From 9170d18d0da78b7e70b9f45d0bf7771feee90a25 Mon Sep 17 00:00:00 2001
From: Beginner <70857188+Beginner-Go@users.noreply.github.com>
Date: Tue, 26 Jan 2021 18:38:30 +0800
Subject: [PATCH] dnsmasq: Update to 2.84test3 (#6259)

---
 package/network/services/dnsmasq/Makefile     | 19 ++---
 .../network/services/dnsmasq/files/dhcp.conf  |  2 +-
 .../services/dnsmasq/files/dnsmasq.init       | 40 +++++++++-
 .../dnsmasq/files/dnsmasqsec_hotplug_acl.json |  8 ++
 .../dnsmasq/patches/900-filter-aaaa.patch     | 74 -------------------
 5 files changed, 55 insertions(+), 88 deletions(-)
 create mode 100644 package/network/services/dnsmasq/files/dnsmasqsec_hotplug_acl.json
 delete mode 100644 package/network/services/dnsmasq/patches/900-filter-aaaa.patch

diff --git a/package/network/services/dnsmasq/Makefile b/package/network/services/dnsmasq/Makefile
index 0087128ad..2e404dfef 100644
--- a/package/network/services/dnsmasq/Makefile
+++ b/package/network/services/dnsmasq/Makefile
@@ -8,13 +8,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=dnsmasq
-PKG_UPSTREAM_VERSION:=2.84rc2
+PKG_UPSTREAM_VERSION:=2.84test3
 PKG_VERSION:=$(subst test,~~test,$(subst rc,~rc,$(PKG_UPSTREAM_VERSION)))
 PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_UPSTREAM_VERSION).tar.xz
-PKG_SOURCE_URL:=http://thekelleys.org.uk/dnsmasq/release-candidates
-PKG_HASH:=e76ff2e75da4ce5191c89e7393de218c75732a5feb454ed43b320eb17dd66581
+PKG_SOURCE_URL:=http://thekelleys.org.uk/dnsmasq/test-releases
+PKG_HASH:=20d1109c991ca08778ea20322b8f3245f2e974688d494b59b2e6ae096ec592b1
 
 PKG_LICENSE:=GPL-2.0
 PKG_LICENSE_FILES:=COPYING
@@ -100,22 +100,22 @@ define Package/dnsmasq-full/config
 	config PACKAGE_dnsmasq_full_dhcpv6
 		bool "Build with DHCPv6 support."
 		depends on IPV6 && PACKAGE_dnsmasq_full_dhcp
-		default n
+		default y
 	config PACKAGE_dnsmasq_full_dnssec
 		bool "Build with DNSSEC support."
-		default n
+		default y
 	config PACKAGE_dnsmasq_full_auth
 		bool "Build with the facility to act as an authoritative DNS server."
-		default n
+		default y
 	config PACKAGE_dnsmasq_full_ipset
 		bool "Build with IPset support."
 		default y
 	config PACKAGE_dnsmasq_full_conntrack
 		bool "Build with Conntrack support."
-		default n
+		default y
 	config PACKAGE_dnsmasq_full_noid
 		bool "Build with NO_ID. (hide *.bind pseudo domain)"
-		default n
+		default y
 	config PACKAGE_dnsmasq_full_broken_rtc
 		bool "Build with HAVE_BROKEN_RTC."
 		default n
@@ -172,7 +172,7 @@ define Package/dnsmasq/install
 	$(INSTALL_DIR) $(1)/etc/hotplug.d/neigh
 	$(INSTALL_DIR) $(1)/etc/hotplug.d/ntp
 	$(INSTALL_DIR) $(1)/etc/hotplug.d/tftp
-	$(INSTALL_CONF) ./files/dnsmasqsec.hotplug $(1)/etc/hotplug.d/ntp/25-dnsmasqsec
+	$(INSTALL_DATA) ./files/dnsmasqsec.hotplug $(1)/etc/hotplug.d/ntp/25-dnsmasqsec
 	$(INSTALL_DIR) $(1)/usr/share/dnsmasq
 	$(INSTALL_CONF) ./files/dhcpbogushostname.conf $(1)/usr/share/dnsmasq/
 	$(INSTALL_CONF) ./files/rfc6761.conf $(1)/usr/share/dnsmasq/
@@ -180,6 +180,7 @@ define Package/dnsmasq/install
 	$(INSTALL_BIN) ./files/dhcp-script.sh $(1)/usr/lib/dnsmasq/dhcp-script.sh
 	$(INSTALL_DIR) $(1)/usr/share/acl.d
 	$(INSTALL_DATA) ./files/dnsmasq_acl.json $(1)/usr/share/acl.d/
+	$(INSTALL_DATA) ./files/dnsmasqsec_hotplug_acl.json $(1)/usr/share/acl.d/
 	$(INSTALL_DIR) $(1)/etc/uci-defaults
 	$(INSTALL_BIN) ./files/50-dnsmasq-migrate-resolv-conf-auto.sh $(1)/etc/uci-defaults
 endef
diff --git a/package/network/services/dnsmasq/files/dhcp.conf b/package/network/services/dnsmasq/files/dhcp.conf
index 6c6643188..8c42ef782 100644
--- a/package/network/services/dnsmasq/files/dhcp.conf
+++ b/package/network/services/dnsmasq/files/dhcp.conf
@@ -20,7 +20,7 @@ config dnsmasq
 	#list notinterface	lo
 	#list bogusnxdomain     '64.94.110.11'
 	option localservice	1  # disable to allow DNS requests from non-local subnets
-	option filter_aaaa 1
+	option ednspacket_max	1232
 
