mirror of
https://github.com/vincentmli/bpfire.git
synced 2026-04-11 03:25:54 +02:00
Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next
This commit is contained in:
Matthias Fischer
@@ -1,9 +1,9 @@
|
||||
Applejuice;apple;off;
|
||||
Ares;ares;off;
|
||||
Bittorrent;bit;off;
|
||||
DirectConnect;dc;off;
|
||||
Edonkey;edk;off;
|
||||
Gnutella;gnu;off;
|
||||
KaZaA;kazaa;off;
|
||||
SoulSeek;soul;off;
|
||||
WinMX;winmx;off;
|
||||
Applejuice;apple;on;
|
||||
Ares;ares;on;
|
||||
Bittorrent;bit;on;
|
||||
DirectConnect;dc;on;
|
||||
Edonkey;edk;on;
|
||||
Gnutella;gnu;on;
|
||||
KaZaA;kazaa;on;
|
||||
SoulSeek;soul;on;
|
||||
WinMX;winmx;on;
|
||||
|
||||
11
lfs/dnsmasq
11
lfs/dnsmasq
@@ -160,6 +160,17 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
|
||||
cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0085-Fix-argument-order-botch-which-broke-DNSSEC-for-TCP-.patch
|
||||
cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0086-Don-t-remove-RRSIG-RR-from-answers-to-ANY-queries-wh.patch
|
||||
cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0087-Constify-some-DHCP-lease-management-functions.patch
|
||||
cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0088-Handle-UDP-packet-loss-when-fragmentation-of-large-p.patch
|
||||
cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0089-Check-IPv4-mapped-IPv6-addresses-with-stop-rebind.patch
|
||||
cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0090-Tweak-EDNS-timeout-code.patch
|
||||
cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0091-Pointer-to-mail-archive-mailing-list-mirror-in-doc.h.patch
|
||||
cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0092-Allow-T1-and-T2-DHCPv4-options-to-be-set.patch
|
||||
cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0093-Tweak-last-commit.patch
|
||||
cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0094-Use-correct-DHCP-context-for-PXE-proxy-server-id.patch
|
||||
cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0095-Fix-buffer-overflow-introduced-in-2.73rc6.patch
|
||||
cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0096-Remove-support-for-DNS-Extended-Label-Types.patch
|
||||
cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0097-Select-correct-DHCP-context-when-in-PXE-bootserver-m.patch
|
||||
cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0098-Tweak-immediately-previous-patch.patch
|
||||
cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq-Add-support-to-read-ISC-DHCP-lease-file.patch
|
||||
cd $(DIR_APP) && sed -i src/config.h \
|
||||
-e 's|/\* #define HAVE_IDN \*/|#define HAVE_IDN|g' \
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From f2658275b25ebfe691cdcb9fede85a3088cca168 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Thu, 25 Sep 2014 21:51:25 +0100
|
||||
Subject: [PATCH 01/87] Add newline at the end of example config file.
|
||||
Subject: [PATCH 01/98] Add newline at the end of example config file.
|
||||
|
||||
---
|
||||
dnsmasq.conf.example | 2 +-
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 00cd9d551998307225312fd21f761cfa8868bd2c Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Thu, 2 Oct 2014 21:44:21 +0100
|
||||
Subject: [PATCH 02/87] crash at startup when an empty suffix is supplied to
|
||||
Subject: [PATCH 02/98] crash at startup when an empty suffix is supplied to
|
||||
--conf-dir
|
||||
|
||||
---
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 6ac3bc0452a74e16e3d620a0757b0f8caab182ec Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Fri, 3 Oct 2014 08:48:11 +0100
|
||||
Subject: [PATCH 03/87] Debian build fixes for kFreeBSD
|
||||
Subject: [PATCH 03/98] Debian build fixes for kFreeBSD
|
||||
|
||||
---
|
||||
src/tables.c | 6 +++++-
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From e9828b6f66b22ce8873f8d30a773137d1aef1b92 Mon Sep 17 00:00:00 2001
|
||||
From: Karl Vogel <karl.vogel@gmail.com>
|
||||
Date: Fri, 3 Oct 2014 21:45:15 +0100
|
||||
Subject: [PATCH 04/87] Set conntrack mark before connect() call.
|
||||
Subject: [PATCH 04/98] Set conntrack mark before connect() call.
|
||||
|
||||
SO_MARK has to be done before issuing the connect() call on the
|
||||
TCP socket.
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 17b475912f6a4e72797a543dad59d4d5dde6bb1b Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Collins <daniel.collins@smoothwall.net>
|
||||
Date: Fri, 3 Oct 2014 21:58:43 +0100
|
||||
Subject: [PATCH 05/87] Fix typo in new Dbus code.
|
||||
Subject: [PATCH 05/98] Fix typo in new Dbus code.
|
||||
|
||||
Simon's fault.
|
||||
---
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 3d9d2dd0018603a2ae4b9cd65ac6ff959f4fd8c7 Mon Sep 17 00:00:00 2001
|
||||
From: Tomas Hozza <thozza@redhat.com>
|
||||
Date: Mon, 6 Oct 2014 10:46:48 +0100
|
||||
Subject: [PATCH 06/87] Fit example conf file typo.
|
||||
Subject: [PATCH 06/98] Fit example conf file typo.
|
||||
|
||||
---
|
||||
dnsmasq.conf.example | 2 +-
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From b9ff5c8f435173cfa616e3c398bdc089ef690a07 Mon Sep 17 00:00:00 2001
|
||||
From: Vladislav Grishenko <themiron@mail.ru>
|
||||
Date: Mon, 6 Oct 2014 14:34:24 +0100
|
||||
Subject: [PATCH 07/87] Improve RFC-compliance when unable to supply addresses
|
||||
Subject: [PATCH 07/98] Improve RFC-compliance when unable to supply addresses
|
||||
in DHCPv6
|
||||
|
||||
While testing https://github.com/sbyx/odhcp6c client I have noticed it
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 98906275a02ae260fe3f82133bd79054f8315f06 Mon Sep 17 00:00:00 2001
|
||||
From: Hans Dedecker <dedeckeh@gmail.com>
|
||||
Date: Tue, 9 Dec 2014 22:22:53 +0000
|
||||
Subject: [PATCH 08/87] Fix conntrack with --bind-interfaces
|
||||
Subject: [PATCH 08/98] Fix conntrack with --bind-interfaces
|
||||
|
||||
Make sure dst_addr is assigned the correct address in receive_query when OPTNOWILD is
|
||||
enabled so the assigned mark can be correctly retrieved and set in forward_query when
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 193de4abf59e49c6b70d54cfe9720fcb95ca2f71 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Wed, 10 Dec 2014 17:32:16 +0000
|
||||
Subject: [PATCH 09/87] Use inotify instead of polling on Linux.
|
||||
Subject: [PATCH 09/98] Use inotify instead of polling on Linux.
|
||||
|
||||
This should solve problems people are seeing when a file changes
|
||||
twice within a second and thus is missed for polling.
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 857973e6f7e0a3d03535a9df7f9373fd7a0b65cc Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Mon, 15 Dec 2014 15:58:13 +0000
|
||||
Subject: [PATCH 10/87] Teach the new inotify code about symlinks.
|
||||
Subject: [PATCH 10/98] Teach the new inotify code about symlinks.
|
||||
|
||||
---
|
||||
src/inotify.c | 43 +++++++++++++++++++++++++++----------------
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 800c5cc1e7438818fd80f08c2d472df249a6942d Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Mon, 15 Dec 2014 17:50:15 +0000
|
||||
Subject: [PATCH 11/87] Remove floor on EDNS0 packet size with DNSSEC.
|
||||
Subject: [PATCH 11/98] Remove floor on EDNS0 packet size with DNSSEC.
|
||||
|
||||
---
|
||||
CHANGELOG | 6 +++++-
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From ad946d555dce44eb690c7699933b6ff40ab85bb6 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Mon, 15 Dec 2014 17:52:22 +0000
|
||||
Subject: [PATCH 12/87] CHANGELOG re. inotify.
|
||||
Subject: [PATCH 12/98] CHANGELOG re. inotify.
|
||||
|
||||
---
|
||||
CHANGELOG | 4 ++++
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 3ad3f3bbd4ee716a7d2fb1e115cf89bd1b1a5de9 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Tue, 16 Dec 2014 18:25:17 +0000
|
||||
Subject: [PATCH 13/87] Fix breakage of --domain=<domain>,<subnet>,local
|
||||
Subject: [PATCH 13/98] Fix breakage of --domain=<domain>,<subnet>,local
|
||||
|
||||
---
|
||||
CHANGELOG | 4 ++++
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From bd9520b7ade7098ee423acc38965376aa57feb07 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Tue, 16 Dec 2014 20:41:29 +0000
|
||||
Subject: [PATCH 14/87] Remove redundant IN6_IS_ADDR_ULA(a) macro defn.
|
||||
Subject: [PATCH 14/98] Remove redundant IN6_IS_ADDR_ULA(a) macro defn.
|
||||
|
||||
---
|
||||
src/network.c | 4 ----
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 476693678e778886b64d0b56e27eb7695cbcca99 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Wed, 17 Dec 2014 12:41:56 +0000
|
||||
Subject: [PATCH 15/87] Eliminate IPv6 privacy addresses from --interface-name
|
||||
Subject: [PATCH 15/98] Eliminate IPv6 privacy addresses from --interface-name
|
||||
answers.
|
||||
|
||||
---
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 3267804598047bd1781cab91508d1bc516e5ddbb Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Wed, 17 Dec 2014 20:38:20 +0000
|
||||
Subject: [PATCH 16/87] Tweak field width in cache dump to avoid truncating
|
||||
Subject: [PATCH 16/98] Tweak field width in cache dump to avoid truncating
|
||||
IPv6 addresses.
|
||||
|
||||
---
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 094b5c3d904bae9aeb3206d9f3b8348926b84975 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Sun, 21 Dec 2014 16:11:52 +0000
|
||||
Subject: [PATCH 17/87] Fix crash in DNSSEC code when attempting to verify
|
||||
Subject: [PATCH 17/98] Fix crash in DNSSEC code when attempting to verify
|
||||
large RRs.
|
||||
|
||||
---
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From cbc652423403e3cef00e00240f6beef713142246 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Sun, 21 Dec 2014 21:21:53 +0000
|
||||
Subject: [PATCH 18/87] Make caching work for CNAMEs pointing to A/AAAA records
|
||||
Subject: [PATCH 18/98] Make caching work for CNAMEs pointing to A/AAAA records
|
||||
shadowed in /etc/hosts
|
||||
|
||||
If the answer to an upstream query is a CNAME which points to an
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From fbc5205702c7f6f431d9f1043c553d7fb62ddfdb Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Tue, 23 Dec 2014 15:46:08 +0000
|
||||
Subject: [PATCH 19/87] Fix problems validating NSEC3 and wildcards.
|
||||
Subject: [PATCH 19/98] Fix problems validating NSEC3 and wildcards.
|
||||
|
||||
---
|
||||
src/dnssec.c | 253 ++++++++++++++++++++++++++++++-----------------------------
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 83d2ed09fc0216b567d7fb2197e4ff3eae150b0d Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Tue, 23 Dec 2014 18:42:38 +0000
|
||||
Subject: [PATCH 20/87] Initialise return value.
