); ++size_t dnssec_generate_query(struct dns_header *header, char *end, char *name, int class, int type, union mysockaddr *addr, int edns_pktsz); + int dnssec_validate_by_ds(time_t now, struct dns_header *header, size_t n, char *name, char *keyname, int class); + int dnssec_validate_ds(time_t now, struct dns_header *header, size_t plen, char *name, char *keyname, int class); + int dnssec_validate_reply(time_t now, struct dns_header *header, size_t plen, char *name, char *keyname, int *class, int *neganswer, int *nons); +diff --git a/src/dnssec.c b/src/dnssec.c +index a9e12153ccf2..e91d7c2cf040 100644 +--- a/src/dnssec.c ++++ b/src/dnssec.c +@@ -2162,10 +2162,12 @@ int dnskey_keytag(int alg, int flags, unsigned char *key, int keylen) + } + } + +-size_t dnssec_generate_query(struct dns_header *header, char *end, char *name, int class, int type, union mysockaddr *addr) ++size_t dnssec_generate_query(struct dns_header *header, char *end, char *name, int class, ++ int type, union mysockaddr *addr, int edns_pktsz) + { + unsigned char *p; + char *types = querystr("dnssec-query", type); ++ size_t ret; + + if (addr->sa.sa_family == AF_INET) + log_query(F_NOEXTRA | F_DNSSEC | F_IPV4, name, (struct all_addr *)&addr->in.sin_addr, types); +@@ -2194,7 +2196,12 @@ size_t dnssec_generate_query(struct dns_header *header, char *end, char *name, i + PUTSHORT(type, p); + PUTSHORT(class, p); + +- return add_do_bit(header, p - (unsigned char *)header, end); ++ ret = add_do_bit(header, p - (unsigned char *)header, end); ++ ++ if (find_pseudoheader(header, ret, NULL, &p, NULL)) ++ PUTSHORT(edns_pktsz, p); ++ ++ return ret; + } + + /* Go through a domain name, find "pointers" and fix them up based on how many bytes +diff --git a/src/forward.c b/src/forward.c +index a8e403c4b25e..592243fd4d35 100644 +--- a/src/forward.c ++++ b/src/forward.c +@@ -253,6 +253,7 @@ static int forward_query(int udpfd, union mysockaddr *udpaddr, + void *hash = &crc; + #endif + unsigned int gotname = extract_request(header, plen, daemon->namebuff, NULL); ++ unsigned char *pheader; + + (void)do_bit; + +@@ -261,19 +262,32 @@ static int forward_query(int udpfd, union mysockaddr *udpaddr, + forward = NULL; + else if (forward || (hash && (forward = lookup_frec_by_sender(ntohs(header->id), udpaddr, hash)))) + { ++ /* If we didn't get an answer advertising a maximal packet in EDNS, ++ fall back to 1280, which should work everywhere on IPv6. ++ If that generates an answer, it will become the new default ++ for this server */ ++ forward->flags |= FREC_TEST_PKTSZ; ++ + #ifdef HAVE_DNSSEC + /* If we've already got an answer to this query, but we're awaiting keys for validation, + there's no point retrying the query, retry the key query instead...... */ + if (forward->blocking_query) + { + int fd; +- ++ ++ forward->flags &= ~FREC_TEST_PKTSZ; ++ + while (forward->blocking_query) + forward = forward->blocking_query; ++ ++ forward->flags |= FREC_TEST_PKTSZ; + + blockdata_retrieve(forward->stash, forward->stash_len, (void *)header); + plen = forward->stash_len; + ++ if (find_pseudoheader(header, plen, NULL, &pheader, NULL)) ++ PUTSHORT((forward->flags & FREC_TEST_PKTSZ) ? SAFE_PKTSZ : forward->sentto->edns_pktsz, pheader); ++ + if (forward->sentto->addr.sa.sa_family == AF_INET) + log_query(F_NOEXTRA | F_DNSSEC | F_IPV4, "retry", (struct all_addr *)&forward->sentto->addr.in.sin_addr, "dnssec"); + #ifdef HAVE_IPV6 +@@ -417,7 +431,7 @@ static int forward_query(int udpfd, union mysockaddr *udpaddr, + plen = new_plen; + } + #endif +- ++ + while (1) + { + /* only send to servers dealing with our domain. +@@ -464,6 +478,9 @@ static int forward_query(int udpfd, union mysockaddr *udpaddr, + } + #endif + } ++ ++ if (find_pseudoheader(header, plen, NULL, &pheader, NULL)) ++ PUTSHORT((forward->flags & FREC_TEST_PKTSZ) ? SAFE_PKTSZ : start->edns_pktsz, pheader); + + if (retry_send(sendto(fd, (char *)header, plen, 0, + &start->addr.sa, +@@ -760,7 +777,6 @@ void reply_query(int fd, int family, time_t now) + } + + server = forward->sentto; +- + if ((forward->sentto->flags & SERV_TYPE) == 0) + { + if (RCODE(header) == REFUSED) +@@ -781,7 +797,12 @@ void reply_query(int fd, int family, time_t now) + if (!option_bool(OPT_ALL_SERVERS)) + daemon->last_server = server; + } +- ++ ++ /* We tried resending to this server with a smaller maximum size and got an answer. ++ Make that permanent. */ ++ if (server && (forward->flags & FREC_TEST_PKTSZ)) ++ server->edns_pktsz = SAFE_PKTSZ; ++ + /* If the answer is an error, keep the forward record in place in case + we get a good reply from another server. Kill it when we've + had replies from all to avoid filling the forwarding table when +@@ -890,7 +911,7 @@ void reply_query(int fd, int family, time_t now) + { + new->flags |= FREC_DNSKEY_QUERY; + nn = dnssec_generate_query(header, ((char *) header) + daemon->packet_buff_sz, +- daemon->keyname, forward->class, T_DNSKEY, &server->addr); ++ daemon->keyname, forward->class, T_DNSKEY, &server->addr, server->edns_pktsz); + } + else + { +@@ -899,7 +920,7 @@ void reply_query(int fd, int family, time_t now) + else + new->flags |= FREC_DS_QUERY; + nn = dnssec_generate_query(header,((char *) header) + daemon->packet_buff_sz, +- daemon->keyname, forward->class, T_DS, &server->addr); ++ daemon->keyname, forward->class, T_DS, &server->addr, server->edns_pktsz); + } + if ((hash = hash_questions(header, nn, daemon->namebuff))) + memcpy(new->hash, hash, HASH_SIZE); +@@ -1526,7 +1547,7 @@ static int tcp_check_for_unsigned_zone(time_t now, struct dns_header *header, s + + /* Can't find it in the cache, have to send a query */ + +- m = dnssec_generate_query(header, ((char *) header) + 65536, name_start, class, T_DS, &server->addr); ++ m = dnssec_generate_query(header, ((char *) header) + 65536, name_start, class, T_DS, &server->addr, server->edns_pktsz); + + *length = htons(m); + +@@ -1638,7 +1659,7 @@ static int tcp_key_recurse(time_t now, int status, struct dns_header *header, si + + another_tcp_key: + m = dnssec_generate_query(new_header, ((char *) new_header) + 65536, keyname, class, +- new_status == STAT_NEED_KEY ? T_DNSKEY : T_DS, &server->addr); ++ new_status == STAT_NEED_KEY ? T_DNSKEY : T_DS, &server->addr, server->edns_pktsz); + + *length = htons(m); + +diff --git a/src/network.c b/src/network.c +index 992f023c31de..a1d90c876fc1 100644 +--- a/src/network.c ++++ b/src/network.c +@@ -1396,6 +1396,7 @@ void add_update_server(int flags, + serv->domain = domain_str; + serv->next = next; + serv->queries = serv->failed_queries = 0; ++ serv->edns_pktsz = daemon->edns_pktsz; + #ifdef HAVE_LOOP + serv->uid = rand32(); + #endif +diff --git a/src/option.c b/src/option.c +index f91cfbb1aa54..c7add88de7ac 100644 +--- a/src/option.c ++++ b/src/option.c +@@ -4498,15 +4498,19 @@ void read_opts(int argc, char **argv, char *compile_opts) + { + struct server *tmp; + for (tmp = daemon->servers; tmp; tmp = tmp->next) +- if (!(tmp->flags & SERV_HAS_SOURCE)) +- { +- if (tmp->source_addr.sa.sa_family == AF_INET) +- tmp->source_addr.in.sin_port = htons(daemon->query_port); ++ { ++ tmp->edns_pktsz = daemon->edns_pktsz; ++ ++ if (!(tmp->flags & SERV_HAS_SOURCE)) ++ { ++ if (tmp->source_addr.sa.sa_family == AF_INET) ++ tmp->source_addr.in.sin_port = htons(daemon->query_port); + #ifdef HAVE_IPV6 +- else if (tmp->source_addr.sa.sa_family == AF_INET6) +- tmp->source_addr.in6.sin6_port = htons(daemon->query_port); ++ else if (tmp->source_addr.sa.sa_family == AF_INET6) ++ tmp->source_addr.in6.sin6_port = htons(daemon->query_port); + #endif +- } ++ } ++ } + } + + if (daemon->if_addrs) +diff --git a/src/rfc1035.c b/src/rfc1035.c +index 5828055caa5d..8b1709dd3495 100644 +--- a/src/rfc1035.c ++++ b/src/rfc1035.c +@@ -552,7 +552,7 @@ static size_t add_pseudoheader(struct dns_header *header, size_t plen, unsigned + return plen; + *p++ = 0; /* empty name */ + PUTSHORT(T_OPT, p); +- PUTSHORT(daemon->edns_pktsz, p); /* max packet length */ ++ PUTSHORT(SAFE_PKTSZ, p); /* max packet length, this will be overwritten */ + PUTSHORT(0, p); /* extended RCODE and version */ + PUTSHORT(set_do ? 