 config dhcp lan
 	option interface	lan
diff --git a/package/network/services/dnsmasq/files/dnsmasq.init b/package/network/services/dnsmasq/files/dnsmasq.init
index f718932ee..680e72f9e 100644
--- a/package/network/services/dnsmasq/files/dnsmasq.init
+++ b/package/network/services/dnsmasq/files/dnsmasq.init
@@ -42,9 +42,14 @@ dnsmasq_ignore_opt() {
 		bootp-*|\
 		pxe-*)
 			[ -z "$dnsmasq_has_dhcp" ] ;;
-		dnssec-*|\
+		dnssec*|\
 		trust-anchor)
-			[ -z "$dnsmasq_has_dnssec" ] ;;
+			if [ -z "$dnsmasq_has_dnssec" ]; then
+				echo "dnsmasq: \"$opt\" requested, but dnssec support is not available" >&2
+				exit 1
+			fi
+			return 1
+			;;
 		tftp-*)
 			[ -z "$dnsmasq_has_tftp" ] ;;
 		ipset)
@@ -764,6 +769,29 @@ dhcp_relay_add() {
 	fi
 }
 
+dnsmasq_ipset_add() {
+	local cfg="$1"
+	local ipsets domains
+
+	add_ipset() {
+		ipsets="${ipsets:+$ipsets,}$1"
+	}
+
+	add_domain() {
+		# leading '/' is expected
+		domains="$domains/$1"
+	}
+
+	config_list_foreach "$cfg" "name" add_ipset
+	config_list_foreach "$cfg" "domain" add_domain
+
+	if [ -z "$ipsets" ] || [ -z "$domains" ]; then
+		return 0
+	fi
+
+	xappend "--ipset=$domains/$ipsets"
+}
+
 dnsmasq_start()
 {
 	local cfg="$1"
@@ -868,8 +896,6 @@ dnsmasq_start()
 	append_bool "$cfg" rapidcommit "--dhcp-rapid-commit"
 	append_bool "$cfg" scriptarp "--script-arp"
 
-	append_bool "$cfg" filter_aaaa "--filter-aaaa"
-
 	append_parm "$cfg" logfacility "--log-facility"
 
 	append_parm "$cfg" cachesize "--cache-size"
@@ -902,6 +928,7 @@ dnsmasq_start()
 	append_parm "$cfg" "min_cache_ttl" "--min-cache-ttl"
 	append_parm "$cfg" "max_cache_ttl" "--max-cache-ttl"
 	append_parm "$cfg" "pxe_prompt" "--pxe-prompt"
+	append_parm "$cfg" "tftp_unique_root" "--tftp-unique-root"
 	config_list_foreach "$cfg" "pxe_service" append_pxe_service
 	config_get DOMAIN "$cfg" domain
 
@@ -1052,6 +1079,10 @@ dnsmasq_start()
 	config_foreach filter_dnsmasq cname dhcp_cname_add "$cfg"
 	echo >> $CONFIGFILE_TMP
 
