From 4540c3c3bf78bdb5634425dec4c3acae25bbe3fa Mon Sep 17 00:00:00 2001 From: Kevin Darbyshire-Bryant Date: Sun, 5 Apr 2020 17:22:20 +0100 Subject: [PATCH] dnsmasq: bump to 2.81rc5 Bump to 2.81rc5 and re-work ipset-remove-old-kernel-support. More runtime kernel version checking is done in 2.81rc5 in various parts of the code, so expand the ipset patch' scope to inlude those new areas and rename to something a bit more generic.:wq Upstream changes from rc4 532246f Tweak to DNSSEC logging. 8caf3d7 Fix rare problem allocating frec for DNSSEC. d162bee Allow overriding of ubus service name. b43585c Fix nameserver list in auth mode. 3f60ecd Fixed resource leak on ubus_init failure. 0506a5e Handle old kernels that don't do NETLINK_NO_ENOBUFS. e7ee1aa Extend stop-dns-rebind to reject IPv6 LL and ULA addresses. We also reject the loopback address if rebind-localhost-ok is NOT set. Signed-off-by: Kevin Darbyshire-Bryant --- package/network/services/dnsmasq/Makefile | 6 +- ...00-remove-old-runtime-kernel-support.patch | 178 ++++++++++++++++++ .../110-ipset-remove-old-kernel-support.patch | 64 ------- 3 files changed, 181 insertions(+), 67 deletions(-) create mode 100644 package/network/services/dnsmasq/patches/100-remove-old-runtime-kernel-support.patch delete mode 100644 package/network/services/dnsmasq/patches/110-ipset-remove-old-kernel-support.patch diff --git a/package/network/services/dnsmasq/Makefile b/package/network/services/dnsmasq/Makefile index 12aed6a4fc..c1ed2f7e0a 100644 --- a/package/network/services/dnsmasq/Makefile +++ b/package/network/services/dnsmasq/Makefile @@ -8,13 +8,13 @@ include $(TOPDIR)/rules.mk PKG_NAME:=dnsmasq -PKG_UPSTREAM_VERSION:=2.81rc4 +PKG_UPSTREAM_VERSION:=2.81rc5 PKG_VERSION:=$(subst test,~~test,$(subst rc,~rc,$(PKG_UPSTREAM_VERSION))) -PKG_RELEASE:=3 +PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_UPSTREAM_VERSION).tar.xz PKG_SOURCE_URL:=http://thekelleys.org.uk/dnsmasq/release-candidates -PKG_HASH:=0c4770eb05a0dfe5900d54b115f0f085f08b403fef6e96a8000fbcecc7c6edfa +PKG_HASH:=d95439b0f0b3d540fd4a10fc150efa7478e0d70db8168d76550562dadf9fc433 PKG_LICENSE:=GPL-2.0 PKG_LICENSE_FILES:=COPYING diff --git a/package/network/services/dnsmasq/patches/100-remove-old-runtime-kernel-support.patch b/package/network/services/dnsmasq/patches/100-remove-old-runtime-kernel-support.patch new file mode 100644 index 0000000000..8a4e58cee7 --- /dev/null +++ b/package/network/services/dnsmasq/patches/100-remove-old-runtime-kernel-support.patch @@ -0,0 +1,178 @@ +From 7df4c681678612d196b4e1eec24963d181fdb28a Mon Sep 17 00:00:00 2001 +From: Kevin Darbyshire-Bryant +Date: Sun, 5 Apr 2020 17:18:23 +0100 +Subject: [PATCH] drop runtime old kernel support + +Signed-off-by: Kevin Darbyshire-Bryant +--- + src/dnsmasq.c | 4 ---- + src/dnsmasq.h | 5 +--- + src/ipset.c | 64 ++++----------------------------------------------- + src/netlink.c | 3 +-- + src/util.c | 19 --------------- + 5 files changed, 6 insertions(+), 89 deletions(-) + +--- a/src/dnsmasq.c ++++ b/src/dnsmasq.c +@@ -94,10 +94,6 @@ int main (int argc, char **argv) + + read_opts(argc, argv, compile_opts); + +-#ifdef HAVE_LINUX_NETWORK +- daemon->kernel_version = kernel_version(); +-#endif +- + if (daemon->edns_pktsz < PACKETSZ) + daemon->edns_pktsz = PACKETSZ; + +--- a/src/dnsmasq.h ++++ b/src/dnsmasq.h +@@ -1110,7 +1110,7 @@ extern struct daemon { + int inotifyfd; + #endif + #if defined(HAVE_LINUX_NETWORK) +- int netlinkfd, kernel_version; ++ int netlinkfd; + #elif defined(HAVE_BSD_NETWORK) + int dhcp_raw_fd, dhcp_icmp_fd, routefd; + #endif +@@ -1290,9 +1290,6 @@ int read_write(int fd, unsigned char *pa + void close_fds(long max_fd, int spare1, int spare2, int spare3); + int wildcard_match(const char* wildcard, const char* match); + int wildcard_matchn(const char* wildcard, const char* match, int num); +-#ifdef HAVE_LINUX_NETWORK +-int kernel_version(void); +-#endif + + /* log.c */ + void die(char *message, char *arg1, int exit_code) ATTRIBUTE_NORETURN; +--- a/src/ipset.c ++++ b/src/ipset.c +@@ -70,7 +70,7 @@ struct my_nfgenmsg { + + #define NL_ALIGN(len) (((len)+3) & ~(3)) + static const struct sockaddr_nl snl = { .nl_family = AF_NETLINK }; +-static int ipset_sock, old_kernel; ++static int ipset_sock; + static char *buffer; + + static inline void add_attr(struct nlmsghdr *nlh, uint16_t type, size_t len, const void *data) +@@ -85,12 +85,7 @@ static inline void add_attr(struct nlmsg + + void ipset_init(void) + { +- old_kernel = (daemon->kernel_version < KERNEL_VERSION(2,6,32)); +- +- if (old_kernel && (ipset_sock = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) != -1) +- return; +- +- if (!old_kernel && ++ if ( + (buffer = safe_malloc(BUFF_SZ)) && + (ipset_sock = socket(AF_NETLINK, SOCK_RAW, NETLINK_NETFILTER)) != -1 && + (bind(ipset_sock, (struct sockaddr *)&snl, sizeof(snl)) != -1)) +@@ -147,65 +142,14 @@ static int new_add_to_ipset(const char * + return errno == 0 ? 0 : -1; + } + +- +-static int old_add_to_ipset(const char *setname, const union all_addr *ipaddr, int remove) +-{ +- socklen_t size; +- struct ip_set_req_adt_get { +- unsigned op; +- unsigned version; +- union { +- char name[IPSET_MAXNAMELEN]; +- uint16_t index; +- } set; +- char typename[IPSET_MAXNAMELEN]; +- } req_adt_get; +- struct ip_set_req_adt { +- unsigned op; +- uint16_t index; +- uint32_t ip; +- } req_adt; +- +- if (strlen(setname) >= sizeof(req_adt_get.set.name)) +- { +- errno = ENAMETOOLONG; +- return -1; +- } +- +- req_adt_get.op = 0x10; +- req_adt_get.version = 3; +- strcpy(req_adt_get.set.name, setname); +- size = sizeof(req_adt_get); +- if (getsockopt(ipset_sock, SOL_IP, 83, &req_adt_get, &size) < 0) +- return -1; +- req_adt.op = remove ? 0x102 : 0x101; +- req_adt.index = req_adt_get.set.index; +- req_adt.ip = ntohl(ipaddr->addr4.s_addr); +- if (setsockopt(ipset_sock, SOL_IP, 83, &req_adt, sizeof(req_adt)) < 0) +- return -1; +- +- return 0; +-} +- +- +- + int add_to_ipset(const char *setname, const union all_addr *ipaddr, int flags, int remove) + { + int ret = 0, af = AF_INET; + + if (flags & F_IPV6) +- { + af = AF_INET6; +- /* old method only supports IPv4 */ +- if (old_kernel) +- { +- errno = EAFNOSUPPORT ; +- ret = -1; +- } +- } +- +- if (ret != -1) +- ret = old_kernel ? old_add_to_ipset(setname, ipaddr, remove) : new_add_to_ipset(setname, ipaddr, af, remove); ++ ++ ret = new_add_to_ipset(setname, ipaddr, af, remove); + + if (ret == -1) + my_syslog(LOG_ERR, _("failed to update ipset %s: %s"), setname, strerror(errno)); +--- a/src/netlink.c ++++ b/src/netlink.c +@@ -82,8 +82,7 @@ void