0x8000 : 0, p); /* DO flag */ + lenp = p; +@@ -1537,7 +1537,6 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen, + unsigned short flag; + int q, ans, anscount = 0, addncount = 0; + int dryrun = 0, sec_reqd = 0, have_pseudoheader = 0; +- int is_sign; + struct crec *crecp; + int nxdomain = 0, auth = 1, trunc = 0, sec_data = 1; + struct mx_srv_record *rec; +@@ -1557,28 +1556,19 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen, + forward rather than answering from the cache, which doesn't include + security information, unless we're in DNSSEC validation mode. */ + +- if (find_pseudoheader(header, qlen, NULL, &pheader, &is_sign)) ++ if (find_pseudoheader(header, qlen, NULL, &pheader, NULL)) + { +- unsigned short udpsz, flags; +- unsigned char *psave = pheader; +- ++ unsigned short flags; ++ + have_pseudoheader = 1; + +- GETSHORT(udpsz, pheader); +- pheader += 2; /* ext_rcode */ ++ pheader += 4; /* udp size, ext_rcode */ + GETSHORT(flags, pheader); + + if ((sec_reqd = flags & 0x8000)) + *do_bit = 1;/* do bit */ +- *ad_reqd = 1; +- +- /* If our client is advertising a larger UDP packet size +- than we allow, trim it so that we don't get an overlarge +- response from upstream */ +- +- if (!is_sign && (udpsz > daemon->edns_pktsz)) +- PUTSHORT(daemon->edns_pktsz, psave); + ++ *ad_reqd = 1; + dryrun = 1; + } + +-- +2.1.0 + diff --git a/src/patches/dnsmasq/0089-Check-IPv4-mapped-IPv6-addresses-with-stop-rebind.patch b/src/patches/dnsmasq/0089-Check-IPv4-mapped-IPv6-addresses-with-stop-rebind.patch new file mode 100644 index 0000000..c75d864 --- /dev/null +++ b/src/patches/dnsmasq/0089-Check-IPv4-mapped-IPv6-addresses-with-stop-rebind.patch @@ -0,0 +1,59 @@ +From b059c96dc69dfe3055c5b32b078a05c53b11ebb3 Mon Sep 17 00:00:00 2001 +From: Simon Kelley simon@thekelleys.org.uk +Date: Fri, 8 May 2015 20:25:51 +0100 +Subject: [PATCH 89/98] Check IPv4-mapped IPv6 addresses with --stop-rebind. + +--- + CHANGELOG | 3 +++ + src/rfc1035.c | 21 +++++++++++++++++---- + 2 files changed, 20 insertions(+), 4 deletions(-) + +diff --git a/CHANGELOG b/CHANGELOG +index d8fc57a418bb..94a521f996e2 100644 +--- a/CHANGELOG ++++ b/CHANGELOG +@@ -115,6 +115,9 @@ version 2.73 + header to 1280 bytes. If it then answers, make that + change permanent. + ++ Check IPv4-mapped IPv6 addresses when --stop-rebind ++ is active. Thanks to Jordan Milne for spotting this. ++ + + version 2.72 + Add ra-advrouter mode, for RFC-3775 mobile IPv6 support. +diff --git a/src/rfc1035.c b/src/rfc1035.c +index 8b1709dd3495..5e3f566fdbc5 100644 +--- a/src/rfc1035.c ++++ b/src/rfc1035.c +@@ -1117,10 +1117,23 @@ int extract_addresses(struct dns_header *header, size_t qlen, char *name, time_t + memcpy(&addr, p1, addrlen); + + /* check for returned address in private space */ +- if (check_rebind && +- (flags & F_IPV4) && +- private_net(addr.addr.addr4, !option_bool(OPT_LOCAL_REBIND))) +- return 1; ++ if (check_rebind) ++ { ++ if ((flags & F_IPV4) && ++ private_net(addr.addr.addr4, !option_bool(OPT_LOCAL_REBIND))) ++ return 1; ++ ++#ifdef HAVE_IPV6 ++ if ((flags & F_IPV6) && ++ IN6_IS_ADDR_V4MAPPED(&addr.addr.addr6)) ++ { ++ struct in_addr v4; ++ v4.s_addr = ((const uint32_t *) (&addr.addr.addr6))[3]; ++ if (private_net(v4, !option_bool(OPT_LOCAL_REBIND))) ++ return 1; ++ } ++#endif ++ } + + #ifdef HAVE_IPSET + if (ipsets && (flags & (F_IPV4 | F_IPV6))) +-- +2.1.0 + diff --git a/src/patches/dnsmasq/0090-Tweak-EDNS-timeout-code.patch b/src/patches/dnsmasq/0090-Tweak-EDNS-timeout-code.patch new file mode 100644 index 0000000..b6d9c47 --- /dev/null +++ b/src/patches/dnsmasq/0090-Tweak-EDNS-timeout-code.patch @@ -0,0 +1,29 @@ +From 86fa1046920dedc8134136a6244ca96e8a37e9d8 Mon Sep 17 00:00:00 2001 +From: Simon Kelley simon@thekelleys.org.uk +Date: Sun, 10 May 2015 13:50:59 +0100 +Subject: [PATCH 90/98] Tweak EDNS timeout code. + +--- + src/forward.