|
||||
Subject: [PATCH 20/98] Initialise return value.
|
||||
|
||||
---
|
||||
src/dnssec.c | 7 +++++--
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 32fc6dbe03569d70dd394420ceb73532cf303c33 Mon Sep 17 00:00:00 2001
|
||||
From: Glen Huang <curvedmark@gmail.com>
|
||||
Date: Sat, 27 Dec 2014 15:28:12 +0000
|
||||
Subject: [PATCH 21/87] Add --ignore-address option.
|
||||
Subject: [PATCH 21/98] Add --ignore-address option.
|
||||
|
||||
---
|
||||
CHANGELOG | 8 ++++++++
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 0b1008d367d44e77352134a4c5178f896f0db3e7 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Sat, 27 Dec 2014 15:33:32 +0000
|
||||
Subject: [PATCH 22/87] Bad packet protection.
|
||||
Subject: [PATCH 22/98] Bad packet protection.
|
||||
|
||||
---
|
||||
src/dnssec.c | 2 +-
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From d310ab7ecbffce79d3d90debba621e0222f9bced Mon Sep 17 00:00:00 2001
|
||||
From: Matthias Andree <matthias.andree@gmx.de>
|
||||
Date: Sat, 27 Dec 2014 15:36:38 +0000
|
||||
Subject: [PATCH 23/87] Fix build failure in new inotify code on BSD.
|
||||
Subject: [PATCH 23/98] Fix build failure in new inotify code on BSD.
|
||||
|
||||
---
|
||||
src/inotify.c | 4 ++--
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 81c538efcebfce2ce4a1d3a420b6c885b8f08df9 Mon Sep 17 00:00:00 2001
|
||||
From: Yousong Zhou <yszhou4tech@gmail.com>
|
||||
Date: Sat, 3 Jan 2015 16:36:14 +0000
|
||||
Subject: [PATCH 24/87] Implement makefile dependencies on COPTS variable.
|
||||
Subject: [PATCH 24/98] Implement makefile dependencies on COPTS variable.
|
||||
|
||||
---
|
||||
.gitignore | 2 +-
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From d8dbd903d024f84a149dac2f8a674a68dfed47a3 Mon Sep 17 00:00:00 2001
|
||||
From: Yousong Zhou <yszhou4tech@gmail.com>
|
||||
Date: Mon, 5 Jan 2015 17:03:35 +0000
|
||||
Subject: [PATCH 25/87] Fix race condition issue in makefile.
|
||||
Subject: [PATCH 25/98] Fix race condition issue in makefile.
|
||||
|
||||
---
|
||||
Makefile | 4 +++-
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 97e618a0e3f29465acc689d87288596b006f197e Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Wed, 7 Jan 2015 21:55:43 +0000
|
||||
Subject: [PATCH 26/87] DNSSEC: do top-down search for limit of secure
|
||||
Subject: [PATCH 26/98] DNSSEC: do top-down search for limit of secure
|
||||
delegation.
|
||||
|
||||
---
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 25cf5e373eb41c088d4ee5e625209c4cf6a5659e Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Fri, 9 Jan 2015 15:53:03 +0000
|
||||
Subject: [PATCH 27/87] Add --log-queries=extra option for more complete
|
||||
Subject: [PATCH 27/98] Add --log-queries=extra option for more complete
|
||||
logging.
|
||||
|
||||
---
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 28de38768e2c7d763b9aa5b7a4d251d5e56bab0b Mon Sep 17 00:00:00 2001
|
||||
From: RinSatsuki <aa65535@live.com>
|
||||
Date: Sat, 10 Jan 2015 15:22:21 +0000
|
||||
Subject: [PATCH 28/87] Add --min-cache-ttl option.
|
||||
Subject: [PATCH 28/98] Add --min-cache-ttl option.
|
||||
|
||||
---
|
||||
CHANGELOG | 7 +++++++
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 9f79ee4ae34886c0319f06d8f162b81ef79d62fb Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Mon, 12 Jan 2015 20:18:18 +0000
|
||||
Subject: [PATCH 29/87] Log port of requestor when doing extra logging.
|
||||
Subject: [PATCH 29/98] Log port of requestor when doing extra logging.
|
||||
|
||||
---
|
||||
src/cache.c | 6 +++---
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 5e321739db381a1d7b5964d76e9c81471d2564c9 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Mon, 12 Jan 2015 23:16:56 +0000
|
||||
Subject: [PATCH 30/87] Don't answer from cache RRsets from wildcards, as we
|
||||
Subject: [PATCH 30/98] Don't answer from cache RRsets from wildcards, as we
|
||||
don't have NSECs.
|
||||
|
||||
---
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From ae4624bf46b5e37ff1a9a2ba3c927e0dede95adb Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Mon, 12 Jan 2015 23:22:08 +0000
|
||||
Subject: [PATCH 31/87] Logs for DS records consistent.
|
||||
Subject: [PATCH 31/98] Logs for DS records consistent.
|
||||
|
||||
---
|
||||
src/rfc1035.c | 2 +-
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 393415597c8b5b09558b789ab9ac238dbe3db65d Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Sun, 18 Jan 2015 22:11:10 +0000
|
||||
Subject: [PATCH 32/87] Cope with multiple interfaces with the same LL address.
|
||||
Subject: [PATCH 32/98] Cope with multiple interfaces with the same LL address.
|
||||
|
||||
---
|
||||
CHANGELOG | 4 ++++
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 2ae195f5a71f7c5a75717845de1bd72fc7dd67f3 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Sun, 18 Jan 2015 22:20:48 +0000
|
||||
Subject: [PATCH 33/87] Don't treat SERVFAIL as a recoverable error.....
|
||||
Subject: [PATCH 33/98] Don't treat SERVFAIL as a recoverable error.....
|
||||
|
||||
---
|
||||
src/forward.c | 2 +-
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 5f4dc5c6ca50655ab14f572c7e30815ed74cd51a Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Tue, 20 Jan 2015 20:51:02 +0000
|
||||
Subject: [PATCH 34/87] Add --dhcp-hostsdir config option.
|
||||
Subject: [PATCH 34/98] Add --dhcp-hostsdir config option.
|
||||
|
||||
---
|
||||
CHANGELOG | 5 +++
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From fbf01f7046e75f9aa73fd4aab2a94e43386d9052 Mon Sep 17 00:00:00 2001
|
||||
From: Conrad Kostecki <ck@conrad-kostecki.de>
|
||||
Date: Tue, 20 Jan 2015 21:07:56 +0000
|
||||
Subject: [PATCH 35/87] Update German translation.
|
||||
Subject: [PATCH 35/98] Update German translation.
|
||||
|
||||
---
|
||||
po/de.po | 101 +++++++++++++++++++++++++++++----------------------------------
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 61b838dd574c51d96fef100285a0d225824534f9 Mon Sep 17 00:00:00 2001
|
||||
From: Win King Wan <pinwing+dnsmasq@gmail.com>
|
||||
Date: Wed, 21 Jan 2015 20:41:48 +0000
|
||||
Subject: [PATCH 36/87] Don't reply to DHCPv6 SOLICIT messages when not
|
||||
Subject: [PATCH 36/98] Don't reply to DHCPv6 SOLICIT messages when not
|
||||
configured for statefull DHCPv6.
|
||||
|
||||
---
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 0491805d2ff6e7727f0272c94fd97d9897d1e22c Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Mon, 26 Jan 2015 11:23:43 +0000
|
||||
Subject: [PATCH 37/87] Allow inotify to be disabled at compile time on Linux.
|
||||
Subject: [PATCH 37/98] Allow inotify to be disabled at compile time on Linux.
|
||||
|
||||
---
|
||||
CHANGELOG | 4 +++-
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 70d1873dd9e70041ed4bb88c69d5b886b7cc634c Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Sat, 31 Jan 2015 19:59:29 +0000
|
||||
Subject: [PATCH 38/87] Expand inotify code to dhcp-hostsdir, dhcp-optsdir and
|
||||
Subject: [PATCH 38/98] Expand inotify code to dhcp-hostsdir, dhcp-optsdir and
|
||||
hostsdir.
|
||||
|
||||
---
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From aff3396280e944833f0e23d834aa6acd5fe2605a Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Sat, 31 Jan 2015 20:13:40 +0000
|
||||
Subject: [PATCH 39/87] Update copyrights for dawn of 2015.
|
||||
Subject: [PATCH 39/98] Update copyrights for dawn of 2015.
|
||||
|
||||
---
|
||||
Makefile | 2 +-
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 3d04f46334d0e345f589eda1372e638b946fe637 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Sat, 31 Jan 2015 21:59:13 +0000
|
||||
Subject: [PATCH 40/87] inotify documentation updates.
|
||||
Subject: [PATCH 40/98] inotify documentation updates.
|
||||
|
||||
---
|
||||
man/dnsmasq.8 | 11 +++++++++--
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 6ef15b34ca83c62a939f69356d5c3f7a6bfef3d0 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Sat, 31 Jan 2015 22:44:26 +0000
|
||||
Subject: [PATCH 41/87] Fix broken ECDSA DNSSEC signatures.
|
||||
Subject: [PATCH 41/98] Fix broken ECDSA DNSSEC signatures.
|
||||
|
||||
---
|
||||
CHANGELOG | 2 ++
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 106266761828a0acb006346ae47bf031dee46a5d Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Sun, 1 Feb 2015 00:15:16 +0000
|
||||
Subject: [PATCH 42/87] BSD make support
|
||||
Subject: [PATCH 42/98] BSD make support
|
||||
|
||||
---
|
||||
Makefile | 6 ++++--
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 8d8a54ec79d9f96979fabbd97b1dd2ddebc7d78f Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Sun, 1 Feb 2015 21:48:46 +0000
|
||||
Subject: [PATCH 43/87] Fix build failure on openBSD.
|
||||
Subject: [PATCH 43/98] Fix build failure on openBSD.
|
||||
|
||||
---
|
||||
src/tables.c | 2 +-
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From d36b732c4cfa91ea09af64b5dc0f3a85a075e5bc Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Thi=C3=A9baud=20Weksteen?= <thiebaud@weksteen.fr>
|
||||
Date: Mon, 2 Feb 2015 21:37:27 +0000
|
||||
Subject: [PATCH 44/87] Manpage typo fix.
|
||||
Subject: [PATCH 44/98] Manpage typo fix.
|
||||
|
||||
---
|
||||
man/dnsmasq.8 | 2 +-
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 2941d3ac898cf84b544e47c9735c5e4111711db1 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Mon, 2 Feb 2015 22:36:42 +0000
|
||||
Subject: [PATCH 45/87] Fixup dhcp-configs after reading extra hostfiles with
|
||||
Subject: [PATCH 45/98] Fixup dhcp-configs after reading extra hostfiles with
|
||||
inotify.
|
||||
|
||||
---
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From f9c863708c6b0aea31ff7a466647685dc739de50 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Tue, 3 Feb 2015 21:52:48 +0000
|
||||
Subject: [PATCH 46/87] Extra logging for inotify code.
