From d0991f72a2c5c22662f674151deeb22e91ea06e9 Mon Sep 17 00:00:00 2001 From: Etan Kissling Date: Sat, 26 Jun 2021 12:11:45 +0000 Subject: [PATCH 1/7] dnsmasq: Update to version 2.86test3 Need this version to add config option for connmark DNS filtering. Summary of upstream CHANGELOG: * Handle DHCPREBIND requests in the DHCPv6 server code. * Fix bug which caused dnsmasq to lose track of processes forked. * Major rewrite of the DNS server and domain handling code. * Revise resource handling for number of concurrent DNS queries. * Improve efficiency of DNSSEC. * Connection track mark based DNS query filtering. Signed-off-by: Etan Kissling --- package/network/services/dnsmasq/Makefile | 6 +++--- .../patches/100-remove-old-runtime-kernel-support.patch | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/package/network/services/dnsmasq/Makefile b/package/network/services/dnsmasq/Makefile index b1d41fe86a..d2bd7ff5da 100644 --- a/package/network/services/dnsmasq/Makefile +++ b/package/network/services/dnsmasq/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=dnsmasq -PKG_VERSION:=2.85 +PKG_VERSION:=2.86test3 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz -PKG_SOURCE_URL:=http://thekelleys.org.uk/dnsmasq -PKG_HASH:=ad98d3803df687e5b938080f3d25c628fe41c878752d03fbc6199787fee312fa +PKG_SOURCE_URL:=http://thekelleys.org.uk/dnsmasq/test-releases +PKG_HASH:=0d0b465db89390e9f518f1239dec88b458c84489e7fd38586af6a5781f85e7db PKG_LICENSE:=GPL-2.0 PKG_LICENSE_FILES:=COPYING diff --git a/package/network/services/dnsmasq/patches/100-remove-old-runtime-kernel-support.patch b/package/network/services/dnsmasq/patches/100-remove-old-runtime-kernel-support.patch index b601bce1a9..5670808afc 100644 --- a/package/network/services/dnsmasq/patches/100-remove-old-runtime-kernel-support.patch +++ b/package/network/services/dnsmasq/patches/100-remove-old-runtime-kernel-support.patch @@ -26,7 +26,7 @@ Signed-off-by: Kevin Darbyshire-Bryant --- a/src/dnsmasq.h +++ b/src/dnsmasq.h -@@ -1144,7 +1144,7 @@ extern struct daemon { +@@ -1185,7 +1185,7 @@ extern struct daemon { int inotifyfd; #endif #if defined(HAVE_LINUX_NETWORK) @@ -35,7 +35,7 @@ Signed-off-by: Kevin Darbyshire-Bryant #elif defined(HAVE_BSD_NETWORK) int dhcp_raw_fd, dhcp_icmp_fd, routefd; #endif -@@ -1326,9 +1326,6 @@ int read_write(int fd, unsigned char *pa +@@ -1368,9 +1368,6 @@ int read_write(int fd, unsigned char *pa void close_fds(long max_fd, int spare1, int spare2, int spare3); int wildcard_match(const char* wildcard, const char* match); int wildcard_matchn(const char* wildcard, const char* match, int num); From b5e53f7ad9f993b5bc6eb398a857d2751c3eb06d Mon Sep 17 00:00:00 2001 From: Etan Kissling Date: Sat, 26 Jun 2021 12:11:49 +0000 Subject: [PATCH 2/7] dnsmasq: add config option for connmark DNS filtering This adds uci support to configure connmark based DNS filtering. Signed-off-by: Etan Kissling (See https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2021q2/015151.html) Signed-off-by: Etan Kissling --- package/network/services/dnsmasq/files/dnsmasq.init | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/package/network/services/dnsmasq/files/dnsmasq.init b/package/network/services/dnsmasq/files/dnsmasq.init index 4c0a324657..9ca5bd3e97 100644 --- a/package/network/services/dnsmasq/files/dnsmasq.init +++ b/package/network/services/dnsmasq/files/dnsmasq.init @@ -172,6 +172,10 @@ append_ipset() { xappend "--ipset=$1" } +append_connmark_allowlist() { + xappend "--connmark-allowlist=$1" +} + append_interface() { network_get_device ifname "$1" || ifname="$1" xappend "--interface=$ifname" @@ -917,6 +921,14 @@ dnsmasq_start() config_list_foreach "$cfg" "rev_server" append_rev_server config_list_foreach "$cfg" "address" append_address config_list_foreach "$cfg" "ipset" append_ipset + + local connmark_allowlist_enable + config_get connmark_allowlist_enable "$cfg" connmark_allowlist_enable 0 + [ "$connmark_allowlist_enable" -gt 0 ] && { + append_parm "$cfg" "connmark_allowlist_enable" "--connmark-allowlist-enable" + config_list_foreach "$cfg" "connmark_allowlist" append_connmark_allowlist + } + [ -n "$BOOT" ] || { config_list_foreach "$cfg" "interface" append_interface config_list_foreach "$cfg" "notinterface" append_notinterface From bd251a0b33a2055ffcf5b2e74dab135d769cc8a5 Mon Sep 17 00:00:00 2001 From: AmadeusGhost <42570690+AmadeusGhost@users.noreply.github.com> Date: Thu, 24 Jun 2021 23:02:15 +0800 Subject: [PATCH 3/7] dnsmasq: v2.86: refresh patches --- .../dnsmasq/patches/910-mini-ttl.patch | 24 ++++++------- .../patches/911-dnsmasq-filter-aaaa.patch | 34 +++++++++---------- 2 files changed, 29 insertions(+), 29 deletions(-) diff --git a/package/network/services/dnsmasq/patches/910-mini-ttl.patch b/package/network/services/dnsmasq/patches/910-mini-ttl.patch index 88e7bbe383..817157d14f 100644 --- a/package/network/services/dnsmasq/patches/910-mini-ttl.patch +++ b/package/network/services/dnsmasq/patches/910-mini-ttl.patch @@ -1,25 +1,25 @@ --- a/src/dnsmasq.h +++ b/src/dnsmasq.h -@@ -1059,7 +1059,7 @@ extern struct daemon { +@@ -1100,7 +1100,7 @@ extern struct daemon { int max_logs; /* queue limit */ int cachesize, ftabsize; int port, query_port, min_port, max_port; - unsigned long local_ttl, neg_ttl, max_ttl, min_cache_ttl, max_cache_ttl, auth_ttl, dhcp_ttl, use_dhcp_ttl; + unsigned long local_ttl, neg_ttl, min_ttl, max_ttl, min_cache_ttl, max_cache_ttl, auth_ttl, dhcp_ttl, use_dhcp_ttl; char *dns_client_id; - struct hostsfile *addn_hosts; - struct dhcp_context *dhcp, *dhcp6; + u32 umbrella_org; + u32 umbrella_asset; --- a/src/option.c +++ b/src/option.c -@@ -170,6 +170,7 @@ struct myoption { - #define LOPT_PXE_VENDOR 361 - #define LOPT_DYNHOST 362 - #define LOPT_LOG_DEBUG 363 -+#define LOPT_MINTTL 364 +@@ -173,6 +173,7 @@ struct myoption { + #define LOPT_UMBRELLA 364 + #define LOPT_CMARK_ALST_EN 365 + #define LOPT_CMARK_ALST 366 ++#define LOPT_MINTTL 367 #ifdef HAVE_GETOPT_LONG static const struct option opts[] = -@@ -288,6 +289,7 @@ static const struct myoption opts[] = +@@ -291,6 +292,7 @@ static const struct myoption opts[] = { "dhcp-name-match", 1, 0, LOPT_NAME_MATCH }, { "dhcp-broadcast", 2, 0, LOPT_BROADCAST }, { "neg-ttl", 1, 0, LOPT_NEGTTL }, @@ -27,7 +27,7 @@ { "max-ttl", 1, 0, LOPT_MAXTTL }, { "min-cache-ttl", 1, 0, LOPT_MINCTTL }, { "max-cache-ttl", 1, 0, LOPT_MAXCTTL }, -@@ -417,6 +419,7 @@ static struct { +@@ -423,6 +425,7 @@ static struct { { 't', ARG_ONE, "", gettext_noop("Specify default target in an MX record."), NULL }, { 'T', ARG_ONE, "", gettext_noop("Specify time-to-live in seconds for replies from /etc/hosts."), NULL }, { LOPT_NEGTTL, ARG_ONE, "", gettext_noop("Specify time-to-live in seconds for negative caching."), NULL }, @@ -35,7 +35,7 @@ { LOPT_MAXTTL, ARG_ONE, "", gettext_noop("Specify time-to-live in seconds for maximum TTL to send to clients."), NULL }, { LOPT_MAXCTTL, ARG_ONE, "", gettext_noop("Specify time-to-live ceiling for cache."), NULL }, { LOPT_MINCTTL, ARG_ONE, "", gettext_noop("Specify time-to-live floor for cache."), NULL }, -@@ -2835,6 +2838,7 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma +@@ -3101,6 +3104,7 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma case 'T': /* --local-ttl */ case LOPT_NEGTTL: /* --neg-ttl */ @@ -43,7 +43,7 @@ case LOPT_MAXTTL: /* --max-ttl */ case LOPT_MINCTTL: /* --min-cache-ttl */ case LOPT_MAXCTTL: /* --max-cache-ttl */ -@@ -2846,6 +2850,8 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma +@@ -3112,6 +3116,8 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma ret_err(gen_err); else if (option == LOPT_NEGTTL) daemon->neg_ttl = (unsigned long)ttl; diff --git a/package/network/services/dnsmasq/patches/911-dnsmasq-filter-aaaa.patch b/package/network/services/dnsmasq/patches/911-dnsmasq-filter-aaaa.patch index 42f69957bb..b97de4f7e4 100644 --- a/package/network/services/dnsmasq/patches/911-dnsmasq-filter-aaaa.patch +++ b/package/network/services/dnsmasq/patches/911-dnsmasq-filter-aaaa.patch @@ -11,45 +11,45 @@ Subject: [PATCH] add filter-aaaa option --- a/src/dnsmasq.h +++ b/src/dnsmasq.h -@@ -270,7 +270,8 @@ struct event_desc { - #define OPT_SINGLE_PORT 60 - #define OPT_LEASE_RENEW 61 - #define OPT_LOG_DEBUG 62 --#define OPT_LAST 63 -+#define OPT_FILTER_AAAA 63 -+#define OPT_LAST 64 +@@ -273,7 +273,8 @@ struct event_desc { + #define OPT_UMBRELLA 63 + #define OPT_UMBRELLA_DEVID 64 + #define OPT_CMARK_ALST_EN 65 +-#define OPT_LAST 66 ++#define OPT_FILTER_AAAA 66 ++#define OPT_LAST 67 #define OPTION_BITS (sizeof(unsigned int)*8) #define OPTION_SIZE ( (OPT_LAST/OPTION_BITS)+((OPT_LAST%OPTION_BITS)!=0) ) --- a/src/option.c +++ b/src/option.c -@@ -171,6 +171,7 @@ struct myoption { - #define LOPT_DYNHOST 362 - #define LOPT_LOG_DEBUG 363 - #define LOPT_MINTTL 364 -+#define LOPT_FILTER_AAAA 365 +@@ -174,6 +174,7 @@ struct myoption { + #define LOPT_CMARK_ALST_EN 365 + #define LOPT_CMARK_ALST 366 + #define LOPT_MINTTL 367 ++#define LOPT_FILTER_AAAA 368 #ifdef HAVE_GETOPT_LONG static const struct option opts[] = -@@ -347,6 +348,7 @@ static const struct myoption opts[] = - { "dhcp-ignore-clid", 0, 0, LOPT_IGNORE_CLID }, +@@ -353,6 +354,7 @@ static const struct myoption opts[] = { "dynamic-host", 1, 0, LOPT_DYNHOST }, { "log-debug", 0, 0, LOPT_LOG_DEBUG }, + { "umbrella", 2, 0, LOPT_UMBRELLA }, + { "filter-aaaa", 0, 0, LOPT_FILTER_AAAA }, { NULL, 0, 0, 0 } }; -@@ -530,6 +532,7 @@ static struct { - { LOPT_DUMPFILE, ARG_ONE, "", gettext_noop("Path to debug packet dump file"), NULL }, +@@ -539,6 +541,7 @@ static struct { { LOPT_DUMPMASK, ARG_ONE, "", gettext_noop("Mask which packets to dump"), NULL }, { LOPT_SCRIPT_TIME, OPT_LEASE_RENEW, NULL, gettext_noop("Call dhcp-script when lease expiry changes."), NULL }, + { LOPT_UMBRELLA, ARG_ONE, "[=]", gettext_noop("Send Cisco Umbrella identifiers including remote IP."), NULL }, + { LOPT_FILTER_AAAA, OPT_FILTER_AAAA, NULL, gettext_noop("Filter all AAAA requests."), NULL }, { 0, 0, NULL, NULL, NULL } }; --- a/src/rfc1035.c +++ b/src/rfc1035.c -@@ -1913,6 +1913,16 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen, +@@ -1948,6 +1948,16 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen, } } From 94419931982026fda9c2191c28788f0f0a72ea0c Mon Sep 17 00:00:00 2001 From: Kevin Darbyshire-Bryant Date: Sat, 26 Jun 2021 20:31:29 +0100 Subject: [PATCH 4/7] Revert "dnsmasq: Update to version 2.86test3" This reverts commit 3628870015ef46eacf2c936f36e3c1ed3b4c9855. dnsmasq