From: git@ipfire.org
To: ipfire-scm@lists.ipfire.org
Subject: [git.ipfire.org] IPFire 2.x development tree branch, next, updated. 1ca232eb4c2655de8ca2adacb41fdc4c8e8f60ca
Date: Tue, 15 Sep 2015 00:33:52 +0200 [thread overview]
Message-ID: <20150914223354.49D64221CC@argus.ipfire.org> (raw)
[-- Attachment #1: Type: text/plain, Size: 16063 bytes --]
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, next has been updated
via 1ca232eb4c2655de8ca2adacb41fdc4c8e8f60ca (commit)
via f62ac3224c89a42f2d4dcff5e83b6731820a9b4d (commit)
via c97b3aa372ac888208043834204c9387c0fa3946 (commit)
via 6ee104aeb793aad605e6978708e88059274ea143 (commit)
from 253983268e74482b0e032daf398625544c3a370e (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 1ca232eb4c2655de8ca2adacb41fdc4c8e8f60ca
Merge: f62ac32 2539832
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Mon Sep 14 23:32:51 2015 +0100
Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next
commit f62ac3224c89a42f2d4dcff5e83b6731820a9b4d
Author: Matthias Fischer <matthias.fischer(a)ipfire.org>
Date: Sun Sep 13 21:03:38 2015 +0200
dnsmasq: latest upstream patches
dnsmasq: latest upstream patches
Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit c97b3aa372ac888208043834204c9387c0fa3946
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Mon Sep 14 23:21:32 2015 +0100
core94: Add changed snort initscript
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 6ee104aeb793aad605e6978708e88059274ea143
Author: Douglas Duckworth <planningbfun(a)gmail.com>
Date: Sat Sep 12 11:27:17 2015 -0500
snort: Remove trailing slash in pid path
Fixes: https://bugzilla.ipfire.org/show_bug.cgi?id=10924
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
-----------------------------------------------------------------------
Summary of changes:
config/rootfiles/core/94/filelists/files | 1 +
lfs/dnsmasq | 6 +++
src/initscripts/init.d/snort | 2 +-
.../004-fix_behaviour_of_empty_dhcp-option.patch | 38 ++++++++++++++++
...ution_to_ENOMEM_error_with_IPv6_multicast.patch | 50 ++++++++++++++++++++++
...page_on_RDNSS_set_in_router_advertisement.patch | 35 +++++++++++++++
...gned_dangling_CNAME_replies_to_DS_queries.patch | 30 +++++++++++++
...6_option_56_does_not_hold_an_address_list.patch | 25 +++++++++++
...pect_the_--no_resolv_flag_in_inotify_code.patch | 47 ++++++++++++++++++++
9 files changed, 233 insertions(+), 1 deletion(-)
create mode 100644 src/patches/dnsmasq/004-fix_behaviour_of_empty_dhcp-option.patch
create mode 100644 src/patches/dnsmasq/005-suggest_solution_to_ENOMEM_error_with_IPv6_multicast.patch
create mode 100644 src/patches/dnsmasq/006-clarify_man_page_on_RDNSS_set_in_router_advertisement.patch
create mode 100644 src/patches/dnsmasq/007-handle_signed_dangling_CNAME_replies_to_DS_queries.patch
create mode 100644 src/patches/dnsmasq/008-DHCPv6_option_56_does_not_hold_an_address_list.patch
create mode 100644 src/patches/dnsmasq/009-Respect_the_--no_resolv_flag_in_inotify_code.patch
Difference in files:
diff --git a/config/rootfiles/core/94/filelists/files b/config/rootfiles/core/94/filelists/files
index 9b08114..8ea8582 100644
--- a/config/rootfiles/core/94/filelists/files
+++ b/config/rootfiles/core/94/filelists/files
@@ -1,5 +1,6 @@
etc/system-release
etc/issue
+etc/rc.d/init.d/snort
etc/rc.d/init.d/sshd
srv/web/ipfire/cgi-bin/logs.cgi/log.dat
srv/web/ipfire/cgi-bin/mail.cgi
diff --git a/lfs/dnsmasq b/lfs/dnsmasq
index f16c761..db56091 100644
--- a/lfs/dnsmasq
+++ b/lfs/dnsmasq
@@ -76,6 +76,12 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/001-include_0_0_0_0_8_in_DNS_rebind_checks.patch
cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/002-enhance_add_subnet_to_allow_arbitary_subnet_addresses.patch
cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/003-dont_answer_non_auth_queries_for_auth_zones_locally_when_localise_queries_set.patch
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/004-fix_behaviour_of_empty_dhcp-option.patch
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/005-suggest_solution_to_ENOMEM_error_with_IPv6_multicast.patch
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/006-clarify_man_page_on_RDNSS_set_in_router_advertisement.patch
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/007-handle_signed_dangling_CNAME_replies_to_DS_queries.patch
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/008-DHCPv6_option_56_does_not_hold_an_address_list.patch
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/009-Respect_the_--no_resolv_flag_in_inotify_code.patch
cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq-Add-support-to-read-ISC-DHCP-lease-file.patch
cd $(DIR_APP) && sed -i src/config.h \
diff --git a/src/initscripts/init.d/snort b/src/initscripts/init.d/snort
index 42968d8..e03c80f 100644
--- a/src/initscripts/init.d/snort
+++ b/src/initscripts/init.d/snort
@@ -74,7 +74,7 @@ case "$1" in
for DEVICE in $DEVICES; do
boot_mesg "Starting Intrusion Detection System on $DEVICE..."
