--- /dev/null
+From 04490bf622ac84891aad6f2dd2edf83725decdee Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Fri, 22 Jan 2021 16:49:12 +0000
+Subject: [PATCH 1/4] Move fd into frec_src, fixes
+ 15b60ddf935a531269bb8c68198de012a4967156
+
+If identical queries from IPv4 and IPv6 sources are combined by the
+new code added in 15b60ddf935a531269bb8c68198de012a4967156 then replies
+can end up being sent via the wrong family of socket. The ->fd
+should be per query, not per-question.
+
+In bind-interfaces mode, this could also result in replies being sent
+via the wrong socket even when IPv4/IPV6 issues are not in play.
+
+Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
+---
+ src/dnsmasq.h | 3 ++-
+ src/forward.c | 4 ++--
+ 2 files changed, 4 insertions(+), 3 deletions(-)
+
+--- a/src/dnsmasq.h
++++ b/src/dnsmasq.h
+@@ -653,6 +653,7 @@ struct frec {
+ union mysockaddr source;
+ union all_addr dest;
+ unsigned int iface, log_id;
++ int fd;
+ unsigned short orig_id;
+ struct frec_src *next;
+ } frec_src;
+@@ -660,7 +661,7 @@ struct frec {
+ struct randfd *rfd4;
+ struct randfd *rfd6;
+ unsigned short new_id;
+- int fd, forwardall, flags;
++ int forwardall, flags;
+ time_t time;
+ unsigned char *hash[HASH_SIZE];
+ #ifdef HAVE_DNSSEC
+--- a/src/forward.c
++++ b/src/forward.c
+@@ -394,8 +394,8 @@ static int forward_query(int udpfd, unio
+ forward->frec_src.dest = *dst_addr;
+ forward->frec_src.iface = dst_iface;
+ forward->frec_src.next = NULL;
++ forward->frec_src.fd = udpfd;
+ forward->new_id = get_id();
+- forward->fd = udpfd;
+ memcpy(forward->hash, hash, HASH_SIZE);
+ forward->forwardall = 0;
+ forward->flags = fwd_flags;
+@@ -1284,7 +1284,7 @@ void reply_query(int fd, int family, tim
+ dump_packet(DUMP_REPLY, daemon->packet, (size_t)nn, NULL, &src->source);
+ #endif
+
+- send_from(forward->fd, option_bool(OPT_NOWILD) || option_bool (OPT_CLEVERBIND), daemon->packet, nn,
++ send_from(src->fd, option_bool(OPT_NOWILD) || option_bool (OPT_CLEVERBIND), daemon->packet, nn,
+ &src->source, &src->dest, src->iface);
+
+ if (option_bool(OPT_EXTRALOG) && src != &forward->frec_src)
--- /dev/null
+From 12af2b171de0d678d98583e2190789e544440e02 Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Fri, 22 Jan 2021 18:24:03 +0000
+Subject: [PATCH 2/4] Fix to 75e2f0aec33e58ef5b8d4d107d821c215a52827c
+
+Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
+---
+ src/forward.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/src/forward.c
++++ b/src/forward.c
+@@ -370,6 +370,7 @@ static int forward_query(int udpfd, unio
+ new->dest = *dst_addr;
+ new->log_id = daemon->log_id;
+ new->iface = dst_iface;
++ forward->frec_src.fd = udpfd;
+ }
+
+ return 1;
--- /dev/null
+From 8ebdc364afd886461d209284ad4c946ac65e6d2b Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Fri, 22 Jan 2021 18:50:43 +0000
+Subject: [PATCH 3/4] Optimise sort_rrset for the case where the RR type no
+ canonicalisation.
+
+Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
+---
+ src/dnssec.c | 69 ++++++++++++++++++++++++++++++++++++----------------
+ 1 file changed, 48 insertions(+), 21 deletions(-)
+
+--- a/src/dnssec.c
++++ b/src/dnssec.c
+@@ -333,37 +333,64 @@ static int sort_rrset(struct dns_header
+ if (!CHECK_LEN(header, state2.ip, plen, rdlen2))
+ return rrsetidx; /* short packet */
+ state2.end = state2.ip + rdlen2;
+-
+- while (1)
++
++ /* If the RR has no names in it then canonicalisation
++ is the identity function and we can compare
++ the RRs directly. If not we compare the
++ canonicalised RRs one byte at a time. */
++ if (*rr_desc == (u16)-1)
+ {
+- int ok1, ok2;
++ int rdmin = rdlen1 > rdlen2 ? rdlen2 : rdlen1;
++ int cmp = memcmp(state1.ip, state2.ip, rdmin);
+
+- ok1 = get_rdata(header, plen, &state1);
+- ok2 = get_rdata(header, plen, &state2);
+-
+- if (!ok1 && !ok2)
++ if (cmp > 0 || (cmp == 0 && rdlen1 > rdmin))
++ {
++ unsigned char *tmp = rrset[i+1];
++ rrset[i+1] = rrset[i];
++ rrset[i] = tmp;
++ swap = 1;
++ }
++ else if (cmp == 0 && (rdlen1 == rdlen2))
+ {
+ /* Two RRs are equal, remove one copy. RFC 4034, para 6.3 */
+ for (j = i+1; j < rrsetidx-1; j++)
+ rrset[j] = rrset[j+1];
+ rrsetidx--;
+ i--;
+- break;
+ }
+- else if (ok1 && (!ok2 || *state1.op > *state2.op))
+- {
+- unsigned char *tmp = rrset[i+1];
+- rrset[i+1] = rrset[i];
+- rrset[i] = tmp;
+- swap = 1;
+- break;
+- }
+- else if (ok2 && (!ok1 || *state2.op > *state1.op))
+- break;
+-
+- /* arrive here when bytes are equal, go round the loop again
+- and compare the next ones. */
+ }
++ else
++ /* Comparing canonicalised RRs, byte-at-a-time. */
++ while (1)
++ {
++ int ok1, ok2;
++
++ ok1 = get_rdata(header, plen, &state1);
++ ok2 = get_rdata(header, plen, &state2);
++
++ if (!ok1 && !ok2)
++ {
++ /* Two RRs are equal, remove one copy. RFC 4034, para 6.3 */
++ for (j = i+1; j < rrsetidx-1; j++)
++ rrset[j] = rrset[j+1];
++ rrsetidx--;
++ i--;
++ break;
++ }
++ else if (ok1 && (!ok2 || *state1.op > *state2.op))
++ {
++ unsigned char *tmp = rrset[i+1];
++ rrset[i+1] = rrset[i];
++ rrset[i] = tmp;
++ swap = 1;
++ break;
++ }
++ else if (ok2 && (!ok1 || *state2.op > *state1.op))
++ break;
++
++ /* arrive here when bytes are equal, go round the loop again
++ and compare the next ones. */
++ }
+ }
+ } while (swap);
+
--- /dev/null
+From 3f535da79e7a42104543ef5c7b5fa2bed819a78b Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Fri, 22 Jan 2021 22:26:25 +0000
+Subject: [PATCH 4/4] Fix for 12af2b171de0d678d98583e2190789e544440e02
+
+Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
+---
+ src/forward.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/src/forward.c
++++ b/src/forward.c
+@@ -370,7 +370,7 @@ static int forward_query(int udpfd, unio
+ new->dest = *dst_addr;
+ new->log_id = daemon->log_id;
+ new->iface = dst_iface;
+- forward->frec_src.fd = udpfd;
++ new->fd = udpfd;
+ }
+
+ return 1;