|
||||
Subject: [PATCH 46/98] Extra logging for inotify code.
|
||||
|
||||
---
|
||||
src/cache.c | 9 ++++-----
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From efb8b5566aafc1f3ce18514a2df93af5a2e4998c Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Sat, 7 Feb 2015 22:36:34 +0000
|
||||
Subject: [PATCH 47/87] man page typo.
|
||||
Subject: [PATCH 47/98] man page typo.
|
||||
|
||||
---
|
||||
man/dnsmasq.8 | 1 +
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From f4f400776b3c1aa303d1a0fcd500f0ab5bc970f2 Mon Sep 17 00:00:00 2001
|
||||
From: Shantanu Gadgil <shantanugadgil@yahoo.com>
|
||||
Date: Wed, 11 Feb 2015 20:16:59 +0000
|
||||
Subject: [PATCH 48/87] Fix get-version script which returned wrong tag in some
|
||||
Subject: [PATCH 48/98] Fix get-version script which returned wrong tag in some
|
||||
situations.
|
||||
|
||||
---
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 8ff70de618eb7de9147dbfbd4deca4a2dd62f0cb Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Sat, 14 Feb 2015 20:02:37 +0000
|
||||
Subject: [PATCH 49/87] Typos.
|
||||
Subject: [PATCH 49/98] Typos.
|
||||
|
||||
---
|
||||
src/inotify.c | 3 ++-
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From caeea190f12efd20139f694aac4942d1ac00019f Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Sat, 14 Feb 2015 20:08:56 +0000
|
||||
Subject: [PATCH 50/87] Make dynamic hosts files work when --no-hosts set.
|
||||
Subject: [PATCH 50/98] Make dynamic hosts files work when --no-hosts set.
|
||||
|
||||
---
|
||||
src/cache.c | 21 +++++++++++----------
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 28b879ac47b872af6e8c5e86d76806c69338434d Mon Sep 17 00:00:00 2001
|
||||
From: Chen Wei <weichen302@icloud.com>
|
||||
Date: Tue, 17 Feb 2015 22:07:35 +0000
|
||||
Subject: [PATCH 51/87] Fix trivial memory leaks to quieten valgrind.
|
||||
Subject: [PATCH 51/98] Fix trivial memory leaks to quieten valgrind.
|
||||
|
||||
---
|
||||
src/dnsmasq.c | 2 ++
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 0705a7e2d57654b27c7e14f35ca77241c1821f4d Mon Sep 17 00:00:00 2001
|
||||
From: Tomas Hozza <thozza@redhat.com>
|
||||
Date: Mon, 23 Feb 2015 21:26:26 +0000
|
||||
Subject: [PATCH 52/87] Fix uninitialized value used in get_client_mac()
|
||||
Subject: [PATCH 52/98] Fix uninitialized value used in get_client_mac()
|
||||
|
||||
---
|
||||
src/dhcp6.c | 4 +++-
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 47b9ac59c715827252ae6e6732903c3dabb697fb Mon Sep 17 00:00:00 2001
|
||||
From: Joachim Zobel <jz-2014@heute-morgen.de>
|
||||
Date: Mon, 23 Feb 2015 21:38:11 +0000
|
||||
Subject: [PATCH 53/87] Log parsing utils in contrib/reverse-dns
|
||||
Subject: [PATCH 53/98] Log parsing utils in contrib/reverse-dns
|
||||
|
||||
---
|
||||
contrib/reverse-dns/README | 18 ++++++++++++++++++
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From f6e62e2af96f5fa0d1e3d93167a93a8f09bf6e61 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Sun, 1 Mar 2015 18:17:54 +0000
|
||||
Subject: [PATCH 54/87] Add --dnssec-timestamp option and facility.
|
||||
Subject: [PATCH 54/98] Add --dnssec-timestamp option and facility.
|
||||
|
||||
---
|
||||
CHANGELOG | 6 +++++
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 9003b50b13da624ca45f3e0cf99abb623b8d026b Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Mon, 2 Mar 2015 22:47:23 +0000
|
||||
Subject: [PATCH 55/87] Fix last commit to not crash if uid changing not
|
||||
Subject: [PATCH 55/98] Fix last commit to not crash if uid changing not
|
||||
configured.
|
||||
|
||||
---
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 4c960fa90a975d20f75a1ecabd217247f1922c8f Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Wed, 4 Mar 2015 20:32:26 +0000
|
||||
Subject: [PATCH 56/87] New version of contrib/reverse-dns
|
||||
Subject: [PATCH 56/98] New version of contrib/reverse-dns
|
||||
|
||||
---
|
||||
contrib/reverse-dns/README | 22 +++---
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 360f2513ab12a9bf1e262d388dd2ea8a566590a3 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Sat, 7 Mar 2015 18:28:06 +0000
|
||||
Subject: [PATCH 57/87] Tweak DNSSEC timestamp code to create file later,
|
||||
Subject: [PATCH 57/98] Tweak DNSSEC timestamp code to create file later,
|
||||
removing need to chown it.
|
||||
|
||||
---
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From ff841ebf5a5d6864ff48571f607c32ce80dbb75a Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Wed, 11 Mar 2015 21:36:30 +0000
|
||||
Subject: [PATCH 58/87] Fix boilerplate code for re-running system calls on
|
||||
Subject: [PATCH 58/98] Fix boilerplate code for re-running system calls on
|
||||
EINTR and EAGAIN etc.
|
||||
|
||||
The nasty code with static variable in retry_send() which
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 979fe86bc8693f660eddea232ae39cbbb50b294c Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Thu, 19 Mar 2015 22:50:22 +0000
|
||||
Subject: [PATCH 59/87] Make --address=/example.com/ equivalent to
|
||||
Subject: [PATCH 59/98] Make --address=/example.com/ equivalent to
|
||||
--server=/example.com/
|
||||
|
||||
---
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 65c721200023ef0023114459a8d12f8b0a24cfd8 Mon Sep 17 00:00:00 2001
|
||||
From: Lung-Pin Chang <changlp@cs.nctu.edu.tw>
|
||||
Date: Thu, 19 Mar 2015 23:22:21 +0000
|
||||
Subject: [PATCH 60/87] dhcp: set outbound interface via cmsg in unicast reply
|
||||
Subject: [PATCH 60/98] dhcp: set outbound interface via cmsg in unicast reply
|
||||
|
||||
If multiple routes to the same network exist, Linux blindly picks
|
||||
the first interface (route) based on destination address, which might not be
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 8805283088d670baecb92569252c01cf754cda51 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Thu, 26 Mar 2015 21:15:43 +0000
|
||||
Subject: [PATCH 61/87] Don't fail DNSSEC when a signed CNAME dangles into an
|
||||
Subject: [PATCH 61/98] Don't fail DNSSEC when a signed CNAME dangles into an
|
||||
unsigned zone.
|
||||
|
||||
---
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 150162bc37170a6edae9d488435e836b1e4e3a4e Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Fri, 27 Mar 2015 09:58:26 +0000
|
||||
Subject: [PATCH 62/87] Return SERVFAIL when validation abandoned.
|
||||
Subject: [PATCH 62/98] Return SERVFAIL when validation abandoned.
|
||||
|
||||
---
|
||||
src/forward.c | 11 +++++++++--
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 0b8a5a30a77331974ba24a04e43e720585dfbc61 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Fri, 27 Mar 2015 11:44:55 +0000
|
||||
Subject: [PATCH 63/87] Protect against broken DNSSEC upstreams.
|
||||
Subject: [PATCH 63/98] Protect against broken DNSSEC upstreams.
|
||||
|
||||
---
|
||||
src/dnssec.c | 7 +++++--
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 1e153945def3c50d1e59ceea6a768db0ac770f98 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Sat, 28 Mar 2015 21:34:07 +0000
|
||||
Subject: [PATCH 64/87] DNSSEC fix for non-ascii characters in labels.
|
||||
Subject: [PATCH 64/98] DNSSEC fix for non-ascii characters in labels.
|
||||
|
||||
---
|
||||
src/dnssec.c | 34 +++++++++++++++++-----------------
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 394ff492da6af5da7e7d356be9586683bc5fc011 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Sun, 29 Mar 2015 22:17:14 +0100
|
||||
Subject: [PATCH 65/87] Allow control characters in names in the cache, handle
|
||||
Subject: [PATCH 65/98] Allow control characters in names in the cache, handle
|
||||
when logging.
|
||||
|
||||
---
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 794fccca7ffebfba4468bfffc6276b68bbf6afd9 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Sun, 29 Mar 2015 22:35:44 +0100
|
||||
Subject: [PATCH 66/87] Fix crash in last commit.
|
||||
Subject: [PATCH 66/98] Fix crash in last commit.
|
||||
|
||||
---
|
||||
src/cache.c | 7 ++++---
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From fd6ad9e481ab7c812a6b1515244908818cbb0442 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Mon, 30 Mar 2015 07:52:21 +0100
|
||||
Subject: [PATCH 67/87] Merge message translations.
|
||||
Subject: [PATCH 67/98] Merge message translations.
|
||||
|
||||
---
|
||||
po/de.po | 803 +++++++++++++++++++++++++++++++++--------------------------
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 30d0879ed55cb67b1b735beab3d93f3bb3ef1dd2 Mon Sep 17 00:00:00 2001
|
||||
From: Stefan Tomanek <stefan.tomanek+dnsmasq@wertarbyte.de>
|
||||
Date: Tue, 31 Mar 2015 22:32:11 +0100
|
||||
Subject: [PATCH 68/87] add --tftp-no-fail to ignore missing tftp root
|
||||
Subject: [PATCH 68/98] add --tftp-no-fail to ignore missing tftp root
|
||||
|
||||
---
|
||||
CHANGELOG | 3 +++
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 7aa970e2c7043201663d86a4b5d8cd5c592cef39 Mon Sep 17 00:00:00 2001
|
||||
From: Stefan Tomanek <stefan.tomanek+dnsmasq@wertarbyte.de>
|
||||
Date: Wed, 1 Apr 2015 17:55:07 +0100
|
||||
Subject: [PATCH 69/87] Whitespace fixes.
|
||||
Subject: [PATCH 69/98] Whitespace fixes.
|
||||
|
||||
---
|
||||
src/dnsmasq.c | 14 +++++++-------
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From fe3992f9fa69fa975ea31919c53933b5f6a63527 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Fri, 3 Apr 2015 21:25:05 +0100
|
||||
Subject: [PATCH 70/87] Return INSECURE, rather than BOGUS when DS proved not
|
||||
Subject: [PATCH 70/98] Return INSECURE, rather than BOGUS when DS proved not
|
||||
to exist.
|
||||
|
||||
Return INSECURE when validating DNS replies which have RRSIGs, but
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 982faf402487e265ed11ac03524531d42b03c966 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Fri, 3 Apr 2015 21:42:30 +0100
|
||||
Subject: [PATCH 71/87] Fix compiler warning when not including DNSSEC.
|
||||
Subject: [PATCH 71/98] Fix compiler warning when not including DNSSEC.
