--- /dev/null
+. 3600 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=\r
+etc/trusted-key.key
usr/bin/dig
usr/bin/host
usr/bin/nslookup
usr/bin/nsupdate
-#usr/man/man1/dig.1
-#usr/man/man1/host.1
-#usr/man/man1/nslookup.1
-#usr/man/man8/nsupdate.8
+#usr/share/man/man1/dig.1
+#usr/share/man/man1/host.1
+#usr/share/man/man1/nslookup.1
+#usr/share/man/man1/nsupdate.1
--- /dev/null
+#usr/bin/nettle-hash
+#usr/bin/nettle-lfib-stream
+#usr/bin/nettle-pbkdf2
+#usr/bin/pkcs1-conv
+#usr/bin/sexp-conv
+#usr/include/nettle
+#usr/include/nettle/aes.h
+#usr/include/nettle/arcfour.h
+#usr/include/nettle/arctwo.h
+#usr/include/nettle/asn1.h
+#usr/include/nettle/base16.h
+#usr/include/nettle/base64.h
+#usr/include/nettle/bignum.h
+#usr/include/nettle/blowfish.h
+#usr/include/nettle/buffer.h
+#usr/include/nettle/camellia.h
+#usr/include/nettle/cast128.h
+#usr/include/nettle/cbc.h
+#usr/include/nettle/ccm.h
+#usr/include/nettle/chacha-poly1305.h
+#usr/include/nettle/chacha.h
+#usr/include/nettle/ctr.h
+#usr/include/nettle/des-compat.h
+#usr/include/nettle/des.h
+#usr/include/nettle/dsa-compat.h
+#usr/include/nettle/dsa.h
+#usr/include/nettle/eax.h
+#usr/include/nettle/ecc-curve.h
+#usr/include/nettle/ecc.h
+#usr/include/nettle/ecdsa.h
+#usr/include/nettle/gcm.h
+#usr/include/nettle/gosthash94.h
+#usr/include/nettle/hmac.h
+#usr/include/nettle/knuth-lfib.h
+#usr/include/nettle/macros.h
+#usr/include/nettle/md2.h
+#usr/include/nettle/md4.h
+#usr/include/nettle/md5-compat.h
+#usr/include/nettle/md5.h
+#usr/include/nettle/memxor.h
+#usr/include/nettle/nettle-meta.h
+#usr/include/nettle/nettle-stdint.h
+#usr/include/nettle/nettle-types.h
+#usr/include/nettle/pbkdf2.h
+#usr/include/nettle/pgp.h
+#usr/include/nettle/pkcs1.h
+#usr/include/nettle/poly1305.h
+#usr/include/nettle/realloc.h
+#usr/include/nettle/ripemd160.h
+#usr/include/nettle/rsa.h
+#usr/include/nettle/salsa20.h
+#usr/include/nettle/serpent.h
+#usr/include/nettle/sexp.h
+#usr/include/nettle/sha.h
+#usr/include/nettle/sha1.h
+#usr/include/nettle/sha2.h
+#usr/include/nettle/sha3.h
+#usr/include/nettle/twofish.h
+#usr/include/nettle/umac.h
+#usr/include/nettle/yarrow.h
+#usr/lib/libhogweed.a
+#usr/lib/libhogweed.so
+usr/lib/libhogweed.so.3
+usr/lib/libhogweed.so.3.0
+#usr/lib/libnettle.a
+#usr/lib/libnettle.so
+usr/lib/libnettle.so.5
+usr/lib/libnettle.so.5.0
+#usr/lib/pkgconfig/hogweed.pc
+#usr/lib/pkgconfig/nettle.pc
+#usr/share/info/nettle.info
--- /dev/null
+../../../common/bind
\ No newline at end of file
--- /dev/null
+../../../common/dnsmasq
\ No newline at end of file
etc/system-release
etc/issue
etc/rc.d/init.d/dhcrelay
+etc/rc.d/init.d/dnsmasq
srv/web/ipfire/cgi-bin/ovpnmain.cgi
srv/web/ipfire/cgi-bin/routing.cgi
usr/sbin/dhcrelay
--- /dev/null
+../../../common/nettle
\ No newline at end of file
extract_files
# Start services
+/etc/init.d/dnsmasq restart
# Update Language cache
perl -e "require '/var/ipfire/lang.pl'; &Lang::BuildCacheLang"
include Config
-VER = 9.3.2
+VER = 9.9.5
THISAPP = bind-$(VER)
DL_FILE = $(THISAPP).tar.gz
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
+export CPPFLAGS = -DDIG_SIGCHASE
+
###############################################################################
# Top-level Rules
###############################################################################
