dnsmasq: update to version 2.86 (#7909)

Co-authored-by: breakings <skygmin@yahoo.com>
2025-04-16 04:13:31 +00:00 · 2021-09-23 22:22:07 +08:00 · 2021-09-23 22:22:07 +08:00 · 368e31dc7c
commit 368e31dc7c
parent 9621c35447
5 changed files with 83 additions and 71 deletions
--- a/package/network/services/dnsmasq/Makefile
+++ b/package/network/services/dnsmasq/Makefile
@ -8,13 +8,13 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=dnsmasq
-PKG_UPSTREAM_VERSION:=2.85
+PKG_UPSTREAM_VERSION:=2.86
 PKG_VERSION:=$(subst test,~~test,$(subst rc,~rc,$(PKG_UPSTREAM_VERSION)))
 PKG_RELEASE:=$(AUTORELEASE)

 PKG_SOURCE:=$(PKG_NAME)-$(PKG_UPSTREAM_VERSION).tar.xz
 PKG_SOURCE_URL:=http://thekelleys.org.uk/dnsmasq
-PKG_HASH:=ad98d3803df687e5b938080f3d25c628fe41c878752d03fbc6199787fee312fa
+PKG_HASH:=28d52cfc9e2004ac4f85274f52b32e1647b4dbc9761b82e7de1e41c49907eb08

 PKG_LICENSE:=GPL-2.0
 PKG_LICENSE_FILES:=COPYING
--- a/package/network/services/dnsmasq/files/dnsmasq.init
+++ b/package/network/services/dnsmasq/files/dnsmasq.init
@ -173,6 +173,10 @@ append_ipset() {
 	xappend "--ipset=$1"
 }

+append_connmark_allowlist() {
+	xappend "--connmark-allowlist=$1"
+}
+
 append_interface() {
 	network_get_device ifname "$1" || ifname="$1"
 	xappend "--interface=$ifname"
@ -942,6 +946,14 @@ dnsmasq_start()
 	config_list_foreach "$cfg" "rev_server" append_rev_server
 	config_list_foreach "$cfg" "address" append_address
 	config_list_foreach "$cfg" "ipset" append_ipset
+
+	local connmark_allowlist_enable
+	config_get connmark_allowlist_enable "$cfg" connmark_allowlist_enable 0
+	[ "$connmark_allowlist_enable" -gt 0 ] && {
+		append_parm "$cfg" "connmark_allowlist_enable" "--connmark-allowlist-enable"
+		config_list_foreach "$cfg" "connmark_allowlist" append_connmark_allowlist
+	}
+
 	[ -n "$BOOT" ] || {
 		config_list_foreach "$cfg" "interface" append_interface
 		config_list_foreach "$cfg" "notinterface" append_notinterface
--- a/package/network/services/dnsmasq/patches/100-remove-old-runtime-kernel-support.patch
+++ b/package/network/services/dnsmasq/patches/100-remove-old-runtime-kernel-support.patch
@ -26,7 +26,7 @@ Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
 
 --- a/src/dnsmasq.h
 +++ b/src/dnsmasq.h
-@@ -1144,7 +1144,7 @@ extern struct daemon {
+@@ -1201,7 +1201,7 @@ extern struct daemon {
   int inotifyfd;
 #endif
 #if defined(HAVE_LINUX_NETWORK)
@ -35,7 +35,7 @@ Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
 #elif defined(HAVE_BSD_NETWORK)
   int dhcp_raw_fd, dhcp_icmp_fd, routefd;
 #endif
-@@ -1326,9 +1326,6 @@ int read_write(int fd, unsigned char *pa
+@@ -1388,9 +1388,6 @@ int read_write(int fd, unsigned char *pa
 void close_fds(long max_fd, int spare1, int spare2, int spare3);
 int wildcard_match(const char* wildcard, const char* match);
 int wildcard_matchn(const char* wildcard, const char* match, int num);
@ -140,7 +140,7 @@ Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
      my_syslog(LOG_ERR, _("failed to update ipset %s: %s"), setname, strerror(errno));
 --- a/src/util.c
 +++ b/src/util.c
-@@ -786,22 +786,3 @@ int wildcard_matchn(const char* wildcard
+@@ -796,22 +796,3 @@ int wildcard_matchn(const char* wildcard
 
