From 716ca530e1c4515d8683c9d5be3d56b301758b66 Mon Sep 17 00:00:00 2001 From: James <> Date: Wed, 4 Nov 2015 11:49:21 +0000 Subject: trunk-47381 --- .../patches/100-fix-dhcp-no-address-warning.patch | 47 +++++++++ .../110-ipset-remove-old-kernel-support.patch | 110 +++++++++++++++++++++ .../210-dnssec-improve-timestamp-heuristic.patch | 47 +++++++++ 3 files changed, 204 insertions(+) create mode 100644 package/network/services/dnsmasq/patches/100-fix-dhcp-no-address-warning.patch create mode 100644 package/network/services/dnsmasq/patches/110-ipset-remove-old-kernel-support.patch create mode 100644 package/network/services/dnsmasq/patches/210-dnssec-improve-timestamp-heuristic.patch (limited to 'package/network/services/dnsmasq/patches') diff --git a/package/network/services/dnsmasq/patches/100-fix-dhcp-no-address-warning.patch b/package/network/services/dnsmasq/patches/100-fix-dhcp-no-address-warning.patch new file mode 100644 index 0000000..f5b5ca0 --- /dev/null +++ b/package/network/services/dnsmasq/patches/100-fix-dhcp-no-address-warning.patch @@ -0,0 +1,47 @@ +--- a/src/dhcp.c ++++ b/src/dhcp.c +@@ -146,7 +146,7 @@ void dhcp_packet(time_t now, int pxe_fd) + struct iovec iov; + ssize_t sz; + int iface_index = 0, unicast_dest = 0, is_inform = 0; +- struct in_addr iface_addr; ++ struct in_addr iface_addr, *addrp = NULL; + struct iface_param parm; + #ifdef HAVE_LINUX_NETWORK + struct arpreq arp_req; +@@ -275,11 +275,9 @@ void dhcp_packet(time_t now, int pxe_fd) + { + ifr.ifr_addr.sa_family = AF_INET; + if (ioctl(daemon->dhcpfd, SIOCGIFADDR, &ifr) != -1 ) +- iface_addr = ((struct sockaddr_in *) &ifr.ifr_addr)->sin_addr; +- else + { +- my_syslog(MS_DHCP | LOG_WARNING, _("DHCP packet received on %s which has no address"), ifr.ifr_name); +- return; ++ addrp = &iface_addr; ++ iface_addr = ((struct sockaddr_in *) &ifr.ifr_addr)->sin_addr; + } + + for (tmp = daemon->dhcp_except; tmp; tmp = tmp->next) +@@ -298,7 +296,7 @@ void dhcp_packet(time_t now, int pxe_fd) + parm.relay_local.s_addr = 0; + parm.ind = iface_index; + +- if (!iface_check(AF_INET, (struct all_addr *)&iface_addr, ifr.ifr_name, NULL)) ++ if (!iface_check(AF_INET, (struct all_addr *)addrp, ifr.ifr_name, NULL)) + { + /* If we failed to match the primary address of the interface, see if we've got a --listen-address + for a secondary */ +@@ -318,6 +316,12 @@ void dhcp_packet(time_t now, int pxe_fd) + complete_context(match.addr, iface_index, NULL, match.netmask, match.broadcast, &parm); + } + ++ if (!addrp) ++ { ++ my_syslog(MS_DHCP | LOG_WARNING, _("DHCP packet received on %s which has no address"), ifr.ifr_name); ++ return; ++ } ++ + if (!iface_enumerate(AF_INET, &parm, complete_context)) + return; + diff --git a/package/network/services/dnsmasq/patches/110-ipset-remove-old-kernel-support.patch b/package/network/services/dnsmasq/patches/110-ipset-remove-old-kernel-support.patch new file mode 100644 index 0000000..61b09d5 --- /dev/null +++ b/package/network/services/dnsmasq/patches/110-ipset-remove-old-kernel-support.patch @@ -0,0 +1,110 @@ +--- a/src/ipset.c ++++ b/src/ipset.c +@@ -22,7 +22,6 @@ + #include + #include + #include +-#include + #include + #include + #include +@@ -72,7 +71,7 @@ struct my_nfgenmsg { + + #define NL_ALIGN(len) (((len)+3) & ~(3)) + static const struct sockaddr_nl snl = { .nl_family = AF_NETLINK }; +-static int ipset_sock, old_kernel; ++static int ipset_sock; + static char *buffer; + + static inline void add_attr(struct nlmsghdr *nlh, uint16_t type, size_t len, const void *data) +@@ -87,25 +86,7 @@ static inline void add_attr(struct nlmsg + + void ipset_init(void) + { +- struct utsname utsname; +- int version; +- char *split; +- +- if (uname(&utsname) < 0) +- die(_("failed to find kernel version: %s"), NULL, EC_MISC); +- +- split = strtok(utsname.release, "."); +- version = (split ? atoi(split) : 0); +- split = strtok(NULL, "."); +- version = version * 256 + (split ? atoi(split) : 0); +- split = strtok(NULL, "."); +- version = version * 256 + (split ? atoi(split) : 0); +- old_kernel = (version < KERNEL_VERSION(2,6,32)); +- +- if (old_kernel && (ipset_sock = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) != -1) +- return; +- +- if (!old_kernel && ++ if ( + (buffer = safe_malloc(BUFF_SZ)) && + (ipset_sock = socket(AF_NETLINK, SOCK_RAW, NETLINK_NETFILTER)) != -1 && + (bind(ipset_sock, (struct sockaddr *)&snl, sizeof(snl)) != -1)) +@@ -168,62 +149,16 @@ static int new_add_to_ipset(const char * + } + + +-static int old_add_to_ipset(const char *setname, const struct all_addr *ipaddr, int remove) +-{ +- socklen_t size; +- struct ip_set_req_adt_get { +- unsigned op; +- unsigned version; +- union { +- char name[IPSET_MAXNAMELEN]; +- uint16_t index; +- } set; +- char typename[IPSET_MAXNAMELEN]; +- } req_adt_get; +- struct ip_set_req_adt { +- unsigned op; +- uint16_t index; +- uint32_t ip; +- } req_adt; +- +- if (strlen(setname) >= sizeof(req_adt_get.set.name)) +- { +- errno = ENAMETOOLONG; +- return -1; +- } +- +- req_adt_get.op = 0x10; +- req_adt_get.version = 3; +- strcpy(req_adt_get.set.name, setname); +- size = sizeof(req_adt_get); +- if (getsockopt(ipset_sock, SOL_IP, 83, &req_adt_get, &size) < 0) +- return -1; +- req_adt.op = remove ? 0x102 : 0x101; +- req_adt.index = req_adt_get.set.index; +- req_adt.ip = ntohl(ipaddr->addr.addr4.s_addr); +- if (setsockopt(ipset_sock, SOL_IP, 83, &req_adt, sizeof(req_adt)) < 0) +- return -1; +- +- return 0; +-} +- +- +- + int add_to_ipset(const char *setname, const struct all_addr *ipaddr, int flags, int remove) + { + int af = AF_INET; + + #ifdef HAVE_IPV6 + if (flags & F_IPV6) +- { + af = AF_INET6; +- /* old method only supports IPv4 */ +- if (old_kernel) +- return -1; +- } + #endif + +- return old_kernel ? old_add_to_ipset(setname, ipaddr, remove) : new_add_to_ipset(setname, ipaddr, af, remove); ++ return new_add_to_ipset(setname, ipaddr, af, remove); + } + + #endif diff --git a/package/network/services/dnsmasq/patches/210-dnssec-improve-timestamp-heuristic.patch b/package/network/services/dnsmasq/patches/210-dnssec-improve-timestamp-heuristic.patch new file mode 100644 index 0000000..81fbf18 --- /dev/null +++ b/package/network/services/dnsmasq/patches/210-dnssec-improve-timestamp-heuristic.patch @@ -0,0 +1,47 @@ +From 79e60e145f8a595bca5a784c00b437216d51de68 Mon Sep 17 00:00:00 2001 +From: Steven Barth +Date: Mon, 13 Apr 2015 09:45:20 +0200 +Subject: [PATCH] dnssec: improve timestamp heuristic + +Signed-off-by: Steven Barth +--- + src/dnssec.c | 15 +++++++++++---- + 1 file changed, 11 insertions(+), 4 deletions(-) + +--- a/src/dnssec.c ++++ b/src/dnssec.c +@@ -429,17 +429,24 @@ static time_t timestamp_time; + int setup_timestamp(void) + { + struct stat statbuf; ++ time_t now; ++ time_t base = 1420070400; /* 1-1-2015 */ + + daemon->back_to_the_future = 0; + + if (!daemon->timestamp_file) + return 0; ++ ++ now = time(NULL); ++ ++ if (!stat("/proc/self/exe", &statbuf) && difftime(statbuf.st_mtime, base) > 0) ++ base = statbuf.st_mtime; + + if (stat(daemon->timestamp_file, &statbuf) != -1) + { + timestamp_time = statbuf.st_mtime; + check_and_exit: +- if (difftime(timestamp_time, time(0)) <= 0) ++ if (difftime(now, base) >= 0 && difftime(timestamp_time, now) <= 0) + { + /* time already OK, update timestamp, and do key checking from the start. */ + if (utime(daemon->timestamp_file, NULL) == -1) +@@ -460,7 +467,7 @@ int setup_timestamp(void) + + close(fd); + +- timestamp_time = timbuf.actime = timbuf.modtime = 1420070400; /* 1-1-2015 */ ++ timestamp_time = timbuf.actime = timbuf.modtime = base; + if (utime(daemon->timestamp_file, &timbuf) == 0) + goto check_and_exit; + } -- cgit v1.2.3