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 55e709501a7780233c36e25ccd15ece2
+$(DL_FILE)_MD5 = e676c65cad5234617ee22f48e328c24e
install : $(TARGET)
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
- cd $(DIR_APP) && ./configure --prefix=/usr --disable-nls --disable-ipv6
+ cd $(DIR_APP) && STD_CDEFINES="$(CPPFLAGS)" \
+ ./configure \
+ --prefix=/usr \
+ --disable-static \
+ --disable-openssl-version-check
cd $(DIR_APP) && make -C lib/dns
cd $(DIR_APP) && make -C lib/isc
cd $(DIR_APP) && make -C lib/bind9
cd $(DIR_APP) && make -C bin/dig install
cd $(DIR_APP) && make -C bin/nsupdate
cd $(DIR_APP) && make -C bin/nsupdate install
+
+ install -v -m 644 $(DIR_SRC)/config/bind/trusted-key.key \
+ /etc/trusted-key.key
+
@rm -rf $(DIR_APP)
@$(POSTBUILD)
include Config
-VER = 2.45
+VER = 2.71
THISAPP = dnsmasq-$(VER)
-DL_FILE = $(THISAPP).tar.gz
+DL_FILE = $(THISAPP).tar.xz
DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
+COPTS = -DHAVE_ISC_READER
+
###############################################################################
# Top-level Rules
###############################################################################
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = b7956e15c9766e05b3eca3ce88fdb616
+$(DL_FILE)_MD5 = 9e2e4d59c75e71ee3ca817ff0f9be69e
install : $(TARGET)
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
- @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
- cd $(DIR_APP) && sed -i -e 's|/usr/local|/usr|g' Makefile
- cd $(DIR_APP)/src && sed -i \
- -e 's|^\/\* #define HAVE_ISC_READER .*$$|#define HAVE_ISC_READER\n#define NO_IPV6|' \
- -e 's|^#define HAVE_TFTP *$$|//#define HAVE_TFTP|' \
- -e 's/^#define CHUSER .*$$/#define CHUSER "dnsmasq"/' config.h
- cd $(DIR_APP) && make $(MAKETUNING)
- cd $(DIR_APP) && make install
+ @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq-2.71-use-nettle-with-minigmp.patch
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq-2.71-support-nettle-3.0.patch
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq-2.70-Add-support-to-read-ISC-DHCP-lease-file.patch
+ cd $(DIR_APP) && sed -i src/config.h \
+ -e 's|/\* #define HAVE_IDN \*/|#define HAVE_IDN|g' \
+ -e 's|/\* #define HAVE_DNSSEC \*/|#define HAVE_DNSSEC|g' \
+ -e 's|#define HAVE_DHCP|//#define HAVE_DHCP|g' \
+ -e 's|#define HAVE_DHCP6|//#define HAVE_DHCP6|g' \
+ -e 's|#define HAVE_TFTP|//#define HAVE_TFTP|g'
+
+ cd $(DIR_APP) && make CFLAGS="$(CFLAGS)" COPTS="$(COPTS)" $(MAKETUNING)
+ cd $(DIR_APP) && make PREFIX=/usr install
@rm -rf $(DIR_APP)
@$(POSTBUILD)
--- /dev/null
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2007 Michael Tremer & Christian Schmidt #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+###############################################################################
+# Definitions
+###############################################################################
+
+include Config
+
+VER = 3.0
+
+THISAPP = nettle-$(VER)
+DL_FILE = $(THISAPP).tar.gz
+DL_FROM = $(URL_IPFIRE)
+DIR_APP = $(DIR_SRC)/$(THISAPP)
+TARGET = $(DIR_INFO)/$(THISAPP)
+
+###############################################################################
+# Top-level Rules
+###############################################################################
+
+objects = $(DL_FILE)
+
+$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
