diff --git a/config/rootfiles/common/i586/openssl-sse2 b/config/rootfiles/common/i586/openssl-sse2 index 59bfce3e2..7f6ddd69b 100644 --- a/config/rootfiles/common/i586/openssl-sse2 +++ b/config/rootfiles/common/i586/openssl-sse2 @@ -1,2 +1 @@ usr/lib/sse2/libcrypto.so.10 -usr/lib/sse2/libssl.so.10 diff --git a/config/rootfiles/common/misc-progs b/config/rootfiles/common/misc-progs index f33d08c61..349aac76c 100644 --- a/config/rootfiles/common/misc-progs +++ b/config/rootfiles/common/misc-progs @@ -3,6 +3,7 @@ usr/local/bin/addonctrl usr/local/bin/backupctrl #usr/local/bin/clamavctrl usr/local/bin/collectdctrl +usr/local/bin/ddnsctrl usr/local/bin/dhcpctrl usr/local/bin/dnsmasqctrl usr/local/bin/extrahdctrl diff --git a/config/rootfiles/common/xz b/config/rootfiles/common/xz index 7c83de7c7..b4053d9b7 100644 --- a/config/rootfiles/common/xz +++ b/config/rootfiles/common/xz @@ -33,7 +33,7 @@ usr/bin/xzmore #usr/include/lzma/hardware.h #usr/include/lzma/index.h #usr/include/lzma/index_hash.h -#usr/include/lzma/lzma.h +#usr/include/lzma/lzma12.h #usr/include/lzma/stream_flags.h #usr/include/lzma/version.h #usr/include/lzma/vli.h @@ -41,7 +41,7 @@ usr/bin/xzmore #usr/lib/liblzma.la usr/lib/liblzma.so usr/lib/liblzma.so.5 -usr/lib/liblzma.so.5.0.5 +usr/lib/liblzma.so.5.2.1 #usr/lib/pkgconfig/liblzma.pc #usr/share/doc/xz #usr/share/doc/xz/AUTHORS @@ -56,6 +56,7 @@ usr/lib/liblzma.so.5.0.5 #usr/share/doc/xz/examples/01_compress_easy.c #usr/share/doc/xz/examples/02_decompress.c #usr/share/doc/xz/examples/03_compress_custom.c +#usr/share/doc/xz/examples/04_compress_easy_mt.c #usr/share/doc/xz/examples/Makefile #usr/share/doc/xz/examples_old #usr/share/doc/xz/examples_old/xz_pipe_comp.c @@ -69,6 +70,7 @@ usr/lib/liblzma.so.5.0.5 #usr/share/locale/fr/LC_MESSAGES/xz.mo #usr/share/locale/it/LC_MESSAGES/xz.mo #usr/share/locale/pl/LC_MESSAGES/xz.mo +#usr/share/locale/vi/LC_MESSAGES/xz.mo #usr/share/man/man1/lzcat.1 #usr/share/man/man1/lzcmp.1 #usr/share/man/man1/lzdiff.1 diff --git a/config/rootfiles/core/90/filelists/armv5tel/glibc b/config/rootfiles/core/90/filelists/armv5tel/glibc new file mode 120000 index 000000000..4c70d724b --- /dev/null +++ b/config/rootfiles/core/90/filelists/armv5tel/glibc @@ -0,0 +1 @@ +../../../../common/armv5tel/glibc \ No newline at end of file diff --git a/config/rootfiles/core/90/filelists/ddns b/config/rootfiles/core/90/filelists/ddns new file mode 120000 index 000000000..739516420 --- /dev/null +++ b/config/rootfiles/core/90/filelists/ddns @@ -0,0 +1 @@ +../../../common/ddns \ No newline at end of file diff --git a/config/rootfiles/core/90/filelists/files b/config/rootfiles/core/90/filelists/files index 69d74215c..35f079823 100644 --- a/config/rootfiles/core/90/filelists/files +++ b/config/rootfiles/core/90/filelists/files @@ -6,6 +6,7 @@ etc/rc.d/init.d/networking/functions.network etc/rc.d/init.d/networking/red.up/99-geoip-database etc/rc.d/rcsysinit.d/S90network-trigger srv/web/ipfire/cgi-bin/country.cgi +srv/web/ipfire/cgi-bin/ddns.cgi srv/web/ipfire/cgi-bin/firewall.cgi srv/web/ipfire/cgi-bin/fwhosts.cgi srv/web/ipfire/cgi-bin/geoip-block.cgi @@ -19,6 +20,7 @@ srv/web/ipfire/html/themes/maniac/include/style.css usr/lib/firewall/firewall-lib.pl usr/lib/firewall/rules.pl usr/local/bin/backupiso +usr/local/bin/ddnsctrl usr/local/bin/xt_geoip_build usr/local/bin/xt_geoip_update var/ipfire/general-functions.pl diff --git a/config/rootfiles/core/90/filelists/i586/glibc b/config/rootfiles/core/90/filelists/i586/glibc new file mode 120000 index 000000000..943021f19 --- /dev/null +++ b/config/rootfiles/core/90/filelists/i586/glibc @@ -0,0 +1 @@ +../../../../common/i586/glibc \ No newline at end of file diff --git a/config/rootfiles/core/90/filelists/tzdata b/config/rootfiles/core/90/filelists/tzdata new file mode 120000 index 000000000..5a6e3252f --- /dev/null +++ b/config/rootfiles/core/90/filelists/tzdata @@ -0,0 +1 @@ +../../../common/tzdata \ No newline at end of file diff --git a/config/rootfiles/core/90/filelists/xz b/config/rootfiles/core/90/filelists/xz new file mode 120000 index 000000000..734e926c7 --- /dev/null +++ b/config/rootfiles/core/90/filelists/xz @@ -0,0 +1 @@ +../../../common/xz \ No newline at end of file diff --git a/config/rootfiles/core/90/update.sh b/config/rootfiles/core/90/update.sh index 573d5a7c9..2a69278f9 100644 --- a/config/rootfiles/core/90/update.sh +++ b/config/rootfiles/core/90/update.sh @@ -192,6 +192,8 @@ EOF fcrontab -z &>/dev/null +# Generate ddns configuration file +sudo -u nobody /srv/web/ipfire/cgi-bin/ddns.cgi # Update Language cache perl -e "require '/var/ipfire/lang.pl'; &Lang::BuildCacheLang" diff --git a/config/rootfiles/packages/clamav b/config/rootfiles/packages/clamav index 735331300..d79f6e6aa 100644 --- a/config/rootfiles/packages/clamav +++ b/config/rootfiles/packages/clamav @@ -11,15 +11,15 @@ usr/bin/sigtool #usr/lib/libclamav.la usr/lib/libclamav.so usr/lib/libclamav.so.6 -usr/lib/libclamav.so.6.1.25 +usr/lib/libclamav.so.6.1.26 #usr/lib/libclamunrar.la usr/lib/libclamunrar.so usr/lib/libclamunrar.so.6 -usr/lib/libclamunrar.so.6.1.25 +usr/lib/libclamunrar.so.6.1.26 #usr/lib/libclamunrar_iface.la usr/lib/libclamunrar_iface.so usr/lib/libclamunrar_iface.so.6 -usr/lib/libclamunrar_iface.so.6.1.25 +usr/lib/libclamunrar_iface.so.6.1.26 #usr/lib/pkgconfig/libclamav.pc usr/sbin/clamd usr/share/clamav diff --git a/config/rootfiles/packages/libsrtp b/config/rootfiles/packages/libsrtp index 105f3f00e..3ee2e3b64 100644 --- a/config/rootfiles/packages/libsrtp +++ b/config/rootfiles/packages/libsrtp @@ -37,4 +37,5 @@ #usr/include/srtp/ut_sim.h #usr/include/srtp/xfm.h usr/lib/libsrtp.so +usr/lib/libsrtp.so.1 #usr/lib/pkgconfig/libsrtp.pc diff --git a/html/cgi-bin/ddns.cgi b/html/cgi-bin/ddns.cgi index 3e6f72f98..73a41d903 100644 --- a/html/cgi-bin/ddns.cgi +++ b/html/cgi-bin/ddns.cgi @@ -44,10 +44,8 @@ my $settingsfile = "${General::swroot}/ddns/settings"; # Config file to store the configured ddns providers. my $datafile = "${General::swroot}/ddns/config"; -# Dynamic ddns programm call. -my @ddnsprog = ("/usr/bin/ddns", "--config", - "/var/ipfire/ddns/ddns.conf", - "update-all"); +# Call the ddnsctrl helper binary to perform the update. +my @ddnsprog = ("/usr/local/bin/ddnsctrl", "update-all"); my %settings=(); my $errormessage = ''; diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi index 0d23d0d09..1d7535640 100644 --- a/html/cgi-bin/vpnmain.cgi +++ b/html/cgi-bin/vpnmain.cgi @@ -363,12 +363,12 @@ sub writeipsecfiles { print CONF "\tdpddelay=0\n"; } } else { - my $dpddelay = $lconfighash{$key}[30]; + my $dpddelay = $lconfighash{$key}[31]; if (!$dpddelay) { $dpddelay = 30; } print CONF "\tdpddelay=$dpddelay\n"; - my $dpdtimeout = $lconfighash{$key}[31]; + my $dpdtimeout = $lconfighash{$key}[30]; if (!$dpdtimeout) { $dpdtimeout = 120; } @@ -3030,8 +3030,8 @@ sub make_algos($$$$$) { push(@algo, $int); } - if ($grp =~ m/^e\d+/) { - push(@algo, $grp); + if ($grp =~ m/^e(\d+)/) { + push(@algo, "ecp$1"); } else { push(@algo, "modp$grp"); } diff --git a/lfs/clamav b/lfs/clamav index 2e07ed034..5fd8426e3 100644 --- a/lfs/clamav +++ b/lfs/clamav @@ -24,7 +24,7 @@ include Config -VER = 0.98.6 +VER = 0.98.7 THISAPP = clamav-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = clamav -PAK_VER = 28 +PAK_VER = 29 DEPS = "" @@ -48,7 +48,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = 7f4f7e82a09e42c4ebf153d6d452d9d8 +$(DL_FILE)_MD5 = 157c601161da1c2d5a0e48ea1b49e067 install : $(TARGET) diff --git a/lfs/ddns b/lfs/ddns index e736e101c..463ae28a9 100644 --- a/lfs/ddns +++ b/lfs/ddns @@ -71,6 +71,9 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/ddns/001-ddns-007-perform-lazy-database-init.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/ddns/002-ddns-007-also-open-database-for-search-operations.patch + cd $(DIR_APP) && [ -x "configure" ] || sh ./autogen.sh cd $(DIR_APP) && ./configure \ --prefix=/usr \ diff --git a/lfs/dnsmasq b/lfs/dnsmasq index 665f424bb..b98e66217 100644 --- a/lfs/dnsmasq +++ b/lfs/dnsmasq @@ -151,6 +151,15 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0076-Fix-srk-induced-crash-in-new-tftp_no_fail-code.patch cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0077-Note-CVE-2015-3294.patch cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0078-Log-domain-when-reporting-DNSSEC-validation-failure.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0079-Check-IP-address-command-line-arg-in-dhcp_release.c.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0080-Revert-61b838dd574c51d96fef100285a0d225824534f9-and-.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0081-Handle-domain-names-with-.-or-000-within-labels.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0082-Tweaks-to-previous-DNS-label-charset-commit.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0083-Logs-in-DHCPv6-not-suppressed-by-dhcp6-quiet.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0084-Make-get-version-work-when-repo-is-a-git-submodule.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0085-Fix-argument-order-botch-which-broke-DNSSEC-for-TCP-.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0086-Don-t-remove-RRSIG-RR-from-answers-to-ANY-queries-wh.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0087-Constify-some-DHCP-lease-management-functions.patch cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq-Add-support-to-read-ISC-DHCP-lease-file.patch cd $(DIR_APP) && sed -i src/config.h \ -e 's|/\* #define HAVE_IDN \*/|#define HAVE_IDN|g' \ diff --git a/lfs/glibc b/lfs/glibc index 11d374e3b..4ec71a788 100644 --- a/lfs/glibc +++ b/lfs/glibc @@ -283,6 +283,8 @@ endif cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc/glibc-rh1154563.patch cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc/glibc-rh1170121.patch cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc/glibc-rh1183533.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc/glibc-rh1207995.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc/glibc-rh1209375.patch cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-resolv-stack_chk_fail.patch cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-remove-ctors-dtors-output-sections.patch diff --git a/lfs/linux b/lfs/linux index 8b4f94112..a68dda73e 100644 --- a/lfs/linux +++ b/lfs/linux @@ -24,11 +24,11 @@ include Config -VER = 3.14.39 +VER = 3.14.40 -RPI_PATCHES = 3.14.39-grsec-ipfire1 -A7M_PATCHES = 3.14.39-grsec-ipfire1 -GRS_PATCHES = grsecurity-3.1-3.14.39-201504190814.patch.xz +RPI_PATCHES = 3.14.40-grsec-ipfire1 +A7M_PATCHES = 3.14.40-grsec-ipfire1 +GRS_PATCHES = grsecurity-3.1-3.14.40-201504290821.patch.xz THISAPP = linux-$(VER) DL_FILE = linux-$(VER).tar.xz @@ -77,10 +77,10 @@ rpi-patches-$(RPI_PATCHES).patch.xz = $(URL_IPFIRE)/rpi-patches-$(RPI_PATCHES). arm7-multi-patches-$(A7M_PATCHES).patch.xz = $(URL_IPFIRE)/arm7-multi-patches-$(A7M_PATCHES).patch.xz $(GRS_PATCHES) = $(URL_IPFIRE)/$(GRS_PATCHES) -$(DL_FILE)_MD5 = 3581855d0dbfcbe1140dfcd1406d0a91 -rpi-patches-$(RPI_PATCHES).patch.xz_MD5 = 5056304af0a199194abd0bcb00015f28 +$(DL_FILE)_MD5 = 8a66901cdcce5b2650672af41ad4a9fd +rpi-patches-$(RPI_PATCHES).patch.xz_MD5 = 375dc501711ff3ffeffdfc9848675d26 arm7-multi-patches-$(A7M_PATCHES).patch.xz_MD5 = a4a4103255e93bfcb02652212b0ae3fc -$(GRS_PATCHES)_MD5 = 2121d0bf825da9ff6321e2940f247c5e +$(GRS_PATCHES)_MD5 = 52d5d8dae26f4c1fd1c8d67268260bdd install : $(TARGET) diff --git a/lfs/openssl b/lfs/openssl index 9cc1b4b0f..455dcf15c 100644 --- a/lfs/openssl +++ b/lfs/openssl @@ -33,7 +33,16 @@ DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP)$(KCFG) +ifneq "$(KCFG)" "-sse2" CFLAGS += -DPURIFY +else +CFLAGS =-O2 -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fPIC +CFLAGS+= -fstack-protector-all --param=ssp-buffer-size=4 +CFLAGS+= -march=i686 -mmmx -msse -msse2 -mfpmath=sse +CFLAGS+= -fomit-frame-pointer -DPURIFY +CXXFLAGS="${CFLAGS}" +endif + export RPM_OPT_FLAGS = $(CFLAGS) CONFIGURE_OPTIONS = \ @@ -108,6 +117,12 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.1m-weak-ciphers.patch cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-disable-sslv2-sslv3.patch + # i586 specific patches +ifeq "$(MACHINE)" "i586" + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.2a_auto_enable_padlock.