dnsmasq: bump to 2.87

Signed-off-by: ZiMing Mo <msylgj@immortalwrt.org>
2022-09-28 23:55:49 +08:00 · 2022-09-28 23:55:49 +08:00 · ab7c30afb5
commit ab7c30afb5
parent 81f9f50fa4
3 changed files with 15 additions and 48 deletions
--- a/package/network/services/dnsmasq/Makefile
+++ b/package/network/services/dnsmasq/Makefile
@ -8,13 +8,13 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=dnsmasq
-PKG_UPSTREAM_VERSION:=2.87rc1
+PKG_UPSTREAM_VERSION:=2.87
 PKG_VERSION:=$(subst test,~~test,$(subst rc,~rc,$(PKG_UPSTREAM_VERSION)))
 PKG_RELEASE:=$(AUTORELEASE)

 PKG_SOURCE:=$(PKG_NAME)-$(PKG_UPSTREAM_VERSION).tar.xz
-PKG_SOURCE_URL:=http://thekelleys.org.uk/dnsmasq/release-candidates/
-PKG_HASH:=a13df87ac500bdda920197f33a07251559ff60f4fbe26f46317241bd2bade9a9
+PKG_SOURCE_URL:=http://thekelleys.org.uk/dnsmasq/
+PKG_HASH:=0228c0364a7f2356fd7e7f1549937cbf3099a78d3b2eb1ba5bb0c31e2b89de7a

 PKG_LICENSE:=GPL-2.0
 PKG_LICENSE_FILES:=COPYING
--- a/package/network/services/dnsmasq/files/dnsmasq.init
+++ b/package/network/services/dnsmasq/files/dnsmasq.init
@ -793,14 +793,24 @@ dnsmasq_ipset_add() {
 	}

 	add_nftset() {
-		nftsets="${nftsets:+$nftsets,}inet#fw4#$1"
+		local IFS=,
+		for set in $1; do
+			local family=$(echo "$set" | sed -nre 's#^.*[^0-9]([46])$#\1#p')
+			[ -n "$family" ] || \
+				family=$(nft -t list set inet "$table" "$set" 2>&1 | sed -nre 's#^\t\ttype .*\bipv([46])_addr\b.*$#\1#p')
+
+			[ -n "$family" ] || \
+				logger -t dnsmasq "Cannot infer address family from non-existent nftables set '$set'"
+
+			nftsets="${nftsets:+$nftsets,}${family:+$family#}inet#$table#$set"
+		done
 	}

 	add_domain() {
 		# leading '/' is expected
 		domains="$domains/$1"
 	}
-
+	config_get table "$cfg" table 'fw4'
 	config_list_foreach "$cfg" "name" add_ipset
 	config_list_foreach "$cfg" "name" add_nftset
 	config_list_foreach "$cfg" "domain" add_domain
--- a/package/network/services/dnsmasq/patches/0001-Fix-a-problem-in-overload-handling.patch
+++ b/package/network/services/dnsmasq/patches/0001-Fix-a-problem-in-overload-handling.patch
@ -1,43 +0,0 @@
-From c4b9bc63e0029cf1beaf8bdcbd92fa09f33b599d Mon Sep 17 00:00:00 2001
-From: Simon Kelley <simon@thekelleys.org.uk>
-Date: Fri, 9 Sep 2022 12:53:49 +0100
-Subject: [PATCH] Fix a problem in overload handling.
-
-Sending the same query repeatedly to a dnsmasq instance which
-doesn't get replies from upstream will eventually hit the
-hard limit on frec_src structures and start gettin REFUSED
-replies. This is OK, except that since the queries are no longer
-being forwarded, an upstream server coming back doesn't reset the
-situation. If there is any other traffic, frec allocation will
-eventually delete the timed-out frec and get things moving again,
-but that's not guaranteed.
-
-To fix this we explicitly delete the frec once timed out in this case.
-
-Thanks to Filip Jenicek for noticing and characterising this problem.
---
- src/forward.c | 8 ++++++++
- 1 file changed, 8 insertions(+)
-
-diff --git a/src/forward.c b/src/forward.c
-index 8562b2d..fa80251 100644
--- a/src/forward.c
-+++ b/src/forward.c
-@@ -244,6 +244,14 @@ static int forward_query(int udpfd, union mysockaddr *udpaddr,
- 	  if (!daemon->free_frec_src)
- 	    {
- 	      query_full(now, NULL);
-+	      /* This is tricky; if we're blasted with the same query
-+		 over and over, we'll end up taking this path each time
-+		 and never resetting until the frec gets deleted by
-+		 aging followed by the receipt of a different query. This
-+		 is a bit of a DoS vuln. Avoid by explicitly deleting the
-+		 frec once it expires. */
-+	      if (difftime(now, forward->time) >= TIMEOUT)
-+		free_frec(forward);
- 	      goto reply;
- 	    }
- 	  
-- 
-2.37.3
-