|
||||
|
||||
---
|
||||
src/forward.c | 3 ++-
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 04b0ac05377936d121a36873bb63d492cde292c9 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Mon, 6 Apr 2015 17:19:13 +0100
|
||||
Subject: [PATCH 72/87] Fix crash caused by looking up servers.bind when many
|
||||
Subject: [PATCH 72/98] Fix crash caused by looking up servers.bind when many
|
||||
servers defined.
|
||||
|
||||
---
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From ad4a8ff7d9097008d7623df8543df435bfddeac8 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Thu, 9 Apr 2015 21:48:00 +0100
|
||||
Subject: [PATCH 73/87] Fix crash on receipt of certain malformed DNS requests.
|
||||
Subject: [PATCH 73/98] Fix crash on receipt of certain malformed DNS requests.
|
||||
|
||||
---
|
||||
CHANGELOG | 3 +++
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 38440b204db65f9be16c4c3daa7e991e4356f6ed Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Sun, 12 Apr 2015 21:52:47 +0100
|
||||
Subject: [PATCH 74/87] Fix crash in auth code with odd configuration.
|
||||
Subject: [PATCH 74/98] Fix crash in auth code with odd configuration.
|
||||
|
||||
---
|
||||
CHANGELOG | 32 +++++++++++++++++++++-----------
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 78c6184752dce27849e36cce4360abc27b8d76d2 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Thu, 16 Apr 2015 15:05:30 +0100
|
||||
Subject: [PATCH 75/87] Auth: correct replies to NS and SOA in .arpa zones.
|
||||
Subject: [PATCH 75/98] Auth: correct replies to NS and SOA in .arpa zones.
|
||||
|
||||
---
|
||||
CHANGELOG | 8 ++++++++
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From b4c0f092d8ce63ea4763c0ac17aa8d24318ad301 Mon Sep 17 00:00:00 2001
|
||||
From: Stefan Tomanek <stefan.tomanek+dnsmasq@wertarbyte.de>
|
||||
Date: Thu, 16 Apr 2015 15:20:59 +0100
|
||||
Subject: [PATCH 76/87] Fix (srk induced) crash in new tftp_no_fail code.
|
||||
Subject: [PATCH 76/98] Fix (srk induced) crash in new tftp_no_fail code.
|
||||
|
||||
---
|
||||
src/dnsmasq.c | 6 ++++--
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 0df29f5e23fd2f16181847db1fcf3a8b392d869a Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Thu, 16 Apr 2015 15:24:52 +0100
|
||||
Subject: [PATCH 77/87] Note CVE-2015-3294
|
||||
Subject: [PATCH 77/98] Note CVE-2015-3294
|
||||
|
||||
---
|
||||
CHANGELOG | 3 +++
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 554b580e970275d5a869cb4fbfb2716f92b2f664 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Fri, 17 Apr 2015 22:50:20 +0100
|
||||
Subject: [PATCH 78/87] Log domain when reporting DNSSEC validation failure.
|
||||
Subject: [PATCH 78/98] Log domain when reporting DNSSEC validation failure.
|
||||
|
||||
---
|
||||
src/forward.c | 15 ++++++++++-----
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From a006eb7e1486023480ea40244720ef7aab51de71 Mon Sep 17 00:00:00 2001
|
||||
From: Moshe Levi <moshele@mellanox.com>
|
||||
Date: Sun, 19 Apr 2015 22:10:40 +0100
|
||||
Subject: [PATCH 79/87] Check IP address command line arg in dhcp_release.c
|
||||
Subject: [PATCH 79/98] Check IP address command line arg in dhcp_release.c
|
||||
|
||||
---
|
||||
contrib/wrt/dhcp_release.c | 5 +++++
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 338b340be9e7198f5c0f68133d070d6598a0814c Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Mon, 20 Apr 2015 21:34:05 +0100
|
||||
Subject: [PATCH 80/87] Revert 61b838dd574c51d96fef100285a0d225824534f9 and
|
||||
Subject: [PATCH 80/98] Revert 61b838dd574c51d96fef100285a0d225824534f9 and
|
||||
just quieten log instead.
|
||||
|
||||
---
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From cbe379ad6b52a538a4416a7cd992817e5637ccf9 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Tue, 21 Apr 2015 22:57:06 +0100
|
||||
Subject: [PATCH 81/87] Handle domain names with '.' or /000 within labels.
|
||||
Subject: [PATCH 81/98] Handle domain names with '.' or /000 within labels.
|
||||
|
||||
Only in DNSSEC mode, where we might need to validate or store
|
||||
such names. In none-DNSSEC mode, simply don't cache these, as before.
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From b8f16556d36924cd8dc7663cb4129d7b1f3fc2be Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Wed, 22 Apr 2015 21:14:31 +0100
|
||||
Subject: [PATCH 82/87] Tweaks to previous, DNS label charset commit.
|
||||
Subject: [PATCH 82/98] Tweaks to previous, DNS label charset commit.
|
||||
|
||||
---
|
||||
src/dns-protocol.h | 6 +++++-
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From a5ae1f85873829efe473075ad77806cc02792622 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Sat, 25 Apr 2015 21:46:10 +0100
|
||||
Subject: [PATCH 83/87] Logs in DHCPv6 not suppressed by dhcp6-quiet.
|
||||
Subject: [PATCH 83/98] Logs in DHCPv6 not suppressed by dhcp6-quiet.
|
||||
|
||||
---
|
||||
CHANGELOG | 6 +++++-
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 8efd731cc4ed2baa42aa69d0a9d336392e9987cb Mon Sep 17 00:00:00 2001
|
||||
From: "Johnny S. Lee" <_@jsl.io>
|
||||
Date: Sun, 26 Apr 2015 22:23:57 +0100
|
||||
Subject: [PATCH 84/87] Make get-version work when repo is a git submodule.
|
||||
Subject: [PATCH 84/98] Make get-version work when repo is a git submodule.
|
||||
|
||||
---
|
||||
bld/get-version | 5 +++--
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From e66b4dff3c562c7836d5be4c26972d665ad783f1 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Tue, 28 Apr 2015 20:45:57 +0100
|
||||
Subject: [PATCH 85/87] Fix argument-order botch which broke DNSSEC for TCP
|
||||
Subject: [PATCH 85/98] Fix argument-order botch which broke DNSSEC for TCP
|
||||
queries.
|
||||
|
||||
---
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 2ed162ac204f3609fe4d9f9a0430baeaa352d88f Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Tue, 28 Apr 2015 21:26:35 +0100
|
||||
Subject: [PATCH 86/87] Don't remove RRSIG RR from answers to ANY queries when
|
||||
Subject: [PATCH 86/98] Don't remove RRSIG RR from answers to ANY queries when
|
||||
the do bit is not set.
|
||||
|
||||
---
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 64bcff1c7c72eecda8750bc2dca8b4c5dc38a837 Mon Sep 17 00:00:00 2001
|
||||
From: Nicolas Cavallari <nicolas.cavallari@green-communications.fr>
|
||||
Date: Tue, 28 Apr 2015 21:55:18 +0100
|
||||
Subject: [PATCH 87/87] Constify some DHCP lease management functions.
|
||||
Subject: [PATCH 87/98] Constify some DHCP lease management functions.
|
||||
|
||||
---
|
||||
src/dnsmasq.h | 7 ++++---
|
||||
|
||||
@@ -0,0 +1,332 @@
|
||||
From a77cec8d58231d71cbc26615f0c0f0292c09ef54 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Fri, 8 May 2015 16:25:38 +0100
|
||||
Subject: [PATCH 88/98] Handle UDP packet loss when fragmentation of large
|
||||
packets is broken.
|
||||
|
||||
---
|
||||
CHANGELOG | 6 ++++++
|
||||
src/config.h | 1 +
|
||||
src/dnsmasq.h | 5 +++--
|
||||
src/dnssec.c | 11 +++++++++--
|
||||
src/forward.c | 37 +++++++++++++++++++++++++++++--------
|
||||
src/network.c | 1 +
|
||||
src/option.c | 18 +++++++++++-------
|
||||
src/rfc1035.c | 22 ++++++----------------
|
||||
8 files changed, 66 insertions(+), 35 deletions(-)
|
||||
|
||||
diff --git a/CHANGELOG b/CHANGELOG
|
||||
index af2b22cf8f73..d8fc57a418bb 100644
|
||||
--- a/CHANGELOG
|
||||
+++ b/CHANGELOG
|
||||
@@ -109,6 +109,12 @@ version 2.73
|
||||
by quiet-dhcp6. Thanks to J. Pablo Abonia for
|
||||
spotting the problem.
|
||||
|
||||
+ Try and handle net connections with broken fragmentation
|
||||
+ that lose large UDP packets. If a server times out,
|
||||
+ reduce the maximum UDP packet size field in the EDNS0
|
||||
+ header to 1280 bytes. If it then answers, make that
|
||||
+ change permanent.
|
||||
+
|
||||
|
||||
version 2.72
|
||||
Add ra-advrouter mode, for RFC-3775 mobile IPv6 support.
