mirror of
https://github.com/vincentmli/bpfire.git
synced 2026-04-14 04:52:59 +02:00
dnsmasq: Import more patches from upstream
This commit is contained in:
Michael Tremer
1
config/rootfiles/core/90/filelists/dnsmasq
Symbolic link
1
config/rootfiles/core/90/filelists/dnsmasq
Symbolic link
@@ -0,0 +1 @@
|
||||
../../../common/dnsmasq
|
||||
@@ -144,6 +144,13 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
|
||||
cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0069-Whitespace-fixes.patch
|
||||
cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0070-Return-INSECURE-rather-than-BOGUS-when-DS-proved-not.patch
|
||||
cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0071-Fix-compiler-warning-when-not-including-DNSSEC.patch
|
||||
cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0072-Fix-crash-caused-by-looking-up-servers.bind-when-man.patch
|
||||
cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0073-Fix-crash-on-receipt-of-certain-malformed-DNS-reques.patch
|
||||
cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0074-Fix-crash-in-auth-code-with-odd-configuration.patch
|
||||
cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0075-Auth-correct-replies-to-NS-and-SOA-in-.arpa-zones.patch
|
||||
cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0076-Fix-srk-induced-crash-in-new-tftp_no_fail-code.patch
|
||||
cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0077-Note-CVE-2015-3294.patch
|
||||
cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0078-Log-domain-when-reporting-DNSSEC-validation-failure.patch
|
||||
cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq-Add-support-to-read-ISC-DHCP-lease-file.patch
|
||||
cd $(DIR_APP) && sed -i src/config.h \
|
||||
-e 's|/\* #define HAVE_IDN \*/|#define HAVE_IDN|g' \
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From f2658275b25ebfe691cdcb9fede85a3088cca168 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Thu, 25 Sep 2014 21:51:25 +0100
|
||||
Subject: [PATCH 01/71] Add newline at the end of example config file.
|
||||
Subject: [PATCH 01/78] Add newline at the end of example config file.
|
||||
|
||||
---
|
||||
dnsmasq.conf.example | 2 +-
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 00cd9d551998307225312fd21f761cfa8868bd2c Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Thu, 2 Oct 2014 21:44:21 +0100
|
||||
Subject: [PATCH 02/71] crash at startup when an empty suffix is supplied to
|
||||
Subject: [PATCH 02/78] crash at startup when an empty suffix is supplied to
|
||||
--conf-dir
|
||||
|
||||
---
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 6ac3bc0452a74e16e3d620a0757b0f8caab182ec Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Fri, 3 Oct 2014 08:48:11 +0100
|
||||
Subject: [PATCH 03/71] Debian build fixes for kFreeBSD
|
||||
Subject: [PATCH 03/78] Debian build fixes for kFreeBSD
|
||||
|
||||
---
|
||||
src/tables.c | 6 +++++-
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From e9828b6f66b22ce8873f8d30a773137d1aef1b92 Mon Sep 17 00:00:00 2001
|
||||
From: Karl Vogel <karl.vogel@gmail.com>
|
||||
Date: Fri, 3 Oct 2014 21:45:15 +0100
|
||||
Subject: [PATCH 04/71] Set conntrack mark before connect() call.
|
||||
Subject: [PATCH 04/78] Set conntrack mark before connect() call.
|
||||
|
||||
SO_MARK has to be done before issuing the connect() call on the
|
||||
TCP socket.
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 17b475912f6a4e72797a543dad59d4d5dde6bb1b Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Collins <daniel.collins@smoothwall.net>
|
||||
Date: Fri, 3 Oct 2014 21:58:43 +0100
|
||||
Subject: [PATCH 05/71] Fix typo in new Dbus code.
|
||||
Subject: [PATCH 05/78] Fix typo in new Dbus code.
|
||||
|
||||
Simon's fault.
|
||||
---
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 3d9d2dd0018603a2ae4b9cd65ac6ff959f4fd8c7 Mon Sep 17 00:00:00 2001
|
||||
From: Tomas Hozza <thozza@redhat.com>
|
||||
Date: Mon, 6 Oct 2014 10:46:48 +0100
|
||||
Subject: [PATCH 06/71] Fit example conf file typo.
|
||||
Subject: [PATCH 06/78] Fit example conf file typo.
|
||||
|
||||
---
|
||||
dnsmasq.conf.example | 2 +-
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From b9ff5c8f435173cfa616e3c398bdc089ef690a07 Mon Sep 17 00:00:00 2001
|
||||
From: Vladislav Grishenko <themiron@mail.ru>
|
||||
Date: Mon, 6 Oct 2014 14:34:24 +0100
|
||||
Subject: [PATCH 07/71] Improve RFC-compliance when unable to supply addresses
|
||||
Subject: [PATCH 07/78] Improve RFC-compliance when unable to supply addresses
|
||||
in DHCPv6
|
||||
|
||||
While testing https://github.com/sbyx/odhcp6c client I have noticed it
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 98906275a02ae260fe3f82133bd79054f8315f06 Mon Sep 17 00:00:00 2001
|
||||
From: Hans Dedecker <dedeckeh@gmail.com>
|
||||
Date: Tue, 9 Dec 2014 22:22:53 +0000
|
||||
Subject: [PATCH 08/71] Fix conntrack with --bind-interfaces
|
||||
Subject: [PATCH 08/78] Fix conntrack with --bind-interfaces
|
||||
|
||||
Make sure dst_addr is assigned the correct address in receive_query when OPTNOWILD is
|
||||
enabled so the assigned mark can be correctly retrieved and set in forward_query when
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 193de4abf59e49c6b70d54cfe9720fcb95ca2f71 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Wed, 10 Dec 2014 17:32:16 +0000
|
||||
Subject: [PATCH 09/71] Use inotify instead of polling on Linux.
|
||||
Subject: [PATCH 09/78] Use inotify instead of polling on Linux.
|
||||
|
||||
This should solve problems people are seeing when a file changes
|
||||
twice within a second and thus is missed for polling.
