Commit Graph

8 Commits

Author SHA1 Message Date
Kevin Darbyshire-Bryant
cf5a892430 dnsmasq: bump to dnsmasq v2.80test3
Refresh patches

Upstream commits since last bump:

3b6eb19 Log DNSSEC trust anchors at startup.
f3e5787 Trivial comment change.
c851c69 Log failure to confirm an address in DHCPv6.
a3bd7e7 Fix missing fatal errors when parsing some command-line/config options.
ab5ceaf Document the --help option in the french manual
1f2f69d Fix recurrent minor spelling mistake in french manual
f361b39 Fix some mistakes in french translation of the manual
eb1fe15 When replacing cache entries, preserve CNAMES which target them.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit 1e93ef8498)
2018-07-28 11:23:58 +01:00
Kevin Darbyshire-Bryant
066c85321e dnsmasq: bump to 2.80test2
Refresh patches and backport upstream to current HEAD:

1f1873a Log warning on very large cachesize config, instead of truncating it.
0a496f0 Do unsolicited RAs for interfaces which appear after dnsmasq startup.
e27825b Fix logging in previous.
1f60a18 Retry SERVFAIL DNSSEC queries to a different server, if possible.
a0088e8 Handle query retry on REFUSED or SERVFAIL for DNSSEC-generated queries.
34e26e1 Retry query to other servers on receipt of SERVFAIL rcode.
6b17335 Add packet-dump debugging facility.
07ed585 Add logging for DNS error returns from upstream and local configuration.
0669ee7 Fix DHCP broken-ness when --no-ping AND --dhcp-sequential-ip are set.
f84e674 Be persistent with broken-upstream-DNSSEC warnings.

Compile & run tested: ar71xx Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-05-12 22:05:07 +02:00
Kevin Darbyshire-Bryant
16245a5d8e dnsmasq: bump to 2.79rc1
1721453 Remove special handling of A-for-A queries.
499d8dd Fix boundary for test introduced in 3e3f1029c9ec6c63e430ff51063a6301d4b2262
6f1cbfd Fix debian/readme typo.
55ecde7 Inotify: Ignore backup files created by editors
6b54d69 Make failure to chown() pidfile a warning.
246a31c Change ownership of pid file, to keep systemd happy.
83e4b73 Remove confusion between --user and --script-user.
6340ca7 Tweak heuristic for initial DNSSEC memory allocation.
baf553d Default min-port to 1024 to avoid reserved ports.
486bcd5 Simplify and correct bindtodevice().
be9a74d Close Debian bug for CVE-2017-15107.
ffcbc0f Example config typo fixes.
a969ba6 Special case NSEC processing for root DS record, to avoid spurious BOGUS.
f178172 Add homepage to Debian control file.
cd7df61 Fix DNSSEC validation errors introduced in 4fe6744a220eddd3f1749b40cac3dfc510787de6
c1a4e25 Try to be a little more clever at falling back to smaller DNS packet sizes.
4fe6744 DNSSEC fix for wildcard NSEC records. CVE-2017-15107 applies.
3bd4c47 Remove limit on length of command-line options.
98196c4 Typo fix.
22cd860  Allow more than one --bridge-interface option to refer to an interface.
3c973ad Use SIGINT (instead of overloading SIGHUP) to turn on DNSSEC time validation.
faaf306 Spelling fixes.
c7e6aea Change references to gPXE to iPXE. Development of EtherBoot gPXE was always development of iPXE core developer Michael Brown.
e541245 Handle duplicate RRs in DNSSEC validation.
84a01be Bump year in Debian copyright notice.
d1ced3a Update copyrights to 2018.
a6cee69 Fix exit code from dhcp_release6.
0039920 Severely fix code formating of contrib/lease-tools/dhcp_release6.c
39d8550 Run Debian startup regex in "C" locale.
ef3d137 Fix infinite retries in strict-order mode.
8c707e1 Make 373e91738929a3d416e6292e65824184ba8428a6 compile without DNSSEC.
373e917 Fix a6004d7f17687ac2455f724d0b57098c413f128d to cope with >256 RRs in answer section.
74f0f9a Commment language tweaks.
ed6bdb0 Man page typos.
c88af04 Modify doc.html to mention git-over-http is now available.
ae0187d Fix trust-anchor regexp in Debian init script.
0c50e3d Bump version in Debian package.
075366a Open inotify socket only when used.
8e8b2d6 Release notes update.
087eb76 Always return a SERVFAIL response to DNS queries with RD=0.
ebedcba Typo in printf format string added in 22dee512f3738f87539a79aeb52b9e670b3bd104
0954a97 Remove RSA/MD5 DNSSEC algorithm.
b77efc1 Tidy DNSSEC algorithm table use.
3b0cb34 Fix manpage which said ZSK but meant KSK.
aa6f832 Add a few DNS RRs to the table.
ad9c6f0 Add support for Ed25519 DNSSEC signature algorithm.
a6004d7 Fix caching logic for validated answers.
c366717 Tidy up add_resource_record() buffer size checks.
22dee51 Log DNS server max packet size reduction.
6fd5d79 Fix logic on EDNS0 headers.
9d6918d Use IP[V6]_UNICAST_IF socket option instead of SO_BINDTODEVICE for DNS.
a49c5c2 Fix search_servers() segfault with DNSSEC.
30858e3 Spaces in CNAME options break parsing.

Refresh patches.
Remove upstreamed patches:
	250-Fix-infinite-retries-in-strict-order-mode.patch
	260-dnssec-SIGINT.patch
	270-dnssec-wildcards.patch

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-02-18 22:10:17 +01:00
Hans Dedecker
347d18177e dnsmasq: backport infinite dns retries fix
If all configured dns servers return refused in response to a query in
strict mode; dnsmasq will end up in an infinite loop retransmitting the
dns query resulting into high CPU load.
Problem is fixed by checking for the end of a dns server list iteration
in strict mode.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-12-06 14:55:12 +01:00
Borja Salazar
759785c01a dnsmasq: add interface to ubus notification
Signed-off-by: Borja Salazar <borja.salazar@fon.com>
2017-11-29 22:03:39 +01:00
Jaroslav Safka
17a4eacd0c dnsmasq: fix swapped ubus args mac and ip
Fix swapped arguments "mac" and "ip" when calling function
"ubus_event_bcast".

Signed-off-by: Jaroslav Safka <devel@safka.org>
2017-11-13 23:30:33 +01:00
Kevin Darbyshire-Bryant
67ac017fef dnsmasq: bump to v2.78
Fixes CVE-2017-14491, CVE-2017-14492, CVE-2017-14493, CVE-2017-14494, 2017-CVE-14495, 2017-CVE-14496

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2017-10-02 18:26:53 +02:00
John Crispin
34a206bc11 dnsmasq: add ubus notifications for new leases
Signed-off-by: John Crispin <john@phrozen.org>
2017-08-22 21:31:39 +02:00