From b0df409e183f9f883a90d6b6449d225ed75e0fc5 Mon Sep 17 00:00:00 2001 From: Tomas Hozza Date: Mar 22 2013 11:51:18 +0000 Subject: Update to latest dnsmasq-2.66rc1 - Dropping unneeded patches Signed-off-by: Tomas Hozza --- diff --git a/.gitignore b/.gitignore index 53faf74..2d5afa0 100644 --- a/.gitignore +++ b/.gitignore @@ -4,3 +4,4 @@ dnsmasq-2.52.tar.lzma /dnsmasq-2.63.tar.gz /dnsmasq-2.64.tar.gz /dnsmasq-2.65.tar.gz +/dnsmasq-2.66rc1.tar.gz diff --git a/dnsmasq-2.65-Allocate-dhcp_buff-ers-also-if-deamon-ra_contexts.patch b/dnsmasq-2.65-Allocate-dhcp_buff-ers-also-if-deamon-ra_contexts.patch deleted file mode 100644 index 3f6005f..0000000 --- a/dnsmasq-2.65-Allocate-dhcp_buff-ers-also-if-deamon-ra_contexts.patch +++ /dev/null @@ -1,37 +0,0 @@ -From c2845b1f4047c7441bae46c8651ab6a6df9d832c Mon Sep 17 00:00:00 2001 -From: Tomas Hozza -Date: Fri, 15 Mar 2013 10:55:55 +0100 -Subject: [PATCH] Allocate dhcp_buff-ers also if deamon->ra_contexts - -Allocate dhcp_buff and prevent SIGSEGV. - -Signed-off-by: Tomas Hozza ---- - dnsmasq-2.65/src/dnsmasq.c | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git a/dnsmasq-2.65/src/dnsmasq.c b/dnsmasq-2.65/src/dnsmasq.c -index 02055e9..d61810b 100644 ---- a/dnsmasq-2.65/src/dnsmasq.c -+++ b/dnsmasq-2.65/src/dnsmasq.c -@@ -152,13 +152,16 @@ int main (int argc, char **argv) - now = dnsmasq_time(); - - #ifdef HAVE_DHCP -- if (daemon->dhcp || daemon->dhcp6) -+ if (daemon->dhcp || daemon->dhcp6 || daemon->ra_contexts) - { - /* Note that order matters here, we must call lease_init before - creating any file descriptors which shouldn't be leaked - to the lease-script init process. We need to call common_init - before lease_init to allocate buffers it uses.*/ - dhcp_common_init(); -+ } -+ if (daemon->dhcp || daemon->dhcp6) -+ { - lease_init(now); - - if (daemon->dhcp) --- -1.8.1.4 - diff --git a/dnsmasq-2.65-Correct-behaviour-for-TCP-queries-to-allowed-address.patch b/dnsmasq-2.65-Correct-behaviour-for-TCP-queries-to-allowed-address.patch deleted file mode 100644 index 4b08fdc..0000000 --- a/dnsmasq-2.65-Correct-behaviour-for-TCP-queries-to-allowed-address.patch +++ /dev/null @@ -1,189 +0,0 @@ -diff -up dnsmasq-2.65/src/dnsmasq.c.CVE-2013-0198 dnsmasq-2.65/src/dnsmasq.c ---- dnsmasq-2.65/src/dnsmasq.c.CVE-2013-0198 2012-12-14 12:48:26.000000000 +0100 -+++ dnsmasq-2.65/src/dnsmasq.c 2013-01-22 16:32:30.387640907 +0100 -@@ -1384,7 +1384,7 @@ static void check_dns_listeners(fd_set * - - if (listener->tcpfd != -1 && FD_ISSET(listener->tcpfd, set)) - { -- int confd; -+ int confd, client_ok = 1; - struct irec *iface = NULL; - pid_t p; - union mysockaddr tcp_addr; -@@ -1395,25 +1395,49 @@ static void check_dns_listeners(fd_set * - if (confd == -1 || - getsockname(confd, (struct sockaddr *)&tcp_addr, &tcp_len) == -1) - continue; -- -- if (option_bool(OPT_NOWILD) || option_bool(OPT_CLEVERBIND)) -+ -+ if (option_bool(OPT_NOWILD)) - iface = listener->iface; /* May be NULL */ -- else -- { -- /* Check for allowed interfaces when binding the wildcard address: -- we do this by looking for an interface with the same address as -- the local address of the TCP connection, then looking to see if that's -- an allowed interface. As a side effect, we get the netmask of the -- interface too, for localisation. */ -- -- /* interface may be new since startup */ -- if (enumerate_interfaces()) -- for (iface = daemon->interfaces; iface; iface = iface->next) -- if (sockaddr_isequal(&iface->addr, &tcp_addr)) -- break; -- } -- -- if (!iface && !