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 857973e6f7e0a3d03535a9df7f9373fd7a0b65cc Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Mon, 15 Dec 2014 15:58:13 +0000
|
||||
Subject: [PATCH 10/71] Teach the new inotify code about symlinks.
|
||||
Subject: [PATCH 10/78] Teach the new inotify code about symlinks.
|
||||
|
||||
---
|
||||
src/inotify.c | 43 +++++++++++++++++++++++++++----------------
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 800c5cc1e7438818fd80f08c2d472df249a6942d Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Mon, 15 Dec 2014 17:50:15 +0000
|
||||
Subject: [PATCH 11/71] Remove floor on EDNS0 packet size with DNSSEC.
|
||||
Subject: [PATCH 11/78] Remove floor on EDNS0 packet size with DNSSEC.
|
||||
|
||||
---
|
||||
CHANGELOG | 6 +++++-
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From ad946d555dce44eb690c7699933b6ff40ab85bb6 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Mon, 15 Dec 2014 17:52:22 +0000
|
||||
Subject: [PATCH 12/71] CHANGELOG re. inotify.
|
||||
Subject: [PATCH 12/78] CHANGELOG re. inotify.
|
||||
|
||||
---
|
||||
CHANGELOG | 4 ++++
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 3ad3f3bbd4ee716a7d2fb1e115cf89bd1b1a5de9 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Tue, 16 Dec 2014 18:25:17 +0000
|
||||
Subject: [PATCH 13/71] Fix breakage of --domain=<domain>,<subnet>,local
|
||||
Subject: [PATCH 13/78] Fix breakage of --domain=<domain>,<subnet>,local
|
||||
|
||||
---
|
||||
CHANGELOG | 4 ++++
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From bd9520b7ade7098ee423acc38965376aa57feb07 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Tue, 16 Dec 2014 20:41:29 +0000
|
||||
Subject: [PATCH 14/71] Remove redundant IN6_IS_ADDR_ULA(a) macro defn.
|
||||
Subject: [PATCH 14/78] Remove redundant IN6_IS_ADDR_ULA(a) macro defn.
|
||||
|
||||
---
|
||||
src/network.c | 4 ----
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 476693678e778886b64d0b56e27eb7695cbcca99 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Wed, 17 Dec 2014 12:41:56 +0000
|
||||
Subject: [PATCH 15/71] Eliminate IPv6 privacy addresses from --interface-name
|
||||
Subject: [PATCH 15/78] Eliminate IPv6 privacy addresses from --interface-name
|
||||
answers.
|
||||
|
||||
---
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 3267804598047bd1781cab91508d1bc516e5ddbb Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Wed, 17 Dec 2014 20:38:20 +0000
|
||||
Subject: [PATCH 16/71] Tweak field width in cache dump to avoid truncating
|
||||
Subject: [PATCH 16/78] Tweak field width in cache dump to avoid truncating
|
||||
IPv6 addresses.
|
||||
|
||||
---
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 094b5c3d904bae9aeb3206d9f3b8348926b84975 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Sun, 21 Dec 2014 16:11:52 +0000
|
||||
Subject: [PATCH 17/71] Fix crash in DNSSEC code when attempting to verify
|
||||
Subject: [PATCH 17/78] Fix crash in DNSSEC code when attempting to verify
|
||||
large RRs.
|
||||
|
||||
---
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From cbc652423403e3cef00e00240f6beef713142246 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Sun, 21 Dec 2014 21:21:53 +0000
|
||||
Subject: [PATCH 18/71] Make caching work for CNAMEs pointing to A/AAAA records
|
||||
Subject: [PATCH 18/78] Make caching work for CNAMEs pointing to A/AAAA records
|
||||
shadowed in /etc/hosts
|
||||
|
||||
If the answer to an upstream query is a CNAME which points to an
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From fbc5205702c7f6f431d9f1043c553d7fb62ddfdb Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Tue, 23 Dec 2014 15:46:08 +0000
|
||||
Subject: [PATCH 19/71] Fix problems validating NSEC3 and wildcards.
|
||||
Subject: [PATCH 19/78] Fix problems validating NSEC3 and wildcards.
|
||||
|
||||
---
|
||||
src/dnssec.c | 253 ++++++++++++++++++++++++++++++-----------------------------
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 83d2ed09fc0216b567d7fb2197e4ff3eae150b0d Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Tue, 23 Dec 2014 18:42:38 +0000
|
||||
Subject: [PATCH 20/71] Initialise return value.
|
||||
Subject: [PATCH 20/78] Initialise return value.
|
||||
|
||||
---
|
||||
src/dnssec.c | 7 +++++--
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 32fc6dbe03569d70dd394420ceb73532cf303c33 Mon Sep 17 00:00:00 2001
|
||||
From: Glen Huang <curvedmark@gmail.com>
|
||||
Date: Sat, 27 Dec 2014 15:28:12 +0000
|
||||
Subject: [PATCH 21/71] Add --ignore-address option.
|
||||
Subject: [PATCH 21/78] Add --ignore-address option.
|
||||
|
||||
---
|
||||
CHANGELOG | 8 ++++++++
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 0b1008d367d44e77352134a4c5178f896f0db3e7 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Sat, 27 Dec 2014 15:33:32 +0000
|
||||
Subject: [PATCH 22/71] Bad packet protection.
|
||||
Subject: [PATCH 22/78] Bad packet protection.
|
||||
|
||||
---
|
||||
src/dnssec.c | 2 +-
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From d310ab7ecbffce79d3d90debba621e0222f9bced Mon Sep 17 00:00:00 2001
|
||||
From: Matthias Andree <matthias.andree@gmx.de>
|
||||
Date: Sat, 27 Dec 2014 15:36:38 +0000
|
||||
Subject: [PATCH 23/71] Fix build failure in new inotify code on BSD.
|
||||
Subject: [PATCH 23/78] Fix build failure in new inotify code on BSD.
|
||||
|
||||
---
|
||||
src/inotify.c | 4 ++--
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 81c538efcebfce2ce4a1d3a420b6c885b8f08df9 Mon Sep 17 00:00:00 2001
|
||||
From: Yousong Zhou <yszhou4tech@gmail.com>
|
||||
Date: Sat, 3 Jan 2015 16:36:14 +0000
|
||||
Subject: [PATCH 24/71] Implement makefile dependencies on COPTS variable.
|
||||
Subject: [PATCH 24/78] Implement makefile dependencies on COPTS variable.
|
||||
|
||||
---
|
||||
.gitignore | 2 +-
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From d8dbd903d024f84a149dac2f8a674a68dfed47a3 Mon Sep 17 00:00:00 2001
|
||||
From: Yousong Zhou <yszhou4tech@gmail.com>
|
||||
Date: Mon, 5 Jan 2015 17:03:35 +0000
|
||||
Subject: [PATCH 25/71] Fix race condition issue in makefile.
|
||||
Subject: [PATCH 25/78] Fix race condition issue in makefile.
|
||||
|
||||
---
|
||||
Makefile | 4 +++-
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 97e618a0e3f29465acc689d87288596b006f197e Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Wed, 7 Jan 2015 21:55:43 +0000
|
||||
Subject: [PATCH 26/71] DNSSEC: do top-down search for limit of secure
|
||||
Subject: [PATCH 26/78] DNSSEC: do top-down search for limit of secure
|
||||
delegation.
|
||||
|
||||
---
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 25cf5e373eb41c088d4ee5e625209c4cf6a5659e Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Fri, 9 Jan 2015 15:53:03 +0000
|
||||
Subject: [PATCH 27/71] Add --log-queries=extra option for more complete
|
||||
Subject: [PATCH 27/78] Add --log-queries=extra option for more complete
|
||||
logging.