   return (!num) || (*wildcard == *match);
 }
--- a/package/network/services/dnsmasq/patches/910-mini-ttl.patch
+++ b/package/network/services/dnsmasq/patches/910-mini-ttl.patch
@ -1,25 +1,25 @@
 --- a/src/dnsmasq.h
 +++ b/src/dnsmasq.h
-@@ -1059,7 +1059,7 @@ extern struct daemon {
+@@ -1116,7 +1116,7 @@ extern struct daemon {
   int max_logs;  /* queue limit */
   int cachesize, ftabsize;
   int port, query_port, min_port, max_port;
 -  unsigned long local_ttl, neg_ttl, max_ttl, min_cache_ttl, max_cache_ttl, auth_ttl, dhcp_ttl, use_dhcp_ttl;
 +  unsigned long local_ttl, neg_ttl, min_ttl, max_ttl, min_cache_ttl, max_cache_ttl, auth_ttl, dhcp_ttl, use_dhcp_ttl;
   char *dns_client_id;
-   struct hostsfile *addn_hosts;
-   struct dhcp_context *dhcp, *dhcp6;
+   u32 umbrella_org;
+   u32 umbrella_asset;
 --- a/src/option.c
 +++ b/src/option.c
-@@ -170,6 +170,7 @@ struct myoption {
- #define LOPT_PXE_VENDOR    361
- #define LOPT_DYNHOST       362
- #define LOPT_LOG_DEBUG     363
-+#define LOPT_MINTTL        364
+@@ -174,6 +174,7 @@ struct myoption {
+ #define LOPT_CMARK_ALST_EN 365
+ #define LOPT_CMARK_ALST    366
+ #define LOPT_QUIET_TFTP    367
+#define LOPT_MINTTL        368
  
 #ifdef HAVE_GETOPT_LONG
 static const struct option opts[] =  
-@@ -288,6 +289,7 @@ static const struct myoption opts[] =
+@@ -292,6 +293,7 @@ static const struct myoption opts[] =
     { "dhcp-name-match", 1, 0, LOPT_NAME_MATCH },
     { "dhcp-broadcast", 2, 0, LOPT_BROADCAST },
     { "neg-ttl", 1, 0, LOPT_NEGTTL },
@ -27,7 +27,7 @@
     { "max-ttl", 1, 0, LOPT_MAXTTL },
     { "min-cache-ttl", 1, 0, LOPT_MINCTTL },
     { "max-cache-ttl", 1, 0, LOPT_MAXCTTL },
-@@ -417,6 +419,7 @@ static struct {
+@@ -425,6 +427,7 @@ static struct {
   { 't', ARG_ONE, "<host_name>", gettext_noop("Specify default target in an MX record."), NULL },
   { 'T', ARG_ONE, "<integer>", gettext_noop("Specify time-to-live in seconds for replies from /etc/hosts."), NULL },
   { LOPT_NEGTTL, ARG_ONE, "<integer>", gettext_noop("Specify time-to-live in seconds for negative caching."), NULL },
@ -35,7 +35,7 @@
   { LOPT_MAXTTL, ARG_ONE, "<integer>", gettext_noop("Specify time-to-live in seconds for maximum TTL to send to clients."), NULL },
   { LOPT_MAXCTTL, ARG_ONE, "<integer>", gettext_noop("Specify time-to-live ceiling for cache."), NULL },
   { LOPT_MINCTTL, ARG_ONE, "<integer>", gettext_noop("Specify time-to-live floor for cache."), NULL },
-@@ -2835,6 +2838,7 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
+@@ -3047,6 +3050,7 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
       
