--- dnsmasq-2.41.orig/debian/control +++ dnsmasq-2.41/debian/control @@ -0,0 +1,31 @@ +Source: dnsmasq +Section: net +Priority: optional +Maintainer: Ubuntu Core Developers +XSBC-Original-Maintainer: Simon Kelley +Build-depends: gettext, libdbus-1-dev (>=0.61), gawk +Standards-Version: 3.7.2 + +Package: dnsmasq +Architecture: all +Depends: netbase, adduser, dnsmasq-base +Suggests: resolvconf +Conflicts: resolvconf (<<1.15) +Description: A small caching DNS proxy and DHCP/TFTP server + Dnsmasq is a lightweight, easy to configure, DNS forwarder and DHCP + server. It is designed to provide DNS and optionally, DHCP, to a + small network. It can serve the names of local machines which are + not in the global DNS. The DHCP server integrates with the DNS + server and allows machines with DHCP-allocated addresses + to appear in the DNS with names configured either in each host or + in a central configuration file. Dnsmasq supports static and dynamic + DHCP leases and BOOTP/TFTP for network booting of diskless machines. + +Package: dnsmasq-base +Architecture: any +Depends: ${shlibs:Depends} +Conflicts: dnsmasq (<<2.41) +Description: A small caching DNS proxy and DHCP/TFTP server + This package contains the dnsmasq executable and documentation, but + not the infrastructure required to run it as a system daemon. For + that, install the dnsmasq package. --- dnsmasq-2.41.orig/debian/default +++ dnsmasq-2.41/debian/default @@ -0,0 +1,21 @@ +# NOTE: +# +# From version 1.10, dnsmasq itself reads a +# config file at /etc/dnsmasq.conf so you may +# want to set options there rather than here. +# +# This file now has only three functions, +# to completely disable starting dnsmasq, +# to set DOMAIN_SUFFIX by running `dnsdomainname` +# and to select an alternative config file +# by setting DNSMASQ_OPTS to --conf-file= +# +# For upgraders, all the shell variables set here in previous versions +# are still honored by the init script so if you just keep your old +# version of this file nothing will break. + +#DOMAIN_SUFFIX=`dnsdomainname` +#DNSMASQ_OPTS="--conf-file=/etc/dnsmasq.alt" + +# Whether or not to run the dnsmasq daemon; set to 0 to disable. +ENABLED=1 --- dnsmasq-2.41.orig/debian/conffiles +++ dnsmasq-2.41/debian/conffiles @@ -0,0 +1,5 @@ +/etc/init.d/dnsmasq +/etc/default/dnsmasq +/etc/dnsmasq.conf +/etc/resolvconf/update.d/dnsmasq +/etc/dbus-1/system.d/dnsmasq.conf --- dnsmasq-2.41.orig/debian/resolvconf +++ dnsmasq-2.41/debian/resolvconf @@ -0,0 +1,70 @@ +#!/bin/sh +# +# Script to update the resolver list for dnsmasq +# +# N.B. Resolvconf may run us even if dnsmasq is not running. +# If dnsmasq is installed then we go ahead and update +# the resolver list in case dnsmasq is started later. +# +# Assumption: On entry, PWD contains the resolv.conf-type files +# +# Depends: resolvconf (>= 1.14) +# +# Licensed under the GNU GPL. See /usr/share/common-licenses/GPL. +# +# History +# June 2003 - June 2004: Written by Thomas Hood + +set -e + +RUN_DIR="/var/run/dnsmasq" +RSLVRLIST_FILE="${RUN_DIR}/resolv.conf" +TMP_FILE="${RSLVRLIST_FILE}_new.$$" + +[ -x /usr/sbin/dnsmasq ] || exit 0 +[ -x /lib/resolvconf/list-records ] || exit 1 + +PATH=/bin:/sbin + +report_err() { echo "$0: Error: $*" >&2 ; } + +# Stores arguments (minus duplicates) in RSLT, separated by spaces +# Doesn't work properly if an argument itself contain whitespace +uniquify() +{ + RSLT="" + while [ "$1" ] ; do + for E in $RSLT ; do + [ "$1" = "$E" ] && { shift ; continue 2 ; } + done + RSLT="${RSLT:+$RSLT }$1" + shift + done +} + +if [ ! -d "$RUN_DIR" ] && ! mkdir --parents --mode=0755 "$RUN_DIR" ; then + report_err "Failed trying to create directory $RUN_DIR" + exit 1 +fi + +RSLVCNFFILES="$(/lib/resolvconf/list-records | sed -e '/^lo.dnsmasq$/d')" + +NMSRVRS="" +if [ "$RSLVCNFFILES" ] ; then + uniquify $(sed -n -e 's/^[[:space:]]*nameserver[[:space:]]\+//p' $RSLVCNFFILES) + NMSRVRS="$RSLT" +fi + +clean_up() { rm -f "$TMP_FILE" ; } +trap clean_up EXIT +: >| "$TMP_FILE" +for N in $NMSRVRS ; do echo "nameserver $N" >> "$TMP_FILE" ; done +mv -f "$TMP_FILE" "$RSLVRLIST_FILE" + +# dnsmasq uses the mtime of the file to detect changes. This has a resolution of one second, +# so it's possible that if two or more changes occur rapidly, the second change could +# be missed. We avoid this possibility by delaying here. +sleep 1 + + + --- dnsmasq-2.41.orig/debian/rules +++ dnsmasq-2.41/debian/rules @@ -0,0 +1,127 @@ +#!/usr/bin/make -f +# debian/rules file - for dnsmasq. +# Copyright 2001 by Simon Kelley +# Based on the sample in the debian hello package which carries the following: +# Copyright 1994,1995 by Ian Jackson. +# I hereby give you perpetual unlimited permission to copy, +# modify and relicense this file, provided that you do not remove +# my name from the file itself. (I assert my moral right of +# paternity under the Copyright, Designs and Patents Act 1988.) +# This file may have to be extensively modified + +package=dnsmasq-base + +# policy manual, section 10.1 +ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS))) + CFLAGS = -g -O0 -Wall -W +else + CFLAGS = -g -O2 -Wall -W +endif + +COPTS = +TARGET = install-i18n + +ifeq (,$(findstring nodbus,$(DEB_BUILD_OPTIONS))) + COPTS += -DHAVE_DBUS +endif + +ifneq (,$(findstring noipv6,$(DEB_BUILD_OPTIONS))) + COPTS += -DNO_IPV6 +endif + +ifneq (,$(findstring notftp,$(DEB_BUILD_OPTIONS))) + COPTS += -DNO_TFTP +endif + +ifneq (,$(findstring nortc,$(DEB_BUILD_OPTIONS))) + COPTS += -DHAVE_BROKEN_RTC +endif + +ifneq (,$(findstring noi18n,$(DEB_BUILD_OPTIONS))) + TARGET = install +endif + +clean: + $(checkdir) + rm -rf debian/daemon debian/base debian/*~ debian/files debian/substvars + make clean + +binary-indep: checkroot + rm -rf debian/daemon + install -m 755 \ + -d debian/daemon/DEBIAN \ + -d debian/daemon/usr/share/doc \ + -d debian/daemon/etc/init.d \ + -d debian/daemon/etc/resolvconf/update.d \ + -d debian/daemon/etc/default \ + -d debian/daemon/etc/dbus-1/system.d + install -m 644 debian/conffiles debian/daemon/DEBIAN + install -m 755 debian/postinst debian/postrm debian/prerm debian/daemon/DEBIAN + install -m 755 debian/init debian/daemon/etc/init.d/dnsmasq + install -m 755 debian/resolvconf debian/daemon/etc/resolvconf/update.d/dnsmasq + install -m 644 debian/default debian/daemon/etc/default/dnsmasq + install -m 644 dnsmasq.conf.example debian/daemon/etc/dnsmasq.conf + install -m 644 dbus/dnsmasq.conf debian/daemon/etc/dbus-1/system.d/dnsmasq.conf + ln -s $(package) debian/daemon/usr/share/doc/dnsmasq + cd debian/daemon && find . -type f ! -regex '.*DEBIAN/.*' -printf '%P\0' | xargs -r0 md5sum > DEBIAN/md5sums + dpkg-gencontrol -pdnsmasq -Pdebian/daemon + chown -R root.root debian/daemon + chmod -R g-ws debian/daemon + dpkg --build debian/daemon .. + +binary-arch: checkroot + $(checkdir) + rm -rf debian/base + install -m 755 \ + -d debian/base/DEBIAN \ + -d debian/base/usr/share/doc/$(package) \ + -d debian/base/usr/share/doc/$(package)/examples \ + -d debian/base/var/run \ + -d debian/base/var/lib/misc + make $(TARGET) PREFIX=/usr DESTDIR=`pwd`/debian/base CFLAGS="$(CFLAGS)" COPTS="$(COPTS)" CC=gcc AWK=gawk +ifeq (,$(findstring nodocs,$(DEB_BUILD_OPTIONS))) + install -m 644 doc.html debian/base/usr/share/doc/$(package)/. + install -m 644 setup.html debian/base/usr/share/doc/$(package)/. + install -m 644 dnsmasq.conf.example debian/base/usr/share/doc/$(package)/examples/. + install -m 644 FAQ debian/base/usr/share/doc/$(package)/. + gzip -9 debian/base/usr/share/doc/$(package)/FAQ + install -m 644 CHANGELOG debian/base/usr/share/doc/$(package)/changelog + gzip -9 debian/base/usr/share/doc/$(package)/changelog + install -m 644 dbus/DBus-interface debian/base/usr/share/doc/$(package)/. + gzip -9 debian/base/usr/share/doc/$(package)/DBus-interface +endif + install -m 644 debian/changelog debian/base/usr/share/doc/$(package)/changelog.Debian + gzip -9 debian/base/usr/share/doc/$(package)/changelog.Debian + install -m 644 debian/readme debian/base/usr/share/doc/$(package)/README.Debian + install -m 644 debian/copyright debian/base/usr/share/doc/$(package)/copyright + gzip -9 debian/base/usr/share/man/man8/dnsmasq.8 + for f in debian/base/usr/share/man/*; do \ + if [ -f $$f/man8/dnsmasq.8 ]; then \ + gzip -9 $$f/man8/dnsmasq.8 ; \ + fi \ + done +ifeq (,$(findstring nostrip,$(DEB_BUILD_OPTIONS))) + strip -R .note -R .comment debian/base/usr/sbin/dnsmasq +endif + cd debian/base && find . -type f ! -regex '.