- /usr/sbin/snort -c /etc/snort/snort.conf -i $DEVICE -D -l /var/log/snort --create-pidfile --nolock-pidfile --pid-path /var/run/
+ /usr/sbin/snort -c /etc/snort/snort.conf -i $DEVICE -D -l /var/log/snort --create-pidfile --nolock-pidfile --pid-path /var/run
evaluate_retval
sleep 1
chmod 644 /var/run/snort_$DEVICE.pid
diff --git a/src/patches/dnsmasq/004-fix_behaviour_of_empty_dhcp-option.patch b/src/patches/dnsmasq/004-fix_behaviour_of_empty_dhcp-option.patch
new file mode 100644
index 0000000..492ada9
--- /dev/null
+++ b/src/patches/dnsmasq/004-fix_behaviour_of_empty_dhcp-option.patch
@@ -0,0 +1,38 @@
+From 5e3e464ac4022ee0b3794513abe510817e2cf3ca Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon(a)thekelleys.org.uk>
+Date: Tue, 25 Aug 2015 23:08:39 +0100
+Subject: [PATCH] Fix behaviour of empty dhcp-option=option6:dns-server, which
+ should inhibit sending option.
+
+---
+ src/rfc3315.c | 9 +++++----
+ 1 file changed, 5 insertions(+), 4 deletions(-)
+
+diff --git a/src/rfc3315.c b/src/rfc3315.c
+index 2665d0d..3f1f9ee 100644
+--- a/src/rfc3315.c
++++ b/src/rfc3315.c
+@@ -1320,15 +1320,16 @@ static struct dhcp_netid *add_options(struct state *state, int do_refresh)
+
+ if (opt_cfg->opt == OPTION6_REFRESH_TIME)
+ done_refresh = 1;
++
++ if (opt_cfg->opt == OPTION6_DNS_SERVER)
++ done_dns = 1;
+
+- if (opt_cfg->flags & DHOPT_ADDR6)
++ /* Empty DNS_SERVER option will not set DHOPT_ADDR6 */
++ if ((opt_cfg->flags & DHOPT_ADDR6) || opt_cfg->opt == OPTION6_DNS_SERVER)
+ {
+ int len, j;
+ struct in6_addr *a;
+
+- if (opt_cfg->opt == OPTION6_DNS_SERVER)
+- done_dns = 1;
+-
+ for (a = (struct in6_addr *)opt_cfg->val, len = opt_cfg->len, j = 0;
+ j < opt_cfg->len; j += IN6ADDRSZ, a++)
+ if ((IN6_IS_ADDR_ULA_ZERO(a) && IN6_IS_ADDR_UNSPECIFIED(state->ula_addr)) ||
+--
+1.7.10.4
+
diff --git a/src/patches/dnsmasq/005-suggest_solution_to_ENOMEM_error_with_IPv6_multicast.patch b/src/patches/dnsmasq/005-suggest_solution_to_ENOMEM_error_with_IPv6_multicast.patch
new file mode 100644
index 0000000..c7cee60
--- /dev/null
+++ b/src/patches/dnsmasq/005-suggest_solution_to_ENOMEM_error_with_IPv6_multicast.patch
@@ -0,0 +1,50 @@
+From 9cdcfe9f19ffd45bac4e5b459879bf7c50a287ed Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon(a)thekelleys.org.uk>
+Date: Wed, 26 Aug 2015 22:38:08 +0100
+Subject: [PATCH] Suggest solution to ENOMEM error with IPv6 multicast.