+
+$(DL_FILE)_MD5 = f64b1bf1e774b7ae6e507318e340250e
+
+install : $(TARGET)
+
+check : $(patsubst %,$(DIR_CHK)/%,$(objects))
+
+download :$(patsubst %,$(DIR_DL)/%,$(objects))
+
+md5 : $(subst %,%_MD5,$(objects))
+
+###############################################################################
+# Downloading, checking, md5sum
+###############################################################################
+
+$(patsubst %,$(DIR_CHK)/%,$(objects)) :
+ @$(CHECK)
+
+$(patsubst %,$(DIR_DL)/%,$(objects)) :
+ @$(LOAD)
+
+$(subst %,%_MD5,$(objects)) :
+ @$(MD5)
+
+###############################################################################
+# Installation Details
+###############################################################################
+
+$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
+ @$(PREBUILD)
+ @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
+ cd $(DIR_APP) && ./configure \
+ --prefix=/usr \
+ --enable-shared
+ cd $(DIR_APP) && make $(MAKETUNING)
+ cd $(DIR_APP) && make install
+ @rm -rf $(DIR_APP)
+ @$(POSTBUILD)
export LOGFILE
ipfiremake configroot
ipfiremake backup
- ipfiremake bind
- ipfiremake dhcp
- ipfiremake dhcpcd
ipfiremake libusb
ipfiremake libusbx
ipfiremake libpcap
;;
esac
ipfiremake pkg-config
+ ipfiremake openssl
+ ipfiremake openssl-compat
+ ipfiremake libgpg-error
+ ipfiremake libgcrypt
+ ipfiremake libassuan
+ ipfiremake bind
+ ipfiremake dhcp
+ ipfiremake dhcpcd
ipfiremake linux-atm
ipfiremake cpio
ipfiremake dracut
ipfiremake expat
ipfiremake gdbm
ipfiremake pam
- ipfiremake openssl
- ipfiremake openssl-compat
- ipfiremake libgpg-error
- ipfiremake libgcrypt
- ipfiremake libassuan
ipfiremake curl
ipfiremake tcl
ipfiremake sqlite
ipfiremake arping
ipfiremake beep
ipfiremake dvdrtools
+ ipfiremake nettle
ipfiremake dnsmasq
ipfiremake dosfstools
ipfiremake reiserfsprogs
. /etc/sysconfig/dnsmasq
fi
+CACHE_SIZE=2500
+ENABLE_DNSSEC=1
SHOW_SRV=1
+TRUST_ANCHOR=".,19036,8,2,49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5"
+
+function dnssec_args() {
+ local cmdline="--dnssec"
+
+ if [ -n "${TRUST_ANCHOR}" ]; then
+ cmdline="${cmdline} --trust-anchor=${TRUST_ANCHOR}"
+ fi
+
+ echo "${cmdline}"
+}
function dns_forward_args() {
local file="${1}"
echo "${cmdline}"
}
-
case "${1}" in
start)
# kill already running copy of dnsmasq...
# Add custom forward dns zones.
ARGS="${ARGS} $(dns_forward_args /var/ipfire/dnsforward/config)"
+ # Enabled DNSSEC validation
+ if [ "${ENABLE_DNSSEC}" -eq 1 ]; then
+ ARGS="${ARGS} $(dnssec_args)"
+ fi
+
+ if [ -n "${CACHE_SIZE}" ]; then
+ ARGS="${ARGS} --cache-size=${CACHE_SIZE}"
+ fi
+
loadproc /usr/sbin/dnsmasq -l /var/state/dhcp/dhcpd.leases $ARGS
if [ "${SHOW_SRV}" -eq 1 ] && [ "${DNS1}" != "" -o "${DNS2}" != "" ]; then
--- /dev/null
+diff --git a/Makefile b/Makefile
+index 292c8bd..5e0cdbe 100644
+--- a/Makefile
++++ b/Makefile
+@@ -69,7 +69,7 @@ objs = cache.o rfc1035.o util.o option.o forward.o network.o \
+ dnsmasq.o dhcp.o lease.o rfc2131.o netlink.o dbus.o bpf.o \
+ helper.o tftp.o log.o conntrack.o dhcp6.o rfc3315.o \
+ dhcp-common.o outpacket.o radv.o slaac.o auth.o ipset.o \
+- domain.o dnssec.o blockdata.o
++ domain.o dnssec.o blockdata.o isc.o
+
+ hdrs = dnsmasq.h config.h dhcp-protocol.h dhcp6-protocol.h \
+ dns-protocol.h radv-protocol.h ip6addr.h