     case 'T':         /* --local-ttl */
     case LOPT_NEGTTL: /* --neg-ttl */
@ -43,7 +43,7 @@
     case LOPT_MAXTTL: /* --max-ttl */
     case LOPT_MINCTTL: /* --min-cache-ttl */
     case LOPT_MAXCTTL: /* --max-cache-ttl */
-@@ -2846,6 +2850,8 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
+@@ -3058,6 +3062,8 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
 	  ret_err(gen_err);
 	else if (option == LOPT_NEGTTL)
 	  daemon->neg_ttl = (unsigned long)ttl;
@ -54,49 +54,49 @@
 	else if (option == LOPT_MINCTTL)
 --- a/src/rfc1035.c
 +++ b/src/rfc1035.c
-@@ -606,6 +606,7 @@ int extract_addresses(struct dns_header *header, size_t qlen, char *name, time_t
- 	      for (j = 0; j < ntohs(header->ancount); j++) 
- 		{
- 		  int secflag = 0;
-+		  unsigned long mttl = 0;
- 		  unsigned char *tmp = namep;
- 		  /* the loop body overwrites the original name, so get it back here. */
- 		  if (!extract_name(header, qlen, &tmp, name, 1, 0) ||
-@@ -616,6 +617,14 @@ int extract_addresses(struct dns_header *header, size_t qlen, char *name, time_t
- 		  GETSHORT(aqclass, p1);
- 		  GETLONG(attl, p1);
- 		  if ((daemon->max_ttl != 0) && (attl > daemon->max_ttl) && !is_sign)
-+		    {
-+		      mttl = daemon->max_ttl;
-+		    }
-+		  if ((daemon->min_ttl != 0) && (attl < daemon->min_ttl) && !is_sign)
-+		    {
-+		       mttl = daemon->min_ttl;
-+		    }
-+		  if (mttl != 0)
- 		    {
- 		      (p1) -= 4;
- 		      PUTLONG(daemon->max_ttl, p1);
-@@ -704,6 +713,7 @@ int extract_addresses(struct dns_header *header, size_t qlen, char *name, time_t
+@@ -607,6 +607,7 @@ int extract_addresses(struct dns_header *header, size_t qlen, char *name, time_t
 	  for (j = 0; j < ntohs(header->ancount); j++) 
 	    {
 	      int secflag = 0;
 +	      unsigned long mttl = 0;
- 	      
 	      if (!(res = extract_name(header, qlen, &p1, name, 0, 10)))
 		return 0; /* bad packet */
-@@ -712,6 +722,14 @@ int extract_addresses(struct dns_header *header, size_t qlen, char *name, time_t
- 	      GETSHORT(aqclass, p1);
+ 	      
+@@ -615,6 +616,14 @@ int extract_addresses(struct dns_header *header, size_t qlen, char *name, time_t
 	      GETLONG(attl, p1);
+ 	      
 	      if ((daemon->max_ttl != 0) && (attl > daemon->max_ttl) && !is_sign)
-+		{
-+		  mttl = daemon->max_ttl;
-+		}
-+		  if ((daemon->min_ttl != 0) && (attl < daemon->min_ttl) && !is_sign)
-+		{
-+		  mttl = daemon->min_ttl;
-+		}
-+		if (mttl != 0)
+	        {
+	          mttl = daemon->max_ttl;
+	        }
+	      if ((daemon->min_ttl != 0) && (attl < daemon->min_ttl) && !is_sign)
+	        {
+	           mttl = daemon->min_ttl;
+	        }
+	      if (mttl != 0)
 		{
 		  (p1) -= 4;
 		  PUTLONG(daemon->max_ttl, p1);
+@@ -722,6 +731,7 @@ int extract_addresses(struct dns_header *header, size_t qlen, char *name, time_t
+       for (j = 0; j < ntohs(header->ancount); j++) 
+ 	{
+ 	  int secflag = 0;
+	  unsigned long mttl = 0;
+ 	  
+ 	  if (!(res = extract_name(header, qlen, &p1, name, 0, 10)))
+ 	    return 0; /* bad packet */
+@@ -730,6 +740,14 @@ int extract_addresses(struct dns_header *header, size_t qlen, char *name, time_t
+ 	  GETSHORT(aqclass, p1);
+ 	  GETLONG(attl, p1);
+ 	  if ((daemon->max_ttl != 0) && (attl > daemon->max_ttl) && !is_sign)
+	  {
+	    mttl = daemon->max_ttl;
+	  }
+	  if ((daemon->min_ttl != 0) && (attl < daemon->min_ttl) && !is_sign)
+	  {
+	    mttl = daemon->min_ttl;
+	  }
+	    if (mttl != 0)
+ 	    {
+ 	      (p1) -= 4;
+ 	      PUTLONG(daemon->max_ttl, p1);
--- a/package/network/services/dnsmasq/patches/911-dnsmasq-filter-aaaa.patch
+++ b/package/network/services/dnsmasq/patches/911-dnsmasq-filter-aaaa.patch
@ -11,45 +11,45 @@ Subject: [PATCH] add filter-aaaa option