|
||||
|
||||
---
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 28de38768e2c7d763b9aa5b7a4d251d5e56bab0b Mon Sep 17 00:00:00 2001
|
||||
From: RinSatsuki <aa65535@live.com>
|
||||
Date: Sat, 10 Jan 2015 15:22:21 +0000
|
||||
Subject: [PATCH 28/71] Add --min-cache-ttl option.
|
||||
Subject: [PATCH 28/78] Add --min-cache-ttl option.
|
||||
|
||||
---
|
||||
CHANGELOG | 7 +++++++
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 9f79ee4ae34886c0319f06d8f162b81ef79d62fb Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Mon, 12 Jan 2015 20:18:18 +0000
|
||||
Subject: [PATCH 29/71] Log port of requestor when doing extra logging.
|
||||
Subject: [PATCH 29/78] Log port of requestor when doing extra logging.
|
||||
|
||||
---
|
||||
src/cache.c | 6 +++---
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 5e321739db381a1d7b5964d76e9c81471d2564c9 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Mon, 12 Jan 2015 23:16:56 +0000
|
||||
Subject: [PATCH 30/71] Don't answer from cache RRsets from wildcards, as we
|
||||
Subject: [PATCH 30/78] Don't answer from cache RRsets from wildcards, as we
|
||||
don't have NSECs.
|
||||
|
||||
---
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From ae4624bf46b5e37ff1a9a2ba3c927e0dede95adb Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Mon, 12 Jan 2015 23:22:08 +0000
|
||||
Subject: [PATCH 31/71] Logs for DS records consistent.
|
||||
Subject: [PATCH 31/78] Logs for DS records consistent.
|
||||
|
||||
---
|
||||
src/rfc1035.c | 2 +-
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 393415597c8b5b09558b789ab9ac238dbe3db65d Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Sun, 18 Jan 2015 22:11:10 +0000
|
||||
Subject: [PATCH 32/71] Cope with multiple interfaces with the same LL address.
|
||||
Subject: [PATCH 32/78] Cope with multiple interfaces with the same LL address.
|
||||
|
||||
---
|
||||
CHANGELOG | 4 ++++
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 2ae195f5a71f7c5a75717845de1bd72fc7dd67f3 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Sun, 18 Jan 2015 22:20:48 +0000
|
||||
Subject: [PATCH 33/71] Don't treat SERVFAIL as a recoverable error.....
|
||||
Subject: [PATCH 33/78] Don't treat SERVFAIL as a recoverable error.....
|
||||
|
||||
---
|
||||
src/forward.c | 2 +-
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 5f4dc5c6ca50655ab14f572c7e30815ed74cd51a Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Tue, 20 Jan 2015 20:51:02 +0000
|
||||
Subject: [PATCH 34/71] Add --dhcp-hostsdir config option.
|
||||
Subject: [PATCH 34/78] Add --dhcp-hostsdir config option.
|
||||
|
||||
---
|
||||
CHANGELOG | 5 +++
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From fbf01f7046e75f9aa73fd4aab2a94e43386d9052 Mon Sep 17 00:00:00 2001
|
||||
From: Conrad Kostecki <ck@conrad-kostecki.de>
|
||||
Date: Tue, 20 Jan 2015 21:07:56 +0000
|
||||
Subject: [PATCH 35/71] Update German translation.
|
||||
Subject: [PATCH 35/78] Update German translation.
|
||||
|
||||
---
|
||||
po/de.po | 101 +++++++++++++++++++++++++++++----------------------------------
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 61b838dd574c51d96fef100285a0d225824534f9 Mon Sep 17 00:00:00 2001
|
||||
From: Win King Wan <pinwing+dnsmasq@gmail.com>
|
||||
Date: Wed, 21 Jan 2015 20:41:48 +0000
|
||||
Subject: [PATCH 36/71] Don't reply to DHCPv6 SOLICIT messages when not
|
||||
Subject: [PATCH 36/78] Don't reply to DHCPv6 SOLICIT messages when not
|
||||
configured for statefull DHCPv6.
|
||||
|
||||
---
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 0491805d2ff6e7727f0272c94fd97d9897d1e22c Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Mon, 26 Jan 2015 11:23:43 +0000
|
||||
Subject: [PATCH 37/71] Allow inotify to be disabled at compile time on Linux.
|
||||
Subject: [PATCH 37/78] Allow inotify to be disabled at compile time on Linux.
|
||||
|
||||
---
|
||||
CHANGELOG | 4 +++-
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 70d1873dd9e70041ed4bb88c69d5b886b7cc634c Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Sat, 31 Jan 2015 19:59:29 +0000
|
||||
Subject: [PATCH 38/71] Expand inotify code to dhcp-hostsdir, dhcp-optsdir and
|
||||
Subject: [PATCH 38/78] Expand inotify code to dhcp-hostsdir, dhcp-optsdir and
|
||||
hostsdir.
|
||||
|
||||
---
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From aff3396280e944833f0e23d834aa6acd5fe2605a Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Sat, 31 Jan 2015 20:13:40 +0000
|
||||
Subject: [PATCH 39/71] Update copyrights for dawn of 2015.
|
||||
Subject: [PATCH 39/78] Update copyrights for dawn of 2015.
|
||||
|
||||
---
|
||||
Makefile | 2 +-
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 3d04f46334d0e345f589eda1372e638b946fe637 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Sat, 31 Jan 2015 21:59:13 +0000
|
||||
Subject: [PATCH 40/71] inotify documentation updates.
|
||||
Subject: [PATCH 40/78] inotify documentation updates.
|
||||
|
||||
---
|
||||
man/dnsmasq.8 | 11 +++++++++--
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 6ef15b34ca83c62a939f69356d5c3f7a6bfef3d0 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Sat, 31 Jan 2015 22:44:26 +0000
|
||||
Subject: [PATCH 41/71] Fix broken ECDSA DNSSEC signatures.
|
||||
Subject: [PATCH 41/78] Fix broken ECDSA DNSSEC signatures.
|
||||
|
||||
---
|
||||
CHANGELOG | 2 ++
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 106266761828a0acb006346ae47bf031dee46a5d Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Sun, 1 Feb 2015 00:15:16 +0000
|
||||
Subject: [PATCH 42/71] BSD make support
|
||||
Subject: [PATCH 42/78] BSD make support
|
||||
|
||||
---
|
||||
Makefile | 6 ++++--
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 8d8a54ec79d9f96979fabbd97b1dd2ddebc7d78f Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Sun, 1 Feb 2015 21:48:46 +0000
|
||||
Subject: [PATCH 43/71] Fix build failure on openBSD.
|
||||
Subject: [PATCH 43/78] Fix build failure on openBSD.
|
||||
|
||||
---
|
||||
src/tables.c | 2 +-
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From d36b732c4cfa91ea09af64b5dc0f3a85a075e5bc Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Thi=C3=A9baud=20Weksteen?= <thiebaud@weksteen.fr>
|
||||
Date: Mon, 2 Feb 2015 21:37:27 +0000
|
||||
Subject: [PATCH 44/71] Manpage typo fix.