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.2a_disable_ssse3_for_amd.patch +endif + # Apply our CFLAGS cd $(DIR_APP) && sed -i Configure \ -e "s/-O3 -fomit-frame-pointer/$(CFLAGS)/g" @@ -123,7 +138,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) ifeq "$(KCFG)" "-sse2" -mkdir -pv /usr/lib/sse2 cd $(DIR_APP) && install -m 755 \ - libcrypto.so.10 libssl.so.10 /usr/lib/sse2 + libcrypto.so.10 /usr/lib/sse2 else # Install everything. cd $(DIR_APP) && make install diff --git a/lfs/strongswan b/lfs/strongswan index 1de432005..f227bba66 100644 --- a/lfs/strongswan +++ b/lfs/strongswan @@ -78,6 +78,7 @@ $(subst %,%_MD5,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/strongswan-5.3.0-stroke-Increase-stroke-buffer-size-to-8k.patch cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/strongswan-ipfire.patch cd $(DIR_APP) && [ -x "configure" ] || ./autogen.sh diff --git a/lfs/tzdata b/lfs/tzdata index 11dc03f3d..dfb54e663 100644 --- a/lfs/tzdata +++ b/lfs/tzdata @@ -24,7 +24,7 @@ include Config -VER = 2015a +VER = 2015d TZDATA_VER = $(VER) TZCODE_VER = $(VER) @@ -45,8 +45,8 @@ objects = tzdata$(TZDATA_VER).tar.gz tzcode$(TZCODE_VER).tar.gz tzdata$(TZDATA_VER).tar.gz = $(DL_FROM)/tzdata$(TZDATA_VER).tar.gz tzcode$(TZCODE_VER).tar.gz = $(DL_FROM)/tzcode$(TZCODE_VER).tar.gz -tzdata$(TZDATA_VER).tar.gz_MD5 = 4ed11c894a74a5ea64201b1c6dbb8831 -tzcode$(TZCODE_VER).tar.gz_MD5 = 8f375ede46ae137fbac047ac431bda37 +tzdata$(TZDATA_VER).tar.gz_MD5 = b595bdc4474b8fc1a15cffc67c66025b +tzcode$(TZCODE_VER).tar.gz_MD5 = 4008a3abc025a398697b2587c48258b9 install : $(TARGET) diff --git a/lfs/xz b/lfs/xz index fce71598b..c1d3ef789 100644 --- a/lfs/xz +++ b/lfs/xz @@ -24,7 +24,7 @@ include Config -VER = 5.0.5 +VER = 5.2.1 THISAPP = xz-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -47,7 +47,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = aa17280f4521dbeebed0fbd11cd7fa30 +$(DL_FILE)_MD5 = b5e2dd95dc8498cea5354377ed89aa65 install : $(TARGET) diff --git a/make.sh b/make.sh index db40b563e..26f9d4217 100755 --- a/make.sh +++ b/make.sh @@ -978,7 +978,7 @@ build) cd $BASEDIR tools/checknewlog.pl - tools/checkwronginitlinks + tools/checkrootfiles cd $PWD beautify build_end diff --git a/src/misc-progs/Makefile b/src/misc-progs/Makefile index 43e6a9081..e4bf04972 100644 --- a/src/misc-progs/Makefile +++ b/src/misc-progs/Makefile @@ -31,7 +31,7 @@ SUID_PROGS = squidctrl sshctrl ipfirereboot \ redctrl syslogdctrl extrahdctrl sambactrl upnpctrl tripwirectrl \ smartctrl clamavctrl addonctrl pakfire mpfirectrl wlanapctrl \ setaliases urlfilterctrl updxlratorctrl fireinfoctrl rebuildroutes \ - getconntracktable wirelessclient dnsmasqctrl torctrl + getconntracktable wirelessclient dnsmasqctrl torctrl ddnsctrl SUID_UPDX = updxsetperms OBJS = $(patsubst %,%.o,$(PROGS) $(SUID_PROGS)) diff --git a/src/misc-progs/ddnsctrl.c b/src/misc-progs/ddnsctrl.c new file mode 100644 index 000000000..7c4103322 --- /dev/null +++ b/src/misc-progs/ddnsctrl.c @@ -0,0 +1,37 @@ +/* This file is part of the IPFire Firewall. +* +* This program is distributed under the terms of the GNU General Public +* Licence. See the file COPYING for details. +* +*/ + +#include +#include +#include +#include + +#include "setuid.h" + +const char *conffile = "/var/ipfire/ddns/ddns.conf"; + +int main(int argc, char *argv[]) { + char cmd[STRING_SIZE]; + + if (!(initsetuid())) + exit(1); + + if (argc < 2) { + fprintf(stderr, "\nNo argument given.\n\nddnsctrl (update-all)\n\n"); + exit(1); + } + + if (strcmp(argv[1], "update-all") == 0) { + snprintf(cmd, sizeof(cmd), "/usr/bin/ddns --config %s update-all >/dev/null 2>&1", conffile); + safe_system(cmd); + } else { + fprintf(stderr, "\nBad argument given.\n\nddnsctrl (update-all)\n\n"); + exit(1); + } + + return 0; +} diff --git a/src/patches/ddns/001-ddns-007-perform-lazy-database-init.patch b/src/patches/ddns/001-ddns-007-perform-lazy-database-init.patch new file mode 100644 index 000000000..c9b893e58 --- /dev/null +++ b/src/patches/ddns/001-ddns-007-perform-lazy-database-init.patch @@ -0,0 +1,89 @@ +commit 63e16feedea3639ef1f21fecbff9ed2ae256728b +Author: Michael Tremer +Date: Sat Apr 25 13:18:07 2015 +0200 + + Perform lazy initialization of the database + + The database will only be initialized when it is actually + needed. That makes starting up ddns a bit faster and allows + us to execute it as non-root for simple commands like + "list-providers". + + If the database path is not writable at all, the database + feature is disable and an error message is logged. This + will hopefully help us to perform the DNS update even when + there is a local misconfiguration. + +diff --git a/src/ddns/database.py b/src/ddns/database.py +index 5d4ffc9..42c3433 100644 +--- a/src/ddns/database.py ++++ b/src/ddns/database.py +@@ -20,7 +20,7 @@ + ############################################################################### + + import datetime +-import os.path ++import os + import sqlite3 + + # Initialize the logger. +@@ -31,9 +31,11 @@ logger.propagate = 1 + class DDNSDatabase(object): + def __init__(self, core, path): + self.core = core ++ self.path = path + +- # Open the database file +- self._db = self._open_database(path) ++ # We won't open the connection to the database directly ++ # so that we do not do it unnecessarily. ++ self._db = None + + def __del__(self): + self._close_database() +@@ -46,7 +48,7 @@ class DDNSDatabase(object): + conn = sqlite3.connect(path, detect_types=sqlite3.PARSE_DECLTYPES|sqlite3.PARSE_COLNAMES) + conn.isolation_level = None + +- if not exists: ++ if not exists and self.is_writable(): + logger.debug("Initialising database layout") + c = conn.cursor() + c.executescript(""" +@@ -68,12 +70,25 @@ class DDNSDatabase(object): + + return conn + ++ def is_writable(self): ++ # Check if the database file exists and is writable. ++ ret = os.access(self.path, os.W_OK) ++ if ret: ++ return True ++ ++ # If not, we check if we are able to write to the directory. ++ # In that case the database file will be created in _open_database(). ++ return os.access(os.path.dirname(self.path), os.W_OK) ++ + def _close_database(self): + if self._db: + self._db_close() + self._db = None + + def _execute(self, query, *parameters): ++ if self._db is None: ++ self._db = self._open_database(self.path) ++ + c = self._db.cursor() + try: + c.execute(query, parameters) +@@ -81,6 +96,10 @@ class DDNSDatabase(object): + c.close() + + def add_update(self, hostname, status, message=None): ++ if not self.is_writable(): ++ logger.warning("Could not log any updates because the database is not writable") ++ return ++ + self._execute("INSERT INTO updates(hostname, status, message, timestamp) \ + VALUES(?, ?, ?, ?)", hostname, status, message, datetime.datetime.utcnow()) + diff --git a/src/patches/ddns/002-ddns-007-also-open-database-for-search-operations.patch b/src/patches/ddns/002-ddns-007-also-open-database-for-search-operations.patch new file mode 100644 index 000000000..19534f3b8 --- /dev/null +++ b/src/patches/ddns/002-ddns-007-also-open-database-for-search-operations.patch @@ -0,0 +1,40 @@ +commit f62fa5baffe2d225604460ecd03b8159b987df8f +Author: Michael Tremer +Date: Sun Apr 26 20:15:33 2015 +0200 + + database: Open database for the search operations, too + +diff --git a/src/ddns/database.py b/src/ddns/database.py +index 42c3433..70a7363 100644 +--- a/src/ddns/database.py ++++ b/src/ddns/database.py +@@ -122,6 +122,9 @@ class DDNSDatabase(object): + """ + Returns the timestamp of the last update (with the given status code). + """ ++ if self._db is None: ++ self._db = self._open_database(self.path) ++ + c = self._db.cursor() + + try: +@@ -141,6 +144,9 @@ class DDNSDatabase(object): + """ + Returns the update status of the last update. + """ ++ if self._db is None: ++ self._db = self._open_database(self.path) ++ + c = self._db.cursor() + + try: +@@ -156,6 +162,9 @@ class DDNSDatabase(object): + """ + Returns the reason string for the last failed update (if any). + """ ++ if self._db is None: ++ self._db = self._open_database(self.path) ++ + c = self._db.cursor() + + try: diff --git a/src/patches/ddns/ddns-005-Add-changeip-com.patch b/src/patches/ddns/ddns-005-Add-changeip-com.patch deleted file mode 100644 index 15bcd468f..000000000 --- a/src/patches/ddns/ddns-005-Add-changeip-com.patch +++ /dev/null @@ -1,85 +0,0 @@ -commit 78046ffe2187d91c61d6c2f910249b8a5be71b08 -Author: Stefan Schantl -Date: Wed Oct 22 21:39:09 2014 +0200 - - Add changeip.com as new provider. - - Fixes #10639. - -diff --git a/README b/README -index 5944102..6a06f4b 100644 ---- a/README -+++ b/README -@@ -49,6 +49,7 @@ INSTALLATION: - - SUPPORTED PROVIDERS: - all-inkl.com -+ changeip.com - dhs.org - dns.lightningwirelabs.com - dnspark.com -diff --git a/ddns.conf.sample b/ddns.conf.sample -index d3ac53f..0048a46 100644 ---- a/ddns.conf.sample -+++ b/ddns.conf.sample -@@ -30,6 +30,11 @@ - # secret = XYZ - # ttl = 60 - -+# [test.changeip.com] -+# provider = changeip.com -+# username = user -+# password = pass -+ - # [test.dhs.org] - # provider = dhs.org - # username = user -diff --git a/src/ddns/providers.py b/src/ddns/providers.py -index 1e88995..587d5ff 100644 ---- a/src/ddns/providers.py -+++ b/src/ddns/providers.py -@@ -539,6 +539,44 @@ class DDNSProviderBindNsupdate(DDNSProvider): - return "\n".join(scriptlet) - - -+class DDNSProviderChangeIP(DDNSProvider): -+ handle = "changeip.com" -+ name = "ChangeIP.com" -+ website = "https://changeip.com" -+ protocols = ("ipv4",) -+ -+ # Detailed information about the update api can be found here. -+ # http://www.changeip.com/accounts/knowledgebase.php?action=displayarticle&id=34 -+ -+ url = "https://nic.changeip.com/nic/update" -+ can_remove_records = False -+ -+ def update_protocol(self, proto): -+ data = { -+ "hostname" : self.hostname, -+ "myip" : self.get_address(proto), -+ } -+ -+ # Send update to the server. -+ try: -+ response = self.send_request(self.url, username=self.username, password=self.password, -+ data=data) -+ -+ # Handle error codes. -+ except urllib2.HTTPError, e: -+ if e.code == 422: -+ raise DDNSRequestError(_("Domain not found.")) -+ -+ raise -+ -+ # Handle success message. -+ if response.code == 200: -+ return -+ -+ # If we got here, some other update error happened. -+ raise DDNSUpdateError(_("Server response: %s") % output) -+ -+ - class DDNSProviderDHS(DDNSProvider): - handle = "dhs.org" - name = "DHS International" diff --git a/src/patches/ddns/ddns-005-SPDNS-fix-auth.patch b/src/patches/ddns/ddns-005-SPDNS-fix-auth.patch deleted file mode 100644 index 1d91baa59..000000000 --- a/src/patches/ddns/ddns-005-SPDNS-fix-auth.patch +++ /dev/null @@ -1,23 +0,0 @@ -commit 25f39b4e437627bd1a49393280271d59ad28b86e -Author: Stefan Schantl -Date: Mon Jan 5 21:37:55 2015 +0100 - - spdns.de: Fix authentication. - - There was a simple copy and paste issue which prevents a - correct authentication with username and password against the - providers API. - -diff --git a/src/ddns/providers.py b/src/ddns/providers.py -index 587d5ff..bcfb088 100644 ---- a/src/ddns/providers.py -+++ b/src/ddns/providers.py -@@ -1271,7 +1271,7 @@ class DDNSProviderSPDNS(DDNSProtocolDynDNS2, DDNSProvider): - - @property - def password(self): -- return self.get("username") or self.token -+ return self.get("password") or self.token - - - class DDNSProviderStrato(DDNSProtocolDynDNS2, DDNSProvider): diff --git a/src/patches/dnsmasq/0001-Add-newline-at-the-end-of-example-config-file.patch b/src/patches/dnsmasq/0001-Add-newline-at-the-end-of-example-config-file.patch index a9d5a9295..1d6a65783 100644 --- a/src/patches/dnsmasq/0001-Add-newline-at-the-end-of-example-config-file.patch +++ b/src/patches/dnsmasq/0001-Add-newline-at-the-end-of-example-config-file.patch @@ -1,7 +1,7 @@ From f2658275b25ebfe691cdcb9fede85a3088cca168 Mon Sep 17 00:00:00 2001 From: Simon Kelley Date: Thu, 25 Sep 2014 21:51:25 +0100 -Subject: [PATCH 01/78] Add newline at the end of example config file. +Subject: [PATCH 01/87] Add newline at the end of example config file. --- dnsmasq.conf.example | 2 +- diff --git a/src/patches/dnsmasq/0002-crash-at-startup-when-an-empty-suffix-is-supplied-to.patch b/src/patches/dnsmasq/0002-crash-at-startup-when-an-empty-suffix-is-supplied-to.patch index a4041ea12..54a36a732 100644 --- a/src/patches/dnsmasq/0002-crash-at-startup-when-an-empty-suffix-is-supplied-to.patch +++ b/src/patches/dnsmasq/0002-crash-at-startup-when-an-empty-suffix-is-supplied-to.patch @@ -1,7 +1,7 @@ From 00cd9d551998307225312fd21f761cfa8868bd2c Mon Sep 17 00:00:00 2001 From: Simon Kelley Date: Thu, 2 Oct 2014 21:44:21 +0100 -Subject: [PATCH 02/78] crash at startup when an empty suffix is supplied to +Subject: [PATCH 02/87] crash at startup when an empty suffix is supplied to --conf-dir --- diff --git a/src/patches/dnsmasq/0003-Debian-build-fixes-for-kFreeBSD.patch b/src/patches/dnsmasq/0003-Debian-build-fixes-for-kFreeBSD.patch index ca623408f..eda968542 100644 --- a/src/patches/dnsmasq/0003-Debian-build-fixes-for-kFreeBSD.patch +++ b/src/patches/dnsmasq/0003-Debian-build-fixes-for-kFreeBSD.patch @@ -1,7 +1,7 @@ From 6ac3bc0452a74e16e3d620a0757b0f8caab182ec Mon Sep 17 00:00:00 2001 From: Simon Kelley Date: Fri, 3 Oct 2014 08:48:11 +0100 -Subject: [PATCH 03/78] Debian build fixes for kFreeBSD +Subject: [PATCH 03/87] Debian build fixes for kFreeBSD --- src/tables.c | 6 +++++- diff --git a/src/patches/dnsmasq/0004-Set-conntrack-mark-before-connect-call.patch b/src/patches/dnsmasq/0004-Set-conntrack-mark-before-connect-call.patch index 2504e62e9..6374fefbd 100644 --- a/src/patches/dnsmasq/0004-Set-conntrack-mark-before-connect-call.patch +++ b/src/patches/dnsmasq/0004-Set-conntrack-mark-before-connect-call.patch @@ -1,7 +1,7 @@ From e9828b6f66b22ce8873f8d30a773137d1aef1b92 Mon Sep 17 00:00:00 2001 From: Karl Vogel Date: Fri, 3 Oct 2014 21:45:15 +0100 -Subject: [PATCH 04/78] Set conntrack mark before connect() call. +Subject: [PATCH 04/87] Set conntrack mark before connect() call. SO_MARK has to be done before issuing the connect() call on the TCP socket. diff --git a/src/patches/dnsmasq/0005-Fix-typo-in-new-Dbus-code.patch b/src/patches/dnsmasq/0005-Fix-typo-in-new-Dbus-code.patch index bec87bcf1..6052d454f 100644 --- a/src/patches/dnsmasq/0005-Fix-typo-in-new-Dbus-code.patch +++ b/src/patches/dnsmasq/0005-Fix-typo-in-new-Dbus-code.patch @@ -1,7 +1,7 @@ From 17b475912f6a4e72797a543dad59d4d5dde6bb1b Mon Sep 17 00:00:00 2001 From: Daniel Collins Date: Fri, 3 Oct 2014 21:58:43 +0100 -Subject: [PATCH 05/78] Fix typo in new Dbus code. +Subject: [PATCH 05/87] Fix typo in new Dbus code. Simon's fault. --- diff --git a/src/patches/dnsmasq/0006-Fit-example-conf-file-typo.patch b/src/patches/dnsmasq/0006-Fit-example-conf-file-typo.patch index 6b5345f72..d7a0207b7 100644 --- a/src/patches/dnsmasq/0006-Fit-example-conf-file-typo.patch +++ b/src/patches/dnsmasq/0006-Fit-example-conf-file-typo.patch @@ -1,7 +1,7 @@ From 3d9d2dd0018603a2ae4b9cd65ac6ff959f4fd8c7 Mon Sep 17 00:00:00 2001 From: Tomas Hozza Date: Mon, 6 Oct 2014 10:46:48 +0100 -Subject: [PATCH 06/78] Fit example conf file typo. +Subject: [PATCH 06/87] Fit example conf file typo. --- dnsmasq.conf.example | 2 +- diff --git a/src/patches/dnsmasq/0007-Improve-RFC-compliance-when-unable-to-supply-address.patch b/src/patches/dnsmasq/0007-Improve-RFC-compliance-when-unable-to-supply-address.patch index ffad3b256..81e67b1a0 100644 --- a/src/patches/dnsmasq/0007-Improve-RFC-compliance-when-unable-to-supply-address.patch +++ b/src/patches/dnsmasq/0007-Improve-RFC-compliance-when-unable-to-supply-address.patch @@ -1,7 +1,7 @@ From b9ff5c8f435173cfa616e3c398bdc089ef690a07 Mon Sep 17 00:00:00 2001 From: Vladislav Grishenko Date: Mon, 6 Oct 2014 14:34:24 +0100 -Subject: [PATCH 07/78] Improve RFC-compliance when unable to supply addresses +Subject: [PATCH 07/87] Improve RFC-compliance when unable to supply addresses in DHCPv6 While testing https://github.com/sbyx/odhcp6c client I have noticed it diff --git a/src/patches/dnsmasq/0008-Fix-conntrack-with-bind-interfaces.patch b/src/patches/dnsmasq/0008-Fix-conntrack-with-bind-interfaces.patch index 671a70e2c..a0706ba6e 100644 --- a/src/patches/dnsmasq/0008-Fix-conntrack-with-bind-interfaces.patch +++ b/src/patches/dnsmasq/0008-Fix-conntrack-with-bind-interfaces.patch @@ -1,7 +1,7 @@ From 98906275a02ae260fe3f82133bd79054f8315f06 Mon Sep 17 00:00:00 2001 From: Hans Dedecker Date: Tue, 9 Dec 2014 22:22:53 +0000 -Subject: [PATCH 08/78] Fix conntrack with --bind-interfaces +Subject: [PATCH 08/87] Fix conntrack with --bind-interfaces Make sure dst_addr is assigned the correct address in receive_query when OPTNOWILD is enabled so the assigned mark can be correctly retrieved and set in forward_query when diff --git a/src/patches/dnsmasq/0009-Use-inotify-instead-of-polling-on-Linux.patch b/src/patches/dnsmasq/0009-Use-inotify-instead-of-polling-on-Linux.patch index e9c51f81c..28dae8c2d 100644 --- a/src/patches/dnsmasq/0009-Use-inotify-instead-of-polling-on-Linux.patch +++ b/src/patches/dnsmasq/0009-Use-inotify-instead-of-polling-on-Linux.patch @@ -1,7 +1,7 @@ From 193de4abf59e49c6b70d54cfe9720fcb95ca2f71 Mon Sep 17 00:00:00 2001 From: Simon Kelley Date: Wed, 10 Dec 2014 17:32:16 +0000 -Subject: [PATCH 09/78] Use inotify instead of polling on Linux. +Subject: [PATCH 09/87] Use inotify instead of polling on Linux. This should solve problems people are seeing when a file changes twice within a second and thus is missed for polling. diff --git a/src/patches/dnsmasq/0010-Teach-the-new-inotify-code-about-symlinks.patch b/src/patches/dnsmasq/0010-Teach-the-new-inotify-code-about-symlinks.patch index 2f8574e5d..34dbf3a14 100644 --- a/src/patches/dnsmasq/0010-Teach-the-new-inotify-code-about-symlinks.patch +++ b/src/patches/dnsmasq/0010-Teach-the-new-inotify-code-about-symlinks.patch @@ -1,7 +1,7 @@ From 857973e6f7e0a3d03535a9df7f9373fd7a0b65cc Mon Sep 17 00:00:00 2001 From: Simon Kelley Date: Mon, 15 Dec 2014 15:58:13 +0000 -Subject: [PATCH 10/78] Teach the new inotify code about symlinks. +Subject: [PATCH 10/87] Teach the new inotify code about symlinks. --- src/inotify.c | 43 +++++++++++++++++++++++++++---------------- diff --git a/src/patches/dnsmasq/0011-Remove-floor-on-EDNS0-packet-size-with-DNSSEC.patch b/src/patches/dnsmasq/0011-Remove-floor-on-EDNS0-packet-size-with-DNSSEC.patch index 66b63312d..b7c670fca 100644 --- a/src/patches/dnsmasq/0011-Remove-floor-on-EDNS0-packet-size-with-DNSSEC.patch +++ b/src/patches/dnsmasq/0011-Remove-floor-on-EDNS0-packet-size-with-DNSSEC.patch @@ -1,7 +1,7 @@ From 800c5cc1e7438818fd80f08c2d472df249a6942d Mon Sep 17 00:00:00 2001 From: Simon Kelley Date: Mon, 15 Dec 2014 17:50:15 +0000 -Subject: [PATCH 11/78] Remove floor on EDNS0 packet size with DNSSEC. +Subject: [PATCH 11/87] Remove floor on EDNS0 packet size with DNSSEC. --- CHANGELOG | 6 +++++- diff --git a/src/patches/dnsmasq/0012-CHANGELOG-re.-inotify.patch b/src/patches/dnsmasq/0012-CHANGELOG-re.-inotify.patch index 3df5076c1..8dbf7bdc9 100644 --- a/src/patches/dnsmasq/0012-CHANGELOG-re.-inotify.patch +++ b/src/patches/dnsmasq/0012-CHANGELOG-re.-inotify.patch @@ -1,7 +1,7 @@ From ad946d555dce44eb690c7699933b6ff40ab85bb6 Mon Sep 17 00:00:00 2001 From: Simon Kelley Date: Mon, 15 Dec 2014 17:52:22 +0000 -Subject: [PATCH 12/78] CHANGELOG re. inotify. +Subject: [PATCH 12/87] CHANGELOG re. inotify. --- CHANGELOG | 4 ++++ diff --git a/src/patches/dnsmasq/0013-Fix-breakage-of-domain-domain-subnet-local.patch b/src/patches/dnsmasq/0013-Fix-breakage-of-domain-domain-subnet-local.patch index c80a3a2d7..c102b72f7 100644 --- a/src/patches/dnsmasq/0013-Fix-breakage-of-domain-domain-subnet-local.patch +++ b/src/patches/dnsmasq/0013-Fix-breakage-of-domain-domain-subnet-local.patch @@ -1,7 +1,7 @@ From 3ad3f3bbd4ee716a7d2fb1e115cf89bd1b1a5de9 Mon Sep 17 00:00:00 2001 From: Simon Kelley Date: Tue, 16 Dec 2014 18:25:17 +0000 -Subject: [PATCH 13/78] Fix breakage of --domain=,,local +Subject: [PATCH 13/87] Fix breakage of --domain=,,local --- CHANGELOG | 4 ++++ diff --git a/src/patches/dnsmasq/0014-Remove-redundant-IN6_IS_ADDR_ULA-a-macro-defn.patch b/src/patches/dnsmasq/0014-Remove-redundant-IN6_IS_ADDR_ULA-a-macro-defn.patch index e3221682b..8d8182569 100644 --- a/src/patches/dnsmasq/0014-Remove-redundant-IN6_IS_ADDR_ULA-a-macro-defn.patch +++ b/src/patches/dnsmasq/0014-Remove-redundant-IN6_IS_ADDR_ULA-a-macro-defn.patch @@ -1,7 +1,7 @@ From bd9520b7ade7098ee423acc38965376aa57feb07 Mon Sep 17 00:00:00 2001 From: Simon Kelley Date: Tue, 16 Dec 2014 20:41:29 +0000 -Subject: [PATCH 14/78] Remove redundant IN6_IS_ADDR_ULA(a) macro defn. +Subject: [PATCH 14/87] Remove redundant IN6_IS_ADDR_ULA(a) macro defn. --- src/network.c | 4 ---- diff --git a/src/patches/dnsmasq/0015-Eliminate-IPv6-privacy-addresses-from-interface-name.patch b/src/patches/dnsmasq/0015-Eliminate-IPv6-privacy-addresses-from-interface-name.patch index afa5f0fe9..9544a167d 100644 --- a/src/patches/dnsmasq/0015-Eliminate-IPv6-privacy-addresses-from-interface-name.patch +++ b/src/patches/dnsmasq/0015-Eliminate-IPv6-privacy-addresses-from-interface-name.patch @@ -1,7 +1,7 @@ From 476693678e778886b64d0b56e27eb7695cbcca99 Mon Sep 17 00:00:00 2001 From: Simon Kelley Date: Wed, 17 Dec 2014 12:41:56 +0000 -Subject: [PATCH 15/78] Eliminate IPv6 privacy addresses from --interface-name +Subject: [PATCH 15/87] Eliminate IPv6 privacy addresses from --interface-name answers. --- diff --git a/src/patches/dnsmasq/0016-Tweak-field-width-in-cache-dump-to-avoid-truncating-.patch b/src/patches/dnsmasq/0016-Tweak-field-width-in-cache-dump-to-avoid-truncating-.patch index e669a50df..9fb6efb83 100644 --- a/src/patches/dnsmasq/0016-Tweak-field-width-in-cache-dump-to-avoid-truncating-.patch +++ b/src/patches/dnsmasq/0016-Tweak-field-width-in-cache-dump-to-avoid-truncating-.patch @@ -1,7 +1,7 @@ From 3267804598047bd1781cab91508d1bc516e5ddbb Mon Sep 17 00:00:00 2001 From: Simon Kelley Date: Wed, 17 Dec 2014 20:38:20 +0000 -Subject: [PATCH 16/78] Tweak field width in cache dump to avoid truncating +Subject: [PATCH 16/87] Tweak field width in cache dump to avoid truncating IPv6 addresses. --- diff --git a/src/patches/dnsmasq/0017-Fix-crash-in-DNSSEC-code-when-attempting-to-verify-l.patch b/src/patches/dnsmasq/0017-Fix-crash-in-DNSSEC-code-when-attempting-to-verify-l.patch index 2fe233dd7..45370a6fe 100644 --- a/src/patches/dnsmasq/0017-Fix-crash-in-DNSSEC-code-when-attempting-to-verify-l.patch +++ b/src/patches/dnsmasq/0017-Fix-crash-in-DNSSEC-code-when-attempting-to-verify-l.patch @@ -1,7 +1,7 @@ From 094b5c3d904bae9aeb3206d9f3b8348926b84975 Mon Sep 17 00:00:00 2001 From: Simon Kelley Date: Sun, 21 Dec 2014 16:11:52 +0000 -Subject: [PATCH 17/78] Fix crash in DNSSEC code when attempting to verify +Subject: [PATCH 17/87] Fix crash in DNSSEC code when attempting to verify large RRs. --- diff --git a/src/patches/dnsmasq/0018-Make-caching-work-for-CNAMEs-pointing-to-A-AAAA-reco.patch b/src/patches/dnsmasq/0018-Make-caching-work-for-CNAMEs-pointing-to-A-AAAA-reco.patch index 2ec47e67a..11e517853 100644 --- a/src/patches/dnsmasq/0018-Make-caching-work-for-CNAMEs-pointing-to-A-AAAA-reco.patch +++ b/src/patches/dnsmasq/0018-Make-caching-work-for-CNAMEs-pointing-to-A-AAAA-reco.patch @@ -1,7 +1,7 @@ From cbc652423403e3cef00e00240f6beef713142246 Mon Sep 17 00:00:00 2001 From: Simon Kelley Date: Sun, 21 Dec 2014 21:21:53 +0000 -Subject: [PATCH 18/78] Make caching work for CNAMEs pointing to A/AAAA records +Subject: [PATCH 18/87] Make caching work for CNAMEs pointing to A/AAAA records shadowed in /etc/hosts If the answer to an upstream query is a CNAME which points to an diff --git a/src/patches/dnsmasq/0019-Fix-problems-validating-NSEC3-and-wildcards.patch b/src/patches/dnsmasq/0019-Fix-problems-validating-NSEC3-and-wildcards.patch index 7e6f821cf..4fe15f093 100644 --- a/src/patches/dnsmasq/0019-Fix-problems-validating-NSEC3-and-wildcards.patch +++ b/src/patches/dnsmasq/0019-Fix-problems-validating-NSEC3-and-wildcards.patch @@ -1,7 +1,7 @@ From fbc5205702c7f6f431d9f1043c553d7fb62ddfdb Mon Sep 17 00:00:00 2001 From: Simon Kelley Date: Tue, 23 Dec 2014 15:46:08 +0000 -Subject: [PATCH 19/78] Fix problems validating NSEC3 and wildcards. +Subject: [PATCH 19/87] Fix problems validating NSEC3 and wildcards. --- src/dnssec.c | 253 ++++++++++++++++++++++++++++++----------------------------- diff --git a/src/patches/dnsmasq/0020-Initialise-return-value.patch b/src/patches/dnsmasq/0020-Initialise-return-value.patch index 362c59637..cfa39ce27 100644 --- a/src/patches/dnsmasq/0020-Initialise-return-value.patch +++ b/src/patches/dnsmasq/0020-Initialise-return-value.patch @@ -1,7 +1,7 @@ From 83d2ed09fc0216b567d7fb2197e4ff3eae150b0d Mon Sep 17 00:00:00 2001 From: Simon Kelley Date: Tue, 23 Dec 2014 18:42:38 +0000 -Subject: [PATCH 20/78] Initialise return value. +Subject: [PATCH 20/87] Initialise return value. --- src/dnssec.c | 7 +++++-- diff --git a/src/patches/dnsmasq/0021-Add-ignore-address-option.patch b/src/patches/dnsmasq/0021-Add-ignore-address-option.patch index b8ef47d60..d3fda4b7e 100644 --- a/src/patches/dnsmasq/0021-Add-ignore-address-option.patch +++ b/src/patches/dnsmasq/0021-Add-ignore-address-option.patch @@ -1,7 +1,7 @@ From 32fc6dbe03569d70dd394420ceb73532cf303c33 Mon Sep 17 00:00:00 2001 From: Glen Huang Date: Sat, 27 Dec 2014 15:28:12 +0000 -Subject: [PATCH 21/78] Add --ignore-address option. +Subject: [PATCH 21/87] Add --ignore-address option. --- CHANGELOG | 8 ++++++++ diff --git a/src/patches/dnsmasq/0022-Bad-packet-protection.patch b/src/patches/dnsmasq/0022-Bad-packet-protection.patch index 749195fe7..58ac5eb06 100644 --- a/src/patches/dnsmasq/0022-Bad-packet-protection.patch +++ b/src/patches/dnsmasq/0022-Bad-packet-protection.patch @@ -1,7 +1,7 @@ From 0b1008d367d44e77352134a4c5178f896f0db3e7 Mon Sep 17 00:00:00 2001 From: Simon Kelley Date: Sat, 27 Dec 2014 15:33:32 +0000 -Subject: [PATCH 22/78] Bad packet protection. +Subject: [PATCH 22/87] Bad packet protection. --- src/dnssec.c | 2 +- diff --git a/src/patches/dnsmasq/0023-Fix-build-failure-in-new-inotify-code-on-BSD.patch b/src/patches/dnsmasq/0023-Fix-build-failure-in-new-inotify-code-on-BSD.patch index 28fe61af9..ebfa6b15b 100644 --- a/src/patches/dnsmasq/0023-Fix-build-failure-in-new-inotify-code-on-BSD.patch +++ b/src/patches/dnsmasq/0023-Fix-build-failure-in-new-inotify-code-on-BSD.patch @@ -1,7 +1,7 @@ From d310ab7ecbffce79d3d90debba621e0222f9bced Mon Sep 17 00:00:00 2001 From: Matthias Andree Date: Sat, 27 Dec 2014 15:36:38 +0000 -Subject: [PATCH 23/78] Fix build failure in new inotify code on BSD. +Subject: [PATCH 23/87] Fix build failure in new inotify code on BSD. --- src/inotify.c | 4 ++-- diff --git a/src/patches/dnsmasq/0024-Implement-makefile-dependencies-on-COPTS-variable.patch b/src/patches/dnsmasq/0024-Implement-makefile-dependencies-on-COPTS-variable.patch index 31535dcbd..64219ff26 100644 --- a/src/patches/dnsmasq/0024-Implement-makefile-dependencies-on-COPTS-variable.patch +++ b/src/patches/dnsmasq/0024-Implement-makefile-dependencies-on-COPTS-variable.patch @@ -1,7 +1,7 @@ From 81c538efcebfce2ce4a1d3a420b6c885b8f08df9 Mon Sep 17 00:00:00 2001 From: Yousong Zhou Date: Sat, 3 Jan 2015 16:36:14 +0000 -Subject: [PATCH 24/78] Implement makefile dependencies on COPTS variable. +Subject: [PATCH 24/87] Implement makefile dependencies on COPTS variable. --- .gitignore | 2 +- diff --git a/src/patches/dnsmasq/0025-Fix-race-condition-issue-in-makefile.patch b/src/patches/dnsmasq/0025-Fix-race-condition-issue-in-makefile.patch index a99656da2..2297e6f2c 100644 --- a/src/patches/dnsmasq/0025-Fix-race-condition-issue-in-makefile.patch +++ b/src/patches/dnsmasq/0025-Fix-race-condition-issue-in-makefile.patch @@ -1,7 +1,7 @@ From d8dbd903d024f84a149dac2f8a674a68dfed47a3 Mon Sep 17 00:00:00 2001 From: Yousong Zhou Date: Mon, 5 Jan 2015 17:03:35 +0000 -Subject: [PATCH 25/78] Fix race condition issue in makefile. +Subject: [PATCH 25/87] Fix race condition issue in makefile. --- Makefile | 4 +++- diff --git a/src/patches/dnsmasq/0026-DNSSEC-do-top-down-search-for-limit-of-secure-delega.patch b/src/patches/dnsmasq/0026-DNSSEC-do-top-down-search-for-limit-of-secure-delega.patch index e0c8374ab..6fb5db124 100644 --- a/src/patches/dnsmasq/0026-DNSSEC-do-top-down-search-for-limit-of-secure-delega.patch +++ b/src/patches/dnsmasq/0026-DNSSEC-do-top-down-search-for-limit-of-secure-delega.patch @@ -1,7 +1,7 @@ From 97e618a0e3f29465acc689d87288596b006f197e Mon Sep 17 00:00:00 2001 From: Simon Kelley Date: Wed, 7 Jan 2015 21:55:43 +0000 -Subject: [PATCH 26/78] DNSSEC: do top-down search for limit of secure +Subject: [PATCH 26/87] DNSSEC: do top-down search for limit of secure delegation. --- diff --git a/src/patches/dnsmasq/0027-Add-log-queries-extra-option-for-more-complete-loggi.patch b/src/patches/dnsmasq/0027-Add-log-queries-extra-option-for-more-complete-loggi.patch index 8812bbabf..41e3649f5 100644 --- a/src/patches/dnsmasq/0027-Add-log-queries-extra-option-for-more-complete-loggi.patch +++ b/src/patches/dnsmasq/0027-Add-log-queries-extra-option-for-more-complete-loggi.patch @@ -1,7 +1,7 @@ From 25cf5e373eb41c088d4ee5e625209c4cf6a5659e Mon Sep 17 00:00:00 2001 From: Simon Kelley Date: Fri, 9 Jan 2015 15:53:03 +0000 -Subject: [PATCH 27/78] Add --log-queries=extra option for more complete +Subject: [PATCH 27/87] Add --log-queries=extra option for more complete logging. --- diff --git a/src/patches/dnsmasq/0028-Add-min-cache-ttl-option.patch b/src/patches/dnsmasq/0028-Add-min-cache-ttl-option.patch index 2f6099536..85de912de 100644 --- a/src/patches/dnsmasq/0028-Add-min-cache-ttl-option.patch +++ b/src/patches/dnsmasq/0028-Add-min-cache-ttl-option.patch @@ -1,7 +1,7 @@ From 28de38768e2c7d763b9aa5b7a4d251d5e56bab0b Mon Sep 17 00:00:00 2001 From: RinSatsuki Date: Sat, 10 Jan 2015 15:22:21 +0000 -Subject: [PATCH 28/78] Add --min-cache-ttl option. +Subject: [PATCH 28/87] Add --min-cache-ttl option. --- CHANGELOG | 7 +++++++ diff --git a/src/patches/dnsmasq/0029-Log-port-of-requestor-when-doing-extra-logging.patch b/src/patches/dnsmasq/0029-Log-port-of-requestor-when-doing-extra-logging.patch index 3288ce818..afbece3a6 100644 --- a/src/patches/dnsmasq/0029-Log-port-of-requestor-when-doing-extra-logging.patch +++ b/src/patches/dnsmasq/0029-Log-port-of-requestor-when-doing-extra-logging.patch @@ -1,7 +1,7 @@ From 9f79ee4ae34886c0319f06d8f162b81ef79d62fb Mon Sep 17 00:00:00 2001 From: Simon Kelley Date: Mon, 12 Jan 2015 20:18:18 +0000 -Subject: [PATCH 29/78] Log port of requestor when doing extra logging. +Subject: [PATCH 29/87] Log port of requestor when doing extra logging. --- src/cache.c | 6 +++--- diff --git a/src/patches/dnsmasq/0030-Don-t-answer-from-cache-RRsets-from-wildcards-as-we-.patch b/src/patches/dnsmasq/0030-Don-t-answer-from-cache-RRsets-from-wildcards-as-we-.patch index 81b5eb288..ac206e386 100644 --- a/src/patches/dnsmasq/0030-Don-t-answer-from-cache-RRsets-from-wildcards-as-we-.patch +++ b/src/patches/dnsmasq/0030-Don-t-answer-from-cache-RRsets-from-wildcards-as-we-.patch @@ -1,7 +1,7 @@ From 5e321739db381a1d7b5964d76e9c81471d2564c9 Mon Sep 17 00:00:00 2001 From: Simon Kelley Date: Mon, 12 Jan 2015 23:16:56 +0000 -Subject: [PATCH 30/78] Don't answer from cache RRsets from wildcards, as we +Subject: [PATCH 30/87] Don't answer from cache RRsets from wildcards, as we don't have NSECs. --- diff --git a/src/patches/dnsmasq/0031-Logs-for-DS-records-consistent.patch b/src/patches/dnsmasq/0031-Logs-for-DS-records-consistent.patch index ead984e24..20a0e4ba0 100644 --- a/src/patches/dnsmasq/0031-Logs-for-DS-records-consistent.patch +++ b/src/patches/dnsmasq/0031-Logs-for-DS-records-consistent.patch @@ -1,7 +1,7 @@ From ae4624bf46b5e37ff1a9a2ba3c927e0dede95adb Mon Sep 17 00:00:00 2001 From: Simon Kelley Date: Mon, 12 Jan 2015 23:22:08 +0000 -Subject: [PATCH 31/78] Logs for DS records consistent. +Subject: [PATCH 31/87] Logs for DS records consistent. --- src/rfc1035.c | 2 +- diff --git a/src/patches/dnsmasq/0032-Cope-with-multiple-interfaces-with-the-same-LL-addre.patch b/src/patches/dnsmasq/0032-Cope-with-multiple-interfaces-with-the-same-LL-addre.patch index f571501f0..5b5fc07ff 100644 --- a/src/patches/dnsmasq/0032-Cope-with-multiple-interfaces-with-the-same-LL-addre.patch +++ b/src/patches/dnsmasq/0032-Cope-with-multiple-interfaces-with-the-same-LL-addre.patch @@ -1,7 +1,7 @@ From 393415597c8b5b09558b789ab9ac238dbe3db65d Mon Sep 17 00:00:00 2001 From: Simon Kelley Date: Sun, 18 Jan 2015 22:11:10 +0000 -Subject: [PATCH 32/78] Cope with multiple interfaces with the same LL address. +Subject: [PATCH 32/87] Cope with multiple interfaces with the same LL address. --- CHANGELOG | 4 ++++ diff --git a/src/patches/dnsmasq/0033-Don-t-treat-SERVFAIL-as-a-recoverable-error.patch b/src/patches/dnsmasq/0033-Don-t-treat-SERVFAIL-as-a-recoverable-error.patch index f381635c6..926885f32 100644 --- a/src/patches/dnsmasq/0033-Don-t-treat-SERVFAIL-as-a-recoverable-error.patch +++ b/src/patches/dnsmasq/0033-Don-t-treat-SERVFAIL-as-a-recoverable-error.patch @@ -1,7 +1,7 @@ From 2ae195f5a71f7c5a75717845de1bd72fc7dd67f3 Mon Sep 17 00:00:00 2001 From: Simon Kelley Date: Sun, 18 Jan 2015 22:20:48 +0000 -Subject: [PATCH 33/78] Don't treat SERVFAIL as a recoverable error..... +Subject: [PATCH 33/87] Don't treat SERVFAIL as a recoverable error..... --- src/forward.c | 2 +- diff --git a/src/patches/dnsmasq/0034-Add-dhcp-hostsdir-config-option.patch b/src/patches/dnsmasq/0034-Add-dhcp-hostsdir-config-option.patch index 86401c9b6..4ca8cc5d0 100644 --- a/src/patches/dnsmasq/0034-Add-dhcp-hostsdir-config-option.patch +++ b/src/patches/dnsmasq/0034-Add-dhcp-hostsdir-config-option.patch @@ -1,7 +1,7 @@ From 5f4dc5c6ca50655ab14f572c7e30815ed74cd51a Mon Sep 17 00:00:00 2001 From: Simon Kelley Date: Tue, 20 Jan 2015 20:51:02 +0000 -Subject: [PATCH 34/78] Add --dhcp-hostsdir config option. +Subject: [PATCH 34/87] Add --dhcp-hostsdir config option. --- CHANGELOG | 5 +++ diff --git a/src/patches/dnsmasq/0035-Update-German-translation.patch b/src/patches/dnsmasq/0035-Update-German-translation.patch index cd9ec565a..23f1a5fae 100644 --- a/src/patches/dnsmasq/0035-Update-German-translation.patch +++ b/src/patches/dnsmasq/0035-Update-German-translation.patch @@ -1,7 +1,7 @@ From fbf01f7046e75f9aa73fd4aab2a94e43386d9052 Mon Sep 17 00:00:00 2001 From: Conrad Kostecki Date: Tue, 20 Jan 2015 21:07:56 +0000 -Subject: [PATCH 35/78] Update German translation. +Subject: [PATCH 35/87] Update German translation. --- po/de.po | 101 +++++++++++++++++++++++++++++---------------------------------- diff --git a/src/patches/dnsmasq/0036-Don-t-reply-to-DHCPv6-SOLICIT-messages-when-not-conf.patch b/src/patches/dnsmasq/0036-Don-t-reply-to-DHCPv6-SOLICIT-messages-when-not-conf.patch index 144a2543b..c89b6788d 100644 --- a/src/patches/dnsmasq/0036-Don-t-reply-to-DHCPv6-SOLICIT-messages-when-not-conf.patch +++ b/src/patches/dnsmasq/0036-Don-t-reply-to-DHCPv6-SOLICIT-messages-when-not-conf.patch @@ -1,7 +1,7 @@ From 61b838dd574c51d96fef100285a0d225824534f9 Mon Sep 17 00:00:00 2001 From: Win King Wan Date: Wed, 21 Jan 2015 20:41:48 +0000 -Subject: [PATCH 36/78] Don't reply to DHCPv6 SOLICIT messages when not +Subject: [PATCH 36/87] Don't reply to DHCPv6 SOLICIT messages when not configured for statefull DHCPv6. --- diff --git a/src/patches/dnsmasq/0037-Allow-inotify-to-be-disabled-at-compile-time-on-Linu.patch b/src/patches/dnsmasq/0037-Allow-inotify-to-be-disabled-at-compile-time-on-Linu.patch index 99606cc15..161709593 100644 --- a/src/patches/dnsmasq/0037-Allow-inotify-to-be-disabled-at-compile-time-on-Linu.patch +++ b/src/patches/dnsmasq/0037-Allow-inotify-to-be-disabled-at-compile-time-on-Linu.patch @@ -1,7 +1,7 @@ From 0491805d2ff6e7727f0272c94fd97d9897d1e22c Mon Sep 17 00:00:00 2001 From: Simon Kelley Date: Mon, 26 Jan 2015 11:23:43 +0000 -Subject: [PATCH 37/78] Allow inotify to be disabled at compile time on Linux. +Subject: [PATCH 37/87] Allow inotify to be disabled at compile time on Linux. --- CHANGELOG | 4 +++- diff --git a/src/patches/dnsmasq/0038-Expand-inotify-code-to-dhcp-hostsdir-dhcp-optsdir-an.patch b/src/patches/dnsmasq/0038-Expand-inotify-code-to-dhcp-hostsdir-dhcp-optsdir-an.patch index db0d4fc85..fee3aaee6 100644 --- a/src/patches/dnsmasq/0038-Expand-inotify-code-to-dhcp-hostsdir-dhcp-optsdir-an.patch +++ b/src/patches/dnsmasq/0038-Expand-inotify-code-to-dhcp-hostsdir-dhcp-optsdir-an.patch @@ -1,7 +1,7 @@ From 70d1873dd9e70041ed4bb88c69d5b886b7cc634c Mon Sep 17 00:00:00 2001 From: Simon Kelley Date: Sat, 31 Jan 2015 19:59:29 +0000 -Subject: [PATCH 38/78] Expand inotify code to dhcp-hostsdir, dhcp-optsdir and +Subject: [PATCH 38/87] Expand inotify code to dhcp-hostsdir, dhcp-optsdir and hostsdir. --- diff --git a/src/patches/dnsmasq/0039-Update-copyrights-for-dawn-of-2015.patch b/src/patches/dnsmasq/0039-Update-copyrights-for-dawn-of-2015.patch index 28282c272..58a4ce6d4 100644 --- a/src/patches/dnsmasq/0039-Update-copyrights-for-dawn-of-2015.patch +++ b/src/patches/dnsmasq/0039-Update-copyrights-for-dawn-of-2015.patch @@ -1,7 +1,7 @@ From aff3396280e944833f0e23d834aa6acd5fe2605a Mon Sep 17 00:00:00 2001 From: Simon Kelley Date: Sat, 31 Jan 2015 20:13:40 +0000 -Subject: [PATCH 39/78] Update copyrights for dawn of 2015. +Subject: [PATCH 39/87] Update copyrights for dawn of 2015. --- Makefile | 2 +- diff --git a/src/patches/dnsmasq/0040-inotify-documentation-updates.patch b/src/patches/dnsmasq/0040-inotify-documentation-updates.patch index 2fb831cba..bd0ce4d3a 100644 --- a/src/patches/dnsmasq/0040-inotify-documentation-updates.patch +++ b/src/patches/dnsmasq/0040-inotify-documentation-updates.patch @@ -1,7 +1,7 @@ From 3d04f46334d0e345f589eda1372e638b946fe637 Mon Sep 17 00:00:00 2001 From: Simon Kelley Date: Sat, 31 Jan 2015 21:59:13 +0000 -Subject: [PATCH 40/78] inotify documentation updates. +Subject: [PATCH 40/87] inotify documentation updates. --- man/dnsmasq.8 | 11 +++++++++-- diff --git a/src/patches/dnsmasq/0041-Fix-broken-ECDSA-DNSSEC-signatures.patch b/src/patches/dnsmasq/0041-Fix-broken-ECDSA-DNSSEC-signatures.patch index 68e1ca6b1..be9122c09 100644 --- a/src/patches/dnsmasq/0041-Fix-broken-ECDSA-DNSSEC-signatures.patch +++ b/src/patches/dnsmasq/0041-Fix-broken-ECDSA-DNSSEC-signatures.patch @@ -1,7 +1,7 @@ From 6ef15b34ca83c62a939f69356d5c3f7a6bfef3d0 Mon Sep 17 00:00:00 2001 From: Simon Kelley Date: Sat, 31 Jan 2015 22:44:26 +0000 -Subject: [PATCH 41/78] Fix broken ECDSA DNSSEC signatures. +Subject: [PATCH 41/87] Fix broken ECDSA DNSSEC signatures. --- CHANGELOG | 2 ++ diff --git a/src/patches/dnsmasq/0042-BSD-make-support.patch b/src/patches/dnsmasq/0042-BSD-make-support.patch index ced58684b..a60c1bddb 100644 --- a/src/patches/dnsmasq/0042-BSD-make-support.patch +++ b/src/patches/dnsmasq/0042-BSD-make-support.patch @@ -1,7 +1,7 @@ From 106266761828a0acb006346ae47bf031dee46a5d Mon Sep 17 00:00:00 2001 From: Simon Kelley Date: Sun, 1 Feb 2015 00:15:16 +0000 -Subject: [PATCH 42/78] BSD make support +Subject: [PATCH 42/87] BSD make support --- Makefile | 6 ++++-- diff --git a/src/patches/dnsmasq/0043-Fix-build-failure-on-openBSD.patch b/src/patches/dnsmasq/0043-Fix-build-failure-on-openBSD.patch index 2aa543da1..0fcc8cd3b 100644 --- a/src/patches/dnsmasq/0043-Fix-build-failure-on-openBSD.patch +++ b/src/patches/dnsmasq/0043-Fix-build-failure-on-openBSD.patch @@ -1,7 +1,7 @@ From 8d8a54ec79d9f96979fabbd97b1dd2ddebc7d78f Mon Sep 17 00:00:00 2001 From: Simon Kelley Date: Sun, 1 Feb 2015 21:48:46 +0000 -Subject: [PATCH 43/78] Fix build failure on openBSD. +Subject: [PATCH 43/87] Fix build failure on openBSD. --- src/tables.c | 2 +- diff --git a/src/patches/dnsmasq/0044-Manpage-typo-fix.patch b/src/patches/dnsmasq/0044-Manpage-typo-fix.patch index ef606e838..dd45634c9 100644 --- a/src/patches/dnsmasq/0044-Manpage-typo-fix.patch +++ b/src/patches/dnsmasq/0044-Manpage-typo-fix.patch @@ -1,7 +1,7 @@ From d36b732c4cfa91ea09af64b5dc0f3a85a075e5bc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thi=C3=A9baud=20Weksteen?