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/src/forward.c b/src/forward.c +index 592243fd4d35..74e5ab66c423 100644 +--- a/src/forward.c ++++ b/src/forward.c +@@ -799,8 +799,10 @@ void reply_query(int fd, int family, time_t now) + } + + /* We tried resending to this server with a smaller maximum size and got an answer. +- Make that permanent. */ +- if (server && (forward->flags & FREC_TEST_PKTSZ)) ++ Make that permanent. To avoid reduxing the packet size for an single dropped packet, ++ only do this when we get a truncated answer, or one larger than the safe size. */ ++ if (server && (forward->flags & FREC_TEST_PKTSZ) && ++ ((header->hb3 & HB3_TC) || n >= SAFE_PKTSZ)) + server->edns_pktsz = SAFE_PKTSZ; + + /* If the answer is an error, keep the forward record in place in case +-- +2.1.0 + diff --git a/src/patches/dnsmasq/0091-Pointer-to-mail-archive-mailing-list-mirror-in-doc.h.patch b/src/patches/dnsmasq/0091-Pointer-to-mail-archive-mailing-list-mirror-in-doc.h.patch new file mode 100644 index 0000000..b65bb87 --- /dev/null +++ b/src/patches/dnsmasq/0091-Pointer-to-mail-archive-mailing-list-mirror-in-doc.h.patch @@ -0,0 +1,28 @@ +From 585840b03365372679907f175b07a01c9d621ae0 Mon Sep 17 00:00:00 2001 +From: Simon Kelley simon@thekelleys.org.uk +Date: Wed, 13 May 2015 12:35:57 +0100 +Subject: [PATCH 91/98] Pointer to mail-archive mailing list mirror in + doc.html. + +--- + doc.html | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/doc.html b/doc.html +index 92c9d0d6f34c..54f59bbbd4d0 100644 +--- a/doc.html ++++ b/doc.html +@@ -74,7 +74,9 @@ for details. + There is a dnsmasq mailing list at <A + HREF="http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss%22%3E + http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss</A> which should be the +-first location for queries, bugreports, suggestions etc. ++first location for queries, bugreports, suggestions etc. The list is mirrored, with a ++search facility, at <A HREF="https://www.mail-archive.com/dnsmasq-discuss@lists.thekelleys.org.uk/"> ++https://www.mail-archive.com/dnsmasq-discuss@lists.thekelleys.org.uk/</A>. + You can contact me at <A + HREF="mailto:simon@thekelleys.org.uk">simon@thekelleys.org.uk</A>. + +-- +2.1.0 + diff --git a/src/patches/dnsmasq/0092-Allow-T1-and-T2-DHCPv4-options-to-be-set.patch b/src/patches/dnsmasq/0092-Allow-T1-and-T2-DHCPv4-options-to-be-set.patch new file mode 100644 index 0000000..84246c3 --- /dev/null +++ b/src/patches/dnsmasq/0092-Allow-T1-and-T2-DHCPv4-options-to-be-set.patch @@ -0,0 +1,200 @@ +From ca85a28241ef87919d68d52c843b6964b7070e11 Mon Sep 17 00:00:00 2001 +From: Simon Kelley simon@thekelleys.org.uk +Date: Wed, 13 May 2015 22:33:04 +0100 +Subject: [PATCH 92/98] Allow T1 and T2 DHCPv4 options to be set. + +--- + CHANGELOG | 3 +++ + dnsmasq.conf.example | 8 ++++++ + src/dhcp-common.c | 4 +-- + src/rfc2131.c | 71 ++++++++++++++++++++++++++++++++++++---------------- + 4 files changed, 63 insertions(+), 23 deletions(-) + +diff --git a/CHANGELOG b/CHANGELOG +index 94a521f996e2..ef39a415788b 100644 +--- a/CHANGELOG ++++ b/CHANGELOG +@@ -118,6 +118,9 @@ version 2.73 + Check IPv4-mapped IPv6 addresses when --stop-rebind + is active. Thanks to Jordan Milne for spotting this. + ++ Allow DHCPv4 options T1 and T2 to be set using --dhcp-option. ++ Thanks to Kevin Benton for patches and work on this. ++ + + version 2.72 + Add ra-advrouter mode, for RFC-3775 mobile IPv6 support. +diff --git a/dnsmasq.conf.example b/dnsmasq.conf.example +index 67be99acb028..1ae11dfb5358 100644 +--- a/dnsmasq.conf.example ++++ b/dnsmasq.conf.example +@@ -345,6 +345,14 @@ + # Ask client to poll for