]> git.ipfire.org Git - ipfire-2.x.git/blob - src/patches/glibc/glibc-rh1088301.patch
projects / ipfire-2.x.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
dhcpcd: fix delay after dhcp down.
[ipfire-2.x.git] / src / patches / glibc / glibc-rh1088301.patch
1 diff --git a/resolv/arpa/nameser.h b/resolv/arpa/nameser.h
2 index fb8513b..372d5cd 100644
3 --- a/resolv/arpa/nameser.h
4 +++ b/resolv/arpa/nameser.h
5 @@ -293,6 +293,9 @@ typedef enum __ns_type {
6 ns_t_sink = 40, /*%< Kitchen sink (experimentatl) */
7 ns_t_opt = 41, /*%< EDNS0 option (meta-RR) */
8 ns_t_apl = 42, /*%< Address prefix list (RFC3123) */
9 + ns_t_rrsig = 46, /*%< DNSSEC RRset Signature (RFC4034) */
10 + ns_t_nsec = 47, /*%< DNSSEC Next-Secure Record (RFC4034)*/
11 + ns_t_dnskey = 48, /*%< DNSSEC key record (RFC4034) */
12 ns_t_tkey = 249, /*%< Transaction key */
13 ns_t_tsig = 250, /*%< Transaction signature. */
14 ns_t_ixfr = 251, /*%< Incremental zone transfer. */
15 diff --git a/resolv/arpa/nameser_compat.h b/resolv/arpa/nameser_compat.h
16 index d59c9e4..284bff7 100644
17 --- a/resolv/arpa/nameser_compat.h
18 +++ b/resolv/arpa/nameser_compat.h
19 @@ -164,6 +164,9 @@ typedef struct {
20 #define T_NAPTR ns_t_naptr
21 #define T_A6 ns_t_a6
22 #define T_DNAME ns_t_dname
23 +#define T_RRSIG ns_t_rrsig
24 +#define T_NSEC ns_t_nsec
25 +#define T_DNSKEY ns_t_dnskey
26 #define T_TSIG ns_t_tsig
27 #define T_IXFR ns_t_ixfr
28 #define T_AXFR ns_t_axfr
29 diff --git a/resolv/gethnamaddr.c b/resolv/gethnamaddr.c
30 index a861a84..ae55fac 100644
31 --- a/resolv/gethnamaddr.c
32 +++ b/resolv/gethnamaddr.c
33 @@ -331,23 +331,36 @@ getanswer (const querybuf *answer, int anslen, const char *qname, int qtype)
34 buflen -= n;
35 continue;
36 }
37 - if ((type == T_SIG) || (type == T_KEY) || (type == T_NXT)) {
38 - /* We don't support DNSSEC yet. For now, ignore
39 - * the record and send a low priority message
40 - * to syslog.
41 - */
42 - syslog(LOG_DEBUG|LOG_AUTH,
43 + if ((type == T_SIG) || (type == T_KEY) || (type == T_NXT)
44 + || (type == T_RRSIG) || (type == T_NSEC)
45 + || (type == T_DNSKEY)) {
46 + /* We don't support DNSSEC responses yet, but we do
47 + * allow setting the DO bit. If the DNS server sent us
48 + * these records without us asking for it, ignore the
49 + * record and send a low priority message to syslog.
50 + */
51 + if ((_res.options & RES_USE_DNSSEC) == 0) {
52 + syslog(LOG_DEBUG|LOG_AUTH,
53 "gethostby*.getanswer: asked for \"%s %s %s\", got type \"%s\"",
54 - qname, p_class(C_IN), p_type(qtype),
55 - p_type(type));
56 + qname, p_class(C_IN), p_type(qtype),
57 + p_type(type));
58 + }
59 cp += n;
60 continue;
61 }
62 if (type != qtype) {
63 - syslog(LOG_NOTICE|LOG_AUTH,
64 + /* Skip logging if we received a DNAME when we have set
65 + * the DO bit. DNAME records are a convenient way to
66 + * set up DNSSEC records and such setups can make this
67 + * log message needlessly noisy.