+
+---
+ src/network.c | 13 ++++++++++---
+ 1 file changed, 10 insertions(+), 3 deletions(-)
+
+diff --git a/src/network.c b/src/network.c
+index a1d90c8..819302f 100644
+--- a/src/network.c
++++ b/src/network.c
+@@ -1076,23 +1076,30 @@ void join_multicast(int dienow)
+
+ if ((daemon->doing_dhcp6 || daemon->relay6) &&
+ setsockopt(daemon->dhcp6fd, IPPROTO_IPV6, IPV6_JOIN_GROUP, &mreq, sizeof(mreq)) == -1)
+- err = 1;
++ err = errno;
+
+ inet_pton(AF_INET6, ALL_SERVERS, &mreq.ipv6mr_multiaddr);
+
+ if (daemon->doing_dhcp6 &&
+ setsockopt(daemon->dhcp6fd, IPPROTO_IPV6, IPV6_JOIN_GROUP, &mreq, sizeof(mreq)) == -1)
+- err = 1;
++ err = errno;
+
+ inet_pton(AF_INET6, ALL_ROUTERS, &mreq.ipv6mr_multiaddr);
+
+ if (daemon->doing_ra &&
+ setsockopt(daemon->icmp6fd, IPPROTO_IPV6, IPV6_JOIN_GROUP, &mreq, sizeof(mreq)) == -1)
+- err = 1;
++ err = errno;
+
+ if (err)
+ {
+ char *s = _("interface %s failed to join DHCPv6 multicast group: %s");
++ errno = err;
++
++#ifdef HAVE_LINUX_NETWORK
++ if (errno == ENOMEM)
++ my_syslog(LOG_ERR, _("try increasing /proc/sys/net/core/optmem_max"));
++#endif
++
+ if (dienow)
+ die(s, iface->name, EC_BADNET);
+ else
+--
+1.7.10.4
+
diff --git a/src/patches/dnsmasq/006-clarify_man_page_on_RDNSS_set_in_router_advertisement.patch b/src/patches/dnsmasq/006-clarify_man_page_on_RDNSS_set_in_router_advertisement.patch
new file mode 100644
index 0000000..19c76e6
--- /dev/null
+++ b/src/patches/dnsmasq/006-clarify_man_page_on_RDNSS_set_in_router_advertisement.patch
@@ -0,0 +1,35 @@
+From 20fd11e11a9d09edcea94de135396ae1541fbbab Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon(a)thekelleys.org.uk>
+Date: Wed, 26 Aug 2015 22:48:13 +0100
+Subject: [PATCH] Clarify man page on RDNSS set in router advertisement.
+
+---
+ man/dnsmasq.8 | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/man/dnsmasq.8 b/man/dnsmasq.8
+index a23c898..d51b10f 100644
+--- a/man/dnsmasq.8
++++ b/man/dnsmasq.8
+@@ -1687,15 +1687,15 @@ creation are handled by a different protocol. When DHCP is in use,
+ only a subset of this is needed, and dnsmasq can handle it, using
+ existing DHCP configuration to provide most data. When RA is enabled,
+ dnsmasq will advertise a prefix for each dhcp-range, with default
+-router and recursive DNS server as the relevant link-local address on
+-the machine running dnsmasq. By default, he "managed address" bits are set, and
++router as the relevant link-local address on
++the machine running dnsmasq. By default, the "managed address" bits are set, and
+ the "use SLAAC" bit is reset. This can be changed for individual
+ subnets with the mode keywords described in
+ .B --dhcp-range.
+ RFC6106 DNS parameters are included in the advertisements. By default,
+ the relevant link-local address of the machine running dnsmasq is sent
+ as recursive DNS server. If provided, the DHCPv6 options dns-server and
+-domain-search are used for RDNSS and DNSSL.
++domain-search are used for the DNS server (RDNSS) and the domain serach list (DNSSL).
+ .TP
+ .B --ra-param=<interface>,[high|low],[[<ra-interval>],<router lifetime>]
+ Set non-default values for router advertisements sent via an
+--
+1.7.10.4
+
diff --git a/src/patches/dnsmasq/007-handle_signed_dangling_CNAME_replies_to_DS_queries.patch b/src/patches/dnsmasq/007-handle_signed_dangling_CNAME_replies_to_DS_queries.patch
new file mode 100644
index 0000000..832a22e
--- /dev/null
+++ b/src/patches/dnsmasq/007-handle_signed_dangling_CNAME_replies_to_DS_queries.patch
@@ -0,0 +1,30 @@
+From 6de81f1250fd323c9155de065d5a9dc200a6f20b Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon(a)thekelleys.org.uk>
+Date: Wed, 9 Sep 2015 22:51:13 +0100
+Subject: [PATCH] Handle signed dangling CNAME replies to DS queries.
