[PATCH] dnsmasq: Update to upstream version 2.91test8

Uwe Kleine-König uwe+openwrt at kleine-koenig.org
Tue Jan 21 13:42:02 PST 2025 

The motivating change for me included upstream is commit 8ce27433f8b2
("Handle DS queries to auth zones.") which fixes using a subzone of a
DNSSEC'd zone.

Two patches are dropped as these are included in the new upstream
release, the other two are rebased.

Signed-off-by: Uwe Kleine-König <uwe+openwrt at kleine-koenig.org>
---
Hello,

I use the domain kk4.kleine-koenig.org for my OpenWrt router. Since
kleine-koenig.org is DNSSEC signed, internal resolution in the
kk4.kleine-koenig.org zone fails when the resolver uses DNSSEC because
only with the above commit the kk4.kleine-koenig.org/DS query gets a
properly signed answer.

Upstream created this commit in reply of a bug report from me and on the
way found a few more fixes for corner cases. So updating to the test
release isn't only simpler than a backport but also (IMHO) more
sensible.

Ideally (for me) this would be fixed in OpenWrt 24.10.

Best regards
Uwe

 package/network/services/dnsmasq/Makefile     |  8 ++--
 ...ous-resource-limit-exceeded-messages.patch | 43 -------------------
 ...introduced-in-51471cafa5a4fa44d6fe49.patch | 31 -------------
 ...00-remove-old-runtime-kernel-support.patch |  8 ++--
 .../dnsmasq/patches/200-ubus_dns.patch        | 18 ++++----
 5 files changed, 17 insertions(+), 91 deletions(-)
 delete mode 100644 package/network/services/dnsmasq/patches/0001-Fix-spurious-resource-limit-exceeded-messages.patch
 delete mode 100644 package/network/services/dnsmasq/patches/0002-PATCH-Fix-error-introduced-in-51471cafa5a4fa44d6fe49.patch

diff --git a/package/network/services/dnsmasq/Makefile b/package/network/services/dnsmasq/Makefile
index 0a597c03ce40..3e9f228cdc0d 100644
--- a/package/network/services/dnsmasq/Makefile
+++ b/package/network/services/dnsmasq/Makefile
@@ -8,13 +8,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=dnsmasq
-PKG_UPSTREAM_VERSION:=2.90
+PKG_UPSTREAM_VERSION:=2.91test8
 PKG_VERSION:=$(subst test,~~test,$(subst rc,~rc,$(PKG_UPSTREAM_VERSION)))
-PKG_RELEASE:=3
+PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_UPSTREAM_VERSION).tar.xz
-PKG_SOURCE_URL:=https://thekelleys.org.uk/dnsmasq/
-PKG_HASH:=8e50309bd837bfec9649a812e066c09b6988b73d749b7d293c06c57d46a109e4
+PKG_SOURCE_URL:=https://thekelleys.org.uk/dnsmasq/test-releases
+PKG_HASH:=f23fbdf1863872aa864296e38aa114c51c6e990d8a2ca648d21bf003f3aa5e47
 