+diff --git a/src/cache.c b/src/cache.c
+index 5cec918..1f5657f 100644
+--- a/src/cache.c
++++ b/src/cache.c
+@@ -17,7 +17,7 @@
+ #include "dnsmasq.h"
+
+ static struct crec *cache_head = NULL, *cache_tail = NULL, **hash_table = NULL;
+-#ifdef HAVE_DHCP
++#if (defined HAVE_DHCP) || (defined HAVE_ISC_READER)
+ static struct crec *dhcp_spare = NULL;
+ #endif
+ static struct crec *new_chain = NULL;
+@@ -222,6 +222,9 @@ static void cache_free(struct crec *crecp)
+ crecp->flags &= ~F_BIGNAME;
+ }
+
++ if (crecp->flags & F_DHCP)
++ free(crecp->name.namep);
++
+ #ifdef HAVE_DNSSEC
+ cache_blockdata_free(crecp);
+ #endif
+@@ -1110,7 +1113,7 @@ void cache_reload(void)
+ total_size = read_hostsfile(ah->fname, ah->index, total_size, (struct crec **)daemon->packet, revhashsz);
+ }
+
+-#ifdef HAVE_DHCP
++#if (defined HAVE_DHCP) || (defined HAVE_ISC_READER)
+ struct in_addr a_record_from_hosts(char *name, time_t now)
+ {
+ struct crec *crecp = NULL;
+@@ -1188,7 +1191,7 @@ void cache_add_dhcp_entry(char *host_name, int prot,
+ addrlen = sizeof(struct in6_addr);
+ }
+ #endif
+-
++
+ inet_ntop(prot, host_address, daemon->addrbuff, ADDRSTRLEN);
+
+ while ((crec = cache_find_by_name(crec, host_name, 0, flags | F_CNAME)))
+@@ -1253,7 +1256,11 @@ void cache_add_dhcp_entry(char *host_name, int prot,
+ else
+ crec->ttd = ttd;
+ crec->addr.addr = *host_address;
++#ifdef HAVE_ISC_READER
++ crec->name.namep = strdup(host_name);
++#else
+ crec->name.namep = host_name;
++#endif
+ crec->uid = next_uid();
+ cache_hash(crec);
+
+diff --git a/src/dnsmasq.c b/src/dnsmasq.c
+index 1c96a0e..156ac9a 100644
+--- a/src/dnsmasq.c
++++ b/src/dnsmasq.c
+@@ -934,6 +934,11 @@ int main (int argc, char **argv)
+
+ poll_resolv(0, daemon->last_resolv != 0, now);
+ daemon->last_resolv = now;
++
++#ifdef HAVE_ISC_READER
++ if (daemon->lease_file && !daemon->dhcp)
++ load_dhcp(now);
++#endif
+ }
+
+ if (FD_ISSET(piperead, &rset))
+diff --git a/src/dnsmasq.h b/src/dnsmasq.h
+index 3032546..a40b2a9 100644
+--- a/src/dnsmasq.h
++++ b/src/dnsmasq.h
+@@ -1447,3 +1447,8 @@ void slaac_add_addrs(struct dhcp_lease *lease, time_t now, int force);
+ time_t periodic_slaac(time_t now, struct dhcp_lease *leases);
+ void slaac_ping_reply(struct in6_addr *sender, unsigned char *packet, char *interface, struct dhcp_lease *leases);
+ #endif
++
++/* isc.c */
++#ifdef HAVE_ISC_READER
++void load_dhcp(time_t now);
++#endif
+diff --git a/src/isc.c b/src/isc.c
+new file mode 100644
+index 0000000..5106442
+--- /dev/null
++++ b/src/isc.c
+@@ -0,0 +1,251 @@
++/* dnsmasq is Copyright (c) 2014 John Volpe, Simon Kelley and
++ Michael Tremer
++
++ This program is free software; you can redistribute it and/or modify
++ it under the terms of the GNU General Public License as published by
++ the Free Software Foundation; version 2 dated June, 1991, or
++ (at your option) version 3 dated 29 June, 2007.
++
++ This program is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
++ GNU General Public License for more details.
++
++ You should have received a copy of the GNU General Public License
++ along with this program. If not, see <http://www.gnu.org/licenses/>.
++
++ Code in this file is based on contributions by John Volpe and
++ Simon Kelley. Updated for recent versions of dnsmasq by
++ Michael Tremer.
