[git.ipfire.org] IPFire 2.x development tree branch, next, updated. c2c233f5cb00238b2726e8484b0e11e9d5f76c1c

[git.ipfire.org] IPFire 2.x development tree branch, next, updated. c2c233f5cb00238b2726e8484b0e11e9d5f76c1c

[Michael Tremer]

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".

The branch, next has been updated
       via  c2c233f5cb00238b2726e8484b0e11e9d5f76c1c (commit)
       via  751cb9e48ff0ae461c22792a892a88dab8b3e931 (commit)
      from  a5b8b52cdd3610eeded4d3b06577171e464fbd7c (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit c2c233f5cb00238b2726e8484b0e11e9d5f76c1c
Author: Michael Tremer <michael.tremer@ipfire.org>
Date:   Wed May 27 11:55:49 2026 +0000

    knot resolver: There is no need to update automake
    
    ... when we are using meson to build this.
    
    Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

commit 751cb9e48ff0ae461c22792a892a88dab8b3e931
Author: Michael Tremer <michael.tremer@ipfire.org>
Date:   Wed May 27 11:55:29 2026 +0000

    knot resolver: Add patch to update TCP forwarding rules
    
    Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

-----------------------------------------------------------------------

Summary of changes:
 lfs/knot-resolver                                  |  2 +-
 ...resolver-6.3-policy-add-flag-to-force-TCP.patch | 37 ++++++++++++++++++++++
 2 files changed, 38 insertions(+), 1 deletion(-)
 create mode 100644 src/patches/knot-resolver-6.3-policy-add-flag-to-force-TCP.patch

Difference in files:
diff --git a/lfs/knot-resolver b/lfs/knot-resolver
index 5ca378f1e..eae063e40 100644
--- a/lfs/knot-resolver
+++ b/lfs/knot-resolver
@@ -70,7 +70,7 @@ $(subst %,%_BLAKE2,$(objects)) :
 $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	@$(PREBUILD)
 	@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
-	$(UPDATE_AUTOMAKE)
+	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/knot-resolver-6.3-policy-add-flag-to-force-TCP.patch
 	cd $(DIR_APP) && meson setup \
 		--prefix=/usr \
 		-Duser=knot-resolver \
diff --git a/src/patches/knot-resolver-6.3-policy-add-flag-to-force-TCP.patch b/src/patches/knot-resolver-6.3-policy-add-flag-to-force-TCP.patch
new file mode 100644
index 000000000..f19d5d3bb
--- /dev/null
+++ b/src/patches/knot-resolver-6.3-policy-add-flag-to-force-TCP.patch
@@ -0,0 +1,37 @@
+From 5a936de58bc68f6004f6beb5abbb7b7724c6320f Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Wed, 27 May 2026 11:41:27 +0000
+Subject: [PATCH] policy: Add flag to force TCP as transport
+
+This is already implemented in the backend, but the flag has not been
+exposed. This patch adds the flag so that any forwarders will be
+connected to using TCP.
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ modules/policy/policy.lua | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/modules/policy/policy.lua b/modules/policy/policy.lua
+index 77fa29a71..88e235a8b 100644
+--- a/modules/policy/policy.lua
++++ b/modules/policy/policy.lua
+@@ -914,6 +914,7 @@ Throws lua exceptions when detecting something fishy.
+       i.e. we trust their DNSSEC validation.
+     - for auths this inserts a negative trust anchor
+       Beware that setting .set_insecure() *later* would override that.
++  .tcp to force transport over TCP
+ \param targets same format as policy.TLS_FORWARD() except that `tls = true`
+                can be specified for each address (defaults to false)
+ --]]
+@@ -924,6 +925,7 @@ function policy.rule_forward_add(subtree, options, targets)
+ 			{
+ 				is_nods = options.dnssec == false,
+ 				is_auth = options.auth,
++				is_tcp  = options.tcp
+ 			},
+ 			targets_3
+ 		) == 0)
+-- 
+2.47.3
+


hooks/post-receive
--
IPFire 2.x development tree