dnsmasq: backport fixes

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>

diff --git a/package/network/services/dnsmasq/patches/0116-Move-fd-into-frec_src-fixes-15b60ddf935a531269bb8c68.patch b/package/network/services/dnsmasq/patches/0116-Move-fd-into-frec_src-fixes-15b60ddf935a531269bb8c68.patch
new file mode 100644 (file)
index 0000000..6d4d80f
--- /dev/null
+++ b/package/network/services/dnsmasq/patches/0116-Move-fd-into-frec_src-fixes-15b60ddf935a531269bb8c68.patch
@@ -0,0 +1,60 @@
+From 04490bf622ac84891aad6f2dd2edf83725decdee Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Fri, 22 Jan 2021 16:49:12 +0000
+Subject: [PATCH 1/4] Move fd into frec_src, fixes
+ 15b60ddf935a531269bb8c68198de012a4967156
+
+If identical queries from IPv4 and IPv6 sources are combined by the
+new code added in 15b60ddf935a531269bb8c68198de012a4967156 then replies
+can end up being sent via the wrong family of socket. The ->fd
+should be per query, not per-question.
+
+In bind-interfaces mode, this could also result in replies being sent
+via the wrong socket even when IPv4/IPV6 issues are not in play.
+
+Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
+---
+ src/dnsmasq.h | 3 ++-
+ src/forward.c | 4 ++--
+ 2 files changed, 4 insertions(+), 3 deletions(-)
+
+--- a/src/dnsmasq.h
++++ b/src/dnsmasq.h
+@@ -653,6 +653,7 @@ struct frec {
+     union mysockaddr source;
+     union all_addr dest;
+     unsigned int iface, log_id;
++    int fd;
+     unsigned short orig_id;
+     struct frec_src *next;
+   } frec_src;
+@@ -660,7 +661,7 @@ struct frec {
+   struct randfd *rfd4;
+   struct randfd *rfd6;
+   unsigned short new_id;
+-  int fd, forwardall, flags;
++  int forwardall, flags;
+   time_t time;
+   unsigned char *hash[HASH_SIZE];
+ #ifdef HAVE_DNSSEC 
+--- a/src/forward.c
++++ b/src/forward.c
+@@ -394,8 +394,8 @@ static int forward_query(int udpfd, unio
+         forward->frec_src.dest = *dst_addr;
+         forward->frec_src.iface = dst_iface;
+         forward->frec_src.next = NULL;
++        forward->frec_src.fd = udpfd;
+         forward->new_id = get_id();
+-        forward->fd = udpfd;
+         memcpy(forward->hash, hash, HASH_SIZE);
+         forward->forwardall = 0;
+         forward->flags = fwd_flags;
+@@ -1284,7 +1284,7 @@ void reply_query(int fd, int family, tim
+             dump_packet(DUMP_REPLY, daemon->packet, (size_t)nn, NULL, &src->source);
+ #endif
+             
+-            send_from(forward->fd, option_bool(OPT_NOWILD) || option_bool (OPT_CLEVERBIND), daemon->packet, nn, 
++            send_from(src->fd, option_bool(OPT_NOWILD) || option_bool (OPT_CLEVERBIND), daemon->packet, nn, 
+                       &src->source, &src->dest, src->iface);
+ 
+             if (option_bool(OPT_EXTRALOG) && src != &forward->frec_src)

diff --git a/package/network/services/dnsmasq/patches/0117-Fix-to-75e2f0aec33e58ef5b8d4d107d821c215a52827c.patch b/package/network/services/dnsmasq/patches/0117-Fix-to-75e2f0aec33e58ef5b8d4d107d821c215a52827c.patch
new file mode 100644 (file)
index 0000000..23a9e96
--- /dev/null
+++ b/package/network/services/dnsmasq/patches/0117-Fix-to-75e2f0aec33e58ef5b8d4d107d821c215a52827c.patch
@@ -0,0 +1,20 @@
+From 12af2b171de0d678d98583e2190789e544440e02 Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Fri, 22 Jan 2021 18:24:03 +0000
+Subject: [PATCH 2/4] Fix to 75e2f0aec33e58ef5b8d4d107d821c215a52827c
+
+Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
+---
+ src/forward.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/src/forward.c
++++ b/src/forward.c
+@@ -370,6 +370,7 @@ static int forward_query(int udpfd, unio
+             new->dest = *dst_addr;
+             new->log_id = daemon->log_id;
+             new->iface = dst_iface;
++            forward->frec_src.fd = udpfd;
+           }
+         
+         return 1;