+	echo >> $CONFIGFILE_TMP
+	config_foreach filter_dnsmasq ipset dnsmasq_ipset_add "$cfg"
+	echo >> $CONFIGFILE_TMP
+
 	echo >> $CONFIGFILE_TMP
 	mv -f $CONFIGFILE_TMP $CONFIGFILE
 	mv -f $HOSTFILE_TMP $HOSTFILE
@@ -1062,6 +1093,7 @@ dnsmasq_start()
 			echo "search $DOMAIN" >> /tmp/resolv.conf
 		}
 		DNS_SERVERS="$DNS_SERVERS 127.0.0.1"
+		[ -e /proc/sys/net/ipv6 ] && DNS_SERVERS="$DNS_SERVERS ::1"
 		for DNS_SERVER in $DNS_SERVERS ; do
 			echo "nameserver $DNS_SERVER" >> /tmp/resolv.conf
 		done
diff --git a/package/network/services/dnsmasq/files/dnsmasqsec_hotplug_acl.json b/package/network/services/dnsmasq/files/dnsmasqsec_hotplug_acl.json
new file mode 100644
index 000000000..861ecbe03
--- /dev/null
+++ b/package/network/services/dnsmasq/files/dnsmasqsec_hotplug_acl.json
@@ -0,0 +1,8 @@
+{
+	"user": "ntp",
+	"access": {
+		"service": {
+			"methods": [ "signal" ]
+		}
+	}
+}
diff --git a/package/network/services/dnsmasq/patches/900-filter-aaaa.patch b/package/network/services/dnsmasq/patches/900-filter-aaaa.patch
deleted file mode 100644
index 15c063e26..000000000
--- a/package/network/services/dnsmasq/patches/900-filter-aaaa.patch
+++ /dev/null
@@ -1,74 +0,0 @@
-From 966471712184cfb3b067f2ae8dad9d8e2a896cae Mon Sep 17 00:00:00 2001
-From: Bearice Ren <bearice@icybear.net>
-Date: Tue, 20 Sep 2016 11:52:08 +0800
-Subject: [PATCH] add filter-aaaa option
-
----
- src/dnsmasq.h | 3 ++-
- src/option.c  | 3 +++
- src/rfc1035.c | 9 +++++++++
- 3 files changed, 14 insertions(+), 1 deletion(-)
-
-diff --git a/src/dnsmasq.h b/src/dnsmasq.h
-index f53e9a5..e9617a6 100644
---- a/src/dnsmasq.h
-+++ b/src/dnsmasq.h
-@@ -269,7 +269,8 @@
- #define OPT_IGNORE_CLID    59
- #define OPT_SINGLE_PORT    60
- #define OPT_LEASE_RENEW    61
--#define OPT_LAST           62
-+#define OPT_FILTER_AAAA    62
-+#define OPT_LAST           63
- 
- #define OPTION_BITS (sizeof(unsigned int)*8)
- #define OPTION_SIZE ( (OPT_LAST/OPTION_BITS)+((OPT_LAST%OPTION_BITS)!=0) )
-diff --git a/src/option.c b/src/option.c
-index 44b1dc5..f954d7f 100644
---- a/src/option.c
-+++ b/src/option.c
-@@ -168,6 +168,7 @@ struct myoption {
- #define LOPT_SINGLE_PORT   359
- #define LOPT_SCRIPT_TIME   360
- #define LOPT_PXE_VENDOR    361
-+#define LOPT_FILTER_AAAA   362
-  
- #ifdef HAVE_GETOPT_LONG
- static const struct option opts[] =  
-@@ -341,6 +342,7 @@ static const struct myoption opts[] =
-     { "dumpfile", 1, 0, LOPT_DUMPFILE },
-     { "dumpmask", 1, 0, LOPT_DUMPMASK },
-     { "dhcp-ignore-clid", 0, 0,  LOPT_IGNORE_CLID },
-+    { "filter-aaaa", 0, 0, LOPT_FILTER_AAAA },
-     { NULL, 0, 0, 0 }
-   };
- 
-@@ -521,6 +523,7 @@ static struct {
-   { LOPT_DUMPFILE, ARG_ONE, "<path>", gettext_noop("Path to debug packet dump file"), NULL },
-   { LOPT_DUMPMASK, ARG_ONE, "<hex>", gettext_noop("Mask which packets to dump"), NULL },
-   { LOPT_SCRIPT_TIME, OPT_LEASE_RENEW, NULL, gettext_noop("Call dhcp-script when lease expiry changes."), NULL },
-+  { LOPT_FILTER_AAAA, OPT_FILTER_AAAA, NULL, gettext_noop("Filter all AAAA requests."), NULL },
-   { 0, 0, NULL, NULL, NULL }
- }; 
- 
-diff --git a/src/rfc1035.c b/src/rfc1035.c
-index 6290f22..b67b169 100644
---- a/src/rfc1035.c
-+++ b/src/rfc1035.c
-@@ -1908,6 +1908,16 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
- 	    }
- 	}
- 
-+      /* patch to filter aaaa forwards */
-+      if (qtype == T_AAAA && option_bool(OPT_FILTER_AAAA))
-+        {
-+          /* return a null reply */
-+          ans = 1;
-+          if (!dryrun)
-+            log_query(F_CONFIG | F_IPV6 | F_NEG, name, &addr, NULL);
-+          break;
-+        }
-+
-       if (!ans)
- 	return 0; /* failed to answer a question */
-     }