option changes every six hours. (RFC4242) + #dhcp-option=option6:information-refresh-time,6h + ++# Set option 58 client renewal time (T1). Defaults to half of the ++# lease time if not specified. (RFC2132) ++#dhcp-option=option:T1:1m ++ ++# Set option 59 rebinding time (T2). Defaults to 7/8 of the ++# lease time if not specified. (RFC2132) ++#dhcp-option=option:T2:2m ++ + # Set the NTP time server address to be the same machine as + # is running dnsmasq + #dhcp-option=42,0.0.0.0 +diff --git a/src/dhcp-common.c b/src/dhcp-common.c +index ce115202a646..bc48f41a14d7 100644 +--- a/src/dhcp-common.c ++++ b/src/dhcp-common.c +@@ -545,8 +545,8 @@ static const struct opttab_t { + { "parameter-request", 55, OT_INTERNAL }, + { "message", 56, OT_INTERNAL }, + { "max-message-size", 57, OT_INTERNAL }, +- { "T1", 58, OT_INTERNAL | OT_TIME}, +- { "T2", 59, OT_INTERNAL | OT_TIME}, ++ { "T1", 58, OT_TIME}, ++ { "T2", 59, OT_TIME}, + { "vendor-class", 60, 0 }, + { "client-id", 61, OT_INTERNAL }, + { "nis+-domain", 64, OT_NAME }, +diff --git a/src/rfc2131.c b/src/rfc2131.c +index 55526443dc84..a10e499ef768 100644 +--- a/src/rfc2131.c ++++ b/src/rfc2131.c +@@ -52,7 +52,9 @@ static void do_options(struct dhcp_context *context, + int null_term, int pxearch, + unsigned char *uuid, + int vendor_class_len, +- time_t now); ++ time_t now, ++ unsigned int lease_time, ++ unsigned short fuzz); + + + static void match_vendor_opts(unsigned char *opt, struct dhcp_opt *dopt); +@@ -610,7 +612,7 @@ size_t dhcp_reply(struct dhcp_context *context, char *iface_name, int int_index, + + clear_packet(mess, end); + do_options(context, mess, end, NULL, hostname, get_domain(mess->yiaddr), +- netid, subnet_addr, 0, 0, -1, NULL, vendor_class_len, now); ++ netid, subnet_addr, 0, 0, -1, NULL, vendor_class_len, now, 0xffffffff, 0); + } + } + +@@ -1042,13 +1044,8 @@ size_t dhcp_reply(struct dhcp_context *context, char *iface_name, int int_index, + option_put(mess, end, OPTION_SERVER_IDENTIFIER, INADDRSZ, ntohl(server_id(context, override, fallback).s_addr)); + option_put(mess, end, OPTION_LEASE_TIME, 4, time); + /* T1 and T2 are required in DHCPOFFER by HP's wacky Jetdirect client. */ +- if (time != 0xffffffff) +- { +- option_put(mess, end, OPTION_T1, 4, (time/2)); +- option_put(mess, end, OPTION_T2, 4, (time*7)/8); +- } + do_options(context, mess, end, req_options, offer_hostname, get_domain(mess->yiaddr), +- netid, subnet_addr, fqdn_flags, borken_opt, pxearch, uuid, vendor_class_len, now); ++ netid, subnet_addr, fqdn_flags, borken_opt, pxearch, uuid, vendor_class_len, now, time, fuzz); + + return dhcp_packet_size(mess, agent_id, real_end); + +@@ -1367,15 +1364,8 @@ size_t dhcp_reply(struct dhcp_context *context, char *iface_name, int int_index, + option_put(mess, end, OPTION_MESSAGE_TYPE, 1, DHCPACK); + option_put(mess, end, OPTION_SERVER_IDENTIFIER, INADDRSZ, ntohl(server_id(context, override, fallback).s_addr)); + option_put(mess, end, OPTION_LEASE_TIME, 4, time); +- if (time != 0xffffffff) +- { +- while (fuzz > (time/16)) +- fuzz = fuzz/2; +- option_put(mess, end, OPTION_T1, 4, (time/2) - fuzz); +- option_put(mess, end, OPTION_T2, 4, ((time/8)*7) - fuzz); +- } + do_options(context, mess, end, req_options, hostname, get_domain(mess->yiaddr), +- netid, subnet_addr, fqdn_flags, borken_opt, pxearch, uuid, vendor_class_len, now); ++ netid, subnet_addr, fqdn_flags, borken_opt, pxearch, uuid, vendor_class_len, now, time, fuzz); + } + + return dhcp_packet_size(mess, agent_id, real_end); +@@ -1440,7 +1430,7 @@ size_t dhcp_reply(struct dhcp_context *context, char *iface_name, int int_index, + } + + do_options(context, mess, end, req_options, hostname, get_domain(mess->ciaddr), +- netid, subnet_addr, fqdn_flags, borken_opt, pxearch, uuid, vendor_class_len, now); ++ netid, subnet_addr, fqdn_flags, borken_opt, pxearch, uuid, vendor_class_len, now, 0xffffffff, 0); + + *is_inform = 1; /* handle