(option_bool(OPT_NOWILD) || option_bool(OPT_CLEVERBIND))) -+ else -+ { -+ int if_index; -+ -+ /* In full wildcard mode, need to refresh interface list. -+ This happens automagically in CLEVERBIND */ -+ if (!option_bool(OPT_CLEVERBIND)) -+ enumerate_interfaces(); -+ -+ /* if we can find the arrival interface, check it's one that's allowed */ -+ if ((if_index = tcp_interface(confd, tcp_addr.sa.sa_family)) != 0) -+ { -+ for (iface = daemon->interfaces; iface; iface = iface->next) -+ if (iface->index == if_index) -+ break; -+ -+ if (!iface) -+ client_ok = 0; -+ } -+ -+ if (option_bool(OPT_CLEVERBIND)) -+ iface = listener->iface; /* May be NULL */ -+ else -+ { -+ /* Check for allowed interfaces when binding the wildcard address: -+ we do this by looking for an interface with the same address as -+ the local address of the TCP connection, then looking to see if that's -+ an allowed interface. As a side effect, we get the netmask of the -+ interface too, for localisation. */ -+ -+ for (iface = daemon->interfaces; iface; iface = iface->next) -+ if (sockaddr_isequal(&iface->addr, &tcp_addr)) -+ break; -+ -+ if (!iface) -+ client_ok = 0; -+ } -+ } -+ -+ if (!client_ok) - { - shutdown(confd, SHUT_RDWR); - close(confd); -diff -up dnsmasq-2.65/src/dnsmasq.h.CVE-2013-0198 dnsmasq-2.65/src/dnsmasq.h ---- dnsmasq-2.65/src/dnsmasq.h.CVE-2013-0198 2012-12-14 12:48:26.000000000 +0100 -+++ dnsmasq-2.65/src/dnsmasq.h 2013-01-22 16:32:30.387640907 +0100 -@@ -412,7 +412,7 @@ struct server { - struct irec { - union mysockaddr addr; - struct in_addr netmask; /* only valid for IPv4 */ -- int tftp_ok, dhcp_ok, mtu, done, dad; -+ int tftp_ok, dhcp_ok, mtu, done, dad, index; - char *name; - struct irec *next; - }; -@@ -955,6 +955,7 @@ void create_bound_listeners(int die); - int is_dad_listeners(void); - int iface_check(int family, struct all_addr *addr, char *name); - int fix_fd(int fd); -+int tcp_interface(int fd, int af); - struct in_addr get_ifaddr(char *intr); - #ifdef HAVE_IPV6 - int set_ipv6pktinfo(int fd); -diff -up dnsmasq-2.65/src/network.c.CVE-2013-0198 dnsmasq-2.65/src/network.c ---- dnsmasq-2.65/src/network.c.CVE-2013-0198 2012-12-14 12:48:26.000000000 +0100 -+++ dnsmasq-2.65/src/network.c 2013-01-22 17:33:00.349128334 +0100 -@@ -239,6 +239,7 @@ static int iface_allowed(struct irec **i - iface->mtu = mtu; - iface->dad = dad; - iface->done = 0; -+ iface->index = if_index; - if ((iface->name = whine_malloc(strlen(ifr.ifr_name)+1))) - { - strcpy(iface->name, ifr.ifr_name); -@@ -420,6 +421,77 @@ int set_ipv6pktinfo(int fd) - return 0; - } - #endif -+ -+ -+/* Find the interface on which a TCP connection arrived, if possible, or zero otherwise. */ -+int tcp_interface(int fd, int af) -+{ -+ int if_index = 0; -+ -+#ifdef HAVE_LINUX_NETWORK -+ int opt = 1; -+ struct cmsghdr *cmptr; -+ struct msghdr msg; -+ -+ /* use mshdr do that the CMSDG_* macros are available */ -+ msg.msg_control = daemon->packet; -+ msg.msg_controllen = daemon->packet_buff_sz; -+ -+ /* we overwrote the buffer... */ -+ daemon->srv_save = NULL; -+ -+ if (af == AF_INET) -+ { -+ if (setsockopt(fd, IPPROTO_IP, IP_PKTINFO, &opt, sizeof(opt)) != -1 && -+ getsockopt(fd, IPPROTO_IP, IP_PKTOPTIONS, msg.msg_control, (socklen_t *)&msg.msg_controllen) != -1) -+ for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr)) -+ if (cmptr->cmsg_level == IPPROTO_IP && cmptr->cmsg_type == IP_PKTINFO) -+ { -+ union { -+ unsigned char *c; -+ struct in_pktinfo *p; -+ } p; -+ -+ p.c = CMSG_DATA(cmptr); -+ if_index = p.p->ipi_ifindex; -+ } -+ } -+#ifdef HAVE_IPV6 -+ else -+ { -+ /* Only the RFC-2292 API has the ability to find the interface for TCP connections, -+ it was removed in RFC-3542 !!!! -+ -+ Fortunately, Linux kept the 2292 ABI when it moved to 3542. The following code always -+ uses the old ABI, and should work with pre- and post-3542 kernel headers */ -+ -+#ifdef IPV6_2292PKTOPTIONS -+# define PKTOPTIONS IPV6_2292PKTOPTIONS -+#else -+# define PKTOPTIONS IPV6_PKTOPTIONS -+#endif -+ -+ if (set_ipv6pktinfo(fd) && -+ getsockopt(fd, IPPROTO_IPV6, PKTOPTIONS, msg.msg_control, (socklen_t *)&msg.msg_controllen) != -1) -+ { -+ for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr)) -+ if (cmptr->cmsg_level == IPPROTO_IPV6 && cmptr->cmsg_type == daemon->v6pktinfo) -+ { -+ union { -+ unsigned char *c; -+ struct in6_pktinfo *p; -+ } p; -+ p.c = CMSG_DATA(cmptr); -+ -+ if_index = p.p->ipi6_ifindex; -+ } -+ } -+ } -+#endif /* IPV6 */ -+#endif /* Linux */ -+ -+ return if_index; -+} - - static struct listener *create_listeners(union mysockaddr *addr, int do_tftp, int dienow) - { diff --git a/dnsmasq-2.65-Handle-wrong-interface-for-locally-routed-packets.patch b/dnsmasq-2.65-Handle-wrong-interface-for-locally-routed-packets.patch deleted file mode 100644 index 87872a0..0000000 --- a/dnsmasq-2.65-Handle-wrong-interface-for-locally-routed-packets.patch +++ /dev/null @@ -1,178 +0,0 @@ -diff -up dnsmasq-2.65/src/dnsmasq.c.local_queries dnsmasq-2.65/src/dnsmasq.c ---- dnsmasq-2.65/src/dnsmasq.c.local_queries 2013-01-31 09:07:45.603092125 +0100 -+++ dnsmasq-2.65/src/dnsmasq.c 2013-01-31 09:07:45.606092127 +0100 -@@ -1401,20 +1401,29 @@ static void check_dns_listeners(fd_set * - else - { - int if_index; -- -+ char intr_name[IF_NAMESIZE]; -+ - /* In full wildcard mode, need to refresh interface list. - This happens automagically in CLEVERBIND */ -- if (!option_bool(OPT_CLEVERBIND)) -- enumerate_interfaces(); -- -- /* if we can find the arrival interface, check it's one that's allowed */ -- if ((if_index = tcp_interface(confd, tcp_addr.sa.sa_family)) != 0) -+ if (!option_bool(OPT_CLEVERBIND)) -+ enumerate_interfaces(); -+ -+ /* if we can find the arrival interface, check it's one that's allowed */ -+ if ((if_index = tcp_interface(confd, tcp_addr.sa.sa_family)) != 0 && -+ indextoname(listener->tcpfd, if_index, intr_name)) - { -+ struct all_addr addr; -+ addr.addr.addr4 = tcp_addr.in.sin_addr; -+#ifdef HAVE_IPV6 -+ if (tcp_addr.sa.sa_family == AF_INET6) -+ addr.addr.addr6 = tcp_addr.in6.sin6_addr; -+#endif -+ - for (iface = daemon->interfaces; iface; iface = iface->next) - if (iface->index == if_index) - break; - -- if (!iface) -+ if (!iface && !loopback_exception(listener->tcpfd, tcp_addr.sa.sa_family, &addr, intr_name)) - client_ok = 0; - } - -@@ -1422,10 +1431,10 @@ static void check_dns_listeners(fd_set * - iface = listener->iface; /* May be NULL */ - else - { -- /* Check for allowed interfaces when binding the wildcard address: -- we do this by looking for an interface with the same address as -- the local address of the TCP connection, then looking to see if that's -- an allowed interface. As a side effect, we get the netmask of the -+ /* Check for allowed interfaces when binding the wildcard address: -+ we do this by looking for an interface with the same address as -+ the