Date: Sun, 24 Jan 2021 11:01:20 +0000 (UTC) From: Matthias Andree <mandree@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r562461 - in head/dns/dnsmasq: . files Message-ID: <202101241101.10OB1KJ4016059@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: mandree Date: Sun Jan 24 11:01:20 2021 New Revision: 562461 URL: https://svnweb.freebsd.org/changeset/ports/562461 Log: dns/dnsmasq: regression fixes from upstream Git Apparently there are situations where dnsmasq 2.83 can confuse its peers or sockets, and the upstream Git contains fixes for them. These four fixes essentially take dnsmasq to 2.84test3. Obtained from: Simon Kelley <simon@thekelleys.org.uk>'s Git repository Added: head/dns/dnsmasq/files/patch-zgit-1 (contents, props changed) head/dns/dnsmasq/files/patch-zgit-2 (contents, props changed) head/dns/dnsmasq/files/patch-zgit-3 (contents, props changed) head/dns/dnsmasq/files/patch-zgit-4 (contents, props changed) Modified: head/dns/dnsmasq/Makefile head/dns/dnsmasq/files/pkg-message.in Modified: head/dns/dnsmasq/Makefile ============================================================================== --- head/dns/dnsmasq/Makefile Sun Jan 24 10:53:41 2021 (r562460) +++ head/dns/dnsmasq/Makefile Sun Jan 24 11:01:20 2021 (r562461) @@ -4,11 +4,12 @@ PORTNAME= dnsmasq DISTVERSION= 2.83 # Leave the PORTREVISION in even if 0 to avoid accidental PORTEPOCH bumps: -PORTREVISION= 0 +PORTREVISION= 1 PORTEPOCH= 1 CATEGORIES= dns -MASTER_SITES= http://www.thekelleys.org.uk/dnsmasq/ \ +MASTER_SITES= https://www.thekelleys.org.uk/dnsmasq/ \ LOCAL/mandree/ +PATCH_STRIP= -p1 MAINTAINER= mandree@FreeBSD.org COMMENT= Lightweight DNS forwarder, DHCP, and TFTP server Added: head/dns/dnsmasq/files/patch-zgit-1 ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/dns/dnsmasq/files/patch-zgit-1 Sun Jan 24 11:01:20 2021 (r562461) @@ -0,0 +1,65 @@ +From 04490bf622ac84891aad6f2dd2edf83725decdee Mon Sep 17 00:00:00 2001 +From: Simon Kelley <simon@thekelleys.org.uk> +Date: Fri, 22 Jan 2021 16:49:12 +0000 +Subject: [PATCH] Move fd into frec_src, fixes + 15b60ddf935a531269bb8c68198de012a4967156 + +If identical queries from IPv4 and IPv6 sources are combined by the +new code added in 15b60ddf935a531269bb8c68198de012a4967156 then replies +can end up being sent via the wrong family of socket. The ->fd +should be per query, not per-question. + +In bind-interfaces mode, this could also result in replies being sent +via the wrong socket even when IPv4/IPV6 issues are not in play. +--- + src/dnsmasq.h | 3 ++- + src/forward.c | 4 ++-- + 2 files changed, 4 insertions(+), 3 deletions(-) + +diff --git a/src/dnsmasq.h b/src/dnsmasq.h +index 914f469..360c226 100644 +--- a/src/dnsmasq.h ++++ b/src/dnsmasq.h +@@ -664,6 +664,7 @@ struct frec { + union mysockaddr source; + union all_addr dest; + unsigned int iface, log_id; ++ int fd; + unsigned short orig_id; + struct frec_src *next; + } frec_src; +@@ -671,7 +672,7 @@ struct frec { + struct randfd *rfd4; + struct randfd *rfd6; + unsigned short new_id; +- int fd, forwardall, flags; ++ int forwardall, flags; + time_t time; + unsigned