dnsmasq: Update to version 2.85 (#6795)

Fixes issue with merged DNS requests in 2.83/2.84 not being
retried on the firsts failed request causing lookup failures.

Also fixes the following security problem in dnsmasq:
* CVE-2021-3448:
  If specifiying the source address or interface to be used
  when contacting upstream name servers such as:
  server=8.8.8.8@1.2.3.4, server=8.8.8.8@1.2.3.4#66 and
  server=8.8.8.8@eth0 then all would use the same socket
  bound to the explicitly configured port. Now only
  server=8.8.8.8@1.2.3.4#66 will use the explicitly
  configured port and the others random source ports.

Remove upstreamed patches and update remaining patch.

Signed-off-by: Alan Swanson <reiver@improbability.net>
[refreshed old runtime support patch]
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>

Co-authored-by: Alan Swanson <reiver@improbability.net>

package/network/services/dnsmasq/Makefile

@@ -8,13 +8,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=dnsmasq
-PKG_UPSTREAM_VERSION:=2.84
+PKG_UPSTREAM_VERSION:=2.85
 PKG_VERSION:=$(subst test,~~test,$(subst rc,~rc,$(PKG_UPSTREAM_VERSION)))
 PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_UPSTREAM_VERSION).tar.xz
 PKG_SOURCE_URL:=http://thekelleys.org.uk/dnsmasq
-PKG_HASH:=603195c64b73137609b07e1024ae0b37f652b2f5fe467dce66985b3d1850050c
+PKG_HASH:=ad98d3803df687e5b938080f3d25c628fe41c878752d03fbc6199787fee312fa
 
 PKG_LICENSE:=GPL-2.0
 PKG_LICENSE_FILES:=COPYING

package/network/services/dnsmasq/patches/100-remove-old-runtime-kernel-support.patch

@@ -1,4 +1,4 @@
-From 7df4c681678612d196b4e1eec24963d181fdb28a Mon Sep 17 00:00:00 2001
+From 02fbe60e1c7e74d2ba57109575e7bfc238b1b5d4 Mon Sep 17 00:00:00 2001
 From: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
 Date: Sun, 5 Apr 2020 17:18:23 +0100
 Subject: [PATCH] drop runtime old kernel support
@@ -8,9 +8,8 @@ Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
  src/dnsmasq.c |  4 ----
  src/dnsmasq.h |  5 +---
  src/ipset.c   | 64 ++++-----------------------------------------------
- src/netlink.c |  3 +--
  src/util.c    | 19 ---------------
- 5 files changed, 6 insertions(+), 89 deletions(-)
+ 4 files changed, 5 insertions(+), 87 deletions(-)
 
 --- a/src/dnsmasq.c
 +++ b/src/dnsmasq.c
@@ -27,7 +26,7 @@ Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
  
 --- a/src/dnsmasq.h
 +++ b/src/dnsmasq.h
-@@ -1125,7 +1125,7 @@ extern struct daemon {
+@@ -1144,7 +1144,7 @@ extern struct daemon {
    int inotifyfd;
  #endif
  #if defined(HAVE_LINUX_NETWORK)
@@ -36,7 +35,7 @@ Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
  #elif defined(HAVE_BSD_NETWORK)
    int dhcp_raw_fd, dhcp_icmp_fd, routefd;
  #endif
-@@ -1306,9 +1306,6 @@ int read_write(int fd, unsigned char *pa
+@@ -1326,9 +1326,6 @@ int read_write(int fd, unsigned char *pa
  void close_fds(long max_fd, int spare1, int spare2, int spare3);
  int wildcard_match(const char* wildcard, const char* match);
  int wildcard_matchn(const char* wildcard, const char* match, int num);
@@ -139,18 +138,6 @@ Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
  