local address of the TCP connection, then looking to see if that's -+ an allowed interface. As a side effect, we get the netmask of the - interface too, for localisation. */ - - for (iface = daemon->interfaces; iface; iface = iface->next) -diff -up dnsmasq-2.65/src/dnsmasq.h.local_queries dnsmasq-2.65/src/dnsmasq.h ---- dnsmasq-2.65/src/dnsmasq.h.local_queries 2013-01-31 09:07:45.000000000 +0100 -+++ dnsmasq-2.65/src/dnsmasq.h 2013-01-31 09:10:36.091202196 +0100 -@@ -954,6 +954,7 @@ void create_wildcard_listeners(void); - void create_bound_listeners(int die); - int is_dad_listeners(void); - int iface_check(int family, struct all_addr *addr, char *name); -+int loopback_exception(int fd, int family, struct all_addr *addr, char *name); - int fix_fd(int fd); - int tcp_interface(int fd, int af); - struct in_addr get_ifaddr(char *intr); -diff -up dnsmasq-2.65/src/forward.c.local_queries dnsmasq-2.65/src/forward.c ---- dnsmasq-2.65/src/forward.c.local_queries 2012-12-14 12:48:26.000000000 +0100 -+++ dnsmasq-2.65/src/forward.c 2013-01-31 09:19:58.087573008 +0100 -@@ -759,10 +759,17 @@ void receive_query(struct listener *list - - /* enforce available interface configuration */ - -- if (!indextoname(listen->fd, if_index, ifr.ifr_name) || -- !iface_check(listen->family, &dst_addr, ifr.ifr_name)) -+ if (!indextoname(listen->fd, if_index, ifr.ifr_name)) - return; - -+ if (!iface_check(listen->family, &dst_addr, ifr.ifr_name)) -+ { -+ if (!option_bool(OPT_CLEVERBIND)) -+ enumerate_interfaces(); -+ if (!loopback_exception(listen->fd, listen->family, &dst_addr, ifr.ifr_name)) -+ return; -+ } -+ - if (listen->family == AF_INET && option_bool(OPT_LOCALISE)) - { - struct irec *iface; -@@ -776,7 +783,7 @@ void receive_query(struct listener *list - break; - - /* interface may be new */ -- if (!iface) -+ if (!iface && !option_bool(OPT_CLEVERBIND)) - enumerate_interfaces(); - - for (iface = daemon->interfaces; iface; iface = iface->next) -diff -up dnsmasq-2.65/src/network.c.local_queries dnsmasq-2.65/src/network.c ---- dnsmasq-2.65/src/network.c.local_queries 2013-01-31 09:07:45.000000000 +0100 -+++ dnsmasq-2.65/src/network.c 2013-01-31 09:25:28.669822969 +0100 -@@ -144,7 +144,39 @@ int iface_check(int family, struct all_a - - return ret; - } -- -+ -+/* Fix for problem that the kernel sometimes reports the loopback inerface as the -+ arrival interface when a packet originates locally, even when sent to address of -+ an interface other than the loopback. Accept packet if it arrived via a loopback -+ interface, even when we're not accepting packets that way, as long as the destination -+ address is one we're believing. Interface list must be up-to-date before calling. */ -+int loopback_exception(int fd, int family, struct all_addr *addr, char *name) -+{ -+ struct ifreq ifr; -+ struct irec *iface; -+ -+ strncpy(ifr.ifr_name, name, IF_NAMESIZE); -+ if (ioctl(fd, SIOCGIFFLAGS, &ifr) != -1 && -+ ifr.ifr_flags & IFF_LOOPBACK) -+ { -+ for (iface = daemon->interfaces; iface; iface = iface->next) -+ if (iface->addr.sa.sa_family == family) -+ { -+ if (family == AF_INET) -+ { -+ if (iface->addr.in.sin_addr.s_addr == addr->addr.addr4.s_addr) -+ return 1; -+ } -+#ifdef HAVE_IPV6 -+ else if (IN6_ARE_ADDR_EQUAL(&iface->addr.in6.sin6_addr, &addr->addr.addr6)) -+ return 1; -+#endif -+ -+ } -+ } -+ return 0; -+} -+ - static int iface_allowed(struct irec **irecp, int if_index, - union mysockaddr *addr, struct in_addr netmask, int