|
||||
Subject: [PATCH 44/78] Manpage typo fix.
|
||||
|
||||
---
|
||||
man/dnsmasq.8 | 2 +-
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 2941d3ac898cf84b544e47c9735c5e4111711db1 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Mon, 2 Feb 2015 22:36:42 +0000
|
||||
Subject: [PATCH 45/71] Fixup dhcp-configs after reading extra hostfiles with
|
||||
Subject: [PATCH 45/78] Fixup dhcp-configs after reading extra hostfiles with
|
||||
inotify.
|
||||
|
||||
---
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From f9c863708c6b0aea31ff7a466647685dc739de50 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Tue, 3 Feb 2015 21:52:48 +0000
|
||||
Subject: [PATCH 46/71] Extra logging for inotify code.
|
||||
Subject: [PATCH 46/78] Extra logging for inotify code.
|
||||
|
||||
---
|
||||
src/cache.c | 9 ++++-----
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From efb8b5566aafc1f3ce18514a2df93af5a2e4998c Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Sat, 7 Feb 2015 22:36:34 +0000
|
||||
Subject: [PATCH 47/71] man page typo.
|
||||
Subject: [PATCH 47/78] man page typo.
|
||||
|
||||
---
|
||||
man/dnsmasq.8 | 1 +
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From f4f400776b3c1aa303d1a0fcd500f0ab5bc970f2 Mon Sep 17 00:00:00 2001
|
||||
From: Shantanu Gadgil <shantanugadgil@yahoo.com>
|
||||
Date: Wed, 11 Feb 2015 20:16:59 +0000
|
||||
Subject: [PATCH 48/71] Fix get-version script which returned wrong tag in some
|
||||
Subject: [PATCH 48/78] Fix get-version script which returned wrong tag in some
|
||||
situations.
|
||||
|
||||
---
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 8ff70de618eb7de9147dbfbd4deca4a2dd62f0cb Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Sat, 14 Feb 2015 20:02:37 +0000
|
||||
Subject: [PATCH 49/71] Typos.
|
||||
Subject: [PATCH 49/78] Typos.
|
||||
|
||||
---
|
||||
src/inotify.c | 3 ++-
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From caeea190f12efd20139f694aac4942d1ac00019f Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Sat, 14 Feb 2015 20:08:56 +0000
|
||||
Subject: [PATCH 50/71] Make dynamic hosts files work when --no-hosts set.
|
||||
Subject: [PATCH 50/78] Make dynamic hosts files work when --no-hosts set.
|
||||
|
||||
---
|
||||
src/cache.c | 21 +++++++++++----------
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 28b879ac47b872af6e8c5e86d76806c69338434d Mon Sep 17 00:00:00 2001
|
||||
From: Chen Wei <weichen302@icloud.com>
|
||||
Date: Tue, 17 Feb 2015 22:07:35 +0000
|
||||
Subject: [PATCH 51/71] Fix trivial memory leaks to quieten valgrind.
|
||||
Subject: [PATCH 51/78] Fix trivial memory leaks to quieten valgrind.
|
||||
|
||||
---
|
||||
src/dnsmasq.c | 2 ++
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 0705a7e2d57654b27c7e14f35ca77241c1821f4d Mon Sep 17 00:00:00 2001
|
||||
From: Tomas Hozza <thozza@redhat.com>
|
||||
Date: Mon, 23 Feb 2015 21:26:26 +0000
|
||||
Subject: [PATCH 52/71] Fix uninitialized value used in get_client_mac()
|
||||
Subject: [PATCH 52/78] Fix uninitialized value used in get_client_mac()
|
||||
|
||||
---
|
||||
src/dhcp6.c | 4 +++-
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 47b9ac59c715827252ae6e6732903c3dabb697fb Mon Sep 17 00:00:00 2001
|
||||
From: Joachim Zobel <jz-2014@heute-morgen.de>
|
||||
Date: Mon, 23 Feb 2015 21:38:11 +0000
|
||||
Subject: [PATCH 53/71] Log parsing utils in contrib/reverse-dns
|
||||
Subject: [PATCH 53/78] Log parsing utils in contrib/reverse-dns
|
||||
|
||||
---
|
||||
contrib/reverse-dns/README | 18 ++++++++++++++++++
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From f6e62e2af96f5fa0d1e3d93167a93a8f09bf6e61 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Sun, 1 Mar 2015 18:17:54 +0000
|
||||
Subject: [PATCH 54/71] Add --dnssec-timestamp option and facility.
|
||||
Subject: [PATCH 54/78] Add --dnssec-timestamp option and facility.
|
||||
|
||||
---
|
||||
CHANGELOG | 6 +++++
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 9003b50b13da624ca45f3e0cf99abb623b8d026b Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Mon, 2 Mar 2015 22:47:23 +0000
|
||||
Subject: [PATCH 55/71] Fix last commit to not crash if uid changing not
|
||||
Subject: [PATCH 55/78] Fix last commit to not crash if uid changing not
|
||||
configured.
|
||||
|
||||
---
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 4c960fa90a975d20f75a1ecabd217247f1922c8f Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Wed, 4 Mar 2015 20:32:26 +0000
|
||||
Subject: [PATCH 56/71] New version of contrib/reverse-dns
|
||||
Subject: [PATCH 56/78] New version of contrib/reverse-dns
|
||||
|
||||
---
|
||||
contrib/reverse-dns/README | 22 +++---
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 360f2513ab12a9bf1e262d388dd2ea8a566590a3 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Sat, 7 Mar 2015 18:28:06 +0000
|
||||
Subject: [PATCH 57/71] Tweak DNSSEC timestamp code to create file later,
|
||||
Subject: [PATCH 57/78] Tweak DNSSEC timestamp code to create file later,
|
||||
removing need to chown it.
|
||||
|
||||
---
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From ff841ebf5a5d6864ff48571f607c32ce80dbb75a Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Wed, 11 Mar 2015 21:36:30 +0000
|
||||
Subject: [PATCH 58/71] Fix boilerplate code for re-running system calls on
|
||||
Subject: [PATCH 58/78] Fix boilerplate code for re-running system calls on
|
||||
EINTR and EAGAIN etc.