 --- a/src/dnsmasq.h
 +++ b/src/dnsmasq.h
-@@ -270,7 +270,8 @@ struct event_desc {
- #define OPT_SINGLE_PORT    60
- #define OPT_LEASE_RENEW    61
- #define OPT_LOG_DEBUG      62
-#define OPT_LAST           63
-+#define OPT_FILTER_AAAA    63
-+#define OPT_LAST           64
+@@ -275,7 +275,8 @@ struct event_desc {
+ #define OPT_UMBRELLA_DEVID 64
+ #define OPT_CMARK_ALST_EN  65
+ #define OPT_QUIET_TFTP     66
+-#define OPT_LAST           67
+#define OPT_FILTER_AAAA    67
+#define OPT_LAST           68
 
 #define OPTION_BITS (sizeof(unsigned int)*8)
 #define OPTION_SIZE ( (OPT_LAST/OPTION_BITS)+((OPT_LAST%OPTION_BITS)!=0) )
 --- a/src/option.c
 +++ b/src/option.c
-@@ -171,6 +171,7 @@ struct myoption {
- #define LOPT_DYNHOST       362
- #define LOPT_LOG_DEBUG     363
- #define LOPT_MINTTL        364
-+#define LOPT_FILTER_AAAA   365
+@@ -175,6 +175,7 @@ struct myoption {
+ #define LOPT_CMARK_ALST    366
+ #define LOPT_QUIET_TFTP    367
+ #define LOPT_MINTTL        368
+#define LOPT_FILTER_AAAA   369
  
 #ifdef HAVE_GETOPT_LONG
 static const struct option opts[] =  
-@@ -347,6 +348,7 @@ static const struct myoption opts[] =
-     { "dhcp-ignore-clid", 0, 0,  LOPT_IGNORE_CLID },
-     { "dynamic-host", 1, 0, LOPT_DYNHOST },
+@@ -355,6 +356,7 @@ static const struct myoption opts[] =
     { "log-debug", 0, 0, LOPT_LOG_DEBUG },
+ 	{ "umbrella", 2, 0, LOPT_UMBRELLA },
+     { "quiet-tftp", 0, 0, LOPT_QUIET_TFTP },
 +    { "filter-aaaa", 0, 0, LOPT_FILTER_AAAA },
     { NULL, 0, 0, 0 }
   };
 
-@@ -530,6 +532,7 @@ static struct {
-   { LOPT_DUMPFILE, ARG_ONE, "<path>", gettext_noop("Path to debug packet dump file"), NULL },
-   { LOPT_DUMPMASK, ARG_ONE, "<hex>", gettext_noop("Mask which packets to dump"), NULL },
+@@ -542,6 +544,7 @@ static struct {
   { LOPT_SCRIPT_TIME, OPT_LEASE_RENEW, NULL, gettext_noop("Call dhcp-script when lease expiry changes."), NULL },
+   { LOPT_UMBRELLA, ARG_ONE, "[=<optspec>]", gettext_noop("Send Cisco Umbrella identifiers including remote IP."), NULL },
+   { LOPT_QUIET_TFTP, OPT_QUIET_TFTP, NULL, gettext_noop("Do not log routine TFTP."), NULL },
 +  { LOPT_FILTER_AAAA, OPT_FILTER_AAAA, NULL, gettext_noop("Filter all AAAA requests."), NULL },
   { 0, 0, NULL, NULL, NULL }
 }; 
 
 --- a/src/rfc1035.c
 +++ b/src/rfc1035.c
-@@ -1913,6 +1913,16 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
+@@ -2005,6 +2005,16 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
 	    }
 	}