v2.86test3 has some issues with ubus, so is being reverted. Signed-off-by: Kevin Darbyshire-Bryant --- package/network/services/dnsmasq/Makefile | 6 ++-- ...00-remove-old-runtime-kernel-support.patch | 4 +-- .../dnsmasq/patches/910-mini-ttl.patch | 24 ++++++------- .../patches/911-dnsmasq-filter-aaaa.patch | 34 +++++++++---------- 4 files changed, 34 insertions(+), 34 deletions(-) diff --git a/package/network/services/dnsmasq/Makefile b/package/network/services/dnsmasq/Makefile index d2bd7ff5da..b1d41fe86a 100644 --- a/package/network/services/dnsmasq/Makefile +++ b/package/network/services/dnsmasq/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=dnsmasq -PKG_VERSION:=2.86test3 +PKG_VERSION:=2.85 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz -PKG_SOURCE_URL:=http://thekelleys.org.uk/dnsmasq/test-releases -PKG_HASH:=0d0b465db89390e9f518f1239dec88b458c84489e7fd38586af6a5781f85e7db +PKG_SOURCE_URL:=http://thekelleys.org.uk/dnsmasq +PKG_HASH:=ad98d3803df687e5b938080f3d25c628fe41c878752d03fbc6199787fee312fa PKG_LICENSE:=GPL-2.0 PKG_LICENSE_FILES:=COPYING diff --git a/package/network/services/dnsmasq/patches/100-remove-old-runtime-kernel-support.patch b/package/network/services/dnsmasq/patches/100-remove-old-runtime-kernel-support.patch index 5670808afc..b601bce1a9 100644 --- a/package/network/services/dnsmasq/patches/100-remove-old-runtime-kernel-support.patch +++ b/package/network/services/dnsmasq/patches/100-remove-old-runtime-kernel-support.patch @@ -26,7 +26,7 @@ Signed-off-by: Kevin Darbyshire-Bryant --- a/src/dnsmasq.h +++ b/src/dnsmasq.h -@@ -1185,7 +1185,7 @@ extern struct daemon { +@@ -1144,7 +1144,7 @@ extern struct daemon { int inotifyfd; #endif #if defined(HAVE_LINUX_NETWORK) @@ -35,7 +35,7 @@ Signed-off-by: Kevin Darbyshire-Bryant #elif defined(HAVE_BSD_NETWORK) int dhcp_raw_fd, dhcp_icmp_fd, routefd; #endif -@@ -1368,9 +1368,6 @@ int read_write(int fd, unsigned char *pa +@@ -1326,9 +1326,6 @@ int read_write(int fd, unsigned char *pa void close_fds(long max_fd, int spare1, int spare2, int spare3); int wildcard_match(const char* wildcard, const char* match); int wildcard_matchn(const char* wildcard, const char* match, int num); diff --git a/package/network/services/dnsmasq/patches/910-mini-ttl.patch b/package/network/services/dnsmasq/patches/910-mini-ttl.patch index 817157d14f..88e7bbe383 100644 --- a/package/network/services/dnsmasq/patches/910-mini-ttl.patch +++ b/package/network/services/dnsmasq/patches/910-mini-ttl.patch @@ -1,25 +1,25 @@ --- a/src/dnsmasq.h +++ b/src/dnsmasq.h -@@ -1100,7 +1100,7 @@ extern struct daemon { +@@ -1059,7 +1059,7 @@ extern struct daemon { int max_logs; /* queue limit */ int cachesize, ftabsize; int port, query_port, min_port, max_port; - unsigned long local_ttl, neg_ttl, max_ttl, min_cache_ttl, max_cache_ttl, auth_ttl, dhcp_ttl, use_dhcp_ttl; + unsigned long local_ttl, neg_ttl, min_ttl, max_ttl, min_cache_ttl, max_cache_ttl, auth_ttl, dhcp_ttl, use_dhcp_ttl; char *dns_client_id; - u32 umbrella_org; - u32 umbrella_asset; + struct hostsfile *addn_hosts; + struct dhcp_context *dhcp, *dhcp6; --- a/src/option.c +++ b/src/option.c -@@ -173,6 +173,7 @@ struct myoption { - #define LOPT_UMBRELLA 364 - #define LOPT_CMARK_ALST_EN 365 - #define LOPT_CMARK_ALST 366 -+#define LOPT_MINTTL 367 +@@ -170,6 +170,7 @@ struct myoption { + #define LOPT_PXE_VENDOR 361 + #define LOPT_DYNHOST 362 + #define LOPT_LOG_DEBUG 363 ++#define LOPT_MINTTL 364 #ifdef HAVE_GETOPT_LONG static const struct