++*/
++
++#include "dnsmasq.h"
++
++#ifdef HAVE_ISC_READER
++#define MAXTOK 50
++
++struct isc_dhcp_lease {
++ char* name;
++ char* fqdn;
++ time_t expires;
++ struct in_addr addr;
++ struct isc_dhcp_lease* next;
++};
++
++static struct isc_dhcp_lease* dhcp_lease_new(const char* hostname) {
++ struct isc_dhcp_lease* lease = whine_malloc(sizeof(*lease));
++
++ lease->name = strdup(hostname);
++ if (daemon->domain_suffix) {
++ asprintf(&lease->fqdn, "%s.%s", hostname, daemon->domain_suffix);
++ }
++ lease->expires = 0;
++ lease->next = NULL;
++
++ return lease;
++}
++
++static void dhcp_lease_free(struct isc_dhcp_lease* lease) {
++ if (!lease)
++ return;
++
++ if (lease->name)
++ free(lease->name);
++ if (lease->fqdn)
++ free(lease->fqdn);
++ free(lease);
++}
++
++static int next_token(char* token, int buffsize, FILE* fp) {
++ int c, count = 0;
++ char* cp = token;
++
++ while ((c = getc(fp)) != EOF) {
++ if (c == '#') {
++ do {
++ c = getc(fp);
++ } while (c != '\n' && c != EOF);
++ }
++
++ if (c == ' ' || c == '\t' || c == '\n' || c == ';') {
++ if (count)
++ break;
++ } else if ((c != '"') && (count < buffsize - 1)) {
++ *cp++ = c;
++ count++;
++ }
++ }
++
++ *cp = 0;
++ return count ? 1 : 0;
++}
++
++static long get_utc_offset() {
++ time_t t = time(NULL);
++ struct tm* time_struct = localtime(&t);
++
++ return time_struct->tm_gmtoff;
++}
++
++static time_t parse_lease_time(const char* token_date, const char* token_time) {
++ time_t time = (time_t)(-1);
++ struct tm lease_time;
++
++ if (sscanf(token_date, "%d/%d/%d", &lease_time.tm_year, &lease_time.tm_mon, &lease_time.tm_mday) == 3) {
++ lease_time.tm_year -= 1900;
++ lease_time.tm_mon -= 1;
++
++ if (sscanf(token_time, "%d:%d:%d", &lease_time.tm_hour, &lease_time.tm_min, &lease_time.tm_sec) == 3) {
++ time = mktime(&lease_time) + get_utc_offset();
++ }
++ }
++
++ return time;
++}
++
++static struct isc_dhcp_lease* find_lease(const char* hostname, struct isc_dhcp_lease* leases) {
++ struct isc_dhcp_lease* lease = leases;
++
++ while (lease) {
++ if (strcmp(hostname, lease->name) == 0) {
++ return lease;
++ }
++ lease = lease->next;
++ }
++
++ return NULL;
++}
++
++static off_t lease_file_size = (off_t)0;
++static ino_t lease_file_inode = (ino_t)0;
++
++void load_dhcp(time_t now) {
++ struct isc_dhcp_lease* leases = NULL;
++
++ struct stat statbuf;
++ if (stat(daemon->lease_file, &statbuf) == -1) {
++ return;
++ }
++
++ /* Do nothing if the lease file has not changed. */
++ if ((statbuf.st_size <= lease_file_size) && (statbuf.st_ino == lease_file_inode))
++ return;
++
++ lease_file_size = statbuf.st_size;
++ lease_file_inode = statbuf.st_ino;
++
++ FILE* fp = fopen(daemon->lease_file, "r");
++ if (!fp) {
++ my_syslog(LOG_ERR, _("failed to load %s:%s"), daemon->lease_file, strerror(errno));
++ return;
++ }
++
++ my_syslog(LOG_INFO, _("reading %s"), daemon->lease_file);
++
++ char* hostname = daemon->namebuff;
++ struct in_addr host_address;
++ time_t time_starts = -1;
++ time_t time_ends = -1;
++ int nomem;
++
++ char token[MAXTOK];
++ while ((next_token(token, MAXTOK, fp))) {
++ if (strcmp(token, "lease") == 0) {
++ hostname[0] = '\0';
++
++ if (next_token(token, MAXTOK, fp) && ((host_address.s_addr = inet_addr(token)) != (in_addr_t)-1)) {
++ if (next_token(token, MAXTOK, fp) && *token == '{') {
++ while (next_token(token, MAXTOK, fp) && *token != '}') {
++ if ((strcmp(token, "client-hostname") == 0) || (strcmp(token, "hostname") == 0)) {
++ if (next_token(hostname, MAXDNAME, fp)) {
++ if (!canonicalise(hostname, &nomem)) {
++ *hostname = 0;
++ my_syslog(LOG_ERR, _("bad name in %s"), daemon->lease_file);
++ }
++ }
++ } else if ((strcmp(token, "starts") == 0) || (strcmp(token, "ends") == 0)) {
++ char token_date[MAXTOK];
++ char token_time[MAXTOK];
++
++ int is_starts = strcmp(token, "starts") == 0;
++
++ // Throw away the weekday and parse the date.