|
||||
diff --git a/src/config.h b/src/config.h
|
||||
index 8def6f200461..f75fe9db7081 100644
|
||||
--- a/src/config.h
|
||||
+++ b/src/config.h
|
||||
@@ -19,6 +19,7 @@
|
||||
#define CHILD_LIFETIME 150 /* secs 'till terminated (RFC1035 suggests > 120s) */
|
||||
#define TCP_MAX_QUERIES 100 /* Maximum number of queries per incoming TCP connection */
|
||||
#define EDNS_PKTSZ 4096 /* default max EDNS.0 UDP packet from RFC5625 */
|
||||
+#define SAFE_PKTSZ 1280 /* "go anywhere" UDP packet size */
|
||||
#define KEYBLOCK_LEN 40 /* choose to mininise fragmentation when storing DNSSEC keys */
|
||||
#define DNSSEC_WORK 50 /* Max number of queries to validate one question */
|
||||
#define TIMEOUT 10 /* drop UDP queries after TIMEOUT seconds */
|
||||
diff --git a/src/dnsmasq.h b/src/dnsmasq.h
|
||||
index 824a86009439..ab16f79b3ec9 100644
|
||||
--- a/src/dnsmasq.h
|
||||
+++ b/src/dnsmasq.h
|
||||
@@ -504,7 +504,7 @@ struct server {
|
||||
char interface[IF_NAMESIZE+1];
|
||||
struct serverfd *sfd;
|
||||
char *domain; /* set if this server only handles a domain. */
|
||||
- int flags, tcpfd;
|
||||
+ int flags, tcpfd, edns_pktsz;
|
||||
unsigned int queries, failed_queries;
|
||||
#ifdef HAVE_LOOP
|
||||
u32 uid;
|
||||
@@ -594,6 +594,7 @@ struct hostsfile {
|
||||
#define FREC_DO_QUESTION 64
|
||||
#define FREC_ADDED_PHEADER 128
|
||||
#define FREC_CHECK_NOSIGN 256
|
||||
+#define FREC_TEST_PKTSZ 512
|
||||
|
||||
#ifdef HAVE_DNSSEC
|
||||
#define HASH_SIZE 20 /* SHA-1 digest size */
|
||||
@@ -1148,7 +1149,7 @@ int in_zone(struct auth_zone *zone, char *name, char **cut);
|
||||
#endif
|
||||
|
||||
/* dnssec.c */
|
||||
-size_t dnssec_generate_query(struct dns_header *header, char *end, char *name, int class, int type, union mysockaddr *addr);
|
||||
+size_t dnssec_generate_query(struct dns_header *header, char *end, char *name, int class, int type, union mysockaddr *addr, int edns_pktsz);
|
||||
int dnssec_validate_by_ds(time_t now, struct dns_header *header, size_t n, char *name, char *keyname, int class);
|
||||
int dnssec_validate_ds(time_t now, struct dns_header *header, size_t plen, char *name, char *keyname, int class);
|
||||
int dnssec_validate_reply(time_t now, struct dns_header *header, size_t plen, char *name, char *keyname, int *class, int *neganswer, int *nons);
|
||||
diff --git a/src/dnssec.c b/src/dnssec.c
|
||||
index a9e12153ccf2..e91d7c2cf040 100644
|
||||
--- a/src/dnssec.c
|
||||
+++ b/src/dnssec.c
|
||||
@@ -2162,10 +2162,12 @@ int dnskey_keytag(int alg, int flags, unsigned char *key, int keylen)
|
||||
}
|
||||
}
|
||||
|
||||
-size_t dnssec_generate_query(struct dns_header *header, char *end, char *name, int class, int type, union mysockaddr *addr)
|
||||
+size_t dnssec_generate_query(struct dns_header *header, char *end, char *name, int class,
|
||||
+ int type, union mysockaddr *addr, int edns_pktsz)
|
||||
{
|
||||
unsigned char *p;
|
||||
char *types = querystr("dnssec-query", type);
|
||||
+ size_t ret;
|
||||
|
||||
if (addr->sa.sa_family == AF_INET)
|
||||
log_query(F_NOEXTRA | F_DNSSEC | F_IPV4, name, (struct all_addr *)&addr->in.sin_addr, types);
|
||||
@@ -2194,7 +2196,12 @@ size_t dnssec_generate_query(struct dns_header *header, char *end, char *name, i
|
||||
PUTSHORT(type, p);
|
||||
PUTSHORT(class, p);
|
||||
|
||||
- return add_do_bit(header, p - (unsigned char *)header, end);
|
||||
+ ret = add_do_bit(header, p - (unsigned char *)header, end);
|
||||
+
|
||||
+ if (find_pseudoheader(header, ret, NULL, &p, NULL))
|
||||
+ PUTSHORT(edns_pktsz, p);
|
||||
+
|
||||
+ return ret;
|
||||
}
|
||||
|
||||
/* Go through a domain name, find "pointers" and fix them up based on how many bytes
|
||||
diff --git a/src/forward.c b/src/forward.c
|
||||
index a8e403c4b25e..592243fd4d35 100644
|
||||
--- a/src/forward.c
|
||||
+++ b/src/forward.c
|
||||
@@ -253,6 +253,7 @@ static int forward_query(int udpfd, union mysockaddr *udpaddr,
|
||||
void *hash = &crc;
|
||||
#endif
|
||||
unsigned int gotname = extract_request(header, plen, daemon->namebuff, NULL);
|
||||
+ unsigned char *pheader;
|
||||
|
||||
(void)do_bit;
|
||||
|
||||
@@ -261,19 +262,32 @@ static int forward_query(int udpfd, union mysockaddr *udpaddr,
|
||||
forward = NULL;
|
||||
else if (forward || (hash && (forward = lookup_frec_by_sender(ntohs(header->id), udpaddr, hash))))
|
||||
{
|
||||
+ /* If we didn't get an answer advertising a maximal packet in EDNS,
|
||||
+ fall back to 1280, which should work everywhere on IPv6.
|
||||
+ If that generates an answer, it will become the new default
|
||||
+ for this server */
|
||||
+ forward->flags |= FREC_TEST_PKTSZ;
|
||||
+
|
||||
#ifdef HAVE_DNSSEC
|
||||
/* If we've already got an answer to this query, but we're awaiting keys for validation,
|
||||
there's no point retrying the query, retry the key query instead...... */
|
||||
if (forward->blocking_query)
|
||||
{
|
||||
int fd;
|
||||
-
|
||||
+
|
||||
+ forward->flags &= ~FREC_TEST_PKTSZ;
|
||||
+
|
||||
while (forward->blocking_query)
|
||||
forward = forward->blocking_query;
|
||||
+
|
||||
+ forward->flags |= FREC_TEST_PKTSZ;
|
||||
|
||||
blockdata_retrieve(forward->stash, forward->stash_len, (void *)header);
|
||||
plen = forward->stash_len;
|
||||
|
||||
+ if (find_pseudoheader(header, plen, NULL, &pheader, NULL))
|
||||
+ PUTSHORT((forward->flags & FREC_TEST_PKTSZ) ? SAFE_PKTSZ : forward->sentto->edns_pktsz, pheader);
|
||||
+
|
||||
if (forward->sentto->addr.sa.sa_family == AF_INET)
|
||||
log_query(F_NOEXTRA | F_DNSSEC | F_IPV4, "retry", (struct all_addr *)&forward->sentto->addr.in.sin_addr, "dnssec");
|
||||
#ifdef HAVE_IPV6
|
||||
@@ -417,7 +431,7 @@ static int forward_query(int udpfd, union mysockaddr *udpaddr,
|
||||
plen = new_plen;
|
||||
}
|
||||
#endif
|
||||
-
|
||||
+
|
||||
while (1)
|
||||
{
|
||||
/* only send to servers dealing with our domain.
|
||||
@@ -464,6 +478,9 @@ static int forward_query(int udpfd, union mysockaddr *udpaddr,
|
||||
}
|
||||
#endif
|
||||
}
|
||||
+
|
||||
+ if (find_pseudoheader(header, plen, NULL, &pheader, NULL))
|
||||
+ PUTSHORT((forward->flags & FREC_TEST_PKTSZ) ? SAFE_PKTSZ : start->edns_pktsz, pheader);
|
||||
|
||||
if (retry_send(sendto(fd, (char *)header, plen, 0,
|
||||
&start->addr.sa,
|
||||
@@ -760,7 +777,6 @@ void reply_query(int fd, int family, time_t now)
|
||||
}
|
||||
|
||||
server = forward->sentto;
|
||||
-
|
||||
if ((forward->sentto->flags & SERV_TYPE) == 0)
|
||||
{
|
||||
if (RCODE(header) == REFUSED)
|
||||
@@ -781,7 +797,12 @@ void reply_query(int fd, int family, time_t now)
|
||||
if (!option_bool(OPT_ALL_SERVERS))
|
||||
daemon->last_server = server;
|
||||
}
|
||||
-
|
||||
+
|
||||
+ /* We tried resending to this server with a smaller maximum size and got an answer.
|
||||
+ Make that permanent. */
|
||||
+ if (server && (forward->flags & FREC_TEST_PKTSZ))
|
||||
+ server->edns_pktsz = SAFE_PKTSZ;
|
||||
+
|
||||
/* If the answer is an error, keep the forward record in place in case
|
||||
we get a good reply from another server. Kill it when we've
|
||||
had replies from all to avoid filling the forwarding table when
|
||||
@@ -890,7 +911,7 @@ void reply_query(int fd, int family, time_t now)
|
||||
{
|
||||
new->flags |= FREC_DNSKEY_QUERY;
|
||||
nn = dnssec_generate_query(header, ((char *) header) + daemon->packet_buff_sz,
|
||||
- daemon->keyname, forward->class, T_DNSKEY, &server->addr);
|
||||
+ daemon->keyname, forward->class, T_DNSKEY, &server->addr, server->edns_pktsz);
|
||||
}
|
||||
else
|
||||
{
|
||||
@@ -899,7 +920,7 @@ void reply_query(int fd, int family, time_t now)
|
||||
else
|
||||
new->flags |= FREC_DS_QUERY;
|
||||
nn = dnssec_generate_query(header,((char *) header) + daemon->packet_buff_sz,
|
||||
- daemon->keyname, forward->class, T_DS, &server->addr);
|
||||
+ daemon->keyname, forward->class, T_DS, &server->addr, server->edns_pktsz);
|
||||
}
|
||||
if ((hash = hash_questions(header, nn, daemon->namebuff)))
|
||||
memcpy(new->hash, hash, HASH_SIZE);
|
||||
@@ -1526,7 +1547,7 @@ static int tcp_check_for_unsigned_zone(time_t now, struct dns_header *header, s
|
||||
|
||||
/* Can't find it in the cache, have to send a query */
|
||||
|
||||
- m = dnssec_generate_query(header, ((char *) header) + 65536, name_start, class, T_DS, &server->addr);
|
||||
+ m = dnssec_generate_query(header, ((char *) header) + 65536, name_start, class, T_DS, &server->addr, server->edns_pktsz);
|
||||
|
||||
*length = htons(m);
|
||||
|
||||
@@ -1638,7 +1659,7 @@ static int tcp_key_recurse(time_t now, int status, struct dns_header *header, si
|
||||
|
||||
another_tcp_key:
|
||||
m = dnssec_generate_query(new_header, ((char *) new_header) + 65536, keyname, class,
|
||||
- new_status == STAT_NEED_KEY ? T_DNSKEY : T_DS, &server->addr);
|
||||
+ new_status == STAT_NEED_KEY ? T_DNSKEY : T_DS, &server->addr, server->edns_pktsz);
|
||||
|
||||
*length = htons(m);
|
||||
|
||||
diff --git a/src/network.c b/src/network.c
|
||||
index 992f023c31de..a1d90c876fc1 100644
|
||||
--- a/src/network.c
|
||||
+++ b/src/network.c
|
||||
@@ -1396,6 +1396,7 @@ void add_update_server(int flags,
|
||||