reply differently */ + return dhcp_packet_size(mess, agent_id, real_end); +@@ -2137,7 +2127,9 @@ static void do_options(struct dhcp_context *context, + int null_term, int pxe_arch, + unsigned char *uuid, + int vendor_class_len, +- time_t now) ++ time_t now, ++ unsigned int lease_time, ++ unsigned short fuzz) + { + struct dhcp_opt *opt, *config_opts = daemon->dhcp_opts; + struct dhcp_boot *boot; +@@ -2261,7 +2253,42 @@ static void do_options(struct dhcp_context *context, + /* rfc3011 says this doesn't need to be in the requested options list. */ + if (subnet_addr.s_addr) + option_put(mess, end, OPTION_SUBNET_SELECT, INADDRSZ, ntohl(subnet_addr.s_addr)); +- ++ ++ if (lease_time != 0xffffffff) ++ { ++ unsigned int t1val = lease_time/2; ++ unsigned int t2val = (lease_time*7)/8; ++ unsigned int hval; ++ ++ /* If set by user, sanity check, so not longer than lease. */ ++ if ((opt = option_find2(OPTION_T1))) ++ { ++ hval = ntohl(*((unsigned int *)opt->val)); ++ if (hval < lease_time && hval > 2) ++ t1val = hval; ++ } ++ ++ if ((opt = option_find2(OPTION_T2))) ++ { ++ hval = ntohl(*((unsigned int *)opt->val)); ++ if (hval < lease_time && hval > 2) ++ t2val = hval; ++ } ++ ++ while (fuzz > (t1val/8)) ++ fuzz = fuzz/2; ++ ++ t1val -= fuzz; ++ t2val -= fuzz; ++ ++ /* ensure T1 is still < T2 */ ++ if (t2val <= t1val) ++ t1val = t2val - 1; ++ ++ option_put(mess, end, OPTION_T1, 4, t1val); ++ option_put(mess, end, OPTION_T2, 4, t2val); ++ } ++ + /* replies to DHCPINFORM may not have a valid context */ + if (context) + { +@@ -2356,12 +2383,14 @@ static void do_options(struct dhcp_context *context, + if (!(opt->flags & DHOPT_FORCE) && !in_list(req_options, optno)) + continue; + +- /* prohibit some used-internally options */ ++ /* prohibit some used-internally options. T1 and T2 already handled. */ + if (optno == OPTION_CLIENT_FQDN || + optno == OPTION_MAXMESSAGE || + optno == OPTION_OVERLOAD || + optno == OPTION_PAD || +- optno == OPTION_END) ++ optno == OPTION_END || ++ optno == OPTION_T1 || ++ optno == OPTION_T2) + continue; + + if (optno == OPTION_SNAME && done_server) +-- +2.1.0 + diff --git a/src/patches/dnsmasq/0093-Tweak-last-commit.patch b/src/patches/dnsmasq/0093-Tweak-last-commit.patch new file mode 100644 index 0000000..578e764 --- /dev/null +++ b/src/patches/dnsmasq/0093-Tweak-last-commit.patch @@ -0,0 +1,37 @@ +From 7c0f2543a7e761d1ec82738374556beeb8a35bef Mon Sep 17 00:00:00 2001 +From: Simon Kelley simon@thekelleys.org.uk +Date: Thu, 14 May 2015 21:16:18 +0100 +Subject: [PATCH 93/98] Tweak last commit. + +--- + src/rfc2131.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/src/rfc2131.c b/src/rfc2131.c +index a10e499ef768..b95f9beadf59 100644 +--- a/src/rfc2131.c ++++ b/src/rfc2131.c +@@ -2275,16 +2275,16 @@ static void do_options(struct dhcp_context *context, + t2val = hval; + } + ++ /* ensure T1 is still < T2 */ ++ if (t2val <= t1val) ++ t1val = t2val - 1; ++ + while (fuzz > (t1val/8)) + fuzz = fuzz/2; + + t1val -= fuzz; + t2val -= fuzz; + +- /* ensure T1 is still < T2 */ +- if (t2val <= t1val) +- t1val = t2val - 1; +- + option_put(mess, end, OPTION_T1, 4, t1val); + option_put(mess, end, OPTION_T2, 4, t2val); + } +-- +2.1.0 + diff --git a/src/patches/dnsmasq/0094-Use-correct-DHCP-context-for-PXE-proxy-server-id.patch b/src/patches/dnsmasq/0094-Use-correct-DHCP-context-for-PXE-proxy-server-id.patch new file mode 100644 index 0000000..a7d7546 --- /dev/null +++ b/src/patches/dnsmasq/0094-Use-correct-DHCP-context-for-PXE-proxy-server-id.patch @@ -0,0 +1,29 @@ +From 62018e1f720fa11e83879111a4b1b3753b5c25bb Mon Sep 17 00:00:00 2001 +From: Simon Kelley simon@thekelleys.org.uk +Date: Thu, 14 May 2015 21:30:00 +0100 +Subject: [PATCH 94/98] Use correct DHCP context for PXE-proxy server-id. + +--- + src/rfc2131.