option opts[] = -@@ -291,6 +292,7 @@ static const struct myoption opts[] = +@@ -288,6 +289,7 @@ static const struct myoption opts[] = { "dhcp-name-match", 1, 0, LOPT_NAME_MATCH }, { "dhcp-broadcast", 2, 0, LOPT_BROADCAST }, { "neg-ttl", 1, 0, LOPT_NEGTTL }, @@ -27,7 +27,7 @@ { "max-ttl", 1, 0, LOPT_MAXTTL }, { "min-cache-ttl", 1, 0, LOPT_MINCTTL }, { "max-cache-ttl", 1, 0, LOPT_MAXCTTL }, -@@ -423,6 +425,7 @@ static struct { +@@ -417,6 +419,7 @@ static struct { { 't', ARG_ONE, "", gettext_noop("Specify default target in an MX record."), NULL }, { 'T', ARG_ONE, "", gettext_noop("Specify time-to-live in seconds for replies from /etc/hosts."), NULL }, { LOPT_NEGTTL, ARG_ONE, "", gettext_noop("Specify time-to-live in seconds for negative caching."), NULL }, @@ -35,7 +35,7 @@ { LOPT_MAXTTL, ARG_ONE, "", gettext_noop("Specify time-to-live in seconds for maximum TTL to send to clients."), NULL }, { LOPT_MAXCTTL, ARG_ONE, "", gettext_noop("Specify time-to-live ceiling for cache."), NULL }, { LOPT_MINCTTL, ARG_ONE, "", gettext_noop("Specify time-to-live floor for cache."), NULL }, -@@ -3101,6 +3104,7 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma +@@ -2835,6 +2838,7 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma case 'T': /* --local-ttl */ case LOPT_NEGTTL: /* --neg-ttl */ @@ -43,7 +43,7 @@ case LOPT_MAXTTL: /* --max-ttl */ case LOPT_MINCTTL: /* --min-cache-ttl */ case LOPT_MAXCTTL: /* --max-cache-ttl */ -@@ -3112,6 +3116,8 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma +@@ -2846,6 +2850,8 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma ret_err(gen_err); else if (option == LOPT_NEGTTL) daemon->neg_ttl = (unsigned long)ttl; diff --git a/package/network/services/dnsmasq/patches/911-dnsmasq-filter-aaaa.patch b/package/network/services/dnsmasq/patches/911-dnsmasq-filter-aaaa.patch index b97de4f7e4..42f69957bb 100644 --- a/package/network/services/dnsmasq/patches/911-dnsmasq-filter-aaaa.patch +++ b/package/network/services/dnsmasq/patches/911-dnsmasq-filter-aaaa.patch @@ -11,45 +11,45 @@ Subject: [PATCH] add filter-aaaa option --- a/src/dnsmasq.h +++ b/src/dnsmasq.h -@@ -273,7 +273,8 @@ struct event_desc { - #define OPT_UMBRELLA 63 - #define OPT_UMBRELLA_DEVID 64 - #define OPT_CMARK_ALST_EN 65 --#define OPT_LAST 66 -+#define OPT_FILTER_AAAA 66 -+#define OPT_LAST 67 +@@ -270,7 +270,8 @@ struct event_desc { + #define OPT_SINGLE_PORT 60 + #define OPT_LEASE_RENEW 61 + #define OPT_LOG_DEBUG 62 +-#define OPT_LAST 63 ++#define OPT_FILTER_AAAA 63 ++#define OPT_LAST 64 #define OPTION_BITS (sizeof(unsigned int)*8) #define OPTION_SIZE ( (OPT_LAST/OPTION_BITS)+((OPT_LAST%OPTION_BITS)!=0) ) --- a/src/option.c +++ b/src/option.c -@@ -174,6 +174,7 @@ struct myoption { - #define LOPT_CMARK_ALST_EN 365 - #define LOPT_CMARK_ALST 366 - #define LOPT_MINTTL 367 -+#define LOPT_FILTER_AAAA 368 +@@ -171,6 +171,7 @@ struct myoption { + #define LOPT_DYNHOST 362 + #define LOPT_LOG_DEBUG 363 + #define LOPT_MINTTL 364 ++#define LOPT_FILTER_AAAA 365 #ifdef HAVE_GETOPT_LONG static const struct option opts[] = -@@ -353,6 +354,7 @@ static const struct myoption opts[] = +@@ -347,6 +348,7 @@ static const struct myoption opts[] = + { "dhcp-ignore-clid", 0, 0, LOPT_IGNORE_CLID }, { "dynamic-host", 1, 0, LOPT_DYNHOST }, { "log-debug", 0, 0, LOPT_LOG_DEBUG }, - { "umbrella", 2, 0, LOPT_UMBRELLA }, + { "filter-aaaa", 0, 0, LOPT_FILTER_AAAA }, { NULL, 0, 0, 0 } }; -@@ -539,6 +541,7 @@ static struct { +@@ -530,6 +532,7 @@ static struct { + { LOPT_DUMPFILE, ARG_ONE, "", gettext_noop("Path to debug packet dump file"), NULL }, { LOPT_DUMPMASK, ARG_ONE, "", gettext_noop("Mask which packets to dump"), NULL }, { LOPT_SCRIPT_TIME, OPT_LEASE_RENEW, NULL, gettext_noop("Call dhcp-script when lease expiry changes."), NULL }, - { LOPT_UMBRELLA, ARG_ONE, "[=]", gettext_noop("Send Cisco Umbrella identifiers including remote IP."), NULL }, + { LOPT_FILTER_AAAA, OPT_FILTER_AAAA, NULL, gettext_noop("Filter all AAAA requests."), NULL }, { 0, 0, NULL, NULL, NULL } }; --- a/src/rfc1035.c +++ b/src/rfc1035.c -@@ -1948,6 +1948,16 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen, +@@ -1913,6 +1913,16 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen, } } From 61eafab82ce8fb58439b4af3003688ab328549ef Mon Sep 17 00:00:00 2001 From: Kevin Darbyshire-Bryant Date: Sat, 26 Jun 2021 20:30:58 +0100 Subject: [PATCH 5/7] Revert "dnsmasq: add config option for connmark DNS filtering" This reverts commit dea4bae7c2b963af02e1e3e3bdb5cd656a5ea3d3. dnsmasq v2.86test3 has some issues with ubus and needs reverting, hence this needs reverting. Signed-off-by: Kevin Darbyshire-Bryant --- package/network/services/dnsmasq/files/dnsmasq.init | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/package/network/services/dnsmasq/files/dnsmasq.init b/package/network/services/dnsmasq/files/dnsmasq.init index 9ca5bd3e97..4c0a324657 100644 --- a/package/network/services/dnsmasq/files/dnsmasq.init +++ b/package/network/services/dnsmasq/files/dnsmasq.init @@ -172,10 +172,6 @@ append_ipset() { xappend "--ipset=$1" } -append_connmark_allowlist() { - xappend "--connmark-allowlist=$1" -} - append_interface() { network_get_device ifname "$1" || ifname="$1" xappend "--interface=$ifname" @@ -921,14 +917,6 @@ dnsmasq_start() config_list_foreach "$cfg" "rev_server" append_rev_server config_list_foreach "$cfg" "address" append_address config_list_foreach "$cfg" "ipset" append_ipset - - local connmark_allowlist_enable - config_get connmark_allowlist_enable "$cfg" connmark_allowlist_enable 0 - [ "$connmark_allowlist_enable" -gt 0 ] && { - append_parm "$cfg" "connmark_allowlist_enable" "--connmark-allowlist-enable" - config_list_foreach "$cfg" "connmark_allowlist" append_connmark_allowlist - } - [ -n "$BOOT" ] || { config_list_foreach "$cfg" "interface" append_interface config_list_foreach "$cfg" "notinterface" append_notinterface From 7f5fc556aaf5f68faf0abd94656bae5ee03309a1 Mon Sep 17 00:00:00 2001 From: Hans Dedecker Date: Sun, 27 Jun 2021 15:29:25 +0200 Subject: [PATCH 6/7] glibc: update to latest 2.33 HEAD (BZ #27646, bug 27896, BZ #15271) 58b90461ae elf: Use _dl_catch_error from base namespace in dl-libc.c [BZ #27646] 8c06748c51 Fix use of __pthread_attr_copy in mq_notify (bug 27896) 4b6be914bd Use __pthread_attr_copy in mq_notify (bug 27896) f4cba6ca1e dlfcn: Failures after dlmopen should not terminate process [BZ #15271] Signed-off-by: Hans Dedecker --- toolchain/glibc/common.mk | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/toolchain/glibc/common.mk b/toolchain/glibc/common.mk index b88a456ce7..ec0621494f 100644 --- a/toolchain/glibc/common.mk +++ b/toolchain/glibc/common.mk @@ -12,8 +12,8 @@ PKG_RELEASE:=2 PKG_SOURCE_PROTO:=git PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION) -PKG_SOURCE_VERSION:=0ef0e6de7fdfa18328b09ba2afb4f0112d4bdab4 -PKG_MIRROR_HASH:=1f2cfa8bd69f6286f2449317758e3ef29fc55cd420dfe8cd9327f149b0e9ac62 +PKG_SOURCE_VERSION:=58b90461ae100c95e0bc53d29d2187bad290ecaf +PKG_MIRROR_HASH:=33fc6ec88cbf9235b151bea67db8922ef6f42dd5c1f4ff462077224fa3916be4 PKG_SOURCE_URL:=https://sourceware.org/git/glibc.git PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.xz From 692074dbc2dab1200106f47957b0e0b0e5bd75f8 Mon Sep 17 00:00:00 2001 From: Paul Spooren Date: Wed, 23 Jun 2021 11:58:51 -1000 Subject: [PATCH 7/7] dante: move to packages.git Rather than maintaining it in core, move it to packages.git where it's maintained by a community. Signed-off-by: Paul Spooren --- package/network/utils/dante/Makefile | 118 ------------------ .../dante/patches/200-fix-RTLD_NEXT.patch | 36 ------ .../210-deactivate-sched_setscheduler.patch | 53 -------- 3 files changed, 207 deletions(-) delete mode 100644 package/network/utils/dante/Makefile delete mode 100644 package/network/utils/dante/patches/200-fix-RTLD_NEXT.patch delete mode 100644 package/network/utils/dante/patches/210-deactivate-sched_setscheduler.patch diff --git a/package/network/utils/dante/Makefile b/package/network/utils/dante/Makefile deleted file mode 100644 index 15bd6d2afc..0000000000 --- a/package/network/utils/dante/Makefile +++ /dev/null @@ -1,118 +0,0 @@ -# -# Copyright (C) 2011 OpenWrt.org -# -# This is free software, licensed under the GNU General Public License v2. -# See /LICENSE for more information. -# - -include $(TOPDIR)/rules.mk - -PKG_NAME:=dante -PKG_VERSION:=1.4.1 -PKG_RELEASE:=4 - -PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz -PKG_SOURCE_URL:=http://www.inet.no/dante/files/ -PKG_HASH:=b6d232bd6fefc87d14bf97e447e4fcdeef4b28b16b048d804b50b48f261c4f53 - -PKG_MAINTAINER:=Jo-Philipp Wich -PKG_LICENSE:=BSD-4-Clause - -PKG_FIXUP:=autoreconf -PKG_INSTALL:=1 - -include $(INCLUDE_DIR)/package.mk - -CONFIGURE_ARGS += \ - --without-upnp \ - --without-pam \ - --disable-libwrap - -CONFIGURE_VARS += \ - ac_cv_search_pam_start="" \ - ac_cv_func_sched_setscheduler=no - -define Build/InstallDev - $(INSTALL_DIR) $(1)/usr/include - $(CP) $(PKG_INSTALL_DIR)/usr/include/* $(1)/usr/include/ - $(INSTALL_DIR) $(1)/usr/lib - $(CP) $(PKG_INSTALL_DIR)/usr/lib/*.{a,so*,la} $(1)/usr/lib/ -endef - - -define Package/dante/default - TITLE:=Dante SOCKS - URL:=http://www.inet.no/dante/ -endef - -define Package/dante/default/description -Dante is a circuit-level firewall/proxy that can be used to provide convenient -and secure network connectivity, requiring only that the server Dante runs on -has external network connectivity. Dante is used daily by Fortune 100 companies -and large international organizations, either as a standard SOCKS server or as -a "reverse proxy". -endef - -define Package/libsocks - $(call Package/dante/default) - SECTION:=libs - CATEGORY:=Libraries - TITLE+= Library - ABI_VERSION:=0 -endef - -define Package/libsocks/description -$(call Package/dante/default/description) -This package provides the shared libsocks library. -endef - -define Package/libsocks/install - $(INSTALL_DIR) $(1)/usr/lib - $(CP) $(PKG_INSTALL_DIR)/usr/lib/libsocks.so.