serv->domain = domain_str;
|
||||
serv->next = next;
|
||||
serv->queries = serv->failed_queries = 0;
|
||||
+ serv->edns_pktsz = daemon->edns_pktsz;
|
||||
#ifdef HAVE_LOOP
|
||||
serv->uid = rand32();
|
||||
#endif
|
||||
diff --git a/src/option.c b/src/option.c
|
||||
index f91cfbb1aa54..c7add88de7ac 100644
|
||||
--- a/src/option.c
|
||||
+++ b/src/option.c
|
||||
@@ -4498,15 +4498,19 @@ void read_opts(int argc, char **argv, char *compile_opts)
|
||||
{
|
||||
struct server *tmp;
|
||||
for (tmp = daemon->servers; tmp; tmp = tmp->next)
|
||||
- if (!(tmp->flags & SERV_HAS_SOURCE))
|
||||
- {
|
||||
- if (tmp->source_addr.sa.sa_family == AF_INET)
|
||||
- tmp->source_addr.in.sin_port = htons(daemon->query_port);
|
||||
+ {
|
||||
+ tmp->edns_pktsz = daemon->edns_pktsz;
|
||||
+
|
||||
+ if (!(tmp->flags & SERV_HAS_SOURCE))
|
||||
+ {
|
||||
+ if (tmp->source_addr.sa.sa_family == AF_INET)
|
||||
+ tmp->source_addr.in.sin_port = htons(daemon->query_port);
|
||||
#ifdef HAVE_IPV6
|
||||
- else if (tmp->source_addr.sa.sa_family == AF_INET6)
|
||||
- tmp->source_addr.in6.sin6_port = htons(daemon->query_port);
|
||||
+ else if (tmp->source_addr.sa.sa_family == AF_INET6)
|
||||
+ tmp->source_addr.in6.sin6_port = htons(daemon->query_port);
|
||||
#endif
|
||||
- }
|
||||
+ }
|
||||
+ }
|
||||
}
|
||||
|
||||
if (daemon->if_addrs)
|
||||
diff --git a/src/rfc1035.c b/src/rfc1035.c
|
||||
index 5828055caa5d..8b1709dd3495 100644
|
||||
--- a/src/rfc1035.c
|
||||
+++ b/src/rfc1035.c
|
||||
@@ -552,7 +552,7 @@ static size_t add_pseudoheader(struct dns_header *header, size_t plen, unsigned
|
||||
return plen;
|
||||
*p++ = 0; /* empty name */
|
||||
PUTSHORT(T_OPT, p);
|
||||
- PUTSHORT(daemon->edns_pktsz, p); /* max packet length */
|
||||
+ PUTSHORT(SAFE_PKTSZ, p); /* max packet length, this will be overwritten */
|
||||
PUTSHORT(0, p); /* extended RCODE and version */
|
||||
PUTSHORT(set_do ? 0x8000 : 0, p); /* DO flag */
|
||||
lenp = p;
|
||||
@@ -1537,7 +1537,6 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
|
||||
unsigned short flag;
|
||||
int q, ans, anscount = 0, addncount = 0;
|
||||
int dryrun = 0, sec_reqd = 0, have_pseudoheader = 0;
|
||||
- int is_sign;
|
||||
struct crec *crecp;
|
||||
int nxdomain = 0, auth = 1, trunc = 0, sec_data = 1;
|
||||
struct mx_srv_record *rec;
|
||||
@@ -1557,28 +1556,19 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
|
||||
forward rather than answering from the cache, which doesn't include
|
||||
security information, unless we're in DNSSEC validation mode. */
|
||||
|
||||
- if (find_pseudoheader(header, qlen, NULL, &pheader, &is_sign))
|
||||
+ if (find_pseudoheader(header, qlen, NULL, &pheader, NULL))
|
||||
{
|
||||
- unsigned short udpsz, flags;
|
||||
- unsigned char *psave = pheader;
|
||||
-
|
||||
+ unsigned short flags;
|
||||
+
|
||||
have_pseudoheader = 1;
|
||||
|
||||
- GETSHORT(udpsz, pheader);
|
||||
- pheader += 2; /* ext_rcode */
|
||||
+ pheader += 4; /* udp size, ext_rcode */
|
||||
GETSHORT(flags, pheader);
|
||||
|
||||
if ((sec_reqd = flags & 0x8000))
|
||||
*do_bit = 1;/* do bit */
|
||||
- *ad_reqd = 1;
|
||||
-
|
||||
- /* If our client is advertising a larger UDP packet size
|
||||
- than we allow, trim it so that we don't get an overlarge
|
||||
- response from upstream */
|
||||
-
|
||||
- if (!is_sign && (udpsz > daemon->edns_pktsz))
|
||||
- PUTSHORT(daemon->edns_pktsz, psave);
|
||||
|
||||
+ *ad_reqd = 1;
|
||||
dryrun = 1;
|
||||
}
|
||||
|
||||
--
|
||||
2.1.0
|
||||
|
||||
@@ -0,0 +1,59 @@
|
||||
From b059c96dc69dfe3055c5b32b078a05c53b11ebb3 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Fri, 8 May 2015 20:25:51 +0100
|
||||
Subject: [PATCH 89/98] Check IPv4-mapped IPv6 addresses with --stop-rebind.
|
||||
|
||||
---
|
||||
CHANGELOG | 3 +++
|
||||
src/rfc1035.c | 21 +++++++++++++++++----
|
||||
2 files changed, 20 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/CHANGELOG b/CHANGELOG
|
||||
index d8fc57a418bb..94a521f996e2 100644
|
||||
--- a/CHANGELOG
|
||||
+++ b/CHANGELOG
|
||||
@@ -115,6 +115,9 @@ version 2.73
|
||||
header to 1280 bytes. If it then answers, make that
|
||||
change permanent.
|
||||
|
||||
+ Check IPv4-mapped IPv6 addresses when --stop-rebind
|
||||
+ is active. Thanks to Jordan Milne for spotting this.
|
||||
+
|
||||
|
||||
version 2.72
|
||||
Add ra-advrouter mode, for RFC-3775 mobile IPv6 support.
|
||||
diff --git a/src/rfc1035.c b/src/rfc1035.c
|
||||
index 8b1709dd3495..5e3f566fdbc5 100644
|
||||
--- a/src/rfc1035.c
|
||||
+++ b/src/rfc1035.c
|
||||
@@ -1117,10 +1117,23 @@ int extract_addresses(struct dns_header *header, size_t qlen, char *name, time_t
|
||||
memcpy(&addr, p1, addrlen);
|
||||
|
||||
/* check for returned address in private space */
|
||||
- if (check_rebind &&
|
||||
- (flags & F_IPV4) &&
|
||||
- private_net(addr.addr.addr4, !option_bool(OPT_LOCAL_REBIND)))
|
||||
- return 1;
|
||||
+ if (check_rebind)
|
||||
+ {
|
||||
+ if ((flags & F_IPV4) &&
|
||||
+ private_net(addr.addr.addr4, !option_bool(OPT_LOCAL_REBIND)))
|
||||
+ return 1;
|
||||
+
|
||||
+#ifdef HAVE_IPV6
|
||||
+ if ((flags & F_IPV6) &&
|
||||
+ IN6_IS_ADDR_V4MAPPED(&addr.addr.addr6))
|
||||
+ {
|
||||
+ struct in_addr v4;
|
||||
+ v4.s_addr = ((const uint32_t *) (&addr.addr.addr6))[3];
|
||||
+ if (private_net(v4, !option_bool(OPT_LOCAL_REBIND)))
|
||||
+ return 1;
|
||||
+ }
|
||||
+#endif
|
||||
+ }
|
||||
|
||||
#ifdef HAVE_IPSET
|
||||
if (ipsets && (flags & (F_IPV4 | F_IPV6)))
|
||||
--
|
||||
2.1.0
|
||||
|
||||
29
src/patches/dnsmasq/0090-Tweak-EDNS-timeout-code.patch
Normal file
29
src/patches/dnsmasq/0090-Tweak-EDNS-timeout-code.patch
Normal file
@@ -0,0 +1,29 @@
|
||||
From 86fa1046920dedc8134136a6244ca96e8a37e9d8 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Sun, 10 May 2015 13:50:59 +0100
|
||||
Subject: [PATCH 90/98] Tweak EDNS timeout code.
|
||||
|
||||
---
|
||||
src/forward.c | 6 ++++--
|
||||
1 file changed, 4 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/src/forward.c b/src/forward.c
|
||||
index 592243fd4d35..74e5ab66c423 100644
|
||||
--- a/src/forward.c
|
||||
+++ b/src/forward.c
|
||||
@@ -799,8 +799,10 @@ void reply_query(int fd, int family, time_t now)
|
||||
}
|
||||
|
||||
/* We tried resending to this server with a smaller maximum size and got an answer.
|
||||
- Make that permanent. */
|
||||
- if (server && (forward->flags & FREC_TEST_PKTSZ))
|
||||
+ Make that permanent. To avoid reduxing the packet size for an single dropped packet,
|
||||
+ only do this when we get a truncated answer, or one larger than the safe size. */
|
||||
+ if (server && (forward->flags & FREC_TEST_PKTSZ) &&
|
||||
+ ((header->hb3 & HB3_TC) || n >= SAFE_PKTSZ))
|
||||
server->edns_pktsz = SAFE_PKTSZ;
|
||||
|
||||
/* If the answer is an error, keep the forward record in place in case
|
||||
--
|
||||
2.1.0
|
||||
|
||||
@@ -0,0 +1,28 @@
|
||||
From 585840b03365372679907f175b07a01c9d621ae0 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Wed, 13 May 2015 12:35:57 +0100
|
||||
Subject: [PATCH 91/98] Pointer to mail-archive mailing list mirror in
|
||||
doc.html.
|
||||
|
||||
---
|
||||
doc.html | 4 +++-
|
||||
1 file changed, 3 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/doc.html b/doc.html
|
||||
index 92c9d0d6f34c..54f59bbbd4d0 100644
|
||||
--- a/doc.html
|
||||
+++ b/doc.html
|
||||
@@ -74,7 +74,9 @@ for details.
|
||||
There is a dnsmasq mailing list at <A
|
||||
HREF="http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss">
|
||||
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss</A> which should be the
|
||||
-first location for queries, bugreports, suggestions etc.
|
||||
+first location for queries, bugreports, suggestions etc. The list is mirrored, with a
|
||||
+search facility, at <A HREF="https://www.mail-archive.com/dnsmasq-discuss@lists.thekelleys.org.uk/">
|
||||
+https://www.mail-archive.com/dnsmasq-discuss@lists.thekelleys.org.uk/</A>.
|
||||
You can contact me at <A
|
||||
HREF="mailto:simon@thekelleys.org.uk">simon@thekelleys.org.uk</A>.
|
||||
|
||||
--
|
||||
2.1.0
|
||||
|
||||
@@ -0,0 +1,200 @@
|
||||
From ca85a28241ef87919d68d52c843b6964b7070e11 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Wed, 13 May 2015 22:33:04 +0100
|
||||
Subject: [PATCH 92/98] Allow T1 and T2 DHCPv4 options to be set.
|
||||
|
||||
---
|
||||
CHANGELOG | 3 +++
|
||||
dnsmasq.conf.example | 8 ++++++
|
||||
src/dhcp-common.c | 4 +--
|
||||
src/rfc2131.c | 71 ++++++++++++++++++++++++++++++++++++----------------
|
||||
4 files changed, 63 insertions(+), 23 deletions(-)
|
||||
|
||||
diff --git a/CHANGELOG b/CHANGELOG
|
||||
index 94a521f996e2..ef39a415788b 100644
|
||||
--- a/CHANGELOG
|
||||
+++ b/CHANGELOG
|
||||
@@ -118,6 +118,9 @@ version 2.73
|
||||
Check IPv4-mapped IPv6 addresses when --stop-rebind
|
||||
is active. Thanks to Jordan Milne for spotting this.
|
||||
|
||||
+ Allow DHCPv4 options T1 and T2 to be set using --dhcp-option.
|
||||
+ Thanks to Kevin Benton for patches and work on this.
|
||||
+
|
||||
|
||||
version 2.72
|
||||
Add ra-advrouter mode, for RFC-3775 mobile IPv6 support.