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/rfc2131.c b/src/rfc2131.c +index b95f9beadf59..70d1e59530ad 100644 +--- a/src/rfc2131.c ++++ b/src/rfc2131.c +@@ -888,10 +888,10 @@ size_t dhcp_reply(struct dhcp_context *context, char *iface_name, int int_index, + + option_put(mess, end, OPTION_MESSAGE_TYPE, 1, + mess_type == DHCPDISCOVER ? DHCPOFFER : DHCPACK); +- option_put(mess, end, OPTION_SERVER_IDENTIFIER, INADDRSZ, htonl(context->local.s_addr)); ++ option_put(mess, end, OPTION_SERVER_IDENTIFIER, INADDRSZ, htonl(tmp->local.s_addr)); + pxe_misc(mess, end, uuid); + prune_vendor_opts(tagif_netid); +- do_encap_opts(pxe_opts(pxearch, tagif_netid, context->local, now), OPTION_VENDOR_CLASS_OPT, DHOPT_VENDOR_MATCH, mess, end, 0); ++ do_encap_opts(pxe_opts(pxearch, tagif_netid, tmp->local, now), OPTION_VENDOR_CLASS_OPT, DHOPT_VENDOR_MATCH, mess, end, 0); + + log_packet("PXE", NULL, emac, emac_len, iface_name, ignore ? "proxy-ignored" : "proxy", NULL, mess->xid); + log_tags(tagif_netid, ntohl(mess->xid)); +-- +2.1.0 + diff --git a/src/patches/dnsmasq/0095-Fix-buffer-overflow-introduced-in-2.73rc6.patch b/src/patches/dnsmasq/0095-Fix-buffer-overflow-introduced-in-2.73rc6.patch new file mode 100644 index 0000000..b1b06f2 --- /dev/null +++ b/src/patches/dnsmasq/0095-Fix-buffer-overflow-introduced-in-2.73rc6.patch @@ -0,0 +1,49 @@ +From 5d07d77e75e0f02bc0a8f6029ffbc8b371fa804e Mon Sep 17 00:00:00 2001 +From: Simon Kelley simon@thekelleys.org.uk +Date: Fri, 15 May 2015 18:13:06 +0100 +Subject: [PATCH 95/98] Fix buffer overflow introduced in 2.73rc6. + +Fix off-by-one in code which checks for over-long domain names +in received DNS packets. This enables buffer overflow attacks +which can certainly crash dnsmasq and may allow for arbitrary +code execution. The problem was introduced in commit b8f16556d, +release 2.73rc6, so has not escaped into any stable release. +Note that the off-by-one was in the label length determination, +so the buffer can be overflowed by as many bytes as there are +labels in the name - ie, many. + +Thanks to Ron Bowes, who used lcmatuf's afl-fuzz tool to find +the problem. +--- + src/rfc1035.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/src/rfc1035.c b/src/rfc1035.c +index 5e3f566fdbc5..a95241f83523 100644 +--- a/src/rfc1035.c ++++ b/src/rfc1035.c +@@ -94,8 +94,8 @@ int extract_name(struct dns_header *header, size_t plen, unsigned char **pp, + count = 256; + digs = ((count-1)>>2)+1; + +- /* output is [x<hex>/siz]. which is digs+6/7/8 chars */ +- namelen += digs+6; ++ /* output is [x<hex>/siz]. which is digs+7/8/9 chars */ ++ namelen += digs+7; + if (count > 9) + namelen++; + if (count > 99) +@@ -125,8 +125,8 @@ int extract_name(struct dns_header *header, size_t plen, unsigned char **pp, + } + else + { /* label_type = 0 -> label. */ +- namelen += l; +- if (namelen+1 >= MAXDNAME) ++ namelen += l + 1; /* include period */ ++ if (namelen >= MAXDNAME) + return 0; + if (!CHECK_LEN(header, p, plen, l)) + return 0; +-- +2.1.0 + diff --git a/src/patches/dnsmasq/0096-Remove-support-for-DNS-Extended-Label-Types.patch b/src/patches/dnsmasq/0096-Remove-support-for-DNS-Extended-Label-Types.patch new file mode 100644 index 0000000..db0a1e5 --- /dev/null +++ b/src/patches/dnsmasq/0096-Remove-support-for-DNS-Extended-Label-Types.patch @@ -0,0 +1,89 @@ +From 06568c663643b9ed1577d95efee69d734f427cf5 Mon Sep 17 00:00:00 2001 +From: Simon Kelley simon@thekelleys.org.uk +Date: Fri, 15 May 2015 20:43:48 +0100 +Subject: [PATCH 96/98] Remove support for DNS Extended Label Types. + +The support was only partial, and the whole concept is +now deprecated in the standards. +--- + src/rfc1035.c | 52 ++++------------------------------------------------ + 1 file changed, 4 insertions(+), 48 deletions(-) + +diff --git a/src/rfc1035.c b/src/rfc1035.c +index a95241f83523..56647b02ab4d 100644 +--- a/src/rfc1035.c ++++ b/src/rfc1035.c +@@ -77,53 +77,7 @@ int extract_name(struct dns_header *header, size_t plen, unsigned char **pp, + + p = l + (unsigned