From 57120715dbd2c9d0bf6eec4d1c04405886644f75 Mon Sep 17 00:00:00 2001 From: coolsnowwolf Date: Tue, 16 Oct 2018 19:27:14 +0800 Subject: [PATCH] dnsmasq: bump to v2.80rc1 --- package/network/services/dnsmasq/Makefile | 9 +++++---- .../services/dnsmasq/files/dhcpbogushostname.conf | 8 ++++++++ package/network/services/dnsmasq/files/dnsmasq.init | 10 +++++++++- 3 files changed, 22 insertions(+), 5 deletions(-) create mode 100644 package/network/services/dnsmasq/files/dhcpbogushostname.conf diff --git a/package/network/services/dnsmasq/Makefile b/package/network/services/dnsmasq/Makefile index a47c49ad9..cf9dc60a4 100644 --- a/package/network/services/dnsmasq/Makefile +++ b/package/network/services/dnsmasq/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=dnsmasq -PKG_VERSION:=2.80test7 -PKG_RELEASE:=1 +PKG_VERSION:=2.80rc1 +PKG_RELEASE:=2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz -PKG_SOURCE_URL:=http://thekelleys.org.uk/dnsmasq/test-releases -PKG_HASH:=f4e1277504097429279d2702cd8a132f54a47540ea3935d9fc6ac70f690441b3 +PKG_SOURCE_URL:=http://thekelleys.org.uk/dnsmasq/release-candidates +PKG_HASH:=d7cea3e452059c7d93862f1b6a906dba02d13b2f5a501437cce2ab826e76b63a PKG_LICENSE:=GPL-2.0 PKG_LICENSE_FILES:=COPYING @@ -166,6 +166,7 @@ define Package/dnsmasq/install $(INSTALL_DIR) $(1)/etc/hotplug.d/tftp $(INSTALL_DATA) ./files/dnsmasqsec.hotplug $(1)/etc/hotplug.d/ntp/25-dnsmasqsec $(INSTALL_DIR) $(1)/usr/share/dnsmasq + $(INSTALL_DATA) ./files/dhcpbogushostname.conf $(1)/usr/share/dnsmasq/ $(INSTALL_DATA) ./files/rfc6761.conf $(1)/usr/share/dnsmasq/ $(INSTALL_DIR) $(1)/usr/lib/dnsmasq $(INSTALL_BIN) ./files/dhcp-script.sh $(1)/usr/lib/dnsmasq/dhcp-script.sh diff --git a/package/network/services/dnsmasq/files/dhcpbogushostname.conf b/package/network/services/dnsmasq/files/dhcpbogushostname.conf new file mode 100644 index 000000000..e83b6975d --- /dev/null +++ b/package/network/services/dnsmasq/files/dhcpbogushostname.conf @@ -0,0 +1,8 @@ +# dhcpbogushostname.conf included configuration file for dnsmasq +# +# includes a list of hostnames that should not be associated with dhcp leases +# in response to CERT VU#598349 +# file included by default, option dhcpbogushostname 0 to disable + +dhcp-name-match=set:dhcp_bogus_hostname,localhost +dhcp-name-match=set:dhcp_bogus_hostname,wpad diff --git a/package/network/services/dnsmasq/files/dnsmasq.init b/package/network/services/dnsmasq/files/dnsmasq.init index de1555242..9c922eec6 100644 --- a/package/network/services/dnsmasq/files/dnsmasq.init +++ b/package/network/services/dnsmasq/files/dnsmasq.init @@ -16,6 +16,7 @@ BASEHOSTFILE="/tmp/hosts/dhcp" TRUSTANCHORSFILE="/usr/share/dnsmasq/trust-anchors.conf" TIMEVALIDFILE="/var/state/dnsmasqsec" BASEDHCPSTAMPFILE="/var/run/dnsmasq" +DHCPBOGUSHOSTNAMEFILE="/usr/share/dnsmasq/dhcpbogushostname.conf" RFC6761FILE="/usr/share/dnsmasq/rfc6761.conf" DHCPSCRIPT="/usr/lib/dnsmasq/dhcp-script.sh" @@ -956,6 +957,13 @@ dnsmasq_start() config_foreach filter_dnsmasq host dhcp_host_add "$cfg" echo >> $CONFIGFILE_TMP + + config_get_bool dhcpbogushostname "$cfg" dhcpbogushostname 1 + [ "$dhcpbogushostname" -gt 0 ] && { + xappend "--dhcp-ignore-names=tag:dhcp_bogus_hostname" + [ -r "$DHCPBOGUSHOSTNAMEFILE" ] && xappend "--conf-file=$DHCPBOGUSHOSTNAMEFILE" + } + config_foreach filter_dnsmasq boot dhcp_boot_add "$cfg" config_foreach filter_dnsmasq mac dhcp_mac_add "$cfg" config_foreach filter_dnsmasq tag dhcp_tag_add "$cfg" @@ -1020,7 +1028,7 @@ dnsmasq_start() procd_set_param respawn procd_add_jail dnsmasq ubus log - procd_add_jail_mount $CONFIGFILE $TRUSTANCHORSFILE $HOSTFILE $RFC6761FILE /etc/passwd /etc/group /etc/TZ /dev/null /dev/urandom $dnsmasqconffile $dnsmasqconfdir $resolvfile $user_dhcpscript /etc/hosts /etc/ethers /sbin/hotplug-call $EXTRA_MOUNT $DHCPSCRIPT + procd_add_jail_mount $CONFIGFILE $TRUSTANCHORSFILE $HOSTFILE $RFC6761FILE $DHCPBOGUSHOSTNAMEFILE /etc/passwd /etc/group /etc/TZ /dev/null /dev/urandom $dnsmasqconffile $dnsmasqconfdir $resolvfile $user_dhcpscript /etc/hosts /etc/ethers /sbin/hotplug-call $EXTRA_MOUNT $DHCPSCRIPT procd_add_jail_mount_rw /var/run/dnsmasq/ $leasefile procd_close_instance