|
||||
|
||||
The nasty code with static variable in retry_send() which
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 979fe86bc8693f660eddea232ae39cbbb50b294c Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Thu, 19 Mar 2015 22:50:22 +0000
|
||||
Subject: [PATCH 59/71] Make --address=/example.com/ equivalent to
|
||||
Subject: [PATCH 59/78] Make --address=/example.com/ equivalent to
|
||||
--server=/example.com/
|
||||
|
||||
---
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 65c721200023ef0023114459a8d12f8b0a24cfd8 Mon Sep 17 00:00:00 2001
|
||||
From: Lung-Pin Chang <changlp@cs.nctu.edu.tw>
|
||||
Date: Thu, 19 Mar 2015 23:22:21 +0000
|
||||
Subject: [PATCH 60/71] dhcp: set outbound interface via cmsg in unicast reply
|
||||
Subject: [PATCH 60/78] dhcp: set outbound interface via cmsg in unicast reply
|
||||
|
||||
If multiple routes to the same network exist, Linux blindly picks
|
||||
the first interface (route) based on destination address, which might not be
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 8805283088d670baecb92569252c01cf754cda51 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Thu, 26 Mar 2015 21:15:43 +0000
|
||||
Subject: [PATCH 61/71] Don't fail DNSSEC when a signed CNAME dangles into an
|
||||
Subject: [PATCH 61/78] Don't fail DNSSEC when a signed CNAME dangles into an
|
||||
unsigned zone.
|
||||
|
||||
---
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 150162bc37170a6edae9d488435e836b1e4e3a4e Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Fri, 27 Mar 2015 09:58:26 +0000
|
||||
Subject: [PATCH 62/71] Return SERVFAIL when validation abandoned.
|
||||
Subject: [PATCH 62/78] Return SERVFAIL when validation abandoned.
|
||||
|
||||
---
|
||||
src/forward.c | 11 +++++++++--
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 0b8a5a30a77331974ba24a04e43e720585dfbc61 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Fri, 27 Mar 2015 11:44:55 +0000
|
||||
Subject: [PATCH 63/71] Protect against broken DNSSEC upstreams.
|
||||
Subject: [PATCH 63/78] Protect against broken DNSSEC upstreams.
|
||||
|
||||
---
|
||||
src/dnssec.c | 7 +++++--
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 1e153945def3c50d1e59ceea6a768db0ac770f98 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Sat, 28 Mar 2015 21:34:07 +0000
|
||||
Subject: [PATCH 64/71] DNSSEC fix for non-ascii characters in labels.
|
||||
Subject: [PATCH 64/78] DNSSEC fix for non-ascii characters in labels.
|
||||
|
||||
---
|
||||
src/dnssec.c | 34 +++++++++++++++++-----------------
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 394ff492da6af5da7e7d356be9586683bc5fc011 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Sun, 29 Mar 2015 22:17:14 +0100
|
||||
Subject: [PATCH 65/71] Allow control characters in names in the cache, handle
|
||||
Subject: [PATCH 65/78] Allow control characters in names in the cache, handle
|
||||
when logging.
|
||||
|
||||
---
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 794fccca7ffebfba4468bfffc6276b68bbf6afd9 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Sun, 29 Mar 2015 22:35:44 +0100
|
||||
Subject: [PATCH 66/71] Fix crash in last commit.
|
||||
Subject: [PATCH 66/78] Fix crash in last commit.
|
||||
|
||||
---
|
||||
src/cache.c | 7 ++++---
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From fd6ad9e481ab7c812a6b1515244908818cbb0442 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Mon, 30 Mar 2015 07:52:21 +0100
|
||||
Subject: [PATCH 67/71] Merge message translations.
|
||||
Subject: [PATCH 67/78] Merge message translations.
|
||||
|
||||
---
|
||||
po/de.po | 803 +++++++++++++++++++++++++++++++++--------------------------
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 30d0879ed55cb67b1b735beab3d93f3bb3ef1dd2 Mon Sep 17 00:00:00 2001
|
||||
From: Stefan Tomanek <stefan.tomanek+dnsmasq@wertarbyte.de>
|
||||
Date: Tue, 31 Mar 2015 22:32:11 +0100
|
||||
Subject: [PATCH 68/71] add --tftp-no-fail to ignore missing tftp root
|
||||
Subject: [PATCH 68/78] add --tftp-no-fail to ignore missing tftp root
|
||||
|
||||
---
|
||||
CHANGELOG | 3 +++
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 7aa970e2c7043201663d86a4b5d8cd5c592cef39 Mon Sep 17 00:00:00 2001
|
||||
From: Stefan Tomanek <stefan.tomanek+dnsmasq@wertarbyte.de>
|
||||
Date: Wed, 1 Apr 2015 17:55:07 +0100
|
||||
Subject: [PATCH 69/71] Whitespace fixes.
|
||||
Subject: [PATCH 69/78] Whitespace fixes.
|
||||
|
||||
---
|
||||
src/dnsmasq.c | 14 +++++++-------
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From fe3992f9fa69fa975ea31919c53933b5f6a63527 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Fri, 3 Apr 2015 21:25:05 +0100
|
||||
Subject: [PATCH 70/71] Return INSECURE, rather than BOGUS when DS proved not
|
||||
Subject: [PATCH 70/78] Return INSECURE, rather than BOGUS when DS proved not
|
||||
to exist.
|
||||
|
||||
Return INSECURE when validating DNS replies which have RRSIGs, but
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 982faf402487e265ed11ac03524531d42b03c966 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Fri, 3 Apr 2015 21:42:30 +0100
|
||||
Subject: [PATCH 71/71] Fix compiler warning when not including DNSSEC.
|
||||
Subject: [PATCH 71/78] Fix compiler warning when not including DNSSEC.
|
||||
|
||||
---
|
||||
src/forward.c | 3 ++-
|
||||
|
||||
@@ -0,0 +1,54 @@
|
||||
From 04b0ac05377936d121a36873bb63d492cde292c9 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Mon, 6 Apr 2015 17:19:13 +0100
|
||||
Subject: [PATCH 72/78] Fix crash caused by looking up servers.bind when many
|
||||
servers defined.
|
||||
|
||||
---
|
||||
CHANGELOG | 7 ++++++-
|
||||
src/cache.c | 4 ++--
|
||||
2 files changed, 8 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/CHANGELOG b/CHANGELOG
|
||||
index 34432ae4807f..6aa3d851a297 100644
|
||||
--- a/CHANGELOG
|
||||
+++ b/CHANGELOG
|
||||
@@ -75,7 +75,12 @@ version 2.73
|
||||
|
||||
Add --tftp-no-fail option. Thanks to Stefan Tomanek for
|
||||
the patch.
|
||||
-
|
||||
+
|
||||
+ Fix crash caused by looking up servers.bind, CHAOS text record,
|
||||
+ when more than about five --servers= lines are in the dnsmasq
|
||||
+ config. This causes memory corruption which causes a crash later.
|
||||
+ Thanks to Matt Coddington for sterling work chasing this down.
|
||||
+
|
||||
|
||||
version 2.72
|
||||
Add ra-advrouter mode, for RFC-3775 mobile IPv6 support.