char *)header; + } +- else if (label_type == 0x80) +- return 0; /* reserved */ +- else if (label_type == 0x40) +- { /* ELT */ +- unsigned int count, digs; +- +- if ((l & 0x3f) != 1) +- return 0; /* we only understand bitstrings */ +- +- if (!isExtract) +- return 0; /* Cannot compare bitsrings */ +- +- count = *p++; +- if (count == 0) +- count = 256; +- digs = ((count-1)>>2)+1; +- +- /* output is [x<hex>/siz]. which is digs+7/8/9 chars */ +- namelen += digs+7; +- if (count > 9) +- namelen++; +- if (count > 99) +- namelen++; +- if (namelen+1 >= MAXDNAME) +- return 0; +- +- if (!CHECK_LEN(header, p, plen, (count-1)>>3)) +- return 0; +- +- *cp++ = '\'; +- *cp++ = '['; +- *cp++ = 'x'; +- for (j=0; j<digs; j++) +- { +- unsigned int dig; +- if (j%2 == 0) +- dig = *p >> 4; +- else +- dig = *p++ & 0x0f; +- +- *cp++ = dig < 10 ? dig + '0' : dig + 'A' - 10; +- } +- cp += sprintf((char *)cp, "/%d]", count); +- /* do this here to overwrite the zero char from sprintf */ +- *cp++ = '.'; +- } +- else ++ else if (label_type == 0x00) + { /* label_type = 0 -> label. */ + namelen += l + 1; /* include period */ + if (namelen >= MAXDNAME) +@@ -176,12 +130,14 @@ int extract_name(struct dns_header *header, size_t plen, unsigned char **pp, + retvalue = 2; + } + } +- ++ + if (isExtract) + *cp++ = '.'; + else if (*cp != 0 && *cp++ != '.') + retvalue = 2; + } ++ else ++ return 0; /* label types 0x40 and 0x80 not supported */ + } + } + +-- +2.1.0 + diff --git a/src/patches/dnsmasq/0097-Select-correct-DHCP-context-when-in-PXE-bootserver-m.patch b/src/patches/dnsmasq/0097-Select-correct-DHCP-context-when-in-PXE-bootserver-m.patch new file mode 100644 index 0000000..b9f2e63 --- /dev/null +++ b/src/patches/dnsmasq/0097-Select-correct-DHCP-context-when-in-PXE-bootserver-m.patch @@ -0,0 +1,26 @@ +From 7f8565b94ca52dde31f7688a9f9a0cc611d9dae3 Mon Sep 17 00:00:00 2001 +From: Simon Kelley simon@thekelleys.org.uk +Date: Tue, 19 May 2015 23:01:27 +0100 +Subject: [PATCH 97/98] Select correct DHCP context when in PXE bootserver + mode. + +--- + src/rfc2131.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/rfc2131.c b/src/rfc2131.c +index 70d1e59530ad..e602a21585c9 100644 +--- a/src/rfc2131.c ++++ b/src/rfc2131.c +@@ -805,7 +805,7 @@ size_t dhcp_reply(struct dhcp_context *context, char *iface_name, int int_index, + if (service->type == type) + break; + +- if (!service || !service->basename) ++ if (!service || !service->basename || !(context = narrow_context(context, mess->ciaddr, tagif_netid))) + return 0; + + clear_packet(mess, end); +-- +2.1.0 + diff --git a/src/patches/dnsmasq/0098-Tweak-immediately-previous-patch.patch b/src/patches/dnsmasq/0098-Tweak-immediately-previous-patch.patch new file mode 100644 index 0000000..1be4278 --- /dev/null +++ b/src/patches/dnsmasq/0098-Tweak-immediately-previous-patch.patch @@ -0,0 +1,33 @@ +From 549b1a478c5eee9dbd3a0709913a26ec29d30f2c Mon Sep 17 00:00:00 2001 +From: Simon Kelley simon@thekelleys.org.uk +Date: Wed, 20 May 2015 20:20:24 +0100 +Subject: [PATCH 98/98] Tweak immediately previous patch. + +--- + src/rfc2131.c | 9 +++++++-- + 1 file changed, 7 insertions(+), 2 deletions(-) + +diff --git a/src/rfc2131.c b/src/rfc2131.c +index e602a21585c9..9f69ed595903 100644 +--- a/src/rfc2131.c ++++ b/src/rfc2131.c +@@ -805,9 +805,14 @@ size_t dhcp_reply(struct dhcp_context *context, char *iface_name, int int_index, + if (service->type == type) + break; + +- if (!service || !service->basename || !(context = narrow_context(context, mess->ciaddr, tagif_netid))) +- return 0; ++ for (; context; context = context->current) ++ if (match_netid(context->filter, tagif_netid, 1) && ++ is_same_net(mess->ciaddr, context->start, context->netmask)) ++ break; + ++ if (!service || !service->basename || !context) ++ return 0; ++ + clear_packet(mess, end); + + mess->yiaddr = mess->ciaddr; +-- +2.1.0 +
hooks/post-receive -- IPFire 2.x development tree