char *hash[HASH_SIZE]; + #ifdef HAVE_DNSSEC +diff --git a/src/forward.c b/src/forward.c +index 7a95ddf..43d0ae7 100644 +--- a/src/forward.c ++++ b/src/forward.c +@@ -402,8 +402,8 @@ static int forward_query(int udpfd, union mysockaddr *udpaddr, + forward->frec_src.dest = *dst_addr; + forward->frec_src.iface = dst_iface; + forward->frec_src.next = NULL; ++ forward->frec_src.fd = udpfd; + forward->new_id = get_id(); +- forward->fd = udpfd; + memcpy(forward->hash, hash, HASH_SIZE); + forward->forwardall = 0; + forward->flags = fwd_flags; +@@ -1300,7 +1300,7 @@ void reply_query(int fd, int family, time_t now) + dump_packet(DUMP_REPLY, daemon->packet, (size_t)nn, NULL, &src->source); + #endif + +- send_from(forward->fd, option_bool(OPT_NOWILD) || option_bool (OPT_CLEVERBIND), daemon->packet, nn, ++ send_from(src->fd, option_bool(OPT_NOWILD) || option_bool (OPT_CLEVERBIND), daemon->packet, nn, + &src->source, &src->dest, src->iface); + + if (option_bool(OPT_EXTRALOG) && src != &forward->frec_src) +-- +2.20.1 + Added: head/dns/dnsmasq/files/patch-zgit-2 ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/dns/dnsmasq/files/patch-zgit-2 Sun Jan 24 11:01:20 2021 (r562461) @@ -0,0 +1,24 @@ +From 12af2b171de0d678d98583e2190789e544440e02 Mon Sep 17 00:00:00 2001 +From: Simon Kelley <simon@thekelleys.org.uk> +Date: Fri, 22 Jan 2021 18:24:03 +0000 +Subject: [PATCH] Fix to 75e2f0aec33e58ef5b8d4d107d821c215a52827c + +--- + src/forward.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/forward.c b/src/forward.c +index 43d0ae7..1def931 100644 +--- a/src/forward.c ++++ b/src/forward.c +@@ -378,6 +378,7 @@ static int forward_query(int udpfd, union mysockaddr *udpaddr, + new->dest = *dst_addr; + new->log_id = daemon->log_id; + new->iface = dst_iface; ++ forward->frec_src.fd = udpfd; + } + + return 1; +-- +2.20.1 + Added: head/dns/dnsmasq/files/patch-zgit-3 ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/dns/dnsmasq/files/patch-zgit-3 Sun Jan 24 11:01:20 2021 (r562461) @@ -0,0 +1,103 @@ +From 8ebdc364afd886461d209284ad4c946ac65e6d2b Mon Sep 17 00:00:00 2001 +From: Simon Kelley <simon@thekelleys.org.uk> +Date: Fri, 22 Jan 2021 18:50:43 +0000 +Subject: [PATCH] Optimise sort_rrset for the case where the RR type no + canonicalisation. + +--- + src/dnssec.c | 69 ++++++++++++++++++++++++++++++++++++---------------- + 1 file changed, 48 insertions(+), 21 deletions(-) + +diff --git a/src/dnssec.c b/src/dnssec.c +index 93cc7bf..3ee1e9e 100644 +--- a/src/dnssec.c ++++ b/src/dnssec.c +@@ -334,37 +334,64 @@ static int sort_rrset(struct dns_header *header, size_t plen, u16 *rr_desc, int + if (!CHECK_LEN(header, state2.ip, plen, rdlen2)) + return rrsetidx; /* short packet */ + state2.end = state2.ip + rdlen2; +- +- while (1) ++ ++ /* If the RR has no names in it then canonicalisation ++ is the identity function and we can compare ++ the RRs directly. If not we compare the ++ canonicalised RRs one byte at a time. */ ++ if (*rr_desc == (u16)-1) + { +- int ok1, ok2; ++ int rdmin = rdlen1 > rdlen2 ? rdlen2 : rdlen1; ++ int cmp = memcmp(state1.ip, state2.ip, rdmin); + +- ok1 = get_rdata(header, plen, &state1); +- ok2 = get_rdata(header, plen, &state2); +- +- if (!ok1 && !ok2) ++ if (cmp > 0 || (cmp == 0 && rdlen1 > rdmin)) ++ { ++ unsigned char *tmp = rrset[i+1]; ++ rrset[i+1] = rrset[i]; ++ rrset[i] = tmp; ++ swap = 1; ++ } ++ else if (cmp == 0 && (rdlen1 == rdlen2)) + { + /* Two RRs are equal, remove one copy. RFC 4034, para 6.3 */ + for (j = i+1; j < rrsetidx-1; j++) + rrset[j] = rrset[j+1]; + rrsetidx--; + i--; +- break; + } +- else if (ok1 && (!ok2 || *state1.op > *state2.op)) +- { +- unsigned char *tmp = rrset[i+1]; +- rrset[i+1] = rrset[i]; +- rrset[i] = tmp; +- swap = 1; +- break; +- } +- else if (ok2 && (!ok1 || *state2.op > *state1.op)) +- break; +- +- /* arrive here when bytes are equal, go round the loop again +- and compare the next ones. */ + } ++ else ++ /* Comparing canonicalised RRs, byte-at-a-time. */ ++ while (1) ++ { ++ int ok1, ok2; ++ ++ ok1 = get_rdata(header, plen, &state1); ++ ok2 = get_rdata(header, plen, &state2); ++ ++ if (!ok1 && !ok2) ++ { ++ /* Two RRs are equal, remove one copy. RFC 4034, para 6.3 */ ++ for (j = i+1; j < rrsetidx-1; j++) ++ rrset[j] = rrset[j+1]; ++ rrsetidx--; ++ i--; ++ break; ++ } ++ else if (ok1 && (!ok2 || *state1.op > *state2.op)) ++ { ++ unsigned char *tmp = rrset[i+1]; ++ rrset[i+1] = rrset[i]; ++ rrset[i] = tmp; ++ swap = 1; ++ break; ++ } ++ else if (ok2 && (!ok1 || *state2.op > *state1.op)) ++ break; ++ ++ /* arrive here when bytes are equal, go round the loop again ++ and compare the next ones. */ ++ } + } + } while (swap); + +-- +2.20.1 + Added: head/dns/dnsmasq/files/patch-zgit-4 ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/dns/dnsmasq/files/patch-zgit-4 Sun Jan 24 11:01:20 2021 (r562461) @@ -0,0 +1,25 @@ +From 3f535da79e7a42104543ef5c7b5fa2bed819a78b Mon Sep 17 00:00:00 2001 +From: Simon Kelley <simon@thekelleys.org.uk> +Date: Fri, 22 Jan 2021 22:26:25 +0000 +Subject: [PATCH] Fix for 12af2b171de0d678d98583e2190789e544440e02 + +--- + src/forward.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/forward.c b/src/forward.c +index 1def931..5c9cbbb 100644 +--- a/src/forward.c ++++ b/src/forward.c +@@ -378,7 +378,7 @@ static int forward_query(int udpfd, union mysockaddr *udpaddr, + new->dest = *dst_addr; + new->log_id = daemon->log_id; + new->iface = dst_iface; +- forward->frec_src.fd = udpfd; ++ new->fd = udpfd; + } + + return 1; +-- +2.20.1 + Modified: head/dns/dnsmasq/files/pkg-message.in ============================================================================== --- head/dns/dnsmasq/files/pkg-message.in Sun Jan 24 10:53:41 2021 (r562460) +++ head/dns/dnsmasq/files/pkg-message.in Sun Jan 24 11:01:20 2021 (r562461) @@ -1,3 +1,6 @@ +[ +{ +message: <<EOM To enable dnsmasq, edit %%PREFIX%%/etc/dnsmasq.conf and set dnsmasq_enable="YES" in /etc/rc.conf[.local] @@ -10,3 +13,6 @@ It is recommended to enable the wpad-related options at the end of the configuration file (you may need to copy them from the example file to yours) to fix CERT Vulnerability VU#598349. +EOM +} +]
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202101241101.10OB1KJ4016059>