|
||||
diff --git a/src/cache.c b/src/cache.c
|
||||
index d7bea574c0d8..178d654ca92e 100644
|
||||
--- a/src/cache.c
|
||||
+++ b/src/cache.c
|
||||
@@ -1367,7 +1367,7 @@ int cache_make_stat(struct txt_record *t)
|
||||
}
|
||||
port = prettyprint_addr(&serv->addr, daemon->addrbuff);
|
||||
lenp = p++; /* length */
|
||||
- bytes_avail = (p - buff) + bufflen;
|
||||
+ bytes_avail = bufflen - (p - buff );
|
||||
bytes_needed = snprintf(p, bytes_avail, "%s#%d %u %u", daemon->addrbuff, port, queries, failed_queries);
|
||||
if (bytes_needed >= bytes_avail)
|
||||
{
|
||||
@@ -1381,7 +1381,7 @@ int cache_make_stat(struct txt_record *t)
|
||||
lenp = p - 1;
|
||||
buff = new;
|
||||
bufflen = newlen;
|
||||
- bytes_avail = (p - buff) + bufflen;
|
||||
+ bytes_avail = bufflen - (p - buff );
|
||||
bytes_needed = snprintf(p, bytes_avail, "%s#%d %u %u", daemon->addrbuff, port, queries, failed_queries);
|
||||
}
|
||||
*lenp = bytes_needed;
|
||||
--
|
||||
2.1.0
|
||||
|
||||
@@ -0,0 +1,61 @@
|
||||
From ad4a8ff7d9097008d7623df8543df435bfddeac8 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Thu, 9 Apr 2015 21:48:00 +0100
|
||||
Subject: [PATCH 73/78] Fix crash on receipt of certain malformed DNS requests.
|
||||
|
||||
---
|
||||
CHANGELOG | 3 +++
|
||||
src/rfc1035.c | 9 ++++++---
|
||||
2 files changed, 9 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/CHANGELOG b/CHANGELOG
|
||||
index 6aa3d851a297..9af617056f1f 100644
|
||||
--- a/CHANGELOG
|
||||
+++ b/CHANGELOG
|
||||
@@ -125,6 +125,9 @@ version 2.72
|
||||
Fix problem with --local-service option on big-endian platforms
|
||||
Thanks to Richard Genoud for the patch.
|
||||
|
||||
+ Fix crash on receipt of certain malformed DNS requests. Thanks
|
||||
+ to Nick Sampanis for spotting the problem.
|
||||
+
|
||||
|
||||
version 2.71
|
||||
Subtle change to error handling to help DNSSEC validation
|
||||
diff --git a/src/rfc1035.c b/src/rfc1035.c
|
||||
index 7a07b0cee906..a995ab50d74a 100644
|
||||
--- a/src/rfc1035.c
|
||||
+++ b/src/rfc1035.c
|
||||
@@ -1198,7 +1198,10 @@ unsigned int extract_request(struct dns_header *header, size_t qlen, char *name,
|
||||
size_t setup_reply(struct dns_header *header, size_t qlen,
|
||||
struct all_addr *addrp, unsigned int flags, unsigned long ttl)
|
||||
{
|
||||
- unsigned char *p = skip_questions(header, qlen);
|
||||
+ unsigned char *p;
|
||||
+
|
||||
+ if (!(p = skip_questions(header, qlen)))
|
||||
+ return 0;
|
||||
|
||||
/* clear authoritative and truncated flags, set QR flag */
|
||||
header->hb3 = (header->hb3 & ~(HB3_AA | HB3_TC)) | HB3_QR;
|
||||
@@ -1214,7 +1217,7 @@ size_t setup_reply(struct dns_header *header, size_t qlen,
|
||||
SET_RCODE(header, NOERROR); /* empty domain */
|
||||
else if (flags == F_NXDOMAIN)
|
||||
SET_RCODE(header, NXDOMAIN);
|
||||
- else if (p && flags == F_IPV4)
|
||||
+ else if (flags == F_IPV4)
|
||||
{ /* we know the address */
|
||||
SET_RCODE(header, NOERROR);
|
||||
header->ancount = htons(1);
|
||||
@@ -1222,7 +1225,7 @@ size_t setup_reply(struct dns_header *header, size_t qlen,
|
||||
add_resource_record(header, NULL, NULL, sizeof(struct dns_header), &p, ttl, NULL, T_A, C_IN, "4", addrp);
|
||||
}
|
||||
#ifdef HAVE_IPV6
|
||||
- else if (p && flags == F_IPV6)
|
||||
+ else if (flags == F_IPV6)
|
||||
{
|
||||
SET_RCODE(header, NOERROR);
|
||||
header->ancount = htons(1);
|
||||
--
|
||||
2.1.0
|
||||
|
||||
@@ -0,0 +1,113 @@
|
||||
From 38440b204db65f9be16c4c3daa7e991e4356f6ed Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Sun, 12 Apr 2015 21:52:47 +0100
|
||||
Subject: [PATCH 74/78] Fix crash in auth code with odd configuration.
|
||||
|
||||
---
|
||||
CHANGELOG | 32 +++++++++++++++++++++-----------
|
||||
src/auth.c | 13 ++++++++-----
|
||||
2 files changed, 29 insertions(+), 16 deletions(-)
|
||||
|
||||
diff --git a/CHANGELOG b/CHANGELOG
|
||||
index 9af617056f1f..f2142c71cbdc 100644
|
||||
--- a/CHANGELOG
|
||||
+++ b/CHANGELOG
|
||||
@@ -68,18 +68,31 @@ version 2.73
|
||||
Fix broken DNSSEC validation of ECDSA signatures.
|
||||
|
||||
Add --dnssec-timestamp option, which provides an automatic
|
||||
- way to detect when the system time becomes valid after boot
|
||||
- on systems without an RTC, whilst allowing DNS queries before the
|
||||
- clock is valid so that NTP can run. Thanks to
|
||||
- Kevin Darbyshire-Bryant for developing this idea.
|
||||
+ way to detect when the system time becomes valid after
|
||||
+ boot on systems without an RTC, whilst allowing DNS
|
||||
+ queries before the clock is valid so that NTP can run.
|
||||
+ Thanks to Kevin Darbyshire-Bryant for developing this idea.
|
||||
|
||||
Add --tftp-no-fail option. Thanks to Stefan Tomanek for
|
||||
the patch.
|
||||
|
||||
- Fix crash caused by looking up servers.bind, CHAOS text record,
|
||||
- when more than about five --servers= lines are in the dnsmasq
|
||||
- config. This causes memory corruption which causes a crash later.
|
||||
- Thanks to Matt Coddington for sterling work chasing this down.
|
||||
+ Fix crash caused by looking up servers.bind, CHAOS text
|
||||
+ record, when more than about five --servers= lines are
|
||||
+ in the dnsmasq config. This causes memory corruption
|
||||
+ which causes a crash later. Thanks to Matt Coddington for
|
||||
+ sterling work chasing this down.
|
||||
+
|
||||
+ Fix crash on receipt of certain malformed DNS requests.
|
||||
+ Thanks to Nick Sampanis for spotting the problem.