++ if (next_token(token, MAXTOK, fp) && next_token(token_date, MAXTOK, fp) && next_token(token_time, MAXTOK, fp)) {
++ time_t time = parse_lease_time(token_date, token_time);
++
++ if (is_starts)
++ time_starts = time;
++ else
++ time_ends = time;
++ }
++ }
++ }
++
++ if (!*hostname)
++ continue;
++
++ if ((time_starts == -1) || (time_ends == -1))
++ continue;
++
++ if (difftime(now, time_ends) > 0)
++ continue;
++
++ char* dot = strchr(hostname, '.');
++ if (dot) {
++ if (!daemon->domain_suffix || hostname_isequal(dot + 1, daemon->domain_suffix)) {
++ my_syslog(LOG_WARNING,
++ _("Ignoring DHCP lease for %s because it has an illegal domain part"),
++ hostname);
++ continue;
++ }
++ *dot = 0;
++ }
++
++ // Search for an existing lease in the list
++ // with the given host name and update the data
++ // if needed.
++ struct isc_dhcp_lease* lease = find_lease(hostname, leases);
++
++ // If no lease already exists, we create a new one
++ // and append it to the list.
++ if (!lease) {
++ lease = dhcp_lease_new(hostname);
++
++ lease->next = leases;
++ leases = lease;
++ }
++
++ // Only update more recent leases.
++ if (lease->expires > time_ends)
++ continue;
++
++ lease->addr = host_address;
++ lease->expires = time_ends;
++ }
++ }
++ }
++ }
++
++ fclose(fp);
++
++ // Drop all entries.
++ cache_unhash_dhcp();
++
++ while (leases) {
++ struct isc_dhcp_lease *lease = leases;
++ leases = lease->next;
++
++ if (lease->fqdn) {
++ cache_add_dhcp_entry(lease->fqdn, AF_INET, (struct all_addr*)&lease->addr.s_addr, lease->expires);
++ }
++
++ if (lease->name) {
++ cache_add_dhcp_entry(lease->name, AF_INET, (struct all_addr*)&lease->addr.s_addr, lease->expires);
++ }
++
++ // Cleanup
++ dhcp_lease_free(lease);
++ }
++}
++
++#endif
+diff --git a/src/option.c b/src/option.c
+index daa728f..d16c982 100644
+--- a/src/option.c
++++ b/src/option.c
+@@ -1642,7 +1642,7 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
+ ret_err(_("bad MX target"));
+ break;
+
+-#ifdef HAVE_DHCP
++#if (defined HAVE_DHCP) || (defined HAVE_ISC_READER)
+ case 'l': /* --dhcp-leasefile */
+ daemon->lease_file = opt_string_alloc(arg);
+ break;
--- /dev/null
+From cdb755c5f16a6768c3e8b1f345fe15fc9244228d Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Wed, 18 Jun 2014 20:52:53 +0100
+Subject: [PATCH] Fix FTBFS with Nettle-3.0.
