+++ /dev/null
-From 38440b204db65f9be16c4c3daa7e991e4356f6ed Mon Sep 17 00:00:00 2001
-From: Simon Kelley <simon@thekelleys.org.uk>
-Date: Sun, 12 Apr 2015 21:52:47 +0100
-Subject: [PATCH] Fix crash in auth code with odd configuration.
-
----
- CHANGELOG | 32 +++++++++++++++++++++-----------
- src/auth.c | 13 ++++++++-----
- 2 files changed, 29 insertions(+), 16 deletions(-)
-
-diff --git a/CHANGELOG b/CHANGELOG
-index 9af6170..f2142c7 100644
---- a/CHANGELOG
-+++ b/CHANGELOG
-@@ -68,18 +68,31 @@ version 2.73
- Fix broken DNSSEC validation of ECDSA signatures.
-
- Add --dnssec-timestamp option, which provides an automatic
-- way to detect when the system time becomes valid after boot
-- on systems without an RTC, whilst allowing DNS queries before the
-- clock is valid so that NTP can run. Thanks to
-- Kevin Darbyshire-Bryant for developing this idea.
-+ way to detect when the system time becomes valid after
-+ boot on systems without an RTC, whilst allowing DNS
-+ queries before the clock is valid so that NTP can run.
-+ Thanks to Kevin Darbyshire-Bryant for developing this idea.
-
- Add --tftp-no-fail option. Thanks to Stefan Tomanek for
- the patch.
-
-- Fix crash caused by looking up servers.bind, CHAOS text record,
-- when more than about five --servers= lines are in the dnsmasq
-- config. This causes memory corruption which causes a crash later.
-- Thanks to Matt Coddington for sterling work chasing this down.
-+ Fix crash caused by looking up servers.bind, CHAOS text
-+ record, when more than about five --servers= lines are
-+ in the dnsmasq config. This causes memory corruption
-+ which causes a crash later. Thanks to Matt Coddington for
-+ sterling work chasing this down.
-+
-+ Fix crash on receipt of certain malformed DNS requests.
-+ Thanks to Nick Sampanis for spotting the problem.
-+
-+ Fix crash in authoritative DNS code, if a .arpa zone
-+ is declared as authoritative, and then a PTR query which
-+ is not to be treated as authoritative arrived. Normally,
-+ directly declaring .arpa zone as authoritative is not
-+ done, so this crash wouldn't be seen. Instead the
-+ relevant .arpa zone should be specified as a subnet
-+ in the auth-zone declaration. Thanks to Johnny S. Lee
-+ for the bugreport and initial patch.
-
-
- version 2.72
-@@ -125,10 +138,7 @@ version 2.72
- Fix problem with --local-service option on big-endian platforms
- Thanks to Richard Genoud for the patch.
-
-- Fix crash on receipt of certain malformed DNS requests. Thanks
-- to Nick Sampanis for spotting the problem.
-
--
- version 2.71
- Subtle change to error handling to help DNSSEC validation
- when servers fail to provide NODATA answers for
-diff --git a/src/auth.c b/src/auth.c
-index 15721e5..4a5c39f 100644
---- a/src/auth.c
-+++ b/src/auth.c
-@@ -141,7 +141,7 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n
- for (zone = daemon->auth_zones; zone; zone = zone->next)
- if ((subnet = find_subnet(zone, flag, &addr)))
- break;
--
-+
- if (!zone)
- {
- auth = 0;
-@@ -186,7 +186,7 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n
-
- if (intr)
- {
-- if (in_zone(zone, intr->name, NULL))
-+ if (local_query || in_zone(zone, intr->name, NULL))
- {
- found = 1;
- log_query(flag | F_REVERSE | F_CONFIG, intr->name, &addr, NULL);
-@@ -208,8 +208,11 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n
- *p = 0; /* must be bare name */
-
- /* add external domain */
-- strcat(name, ".");
-- strcat(name, zone->domain);
-+ if (zone)
-+ {
-+ strcat(name, ".");
-+ strcat(name, zone->domain);
-+ }
- log_query(flag | F_DHCP | F_REVERSE, name, &addr, record_source(crecp->uid));
- found = 1;
- if (add_resource_record(header, limit, &trunc, nameoffset, &ansp,
-@@ -217,7 +220,7 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n
- T_PTR, C_IN, "d", name))
- anscount++;
- }
-- else if (crecp->flags & (F_DHCP | F_HOSTS) && in_zone(zone, name, NULL))
-+ else if (crecp->flags & (F_DHCP | F_HOSTS) && (local_query || in_zone(zone, name, NULL)))
- {
- log_query(crecp->flags & ~F_FORWARD, name, &addr, record_source(crecp->uid));
- found = 1;
---
-2.1.4
-
+++ /dev/null
-From 35042c3ef61b3bc07f0f9418dff6be6ed78f4aa1 Mon Sep 17 00:00:00 2001
-From: Steven Barth <steven@midlink.org>
-Date: Fri, 10 Apr 2015 10:46:57 +0200
-Subject: [PATCH] Revert "Don't reply to DHCPv6 SOLICIT messages when not
- configured for statefull DHCPv6."
-
-This reverts commit 61b838dd574c51d96fef100285a0d225824534f9.
----
- src/rfc3315.c | 13 -------------
- 1 file changed, 13 deletions(-)
-
-diff --git a/src/rfc3315.c b/src/rfc3315.c
-index c1ddc80..50131d8 100644
---- a/src/rfc3315.c
-+++ b/src/rfc3315.c
-@@ -824,19 +824,6 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
- }
- else
- {
-- /* Windows 8 always requests an address even if the Managed bit
-- in RA is 0 and it keeps retrying if it receives a reply
-- stating that no addresses are available. We solve this
-- by not replying at all if we're not configured to give any
-- addresses by DHCPv6. RFC 3315 17.2.1. appears to allow this. */
--
-- for (c = state->context; c; c = c->current)
-- if (!(c->flags & CONTEXT_RA_STATELESS))
-- break;
--
-- if (!c)
-- return 0;
--
- /* no address, return error */
- o1 = new_opt6(OPTION6_STATUS_CODE);
- put_opt6_short(DHCP6NOADDRS);
---
-2.1.4
-
projects / openwrt / staging / chunkeey.git / commitdiff