= Date: Mon, 2 Feb 2015 21:37:27 +0000 -Subject: [PATCH 44/78] Manpage typo fix. +Subject: [PATCH 44/87] Manpage typo fix. --- man/dnsmasq.8 | 2 +- diff --git a/src/patches/dnsmasq/0045-Fixup-dhcp-configs-after-reading-extra-hostfiles-wit.patch b/src/patches/dnsmasq/0045-Fixup-dhcp-configs-after-reading-extra-hostfiles-wit.patch index 1f87a9eca..7a719f83e 100644 --- a/src/patches/dnsmasq/0045-Fixup-dhcp-configs-after-reading-extra-hostfiles-wit.patch +++ b/src/patches/dnsmasq/0045-Fixup-dhcp-configs-after-reading-extra-hostfiles-wit.patch @@ -1,7 +1,7 @@ From 2941d3ac898cf84b544e47c9735c5e4111711db1 Mon Sep 17 00:00:00 2001 From: Simon Kelley Date: Mon, 2 Feb 2015 22:36:42 +0000 -Subject: [PATCH 45/78] Fixup dhcp-configs after reading extra hostfiles with +Subject: [PATCH 45/87] Fixup dhcp-configs after reading extra hostfiles with inotify. --- diff --git a/src/patches/dnsmasq/0046-Extra-logging-for-inotify-code.patch b/src/patches/dnsmasq/0046-Extra-logging-for-inotify-code.patch index 754d0a8ad..3db945d8f 100644 --- a/src/patches/dnsmasq/0046-Extra-logging-for-inotify-code.patch +++ b/src/patches/dnsmasq/0046-Extra-logging-for-inotify-code.patch @@ -1,7 +1,7 @@ From f9c863708c6b0aea31ff7a466647685dc739de50 Mon Sep 17 00:00:00 2001 From: Simon Kelley Date: Tue, 3 Feb 2015 21:52:48 +0000 -Subject: [PATCH 46/78] Extra logging for inotify code. +Subject: [PATCH 46/87] Extra logging for inotify code. --- src/cache.c | 9 ++++----- diff --git a/src/patches/dnsmasq/0047-man-page-typo.patch b/src/patches/dnsmasq/0047-man-page-typo.patch index 9fdd87eeb..5a8115247 100644 --- a/src/patches/dnsmasq/0047-man-page-typo.patch +++ b/src/patches/dnsmasq/0047-man-page-typo.patch @@ -1,7 +1,7 @@ From efb8b5566aafc1f3ce18514a2df93af5a2e4998c Mon Sep 17 00:00:00 2001 From: Simon Kelley Date: Sat, 7 Feb 2015 22:36:34 +0000 -Subject: [PATCH 47/78] man page typo. +Subject: [PATCH 47/87] man page typo. --- man/dnsmasq.8 | 1 + diff --git a/src/patches/dnsmasq/0048-Fix-get-version-script-which-returned-wrong-tag-in-s.patch b/src/patches/dnsmasq/0048-Fix-get-version-script-which-returned-wrong-tag-in-s.patch index fd0da9b91..e69e0a618 100644 --- a/src/patches/dnsmasq/0048-Fix-get-version-script-which-returned-wrong-tag-in-s.patch +++ b/src/patches/dnsmasq/0048-Fix-get-version-script-which-returned-wrong-tag-in-s.patch @@ -1,7 +1,7 @@ From f4f400776b3c1aa303d1a0fcd500f0ab5bc970f2 Mon Sep 17 00:00:00 2001 From: Shantanu Gadgil Date: Wed, 11 Feb 2015 20:16:59 +0000 -Subject: [PATCH 48/78] Fix get-version script which returned wrong tag in some +Subject: [PATCH 48/87] Fix get-version script which returned wrong tag in some situations. --- diff --git a/src/patches/dnsmasq/0049-Typos.patch b/src/patches/dnsmasq/0049-Typos.patch index ab57c77e2..e78f185dd 100644 --- a/src/patches/dnsmasq/0049-Typos.patch +++ b/src/patches/dnsmasq/0049-Typos.patch @@ -1,7 +1,7 @@ From 8ff70de618eb7de9147dbfbd4deca4a2dd62f0cb Mon Sep 17 00:00:00 2001 From: Simon Kelley Date: Sat, 14 Feb 2015 20:02:37 +0000 -Subject: [PATCH 49/78] Typos. +Subject: [PATCH 49/87] Typos. --- src/inotify.c | 3 ++- diff --git a/src/patches/dnsmasq/0050-Make-dynamic-hosts-files-work-when-no-hosts-set.patch b/src/patches/dnsmasq/0050-Make-dynamic-hosts-files-work-when-no-hosts-set.patch index df3bf18ce..7b5a92dd3 100644 --- a/src/patches/dnsmasq/0050-Make-dynamic-hosts-files-work-when-no-hosts-set.patch +++ b/src/patches/dnsmasq/0050-Make-dynamic-hosts-files-work-when-no-hosts-set.patch @@ -1,7 +1,7 @@ From caeea190f12efd20139f694aac4942d1ac00019f Mon Sep 17 00:00:00 2001 From: Simon Kelley Date: Sat, 14 Feb 2015 20:08:56 +0000 -Subject: [PATCH 50/78] Make dynamic hosts files work when --no-hosts set. +Subject: [PATCH 50/87] Make dynamic hosts files work when --no-hosts set. --- src/cache.c | 21 +++++++++++---------- diff --git a/src/patches/dnsmasq/0051-Fix-trivial-memory-leaks-to-quieten-valgrind.patch b/src/patches/dnsmasq/0051-Fix-trivial-memory-leaks-to-quieten-valgrind.patch index ad7ecd7ae..cfc7b00ee 100644 --- a/src/patches/dnsmasq/0051-Fix-trivial-memory-leaks-to-quieten-valgrind.patch +++ b/src/patches/dnsmasq/0051-Fix-trivial-memory-leaks-to-quieten-valgrind.patch @@ -1,7 +1,7 @@ From 28b879ac47b872af6e8c5e86d76806c69338434d Mon Sep 17 00:00:00 2001 From: Chen Wei Date: Tue, 17 Feb 2015 22:07:35 +0000 -Subject: [PATCH 51/78] Fix trivial memory leaks to quieten valgrind. +Subject: [PATCH 51/87] Fix trivial memory leaks to quieten valgrind. --- src/dnsmasq.c | 2 ++ diff --git a/src/patches/dnsmasq/0052-Fix-uninitialized-value-used-in-get_client_mac.patch b/src/patches/dnsmasq/0052-Fix-uninitialized-value-used-in-get_client_mac.patch index 9556f3b8f..0a50689ff 100644 --- a/src/patches/dnsmasq/0052-Fix-uninitialized-value-used-in-get_client_mac.patch +++ b/src/patches/dnsmasq/0052-Fix-uninitialized-value-used-in-get_client_mac.patch @@ -1,7 +1,7 @@ From 0705a7e2d57654b27c7e14f35ca77241c1821f4d Mon Sep 17 00:00:00 2001 From: Tomas Hozza Date: Mon, 23 Feb 2015 21:26:26 +0000 -Subject: [PATCH 52/78] Fix uninitialized value used in get_client_mac() +Subject: [PATCH 52/87] Fix uninitialized value used in get_client_mac() --- src/dhcp6.c | 4 +++- diff --git a/src/patches/dnsmasq/0053-Log-parsing-utils-in-contrib-reverse-dns.patch b/src/patches/dnsmasq/0053-Log-parsing-utils-in-contrib-reverse-dns.patch index 03d20f616..854771a9b 100644 --- a/src/patches/dnsmasq/0053-Log-parsing-utils-in-contrib-reverse-dns.patch +++ b/src/patches/dnsmasq/0053-Log-parsing-utils-in-contrib-reverse-dns.patch @@ -1,7 +1,7 @@ From 47b9ac59c715827252ae6e6732903c3dabb697fb Mon Sep 17 00:00:00 2001 From: Joachim Zobel Date: Mon, 23 Feb 2015 21:38:11 +0000 -Subject: [PATCH 53/78] Log parsing utils in contrib/reverse-dns +Subject: [PATCH 53/87] Log parsing utils in contrib/reverse-dns --- contrib/reverse-dns/README | 18 ++++++++++++++++++ diff --git a/src/patches/dnsmasq/0054-Add-dnssec-timestamp-option-and-facility.patch b/src/patches/dnsmasq/0054-Add-dnssec-timestamp-option-and-facility.patch index 2d47566a0..cb9e86fdf 100644 --- a/src/patches/dnsmasq/0054-Add-dnssec-timestamp-option-and-facility.patch +++ b/src/patches/dnsmasq/0054-Add-dnssec-timestamp-option-and-facility.patch @@ -1,7 +1,7 @@ From f6e62e2af96f5fa0d1e3d93167a93a8f09bf6e61 Mon Sep 17 00:00:00 2001 From: Simon Kelley Date: Sun, 1 Mar 2015 18:17:54 +0000 -Subject: [PATCH 54/78] Add --dnssec-timestamp option and facility. +Subject: [PATCH 54/87] Add --dnssec-timestamp option and facility. --- CHANGELOG | 6 +++++ diff --git a/src/patches/dnsmasq/0055-Fix-last-commit-to-not-crash-if-uid-changing-not-con.patch b/src/patches/dnsmasq/0055-Fix-last-commit-to-not-crash-if-uid-changing-not-con.patch index ba48df381..40b6607b7 100644 --- a/src/patches/dnsmasq/0055-Fix-last-commit-to-not-crash-if-uid-changing-not-con.patch +++ b/src/patches/dnsmasq/0055-Fix-last-commit-to-not-crash-if-uid-changing-not-con.patch @@ -1,7 +1,7 @@ From 9003b50b13da624ca45f3e0cf99abb623b8d026b Mon Sep 17 00:00:00 2001 From: Simon Kelley Date: Mon, 2 Mar 2015 22:47:23 +0000 -Subject: [PATCH 55/78] Fix last commit to not crash if uid changing not +Subject: [PATCH 55/87] Fix last commit to not crash if uid changing not configured. --- diff --git a/src/patches/dnsmasq/0056-New-version-of-contrib-reverse-dns.patch b/src/patches/dnsmasq/0056-New-version-of-contrib-reverse-dns.patch index dc52d90e3..f6f787366 100644 --- a/src/patches/dnsmasq/0056-New-version-of-contrib-reverse-dns.patch +++ b/src/patches/dnsmasq/0056-New-version-of-contrib-reverse-dns.patch @@ -1,7 +1,7 @@ From 4c960fa90a975d20f75a1ecabd217247f1922c8f Mon Sep 17 00:00:00 2001 From: Simon Kelley Date: Wed, 4 Mar 2015 20:32:26 +0000 -Subject: [PATCH 56/78] New version of contrib/reverse-dns +Subject: [PATCH 56/87] New version of contrib/reverse-dns --- contrib/reverse-dns/README | 22 +++--- diff --git a/src/patches/dnsmasq/0057-Tweak-DNSSEC-timestamp-code-to-create-file-later-rem.patch b/src/patches/dnsmasq/0057-Tweak-DNSSEC-timestamp-code-to-create-file-later-rem.patch index d17d23fe1..924e3dcd6 100644 --- a/src/patches/dnsmasq/0057-Tweak-DNSSEC-timestamp-code-to-create-file-later-rem.patch +++ b/src/patches/dnsmasq/0057-Tweak-DNSSEC-timestamp-code-to-create-file-later-rem.patch @@ -1,7 +1,7 @@ From 360f2513ab12a9bf1e262d388dd2ea8a566590a3 Mon Sep 17 00:00:00 2001 From: Simon Kelley Date: Sat, 7 Mar 2015 18:28:06 +0000 -Subject: [PATCH 57/78] Tweak DNSSEC timestamp code to create file later, +Subject: [PATCH 57/87] Tweak DNSSEC timestamp code to create file later, removing need to chown it. --- diff --git a/src/patches/dnsmasq/0058-Fix-boilerplate-code-for-re-running-system-calls-on-.patch b/src/patches/dnsmasq/0058-Fix-boilerplate-code-for-re-running-system-calls-on-.patch index 4dd956828..ded09841f 100644 --- a/src/patches/dnsmasq/0058-Fix-boilerplate-code-for-re-running-system-calls-on-.patch +++ b/src/patches/dnsmasq/0058-Fix-boilerplate-code-for-re-running-system-calls-on-.patch @@ -1,7 +1,7 @@ From ff841ebf5a5d6864ff48571f607c32ce80dbb75a Mon Sep 17 00:00:00 2001 From: Simon Kelley Date: Wed, 11 Mar 2015 21:36:30 +0000 -Subject: [PATCH 58/78] Fix boilerplate code for re-running system calls on +Subject: [PATCH 58/87] Fix boilerplate code for re-running system calls on EINTR and EAGAIN etc. The nasty code with static variable in retry_send() which diff --git a/src/patches/dnsmasq/0059-Make-address-example.com-equivalent-to-server-exampl.patch b/src/patches/dnsmasq/0059-Make-address-example.com-equivalent-to-server-exampl.patch index a072474e8..f8091d4d7 100644 --- a/src/patches/dnsmasq/0059-Make-address-example.com-equivalent-to-server-exampl.patch +++ b/src/patches/dnsmasq/0059-Make-address-example.com-equivalent-to-server-exampl.patch @@ -1,7 +1,7 @@ From 979fe86bc8693f660eddea232ae39cbbb50b294c Mon Sep 17 00:00:00 2001 From: Simon Kelley Date: Thu, 19 Mar 2015 22:50:22 +0000 -Subject: [PATCH 59/78] Make --address=/example.com/ equivalent to +Subject: [PATCH 59/87] Make --address=/example.com/ equivalent to --server=/example.com/ --- diff --git a/src/patches/dnsmasq/0060-dhcp-set-outbound-interface-via-cmsg-in-unicast-repl.patch b/src/patches/dnsmasq/0060-dhcp-set-outbound-interface-via-cmsg-in-unicast-repl.patch index 429f56a98..dcf1a3cb0 100644 --- a/src/patches/dnsmasq/0060-dhcp-set-outbound-interface-via-cmsg-in-unicast-repl.patch +++ b/src/patches/dnsmasq/0060-dhcp-set-outbound-interface-via-cmsg-in-unicast-repl.patch @@ -1,7 +1,7 @@ From 65c721200023ef0023114459a8d12f8b0a24cfd8 Mon Sep 17 00:00:00 2001 From: Lung-Pin Chang Date: Thu, 19 Mar 2015 23:22:21 +0000 -Subject: [PATCH 60/78] dhcp: set outbound interface via cmsg in unicast reply +Subject: [PATCH 60/87] dhcp: set outbound interface via cmsg in unicast reply If multiple routes to the same network exist, Linux blindly picks the first interface (route) based on destination address, which might not be diff --git a/src/patches/dnsmasq/0061-Don-t-fail-DNSSEC-when-a-signed-CNAME-dangles-into-a.patch b/src/patches/dnsmasq/0061-Don-t-fail-DNSSEC-when-a-signed-CNAME-dangles-into-a.patch index aece6fa6e..7f2b1b042 100644 --- a/src/patches/dnsmasq/0061-Don-t-fail-DNSSEC-when-a-signed-CNAME-dangles-into-a.patch +++ b/src/patches/dnsmasq/0061-Don-t-fail-DNSSEC-when-a-signed-CNAME-dangles-into-a.patch @@ -1,7 +1,7 @@ From 8805283088d670baecb92569252c01cf754cda51 Mon Sep 17 00:00:00 2001 From: Simon Kelley Date: Thu, 26 Mar 2015 21:15:43 +0000 -Subject: [PATCH 61/78] Don't fail DNSSEC when a signed CNAME dangles into an +Subject: [PATCH 61/87] Don't fail DNSSEC when a signed CNAME dangles into an unsigned zone. --- diff --git a/src/patches/dnsmasq/0062-Return-SERVFAIL-when-validation-abandoned.patch b/src/patches/dnsmasq/0062-Return-SERVFAIL-when-validation-abandoned.patch index 81280dcce..496776deb 100644 --- a/src/patches/dnsmasq/0062-Return-SERVFAIL-when-validation-abandoned.patch +++ b/src/patches/dnsmasq/0062-Return-SERVFAIL-when-validation-abandoned.patch @@ -1,7 +1,7 @@ From 150162bc37170a6edae9d488435e836b1e4e3a4e Mon Sep 17 00:00:00 2001 From: Simon Kelley Date: Fri, 27 Mar 2015 09:58:26 +0000 -Subject: [PATCH 62/78] Return SERVFAIL when validation abandoned. +Subject: [PATCH 62/87] Return SERVFAIL when validation abandoned. --- src/forward.c | 11 +++++++++-- diff --git a/src/patches/dnsmasq/0063-Protect-against-broken-DNSSEC-upstreams.patch b/src/patches/dnsmasq/0063-Protect-against-broken-DNSSEC-upstreams.patch index bd79a1a1e..25ae12e6a 100644 --- a/src/patches/dnsmasq/0063-Protect-against-broken-DNSSEC-upstreams.patch +++ b/src/patches/dnsmasq/0063-Protect-against-broken-DNSSEC-upstreams.patch @@ -1,7 +1,7 @@ From 0b8a5a30a77331974ba24a04e43e720585dfbc61 Mon Sep 17 00:00:00 2001 From: Simon Kelley Date: Fri, 27 Mar 2015 11:44:55 +0000 -Subject: [PATCH 63/78] Protect against broken DNSSEC upstreams. +Subject: [PATCH 63/87] Protect against broken DNSSEC upstreams. --- src/dnssec.c | 7 +++++-- diff --git a/src/patches/dnsmasq/0064-DNSSEC-fix-for-non-ascii-characters-in-labels.patch b/src/patches/dnsmasq/0064-DNSSEC-fix-for-non-ascii-characters-in-labels.patch index c020af51a..41730b801 100644 --- a/src/patches/dnsmasq/0064-DNSSEC-fix-for-non-ascii-characters-in-labels.patch +++ b/src/patches/dnsmasq/0064-DNSSEC-fix-for-non-ascii-characters-in-labels.patch @@ -1,7 +1,7 @@ From 1e153945def3c50d1e59ceea6a768db0ac770f98 Mon Sep 17 00:00:00 2001 From: Simon Kelley Date: Sat, 28 Mar 2015 21:34:07 +0000 -Subject: [PATCH 64/78] DNSSEC fix for non-ascii characters in labels. +Subject: [PATCH 64/87] DNSSEC fix for non-ascii characters in labels. --- src/dnssec.c | 34 +++++++++++++++++----------------- diff --git a/src/patches/dnsmasq/0065-Allow-control-characters-in-names-in-the-cache-handl.patch b/src/patches/dnsmasq/0065-Allow-control-characters-in-names-in-the-cache-handl.patch index a9b6f400b..212fe30c3 100644 --- a/src/patches/dnsmasq/0065-Allow-control-characters-in-names-in-the-cache-handl.patch +++ b/src/patches/dnsmasq/0065-Allow-control-characters-in-names-in-the-cache-handl.patch @@ -1,7 +1,7 @@ From 394ff492da6af5da7e7d356be9586683bc5fc011 Mon Sep 17 00:00:00 2001 From: Simon Kelley Date: Sun, 29 Mar 2015 22:17:14 +0100 -Subject: [PATCH 65/78] Allow control characters in names in the cache, handle +Subject: [PATCH 65/87] Allow control characters in names in the cache, handle when logging. --- diff --git a/src/patches/dnsmasq/0066-Fix-crash-in-last-commit.patch b/src/patches/dnsmasq/0066-Fix-crash-in-last-commit.patch index 8a496b0c0..dbc4deb90 100644 --- a/src/patches/dnsmasq/0066-Fix-crash-in-last-commit.patch +++ b/src/patches/dnsmasq/0066-Fix-crash-in-last-commit.patch @@ -1,7 +1,7 @@ From 794fccca7ffebfba4468bfffc6276b68bbf6afd9 Mon Sep 17 00:00:00 2001 From: Simon Kelley Date: Sun, 29 Mar 2015 22:35:44 +0100 -Subject: [PATCH 66/78] Fix crash in last commit. +Subject: [PATCH 66/87] Fix crash in last commit. --- src/cache.c | 7 ++++--- diff --git a/src/patches/dnsmasq/0067-Merge-message-translations.patch b/src/patches/dnsmasq/0067-Merge-message-translations.patch index f6c522585..ac735bdc7 100644 --- a/src/patches/dnsmasq/0067-Merge-message-translations.patch +++ b/src/patches/dnsmasq/0067-Merge-message-translations.patch @@ -1,7 +1,7 @@ From fd6ad9e481ab7c812a6b1515244908818cbb0442 Mon Sep 17 00:00:00 2001 From: Simon Kelley Date: Mon, 30 Mar 2015 07:52:21 +0100 -Subject: [PATCH 67/78] Merge message translations. +Subject: [PATCH 67/87] Merge message translations. --- po/de.po | 803 +++++++++++++++++++++++++++++++++-------------------------- diff --git a/src/patches/dnsmasq/0068-add-tftp-no-fail-to-ignore-missing-tftp-root.patch b/src/patches/dnsmasq/0068-add-tftp-no-fail-to-ignore-missing-tftp-root.patch index cf1f2af82..b61ad0a17 100644 --- a/src/patches/dnsmasq/0068-add-tftp-no-fail-to-ignore-missing-tftp-root.patch +++ b/src/patches/dnsmasq/0068-add-tftp-no-fail-to-ignore-missing-tftp-root.patch @@ -1,7 +1,7 @@ From 30d0879ed55cb67b1b735beab3d93f3bb3ef1dd2 Mon Sep 17 00:00:00 2001 From: Stefan Tomanek Date: Tue, 31 Mar 2015 22:32:11 +0100 -Subject: [PATCH 68/78] add --tftp-no-fail to ignore missing tftp root +Subject: [PATCH 68/87] add --tftp-no-fail to ignore missing tftp root --- CHANGELOG | 3 +++ diff --git a/src/patches/dnsmasq/0069-Whitespace-fixes.patch b/src/patches/dnsmasq/0069-Whitespace-fixes.patch index a18c6bec7..865e9a91d 100644 --- a/src/patches/dnsmasq/0069-Whitespace-fixes.patch +++ b/src/patches/dnsmasq/0069-Whitespace-fixes.patch @@ -1,7 +1,7 @@ From 7aa970e2c7043201663d86a4b5d8cd5c592cef39 Mon Sep 17 00:00:00 2001 From: Stefan Tomanek Date: Wed, 1 Apr 2015 17:55:07 +0100 -Subject: [PATCH 69/78] Whitespace fixes. +Subject: [PATCH 69/87] Whitespace fixes. --- src/dnsmasq.c | 14 +++++++------- diff --git a/src/patches/dnsmasq/0070-Return-INSECURE-rather-than-BOGUS-when-DS-proved-not.patch b/src/patches/dnsmasq/0070-Return-INSECURE-rather-than-BOGUS-when-DS-proved-not.patch index b021aab16..a2f96385c 100644 --- a/src/patches/dnsmasq/0070-Return-INSECURE-rather-than-BOGUS-when-DS-proved-not.patch +++ b/src/patches/dnsmasq/0070-Return-INSECURE-rather-than-BOGUS-when-DS-proved-not.patch @@ -1,7 +1,7 @@ From fe3992f9fa69fa975ea31919c53933b5f6a63527 Mon Sep 17 00:00:00 2001 From: Simon Kelley Date: Fri, 3 Apr 2015 21:25:05 +0100 -Subject: [PATCH 70/78] Return INSECURE, rather than BOGUS when DS proved not +Subject: [PATCH 70/87] Return INSECURE, rather than BOGUS when DS proved not to exist. Return INSECURE when validating DNS replies which have RRSIGs, but diff --git a/src/patches/dnsmasq/0071-Fix-compiler-warning-when-not-including-DNSSEC.patch b/src/patches/dnsmasq/0071-Fix-compiler-warning-when-not-including-DNSSEC.patch index b8e5cf817..723c492ac 100644 --- a/src/patches/dnsmasq/0071-Fix-compiler-warning-when-not-including-DNSSEC.patch +++ b/src/patches/dnsmasq/0071-Fix-compiler-warning-when-not-including-DNSSEC.patch @@ -1,7 +1,7 @@ From 982faf402487e265ed11ac03524531d42b03c966 Mon Sep 17 00:00:00 2001 From: Simon Kelley Date: Fri, 3 Apr 2015 21:42:30 +0100 -Subject: [PATCH 71/78] Fix compiler warning when not including DNSSEC. +Subject: [PATCH 71/87] Fix compiler warning when not including DNSSEC. --- src/forward.c | 3 ++- diff --git a/src/patches/dnsmasq/0072-Fix-crash-caused-by-looking-up-servers.bind-when-man.patch b/src/patches/dnsmasq/0072-Fix-crash-caused-by-looking-up-servers.bind-when-man.patch index e03606c5c..3f579bda5 100644 --- a/src/patches/dnsmasq/0072-Fix-crash-caused-by-looking-up-servers.bind-when-man.patch +++ b/src/patches/dnsmasq/0072-Fix-crash-caused-by-looking-up-servers.bind-when-man.patch @@ -1,7 +1,7 @@ From 04b0ac05377936d121a36873bb63d492cde292c9 Mon Sep 17 00:00:00 2001 From: Simon Kelley Date: Mon, 6 Apr 2015 17:19:13 +0100 -Subject: [PATCH 72/78] Fix crash caused by looking up servers.bind when many +Subject: [PATCH 72/87] Fix crash caused by looking up servers.bind when many servers defined. --- diff --git a/src/patches/dnsmasq/0073-Fix-crash-on-receipt-of-certain-malformed-DNS-reques.patch b/src/patches/dnsmasq/0073-Fix-crash-on-receipt-of-certain-malformed-DNS-reques.patch index c333e662d..27e4cde3d 100644 --- a/src/patches/dnsmasq/0073-Fix-crash-on-receipt-of-certain-malformed-DNS-reques.patch +++ b/src/patches/dnsmasq/0073-Fix-crash-on-receipt-of-certain-malformed-DNS-reques.patch @@ -1,7 +1,7 @@ From ad4a8ff7d9097008d7623df8543df435bfddeac8 Mon Sep 17 00:00:00 2001 From: Simon Kelley Date: Thu, 9 Apr 2015 21:48:00 +0100 -Subject: [PATCH 73/78] Fix crash on receipt of certain malformed DNS requests. +Subject: [PATCH 73/87] Fix crash on receipt of certain malformed DNS requests. --- CHANGELOG | 3 +++ diff --git a/src/patches/dnsmasq/0074-Fix-crash-in-auth-code-with-odd-configuration.patch b/src/patches/dnsmasq/0074-Fix-crash-in-auth-code-with-odd-configuration.patch index 4a9cee0d2..2435371a7 100644 --- a/src/patches/dnsmasq/0074-Fix-crash-in-auth-code-with-odd-configuration.patch +++ b/src/patches/dnsmasq/0074-Fix-crash-in-auth-code-with-odd-configuration.patch @@ -1,7 +1,7 @@ From 38440b204db65f9be16c4c3daa7e991e4356f6ed Mon Sep 17 00:00:00 2001 From: Simon Kelley Date: Sun, 12 Apr 2015 21:52:47 +0100 -Subject: [PATCH 74/78] Fix crash in auth code with odd configuration. +Subject: [PATCH 74/87] Fix crash in auth code with odd configuration. --- CHANGELOG | 32 +++++++++++++++++++++----------- diff --git a/src/patches/dnsmasq/0075-Auth-correct-replies-to-NS-and-SOA-in-.arpa-zones.patch b/src/patches/dnsmasq/0075-Auth-correct-replies-to-NS-and-SOA-in-.arpa-zones.patch index 705229f1a..fbc38022b 100644 --- a/src/patches/dnsmasq/0075-Auth-correct-replies-to-NS-and-SOA-in-.arpa-zones.patch +++ b/src/patches/dnsmasq/0075-Auth-correct-replies-to-NS-and-SOA-in-.arpa-zones.patch @@ -1,7 +1,7 @@ From 78c6184752dce27849e36cce4360abc27b8d76d2 Mon Sep 17 00:00:00 2001 From: Simon Kelley Date: Thu, 16 Apr 2015 15:05:30 +0100 -Subject: [PATCH 75/78] Auth: correct replies to NS and SOA in .arpa zones. +Subject: [PATCH 75/87] Auth: correct replies to NS and SOA in .arpa zones. --- CHANGELOG | 8 ++++++++ diff --git a/src/patches/dnsmasq/0076-Fix-srk-induced-crash-in-new-tftp_no_fail-code.patch b/src/patches/dnsmasq/0076-Fix-srk-induced-crash-in-new-tftp_no_fail-code.patch index e42dfb0d7..1598460b7 100644 --- a/src/patches/dnsmasq/0076-Fix-srk-induced-crash-in-new-tftp_no_fail-code.patch +++ b/src/patches/dnsmasq/0076-Fix-srk-induced-crash-in-new-tftp_no_fail-code.patch @@ -1,7 +1,7 @@ From b4c0f092d8ce63ea4763c0ac17aa8d24318ad301 Mon Sep 17 00:00:00 2001 From: Stefan Tomanek Date: Thu, 16 Apr 2015 15:20:59 +0100 -Subject: [PATCH 76/78] Fix (srk induced) crash in new tftp_no_fail code. +Subject: [PATCH 76/87] Fix (srk induced) crash in new tftp_no_fail code. --- src/dnsmasq.c | 6 ++++-- diff --git a/src/patches/dnsmasq/0077-Note-CVE-2015-3294.patch b/src/patches/dnsmasq/0077-Note-CVE-2015-3294.patch index 15f3a4d44..a68ac4c4e 100644 --- a/src/patches/dnsmasq/0077-Note-CVE-2015-3294.patch +++ b/src/patches/dnsmasq/0077-Note-CVE-2015-3294.patch @@ -1,7 +1,7 @@ From 0df29f5e23fd2f16181847db1fcf3a8b392d869a Mon Sep 17 00:00:00 2001 From: Simon Kelley Date: Thu, 16 Apr 2015 15:24:52 +0100 -Subject: [PATCH 77/78] Note CVE-2015-3294 +Subject: [PATCH 77/87] Note CVE-2015-3294 --- CHANGELOG | 3 +++ diff --git a/src/patches/dnsmasq/0078-Log-domain-when-reporting-DNSSEC-validation-failure.patch b/src/patches/dnsmasq/0078-Log-domain-when-reporting-DNSSEC-validation-failure.patch index 2f7fa0aff..2e040e320 100644 --- a/src/patches/dnsmasq/0078-Log-domain-when-reporting-DNSSEC-validation-failure.patch +++ b/src/patches/dnsmasq/0078-Log-domain-when-reporting-DNSSEC-validation-failure.patch @@ -1,7 +1,7 @@ From 554b580e970275d5a869cb4fbfb2716f92b2f664 Mon Sep 17 00:00:00 2001 From: Simon Kelley Date: Fri, 17 Apr 2015 22:50:20 +0100 -Subject: [PATCH 78/78] Log domain when reporting DNSSEC validation failure. +Subject: [PATCH 78/87] Log domain when reporting DNSSEC validation failure. --- src/forward.c | 15 ++++++++++----- diff --git a/src/patches/dnsmasq/0079-Check-IP-address-command-line-arg-in-dhcp_release.c.patch b/src/patches/dnsmasq/0079-Check-IP-address-command-line-arg-in-dhcp_release.c.patch new file mode 100644 index 000000000..6b0453e03 --- /dev/null +++ b/src/patches/dnsmasq/0079-Check-IP-address-command-line-arg-in-dhcp_release.c.patch @@ -0,0 +1,28 @@ +From a006eb7e1486023480ea40244720ef7aab51de71 Mon Sep 17 00:00:00 2001 +From: Moshe Levi +Date: Sun, 19 Apr 2015 22:10:40 +0100 +Subject: [PATCH 79/87] Check IP address command line arg in dhcp_release.c + +--- + contrib/wrt/dhcp_release.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/contrib/wrt/dhcp_release.c b/contrib/wrt/dhcp_release.c +index 53f47dda3aec..a51f04b30cab 100644 +--- a/contrib/wrt/dhcp_release.c ++++ b/contrib/wrt/dhcp_release.c +@@ -277,6 +277,11 @@ int main(int argc, char **argv) + exit(1); + } + ++ if (inet_addr(argv[2]) == INADDR_NONE) ++ { ++ perror("invalid ip address"); ++ exit(1); ++ } + + lease.s_addr = inet_addr(argv[2]); + server = find_interface(lease, nl, if_nametoindex(argv[1])); +-- +2.1.0 + diff --git a/src/patches/dnsmasq/0080-Revert-61b838dd574c51d96fef100285a0d225824534f9-and-.patch b/src/patches/dnsmasq/0080-Revert-61b838dd574c51d96fef100285a0d225824534f9-and-.patch new file mode 100644 index 000000000..8aa5c5cec --- /dev/null +++ b/src/patches/dnsmasq/0080-Revert-61b838dd574c51d96fef100285a0d225824534f9-and-.patch @@ -0,0 +1,53 @@ +From 338b340be9e7198f5c0f68133d070d6598a0814c Mon Sep 17 00:00:00 2001 +From: Simon Kelley +Date: Mon, 20 Apr 2015 21:34:05 +0100 +Subject: [PATCH 80/87] Revert 61b838dd574c51d96fef100285a0d225824534f9 and + just quieten log instead. + +--- + src/rfc3315.c | 24 ++++++++++-------------- + 1 file changed, 10 insertions(+), 14 deletions(-) + +diff --git a/src/rfc3315.c b/src/rfc3315.c +index c1ddc805988d..c45116a40a09 100644 +--- a/src/rfc3315.c ++++ b/src/rfc3315.c +@@ -824,25 +824,21 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_ + } + else + { +- /* Windows 8 always requests an address even if the Managed bit +- in RA is 0 and it keeps retrying if it receives a reply +- stating that no addresses are available. We solve this +- by not replying at all if we're not configured to give any +- addresses by DHCPv6. RFC 3315 17.2.1. appears to allow this. */ +- +- for (c = state->context; c; c = c->current) +- if (!(c->flags & CONTEXT_RA_STATELESS)) +- break; +- +- if (!c) +- return 0; +- + /* no address, return error */ + o1 = new_opt6(OPTION6_STATUS_CODE); + put_opt6_short(DHCP6NOADDRS); + put_opt6_string(_("no addresses available")); + end_opt6(o1); +- log6_packet(state, state->lease_allocate ? "DHCPREPLY" : "DHCPADVERTISE", NULL, _("no addresses available")); ++ ++ /* Some clients will ask repeatedly when we're not giving ++ out addresses because we're in stateless mode. Avoid spamming ++ the log in that case. */ ++ for (c = state->context; c; c = c->current) ++ if (!(c->flags & CONTEXT_RA_STATELESS)) ++ { ++ log6_packet(state, state->lease_allocate ? "DHCPREPLY" : "DHCPADVERTISE", NULL, _("no addresses available")); ++ break; ++ } + } + + break; +-- +2.1.0 + diff --git a/src/patches/dnsmasq/0081-Handle-domain-names-with-.-or-000-within-labels.patch b/src/patches/dnsmasq/0081-Handle-domain-names-with-.-or-000-within-labels.patch new file mode 100644 index 000000000..4fb78d4ca --- /dev/null +++ b/src/patches/dnsmasq/0081-Handle-domain-names-with-.-or-000-within-labels.patch @@ -0,0 +1,215 @@ +From cbe379ad6b52a538a4416a7cd992817e5637ccf9 Mon Sep 17 00:00:00 2001 +From: Simon Kelley +Date: Tue, 21 Apr 2015 22:57:06 +0100 +Subject: [PATCH 81/87] Handle domain names with '.' or /000 within labels. + +Only in DNSSEC mode, where we might need to validate or store +such names. In none-DNSSEC mode, simply don't cache these, as before. +--- + src/dns-protocol.h | 4 ++++ + src/dnsmasq.c | 15 +++++++++++++-- + src/dnssec.c | 40 +++++++++++++++++++++++++++++++--------- + src/rfc1035.c | 16 +++++++++++++++- + src/util.c | 9 ++++++++- + 5 files changed, 71 insertions(+), 13 deletions(-) + +diff --git a/src/dns-protocol.h b/src/dns-protocol.h +index 16fade33d98c..7f5d686bb150 100644 +--- a/src/dns-protocol.h ++++ b/src/dns-protocol.h +@@ -142,3 +142,7 @@ struct dns_header { + + #define ADD_RDLEN(header, pp, plen, len) \ + (!CHECK_LEN(header, pp, plen, len) ? 0 : (((pp) += (len)), 1)) ++ ++/* Escape character in our presentation format for names. ++ Cannot be '.' or /000 and must be !isprint() */ ++#define NAME_ESCAPE 1 +diff --git a/src/dnsmasq.c b/src/dnsmasq.c +index 20b15c05103a..19a6428b09e8 100644 +--- a/src/dnsmasq.c ++++ b/src/dnsmasq.c +@@ -102,8 +102,19 @@ int main (int argc, char **argv) + #ifdef HAVE_DNSSEC + if (option_bool(OPT_DNSSEC_VALID)) + { +- daemon->keyname = safe_malloc(MAXDNAME); +- daemon->workspacename = safe_malloc(MAXDNAME); ++ /* Note that both /000 and '.' are allowed within labels. These get ++ represented in presentation format using NAME_ESCAPE as an escape ++ character when in DNSSEC mode. ++ In theory, if all the characters in a name were /000 or ++ '.' or NAME_ESCAPE then all would have to be escaped, so the ++ presentation format would be twice as long as the spec. ++ ++ daemon->namebuff was previously allocated by the option-reading ++ code before we knew if we're in DNSSEC mode, so reallocate here. */ ++ free(daemon->namebuff); ++ daemon->namebuff = safe_malloc(MAXDNAME * 2); ++ daemon->keyname = safe_malloc(MAXDNAME * 2); ++ daemon->workspacename = safe_malloc(MAXDNAME * 2); + } + #endif + +diff --git a/src/dnssec.c b/src/dnssec.c +index 05e0983cb251..c116a7b5f6f4 100644 +--- a/src/dnssec.c ++++ b/src/dnssec.c +@@ -321,10 +321,18 @@ static int verify(struct blockdata *key_data, unsigned int key_len, unsigned cha + thus generating names in canonical form. + Calling to_wire followed by from_wire is almost an identity, + except that the UC remains mapped to LC. ++ ++ Note that both /000 and '.' are allowed within labels. These get ++ represented in presentation format using NAME_ESCAPE as an escape ++ character. In theory, if all the characters in a name were /000 or ++ '.' or NAME_ESCAPE then all would have to be escaped, so the ++ presentation format would be twice as long as the spec (1024). ++ The buffers are all delcared as 2049 (allowing for the trailing zero) ++ for this reason. + */ + static int to_wire(char *name) + { +- unsigned char *l, *p, term; ++ unsigned char *l, *p, *q, term; + int len; + + for (l = (unsigned char*)name; *l != 0; l = p) +@@ -332,7 +340,10 @@ static int to_wire(char *name) + for (p = l; *p != '.' && *p != 0; p++) + if (*p >= 'A' && *p <= 'Z') + *p = *p - 'A' + 'a'; +- ++ else if (*p == NAME_ESCAPE) ++ for (q = p; *q; q++) ++ *q = *(q+1); ++ + term = *p; + + if ((len = p - l) != 0) +@@ -351,13 +362,23 @@ static int to_wire(char *name) + /* Note: no compression allowed in input. */ + static void from_wire(char *name) + { +- unsigned char *l; ++ unsigned char *l, *p, *last; + int len; +- ++ ++ for (last = (unsigned char *)name; *last != 0; last += *last+1); ++ + for (l = (unsigned char *)name; *l != 0; l += len+1) + { + len = *l; + memmove(l, l+1, len); ++ for (p = l; p < l + len; p++) ++ if (*p == '.' || *p == 0 || *p == NAME_ESCAPE) ++ { ++ memmove(p+1, p, 1 + last - p); ++ len++; ++ *p++ = NAME_ESCAPE; ++ } ++ + l[len] = '.'; + } + +@@ -645,7 +666,7 @@ static void sort_rrset(struct dns_header *header, size_t plen, u16 *rr_desc, int + if (left1 != 0) + memmove(buff1, buff1 + len1 - left1, left1); + +- if ((len1 = get_rdata(header, plen, end1, buff1 + left1, MAXDNAME - left1, &p1, &dp1)) == 0) ++ if ((len1 = get_rdata(header, plen, end1, buff1 + left1, (MAXDNAME * 2) - left1, &p1, &dp1)) == 0) + { + quit = 1; + len1 = end1 - p1; +@@ -656,7 +677,7 @@ static void sort_rrset(struct dns_header *header, size_t plen, u16 *rr_desc, int + if (left2 != 0) + memmove(buff2, buff2 + len2 - left2, left2); + +- if ((len2 = get_rdata(header, plen, end2, buff2 + left2, MAXDNAME - left2, &p2, &dp2)) == 0) ++ if ((len2 = get_rdata(header, plen, end2, buff2 + left2, (MAXDNAME *2) - left2, &p2, &dp2)) == 0) + { + quit = 1; + len2 = end2 - p2; +@@ -902,10 +923,11 @@ static int validate_rrset(time_t now, struct dns_header *header, size_t plen, in + + end = p + rdlen; + +- /* canonicalise rdata and calculate length of same, use name buffer as workspace */ ++ /* canonicalise rdata and calculate length of same, use name buffer as workspace. ++ Note that name buffer is twice MAXDNAME long in DNSSEC mode. */ + cp = p; + dp = rr_desc; +- for (len = 0; (seg = get_rdata(header, plen, end, name, MAXDNAME, &cp, &dp)) != 0; len += seg); ++ for (len = 0; (seg = get_rdata(header, plen, end, name, MAXDNAME * 2, &cp, &dp)) != 0; len += seg); + len += end - cp; + len = htons(len); + hash->update(ctx, 2, (unsigned char *)&len); +@@ -913,7 +935,7 @@ static int validate_rrset(time_t now, struct dns_header *header, size_t plen, in + /* Now canonicalise again and digest. */ + cp = p; + dp = rr_desc; +- while ((seg = get_rdata(header, plen, end, name, MAXDNAME, &cp, &dp))) ++ while ((seg = get_rdata(header, plen, end, name, MAXDNAME * 2, &cp, &dp))) + hash->update(ctx, seg, (unsigned char *)name); + if (cp != end) + hash->update(ctx, end - cp, cp); +diff --git a/src/rfc1035.c b/src/rfc1035.c +index a995ab50d74a..19fecc818c06 100644 +--- a/src/rfc1035.c ++++ b/src/rfc1035.c +@@ -128,6 +128,15 @@ int extract_name(struct dns_header *header, size_t plen, unsigned char **pp, + if (isExtract) + { + unsigned char c = *p; ++#ifdef HAVE_DNSSEC ++ if (option_bool(OPT_DNSSEC_VALID)) ++ { ++ if (c == 0 || c == '.' || c == NAME_ESCAPE) ++ *cp++ = NAME_ESCAPE; ++ *cp++ = c; ++ } ++ else ++#endif + if (c != 0 && c != '.') + *cp++ = c; + else +@@ -144,9 +153,14 @@ int extract_name(struct dns_header *header, size_t plen, unsigned char **pp, + cp++; + if (c1 >= 'A' && c1 <= 'Z') + c1 += 'a' - 'A'; ++#ifdef HAVE_DNSSEC ++ if (option_bool(OPT_DNSSEC_VALID) && c1 == NAME_ESCAPE) ++ c1 = *cp++; ++#endif ++ + if (c2 >= 'A' && c2 <= 'Z') + c2 += 'a' - 'A'; +- ++ + if (c1 != c2) + retvalue = 2; + } +diff --git a/src/util.c b/src/util.c +index 648bc4d4b428..0c1a48b4700a 100644 +--- a/src/util.c ++++ b/src/util.c +@@ -226,7 +226,14 @@ unsigned char *do_rfc1035_name(unsigned char *p, char *sval) + { + unsigned char *cp = p++; + for (j = 0; *sval && (*sval != '.'); sval++, j++) +- *p++ = *sval; ++ { ++#ifdef HAVE_DNSSEC ++ if (option_bool(OPT_DNSSEC_VALID) && *sval == NAME_ESCAPE) ++ *p++ = *(++sval); ++ else ++#endif ++ *p++ = *sval; ++ } + *cp = j; + if (*sval) + sval++; +-- +2.1.0 + diff --git a/src/patches/dnsmasq/0082-Tweaks-to-previous-DNS-label-charset-commit.patch b/src/patches/dnsmasq/0082-Tweaks-to-previous-DNS-label-charset-commit.patch new file mode 100644 index 000000000..ea6f08d7e --- /dev/null +++ b/src/patches/dnsmasq/0082-Tweaks-to-previous-DNS-label-charset-commit.patch @@ -0,0 +1,136 @@ +From b8f16556d36924cd8dc7663cb4129d7b1f3fc2be Mon Sep 17 00:00:00 2001 +From: Simon Kelley +Date: Wed, 22 Apr 2015 21:14:31 +0100 +Subject: [PATCH 82/87] Tweaks to previous, DNS label charset commit. + +--- + src/dns-protocol.h | 6 +++++- + src/dnssec.c | 9 ++++++--- + src/rfc1035.c | 25 ++++++++++++++++++------- + src/util.c | 2 +- + 4 files changed, 30 insertions(+), 12 deletions(-) + +diff --git a/src/dns-protocol.h b/src/dns-protocol.h +index 7f5d686bb150..4b71746f8d26 100644 +--- a/src/dns-protocol.h ++++ b/src/dns-protocol.h +@@ -144,5 +144,9 @@ struct dns_header { + (!CHECK_LEN(header, pp, plen, len) ? 0 : (((pp) += (len)), 1)) + + /* Escape character in our presentation format for names. +- Cannot be '.' or /000 and must be !isprint() */ ++ Cannot be '.' or /000 and must be !isprint(). ++ Note that escaped chars are stored as ++ ++ to ensure that the escaped form of /000 doesn't include /000 ++*/ + #define NAME_ESCAPE 1 +diff --git a/src/dnssec.c b/src/dnssec.c +index c116a7b5f6f4..a9e12153ccf2 100644 +--- a/src/dnssec.c ++++ b/src/dnssec.c +@@ -341,9 +341,11 @@ static int to_wire(char *name) + if (*p >= 'A' && *p <= 'Z') + *p = *p - 'A' + 'a'; + else if (*p == NAME_ESCAPE) +- for (q = p; *q; q++) ++ { ++ for (q = p; *q; q++) + *q = *(q+1); +- ++ (*p)--; ++ } + term = *p; + + if ((len = p - l) != 0) +@@ -376,7 +378,8 @@ static void from_wire(char *name) + { + memmove(p+1, p, 1 + last - p); + len++; +- *p++ = NAME_ESCAPE; ++ *p++ = NAME_ESCAPE; ++ (*p)++; + } + + l[len] = '.'; +diff --git a/src/rfc1035.c b/src/rfc1035.c +index 19fecc818c06..32df31ad603c 100644 +--- a/src/rfc1035.c ++++ b/src/rfc1035.c +@@ -20,7 +20,7 @@ int extract_name(struct dns_header *header, size_t plen, unsigned char **pp, + char *name, int isExtract, int extrabytes) + { + unsigned char *cp = (unsigned char *)name, *p = *pp, *p1 = NULL; +- unsigned int j, l, hops = 0; ++ unsigned int j, l, namelen = 0, hops = 0; + int retvalue = 1; + + if (isExtract) +@@ -94,9 +94,15 @@ int extract_name(struct dns_header *header, size_t plen, unsigned char **pp, + count = 256; + digs = ((count-1)>>2)+1; + +- /* output is \[x/siz]. which is digs+9 chars */ +- if (cp - (unsigned char *)name + digs + 9 >= MAXDNAME) ++ /* output is \[x/siz]. which is digs+6/7/8 chars */ ++ namelen += digs+6; ++ if (count > 9) ++ namelen++; ++ if (count > 99) ++ namelen++; ++ if (namelen+1 >= MAXDNAME) + return 0; ++ + if (!CHECK_LEN(header, p, plen, (count-1)>>3)) + return 0; + +@@ -119,7 +125,8 @@ int extract_name(struct dns_header *header, size_t plen, unsigned char **pp, + } + else + { /* label_type = 0 -> label. */ +- if (cp - (unsigned char *)name + l + 1 >= MAXDNAME) ++ namelen += l; ++ if (namelen+1 >= MAXDNAME) + return 0; + if (!CHECK_LEN(header, p, plen, l)) + return 0; +@@ -132,8 +139,12 @@ int extract_name(struct dns_header *header, size_t plen, unsigned char **pp, + if (option_bool(OPT_DNSSEC_VALID)) + { + if (c == 0 || c == '.' || c == NAME_ESCAPE) +- *cp++ = NAME_ESCAPE; +- *cp++ = c; ++ { ++ *cp++ = NAME_ESCAPE; ++ *cp++ = c+1; ++ } ++ else ++ *cp++ = c; + } + else + #endif +@@ -155,7 +166,7 @@ int extract_name(struct dns_header *header, size_t plen, unsigned char **pp, + c1 += 'a' - 'A'; + #ifdef HAVE_DNSSEC + if (option_bool(OPT_DNSSEC_VALID) && c1 == NAME_ESCAPE) +- c1 = *cp++; ++ c1 = (*cp++)-1; + #endif + + if (c2 >= 'A' && c2 <= 'Z') +diff --git a/src/util.c b/src/util.c +index 0c1a48b4700a..9299703c6d30 100644 +--- a/src/util.c ++++ b/src/util.c +@@ -229,7 +229,7 @@ unsigned char *do_rfc1035_name(unsigned char *p, char *sval) + { + #ifdef HAVE_DNSSEC + if (option_bool(OPT_DNSSEC_VALID) && *sval == NAME_ESCAPE) +- *p++ = *(++sval); ++ *p++ = (*(++sval))-1; + else + #endif + *p++ = *sval; +-- +2.1.0 + diff --git a/src/patches/dnsmasq/0083-Logs-in-DHCPv6-not-suppressed-by-dhcp6-quiet.patch b/src/patches/dnsmasq/0083-Logs-in-DHCPv6-not-suppressed-by-dhcp6-quiet.patch new file mode 100644 index 000000000..96dc14bc0 --- /dev/null +++ b/src/patches/dnsmasq/0083-Logs-in-DHCPv6-not-suppressed-by-dhcp6-quiet.patch @@ -0,0 +1,46 @@ +From a5ae1f85873829efe473075ad77806cc02792622 Mon Sep 17 00:00:00 2001 +From: Simon Kelley +Date: Sat, 25 Apr 2015 21:46:10 +0100 +Subject: [PATCH 83/87] Logs in DHCPv6 not suppressed by dhcp6-quiet. + +--- + CHANGELOG | 6 +++++- + src/rfc3315.c | 4 ++-- + 2 files changed, 7 insertions(+), 3 deletions(-) + +diff --git a/CHANGELOG b/CHANGELOG +index 7f2b1e002e9e..af2b22cf8f73 100644 +--- a/CHANGELOG ++++ b/CHANGELOG +@@ -103,7 +103,11 @@ version 2.73 + Previously we provided correct answers to PTR queries + in such zones (including NS and SOA) but not direct + NS and SOA queries. Thanks to Johnny S. Lee for +- pointing out the problem. ++ pointing out the problem. ++ ++ Fix logging of DHCPREPLY which should be suppressed ++ by quiet-dhcp6. Thanks to J. Pablo Abonia for ++ spotting the problem. + + + version 2.72 +diff --git a/src/rfc3315.c b/src/rfc3315.c +index c45116a40a09..b4f5dd2db61f 100644 +--- a/src/rfc3315.c ++++ b/src/rfc3315.c +@@ -1047,9 +1047,9 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_ + { + preferred_time = valid_time = 0; + message = _("address invalid"); +- } ++ } + +- if (message) ++ if (message && (message != state->hostname)) + log6_packet(state, "DHCPREPLY", req_addr, message); + else + log6_quiet(state, "DHCPREPLY", req_addr, message); +-- +2.1.0 + diff --git a/src/patches/dnsmasq/0084-Make-get-version-work-when-repo-is-a-git-submodule.patch b/src/patches/dnsmasq/0084-Make-get-version-work-when-repo-is-a-git-submodule.patch new file mode 100644 index 000000000..38670a819 --- /dev/null +++ b/src/patches/dnsmasq/0084-Make-get-version-work-when-repo-is-a-git-submodule.patch @@ -0,0 +1,28 @@ +From 8efd731cc4ed2baa42aa69d0a9d336392e9987cb Mon Sep 17 00:00:00 2001 +From: "Johnny S. Lee" <_@jsl.io> +Date: Sun, 26 Apr 2015 22:23:57 +0100 +Subject: [PATCH 84/87] Make get-version work when repo is a git submodule. + +--- + bld/get-version | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/bld/get-version b/bld/get-version +index 7ab75db729ac..5372869c0852 100755 +--- a/bld/get-version ++++ b/bld/get-version +@@ -11,8 +11,9 @@ + # If there is more than one v[0-9].* tag, sort them and use the + # first. This favours, eg v2.63 over 2.63rc6. + +-if which git >/dev/null 2>&1 && [ -d $1/.git ]; then +- cd $1; git describe | sed 's/^v//' ++if which git >/dev/null 2>&1 && \ ++ ([ -d $1/.git ] || grep '^gitdir:' $1/.git >/dev/null 2>&1); then ++ cd $1; git describe | sed 's/^v//' + elif grep '\$Format:%d\$' $1/VERSION >/dev/null 2>&1; then + # unsubstituted VERSION, but no git available. + echo UNKNOWN +-- +2.1.0 + diff --git a/src/patches/dnsmasq/0085-Fix-argument-order-botch-which-broke-DNSSEC-for-TCP-.patch b/src/patches/dnsmasq/0085-Fix-argument-order-botch-which-broke-DNSSEC-for-TCP-.patch new file mode 100644 index 000000000..04bee9950 --- /dev/null +++ b/src/patches/dnsmasq/0085-Fix-argument-order-botch-which-broke-DNSSEC-for-TCP-.patch @@ -0,0 +1,40 @@ +From e66b4dff3c562c7836d5be4c26972d665ad783f1 Mon Sep 17 00:00:00 2001 +From: Simon Kelley +Date: Tue, 28 Apr 2015 20:45:57 +0100 +Subject: [PATCH 85/87] Fix argument-order botch which broke DNSSEC for TCP + queries. + +--- + src/forward.c | 9 +++++---- + 1 file changed, 5 insertions(+), 4 deletions(-) + +diff --git a/src/forward.c b/src/forward.c +index 1c7da3f5655c..a8e403c4b25e 100644 +--- a/src/forward.c ++++ b/src/forward.c +@@ -1996,8 +1996,9 @@ unsigned char *tcp_request(int confd, time_t now, + } + else + result = (status == STAT_SECURE ? "SECURE" : (status == STAT_INSECURE ? "INSECURE" : "BOGUS")); +- if (status == STAT_BOGUS && extract_request(header, m, daemon->namebuff, NULL)) +- domain = daemon->namebuff; ++ ++ if (status == STAT_BOGUS && extract_request(header, m, daemon->namebuff, NULL)) ++ domain = daemon->namebuff; + + log_query(F_KEYTAG | F_SECSTAT, domain, NULL, result); + +@@ -2040,8 +2041,8 @@ unsigned char *tcp_request(int confd, time_t now, + #endif + + m = process_reply(header, now, last_server, (unsigned int)m, +- option_bool(OPT_NO_REBIND) && !norebind, no_cache_dnssec, bogusanswer, +- cache_secure, ad_question, do_bit, added_pheader, check_subnet, &peer_addr); ++ option_bool(OPT_NO_REBIND) && !norebind, no_cache_dnssec, cache_secure, bogusanswer, ++ ad_question, do_bit, added_pheader, check_subnet, &peer_addr); + + break; + } +-- +2.1.0 + diff --git a/src/patches/dnsmasq/0086-Don-t-remove-RRSIG-RR-from-answers-to-ANY-queries-wh.patch b/src/patches/dnsmasq/0086-Don-t-remove-RRSIG-RR-from-answers-to-ANY-queries-wh.patch new file mode 100644 index 000000000..1fa5c7ac5 --- /dev/null +++ b/src/patches/dnsmasq/0086-Don-t-remove-RRSIG-RR-from-answers-to-ANY-queries-wh.patch @@ -0,0 +1,29 @@ +From 2ed162ac204f3609fe4d9f9a0430baeaa352d88f Mon Sep 17 00:00:00 2001 +From: Simon Kelley +Date: Tue, 28 Apr 2015 21:26:35 +0100 +Subject: [PATCH 86/87] Don't remove RRSIG RR from answers to ANY queries when + the do bit is not set. + +--- + src/rfc1035.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/src/rfc1035.c b/src/rfc1035.c +index 32df31ad603c..5828055caa5d 100644 +--- a/src/rfc1035.c ++++ b/src/rfc1035.c +@@ -1608,6 +1608,11 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen, + GETSHORT(qtype, p); + GETSHORT(qclass, p); + ++ /* Don't filter RRSIGS from answers to ANY queries, even if do-bit ++ not set. */ ++ if (qtype == T_ANY) ++ *do_bit = 1; ++ + ans = 0; /* have we answered this question */ + + if (qtype == T_TXT || qtype == T_ANY) +-- +2.1.0 + diff --git a/src/patches/dnsmasq/0087-Constify-some-DHCP-lease-management-functions.patch b/src/patches/dnsmasq/0087-Constify-some-DHCP-lease-management-functions.patch new file mode 100644 index 000000000..8d1ca9e6e --- /dev/null +++ b/src/patches/dnsmasq/0087-Constify-some-DHCP-lease-management-functions.patch @@ -0,0 +1,57 @@ +From 64bcff1c7c72eecda8750bc2dca8b4c5dc38a837 Mon Sep 17 00:00:00 2001 +From: Nicolas Cavallari +Date: Tue, 28 Apr 2015 21:55:18 +0100 +Subject: [PATCH 87/87] Constify some DHCP lease management functions. + +--- + src/dnsmasq.h | 7 ++++--- + src/lease.c | 8 ++++---- + 2 files changed, 8 insertions(+), 7 deletions(-) + +diff --git a/src/dnsmasq.h b/src/dnsmasq.h +index 6fe4a4189188..824a86009439 100644 +--- a/src/dnsmasq.h ++++ b/src/dnsmasq.h +@@ -1304,9 +1304,10 @@ void lease_update_slaac(time_t now); + void lease_set_iaid(struct dhcp_lease *lease, int iaid); + void lease_make_duid(time_t now); + #endif +-void lease_set_hwaddr(struct dhcp_lease *lease, unsigned char *hwaddr, +- unsigned char *clid, int hw_len, int hw_type, int clid_len, time_t now, int force); +-void lease_set_hostname(struct dhcp_lease *lease, char *name, int auth, char *domain, char *config_domain); ++void lease_set_hwaddr(struct dhcp_lease *lease, const unsigned char *hwaddr, ++ const unsigned char *clid, int hw_len, int hw_type, ++ int clid_len, time_t now, int force); ++void lease_set_hostname(struct dhcp_lease *lease, const char *name, int auth, char *domain, char *config_domain); + void lease_set_expires(struct dhcp_lease *lease, unsigned int len, time_t now); + void lease_set_interface(struct dhcp_lease *lease, int interface, time_t now); + struct dhcp_lease *lease_find_by_client(unsigned char *hwaddr, int hw_len, int hw_type, +diff --git a/src/lease.c b/src/lease.c +index 545bbb7fd09c..8adb60588671 100644 +--- a/src/lease.c ++++ b/src/lease.c +@@ -813,9 +813,9 @@ void lease_set_iaid(struct dhcp_lease *lease, int iaid) + } + #endif + +-void lease_set_hwaddr(struct dhcp_lease *lease, unsigned char *hwaddr, +- unsigned char *clid, int hw_len, int hw_type, int clid_len, +- time_t now, int force) ++void lease_set_hwaddr(struct dhcp_lease *lease, const unsigned char *hwaddr, ++ const unsigned char *clid, int hw_len, int hw_type, ++ int clid_len, time_t now, int force) + { + #ifdef HAVE_DHCP6 + int change = force; +@@ -897,7 +897,7 @@ static void kill_name(struct dhcp_lease *lease) + lease->hostname = lease->fqdn = NULL; + } + +-void lease_set_hostname(struct dhcp_lease *lease, char *name, int auth, char *domain, char *config_domain) ++void lease_set_hostname(struct dhcp_lease *lease, const char *name, int auth, char *domain, char *config_domain) + { + struct dhcp_lease *lease_tmp; + char *new_name = NULL, *new_fqdn = NULL; +-- +2.1.0 + diff --git a/src/patches/glibc/glibc-rh1207995.patch b/src/patches/glibc/glibc-rh1207995.patch new file mode 100644 index 000000000..1732de649 --- /dev/null +++ b/src/patches/glibc/glibc-rh1207995.patch @@ -0,0 +1,27 @@ +# +# Based on the following commit: +# +# commit f9d2d03254a58d92635a311a42253eeed5a40a47 +# Author: Andreas Schwab +# Date: Mon May 26 18:01:31 2014 +0200 +# +# Fix invalid file descriptor reuse while sending DNS query (BZ #15946) +# +# 2014-06-03 Andreas Schwab +# +# [BZ #15946] +# * resolv/res_send.c (send_dg): Reload file descriptor after +# calling reopen. +# +diff --git a/resolv/res_send.c b/resolv/res_send.c +index 3273d55..af42b8a 100644 +--- a/resolv/res_send.c ++++ b/resolv/res_send.c +@@ -1410,6 +1410,7 @@ send_dg(res_state statp, + retval = reopen (statp, terrno, ns); + if (retval <= 0) + return retval; ++ pfd[0].fd = EXT(statp).nssocks[ns]; + } + } + goto wait; diff --git a/src/patches/glibc/glibc-rh1209375.patch b/src/patches/glibc/glibc-rh1209375.patch new file mode 100644 index 000000000..74393f039 --- /dev/null +++ b/src/patches/glibc/glibc-rh1209375.patch @@ -0,0 +1,18 @@ +@@ -, +, @@ + resolv/nss_dns/dns-host.c:getanswer_r. +--- + resolv/nss_dns/dns-host.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) +--- a/resolv/nss_dns/dns-host.c ++++ a/resolv/nss_dns/dns-host.c +@@ -615,7 +615,8 @@ getanswer_r (const querybuf *answer, int anslen, const char *qname, int qtype, + int have_to_map = 0; + uintptr_t pad = -(uintptr_t) buffer % __alignof__ (struct host_data); + buffer += pad; +- if (__builtin_expect (buflen < sizeof (struct host_data) + pad, 0)) ++ buflen = buflen > pad ? buflen - pad : 0; ++ if (__builtin_expect (buflen < sizeof (struct host_data), 0)) + { + /* The buffer is too small. */ + too_small: +-- diff --git a/src/patches/openssl-1.0.2a_auto_enable_padlock.patch b/src/patches/openssl-1.0.2a_auto_enable_padlock.patch new file mode 100644 index 000000000..b5c0e95a2 --- /dev/null +++ b/src/patches/openssl-1.0.2a_auto_enable_padlock.patch @@ -0,0 +1,34 @@ +diff -Naur openssl-1.0.2a.org/crypto/engine/eng_all.c openssl-1.0.2a/crypto/engine/eng_all.c +--- openssl-1.0.2a.org/crypto/engine/eng_all.c 2015-03-19 14:30:36.000000000 +0100 ++++ openssl-1.0.2a/crypto/engine/eng_all.c 2015-04-27 12:27:05.063569969 +0200 +@@ -120,6 +120,14 @@ + ENGINE_load_capi(); + # endif + #endif ++#ifdef OPENSSL_NO_STATIC_ENGINE ++ ENGINE *e; ++ e = ENGINE_by_id("padlock"); ++ if (e != NULL) { ++ ENGINE_add(e); ++ ENGINE_free(e); ++ } ++#endif + ENGINE_register_all_complete(); + } + +diff -Naur openssl-1.0.2a.org/ssl/ssl_algs.c openssl-1.0.2a/ssl/ssl_algs.c +--- openssl-1.0.2a.org/ssl/ssl_algs.c 2015-03-19 14:30:36.000000000 +0100 ++++ openssl-1.0.2a/ssl/ssl_algs.c 2015-04-27 11:04:27.893399695 +0200 +@@ -151,5 +151,12 @@ + #endif + /* initialize cipher/digest methods table */ + ssl_load_ciphers(); ++ ++ /* Init available hardware crypto engines */ ++ ENGINE_load_builtin_engines(); ++ ENGINE_register_all_complete(); ++ ENGINE * padlock = ENGINE_by_id("padlock"); ++ if (padlock) ENGINE_set_default_ciphers(padlock); ++ + return (1); + } diff --git a/src/patches/openssl-1.0.2a_disable_ssse3_for_amd.patch b/src/patches/openssl-1.0.2a_disable_ssse3_for_amd.patch new file mode 100644 index 000000000..097cc8071 --- /dev/null +++ b/src/patches/openssl-1.0.2a_disable_ssse3_for_amd.patch @@ -0,0 +1,11 @@ +diff -Naur openssl-1.0.2a.org/crypto/x86cpuid.pl openssl-1.0.2a/crypto/x86cpuid.pl +--- openssl-1.0.2a.org/crypto/x86cpuid.pl 2015-03-19 14:30:36.000000000 +0100 ++++ openssl-1.0.2a/crypto/x86cpuid.pl 2015-04-28 13:47:57.853521020 +0200 +@@ -71,6 +71,7 @@ + &mov ("eax",1); + &xor ("ecx","ecx"); + &cpuid (); ++ &and ("ecx",0xfffffdff); # clear SSSE3 because it is incredible slow on AMD's + &bt ("edx",28); + &jnc (&label("generic")); + &shr ("ebx",16); diff --git a/src/patches/strongswan-5.3.0-stroke-Increase-stroke-buffer-size-to-8k.patch b/src/patches/strongswan-5.3.0-stroke-Increase-stroke-buffer-size-to-8k.patch new file mode 100644 index 000000000..2252e314d --- /dev/null +++ b/src/patches/strongswan-5.3.0-stroke-Increase-stroke-buffer-size-to-8k.patch @@ -0,0 +1,34 @@ +From 4b59d129fd1026bab37256af0df9ae7ace39e7ba Mon Sep 17 00:00:00 2001 +From: Michael Tremer +Date: Mon, 27 Apr 2015 18:49:45 +0200 +Subject: [PATCH] stroke: Increase stroke buffer size to 8k + +Complicated connections can have lots of arguments +for the ike= and esp= directives in the ipsec.conf +configuration file. strongSwan wouldn't import those +because the size of the message that is send from +stroke to charon exceeded the limit of 4k. + +This patch increases the size of the buffer that +can be passed to charon to 8k which should be enough +even for connections with longer configurations. +--- + src/stroke/stroke_msg.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/stroke/stroke_msg.h b/src/stroke/stroke_msg.h +index c2b923f6db9a..c391efa00105 100644 +--- a/src/stroke/stroke_msg.h ++++ b/src/stroke/stroke_msg.h +@@ -32,7 +32,7 @@ + */ + #define STROKE_SOCKET IPSEC_PIDDIR "/charon.ctl" + +-#define STROKE_BUF_LEN 4096 ++#define STROKE_BUF_LEN 8192 + + typedef enum list_flag_t list_flag_t; + +-- +2.1.0 + diff --git a/tools/checkwronginitlinks b/tools/checkrootfiles similarity index 76% rename from tools/checkwronginitlinks rename to tools/checkrootfiles index 65fc946b6..74fab3e02 100755 --- a/tools/checkwronginitlinks +++ b/tools/checkrootfiles @@ -2,7 +2,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2013 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2015 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -32,3 +32,17 @@ if [ "${?}" == "0" ]; then grep -r "^var/run//*" ./config/rootfiles/ echo "Comment this and create it at initskript if needed !" fi + +grep -r "/i586" ./config/rootfiles/ --exclude gcc --exclude-dir oldcore >/dev/null 2>&1 +if [ "${?}" == "0" ]; then + echo "Error! '/i586' in rootfiles files found!" + grep -r "/i586" ./config/rootfiles/ --exclude gcc --exclude-dir oldcore + echo "Replace by MACHINE !" +fi + +grep -r "/armv5tel" ./config/rootfiles/ --exclude gcc --exclude-dir oldcore >/dev/null 2>&1 +if [ "${?}" == "0" ]; then + echo "Error! '/armv5tel' in rootfiles files found!" + grep -r "/armv5tel" ./config/rootfiles/ --exclude gcc --exclude-dir oldcore + echo "Replace by MACHINE !" +fi