    if (ret == -1)
       my_syslog(LOG_ERR, _("failed to update ipset %s: %s"), setname, strerror(errno));
---- a/src/netlink.c
-+++ b/src/netlink.c
-@@ -92,8 +92,7 @@ char *netlink_init(void)
-   iov.iov_len = 100;
-   iov.iov_base = safe_malloc(iov.iov_len);
-   
--  if (daemon->kernel_version >= KERNEL_VERSION(2,6,30) &&
--      setsockopt(daemon->netlinkfd, SOL_NETLINK, NETLINK_NO_ENOBUFS, &opt, sizeof(opt)) == -1)
-+  if (setsockopt(daemon->netlinkfd, SOL_NETLINK, NETLINK_NO_ENOBUFS, &opt, sizeof(opt)) == -1)
-     return _("warning: failed to set NETLINK_NO_ENOBUFS on netlink socket");
-   
-   return NULL;
 --- a/src/util.c
 +++ b/src/util.c
 @@ -786,22 +786,3 @@ int wildcard_matchn(const char* wildcard

package/network/services/dnsmasq/patches/900-filter-aaaa.patch

@@ -9,41 +9,37 @@ Subject: [PATCH] add filter-aaaa option
  src/rfc1035.c | 9 +++++++++
  3 files changed, 14 insertions(+), 1 deletion(-)
 
-diff --git a/src/dnsmasq.h b/src/dnsmasq.h
-index f53e9a5..e9617a6 100644
 --- a/src/dnsmasq.h
 +++ b/src/dnsmasq.h
-@@ -269,7 +269,8 @@
- #define OPT_IGNORE_CLID    59
+@@ -270,7 +270,8 @@ struct event_desc {
  #define OPT_SINGLE_PORT    60
  #define OPT_LEASE_RENEW    61
--#define OPT_LAST           62
-+#define OPT_FILTER_AAAA    62
-+#define OPT_LAST           63
+ #define OPT_LOG_DEBUG      62
+-#define OPT_LAST           63
++#define OPT_FILTER_AAAA    63
++#define OPT_LAST           64
  
  #define OPTION_BITS (sizeof(unsigned int)*8)
  #define OPTION_SIZE ( (OPT_LAST/OPTION_BITS)+((OPT_LAST%OPTION_BITS)!=0) )
-diff --git a/src/option.c b/src/option.c
-index 44b1dc5..f954d7f 100644
 --- a/src/option.c
 +++ b/src/option.c
-@@ -168,6 +168,7 @@ struct myoption {
- #define LOPT_SINGLE_PORT   359
- #define LOPT_SCRIPT_TIME   360
+@@ -170,6 +170,7 @@ struct myoption {
  #define LOPT_PXE_VENDOR    361
-+#define LOPT_FILTER_AAAA   362
+ #define LOPT_DYNHOST       362
+ #define LOPT_LOG_DEBUG     363
++#define LOPT_FILTER_AAAA   364
   
  #ifdef HAVE_GETOPT_LONG
  static const struct option opts[] =  
-@@ -341,6 +342,7 @@ static const struct myoption opts[] =
-     { "dumpfile", 1, 0, LOPT_DUMPFILE },
-     { "dumpmask", 1, 0, LOPT_DUMPMASK },
+@@ -345,6 +346,7 @@ static const struct myoption opts[] =
      { "dhcp-ignore-clid", 0, 0,  LOPT_IGNORE_CLID },
+     { "dynamic-host", 1, 0, LOPT_DYNHOST },
+     { "log-debug", 0, 0, LOPT_LOG_DEBUG },
 +    { "filter-aaaa", 0, 0, LOPT_FILTER_AAAA },
      { NULL, 0, 0, 0 }
    };
  
-@@ -521,6 +523,7 @@ static struct {
+@@ -527,6 +529,7 @@ static struct {
    { LOPT_DUMPFILE, ARG_ONE, "<path>", gettext_noop("Path to debug packet dump file"), NULL },
    { LOPT_DUMPMASK, ARG_ONE, "<hex>", gettext_noop("Mask which packets to dump"), NULL },
    { LOPT_SCRIPT_TIME, OPT_LEASE_RENEW, NULL, gettext_noop("Call dhcp-script when lease expiry changes."), NULL },
@@ -51,11 +47,9 @@ index 44b1dc5..f954d7f 100644
    { 0, 0, NULL, NULL, NULL }
  }; 
  
-diff --git a/src/rfc1035.c b/src/rfc1035.c
-index 6290f22..b67b169 100644
 --- a/src/rfc1035.c
 +++ b/src/rfc1035.c
-@@ -1908,6 +1908,16 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
+@@ -1895,6 +1895,16 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
  	    }
  	}