|
||||
+
|
||||
+ Fix crash in authoritative DNS code, if a .arpa zone
|
||||
+ is declared as authoritative, and then a PTR query which
|
||||
+ is not to be treated as authoritative arrived. Normally,
|
||||
+ directly declaring .arpa zone as authoritative is not
|
||||
+ done, so this crash wouldn't be seen. Instead the
|
||||
+ relevant .arpa zone should be specified as a subnet
|
||||
+ in the auth-zone declaration. Thanks to Johnny S. Lee
|
||||
+ for the bugreport and initial patch.
|
||||
|
||||
|
||||
version 2.72
|
||||
@@ -125,10 +138,7 @@ version 2.72
|
||||
Fix problem with --local-service option on big-endian platforms
|
||||
Thanks to Richard Genoud for the patch.
|
||||
|
||||
- Fix crash on receipt of certain malformed DNS requests. Thanks
|
||||
- to Nick Sampanis for spotting the problem.
|
||||
|
||||
-
|
||||
version 2.71
|
||||
Subtle change to error handling to help DNSSEC validation
|
||||
when servers fail to provide NODATA answers for
|
||||
diff --git a/src/auth.c b/src/auth.c
|
||||
index 15721e52793f..4a5c39fc5c07 100644
|
||||
--- a/src/auth.c
|
||||
+++ b/src/auth.c
|
||||
@@ -141,7 +141,7 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n
|
||||
for (zone = daemon->auth_zones; zone; zone = zone->next)
|
||||
if ((subnet = find_subnet(zone, flag, &addr)))
|
||||
break;
|
||||
-
|
||||
+
|
||||
if (!zone)
|
||||
{
|
||||
auth = 0;
|
||||
@@ -186,7 +186,7 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n
|
||||
|
||||
if (intr)
|
||||
{
|
||||
- if (in_zone(zone, intr->name, NULL))
|
||||
+ if (local_query || in_zone(zone, intr->name, NULL))
|
||||
{
|
||||
found = 1;
|
||||
log_query(flag | F_REVERSE | F_CONFIG, intr->name, &addr, NULL);
|
||||
@@ -208,8 +208,11 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n
|
||||
*p = 0; /* must be bare name */
|
||||
|
||||
/* add external domain */
|
||||
- strcat(name, ".");
|
||||
- strcat(name, zone->domain);
|
||||
+ if (zone)
|
||||
+ {
|
||||
+ strcat(name, ".");
|
||||
+ strcat(name, zone->domain);
|
||||
+ }
|
||||
log_query(flag | F_DHCP | F_REVERSE, name, &addr, record_source(crecp->uid));
|
||||
found = 1;
|
||||
if (add_resource_record(header, limit, &trunc, nameoffset, &ansp,
|
||||
@@ -217,7 +220,7 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n
|
||||
T_PTR, C_IN, "d", name))
|
||||
anscount++;
|
||||
}
|
||||
- else if (crecp->flags & (F_DHCP | F_HOSTS) && in_zone(zone, name, NULL))
|
||||
+ else if (crecp->flags & (F_DHCP | F_HOSTS) && (local_query || in_zone(zone, name, NULL)))
|
||||
{
|
||||
log_query(crecp->flags & ~F_FORWARD, name, &addr, record_source(crecp->uid));
|
||||
found = 1;
|
||||
--
|
||||
2.1.0
|
||||
|
||||
@@ -0,0 +1,106 @@
|
||||
From 78c6184752dce27849e36cce4360abc27b8d76d2 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Thu, 16 Apr 2015 15:05:30 +0100
|
||||
Subject: [PATCH 75/78] Auth: correct replies to NS and SOA in .arpa zones.
|
||||
|
||||
---
|
||||
CHANGELOG | 8 ++++++++
|
||||
src/auth.c | 51 ++++++++++++++++++++++++++++++---------------------
|
||||
2 files changed, 38 insertions(+), 21 deletions(-)
|
||||
|
||||
diff --git a/CHANGELOG b/CHANGELOG
|
||||
index f2142c71cbdc..0619788e9cef 100644
|
||||
--- a/CHANGELOG
|
||||
+++ b/CHANGELOG
|
||||
@@ -94,6 +94,14 @@ version 2.73
|
||||
in the auth-zone declaration. Thanks to Johnny S. Lee
|
||||
for the bugreport and initial patch.
|
||||
|
||||
+ Fix authoritative DNS code to correctly reply to NS
|
||||
+ and SOA queries for .arpa zones for which we are
|
||||
+ declared authoritative by means of a subnet in auth-zone.
|
||||
+ Previously we provided correct answers to PTR queries
|
||||
+ in such zones (including NS and SOA) but not direct
|
||||
+ NS and SOA queries. Thanks to Johnny S. Lee for
|
||||
+ pointing out the problem.
|
||||
+
|
||||
|
||||
version 2.72
|
||||
Add ra-advrouter mode, for RFC-3775 mobile IPv6 support.
|
||||
diff --git a/src/auth.c b/src/auth.c
|
||||
index 4a5c39fc5c07..2b0b7d6b052d 100644
|
||||
--- a/src/auth.c
|
||||
+++ b/src/auth.c
|
||||
@@ -131,24 +131,27 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n
|
||||
continue;
|
||||
}
|
||||
|
||||
- if (qtype == T_PTR)
|
||||
+ if ((qtype == T_PTR || qtype == T_SOA || qtype == T_NS) &&
|
||||
+ (flag = in_arpa_name_2_addr(name, &addr)) &&
|
||||
+ !local_query)
|
||||
{
|
||||
- if (!(flag = in_arpa_name_2_addr(name, &addr)))
|
||||
- continue;
|
||||
-
|
||||
- if (!local_query)
|
||||
+ for (zone = daemon->auth_zones; zone; zone = zone->next)
|
||||
+ if ((subnet = find_subnet(zone, flag, &addr)))
|
||||
+ break;
|
||||
+
|
||||
+ if (!zone)
|
||||
{
|
||||
- for (zone = daemon->auth_zones; zone; zone = zone->next)
|
||||
- if ((subnet = find_subnet(zone, flag, &addr)))
|
||||
- break;
|
||||
-
|
||||
- if (!zone)
|
||||
- {
|
||||
- auth = 0;
|
||||
- continue;
|
||||
- }
|
||||
+ auth = 0;
|
||||
+ continue;
|
||||
}
|
||||
+ else if (qtype == T_SOA)
|
||||
+ soa = 1, found = 1;
|
||||
+ else if (qtype == T_NS)
|
||||
+ ns = 1, found = 1;
|
||||
+ }
|
||||
|
||||
+ if (qtype == T_PTR && flag)
|
||||
+ {
|
||||
intr = NULL;
|
||||
|
||||
if (flag == F_IPV4)
|
||||
@@ -243,14 +246,20 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n
|
||||
}
|
||||
|
||||
cname_restart:
|
||||
- for (zone = daemon->auth_zones; zone; zone = zone->next)
|
||||
- if (in_zone(zone, name, &cut))
|
||||
- break;
|
||||
-
|
||||
- if (!zone)
|
||||
+ if (found)
|
||||
+ /* NS and SOA .arpa requests have set found above. */
|
||||
+ cut = NULL;
|
||||
+ else
|
||||
{
|
||||
- auth = 0;
|
||||
- continue;
|
||||
+ for (zone = daemon->auth_zones; zone; zone = zone->next)
|
||||
+ if (in_zone(zone, name, &cut))
|
||||
+ break;
|
||||
+
|
||||
+ if (!zone)
|
||||
+ {
|
||||
+ auth = 0;
|
||||
+ continue;
|
||||
+ }
|
||||
}
|
||||
|
||||
for (rec = daemon->mxnames; rec; rec = rec->next)
|
||||
--
|
||||
2.1.0
|
||||
|
||||
@@ -0,0 +1,36 @@
|
||||
From b4c0f092d8ce63ea4763c0ac17aa8d24318ad301 Mon Sep 17 00:00:00 2001
|
||||
From: Stefan Tomanek <stefan.tomanek+dnsmasq@wertarbyte.de>
|
||||
Date: Thu, 16 Apr 2015 15:20:59 +0100
|
||||
Subject: [PATCH 76/78] Fix (srk induced) crash in new tftp_no_fail code.