68 + */
69 + if (!((_res.options & RES_USE_DNSSEC)
70 + && type == T_DNAME)) {
71 + syslog(LOG_NOTICE|LOG_AUTH,
72 "gethostby*.getanswer: asked for \"%s %s %s\", got type \"%s\"",
73 - qname, p_class(C_IN), p_type(qtype),
74 - p_type(type));
75 + qname, p_class(C_IN), p_type(qtype),
76 + p_type(type));
77 + }
78 cp += n;
79 continue; /* XXX - had_error++ ? */
80 }
81 diff --git a/resolv/nss_dns/dns-host.c b/resolv/nss_dns/dns-host.c
82 index f715ab0..510d388 100644
83 --- a/resolv/nss_dns/dns-host.c
84 +++ b/resolv/nss_dns/dns-host.c
85 @@ -822,13 +822,20 @@ getanswer_r (const querybuf *answer, int anslen, const char *qname, int qtype,
86 }
87 if (__builtin_expect (type == T_SIG, 0)
88 || __builtin_expect (type == T_KEY, 0)
89 - || __builtin_expect (type == T_NXT, 0))
90 + || __builtin_expect (type == T_NXT, 0)
91 + || __builtin_expect (type == T_RRSIG, 0)
92 + || __builtin_expect (type == T_NSEC, 0)
93 + || __builtin_expect (type == T_DNSKEY, 0))
94 {
95 - /* We don't support DNSSEC yet. For now, ignore the record
96 - and send a low priority message to syslog. */
97 - syslog (LOG_DEBUG | LOG_AUTH,
98 - "gethostby*.getanswer: asked for \"%s %s %s\", got type \"%s\"",
99 - qname, p_class (C_IN), p_type(qtype), p_type (type));
100 + /* We don't support DNSSEC responses yet, but we do allow setting the
101 + DO bit. If the DNS server sent us these records without us asking
102 + for it, ignore the record and send a low priority message to
103 + syslog. */
104 + if ((_res.options & RES_USE_DNSSEC) == 0)
105 + syslog (LOG_DEBUG | LOG_AUTH,
106 + "gethostby*.getanswer: asked for \"%s %s %s\", "
107 + "got type \"%s\"",
108 + qname, p_class (C_IN), p_type(qtype), p_type (type));
109 cp += n;
110 continue;
111 }
112 @@ -837,9 +844,14 @@ getanswer_r (const querybuf *answer, int anslen, const char *qname, int qtype,
113 have_to_map = 1;
114 else if (__builtin_expect (type != qtype, 0))
115 {
116 - syslog (LOG_NOTICE | LOG_AUTH,
117 - "gethostby*.getanswer: asked for \"%s %s %s\", got type \"%s\"",
118 - qname, p_class (C_IN), p_type (qtype), p_type (type));
119 + /* Skip logging if we received a DNAME when we have set the DO bit.
120 + DNAME records are a convenient way to set up DNSSEC records and
121 + such setups can make this log message needlessly noisy. */
122 + if (!((_res.options & RES_USE_DNSSEC) && type == T_DNAME))
123 + syslog (LOG_NOTICE | LOG_AUTH,
124 + "gethostby*.getanswer: asked for \"%s %s %s\", "
125 + "got type \"%s\"",
126 + qname, p_class (C_IN), p_type (qtype), p_type (type));
127 cp += n;
128 continue; /* XXX - had_error++ ? */
129 }
130 diff --git a/resolv/res_debug.c b/resolv/res_debug.c
131 index 7843439..4a49629 100644
132 --- a/resolv/res_debug.c
133 +++ b/resolv/res_debug.c
134 @@ -450,6 +450,8 @@ const struct res_sym __p_type_syms[] = {
135 {ns_t_kx, "KX", "Key Exchange"},
136 {ns_t_cert, "CERT", "Certificate"},
137 {ns_t_any, "ANY", "\"any\""},
138 + /* TODO Add RRSIG, NSEC and DNSKEY once we actually do something with
139 + them. */
140 {0, NULL, NULL}
141 };
142 libresolv_hidden_data_def (__p_type_syms)
IPFire 2.x development tree