|
||||
diff --git a/dnsmasq.conf.example b/dnsmasq.conf.example
|
||||
index 67be99acb028..1ae11dfb5358 100644
|
||||
--- a/dnsmasq.conf.example
|
||||
+++ b/dnsmasq.conf.example
|
||||
@@ -345,6 +345,14 @@
|
||||
# Ask client to poll for option changes every six hours. (RFC4242)
|
||||
#dhcp-option=option6:information-refresh-time,6h
|
||||
|
||||
+# Set option 58 client renewal time (T1). Defaults to half of the
|
||||
+# lease time if not specified. (RFC2132)
|
||||
+#dhcp-option=option:T1:1m
|
||||
+
|
||||
+# Set option 59 rebinding time (T2). Defaults to 7/8 of the
|
||||
+# lease time if not specified. (RFC2132)
|
||||
+#dhcp-option=option:T2:2m
|
||||
+
|
||||
# Set the NTP time server address to be the same machine as
|
||||
# is running dnsmasq
|
||||
#dhcp-option=42,0.0.0.0
|
||||
diff --git a/src/dhcp-common.c b/src/dhcp-common.c
|
||||
index ce115202a646..bc48f41a14d7 100644
|
||||
--- a/src/dhcp-common.c
|
||||
+++ b/src/dhcp-common.c
|
||||
@@ -545,8 +545,8 @@ static const struct opttab_t {
|
||||
{ "parameter-request", 55, OT_INTERNAL },
|
||||
{ "message", 56, OT_INTERNAL },
|
||||
{ "max-message-size", 57, OT_INTERNAL },
|
||||
- { "T1", 58, OT_INTERNAL | OT_TIME},
|
||||
- { "T2", 59, OT_INTERNAL | OT_TIME},
|
||||
+ { "T1", 58, OT_TIME},
|
||||
+ { "T2", 59, OT_TIME},
|
||||
{ "vendor-class", 60, 0 },
|
||||
{ "client-id", 61, OT_INTERNAL },
|
||||
{ "nis+-domain", 64, OT_NAME },
|
||||
diff --git a/src/rfc2131.c b/src/rfc2131.c
|
||||
index 55526443dc84..a10e499ef768 100644
|
||||
--- a/src/rfc2131.c
|
||||
+++ b/src/rfc2131.c
|
||||
@@ -52,7 +52,9 @@ static void do_options(struct dhcp_context *context,
|
||||
int null_term, int pxearch,
|
||||
unsigned char *uuid,
|
||||
int vendor_class_len,
|
||||
- time_t now);
|
||||
+ time_t now,
|
||||
+ unsigned int lease_time,
|
||||
+ unsigned short fuzz);
|
||||
|
||||
|
||||
static void match_vendor_opts(unsigned char *opt, struct dhcp_opt *dopt);
|
||||
@@ -610,7 +612,7 @@ size_t dhcp_reply(struct dhcp_context *context, char *iface_name, int int_index,
|
||||
|
||||
clear_packet(mess, end);
|
||||
do_options(context, mess, end, NULL, hostname, get_domain(mess->yiaddr),
|
||||
- netid, subnet_addr, 0, 0, -1, NULL, vendor_class_len, now);
|
||||
+ netid, subnet_addr, 0, 0, -1, NULL, vendor_class_len, now, 0xffffffff, 0);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1042,13 +1044,8 @@ size_t dhcp_reply(struct dhcp_context *context, char *iface_name, int int_index,
|
||||
option_put(mess, end, OPTION_SERVER_IDENTIFIER, INADDRSZ, ntohl(server_id(context, override, fallback).s_addr));
|
||||
option_put(mess, end, OPTION_LEASE_TIME, 4, time);
|
||||
/* T1 and T2 are required in DHCPOFFER by HP's wacky Jetdirect client. */
|
||||
- if (time != 0xffffffff)
|
||||
- {
|
||||
- option_put(mess, end, OPTION_T1, 4, (time/2));
|
||||
- option_put(mess, end, OPTION_T2, 4, (time*7)/8);
|
||||
- }
|
||||
do_options(context, mess, end, req_options, offer_hostname, get_domain(mess->yiaddr),
|
||||
- netid, subnet_addr, fqdn_flags, borken_opt, pxearch, uuid, vendor_class_len, now);
|
||||
+ netid, subnet_addr, fqdn_flags, borken_opt, pxearch, uuid, vendor_class_len, now, time, fuzz);
|
||||
|
||||
return dhcp_packet_size(mess, agent_id, real_end);
|
||||
|
||||
@@ -1367,15 +1364,8 @@ size_t dhcp_reply(struct dhcp_context *context, char *iface_name, int int_index,
|
||||
option_put(mess, end, OPTION_MESSAGE_TYPE, 1, DHCPACK);
|
||||
option_put(mess, end, OPTION_SERVER_IDENTIFIER, INADDRSZ, ntohl(server_id(context, override, fallback).s_addr));
|
||||
option_put(mess, end, OPTION_LEASE_TIME, 4, time);
|
||||
- if (time != 0xffffffff)
|
||||
- {
|
||||
- while (fuzz > (time/16))
|
||||
- fuzz = fuzz/2;
|
||||
- option_put(mess, end, OPTION_T1, 4, (time/2) - fuzz);
|
||||
- option_put(mess, end, OPTION_T2, 4, ((time/8)*7) - fuzz);
|
||||
- }
|
||||
do_options(context, mess, end, req_options, hostname, get_domain(mess->yiaddr),
|
||||
- netid, subnet_addr, fqdn_flags, borken_opt, pxearch, uuid, vendor_class_len, now);
|
||||
+ netid, subnet_addr, fqdn_flags, borken_opt, pxearch, uuid, vendor_class_len, now, time, fuzz);
|
||||
}
|
||||
|
||||
return dhcp_packet_size(mess, agent_id, real_end);
|
||||
@@ -1440,7 +1430,7 @@ size_t dhcp_reply(struct dhcp_context *context, char *iface_name, int int_index,
|
||||
}
|
||||
|
||||
do_options(context, mess, end, req_options, hostname, get_domain(mess->ciaddr),
|
||||
- netid, subnet_addr, fqdn_flags, borken_opt, pxearch, uuid, vendor_class_len, now);
|
||||
+ netid, subnet_addr, fqdn_flags, borken_opt, pxearch, uuid, vendor_class_len, now, 0xffffffff, 0);
|
||||
|
||||
*is_inform = 1; /* handle reply differently */
|
||||
return dhcp_packet_size(mess, agent_id, real_end);
|
||||
@@ -2137,7 +2127,9 @@ static void do_options(struct dhcp_context *context,
|
||||
int null_term, int pxe_arch,
|
||||
unsigned char *uuid,
|
||||
int vendor_class_len,
|
||||
- time_t now)
|
||||
+ time_t now,
|
||||
+ unsigned int lease_time,
|
||||
+ unsigned short fuzz)
|
||||
{
|
||||
struct dhcp_opt *opt, *config_opts = daemon->dhcp_opts;
|
||||
struct dhcp_boot *boot;
|
||||
@@ -2261,7 +2253,42 @@ static void do_options(struct dhcp_context *context,
|
||||
/* rfc3011 says this doesn't need to be in the requested options list. */
|
||||
if (subnet_addr.s_addr)
|
||||
option_put(mess, end, OPTION_SUBNET_SELECT, INADDRSZ, ntohl(subnet_addr.s_addr));
|
||||
-
|
||||
+
|
||||
+ if (lease_time != 0xffffffff)
|
||||
+ {
|
||||
+ unsigned int t1val = lease_time/2;
|
||||
+ unsigned int t2val = (lease_time*7)/8;
|
||||
+ unsigned int hval;
|
||||
+
|
||||
+ /* If set by user, sanity check, so not longer than lease. */
|
||||
+ if ((opt = option_find2(OPTION_T1)))
|
||||
+ {
|
||||
+ hval = ntohl(*((unsigned int *)opt->val));
|
||||
+ if (hval < lease_time && hval > 2)
|
||||
+ t1val = hval;
|
||||
+ }
|
||||
+
|
||||
+ if ((opt = option_find2(OPTION_T2)))
|
||||
+ {
|
||||
+ hval = ntohl(*((unsigned int *)opt->val));
|
||||
+ if (hval < lease_time && hval > 2)
|
||||
+ t2val = hval;
|
||||
+ }
|
||||
+
|
||||
+ while (fuzz > (t1val/8))
|
||||
+ fuzz = fuzz/2;
|
||||
+
|
||||
+ t1val -= fuzz;
|
||||
+ t2val -= fuzz;
|
||||
+
|
||||
+ /* ensure T1 is still < T2 */
|
||||
+ if (t2val <= t1val)
|
||||
+ t1val = t2val - 1;
|
||||
+
|
||||
+ option_put(mess, end, OPTION_T1, 4, t1val);
|
||||
+ option_put(mess, end, OPTION_T2, 4, t2val);
|
||||
+ }
|
||||
+
|
||||
/* replies to DHCPINFORM may not have a valid context */
|
||||
if (context)
|
||||
{
|
||||
@@ -2356,12 +2383,14 @@ static void do_options(struct dhcp_context *context,
|
||||
if (!(opt->flags & DHOPT_FORCE) && !in_list(req_options, optno))
|
||||
continue;
|
||||
|
||||
- /* prohibit some used-internally options */
|
||||
+ /* prohibit some used-internally options. T1 and T2 already handled. */
|
||||
if (optno == OPTION_CLIENT_FQDN ||
|
||||
optno == OPTION_MAXMESSAGE ||
|
||||
optno == OPTION_OVERLOAD ||
|
||||
optno == OPTION_PAD ||
|
||||
- optno == OPTION_END)
|
||||
+ optno == OPTION_END ||
|
||||
+ optno == OPTION_T1 ||
|
||||
+ optno == OPTION_T2)
|
||||
continue;
|
||||
|
||||
if (optno == OPTION_SNAME && done_server)
|
||||
--
|
||||
2.1.0
|
||||
|
||||
37
src/patches/dnsmasq/0093-Tweak-last-commit.patch
Normal file
37
src/patches/dnsmasq/0093-Tweak-last-commit.patch
Normal file
@@ -0,0 +1,37 @@
|
||||
From 7c0f2543a7e761d1ec82738374556beeb8a35bef Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Thu, 14 May 2015 21:16:18 +0100
|
||||
Subject: [PATCH 93/98] Tweak last commit.
|
||||
|
||||
---
|
||||
src/rfc2131.c | 8 ++++----
|
||||
1 file changed, 4 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/src/rfc2131.c b/src/rfc2131.c
|
||||
index a10e499ef768..b95f9beadf59 100644
|
||||
--- a/src/rfc2131.c
|
||||
+++ b/src/rfc2131.c
|
||||
@@ -2275,16 +2275,16 @@ static void do_options(struct dhcp_context *context,
|
||||
t2val = hval;
|
||||
}
|
||||
|
||||
+ /* ensure T1 is still < T2 */
|
||||
+ if (t2val <= t1val)
|
||||
+ t1val = t2val - 1;
|
||||
+
|
||||
while (fuzz > (t1val/8))
|
||||
fuzz = fuzz/2;
|
||||
|
||||
t1val -= fuzz;
|
||||
t2val -= fuzz;
|
||||
|
||||
- /* ensure T1 is still < T2 */
|
||||
- if (t2val <= t1val)
|
||||
- t1val = t2val - 1;
|
||||
-
|
||||
option_put(mess, end, OPTION_T1, 4, t1val);
|
||||
option_put(mess, end, OPTION_T2, 4, t2val);
|
||||
}
|
||||
--
|
||||
2.1.0
|
||||
|
||||
@@ -0,0 +1,29 @@
|
||||
From 62018e1f720fa11e83879111a4b1b3753b5c25bb Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Thu, 14 May 2015 21:30:00 +0100
|
||||
Subject: [PATCH 94/98] Use correct DHCP context for PXE-proxy server-id.