netlink_init(void) + } + + if (daemon->netlinkfd == -1 || +- (daemon->kernel_version >= KERNEL_VERSION(2,6,30) && +- setsockopt(daemon->netlinkfd, SOL_NETLINK, NETLINK_NO_ENOBUFS, &opt, sizeof(opt)) == -1) || ++ (setsockopt(daemon->netlinkfd, SOL_NETLINK, NETLINK_NO_ENOBUFS, &opt, sizeof(opt)) == -1) || + getsockname(daemon->netlinkfd, (struct sockaddr *)&addr, &slen) == -1) + die(_("cannot create netlink socket: %s"), NULL, EC_MISC); + +--- a/src/util.c ++++ b/src/util.c +@@ -786,22 +786,3 @@ int wildcard_matchn(const char* wildcard + + return (!num) || (*wildcard == *match); + } +- +-#ifdef HAVE_LINUX_NETWORK +-int kernel_version(void) +-{ +- struct utsname utsname; +- int version; +- char *split; +- +- if (uname(&utsname) < 0) +- die(_("failed to find kernel version: %s"), NULL, EC_MISC); +- +- split = strtok(utsname.release, "."); +- version = (split ? atoi(split) : 0); +- split = strtok(NULL, "."); +- version = version * 256 + (split ? atoi(split) : 0); +- split = strtok(NULL, "."); +- return version * 256 + (split ? atoi(split) : 0); +-} +-#endif diff --git a/package/network/services/dnsmasq/patches/110-ipset-remove-old-kernel-support.patch b/package/network/services/dnsmasq/patches/110-ipset-remove-old-kernel-support.patch deleted file mode 100644 index f2681e3993..0000000000 --- a/package/network/services/dnsmasq/patches/110-ipset-remove-old-kernel-support.patch +++ /dev/null @@ -1,64 +0,0 @@ ---- a/src/ipset.c -+++ b/src/ipset.c -@@ -22,7 +22,6 @@ - #include - #include - #include --#include - #include - #include - #include -@@ -72,7 +71,7 @@ struct my_nfgenmsg { - - #define NL_ALIGN(len) (((len)+3) & ~(3)) - static const struct sockaddr_nl snl = { .nl_family = AF_NETLINK }; --static int ipset_sock, old_kernel; -+static int ipset_sock; - static char *buffer; - - static inline void add_attr(struct nlmsghdr *nlh, uint16_t type, size_t len, const void *data) -@@ -87,25 +86,7 @@ static inline void add_attr(struct nlmsg - - void ipset_init(void) - { -- struct utsname utsname; -- int version; -- char *split; -- -- if (uname(&utsname) < 0) -- die(_("failed to find kernel version: %s"), NULL, EC_MISC); -- -- split = strtok(utsname.release, "."); -- version = (split ? atoi(split) : 0); -- split = strtok(NULL, "."); -- version = version * 256 + (split ? atoi(split) : 0); -- split = strtok(NULL, "."); -- version = version * 256 + (split ? atoi(split) : 0); -- old_kernel = (version < KERNEL_VERSION(2,6,32)); -- -- if (old_kernel && (ipset_sock = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) != -1) -- return; -- -- if (!old_kernel && -+ if ( - (buffer = safe_malloc(BUFF_SZ)) && - (ipset_sock = socket(AF_NETLINK, SOCK_RAW, NETLINK_NETFILTER)) != -1 && - (bind(ipset_sock, (struct sockaddr *)&snl, sizeof(snl)) != -1)) -@@ -211,16 +192,9 @@ int add_to_ipset(const char *setname, co - if (flags & F_IPV6) - { - af = AF_INET6; -- /* old method only supports IPv4 */ -- if (old_kernel) -- { -- errno = EAFNOSUPPORT ; -- ret = -1; -- } - } - -- if (ret != -1) -- ret = old_kernel ? old_add_to_ipset(setname, ipaddr, remove) : new_add_to_ipset(setname, ipaddr, af, remove); -+ ret = new_add_to_ipset(setname, ipaddr, af, remove); - - if (ret == -1) - my_syslog(LOG_ERR, _("failed to update ipset %s: %s"), setname, strerror(errno)); -- 2.25.1