* $(1)/usr/lib/ -endef - - -define Package/sockd - $(call Package/dante/default) - SUBMENU:=Web Servers/Proxies - SECTION:=net - CATEGORY:=Network - TITLE+= Daemon -endef - -define Package/sockd/description -$(call Package/dante/default/description) -This package provides the Dante sockd daemon. -endef - -define Package/sockd/install - $(INSTALL_DIR) $(1)/usr/sbin - $(CP) $(PKG_INSTALL_DIR)/usr/sbin/sockd $(1)/usr/sbin/ -endef - - -define Package/socksify - $(call Package/dante/default) - SECTION:=net - CATEGORY:=Network - SUBMENU:=Web Servers/Proxies - TITLE+= Client -endef - -define Package/socksify/description -$(call Package/dante/default/description) -This package provides the Dante socksify client. -endef - -define Package/socksify/install - $(INSTALL_DIR) $(1)/usr/bin - $(CP) $(PKG_INSTALL_DIR)/usr/bin/socksify $(1)/usr/bin/ - - $(INSTALL_DIR) $(1)/usr/lib - $(CP) $(PKG_INSTALL_DIR)/usr/lib/libdsocks.so* $(1)/usr/lib/ -endef - - -$(eval $(call BuildPackage,libsocks)) -$(eval $(call BuildPackage,sockd)) -$(eval $(call BuildPackage,socksify)) diff --git a/package/network/utils/dante/patches/200-fix-RTLD_NEXT.patch b/package/network/utils/dante/patches/200-fix-RTLD_NEXT.patch deleted file mode 100644 index 594a6f900b..0000000000 --- a/package/network/utils/dante/patches/200-fix-RTLD_NEXT.patch +++ /dev/null @@ -1,36 +0,0 @@ ---- a/lib/address.c -+++ b/lib/address.c -@@ -48,11 +48,12 @@ - - #include "upnp.h" - --#ifndef __USE_GNU --#define __USE_GNU /* XXX for RTLD_NEXT on Linux */ --#endif /* !__USE_GNU */ - #include - -+#ifndef RTLD_NEXT -+#define RTLD_NEXT ((void *) -1l) -+#endif -+ - static const char rcsid[] = - "$Id: address.c,v 1.288.4.4 2014/08/15 18:16:40 karls Exp $"; - ---- a/dlib/interposition.c -+++ b/dlib/interposition.c -@@ -93,11 +93,12 @@ write$NOCANCEL(HAVE_PROT_WRITE_1, HAVE_P - - #endif /* HAVE_DARWIN */ - --#ifndef __USE_GNU --#define __USE_GNU /* XXX for RTLD_NEXT on Linux */ --#endif /* !__USE_GNU */ - #include - -+#ifndef RTLD_NEXT -+#define RTLD_NEXT ((void *) -1l) -+#endif -+ - #ifdef __COVERITY__ - /* - * Coverity naturally has no idea what the function sys_foo calls does, diff --git a/package/network/utils/dante/patches/210-deactivate-sched_setscheduler.patch b/package/network/utils/dante/patches/210-deactivate-sched_setscheduler.patch deleted file mode 100644 index e711189c59..0000000000 --- a/package/network/utils/dante/patches/210-deactivate-sched_setscheduler.patch +++ /dev/null @@ -1,53 +0,0 @@ -When compiled with glibc the config_scan.c wants to use the -cpupolicy2numeric() function which is only available when -HAVE_SCHED_SETSCHEDULER is set. It looks like the wrong define was used here. - -This fixes a build problem with glibc in combination with the force -ac_cv_func_sched_setscheduler=no in the OpenWrt CONFIGURE_VARS. - ---- a/lib/config_scan.c -+++ b/lib/config_scan.c -@@ -3891,7 +3891,7 @@ YY_RULE_SETUP - SERRX(0); - - #else /* !SOCKS_CLIENT */ --#if HAVE_SCHED_SETAFFINITY -+#if HAVE_SCHED_SETSCHEDULER - - BEGIN(0); - -@@ -3899,9 +3899,9 @@ YY_RULE_SETUP - yyerrorx("unknown scheduling policy \"%s\"", yytext); - - return SCHEDULEPOLICY; --#else /* !HAVE_SCHED_SETAFFINITY */ -+#else /* !HAVE_SCHED_SETSCHEDULER */ - yyerrorx("setting cpu scheduling policy is not supported on this platform"); --#endif /* !HAVE_SCHED_SETAFFINITY */ -+#endif /* !HAVE_SCHED_SETSCHEDULER */ - - #endif /* SOCKS_CLIENT */ - } ---- a/lib/config_scan.l -+++ b/lib/config_scan.l -@@ -456,7 +456,7 @@ cpu { - SERRX(0); - - #else /* !SOCKS_CLIENT */ --#if HAVE_SCHED_SETAFFINITY -+#if HAVE_SCHED_SETSCHEDULER - - BEGIN(0); - -@@ -464,9 +464,9 @@ cpu { - yyerrorx("unknown scheduling policy \"%s\"", yytext); - - return SCHEDULEPOLICY; --#else /* !HAVE_SCHED_SETAFFINITY */ -+#else /* !HAVE_SCHED_SETSCHEDULER */ - yyerrorx("setting cpu scheduling policy is not supported on this platform"); --#endif /* !HAVE_SCHED_SETAFFINITY */ -+#endif /* !HAVE_SCHED_SETSCHEDULER */ - - #endif /* SOCKS_CLIENT */ - }