|
||||
|
||||
---
|
||||
src/rfc2131.c | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/src/rfc2131.c b/src/rfc2131.c
|
||||
index b95f9beadf59..70d1e59530ad 100644
|
||||
--- a/src/rfc2131.c
|
||||
+++ b/src/rfc2131.c
|
||||
@@ -888,10 +888,10 @@ size_t dhcp_reply(struct dhcp_context *context, char *iface_name, int int_index,
|
||||
|
||||
option_put(mess, end, OPTION_MESSAGE_TYPE, 1,
|
||||
mess_type == DHCPDISCOVER ? DHCPOFFER : DHCPACK);
|
||||
- option_put(mess, end, OPTION_SERVER_IDENTIFIER, INADDRSZ, htonl(context->local.s_addr));
|
||||
+ option_put(mess, end, OPTION_SERVER_IDENTIFIER, INADDRSZ, htonl(tmp->local.s_addr));
|
||||
pxe_misc(mess, end, uuid);
|
||||
prune_vendor_opts(tagif_netid);
|
||||
- do_encap_opts(pxe_opts(pxearch, tagif_netid, context->local, now), OPTION_VENDOR_CLASS_OPT, DHOPT_VENDOR_MATCH, mess, end, 0);
|
||||
+ do_encap_opts(pxe_opts(pxearch, tagif_netid, tmp->local, now), OPTION_VENDOR_CLASS_OPT, DHOPT_VENDOR_MATCH, mess, end, 0);
|
||||
|
||||
log_packet("PXE", NULL, emac, emac_len, iface_name, ignore ? "proxy-ignored" : "proxy", NULL, mess->xid);
|
||||
log_tags(tagif_netid, ntohl(mess->xid));
|
||||
--
|
||||
2.1.0
|
||||
|
||||
@@ -0,0 +1,49 @@
|
||||
From 5d07d77e75e0f02bc0a8f6029ffbc8b371fa804e Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Fri, 15 May 2015 18:13:06 +0100
|
||||
Subject: [PATCH 95/98] Fix buffer overflow introduced in 2.73rc6.
|
||||
|
||||
Fix off-by-one in code which checks for over-long domain names
|
||||
in received DNS packets. This enables buffer overflow attacks
|
||||
which can certainly crash dnsmasq and may allow for arbitrary
|
||||
code execution. The problem was introduced in commit b8f16556d,
|
||||
release 2.73rc6, so has not escaped into any stable release.
|
||||
Note that the off-by-one was in the label length determination,
|
||||
so the buffer can be overflowed by as many bytes as there are
|
||||
labels in the name - ie, many.
|
||||
|
||||
Thanks to Ron Bowes, who used lcmatuf's afl-fuzz tool to find
|
||||
the problem.
|
||||
---
|
||||
src/rfc1035.c | 8 ++++----
|
||||
1 file changed, 4 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/src/rfc1035.c b/src/rfc1035.c
|
||||
index 5e3f566fdbc5..a95241f83523 100644
|
||||
--- a/src/rfc1035.c
|
||||
+++ b/src/rfc1035.c
|
||||
@@ -94,8 +94,8 @@ int extract_name(struct dns_header *header, size_t plen, unsigned char **pp,
|
||||
count = 256;
|
||||
digs = ((count-1)>>2)+1;
|
||||
|
||||
- /* output is \[x<hex>/siz]. which is digs+6/7/8 chars */
|
||||
- namelen += digs+6;
|
||||
+ /* output is \[x<hex>/siz]. which is digs+7/8/9 chars */
|
||||
+ namelen += digs+7;
|
||||
if (count > 9)
|
||||
namelen++;
|
||||
if (count > 99)
|
||||
@@ -125,8 +125,8 @@ int extract_name(struct dns_header *header, size_t plen, unsigned char **pp,
|
||||
}
|
||||
else
|
||||
{ /* label_type = 0 -> label. */
|
||||
- namelen += l;
|
||||
- if (namelen+1 >= MAXDNAME)
|
||||
+ namelen += l + 1; /* include period */
|
||||
+ if (namelen >= MAXDNAME)
|
||||
return 0;
|
||||
if (!CHECK_LEN(header, p, plen, l))
|
||||
return 0;
|
||||
--
|
||||
2.1.0
|
||||
|
||||
@@ -0,0 +1,89 @@
|
||||
From 06568c663643b9ed1577d95efee69d734f427cf5 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Fri, 15 May 2015 20:43:48 +0100
|
||||
Subject: [PATCH 96/98] Remove support for DNS Extended Label Types.
|
||||
|
||||
The support was only partial, and the whole concept is
|
||||
now deprecated in the standards.
|
||||
---
|
||||
src/rfc1035.c | 52 ++++------------------------------------------------
|
||||
1 file changed, 4 insertions(+), 48 deletions(-)
|
||||
|
||||
diff --git a/src/rfc1035.c b/src/rfc1035.c
|
||||
index a95241f83523..56647b02ab4d 100644
|
||||
--- a/src/rfc1035.c
|
||||
+++ b/src/rfc1035.c
|
||||
@@ -77,53 +77,7 @@ int extract_name(struct dns_header *header, size_t plen, unsigned char **pp,
|
||||
|
||||
p = l + (unsigned char *)header;
|
||||
}
|
||||
- else if (label_type == 0x80)
|
||||
- return 0; /* reserved */
|
||||
- else if (label_type == 0x40)
|
||||
- { /* ELT */
|
||||
- unsigned int count, digs;
|
||||
-
|
||||
- if ((l & 0x3f) != 1)
|
||||
- return 0; /* we only understand bitstrings */
|
||||
-
|
||||
- if (!isExtract)
|
||||
- return 0; /* Cannot compare bitsrings */
|
||||
-
|
||||
- count = *p++;
|
||||
- if (count == 0)
|
||||
- count = 256;
|
||||
- digs = ((count-1)>>2)+1;
|
||||
-
|
||||
- /* output is \[x<hex>/siz]. which is digs+7/8/9 chars */
|
||||
- namelen += digs+7;
|
||||
- if (count > 9)
|
||||
- namelen++;
|
||||
- if (count > 99)
|
||||
- namelen++;
|
||||
- if (namelen+1 >= MAXDNAME)
|
||||
- return 0;
|
||||
-
|
||||
- if (!CHECK_LEN(header, p, plen, (count-1)>>3))
|
||||
- return 0;
|
||||
-
|
||||
- *cp++ = '\\';
|
||||
- *cp++ = '[';
|
||||
- *cp++ = 'x';
|
||||
- for (j=0; j<digs; j++)
|
||||
- {
|
||||
- unsigned int dig;
|
||||
- if (j%2 == 0)
|
||||
- dig = *p >> 4;
|
||||
- else
|
||||
- dig = *p++ & 0x0f;
|
||||
-
|
||||
- *cp++ = dig < 10 ? dig + '0' : dig + 'A' - 10;
|
||||
- }
|
||||
- cp += sprintf((char *)cp, "/%d]", count);
|
||||
- /* do this here to overwrite the zero char from sprintf */
|
||||
- *cp++ = '.';
|
||||
- }
|
||||
- else
|
||||
+ else if (label_type == 0x00)
|
||||
{ /* label_type = 0 -> label. */
|
||||
namelen += l + 1; /* include period */
|
||||
if (namelen >= MAXDNAME)
|
||||
@@ -176,12 +130,14 @@ int extract_name(struct dns_header *header, size_t plen, unsigned char **pp,
|
||||
retvalue = 2;
|
||||
}
|
||||
}
|
||||
-
|
||||
+
|
||||
if (isExtract)
|
||||
*cp++ = '.';
|
||||
else if (*cp != 0 && *cp++ != '.')
|
||||
retvalue = 2;
|
||||
}
|
||||
+ else
|
||||
+ return 0; /* label types 0x40 and 0x80 not supported */
|
||||
}
|
||||
}
|
||||
|
||||
--
|
||||
2.1.0
|
||||
|
||||
@@ -0,0 +1,26 @@
|
||||
From 7f8565b94ca52dde31f7688a9f9a0cc611d9dae3 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Tue, 19 May 2015 23:01:27 +0100
|
||||
Subject: [PATCH 97/98] Select correct DHCP context when in PXE bootserver
|
||||
mode.
|
||||
|
||||
---
|
||||
src/rfc2131.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/rfc2131.c b/src/rfc2131.c
|
||||
index 70d1e59530ad..e602a21585c9 100644
|
||||
--- a/src/rfc2131.c
|
||||
+++ b/src/rfc2131.c
|
||||
@@ -805,7 +805,7 @@ size_t dhcp_reply(struct dhcp_context *context, char *iface_name, int int_index,
|
||||
if (service->type == type)
|
||||
break;
|
||||
|
||||
- if (!service || !service->basename)
|
||||
+ if (!service || !service->basename || !(context = narrow_context(context, mess->ciaddr, tagif_netid)))
|
||||
return 0;
|
||||
|
||||
clear_packet(mess, end);
|
||||
--
|
||||
2.1.0
|
||||
|
||||
@@ -0,0 +1,33 @@
|
||||
From 549b1a478c5eee9dbd3a0709913a26ec29d30f2c Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Wed, 20 May 2015 20:20:24 +0100
|
||||
Subject: [PATCH 98/98] Tweak immediately previous patch.
|
||||
|
||||
---
|
||||
src/rfc2131.c | 9 +++++++--
|
||||
1 file changed, 7 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/src/rfc2131.c b/src/rfc2131.c
|
||||
index e602a21585c9..9f69ed595903 100644
|
||||
--- a/src/rfc2131.c
|
||||
+++ b/src/rfc2131.c
|
||||
@@ -805,9 +805,14 @@ size_t dhcp_reply(struct dhcp_context *context, char *iface_name, int int_index,
|
||||
if (service->type == type)
|
||||
break;
|
||||
|
||||
- if (!service || !service->basename || !(context = narrow_context(context, mess->ciaddr, tagif_netid)))
|
||||
- return 0;
|
||||
+ for (; context; context = context->current)
|
||||
+ if (match_netid(context->filter, tagif_netid, 1) &&
|
||||
+ is_same_net(mess->ciaddr, context->start, context->netmask))
|
||||
+ break;
|
||||
|
||||
+ if (!service || !service->basename || !context)
|
||||
+ return 0;
|
||||
+
|
||||
clear_packet(mess, end);
|
||||
|
||||
mess->yiaddr = mess->ciaddr;
|
||||
--
|
||||
2.1.0
|
||||
|
||||
Reference in New Issue
Block a user