|
||||
|
||||
---
|
||||
src/dnsmasq.c | 6 ++++--
|
||||
1 file changed, 4 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/src/dnsmasq.c b/src/dnsmasq.c
|
||||
index a7c5da8fbd01..20b15c05103a 100644
|
||||
--- a/src/dnsmasq.c
|
||||
+++ b/src/dnsmasq.c
|
||||
@@ -655,7 +655,8 @@ int main (int argc, char **argv)
|
||||
_exit(0);
|
||||
}
|
||||
}
|
||||
- closedir(dir);
|
||||
+ else
|
||||
+ closedir(dir);
|
||||
}
|
||||
|
||||
for (p = daemon->if_prefix; p; p = p->next)
|
||||
@@ -670,7 +671,8 @@ int main (int argc, char **argv)
|
||||
_exit(0);
|
||||
}
|
||||
}
|
||||
- closedir(dir);
|
||||
+ else
|
||||
+ closedir(dir);
|
||||
}
|
||||
}
|
||||
#endif
|
||||
--
|
||||
2.1.0
|
||||
|
||||
26
src/patches/dnsmasq/0077-Note-CVE-2015-3294.patch
Normal file
26
src/patches/dnsmasq/0077-Note-CVE-2015-3294.patch
Normal file
@@ -0,0 +1,26 @@
|
||||
From 0df29f5e23fd2f16181847db1fcf3a8b392d869a Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Thu, 16 Apr 2015 15:24:52 +0100
|
||||
Subject: [PATCH 77/78] Note CVE-2015-3294
|
||||
|
||||
---
|
||||
CHANGELOG | 3 +++
|
||||
1 file changed, 3 insertions(+)
|
||||
|
||||
diff --git a/CHANGELOG b/CHANGELOG
|
||||
index 0619788e9cef..7f2b1e002e9e 100644
|
||||
--- a/CHANGELOG
|
||||
+++ b/CHANGELOG
|
||||
@@ -84,6 +84,9 @@ version 2.73
|
||||
|
||||
Fix crash on receipt of certain malformed DNS requests.
|
||||
Thanks to Nick Sampanis for spotting the problem.
|
||||
+ Note that this is could allow the dnsmasq process's
|
||||
+ memory to be read by an attacker under certain
|
||||
+ circumstances, so it has a CVE, CVE-2015-3294
|
||||
|
||||
Fix crash in authoritative DNS code, if a .arpa zone
|
||||
is declared as authoritative, and then a PTR query which
|
||||
--
|
||||
2.1.0
|
||||
|
||||
@@ -0,0 +1,59 @@
|
||||
From 554b580e970275d5a869cb4fbfb2716f92b2f664 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kelley <simon@thekelleys.org.uk>
|
||||
Date: Fri, 17 Apr 2015 22:50:20 +0100
|
||||
Subject: [PATCH 78/78] Log domain when reporting DNSSEC validation failure.
|
||||
|
||||
---
|
||||
src/forward.c | 15 ++++++++++-----
|
||||
1 file changed, 10 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/src/forward.c b/src/forward.c
|
||||
index 3f6b9a23b6ab..1c7da3f5655c 100644
|
||||
--- a/src/forward.c
|
||||
+++ b/src/forward.c
|
||||
@@ -1014,7 +1014,7 @@ void reply_query(int fd, int family, time_t now)
|
||||
header->hb3 |= HB3_TC;
|
||||
else
|
||||
{
|
||||
- char *result;
|
||||
+ char *result, *domain = "result";
|
||||
|
||||
if (forward->work_counter == 0)
|
||||
{
|
||||
@@ -1024,7 +1024,10 @@ void reply_query(int fd, int family, time_t now)
|
||||
else
|
||||
result = (status == STAT_SECURE ? "SECURE" : (status == STAT_INSECURE ? "INSECURE" : "BOGUS"));
|
||||
|
||||
- log_query(F_KEYTAG | F_SECSTAT, "result", NULL, result);
|
||||
+ if (status == STAT_BOGUS && extract_request(header, n, daemon->namebuff, NULL))
|
||||
+ domain = daemon->namebuff;
|
||||
+
|
||||
+ log_query(F_KEYTAG | F_SECSTAT, domain, NULL, result);
|
||||
}
|
||||
|
||||
if (status == STAT_SECURE)
|
||||
@@ -1975,7 +1978,7 @@ unsigned char *tcp_request(int confd, time_t now,
|
||||
{
|
||||
int keycount = DNSSEC_WORK; /* Limit to number of DNSSEC questions, to catch loops and avoid filling cache. */
|
||||
int status = tcp_key_recurse(now, STAT_TRUNCATED, header, m, 0, daemon->namebuff, daemon->keyname, last_server, &keycount);
|
||||
- char *result;
|
||||
+ char *result, *domain = "result";
|
||||
|
||||
if (status == STAT_INSECURE_DS)
|
||||
{
|
||||
@@ -1993,8 +1996,10 @@ unsigned char *tcp_request(int confd, time_t now,
|
||||
}
|
||||
else
|
||||
result = (status == STAT_SECURE ? "SECURE" : (status == STAT_INSECURE ? "INSECURE" : "BOGUS"));
|
||||
-
|
||||
- log_query(F_KEYTAG | F_SECSTAT, "result", NULL, result);
|
||||
+ if (status == STAT_BOGUS && extract_request(header, m, daemon->namebuff, NULL))
|
||||
+ domain = daemon->namebuff;
|
||||
+
|
||||
+ log_query(F_KEYTAG | F_SECSTAT, domain, NULL, result);
|
||||
|
||||
if (status == STAT_BOGUS)
|
||||
{
|
||||
--
|
||||
2.1.0
|
||||
|
||||
Reference in New Issue
Block a user