+
+---
+ src/dnssec.c | 7 ++-----
+ 1 file changed, 2 insertions(+), 5 deletions(-)
+
+diff --git a/src/dnssec.c b/src/dnssec.c
+index 4deda24..67ce486 100644
+--- a/src/dnssec.c
++++ b/src/dnssec.c
+@@ -1232,11 +1232,8 @@ int dnssec_validate_ds(time_t now, struct dns_header *header, size_t plen, char
+
+ /* If we return STAT_NO_SIG, name contains the name of the DS query */
+ if (val == STAT_NO_SIG)
+- {
+- *keyname = 0;
+- return val;
+- }
+-
++ return val;
++
+ /* If the key needed to validate the DS is on the same domain as the DS, we'll
+ loop getting nowhere. Stop that now. This can happen of the DS answer comes
+ from the DS's zone, and not the parent zone. */
+--
+1.7.10.4
+
diff --git a/src/patches/dnsmasq/008-DHCPv6_option_56_does_not_hold_an_address_list.patch b/src/patches/dnsmasq/008-DHCPv6_option_56_does_not_hold_an_address_list.patch
new file mode 100644
index 0000000..fdccd0e
--- /dev/null
+++ b/src/patches/dnsmasq/008-DHCPv6_option_56_does_not_hold_an_address_list.patch
@@ -0,0 +1,25 @@
+From 102208df695e886a3086754d32bf7f8c541fbe46 Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon(a)thekelleys.org.uk>
+Date: Thu, 10 Sep 2015 21:50:00 +0100
+Subject: [PATCH] DHCPv6 option 56 does not hold an address list. (RFC 5908).
+
+---
+ src/dhcp-common.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/dhcp-common.c b/src/dhcp-common.c
+index bc48f41..8fc171a 100644
+--- a/src/dhcp-common.c
++++ b/src/dhcp-common.c
+@@ -599,7 +599,7 @@ static const struct opttab_t opttab6[] = {
+ { "sntp-server", 31, OT_ADDR_LIST },
+ { "information-refresh-time", 32, OT_TIME },
+ { "FQDN", 39, OT_INTERNAL | OT_RFC1035_NAME },
+- { "ntp-server", 56, OT_ADDR_LIST },
++ { "ntp-server", 56, 0 },
+ { "bootfile-url", 59, OT_NAME },
+ { "bootfile-param", 60, OT_CSTRING },
+ { NULL, 0, 0 }
+--
+1.7.10.4
+
diff --git a/src/patches/dnsmasq/009-Respect_the_--no_resolv_flag_in_inotify_code.patch b/src/patches/dnsmasq/009-Respect_the_--no_resolv_flag_in_inotify_code.patch
new file mode 100644
index 0000000..2014fdb
--- /dev/null
+++ b/src/patches/dnsmasq/009-Respect_the_--no_resolv_flag_in_inotify_code.patch
@@ -0,0 +1,47 @@
+From 77607cbea0ad0f876dfb79c8b2c121ee400d57d0 Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon(a)thekelleys.org.uk>
+Date: Thu, 10 Sep 2015 23:08:43 +0100
+Subject: [PATCH] Respect the --no-resolv flag in inotify code.
+
+---
+ CHANGELOG | 7 ++++++-
+ debian/changelog | 6 ++++++
+ src/inotify.c | 3 +++
+ 3 files changed, 15 insertions(+), 1 deletion(-)
+
+diff --git a/CHANGELOG b/CHANGELOG
+index bbc2834..d6e309f 100644
+--- a/CHANGELOG
++++ b/CHANGELOG
+@@ -7,8 +7,13 @@ version 2.76
+
+ Enhance --add-subnet to allow arbitrary subnet addresses.
+ Thanks to Ed Barsley for the patch.
++
++ Respect the --no-resolv flag in inotify code. Fixes bug
++ which caused dnsmasq to fail to start if a resolv-file
++ was a dangling symbolic link, even of --no-resolv set.
++ Thanks to Alexander Kurtz for spotting the problem.
++
+
+-
+ version 2.75
+ Fix reversion on 2.74 which caused 100% CPU use when a
+ dhcp-script is configured. Thanks to Adrian Davey for
+diff --git a/src/inotify.c b/src/inotify.c
+index 52d412f..ef05c58 100644
+--- a/src/inotify.c
++++ b/src/inotify.c
+@@ -90,6 +90,9 @@ void inotify_dnsmasq_init()
+
+ if (daemon->inotifyfd == -1)
+ die(_("failed to create inotify: %s"), NULL, EC_MISC);
++
++ if (option_bool(OPT_NO_RESOLV))
++ return;
+
+ for (res = daemon->resolv_files; res; res = res->next)
+ {
+--
+1.7.10.4
+
hooks/post-receive
--
IPFire 2.x development tree
reply other threads:[~2015-09-14 22:33 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150914223354.49D64221CC@argus.ipfire.org \
--to=git@ipfire.org \
--cc=ipfire-scm@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox