diff --git a/0141-Fix-memory-leak-in-helper.c.patch b/0141-Fix-memory-leak-in-helper.c.patch deleted file mode 100644 index 88b72f69f7af42378ec6bbbe200b504668666276..0000000000000000000000000000000000000000 --- a/0141-Fix-memory-leak-in-helper.c.patch +++ /dev/null @@ -1,46 +0,0 @@ -From 69bc94779c2f035a9fffdb5327a54c3aeca73ed5 Mon Sep 17 00:00:00 2001 -From: Simon Kelley -Date: Wed, 14 Aug 2019 20:44:50 +0100 -Subject: [PATCH 141/156] Fix memory leak in helper.c - -Thanks to Xu Mingjie for spotting this. ---- - src/helper.c | 12 +++++++++--- - 1 file changed, 9 insertions(+), 3 deletions(-) - -diff --git a/src/helper.c b/src/helper.c -index 33ba120..c392eec 100644 ---- a/src/helper.c -+++ b/src/helper.c -@@ -80,7 +80,8 @@ int create_helper(int event_fd, int err_fd, uid_t uid, gid_t gid, long max_fd) - pid_t pid; - int i, pipefd[2]; - struct sigaction sigact; -- -+ unsigned char *alloc_buff = NULL; -+ - /* create the pipe through which the main program sends us commands, - then fork our process. */ - if (pipe(pipefd) == -1 || !fix_fd(pipefd[1]) || (pid = fork()) == -1) -@@ -186,11 +187,16 @@ int create_helper(int event_fd, int err_fd, uid_t uid, gid_t gid, long max_fd) - struct script_data data; - char *p, *action_str, *hostname = NULL, *domain = NULL; - unsigned char *buf = (unsigned char *)daemon->namebuff; -- unsigned char *end, *extradata, *alloc_buff = NULL; -+ unsigned char *end, *extradata; - int is6, err = 0; - int pipeout[2]; - -- free(alloc_buff); -+ /* Free rarely-allocated memory from previous iteration. */ -+ if (alloc_buff) -+ { -+ free(alloc_buff); -+ alloc_buff = NULL; -+ } - - /* we read zero bytes when pipe closed: this is our signal to exit */ - if (!read_write(pipefd[0], (unsigned char *)&data, sizeof(data), 1)) --- -1.8.3.1 - diff --git a/bugfix-allow-binding-mac-with-ipv6.patch b/bugfix-allow-binding-mac-with-ipv6.patch index 3a1dad2f1a948526de064dedc26629b948dc23e4..58fa9d4b2878c5fc0998499683999c3a39e1cc15 100644 --- a/bugfix-allow-binding-mac-with-ipv6.patch +++ b/bugfix-allow-binding-mac-with-ipv6.patch @@ -1,45 +1,43 @@ -From 7d8a6199730a2fd0cd2a7cfa4fdb73b8399f110a Mon Sep 17 00:00:00 2001 -From: Shufeng Cao -Date: Tue, 27 Nov 2018 15:03:59 +0800 -Subject: [PATCH 1/2] allow binding mac address with ipv6 +From 53e1a09a06e11317bbde0e236837e5daa8d40593 Mon Sep 17 00:00:00 2001 +From: liaichun +Date: Mon, 20 Apr 2020 16:06:51 +0800 +Subject: [PATCH] bugfix-allow-binding-mac-with-ipv6 -This change introduces a new option --bind-mac-with-ip6, when this -option is enabled, a client of same mac address will always get the -bound ipv6 address, even when it's duid has been changed. --- - src/dnsmasq.c | 1 + - src/dnsmasq.h | 4 +++- - src/option.c | 3 +++ - src/rfc3315.c | 34 +++++++++++++++++++++++++++++++++- - 4 files changed, 40 insertions(+), 2 deletions(-) + src/dnsmasq.c | 2 +- + src/dnsmasq.h | 4 ++- + src/option.c | 5 +++- + src/rfc3315.c | 35 +++++++++++++++++++++++++- + 4 files changed, 46 insertions(+) diff --git a/src/dnsmasq.c b/src/dnsmasq.c -index 9f6c020..32a4d22 100644 +index fc085eb..e44c360 100644 --- a/src/dnsmasq.c +++ b/src/dnsmasq.c -@@ -243,6 +243,7 @@ int main (int argc, char **argv) +@@ -260,7 +260,7 @@ int main (int argc, char **argv) if (daemon->dhcp6) { daemon->doing_ra = option_bool(OPT_RA); -+ daemon->bind_mac_with_ip6 = option_bool(OPT_BIND_MAC_IP6); - +- ++ daemon->bind_mac_with_ip6 = option_bool(OPT_BIND_MAC_IP6); for (context = daemon->dhcp6; context; context = context->next) { + if (context->flags & CONTEXT_DHCP) diff --git a/src/dnsmasq.h b/src/dnsmasq.h -index 6773b69..8b31d42 100644 +index 68e6287..e7f1a0d 100644 --- a/src/dnsmasq.h +++ b/src/dnsmasq.h -@@ -250,7 +250,8 @@ struct event_desc { - #define OPT_MAC_B64 54 - #define OPT_MAC_HEX 55 - #define OPT_TFTP_APREF_MAC 56 --#define OPT_LAST 57 -+#define OPT_BIND_MAC_IP6 57 -+#define OPT_LAST 58 +@@ -269,7 +269,8 @@ struct event_desc { + #define OPT_IGNORE_CLID 59 + #define OPT_SINGLE_PORT 60 + #define OPT_LEASE_RENEW 61 +-#define OPT_LAST 62 ++#define OPT_BIND_MAC_IP6 62 ++#define OPT_LAST 63 - /* extra flags for my_syslog, we use a couple of facilities since they are known - not to occupy the same bits as priorities, no matter how syslog.h is set up. */ -@@ -1000,6 +1001,7 @@ extern struct daemon { + #define OPTION_BITS (sizeof(unsigned int)*8) + #define OPTION_SIZE ( (OPT_LAST/OPTION_BITS)+((OPT_LAST%OPTION_BITS)!=0) ) +@@ -1049,6 +1050,7 @@ extern struct daemon { int override; int enable_pxe; int doing_ra, doing_dhcp6; @@ -48,56 +46,59 @@ index 6773b69..8b31d42 100644 struct dhcp_netid_list *force_broadcast, *bootp_dynamic; struct hostsfile *dhcp_hosts_file, *dhcp_opts_file, *dynamic_dirs; diff --git a/src/option.c b/src/option.c -index d358d99..919e5a3 100644 +index 1f698da..f02d389 100644 --- a/src/option.c +++ b/src/option.c -@@ -160,6 +160,7 @@ struct myoption { - #define LOPT_DHCPTTL 348 - #define LOPT_TFTP_MTU 349 - #define LOPT_REPLY_DELAY 350 -+#define LOPT_BIND_MAC_IP6 351 - +@@ -167,7 +167,8 @@ struct myoption { + #define LOPT_IGNORE_CLID 358 + #define LOPT_SINGLE_PORT 359 + #define LOPT_SCRIPT_TIME 360 +- ++#define LOPT_BIND_MAC_IP6 361 ++ #ifdef HAVE_GETOPT_LONG static const struct option opts[] = -@@ -325,6 +326,7 @@ static const struct myoption opts[] = - { "script-arp", 0, 0, LOPT_SCRIPT_ARP }, - { "dhcp-ttl", 1, 0 , LOPT_DHCPTTL }, - { "dhcp-reply-delay", 1, 0, LOPT_REPLY_DELAY }, + #else +@@ -339,6 +340,7 @@ static const struct myoption opts[] = + { "dumpfile", 1, 0, LOPT_DUMPFILE }, + { "dumpmask", 1, 0, LOPT_DUMPMASK }, + { "dhcp-ignore-clid", 0, 0, LOPT_IGNORE_CLID }, + { "bind-mac-with-ip6", 0, 0 , LOPT_BIND_MAC_IP6 }, { NULL, 0, 0, 0 } }; -@@ -497,6 +499,7 @@ static struct { - { LOPT_IGNORE_ADDR, ARG_DUP, "", gettext_noop("Ignore DNS responses containing ipaddr."), NULL }, - { LOPT_DHCPTTL, ARG_ONE, "", gettext_noop("Set TTL in DNS responses with DHCP-derived addresses."), NULL }, - { LOPT_REPLY_DELAY, ARG_ONE, "", gettext_noop("Delay DHCP replies for at least number of seconds."), NULL }, +@@ -518,6 +520,7 @@ static struct { + { LOPT_DUMPFILE, ARG_ONE, "", gettext_noop("Path to debug packet dump file"), NULL }, + { LOPT_DUMPMASK, ARG_ONE, "", gettext_noop("Mask which packets to dump"), NULL }, + { LOPT_SCRIPT_TIME, OPT_LEASE_RENEW, NULL, gettext_noop("Call dhcp-script when lease expiry changes."), NULL }, + { LOPT_BIND_MAC_IP6, OPT_BIND_MAC_IP6, NULL, gettext_noop("Bind mac with ipv6 address. This is an experimental feature and it conflicts with rfc3315."), NULL }, { 0, 0, NULL, NULL, NULL } }; diff --git a/src/rfc3315.c b/src/rfc3315.c -index 21fcd9b..defd966 100644 +index b3f0a0a..a5a092c 100644 --- a/src/rfc3315.c +++ b/src/rfc3315.c -@@ -55,6 +55,7 @@ static struct prefix_class *prefix_class_from_context(struct dhcp_context *conte +@@ -49,6 +49,7 @@ static void end_ia(int t1cntr, unsigned int min_time, int do_fuzz); static void mark_context_used(struct state *state, struct in6_addr *addr); static void mark_config_used(struct dhcp_context *context, struct in6_addr *addr); static int check_address(struct state *state, struct in6_addr *addr); +static int check_and_try_preempte_address(struct state *state, struct in6_addr *addr, time_t now, struct dhcp_config *config); + static int config_valid(struct dhcp_config *config, struct dhcp_context *context, struct in6_addr *addr, struct state *state, time_t now); + static struct addrlist *config_implies(struct dhcp_config *config, struct dhcp_context *context, struct in6_addr *addr); static void add_address(struct state *state, struct dhcp_context *context, unsigned int lease_time, void *ia_option, - unsigned int *min_time, struct in6_addr *addr, time_t now); - static void update_leases(struct state *state, struct dhcp_context *context, struct in6_addr *addr, unsigned int lease_time, time_t now); -@@ -746,7 +747,7 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_ +@@ -703,7 +704,8 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_ + for (c = state->context; c; c = c->current) if (!(c->flags & CONTEXT_CONF_USED) && match_netid(c->filter, solicit_tags, plain_range) && - config_valid(config, c, &addr) && -- check_address(state, &addr)) +- config_valid(config, c, &addr, state, now)) ++ config_valid(config, c, &addr, state, now) && + check_and_try_preempte_address(state, &addr, now, config)) { mark_config_used(state->context, &addr); if (have_config(config, CONFIG_TIME)) -@@ -1744,6 +1745,37 @@ static int check_address(struct state *state, struct in6_addr *addr) - return 1; +@@ -1259,6 +1261,37 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_ + } +static int check_and_try_preempte_address(struct state *state, struct in6_addr *addr, time_t now, struct dhcp_config *config) @@ -131,9 +132,9 @@ index 21fcd9b..defd966 100644 + return 1; +} + - - /* Calculate valid and preferred times to send in leases/renewals. - + static struct dhcp_netid *add_options(struct state *state, int do_refresh) + { + void *oro; -- -2.19.1 +2.23.0 diff --git a/bugfix-deal-with-CONFRIM-when-binding-mac-with-ipv6.patch b/bugfix-deal-with-CONFRIM-when-binding-mac-with-ipv6.patch index 761abbfa8d3592ad8ce6c0953deae16b92240a34..8036a880c3c3bb7d5cb2d8f1ca7807eeb3d4c6a8 100644 --- a/bugfix-deal-with-CONFRIM-when-binding-mac-with-ipv6.patch +++ b/bugfix-deal-with-CONFRIM-when-binding-mac-with-ipv6.patch @@ -1,18 +1,17 @@ -From c4a283365bdd56e4552e7205fbfba17ca298fc3a Mon Sep 17 00:00:00 2001 -From: Shufeng Cao -Date: Fri, 14 Dec 2018 20:02:31 +0800 -Subject: [PATCH 2/2] binding mac with ipv6: dealing with invalid CONFIRM - package +From 068fe05737fe86185b5d55da7de6ea6b2668c911 Mon Sep 17 00:00:00 2001 +From: liaichun +Date: Mon, 20 Apr 2020 16:17:24 +0800 +Subject: [PATCH] bugfix-deal-with-CONFRIM-when-binding-mac-with-ipv6 --- - src/rfc3315.c | 30 ++++++++++++++++++++++++++++++ - 1 file changed, 30 insertions(+) + src/rfc3315.c | 30 +++++++++++++++++++++++++++++- + 1 file changed, 29 insertions(+), 1 deletion(-) diff --git a/src/rfc3315.c b/src/rfc3315.c -index defd966..f8ba7e4 100644 +index a5a092c..ef13b3d 100644 --- a/src/rfc3315.c +++ b/src/rfc3315.c -@@ -1087,11 +1087,31 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_ +@@ -1033,11 +1033,31 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_ case DHCP6CONFIRM: { int good_addr = 0; @@ -28,11 +27,11 @@ index defd966..f8ba7e4 100644 + if(state->mac) { + for (find_config = daemon->dhcp_conf; find_config; find_config = find_config->next) + if (config_has_mac(find_config, state->mac, state->mac_len, state->mac_type) && have_config(find_config, CONFIG_ADDR6)) { -+ find_bind = 1; -+ break; ++ find_bind = 1; ++ break; + } + } -+ /* requires all mac has binding ipv6 address. */ ++ /* requires all mac has binding ipv6 address. */ + if (find_bind == 0) { + o1 = new_opt6(OPTION6_STATUS_CODE); + put_opt6_short(DHCP6NOTONLINK); @@ -44,12 +43,13 @@ index defd966..f8ba7e4 100644 for (opt = state->packet_options; opt; opt = opt6_next(opt, state->end)) { -@@ -1112,6 +1132,16 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_ +@@ -1061,7 +1081,15 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_ + log6_quiet(state, "DHCPREPLY", &req_addr, _("confirm failed")); return 1; } - +- + if(daemon->bind_mac_with_ip6) { -+ if (!is_same_net6(req_addr, &find_config->addr6, 128)) { ++ if (!is_same_net6(&req_addr, &find_config->addr6, 128)) { + o1 = new_opt6(OPTION6_STATUS_CODE); + put_opt6_short(DHCP6NOTONLINK); + put_opt6_string(_("confirm failed, not binding to this address")); @@ -57,10 +57,9 @@ index defd966..f8ba7e4 100644 + return 1; + } + } -+ good_addr = 1; - log6_quiet(state, "DHCPREPLY", req_addr, state->hostname); + log6_quiet(state, "DHCPREPLY", &req_addr, state->hostname); } -- -2.19.1 +2.23.0 diff --git a/dnsmasq-2.77-underflow.patch b/dnsmasq-2.77-underflow.patch index 2e900bfba04777b4da9b60171990e4317f17156f..654208e448561513860d9f20f0d57317385ccccb 100644 --- a/dnsmasq-2.77-underflow.patch +++ b/dnsmasq-2.77-underflow.patch @@ -1,63 +1,41 @@ -From c82a594d95431e8615126621397ea595eb037a6b Mon Sep 17 00:00:00 2001 -From: Doran Moppert -Date: Tue, 26 Sep 2017 14:48:20 +0930 -Subject: [PATCH] google patch hand-applied +From 8fbce6094dc3acad11c464723d97d3215951c5d4 Mon Sep 17 00:00:00 2001 +From: liaichun +Date: Mon, 20 Apr 2020 15:26:17 +0800 +Subject: [PATCH] dnsmasq-2.77-underflow --- - src/edns0.c | 10 +++++----- - src/forward.c | 4 ++++ - src/rfc1035.c | 2 ++ - 3 files changed, 11 insertions(+), 5 deletions(-) + src/forward.c | 3 +++ + src/rfc1035.c | 3 +++ + 2 files changed, 6 insertions(+) -diff --git a/src/edns0.c b/src/edns0.c -index af33877..ba6ff0c 100644 ---- a/src/edns0.c -+++ b/src/edns0.c -@@ -212,11 +212,11 @@ size_t add_pseudoheader(struct dns_header *header, size_t plen, unsigned char *l - /* Copy back any options */ - if (buff) - { -- if (p + rdlen > limit) -- { -- free(buff); -- return plen; /* Too big */ -- } -+ if (p + rdlen > limit) -+ { -+ free(buff); -+ return plen; /* Too big */ -+ } - memcpy(p, buff, rdlen); - free(buff); - p += rdlen; diff --git a/src/forward.c b/src/forward.c -index cdd11d3..3078f64 100644 +index fde554d..47ccd91 100644 --- a/src/forward.c +++ b/src/forward.c -@@ -1438,6 +1438,10 @@ void receive_query(struct listener *listen, time_t now) +@@ -1546,6 +1546,9 @@ void receive_query(struct listener *listen, time_t now) + else if (udp_size < PACKETSZ) udp_size = PACKETSZ; /* Sanity check - can't reduce below default. RFC 6891 6.2.3 */ } - + // Make sure the udp size is not smaller than the incoming message so that we + // do not underflow + if (udp_size < n) udp_size = n; -+ + #ifdef HAVE_AUTH if (auth_dns) - { diff --git a/src/rfc1035.c b/src/rfc1035.c -index b078b59..777911b 100644 +index fefe63d..6253794 100644 --- a/src/rfc1035.c +++ b/src/rfc1035.c -@@ -1281,6 +1281,8 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen, - int nxdomain = 0, auth = 1, trunc = 0, sec_data = 1; - struct mx_srv_record *rec; +@@ -1340,6 +1340,9 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen, size_t len; + int rd_bit = (header->hb3 & HB3_RD); + + // Make sure we do not underflow here too. + if (qlen > (limit - ((char *)header))) return 0; - ++ + /* never answer queries with RD unset, to avoid cache snooping. */ if (ntohs(header->ancount) != 0 || ntohs(header->nscount) != 0 || -- -2.14.3 +2.23.0 diff --git a/dnsmasq-2.78-fips.patch b/dnsmasq-2.78-fips.patch index 011433c76f57c533b1f3627113a5125c96f5ee8d..cdda9562cca49969b81ea75b2375f8d4d446f0e7 100644 --- a/dnsmasq-2.78-fips.patch +++ b/dnsmasq-2.78-fips.patch @@ -1,29 +1,20 @@ -From 89f57e39b69f92beacb6bad9c68d61f9c4fb0e77 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= -Date: Fri, 2 Mar 2018 13:17:04 +0100 -Subject: [PATCH] Print warning on FIPS machine with dnssec enabled. Dnsmasq - has no proper FIPS 140-2 compliant implementation. +From 7d77bd1038de810c3f916d2117742b0d8fa2429c Mon Sep 17 00:00:00 2001 +From: liaichun +Date: Mon, 20 Apr 2020 15:32:27 +0800 +Subject: [PATCH] dnsmasq-2.78-fips --- - src/dnsmasq.c | 6 +++++- - 1 file changed, 5 insertions(+), 1 deletion(-) + src/dnsmasq.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/dnsmasq.c b/src/dnsmasq.c -index ce44809..9f6c020 100644 +index 878167c..fc085eb 100644 --- a/src/dnsmasq.c +++ b/src/dnsmasq.c -@@ -187,6 +187,7 @@ int main (int argc, char **argv) - - if (daemon->cachesize < CACHESIZ) - die(_("cannot reduce cache size from default when DNSSEC enabled"), NULL, EC_BADCONF); -+ - #else - die(_("DNSSEC not available: set HAVE_DNSSEC in src/config.h"), NULL, EC_BADCONF); - #endif -@@ -769,7 +770,10 @@ int main (int argc, char **argv) - } - - my_syslog(LOG_INFO, _("DNSSEC validation enabled")); +@@ -876,7 +876,10 @@ int main (int argc, char **argv) + my_syslog(LOG_INFO, _("DNSSEC validation enabled but all unsigned answers are trusted")); + else + my_syslog(LOG_INFO, _("DNSSEC validation enabled")); - + + if (access("/etc/system-fips", F_OK) == 0) @@ -33,5 +24,5 @@ index ce44809..9f6c020 100644 if (option_bool(OPT_DNSSEC_TIME) && !daemon->back_to_the_future) my_syslog(LOG_INFO, _("DNSSEC signature timestamps not checked until receipt of SIGINT")); -- -2.14.4 +2.23.0 diff --git a/dnsmasq-2.79.tar.xz b/dnsmasq-2.79.tar.xz deleted file mode 100644 index d2baa873556eb9853a36cbbe49667a7d73378078..0000000000000000000000000000000000000000 Binary files a/dnsmasq-2.79.tar.xz and /dev/null differ diff --git a/dnsmasq-2.80-dnssec.patch b/dnsmasq-2.80-dnssec.patch deleted file mode 100644 index a34f46eccdefff71b7c6ec9daea237c2beb62701..0000000000000000000000000000000000000000 --- a/dnsmasq-2.80-dnssec.patch +++ /dev/null @@ -1,73 +0,0 @@ -From a997ca0da044719a0ce8a232d14da8b30022592b Mon Sep 17 00:00:00 2001 -From: Simon Kelley -Date: Fri, 29 Jun 2018 14:39:41 +0100 -Subject: [PATCH] Fix sometimes missing DNSSEC RRs when DNSSEC validation not - enabled. - -Dnsmasq does pass on the do-bit, and return DNSSEC RRs, irrespective -of of having DNSSEC validation compiled in or enabled. - -The thing to understand here is that the cache does not store all the -DNSSEC RRs, and dnsmasq doesn't have the (very complex) logic required -to determine the set of DNSSEC RRs required in an answer. Therefore if -the client wants the DNSSEC RRs, the query can not be answered from -the cache. When DNSSEC validation is enabled, any query with the -do-bit set is never answered from the cache, unless the domain is -known not to be signed: the query is always forwarded. This ensures -that the DNSEC RRs are included. - -The same thing should be true when DNSSEC validation is not enabled, -but there's a bug in the logic. - -line 1666 of src/rfc1035.c looks like this - - if ((crecp->flags & (F_HOSTS | F_DHCP | F_CONFIG)) || !do_bit || !(crecp->flags & F_DNSSECOK)) - -{ ...answer from cache ... } - -So local stuff (hosts, DHCP, ) get answered. If the do_bit is not set -then the query is answered, and if the domain is known not to be -signed, the query is answered. - -Unfortunately, if DNSSEC validation is not turned on then the -F_DNSSECOK bit is not valid, and it's always zero, so the question -always gets answered from the cache, even when the do-bit is set. - -This code should look like that at line 1468, dealing with PTR queries - - if ((crecp->flags & (F_HOSTS | F_DHCP | F_CONFIG)) || - !do_bit || - (option_bool(OPT_DNSSEC_VALID) && !(crecp->flags & F_DNSSECOK))) - -where the F_DNSSECOK bit is only used when validation is enabled. ---- - src/rfc1035.c | 6 ++++-- - 1 file changed, 4 insertions(+), 2 deletions(-) - -diff --git a/src/rfc1035.c b/src/rfc1035.c -index ebb1f36..580f5ef 100644 ---- a/src/rfc1035.c -+++ b/src/rfc1035.c -@@ -1663,7 +1663,9 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen, - } - - /* If the client asked for DNSSEC don't use cached data. */ -- if ((crecp->flags & (F_HOSTS | F_DHCP | F_CONFIG)) || !do_bit || !(crecp->flags & F_DNSSECOK)) -+ if ((crecp->flags & (F_HOSTS | F_DHCP | F_CONFIG)) || -+ !do_bit || -+ (option_bool(OPT_DNSSEC_VALID) && !(crecp->flags & F_DNSSECOK))) - do - { - /* don't answer wildcard queries with data not from /etc/hosts -@@ -1747,7 +1749,7 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen, - { - if ((crecp = cache_find_by_name(NULL, name, now, F_CNAME | (dryrun ? F_NO_RR : 0))) && - (qtype == T_CNAME || (crecp->flags & F_CONFIG)) && -- ((crecp->flags & F_CONFIG) || !do_bit || !(crecp->flags & F_DNSSECOK))) -+ ((crecp->flags & F_CONFIG) || !do_bit || (option_bool(OPT_DNSSEC_VALID) && !(crecp->flags & F_DNSSECOK)))) - { - if (!(crecp->flags & F_DNSSECOK)) - sec_data = 0; --- -2.14.4 - diff --git a/dnsmasq-2.81.tar.xz b/dnsmasq-2.81.tar.xz new file mode 100644 index 0000000000000000000000000000000000000000..8e4453891f44889d3c28fc105b880d92ee6764ef Binary files /dev/null and b/dnsmasq-2.81.tar.xz differ diff --git a/dnsmasq.spec b/dnsmasq.spec index 1dd6481fb8093d216580903577749825b182149d..a0337a42aafb583b632ca6ac6f0baa1a8cd2825d 100644 --- a/dnsmasq.spec +++ b/dnsmasq.spec @@ -1,6 +1,6 @@ Name: dnsmasq -Version: 2.79 -Release: 11 +Version: 2.81 +Release: 1 Summary: Dnsmasq provides network infrastructure for small networks License: GPLv2 or GPLv3 URL: http://www.thekelleys.org.uk/dnsmasq/ @@ -11,9 +11,7 @@ Source2: dnsmasq-systemd-sysusers.conf #patches from the opensource fedora/redhat repository Patch0001: dnsmasq-2.77-underflow.patch Patch0002: dnsmasq-2.78-fips.patch -Patch0003: dnsmasq-2.80-dnssec.patch -Patch6000: 0141-Fix-memory-leak-in-helper.c.patch Patch9000: bugfix-allow-binding-mac-with-ipv6.patch Patch9001: bugfix-deal-with-CONFRIM-when-binding-mac-with-ipv6.patch @@ -109,6 +107,12 @@ install -Dpm644 %{SOURCE2} $RPM_BUILD_ROOT%{_sysusersdir}/dnsmasq.conf %{_mandir}/man8/dnsmasq* %changelog +* Fri Apr 17 2020 openEuler Buildteam - 2.80-1 +- Type:bugfix +- Id:NA +- SUG:NA +- DESC:update to 2.80-1 + * Sat Dec 21 2019 openEuler Buildteam - 2.79-11 - Type:bugfix - Id:NA