*DEBIAN/.*' -printf '%P\0' | xargs -r0 md5sum > DEBIAN/md5sums + dpkg-shlibdeps debian/base/usr/sbin/dnsmasq + dpkg-gencontrol -pdnsmasq-base -Pdebian/base + chown -R root.root debian/base + chmod -R g-ws debian/base + dpkg --build debian/base .. + +define checkdir + test -f FAQ -a -f debian/rules +endef + +# Below here is fairly generic really + +binary: binary-arch binary-indep +build: + +checkroot: + test root = "`whoami`" + +.PHONY: binary binary-arch binary-indep clean checkroot + + --- dnsmasq-2.41.orig/debian/readme +++ dnsmasq-2.41/debian/readme @@ -0,0 +1,53 @@ +Notes on configuring dnsmasq as packaged for Debian. + +(1) To configure dnsmasq edit /etc/dnsmasq.conf. The file is well + commented; see also the dnsmasq.8 man page for explanation of + the options. The file /etc/default/dnsmasq also exists but it + shouldn't need to be touched in most cases. To set up DHCP + options you might need to refer to a copy of RFC 2132. This is + available on Debian systems in the package doc-rfc-std as the file + /usr/share/doc/RFC/draft-standard/rfc2132.txt.gz . + +(2) If the Debian resolvconf package is installed then, regardless + of what interface configuration daemons are employed, the list of + nameservers to which dnsmasq should forward queries can be found + in /var/run/dnsmasq/resolv.conf; also, 127.0.0.1 is listed as the + first nameserver address in /etc/resolv.conf. This works using the + default configurations of resolvconf and dnsmasq. + +(3) In the absence of resolvconf, if you are using dhcpcd then + dnsmasq should read the list of nameservers from the automatically + generated file /etc/dhcpc/resolv.conf. You should list 127.0.0.1 + as the first nameserver address in /etc/resolv.conf. + +(4) In the absence of resolvconf, if you are using pppd then + dnsmasq should read the list of nameservers from the automatically + generated file /etc/ppp/resolv.conf. You should list 127.0.0.1 + as the first nameserver address in /etc/resolv.conf. + +(5) If you run multiple DNS servers on a single machine, each + listening on a different interface, then it is necessary from + version 2.3 on to use the bind-interfaces option by uncommenting + "bind-interfaces" in /etc/dnsmasq.conf. This option stops dnsmasq + from binding the wildcard address and allows servers listening on + port 53 on interfaces not in use by dnsmasq to work. + +(6) From version 2.28, the ability to read lease-files from ISC dhcpd + is not included in the Debian binary package. This facility is + considered by upstream to be obsolete. The code still exists, and + can be enabled by editing src/config.h and building from + source. It is strongly suggested that you either use the + DHCP server built in to dnsmasq, or, if you have a very complex DHCP + configuration, the ISC server and BIND. For simple configurations, you + can move to the builtin server by removing the dhcp-leasefile + configuration item, and adding a dhcp-range configuration. + +(7) The following options are supported in DEB_BUILD_OPTIONS + noopt : compile without optimisation. + nostrip : don't remove symbols from binary. + nodocs : omit documentation. + notftp : omit TFTP support. + noipv6 : omit IPv6 support. + nodbus : omit DBus support. + nortc : compile alternate mode suitable for systems without an RTC. + noi18n : omit translations and internationalistaion support. --- dnsmasq-2.41.orig/debian/prerm +++ dnsmasq-2.41/debian/prerm @@ -0,0 +1,14 @@ +#!/bin/sh +set -e + +if [ "$1" = "remove" ]; then + if [ -x /usr/sbin/invoke-rc.d ] ; then + invoke-rc.d dnsmasq stop || true + else + /etc/init.d/dnsmasq stop || true + fi +fi + +exit 0 + + --- dnsmasq-2.41.orig/debian/changelog +++ dnsmasq-2.41/debian/changelog @@ -0,0 +1,780 @@ +dnsmasq (2.41-2ubuntu2.1) hardy-security; urgency=low + + * SECURITY UPDATE: randomize UDP query source ports to improve forgery + resilience + * Implement random source ports for interactions with other nameservers, + replace the libc RNG with the SURF RNG from DJBDNS package (patch from + upstream 2.43 release) + * References + CVE-2008-1447 + + -- Thierry Carrez Thu, 17 Jul 2008 14:57:18 -0400 + +dnsmasq (2.41-2ubuntu2) hardy-proposed; urgency=low + + * Fix log_msg_end initscript typos, patch from Eric Shattow (LP: #235868) + + -- Thierry Carrez Mon, 16 Jun 2008 09:37:51 +0200 + +dnsmasq (2.41-2ubuntu1) hardy; urgency=low + + * Merge from debian unstable, remaining changes: + - Properly LSBify init script (replace echo with appropriate log_*_msg + calls). + - Call update-rc.d with the multiuser option. See TearDown spec for + details. + * Updated maintainer to core-dev as promotion is imminent. + + -- Soren Hansen Fri, 28 Mar 2008 12:17:29 +0100 + +dnsmasq (2.41-2) unstable; urgency=low + + * Fix rules to build binary-arch and binary-indep correctly. + + -- Simon Kelley Wed, 27 Feb 2008 19:57:10 +0000 + +dnsmasq (2.41-1) unstable; urgency=low + + * New upstream. + * Fix typo. (closes: #448038) + * Fix DHCP problem interoperating with Sony Ericsson K610i (closes: #451871) + * Split binary packages into dnsmasq and dnsmasq-base (closes: #463407) + * Add warnings about bad effects of --filterwin2k to default config + file. (closes: #464357) + * Don't declare Provides: $named in LSB header. (closes: #464512) + * Remove conflict with pdnsd. (closes: #464691) + * Add ability to disable dnsmasq in /etc/default/dnsmasq. (closes: #465062) + + -- Simon Kelley Thu, 31 Jan 2008 20:25:28 +0000 + +dnsmasq (2.40-1ubuntu4) hardy; urgency=low + + * Properly LSBify init script (replace echo with appropriate log_*_msg + calls). + * Call update-rc.d with the multiuser option. See TearDown spec for + details. + + -- Soren Hansen Wed, 05 Mar 2008 12:16:25 +0100 + +dnsmasq (2.40-1ubuntu3) hardy; urgency=low + + * Changed version conflicts to not conflict with itself. (LP: #190961) + + -- Soren Hansen Tue, 12 Feb 2008 01:40:01 +0100 + +dnsmasq (2.40-1ubuntu2) hardy; urgency=low + + * Properly populate /usr/share/doc/dnsmasq-base + * Make /usr/share/doc/dnsmasq a symlink to /usr/share/doc/dnsmasq-base + * Make dnsmasq arch: all. + + -- Soren Hansen Fri, 08 Feb 2008 16:47:17 +0100 + +dnsmasq (2.40-1ubuntu1) hardy; urgency=low + + * Split package into a dnsmasq-base and dnsmasq (grabbed + debian/{control,rules} from 2.41rc2 package). + * Modify Maintainer value to match the DebianMaintainerField + specification. + + -- Soren Hansen Tue, 05 Feb 2008 14:04:57 +0100 + +dnsmasq (2.40-1) unstable; urgency=low + + * New upstream. + * Fix manpage typo. (closes: #429412) + * Fix dnsmasq.conf typos (closes: #429929) + * Handle DEB_BUILD_OPTIONS nostrip and noopt (closes: #436784) + * Add DEB_BUILD_OPTIONS for nodocs, notftp, noipv6, + nodbus, noi18n and nortc. + * Create DEBIAN/md5sums file in package. + * Add status function to init script. (closes: #439316) + + -- Simon Kelley Thu, 9 Aug 2007 10:24:18 +0000 + +dnsmasq (2.39-1) unstable; urgency=low + + * New upstream. + * Provide example config file in /usr/share/doc/dnsmasq/examples + as well as /etc/dnsmasq.conf, so it's available for reference. + + -- Simon Kelley Thu, 13 Feb 2007 10:02:38 +0000 + +dnsmasq (2.38-1) unstable; urgency=low + + * New upstream (closes: #410185) + + -- Simon Kelley Tue, 6 Feb 2007 21:14:58 +0000 + +dnsmasq (2.37-1) unstable; urgency=low + + * New upstream. + + -- Simon Kelley Thu, 25 Jan 2007 10:44:18 +0000 + +dnsmasq (2.36-1) unstable; urgency=low + + * New upstream. (closes: #400037) + * Don't fail to purge if deluser command is not available. + * Add one second sleep to resolvconf script. (closes: #398961) + * Fix dnsmasq.conf typo (closes: #405314) + + -- Simon Kelley Tue, 31 Oct 2006 10:24:58 +0000 + +dnsmasq (2.35-1) unstable; urgency=low + + * New upstream. + + -- Simon Kelley Wed, 18 Oct 2006 09:23:28 +0000 + +dnsmasq (2.34-1) unstable; urgency=low + + * New upstream. + * Includes --clear-on-reload flag. (loses: #391654) + * Don't any longer set the "domain-needed" and "bogus-priv" flags in the + * the default-installed dnsmasq.conf. These can generate puzzling + * behaviour for people who get them without asking. + + -- Simon Kelley Wed, 9 Aug 2006 09:23:28 +0000 + +dnsmasq (2.33-1) unstable; urgency=low + + * New upstream. + * Remove bashism from Makefile (closes: #375409) + * Added Provides: $named to LSB header in init script. + * Add --dns-forward-max flag. (closes: #377506) + + -- Simon Kelley Sun, 25 June 2006 18:03:13 +0000 + +dnsmasq (2.32-2) unstable; urgency=low + + * Added LSB tags to init.d startup script. (closes: #374650) + + -- Simon Kelley Sun, 25 June 2006 17:55:11 +0000 + +dnsmasq (2.32-1) unstable; urgency=low + + * New upstream. + + -- Simon Kelley Mon, 8 May 2006 09:23:28 +0000 + +dnsmasq (2.31-1) unstable; urgency=high + + * New upstream. (closes: #364800) + * Compile in Dbus support now that suitable Dbus packages exist. + * Don't stop an old dnsmasq process, until a new one is ready, + when upgrading. (closes: #366224) + * Move to standards-version 3.7.2 (no changes needed). + + -- Simon Kelley Sat, 6 May 2006 11:58:22 +0000 + +dnsmasq (2.30-1) unstable; urgency=low + + * New upstream, fixes crash with DHCP broadcast replies. + + -- Simon Kelley Sun, 23 Apr 2006 14:58:22 +0000 + +dnsmasq (2.29-1) unstable; urgency=low + + * New upstream. (closes: #363244) (closes: #363340) + * Made config options clearer in src/config.h and + clarify ISC integration status in Debian readme. (closes: #364250) + + -- Simon Kelley Tue, 18 Apr 2006 10:26:12 +0000 + +dnsmasq (2.28-1) unstable; urgency=low + + * New upstream. (closes: #359956) (closes: #362499) + * Added firestarter info to FAQ. (closes: #359139) + + -- Simon Kelley Tue, 14 Mar 2006 19:20:12 +0000 + +dnsmasq (2.27-1) unstable; urgency=low + + * New upstream. + * Workaround buggy Microsoft DHCP clients. (closes: #355008) + + -- Simon Kelley Wed, 1 Feb 2006 17:05:12 +0000 + +dnsmasq (2.26-1) unstable; urgency=high + + * New upstream. (Fixes possible crash in 2.25, hence urgency). + + -- Simon Kelley Sun, 22 Jan 2006 11:05:22 +0000 + +dnsmasq (2.25-1) unstable; urgency=low + + * Remove bashisms in postinst and prerm scripts. + * Remove misconcieved dependency on locales. + * Depend on adduser. + + -- Simon Kelley Thu, 01 Dec 2005 21:02:12 +0000 + +dnsmasq (2.24-1) unstable; urgency=low + + * New upstream. (closes: #330422) + * Fix typo and clean up dnsmasq.conf (closes: #326057) (closes: #304446) + * Add build support for I18N and gettext. + * Fixed manpage typos. (closes: #336413) + * Create a dnsmasq-unique userid for the daemon to run as. (closes: #338353) + + -- Simon Kelley Sat, 03 Sep 2005 20:02:32 +0000 + +dnsmasq (2.23-1) unstable; urgency=low + + * New upstream. (closes: #302501) (closes: #315794) + * Fix manpage typos. (closes: #304984) + * Add support for DNSMASQ_EXCEPT in /etc/defaults/dnsmasq. + putting "lo" in this also disables resolvconf support. + * No longer delete pre-existing /etc/init.d symlinks. The + change in default runlevels which neccesitated this + is now ancient history and anyway the startup script now + behaves when called twice. (closes: #312111) + * Tightened config-file parser. (closes: #317030) + + -- Simon Kelley Tue, 02 Aug 2005 13:17:22 +0000 + +dnsmasq (2.22-2) unstable; urgency=low + + * Make the resolv.conf polling code resistant to + backwards-moving system clocks. (closes: #306117) (closes: #300694) + + -- Simon Kelley Wed, 04 May 2005 13:25:23 +0000 + +dnsmasq (2.22-1) unstable; urgency=low + + * New upstream. + * Fixed broken-ness when read /etc/ethers. (closes: #301999) + + -- Simon Kelley Thur, 24 Mar 2005 17:10:13 +0000 + +dnsmasq (2.21-1) unstable; urgency=low + + * New upstream. + + -- Simon Kelley Sat, 29 Jan 2005 16:05:13 +0000 + +dnsmasq (2.20-1) unstable; urgency=low + + * New upstream. + * Fix shadowed CNAME-target problem. (closes: #286654) + * Add --localise-queries option. (closes: #291367) + + -- Simon Kelley Fri, 17 Dec 2004 17:35:23 +0000 + +dnsmasq (2.19-1) unstable; urgency=high + + * New upstream. + * Fix another IPv6 interface enumeration problem. (closes: #285182) + * Uploading at high priority since 285182 is really RC. + + -- Simon Kelley Sat, 11 Dec 2004 20:39:33 +0000 + +dnsmasq (2.18-2) unstable; urgency=low + + * Revert startup to not start from rcS. Starting in rcS + * causes problems if interfaces are not available at that + * point. Users who need this facility should manually + * make rcS.d symlinks. (closes: #283239) + + -- Simon Kelley Sat, 27 Nov 2004 16:33:12 +0000 + +dnsmasq (2.18-1) unstable; urgency=low + + * New upstream. + * Reset cache statistics when clearing the cache. (closes: #281817) + * Fix problems with bind-interfaces and IPv6. (closes: #282192) + * Fix problems upgrading when restarting dnsmasq fails. + + -- Simon Kelley Tue, 16 Nov 2004 17:33:32 +0000 + +dnsmasq (2.17-1) unstable; urgency=high + + * New upstream - fixes crash, hence high urgency. + * Clarified log message when a record in /etc/hosts + and a DHCP name clash. (closes: #275420) + * Start dnsmasq just before portmap and nfs mounts from rcS.d + DNS is required at this stage to use the net. (closes: #280434) + * Make "bind-interfaces" apply to IPv6 interfaces. (closes: #278492) + * Allow a list if interfaces as arg to the --interface and + --except-interface options. (closes: #279063) + + -- Simon Kelley Tue, 26 Oct 2004 20:39:33 +0000 + +dnsmasq (2.16-2) unstable; urgency=high + + * Rename variable in cache.c which clashes with C headers + under gcc-3.4 (closes: #277893) + + -- Simon Kelley Mon, 25 Oct 2004 16:03:24 +0000 + +dnsmasq (2.16-1) unstable; urgency=high + + * New upstream. + * Fixes interaction with Linux 2.4.x and 2.6.x not-quite-POSIX + select behavior, which can cause hangs when receiving UDP + packets with bad checksum. + * Fix bad interaction with polipo. (closes: #275754) + * Cache CNAMEs better. (closes: #276289) + + -- Simon Kelley Mon, 04 Oct 2004 15:25:44 +0000 + +dnsmasq (2.15-1) unstable; urgency=low + + * New upstream. + * Fix NXDOMAIN/NODATA confusion for locally known names. (closes: #271564) + + -- Simon Kelley Wed, 15 Sep 2004 15:01:44 +0000 + +dnsmasq (2.14-1) unstable; urgency=low + + * New upstream. + + -- Simon Kelley Sat, 28 Aug 2004 20:39:33 +0000 + +dnsmasq (2.13-1) unstable; urgency=high + + * New upstream - fixes crash. (closes #265313) + + -- Simon Kelley Thur, 12 Aug 2004 12:45:23 +0000 + +dnsmasq (2.12-1) unstable; urgency=low + + * New upstream. + * Log types of incoming queries (closes: #230123). + * Don't set "filterwin2k" by default in the included + config file - it breaks SRV lookups and Kerberos. + + -- Simon Kelley Sun, 8 Aug 2004 19:58:13 +0000 + +dnsmasq (2.11-1) unstable; urgency=low + + * New upstream. + + -- Simon Kelley Wed, 28 July 2004 21:59:33 +0000 + +dnsmasq (2.10-1) unstable; urgency=low + + * New upstream. + * Allow query-port less than 1024 (closes: #236586) + * Change behaviour of --bogus-priv (closes: #254711) + * Match existing leases by MAC address when a client stops + using client-id or they get suppressed by dnsmasq. (closes: #258519) + + -- Simon Kelley Thur, 24 June 2004 20:55:42 +0000 + +dnsmasq (2.9-2) unstable; urgency=low + + * Fix typo in debian/control (closes: #255762) + + -- Simon Kelley Wed, 23 Jun 2004 20:40:13 +0000 + +dnsmasq (2.9-1) unstable; urgency=low + + * New upstream. + * New version has improved server selection logic (closes: #251097) + * Improved initscript (closes: #252229) + * Conflict with old resolvconf versions to maintain compatibility. + * Updated README.debian (closes: #253429) + * Changed startup message to mention DHCP as well as DNS. + * New resolvconf update script (closes: #254765) + + -- Simon Kelley Wed, 26 May 2004 12:35:23 +0000 + +dnsmasq (2.8-1) unstable; urgency=low + + * New upstream. + * Fixes problem with zero-length hostnames which can lose + DHCP leases over a restart. (closes: #248829) + + -- Simon Kelley Thur, 13 May 2004 18:40:12 +0000 + +dnsmasq (2.7-2) unstable; urgency=low + + * New version of resolvconf script from Thomas Hood with the + following changes: (closes: #247695) + * Doesn't include nameservers listed in the lo.inet or lo.inet6 interface + records created by "ifup lo" + * Lists addresses in a specified order (by interface name) + * Eliminates duplicate nameserver addresses + * Updates /var/run/dnsmasq/resolv.conf atomically + * Doesn't generate empty lines + + -- Simon Kelley Tue, 11 May 2004 22:35:12 +0000 + +dnsmasq (2.7-1) unstable; urgency=low + + * New upstream. + + -- Simon Kelley Sun, 18 Apr 2004 20:00:23 +0000 + +dnsmasq (2.6-3) unstable; urgency=low + + * Removed reload command from start script and moved force-reload + to be equivalent to restart. This is needed to be policy compliant + since SIHGUP doesn't cause dnsmasq to reload its configuration file, + only the /etc/hosts, /etc/resolv.conf etc. (closes: #244208) + + -- Simon Kelley Sun, 18 Apr 2004 14:40:51 +0000 + +dnsmasq (2.6-2) unstable; urgency=low + + * Added Conflict with pdnsd (closes: #242731). + Rationale: dnsmasq used to conflict with all the DNS servers + in Debian, but that was removed because some people wished + to run with dnsmasq listening on one interface and another DNS + server listening on another interface. However AFAIK it is not + possible to make pdnsd listen on a subset of a hosts interfaces, + so there is no scenario where running pdnsd and dnsmasq on the same + host would be useful, hence the conflict goes back. + * Added note about the --bind-interfaces option to + readme.Debian (closes: #241700) + + -- Simon Kelley Tues, 13 Apr 2004 18:37:55 +0000 + +dnsmasq (2.6-1) unstable; urgency=low + + * New upstream. + * New version adds back ability to read ISC dhcpd lease files + for backwards compatibility. (closes: #229684) (closes: #236421) + * Fix parsing of # characters in options file. (closes: #241199) + + -- Simon Kelley Sun, 21 Mar 2004 19:59:25 +0000 + +dnsmasq (2.5-1) unstable; urgency=low + + * New upstream, includes fix for IP-alias related + problem. (closes: #238268) + + -- Simon Kelley Sun, 14 Mar 2004 08:32:43 +0000 + +dnsmasq (2.4-3) unstable; urgency=low + + * Fixed "bind-interfaces" option, even when + an "interface" option is given also. + + -- Simon Kelley Fri, 12 Mar 2004 08:14:23 +0000 + +dnsmasq (2.4-2) unstable; urgency=low + + * Fixed "bind-interfaces" option (closes: #237543). + + -- Simon Kelley Fri, 12 Mar 2004 07:30:25 +0000 + +dnsmasq (2.4-1) unstable; urgency=low + + * New upstream. + + -- Simon Kelley Thurs, 11 Mar 2004 07:59:55 +0000 + +dnsmasq (2.3-1) unstable; urgency=low + + * New upstream. + + -- Simon Kelley Tues, 03 Feb 2004 20:33:10 +0000 + +dnsmasq (2.2-1) unstable; urgency=low + + * New upstream. (fixes no DHCP with IPv6 problem) + * Restart (old) daemon on abort-upgrade. (closes: #230286) + + -- Simon Kelley Fri, 30 Jan 2004 10:23:00 +0000 + +dnsmasq (2.1-1) unstable; urgency=low + + * New upstream. + * Allow addresses in /etc/hosts to be used for + DHCP leases (closes: #229681) + * Fix lease time processing. (closes: #229682) (closes: #229687) + * Fix example conf file. (closes: #229683) (closes: #229701) + * Allow address 0.0.0.0 to mean "self" in dhcp-option. (closes: #229685) + * Cope with ENODEV return from bind of + IPv6 server socket (closes: #229607) + * Document the strict-order option in dnsmasq.conf (closes: #229272) + * Fix local-only domain setting. (closes: #229846) + * Updates Debian readme to mention resolvconf and point at the + local copy of RFC2132. + + -- Simon Kelley Fri, 23 Jan 2004 14:38:29 +0000 + +dnsmasq (2.0-1) unstable; urgency=low + + * New upstream: This removes the ability to read the + the leases file of ISC DHCP and replaces it with a built-in + DHCP server. Apologies in advance for breaking backwards + compatibilty, but this replaces a bit of a hack (the ISC stuff) + with a nicely engineered and much more apropriate solution. + Wearing my upstream-maintainer hat, I want to lose the hack now, + rather than have to support it into Sarge. + * New upstream closes some bugs since they become + irrelevant. (closes: #197295) + * Ensure that /var/run and /var/lib/misc exist. + * Remove sed dependency, which was a mistake. + * Remove extraneous "build" file. (closes: #226994) + + -- Simon Kelley Sun, 16 Jan 2004 19:35:49 +0000 + +dnsmasq (1.18-2) unstable; urgency=low + + * Fixed manpage typo (closes: #220961) + * Added dependency for sed. (closes: #222401) + * Check for complete resolvconf installation before + calling it. (closes: #223442) + * Added Links section to doc.html + + -- Simon Kelley Sat, 27 Dec 2003 20:21:15 +0000 + +dnsmasq (1.18-1) unstable; urgency=low + + * New upstream which does round-robin. (closes: #215460) + * Removed conflicts with other dns servers since it is now + possible to control exactly where dnsmasq listens on multi-homed + hosts, making co-existance with another nameserver + a viable proposition. (closes #176163) + * New upstream allows _ in hostnames and check for illegal + names in /etc/hosts. (closes: #218842) + + -- Simon Kelley Fri, 17 Oct 2003 16:23:14 +0000 + +dnsmasq (1.17-1) unstable; urgency=high + + * New upstream (closes: #212680) + + -- Simon Kelley Wed, 8 Oct 2003 14:38:29 +0000 + +dnsmasq (1.16-1) unstable; urgency=low + + * New upstream. + * Renamed Debian README to the standard README.Debian. (closes: #211577) + * Updated the installed /etc/dnsmasq.conf to reflect new options. + + -- Simon Kelley Tues, 16 Sep 2003 23:18:59 +0000 + +dnsmasq (1.15-1) unstable; urgency=low + + * New upstream. + + -- Simon Kelley Tues, 16 Sep 2003 21:48:49 +0000 + +dnsmasq (1.14-1) unstable; urgency=low + + * New upstream. + * Use invoke-rc.d in postinst and prerm scripts when available. + * Stop dnsmasq later (at priority 85). (closes: #200625) + * Updated /etc/resolvconf/update.d/dnsmasq. (closes: #202609) + * Suggest resolvconf. (closes: #208093) + + -- Simon Kelley Tues, 2 Sep 2003 16:43:29 +0000 + +dnsmasq (1.13-4) unstable; urgency=high + + * Ignore failures in stopping existing dnsmasq + processes. (closes: #204127) (closes: #204129) + * Added download source to copyright. (closes: #206647) + + -- Simon Kelley Tues, 2 Sep 2003 15:28:28 +0000 + +dnsmasq (1.13-3) unstable; urgency=low + + * Moved /etc/resolvconf/update.d/dnsmasq script into this package. + * Don't call resolvconf from /etc/init.d/dnsmasq if dnsmasq fails + to start. (Patch from Thomas Hood.) + + -- Simon Kelley Mon, 7 Jul 2003 20:55:29 +0000 + +dnsmasq (1.13-2) unstable; urgency=low + + * Added support for the resolvconf nameserver configuration package. + + -- Simon Kelley Sun, 22 Jun 2003 20:30:19 +0000 + +dnsmasq (1.13-1) unstable; urgency=low + + * New upstream. + * Added new options to the default dnsmasq.conf. + * Default config now reads /var/lib/dhcp/dhcp.leases (closes: #195185) + * Added option to disable negative caching. (closes: #194274) + * Added David Coe's query port patch. (closes: #196578) + + -- Simon Kelley Sat, 31 May 2003 18:10:29 +0000 + +dnsmasq (1.12-1) unstable; urgency=low + + * New upstream. + * Added examples of "local" and "address" options to dnsmasq.conf. + * Remove /usr/doc symlink code. + * Remove period from end of description field. + + -- Simon Kelley Sat, 8 Mar 2003 12:16:09 +0000 + +dnsmasq (1.11-2) unstable; urgency=low + + * Fixed thinko in example dnsmasq.conf. (closes: #180410) + + -- Simon Kelley Mon, 24 Feb 2003 20:06:19 +0000 + +dnsmasq (1.11-1) unstable; urgency=low + + * New uptream. + + -- Simon Kelley Tues, 12 Jan 2003 22:25:17 -0100 + +dnsmasq (1.10-1) unstable; urgency=low + + * New uptream. + * Force service to stop in postinst before restarting. I don't + understand the circumstances under which it would still be running at + this point, but this is the correct fix anyway. (closes: #169718) + * Add /etc/dnsmasq.conf as a conffile and add a comment to + /etc/default/dnsmasq deprecating its use and recommending + /etc/dnsmasq.conf instead, since upstream now supports this. + + -- Simon Kelley Mon, 9 Oct 2002 19:05:34 -0100 + +dnsmasq (1.9-1) unstable; urgency=low + + * New uptream. + + -- Simon Kelley Mon, 23 Sept 2002 21:35:07 -0100 + +dnsmasq (1.8-1) unstable; urgency=low + + * New upstream. + + -- Simon Kelley Mon, 12 Aug 2002 21:56:17 -0100 + +dnsmasq (1.7-1) unstable; urgency=low + + * New upstream including better group-id manipulation. (closes: #152212) + * Conflict with bind9 (closes: #151812) + * Added more options to startup script. (closes: #148535) + + -- Simon Kelley Sun, 14 July 2002 20:23:14 -0100 + +dnsmasq (1.6-1) unstable; urgency=low + + * New upstream. + * Fixed documentation typos. (closes: #144637) + * Fixed failure to remove package if daemon not running. (closes: #147083) + * Changed upload to tarball-and-diff. (closes: #144638) + + -- Simon Kelley Sun, 19 May 2002 22:30:17 -0100 + +dnsmasq (1.5-1) unstable; urgency=medium + + * New upstream (includes hotmail.com fix). + * Fixed DHCP lease file bug. (closes: #143778) + * Fixed failure of "reload" command in startup script (closes: #141021) + * Allow more than one interface name in the DNSMASQ_INTERFACE variable. + + -- Simon Kelley Sun, 14 Apr 2002 16:39:13 -0100 + +dnsmasq (1.4-2) unstable; urgency=low + + * Fixed snafu in startup script (closes: #139760) + + -- Simon Kelley Sun, 24 Mar 2002 23:06:18 +0000 + +dnsmasq (1.4-1) unstable; urgency=low + + * New upstream + + -- Simon Kelley Thurs, 7 Mar 2002 21:02:05 +0000 + +dnsmasq (1.3-1) unstable; urgency=low + + * New upstream + + -- Simon Kelley Fri, 15 Feb 2002 20:45:01 +0000 + +dnsmasq (1.2-4) unstable; urgency=low + + * Updated standards-version. + * More aggressive strip of binaries. + * Added depends: netbase. + * distribution->unstable for upload. + * Updated readme.Debian since config in /etc/default/dnsmasq now. + * Updated readme.Debian to reflect fact that this package is official now! + + -- Simon Kelley Fri, 15 Feb 2002 20:45:01 +0000 + +dnsmasq (1.2-3) stable; urgency=low + + * Added Suggests: and Conflicts: fields to control file. + + -- Simon Kelley Thurs, 14 Feb 2002 20:33:47 +0000 + +dnsmasq (1.2-2) stable; urgency=low + + * Many packaging fixes, to please lintian + * Added extended description. + * Fixed copyright file. + * Compressed everything in /usr/share/doc/dnsmasq. + * Added code to remove /usr/doc/dnsmasq to prerm script. + * Moved configuration from /etc/init.d/dnsmasq to /etc/default/dnsmasq + + -- Simon Kelley Sat, 02 Feb 2002 18:54:37 +0000 + +dnsmasq (1.2-1) stable; urgency=low + + * New upstream + * Added more options to startup script + + -- Simon Kelley Sat, 20 Dec 2001 21:15:07 +0000 + +dnsmasq (1.1-2) stable; urgency=low + + * New upstream + * Strip binary + * Moved manpage from section 1 to section 8 + + -- Simon Kelley Sat, 21 Oct 2001 17:32:04 -0100 + +dnsmasq (1.0-1) unstable; urgency=low + + * New upstream + + -- Simon Kelley Sat, 10 Oct 2001 15:52:06 -0100 + +dnsmasq (0.996-1) unstable; urgency=low + + * New upstream + + -- Simon Kelley Fri, 26 Oct 2001 10:32:06 -0100 + +dnsmasq (0.995-1) unstable; urgency=low + + * New upstream + + -- Simon Kelley Tue, 09 Oct 2001 16:39:07 -0100 + +dnsmasq (0.994-1) unstable; urgency=low + + * New upstream + + -- Simon Kelley Sat, 07 Oct 2001 15:45:04 -0100 + +dnsmasq (0.992-1) unstable; urgency=low + + * New upstream + + -- Simon Kelley Fri, 31 Aug 2001 16:17:00 -0100 + +dnsmasq (0.98-1) unstable; urgency=low + + * New upstream + + -- Simon Kelley Wed, 11 Jul 2001 11:31:00 -0100 + +dnsmasq (0.96-1) unstable; urgency=low + + * Fixed thinko in cache code.. + + -- Simon Kelley Sat, 07 Jul 2001 18:52:00 -0100 + +dnsmasq (0.95-1) unstable; urgency=low + + * Initial Release. + + -- Simon Kelley Sat, 29 Aug 1998 20:27:27 -0400 + --- dnsmasq-2.41.orig/debian/postrm +++ dnsmasq-2.41/debian/postrm @@ -0,0 +1,11 @@ +#!/bin/sh +set -e + +if [ purge = "$1" ]; then + update-rc.d dnsmasq remove >/dev/null + if [ -x "$(command -v deluser)" ]; then + deluser --quiet --system dnsmasq > /dev/null || true + else + echo >&2 "not removing dnsmasq system account because deluser command was not found" + fi +fi --- dnsmasq-2.41.orig/debian/init +++ dnsmasq-2.41/debian/init @@ -0,0 +1,215 @@ +#!/bin/sh +### BEGIN INIT INFO +# Provides: dnsmasq +# Required-Start: $network $remote_fs $syslog +# Required-Stop: $network $remote_fs $syslog +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Description: DHCP and DNS server +### END INIT INFO + +set +e # Don't exit on error status + +PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin +DAEMON=/usr/sbin/dnsmasq +NAME=dnsmasq +DESC="DNS forwarder and DHCP server" + +# Most configuration options in /etc/default/dnsmasq are deprecated +# but still honoured. + +ENABLED=1 +if [ -r /etc/default/$NAME ]; then + . /etc/default/$NAME +fi + +test "$ENABLED" != "0" || exit 0 +test -x $DAEMON || exit 0 + +. /lib/lsb/init-functions + +# RESOLV_CONF: +# If the resolvconf package is installed then use the resolv conf file +# that it provides as the default. Otherwise use /etc/resolv.conf as +# the default. +# +# This setting can be overridden by setting the RESOLV_CONF environment +# variable in /etc/default/dnsmasq or by including a resolv-file +# line in /etc/dnsmasq.conf . + +if [ ! "$RESOLV_CONF" ] && + [ -x /sbin/resolvconf ] +then + RESOLV_CONF=/var/run/dnsmasq/resolv.conf +fi + +for INTERFACE in $DNSMASQ_INTERFACE; do + DNSMASQ_INTERFACES="$DNSMASQ_INTERFACES -i $INTERFACE" +done + +for INTERFACE in $DNSMASQ_EXCEPT; do + DNSMASQ_INTERFACES="$DNSMASQ_INTERFACES -I $INTERFACE" +done + +if [ ! "$DNSMASQ_USER" ]; then + DNSMASQ_USER="dnsmasq" +fi + +start() +{ + # Return + # 0 if daemon has been started + # 1 if daemon was already running + # 2 if daemon could not be started + start-stop-daemon --start --quiet --pidfile /var/run/$NAME.pid --exec $DAEMON --test > /dev/null || return 1 + start-stop-daemon --start --quiet --pidfile /var/run/$NAME.pid --exec $DAEMON -- \ + ${MAILHOSTNAME:+ -m $MAILHOSTNAME} \ + ${MAILTARGET:+ -t $MAILTARGET} \ + ${DNSMASQ_USER:+ -u $DNSMASQ_USER} \ + ${DNSMASQ_INTERFACE:+ $DNSMASQ_INTERFACES} \ + ${DHCP_LEASE:+ -l $DHCP_LEASE} \ + ${DOMAIN_SUFFIX:+ -s $DOMAIN_SUFFIX} \ + ${RESOLV_CONF:+ -r $RESOLV_CONF} \ + ${CACHESIZE:+ -c $CACHESIZE} \ + ${DNSMASQ_OPTS:+ $DNSMASQ_OPTS} \ + || return 2 +} + +start_resolvconf() +{ +# If interface "lo" is explicitly disabled in /etc/default/dnsmasq +# Then dnsmasq won't be providing local DNS, so don't add it to +# the resolvconf server set. + for interface in $DNSMASQ_EXCEPT + do + [ $interface = lo ] && return + done + + if [ -x /sbin/resolvconf ] ; then + echo "nameserver 127.0.0.1" | /sbin/resolvconf -a lo.$NAME + fi + return 0 +} + +stop() +{ + # Return + # 0 if daemon has been stopped + # 1 if daemon was already stopped + # 2 if daemon could not be stopped + # other if a failure occurred + start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile /var/run/$NAME.pid --name $NAME + RETVAL="$?" + [ "$RETVAL" = 2 ] && return 2 + # Wait for children to finish too + start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON + [ "$?" = 2 ] && return 2 + rm -f /var/run/$NAME.pid # Doesn't delete its own pidfile + return "$RETVAL" +} + +stop_resolvconf() +{ + if [ -x /sbin/resolvconf ] ; then + /sbin/resolvconf -d lo.$NAME + fi + return 0 +} + +status() +{ + # Return + # 0 if daemon is running + # 1 if daemon is dead and pid file exists + # 3 if daemon is not running + # 4 if daemon status is unknown + start-stop-daemon --start --quiet --pidfile /var/run/$NAME.pid --exec $DAEMON --test > /dev/null + case "$?" in + 0) [ -e "/var/run/$NAME.pid" ] && return 1 ; return 3 ;; + 1) return 0 ;; + *) return 4 ;; + esac +} + +case "$1" in + start) + log_daemon_msg "Starting $DESC" "$NAME" + start + case "$?" in + 0) + log_end_msg 0 + start_resolvconf + exit 0 + ;; + 1) + log_warning_msg "(already running)" + log_end_msg 0 + exit 0 + ;; + *) + log_warning_msg "failed" + log_end_msg 1 + exit 1 + ;; + esac + ;; + stop) + stop_resolvconf + log_daemon_msg "Stopping $DESC" "$NAME" + stop + case "$?" in + 0) log_end_msg 0 ; exit 0 ;; + 1) log_warning_msg "not running" ; log_end_msg 0 ; exit 0 ;; + *) log_warning_msg "failed" ; log_end_msg 1 ; exit 1 ;; + esac + ;; + restart|force-reload) + stop_resolvconf + log_daemon_msg "Restarting $DESC" "$NAME" + stop + case "$?" in + 0|1) + start + case "$?" in + 0) + log_end_msg 0 + start_resolvconf + exit 0 + ;; + 1) + log_warning_msg "failed -- old process is still running" + log_end_msg 1 + exit 1 + ;; + *) + log_warning_msg "failed to start" + log_end_msg 1 + exit 1 + ;; + esac + ;; + *) + log_warning_msg "failed to stop" + log_end_msg 1 + exit 1 + ;; + esac + ;; + status) + log_daemon_msg "Checking $DESC" "$NAME" + status + case "$?" in + 0) log_warning_msg "running" ; log_end_msg 0; exit 0 ;; + 1) log_warning_msg "dead, pid file exists" ; log_end_msg 1; exit 1 ;; + 3) log_warning_msg "not running" ; log_end_msg 3; exit 3 ;; + *) log_warning_msg "unknown" ; log_end_msg 4; exit 4 ;; + esac + ;; + *) + echo "Usage: /etc/init.d/$NAME {start|stop|restart|force-reload|status}" >&2 + exit 3 + ;; +esac + +exit 0 + --- dnsmasq-2.41.orig/debian/postinst +++ dnsmasq-2.41/debian/postinst @@ -0,0 +1,29 @@ +#!/bin/sh +set -e + +# create a user to run as (code stolen from dovecot-common) +if [ "$1" = "configure" ]; then + if [ -z "`id -u dnsmasq 2> /dev/null`" ]; then + /usr/sbin/adduser --system --home /var/lib/misc --gecos "dnsmasq" \ + --no-create-home --disabled-password \ + --quiet dnsmasq || true + fi + +fi + +update-rc.d dnsmasq multiuser 15 85 >/dev/null + +if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ]; then + if [ -e /var/run/dnsmasq.pid ]; then + ACTION=restart + else + ACTION=start + fi + + if [ -x /usr/sbin/invoke-rc.d ] ; then + invoke-rc.d dnsmasq $ACTION || true + else + /etc/init.d/dnsmasq $ACTION || true + fi + +fi --- dnsmasq-2.41.orig/debian/copyright +++ dnsmasq-2.41/debian/copyright @@ -0,0 +1,20 @@ +dnsmasq is Copyright (c) 2000 - 2007 Simon Kelley + +It was downloaded from: http://www.thekelleys.org.uk/dnsmasq/ + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 dated June, 1991, or + (at your option) version 3 dated 29 June, 2007. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + +On Debian GNU/Linux systems, the text of the GNU general public license is +available in the file /usr/share/common-licenses/GPL + +The Debian package of dnsmasq was created by Simon Kelley with assistance +from Lars Bahner. + --- dnsmasq-2.41.orig/src/config.h +++ dnsmasq-2.41/src/config.h @@ -21,6 +21,7 @@ #define CHILD_LIFETIME 150 /* secs 'till terminated (RFC1035 suggests > 120s) */ #define EDNS_PKTSZ 1280 /* default max EDNS.0 UDP packet from RFC2671 */ #define TIMEOUT 10 /* drop UDP queries after TIMEOUT seconds */ +#define RANDOM_SOCKS 64 /* max simultaneous random ports */ #define LEASE_RETRY 60 /* on error, retry writing leasefile after LEASE_RETRY seconds */ #define CACHESIZ 150 /* default cache size */ #define MAXLEASES 150 /* maximum number of DHCP leases */ @@ -57,6 +58,7 @@ #define TFTP_PORT 69 #define TFTP_MAX_CONNECTIONS 50 /* max simultaneous connections */ #define LOG_MAX 5 /* log-queue length */ +#define RANDFILE "/dev/urandom" /* DBUS interface specifics */ #define DNSMASQ_SERVICE "uk.org.thekelleys.dnsmasq" @@ -132,19 +134,6 @@ define this if you have arc4random() to get better security from DNS spoofs by using really random ids (OpenBSD) -HAVE_RANDOM - define this if you have the 4.2BSD random() function (and its - associated srandom() function), which is at least as good as (if not - better than) the rand() function. - -HAVE_DEV_RANDOM - define this if you have the /dev/random device, which gives truly - random numbers but may run out of random numbers. - -HAVE_DEV_URANDOM - define this if you have the /dev/urandom device, which gives - semi-random numbers when it runs out of truly random numbers. - HAVE_SOCKADDR_SA_LEN define this if struct sockaddr has sa_len field (*BSD) @@ -157,9 +146,6 @@ For Linux you should define HAVE_LINUX_NETWORK HAVE_GETOPT_LONG - HAVE_RANDOM - HAVE_DEV_RANDOM - HAVE_DEV_URANDOM you should NOT define HAVE_ARC4RANDOM HAVE_SOCKADDR_SA_LEN @@ -167,12 +153,8 @@ For *BSD systems you should define HAVE_BSD_NETWORK HAVE_SOCKADDR_SA_LEN - HAVE_RANDOM and you MAY define HAVE_ARC4RANDOM - OpenBSD and FreeBSD and NetBSD version 2.0 or later - HAVE_DEV_URANDOM - OpenBSD and FreeBSD and NetBSD - HAVE_DEV_RANDOM - FreeBSD and NetBSD - (OpenBSD with hardware random number generator) HAVE_GETOPT_LONG - NetBSD, later FreeBSD (FreeBSD and OpenBSD only if you link GNU getopt) @@ -200,9 +182,6 @@ #define HAVE_LINUX_NETWORK #define HAVE_GETOPT_LONG #undef HAVE_ARC4RANDOM -#define HAVE_RANDOM -#define HAVE_DEV_URANDOM -#define HAVE_DEV_RANDOM #undef HAVE_SOCKADDR_SA_LEN /* Never use fork() on uClinux. Note that this is subtly different from the --keep-in-foreground option, since it also suppresses forking new @@ -219,9 +198,6 @@ # undef HAVE_GETOPT_LONG #endif #undef HAVE_ARC4RANDOM -#define HAVE_RANDOM -#define HAVE_DEV_URANDOM -#define HAVE_DEV_RANDOM #undef HAVE_SOCKADDR_SA_LEN #if !defined(__ARCH_HAS_MMU__) && !defined(__UCLIBC_HAS_MMU__) # define NO_FORK @@ -237,9 +213,6 @@ #define HAVE_LINUX_NETWORK #define HAVE_GETOPT_LONG #undef HAVE_ARC4RANDOM -#define HAVE_RANDOM -#define HAVE_DEV_URANDOM -#define HAVE_DEV_RANDOM #undef HAVE_SOCKADDR_SA_LEN /* glibc < 2.2 has broken Sockaddr_in6 so we have to use our own. */ /* glibc < 2.2 doesn't define in_addr_t */ @@ -258,16 +231,12 @@ # undef HAVE_GETOPT_LONG #endif #define HAVE_ARC4RANDOM -#define HAVE_RANDOM -#define HAVE_DEV_URANDOM #define HAVE_SOCKADDR_SA_LEN #elif defined(__APPLE__) #define HAVE_BSD_NETWORK #undef HAVE_GETOPT_LONG #define HAVE_ARC4RANDOM -#define HAVE_RANDOM -#define HAVE_DEV_URANDOM #define HAVE_SOCKADDR_SA_LEN /* Define before sys/socket.h is included so we get socklen_t */ #define _BSD_SOCKLEN_T_ @@ -278,9 +247,6 @@ #define HAVE_BSD_NETWORK #define HAVE_GETOPT_LONG #undef HAVE_ARC4RANDOM -#define HAVE_RANDOM -#define HAVE_DEV_URANDOM -#define HAVE_DEV_RANDOM #define HAVE_SOCKADDR_SA_LEN #elif defined(__sun) || defined(__sun__) @@ -304,10 +270,8 @@ # define CMSG_SPACE(len) (__CMSG_ALIGN(sizeof(struct cmsghdr)) + __CMSG_ALIGN(len)) #endif #undef HAVE_ARC4RANDOM -#define HAVE_RANDOM -#undef HAVE_DEV_URANDOM -#undef HAVE_DEV_RANDOM #undef HAVE_SOCKADDR_SA_LEN + #define _XPG4_2 #define __EXTENSIONS__ #define ETHER_ADDR_LEN 6 --- dnsmasq-2.41.orig/src/forward.c +++ dnsmasq-2.41/src/forward.c @@ -16,14 +16,13 @@ #include "dnsmasq.h" -static struct frec *frec_list = NULL; - static struct frec *lookup_frec(unsigned short id, unsigned int crc); static struct frec *lookup_frec_by_sender(unsigned short id, union mysockaddr *addr, unsigned int crc); static unsigned short get_id(int force, unsigned short force_id, unsigned int crc); - +static void free_frec(struct frec *f); +static struct randfd *allocate_rfd(int family); /* Send a UDP packet with its source address set as "source" unless nowild is true, when we just send it with the kernel default */ @@ -290,7 +289,32 @@ (type != SERV_HAS_DOMAIN || hostname_isequal(domain, start->domain)) && !(start->flags & SERV_LITERAL_ADDRESS)) { - if (sendto(start->sfd->fd, (char *)header, plen, 0, + int fd; + + /* find server socket to use, may need to get random one. */ + if (start->sfd) + fd = start->sfd->fd; + else + { +#ifdef HAVE_IPV6 + if (start->addr.sa.sa_family == AF_INET6) + { + if (!forward->rfd6 && + !(forward->rfd6 = allocate_rfd(AF_INET6))) + break; + fd = forward->rfd6->fd; + } + else +#endif + { + if (!forward->rfd4 && + !(forward->rfd4 = allocate_rfd(AF_INET))) + break; + fd = forward->rfd4->fd; + } + } + + if (sendto(fd, (char *)header, plen, 0, &start->addr.sa, sa_len(&start->addr)) == -1) { @@ -336,7 +360,7 @@ /* could not send on, prepare to return */ header->id = htons(forward->orig_id); - forward->sentto = NULL; /* cancel */ + free_frec(forward); /* cancel */ } /* could not send on, return empty answer or address if known for whole domain */ @@ -428,7 +452,7 @@ } /* sets new last_server */ -void reply_query(struct serverfd *sfd, time_t now) +void reply_query(int fd, int family, time_t now) { /* packet from peer server, extract data for cache, and send to original requester */ @@ -436,91 +460,101 @@ union mysockaddr serveraddr; struct frec *forward; socklen_t addrlen = sizeof(serveraddr); - ssize_t n = recvfrom(sfd->fd, daemon->packet, daemon->edns_pktsz, 0, &serveraddr.sa, &addrlen); + ssize_t n = recvfrom(fd, daemon->packet, daemon->edns_pktsz, 0, &serveraddr.sa, &addrlen); size_t nn; - + struct server *server; + /* packet buffer overwritten */ daemon->srv_save = NULL; /* Determine the address of the server replying so that we can mark that as good */ - serveraddr.sa.sa_family = sfd->source_addr.sa.sa_family; + serveraddr.sa.sa_family = family; #ifdef HAVE_IPV6 if (serveraddr.sa.sa_family == AF_INET6) serveraddr.in6.sin6_flowinfo = 0; #endif + /* spoof check: answer must come from known server, */ + for (server = daemon->servers; server; server = server->next) + if (!(server->flags & (SERV_LITERAL_ADDRESS | SERV_NO_ADDR)) && + sockaddr_isequal(&server->addr, &serveraddr)) + break; + header = (HEADER *)daemon->packet; - if (n >= (int)sizeof(HEADER) && header->qr && - (forward = lookup_frec(ntohs(header->id), questions_crc(header, n, daemon->namebuff)))) - { - struct server *server = forward->sentto; - - if ((header->rcode == SERVFAIL || header->rcode == REFUSED) && - !(daemon->options & OPT_ORDER) && - forward->forwardall == 0) - /* for broken servers, attempt to send to another one. */ + if (!server || + n < (int)sizeof(HEADER) || !header->qr || + !(forward = lookup_frec(ntohs(header->id), questions_crc(header, n, daemon->namebuff)))) + return; + + server = forward->sentto; + + if ((header->rcode == SERVFAIL || header->rcode == REFUSED) && + !(daemon->options & OPT_ORDER) && + forward->forwardall == 0) + /* for broken servers, attempt to send to another one. */ + { + unsigned char *pheader; + size_t plen; + int is_sign; + + /* recreate query from reply */ + pheader = find_pseudoheader(header, (size_t)n, &plen, NULL, &is_sign); + if (!is_sign) { - unsigned char *pheader; - size_t plen; - int is_sign; - - /* recreate query from reply */ - pheader = find_pseudoheader(header, (size_t)n, &plen, NULL, &is_sign); - if (!is_sign) + header->ancount = htons(0); + header->nscount = htons(0); + header->arcount = htons(0); + if ((nn = resize_packet(header, (size_t)n, pheader, plen))) { - header->ancount = htons(0); - header->nscount = htons(0); - header->arcount = htons(0); - if ((nn = resize_packet(header, (size_t)n, pheader, plen))) - { - header->qr = 0; - header->tc = 0; - forward_query(-1, NULL, NULL, 0, header, nn, now, forward); - return; - } + header->qr = 0; + header->tc = 0; + forward_query(-1, NULL, NULL, 0, header, nn, now, forward); + return; } - } - - if ((forward->sentto->flags & SERV_TYPE) == 0) - { - if (header->rcode == SERVFAIL || header->rcode == REFUSED) - server = NULL; - else - { - struct server *last_server; - /* find good server by address if possible, otherwise assume the last one we sent to */ - for (last_server = daemon->servers; last_server; last_server = last_server->next) - if (!(last_server->flags & (SERV_LITERAL_ADDRESS | SERV_HAS_DOMAIN | SERV_FOR_NODOTS | SERV_NO_ADDR)) && - sockaddr_isequal(&last_server->addr, &serveraddr)) - { - server = last_server; - break; - } - } - if (!(daemon->options & OPT_ALL_SERVERS)) - daemon->last_server = server; } - - /* If the answer is an error, keep the forward record in place in case - we get a good reply from another server. Kill it when we've - had replies from all to avoid filling the forwarding table when - everything is broken */ - if (forward->forwardall == 0 || --forward->forwardall == 1 || - (header->rcode != REFUSED && header->rcode != SERVFAIL)) + } + + if ((forward->sentto->flags & SERV_TYPE) == 0) + { + if (header->rcode == SERVFAIL || header->rcode == REFUSED) + server = NULL; + else { - if ((nn = process_reply(header, now, server, (size_t)n))) - { - header->id = htons(forward->orig_id); - header->ra = 1; /* recursion if available */ - send_from(forward->fd, daemon->options & OPT_NOWILD, daemon->packet, nn, - &forward->source, &forward->dest, forward->iface); - } - forward->sentto = NULL; /* cancel */ + struct server *last_server; + + /* find good server by address if possible, otherwise assume the last one we sent to */ + for (last_server = daemon->servers; last_server; last_server = last_server->next) + if (!(last_server->flags & (SERV_LITERAL_ADDRESS | SERV_HAS_DOMAIN | SERV_FOR_NODOTS | SERV_NO_ADDR)) && + sockaddr_isequal(&last_server->addr, &serveraddr)) + { + server = last_server; + break; + } + } + if (!(daemon->options & OPT_ALL_SERVERS)) + daemon->last_server = server; + } + + /* If the answer is an error, keep the forward record in place in case + we get a good reply from another server. Kill it when we've + had replies from all to avoid filling the forwarding table when + everything is broken */ + if (forward->forwardall == 0 || --forward->forwardall == 1 || + (header->rcode != REFUSED && header->rcode != SERVFAIL)) + { + if ((nn = process_reply(header, now, server, (size_t)n))) + { + header->id = htons(forward->orig_id); + header->ra = 1; /* recursion if available */ + send_from(forward->fd, daemon->options & OPT_NOWILD, daemon->packet, nn, + &forward->source, &forward->dest, forward->iface); } + free_frec(forward); /* cancel */ } } + void receive_query(struct listener *listen, time_t now) { HEADER *header = (HEADER *)daemon->packet; @@ -854,34 +888,99 @@ if ((f = (struct frec *)whine_malloc(sizeof(struct frec)))) { - f->next = frec_list; + f->next = daemon->frec_list; f->time = now; f->sentto = NULL; - frec_list = f; + f->rfd4 = NULL; +#ifdef HAVE_IPV6 + f->rfd6 = NULL; +#endif + daemon->frec_list = f; } return f; } +static struct randfd *allocate_rfd(int family) +{ + static int finger = 0; + int i; + + /* limit the number of sockets we have open to avoid starvation of + (eg) TFTP. Once we have a reasonable number, randomness should be OK */ + + for (i = 0; i < RANDOM_SOCKS; i++) + if (daemon->randomsocks[i].refcount == 0 && + (daemon->randomsocks[i].fd = random_sock(family)) != -1) + { + daemon->randomsocks[i].refcount = 1; + daemon->randomsocks[i].family = family; + return &daemon->randomsocks[i]; + } + + /* No free ones, grab an existing one */ + for (i = 0; i < RANDOM_SOCKS; i++) + { + int j = (i+finger) % RANDOM_SOCKS; + if (daemon->randomsocks[j].family == family && daemon->randomsocks[j].refcount != 0xffff) + { + finger = j; + daemon->randomsocks[j].refcount++; + return &daemon->randomsocks[j]; + } + } + + return NULL; /* doom */ +} + +static void free_frec(struct frec *f) +{ + if (f->rfd4 && --(f->rfd4->refcount) == 0) + close(f->rfd4->fd); + + f->rfd4 = NULL; + f->sentto = NULL; + +#ifdef HAVE_IPV6 + if (f->rfd6 && --(f->rfd6->refcount) == 0) + close(f->rfd6->fd); + + f->rfd6 = NULL; +#endif +} + /* if wait==NULL return a free or older than TIMEOUT record. else return *wait zero if one available, or *wait is delay to - when the oldest in-use record will expire. */ + when the oldest in-use record will expire. Impose an absolute + limit of 4*TIMEOUT before we wipe things (for random sockets) */ struct frec *get_new_frec(time_t now, int *wait) { - struct frec *f, *oldest; + struct frec *f, *oldest, *target; int count; if (wait) *wait = 0; - for (f = frec_list, oldest = NULL, count = 0; f; f = f->next, count++) + for (f = daemon->frec_list, oldest = NULL, target = NULL, count = 0; f; f = f->next, count++) if (!f->sentto) + target = f; + else { - f->time = now; - return f; + if (difftime(now, f->time) >= 4*TIMEOUT) + { + free_frec(f); + target = f; + } + + if (!oldest || difftime(f->time, oldest->time) <= 0) + oldest = f; } - else if (!oldest || difftime(f->time, oldest->time) <= 0) - oldest = f; + + if (target) + { + target->time = now; + return target; + } /* can't find empty one, use oldest if there is one and it's older than timeout */ @@ -896,7 +995,7 @@ if (!wait) { - oldest->sentto = 0; + free_frec(oldest); oldest->time = now; } return oldest; @@ -922,7 +1021,7 @@ { struct frec *f; - for(f = frec_list; f; f = f->next) + for(f = daemon->frec_list; f; f = f->next) if (f->sentto && f->new_id == id && (f->crc == crc || crc == 0xffffffff)) return f; @@ -936,7 +1035,7 @@ { struct frec *f; - for(f = frec_list; f; f = f->next) + for(f = daemon->frec_list; f; f = f->next) if (f->sentto && f->orig_id == id && f->crc == crc && @@ -951,9 +1050,9 @@ { struct frec *f; - for (f = frec_list; f; f = f->next) + for (f = daemon->frec_list; f; f = f->next) if (f->sentto && f->sentto == server) - f->sentto = NULL; + free_frec(f); if (daemon->last_server == server) daemon->last_server = NULL; @@ -974,7 +1073,7 @@ { struct frec *f = lookup_frec(force_id, crc); if (f) - f->sentto = NULL; /* free */ + free_frec(f); /* free */ ret = force_id; } else do --- dnsmasq-2.41.orig/src/dnsmasq.c +++ dnsmasq-2.41/src/dnsmasq.c @@ -99,7 +99,7 @@ daemon->packet_buff_sz = daemon->edns_pktsz > DNSMASQ_PACKETSZ ? daemon->edns_pktsz : DNSMASQ_PACKETSZ; daemon->packet = safe_malloc(daemon->packet_buff_sz); - + if (!daemon->lease_file) { if (daemon->dhcp) @@ -137,6 +137,8 @@ die(_("asychronous logging is not available under Solaris"), NULL, EC_BADCONF); #endif + rand_init(); + now = dnsmasq_time(); if (daemon->dhcp) @@ -181,7 +183,7 @@ if (daemon->port != 0) cache_init(); - + if (daemon->options & OPT_DBUS) #ifdef HAVE_DBUS { @@ -828,7 +830,15 @@ FD_SET(serverfdp->fd, set); bump_maxfd(serverfdp->fd, maxfdp); } - + + if (daemon->port != 0 && !daemon->osport) + for (i = 0; i < RANDOM_SOCKS; i++) + if (daemon->randomsocks[i].refcount != 0) + { + FD_SET(daemon->randomsocks[i].fd, set); + bump_maxfd(daemon->randomsocks[i].fd, maxfdp); + } + for (listener = daemon->listeners; listener; listener = listener->next) { /* only listen for queries if we have resources */ @@ -865,17 +875,24 @@ static void check_dns_listeners(fd_set *set, time_t now) { struct serverfd *serverfdp; - struct listener *listener; - + struct listener *listener; + int i; + for (serverfdp = daemon->sfds; serverfdp; serverfdp = serverfdp->next) if (FD_ISSET(serverfdp->fd, set)) - reply_query(serverfdp, now); + reply_query(serverfdp->fd, serverfdp->source_addr.sa.sa_family, now); + + if (daemon->port != 0 && !daemon->osport) + for (i = 0; i < RANDOM_SOCKS; i++) + if (daemon->randomsocks[i].refcount != 0 && + FD_ISSET(daemon->randomsocks[i].fd, set)) + reply_query(daemon->randomsocks[i].fd, daemon->randomsocks[i].family, now); for (listener = daemon->listeners; listener; listener = listener->next) { if (listener->fd != -1 && FD_ISSET(listener->fd, set)) receive_query(listener, now); - + #ifdef