 PKG_LICENSE:=GPL-2.0
 PKG_LICENSE_FILES:=COPYING
diff --git a/package/network/services/dnsmasq/patches/0001-Fix-spurious-resource-limit-exceeded-messages.patch b/package/network/services/dnsmasq/patches/0001-Fix-spurious-resource-limit-exceeded-messages.patch
deleted file mode 100644
index f25ee20413fb..000000000000
--- a/package/network/services/dnsmasq/patches/0001-Fix-spurious-resource-limit-exceeded-messages.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-From 1ed783b8d7343c42910a61f12a8fc6237eb80417 Mon Sep 17 00:00:00 2001
-From: Simon Kelley <simon at thekelleys.org.uk>
-Date: Mon, 19 Feb 2024 12:22:43 +0000
-Subject: Fix spurious "resource limit exceeded" messages.
-
-Replies from upstream with a REFUSED rcode can result in
-log messages stating that a resource limit has been exceeded,
-which is not the case.
-
-Thanks to Dominik Derigs and the Pi-hole project for
-spotting this.
----
- CHANGELOG     | 5 +++++
- src/forward.c | 6 +++---
- 2 files changed, 8 insertions(+), 3 deletions(-)
-
---- a/CHANGELOG
-+++ b/CHANGELOG
-@@ -1,3 +1,8 @@
-+version 2.91
-+	Fix spurious "resource limit exceeded messages". Thanks to 
-+	Dominik Derigs for the bug report.
-+	
-+
- version 2.90
- 	Fix reversion in --rev-server introduced in 2.88 which
- 	caused breakage if the prefix length is not exactly divisible
---- a/src/forward.c
-+++ b/src/forward.c
-@@ -937,10 +937,10 @@ static void dnssec_validate(struct frec
- 	status = dnssec_validate_reply(now, header, plen, daemon->namebuff, daemon->keyname, &forward->class, 
- 				       !option_bool(OPT_DNSSEC_IGN_NS) && (forward->sentto->flags & SERV_DO_DNSSEC),
- 				       NULL, NULL, NULL, &orig->validate_counter);
--    }
- 
--  if (STAT_ISEQUAL(status, STAT_ABANDONED))
--    log_resource = 1;
-+      if (STAT_ISEQUAL(status, STAT_ABANDONED))
-+	log_resource = 1;
-+    }
-   
-   /* Can't validate, as we're missing key data. Put this
-      answer aside, whilst we get that. */     
diff --git a/package/network/services/dnsmasq/patches/0002-PATCH-Fix-error-introduced-in-51471cafa5a4fa44d6fe49.patch b/package/network/services/dnsmasq/patches/0002-PATCH-Fix-error-introduced-in-51471cafa5a4fa44d6fe49.patch
deleted file mode 100644
index 5c50ae84463b..000000000000
--- a/package/network/services/dnsmasq/patches/0002-PATCH-Fix-error-introduced-in-51471cafa5a4fa44d6fe49.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From ccff85ad72d2f858d9743d40525128e4f62d41a8 Mon Sep 17 00:00:00 2001
-From: renmingshuai <renmingshuai at huawei.com>
-Date: Wed, 21 Feb 2024 00:24:25 +0000
-Subject: [PATCH] Fix error introduced in
- 51471cafa5a4fa44d6fe490885d9910bd72a5907
-
-Signed-off-by: renmingshuai <renmingshuai at huawei.com>
----
- src/dnssec.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
---- a/src/dnssec.c
-+++ b/src/dnssec.c
-@@ -1547,7 +1547,7 @@ static int prove_non_existence_nsec3(str
-       nsecs[i] = NULL; /* Speculative, will be restored if OK. */
-       
-       if (!(p = skip_name(nsec3p, header, plen, 15)))
--	return 0; /* bad packet */
-+	return DNSSEC_FAIL_BADPACKET; /* bad packet */
-       
-       p += 10; /* type, class, TTL, rdlen */
-       
-@@ -1640,7 +1640,7 @@ static int prove_non_existence_nsec3(str
-   if (!wildname)
-     {
-       if (!(wildcard = strchr(next_closest, '.')) || wildcard == next_closest)
--	return 0;
-+	return DNSSEC_FAIL_NONSEC;
-       
-       wildcard--;
-       *wildcard = '*';
diff --git a/package/network/services/dnsmasq/patches/100-remove-old-runtime-kernel-support.patch b/package/network/services/dnsmasq/patches/100-remove-old-runtime-kernel-support.patch
index 26c1b463b94c..79bf10fa34cd 100644
--- a/package/network/services/dnsmasq/patches/100-remove-old-runtime-kernel-support.patch
+++ b/package/network/services/dnsmasq/patches/100-remove-old-runtime-kernel-support.patch
@@ -13,7 +13,7 @@ Signed-off-by: Kevin Darbyshire-Bryant <ldir at darbyshire-bryant.me.uk>
 