diff --git a/package/network/services/dnsmasq/patches/0118-Optimise-sort_rrset-for-the-case-where-the-RR-type-n.patch b/package/network/services/dnsmasq/patches/0118-Optimise-sort_rrset-for-the-case-where-the-RR-type-n.patch
new file mode 100644 (file)
index 0000000..4c25f93
--- /dev/null
+++ b/package/network/services/dnsmasq/patches/0118-Optimise-sort_rrset-for-the-case-where-the-RR-type-n.patch
@@ -0,0 +1,99 @@
+From 8ebdc364afd886461d209284ad4c946ac65e6d2b Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Fri, 22 Jan 2021 18:50:43 +0000
+Subject: [PATCH 3/4] Optimise sort_rrset for the case where the RR type no
+ canonicalisation.
+
+Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
+---
+ src/dnssec.c | 69 ++++++++++++++++++++++++++++++++++++----------------
+ 1 file changed, 48 insertions(+), 21 deletions(-)
+
+--- a/src/dnssec.c
++++ b/src/dnssec.c
+@@ -333,37 +333,64 @@ static int sort_rrset(struct dns_header
+         if (!CHECK_LEN(header, state2.ip, plen, rdlen2))
+           return rrsetidx; /* short packet */
+         state2.end = state2.ip + rdlen2; 
+-                
+-        while (1)
++
++        /* If the RR has no names in it then canonicalisation
++           is the identity function and we can compare
++           the RRs directly. If not we compare the 
++           canonicalised RRs one byte at a time. */
++        if (*rr_desc == (u16)-1)        
+           {
+-            int ok1, ok2;
++            int rdmin = rdlen1 > rdlen2 ? rdlen2 : rdlen1;
++            int cmp = memcmp(state1.ip, state2.ip, rdmin);
+             
+-            ok1 = get_rdata(header, plen, &state1);
+-            ok2 = get_rdata(header, plen, &state2);
+-
+-            if (!ok1 && !ok2)
++            if (cmp > 0 || (cmp == 0 && rdlen1 > rdmin))
++              {
++                unsigned char *tmp = rrset[i+1];
++                rrset[i+1] = rrset[i];
++                rrset[i] = tmp;
++                swap = 1;
++              }
++            else if (cmp == 0 && (rdlen1 == rdlen2))
+               {
+                 /* Two RRs are equal, remove one copy. RFC 4034, para 6.3 */
+                 for (j = i+1; j < rrsetidx-1; j++)
+                   rrset[j] = rrset[j+1];
+                 rrsetidx--;
+                 i--;
+-                break;
+               }
+-            else if (ok1 && (!ok2 || *state1.op > *state2.op)) 
+-              {
+-                unsigned char *tmp = rrset[i+1];
+-                rrset[i+1] = rrset[i];
+-                rrset[i] = tmp;
+-                swap = 1;
+-                break;
+-              }
+-            else if (ok2 && (!ok1 || *state2.op > *state1.op))
+-              break;
+-            
+-            /* arrive here when bytes are equal, go round the loop again
+-               and compare the next ones. */
+           }
++        else
++          /* Comparing canonicalised RRs, byte-at-a-time. */
++          while (1)
++            {
++              int ok1, ok2;
++              
++              ok1 = get_rdata(header, plen, &state1);
++              ok2 = get_rdata(header, plen, &state2);
++              
++              if (!ok1 && !ok2)
++                {
++                  /* Two RRs are equal, remove one copy. RFC 4034, para 6.3 */
++                  for (j = i+1; j < rrsetidx-1; j++)
++                    rrset[j] = rrset[j+1];
++                  rrsetidx--;
++                  i--;
++                  break;
++                }
++              else if (ok1 && (!ok2 || *state1.op > *state2.op)) 
++                {
++                  unsigned char *tmp = rrset[i+1];
++                  rrset[i+1] = rrset[i];
++                  rrset[i] = tmp;
++                  swap = 1;
++                  break;
++                }
++              else if (ok2 && (!ok1 || *state2.op > *state1.op))
++                break;
++              
++              /* arrive here when bytes are equal, go round the loop again
++                 and compare the next ones. */
++            }
+       }
+     } while (swap);
+ 

diff --git a/package/network/services/dnsmasq/patches/0119-Fix-for-12af2b171de0d678d98583e2190789e544440e02.patch b/package/network/services/dnsmasq/patches/0119-Fix-for-12af2b171de0d678d98583e2190789e544440e02.patch
new file mode 100644 (file)
index 0000000..e25a265
--- /dev/null
+++ b/package/network/services/dnsmasq/patches/0119-Fix-for-12af2b171de0d678d98583e2190789e544440e02.patch
@@ -0,0 +1,21 @@
+From 3f535da79e7a42104543ef5c7b5fa2bed819a78b Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Fri, 22 Jan 2021 22:26:25 +0000
+Subject: [PATCH 4/4] Fix for 12af2b171de0d678d98583e2190789e544440e02
+
+Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
+---
+ src/forward.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/src/forward.c
++++ b/src/forward.c
+@@ -370,7 +370,7 @@ static int forward_query(int udpfd, unio
+             new->dest = *dst_addr;
+             new->log_id = daemon->log_id;
+             new->iface = dst_iface;
+-            forward->frec_src.fd = udpfd;
++            new->fd = udpfd;
+           }
+         
+         return 1;