HAVE_TFTP if (listener->tftpfd != -1 && FD_ISSET(listener->tftpfd, set)) tftp_request(listener, now); --- dnsmasq-2.41.orig/src/util.c +++ dnsmasq-2.41/src/util.c @@ -16,82 +16,88 @@ /* Some code in this file contributed by Rob Funk. */ +/* The SURF random number generator was taken from djbdns-1.05, by + Daniel J Berstein, which is public domain. */ + + #include "dnsmasq.h" #ifdef HAVE_BROKEN_RTC #include #endif -/* Prefer arc4random(3) over random(3) over rand(3) */ -/* Also prefer /dev/urandom over /dev/random, to preserve the entropy pool */ + #ifdef HAVE_ARC4RANDOM -# define rand() arc4random() -# define srand(s) (void)0 -# define RANDFILE (NULL) -#else -# ifdef HAVE_RANDOM -# define rand() random() -# define srand(s) srandom(s) -# endif -# ifdef HAVE_DEV_URANDOM -# define RANDFILE "/dev/urandom" -# else -# ifdef HAVE_DEV_RANDOM -# define RANDFILE "/dev/random" -# else -# define RANDFILE (NULL) -# endif -# endif -#endif +void rand_init(void) +{ + return; +} unsigned short rand16(void) { - static int been_seeded = 0; - const char *randfile = RANDFILE; + return (unsigned short) (arc4random() >> 15); +} + +#else + +/* SURF random number generator */ + +typedef unsigned int uint32; + +static uint32 seed[32]; +static uint32 in[12]; +static uint32 out[8]; + +void rand_init() +{ + int fd = open(RANDFILE, O_RDONLY); - if (! been_seeded) - { - int fd, n = 0; - unsigned int c = 0, seed = 0, badseed; - char sbuf[sizeof(seed)]; - char *s; - struct timeval now; - - /* get the bad seed as a backup */ - /* (but we'd rather have something more random) */ - gettimeofday(&now, NULL); - badseed = now.tv_sec ^ now.tv_usec ^ (getpid() << 16); - - fd = open(randfile, O_RDONLY); - if (fd < 0) - seed = badseed; - else - { - s = (char *) &seed; - while ((c < sizeof(seed)) && - ((n = read(fd, sbuf, sizeof(seed)) > 0))) - { - memcpy(s, sbuf, n); - s += n; - c += n; - } - if (n < 0) - seed = badseed; - close(fd); - } + if (fd == -1 || + !read_write(fd, (unsigned char *)&seed, sizeof(seed), 1) || + !read_write(fd, (unsigned char *)&in, sizeof(in), 1)) + die(_("failed to seed the random number generator: %s"), NULL, EC_MISC); + + close(fd); +} - srand(seed); - been_seeded = 1; +#define ROTATE(x,b) (((x) << (b)) | ((x) >> (32 - (b)))) +#define MUSH(i,b) x = t[i] += (((x ^ seed[i]) + sum) ^ ROTATE(x,b)); + +static void surf(void) +{ + uint32 t[12]; uint32 x; uint32 sum = 0; + int r; int i; int loop; + + for (i = 0;i < 12;++i) t[i] = in[i] ^ seed[12 + i]; + for (i = 0;i < 8;++i) out[i] = seed[24 + i]; + x = t[11]; + for (loop = 0;loop < 2;++loop) { + for (r = 0;r < 16;++r) { + sum += 0x9e3779b9; + MUSH(0,5) MUSH(1,7) MUSH(2,9) MUSH(3,13) + MUSH(4,5) MUSH(5,7) MUSH(6,9) MUSH(7,13) + MUSH(8,5) MUSH(9,7) MUSH(10,9) MUSH(11,13) } - - /* Some rand() implementations have less randomness in low bits - * than in high bits, so we only pay attention to the high ones. - * But most implementations don't touch the high bit, so we - * ignore that one. - */ - return( (unsigned short) (rand() >> 15) ); + for (i = 0;i < 8;++i) out[i] ^= t[i + 4]; + } } +unsigned short rand16(void) +{ + static int outleft = 0; + + if (!outleft) { + if (!++in[0]) if (!++in[1]) if (!++in[2]) ++in[3]; + surf(); + outleft = 8; + } + + return (unsigned short) out[--outleft]; +} + +#endif + + int legal_char(char c) { /* check for legal char a-z A-Z 0-9 - --- dnsmasq-2.41.orig/src/netlink.c +++ dnsmasq-2.41/src/netlink.c @@ -241,7 +241,8 @@ { struct rtmsg *rtm = NLMSG_DATA(h); if (rtm->rtm_type == RTN_UNICAST && - rtm->rtm_scope == RT_SCOPE_LINK) + rtm->rtm_scope == RT_SCOPE_LINK && + daemon->srv_save->sfd) while(sendto(daemon->srv_save->sfd->fd, daemon->packet, daemon->packet_len, 0, &daemon->srv_save->addr.sa, sa_len(&daemon->srv_save->addr)) == -1 && retry_send()); } --- dnsmasq-2.41.orig/src/dnsmasq.h +++ dnsmasq-2.41/src/dnsmasq.h @@ -286,6 +286,11 @@ struct serverfd *next; }; +struct randfd { + int fd; + unsigned short refcount, family; +}; + struct server { union mysockaddr addr, source_addr; char interface[IF_NAMESIZE+1]; @@ -336,6 +341,10 @@ union mysockaddr source; struct all_addr dest; struct server *sentto; /* NULL means free */ + struct randfd *rfd4; +#ifdef HAVE_IPV6 + struct randfd *rfd6; +#endif unsigned int iface; unsigned short orig_id, new_id; int fd, forwardall; @@ -530,6 +539,7 @@ char *mxtarget; char *lease_file; char *username, *groupname; + int osport; char *domain_suffix; char *runfile; char *lease_change_command; @@ -563,6 +573,7 @@ int packet_buff_sz; /* size of above */ char *namebuff; /* MAXDNAME size buffer */ unsigned int local_answer, queries_forwarded; + struct frec *frec_list; struct serverfd *sfds; struct irec *interfaces; struct listener *listeners; @@ -570,7 +581,8 @@ struct server *srv_save; /* Used for resend on DoD */ size_t packet_len; /* " " */ pid_t tcp_pids[MAX_PROCS]; - + struct randfd randomsocks[RANDOM_SOCKS]; + /* DHCP state */ int dhcpfd, helperfd; #ifdef HAVE_LINUX_NETWORK @@ -636,6 +648,7 @@ unsigned char *pheader, size_t hlen); /* util.c */ +void rand_init(void); unsigned short rand16(void); int legal_char(char c); int canonicalise(char *s); @@ -674,7 +687,7 @@ void reread_dhcp(void); /* forward.c */ -void reply_query(struct serverfd *sfd, time_t now); +void reply_query(int fd, int family, time_t now); void receive_query(struct listener *listen, time_t now); unsigned char *tcp_request(int confd, time_t now, struct in_addr local_addr, struct in_addr netmask); @@ -683,6 +696,7 @@ /* network.c */ int local_bind(int fd, union mysockaddr *addr, char *intname, int is_tcp); +int random_sock(int family); void pre_allocate_sfds(void); int reload_servers(char *fname); void check_servers(void); --- dnsmasq-2.41.orig/src/option.c +++ dnsmasq-2.41/src/option.c @@ -1391,6 +1391,10 @@ case 'Q': /* --query-port */ if (!atoi_check(arg, &daemon->query_port)) option = '?'; + /* if explicitly set to zero, use single OS ephemeral port + and disable random ports */ + if (daemon->query_port == 0) + daemon->osport = 1; break; case 'T': /* --local-ttl */ --- dnsmasq-2.41.orig/src/network.c +++ dnsmasq-2.41/src/network.c @@ -441,6 +441,56 @@ return listeners; } + +/* return a UDP socket bound to a random port, have to coper with straying into + occupied port nos and reserved ones. */ +int random_sock(int family) +{ + int fd; + + if ((fd = socket(family, SOCK_DGRAM, 0)) != -1) + { + union mysockaddr addr; + + memset(&addr, 0, sizeof(addr)); + addr.in.sin_family = family; + + if (fix_fd(fd)) + while (1) + { + if (family == AF_INET) + { + addr.in.sin_addr.s_addr = INADDR_ANY; + addr.in.sin_port = rand16(); +#ifdef HAVE_SOCKADDR_SA_LEN + addr.in.sin_len = sizeof(struct sockaddr_in); +#endif + } +#ifdef HAVE_IPV6 + else + { + addr.in6.sin6_addr = in6addr_any; + addr.in6.sin6_port = rand16(); +#ifdef HAVE_SOCKADDR_SA_LEN + addr.in6.sin6_len = sizeof(struct sockaddr_in6); +#endif + } +#endif + + if (bind(fd, (struct sockaddr *)&addr, sa_len(&addr)) == 0) + return fd; + + if (errno != EADDRINUSE && errno != EACCES) + break; + } + + close(fd); + } + + return -1; +} + + int local_bind(int fd, union mysockaddr *addr, char *intname, int is_tcp) { union mysockaddr addr_copy = *addr; @@ -473,6 +523,25 @@ struct serverfd *sfd; int errsave; + /* when using random ports, servers which would otherwise use + the INADDR_ANY/port0 socket have sfd set to NULL */ + if (!daemon->osport) + { + errno = 0; + + if (addr->sa.sa_family == AF_INET && + addr->in.sin_addr.s_addr == INADDR_ANY && + addr->in.sin_port == htons(0)) + return NULL; + +#ifdef HAVE_IPV6 + if (addr->sa.sa_family == AF_INET6 && + memcmp(&addr->in6.sin6_addr, &in6addr_any, sizeof(in6addr_any)) == 0 && + addr->in6.sin6_port == htons(0)) + return NULL; +#endif + } + /* may have a suitable one already */ for (sfd = daemon->sfds; sfd; sfd = sfd->next ) if (sockaddr_isequal(&sfd->source_addr, addr) && @@ -538,6 +607,7 @@ for (srv = daemon->servers; srv; srv = srv->next) if (!(srv->flags & (SERV_LITERAL_ADDRESS | SERV_NO_ADDR)) && !allocate_sfd(&srv->source_addr, srv->interface) && + errno != 0 && (daemon->options & OPT_NOWILD)) { prettyprint_addr(&srv->addr, daemon->namebuff); @@ -585,7 +655,9 @@ } /* Do we need a socket set? */ - if (!new->sfd && !(new->sfd = allocate_sfd(&new->source_addr, new->interface))) + if (!new->sfd && + !(new->sfd = allocate_sfd(&new->source_addr, new->interface)) && + errno != 0) { my_syslog(LOG_WARNING, _("ignoring nameserver %s - cannot make/bind socket: %s"),