 --- a/src/dnsmasq.c
 +++ b/src/dnsmasq.c
-@@ -105,10 +105,6 @@ int main (int argc, char **argv)
+@@ -107,10 +107,6 @@ int main (int argc, char **argv)
    
    read_opts(argc, argv, compile_opts);
   
@@ -26,7 +26,7 @@ Signed-off-by: Kevin Darbyshire-Bryant <ldir at darbyshire-bryant.me.uk>
  
 --- a/src/dnsmasq.h
 +++ b/src/dnsmasq.h
-@@ -1277,7 +1277,7 @@ extern struct daemon {
+@@ -1278,7 +1278,7 @@ extern struct daemon {
    int inotifyfd;
  #endif
  #if defined(HAVE_LINUX_NETWORK)
@@ -35,7 +35,7 @@ Signed-off-by: Kevin Darbyshire-Bryant <ldir at darbyshire-bryant.me.uk>
  #elif defined(HAVE_BSD_NETWORK)
    int dhcp_raw_fd, dhcp_icmp_fd, routefd;
  #endif
-@@ -1491,9 +1491,6 @@ int read_write(int fd, unsigned char *pa
+@@ -1486,9 +1486,6 @@ int read_write(int fd, unsigned char *pa
  void close_fds(long max_fd, int spare1, int spare2, int spare3);
  int wildcard_match(const char* wildcard, const char* match);
  int wildcard_matchn(const char* wildcard, const char* match, int num);
@@ -140,7 +140,7 @@ Signed-off-by: Kevin Darbyshire-Bryant <ldir at darbyshire-bryant.me.uk>
       my_syslog(LOG_ERR, _("failed to update ipset %s: %s"), setname, strerror(errno));
 --- a/src/util.c
 +++ b/src/util.c
-@@ -866,22 +866,3 @@ int wildcard_matchn(const char* wildcard
+@@ -901,22 +901,3 @@ int wildcard_matchn(const char* wildcard
  
    return (!num) || (*wildcard == *match);
  }
diff --git a/package/network/services/dnsmasq/patches/200-ubus_dns.patch b/package/network/services/dnsmasq/patches/200-ubus_dns.patch
index 72acbaeba934..060251f64962 100644
--- a/package/network/services/dnsmasq/patches/200-ubus_dns.patch
+++ b/package/network/services/dnsmasq/patches/200-ubus_dns.patch
@@ -1,19 +1,19 @@
 --- a/src/dnsmasq.c
 +++ b/src/dnsmasq.c
-@@ -2021,6 +2021,10 @@ static void check_dns_listeners(time_t n
- 		  daemon->pipe_to_parent = pipefd[1];
- 		}
+@@ -2097,6 +2097,10 @@ static void do_tcp_connection(struct lis
+       daemon->pipe_to_parent = pipefd[1];
+     }
  
 +#ifdef HAVE_UBUS
-+	      drop_ubus_listeners();
++  drop_ubus_listeners();
 +#endif
 +
- 	      /* start with no upstream connections. */
- 	      for (s = daemon->servers; s; s = s->next)
- 		 s->tcpfd = -1; 
+   /* The connected socket inherits non-blocking
+      attribute from the listening socket. 
+      Reset that here. */
 --- a/src/dnsmasq.h
 +++ b/src/dnsmasq.h
-@@ -1670,14 +1670,26 @@ void emit_dbus_signal(int action, struct
+@@ -1682,14 +1682,26 @@ void emit_dbus_signal(int action, struct
  
  /* ubus.c */
  #ifdef HAVE_UBUS
@@ -42,7 +42,7 @@
  /* ipset.c */
 --- a/src/forward.c
 +++ b/src/forward.c
-@@ -803,7 +803,7 @@ static size_t process_reply(struct dns_h
+@@ -728,7 +728,7 @@ static size_t process_reply(struct dns_h
  	  cache_secure = 0;
  	}
        

base-commit: 99431e315039d7f9689b21a8aa220adadf52a886
-- 
2.47.1

More information about the openwrt-devel mailing list