dad) - { -diff -up dnsmasq-2.65/src/tftp.c.local_queries dnsmasq-2.65/src/tftp.c ---- dnsmasq-2.65/src/tftp.c.local_queries 2012-12-14 12:48:26.000000000 +0100 -+++ dnsmasq-2.65/src/tftp.c 2013-01-31 09:49:44.478008214 +0100 -@@ -61,6 +61,7 @@ void tftp_request(struct listener *liste - char *name = NULL; - char *prefix = daemon->tftp_prefix; - struct tftp_prefix *pref; -+ struct all_addr addra; - - union { - struct cmsghdr align; /* this ensures alignment */ -@@ -190,16 +191,19 @@ void tftp_request(struct listener *liste - - name = namebuff; - -+ addra.addr.addr4 = addr.in.sin_addr; -+ - #ifdef HAVE_IPV6 - if (listen->family == AF_INET6) -+ addra.addr.addr6 = addr.in6.sin6_addr; -+#endif -+ if (!iface_check(listen->family, &addra, name)) - { -- if (!iface_check(AF_INET6, (struct all_addr *)&addr.in6.sin6_addr, name)) -+ if (!option_bool(OPT_CLEVERBIND)) -+ enumerate_interfaces(); -+ if (!loopback_exception(listen->tftpfd, listen->family, &addra, name)) - return; - } -- else --#endif -- if (!iface_check(AF_INET, (struct all_addr *)&addr.in.sin_addr, name)) -- return; - - #ifdef HAVE_DHCP - /* allowed interfaces are the same as for DHCP */ diff --git a/dnsmasq.spec b/dnsmasq.spec index 65a4141..2b79da5 100644 --- a/dnsmasq.spec +++ b/dnsmasq.spec @@ -1,5 +1,5 @@ %define testrelease 0 -%define releasecandidate 0 +%define releasecandidate 1 %if 0%{testrelease} %define extrapath test-releases/ %define extraversion test30 @@ -10,8 +10,8 @@ %endif Name: dnsmasq -Version: 2.65 -Release: 5%{?extraversion}%{?dist} +Version: 2.66 +Release: 1%{?extraversion}%{?dist} Summary: A lightweight DHCP/caching DNS server Group: System Environment/Daemons @@ -20,14 +20,6 @@ URL: http://www.thekelleys.org.uk/dnsmasq/ Source0: http://www.thekelleys.org.uk/dnsmasq/%{?extrapath}%{name}-%{version}%{?extraversion}.tar.gz Source1: %{name}.service -# http://www.thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=22ce550e5346947a12a781ed0959a7b1165d0dc6 -Patch0: %{name}-2.65-Correct-behaviour-for-TCP-queries-to-allowed-address.patch -# http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=e25db1f273920d58c5d2e7569cd087e5bd73dd73 -Patch1: %{name}-2.65-Handle-wrong-interface-for-locally-routed-packets.patch -# Code has been completely rewritten in new version -# http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2013q1/006967.html -Patch2: %{name}-2.65-Allocate-dhcp_buff-ers-also-if-deamon-ra_contexts.patch - BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: dbus-devel @@ -61,10 +53,6 @@ query/remove a DHCP server's leases. %prep %setup -q -n %{name}-%{version}%{?extraversion} -%patch0 -p1 -b .CVE-2013-0198 -%patch1 -p1 -b .local_queries -%patch2 -p2 -b .SIGSEGV - # use /var/lib/dnsmasq instead of /var/lib/misc for file in dnsmasq.conf.example man/dnsmasq.8 man/es/dnsmasq.8 src/config.h; do sed -i 's|/var/lib/misc/dnsmasq.leases|/var/lib/dnsmasq/dnsmasq.leases|g' "$file" @@ -141,6 +129,10 @@ rm -rf $RPM_BUILD_ROOT %{_mandir}/man1/dhcp_* %changelog +* Fri Mar 22 2013 Tomas Hozza - 2.66-1.rc1 +- Update to latest dnsmasq-2.66rc1 +- Dropping unneeded patches + * Fri Mar 15 2013 Tomas Hozza - 2.65-5 - Allocate dhcp_buff-ers also if daemon->ra_contexts to prevent SIGSEGV (#920300) diff --git a/sources b/sources index 604d66e..71bfdb1 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -a91534a5d6f053d5c80f67ef502afa34 dnsmasq-2.65.tar.gz +f1461f0f1c29cce8f92a4534a57003cd dnsmasq-2.66rc1.tar.gz