+
+---
+ CHANGELOG | 3 +++
+ src/dnssec.c | 18 ++++++++++++------
+ 2 files changed, 15 insertions(+), 6 deletions(-)
+
+diff --git a/src/dnssec.c b/src/dnssec.c
+index 2ffb75d..69bfc29 100644
+--- a/src/dnssec.c
++++ b/src/dnssec.c
+@@ -28,6 +28,12 @@
+ #include <nettle/nettle-meta.h>
+ #include <nettle/bignum.h>
+
++/* Nettle-3.0 moved to a new API for DSA. We use a name that's defined in the new API
++ to detect Nettle-3, and invoke the backwards compatibility mode. */
++#ifdef dsa_params_init
++#include <nettle/dsa-compat.h>
++#endif
++
+
+ #define SERIAL_UNDEF -100
+ #define SERIAL_EQ 0
+@@ -121,8 +127,8 @@ static int hash_init(const struct nettle_hash *hash, void **ctxp, unsigned char
+ return 1;
+ }
+
+-static int rsa_verify(struct blockdata *key_data, unsigned int key_len, unsigned char *sig, size_t sig_len,
+- unsigned char *digest, int algo)
++static int dnsmasq_rsa_verify(struct blockdata *key_data, unsigned int key_len, unsigned char *sig, size_t sig_len,
++ unsigned char *digest, int algo)
+ {
+ unsigned char *p;
+ size_t exp_len;
+@@ -173,8 +179,8 @@ static int rsa_verify(struct blockdata *key_data, unsigned int key_len, unsigned
+ return 0;
+ }
+
+-static int dsa_verify(struct blockdata *key_data, unsigned int key_len, unsigned char *sig, size_t sig_len,
+- unsigned char *digest, int algo)
++static int dnsmasq_dsa_verify(struct blockdata *key_data, unsigned int key_len, unsigned char *sig, size_t sig_len,
++ unsigned char *digest, int algo)
+ {
+ unsigned char *p;
+ unsigned int t;
+@@ -293,10 +299,10 @@ static int verify(struct blockdata *key_data, unsigned int key_len, unsigned cha
+ switch (algo)
+ {
+ case 1: case 5: case 7: case 8: case 10:
+- return rsa_verify(key_data, key_len, sig, sig_len, digest, algo);
++ return dnsmasq_rsa_verify(key_data, key_len, sig, sig_len, digest, algo);
+
+ case 3: case 6:
+- return dsa_verify(key_data, key_len, sig, sig_len, digest, algo);
++ return dnsmasq_dsa_verify(key_data, key_len, sig, sig_len, digest, algo);
+
+ #ifndef NO_NETTLE_ECC
+ case 13: case 14:
+--
+1.7.10.4
+
--- /dev/null
+From 063efb330a3f341c2548e2cf1f67f83e49cd6395 Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Tue, 17 Jun 2014 19:49:31 +0100
+Subject: [PATCH] Build config: add -DNO_GMP for use with nettle/mini-gmp
+
+---
+ Makefile | 2 +-
+ bld/pkg-wrapper | 9 +++++++--
+ src/config.h | 7 +++++++
+ src/dnssec.c | 3 ++-
+ 4 files changed, 17 insertions(+), 4 deletions(-)
+
+diff --git a/Makefile b/Makefile
+index c58b50b..17eeb27 100644
+--- a/Makefile
++++ b/Makefile
+@@ -61,7 +61,7 @@ lua_cflags = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_LUASCRIPT $(PKG_CON
+ lua_libs = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_LUASCRIPT $(PKG_CONFIG) --libs lua5.1`
+ nettle_cflags = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_DNSSEC $(PKG_CONFIG) --cflags nettle hogweed`
+ nettle_libs = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_DNSSEC $(PKG_CONFIG) --libs nettle hogweed`
+-gmp_libs = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_DNSSEC $(PKG_CONFIG) --copy -lgmp`
++gmp_libs = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_DNSSEC NO_GMP --copy -lgmp`
+ sunos_libs = `if uname | grep SunOS >/dev/null 2>&1; then echo -lsocket -lnsl -lposix4; fi`
+ version = -DVERSION='\"`$(top)/bld/get-version $(top)`\"'
+
+diff --git a/bld/pkg-wrapper b/bld/pkg-wrapper
+index 9f9332d..0ddb678 100755
+--- a/bld/pkg-wrapper
++++ b/bld/pkg-wrapper
+@@ -11,9 +11,14 @@ in=`cat`
+
+ if grep "^\#[[:space:]]*define[[:space:]]*$search" config.h >/dev/null 2>&1 || \
+ echo $in | grep $search >/dev/null 2>&1; then
+-
++# Nasty, nasty, in --copy, arg 2 is another config to search for, use with NO_GMP
+ if [ $op = "--copy" ]; then
+- pkg="$*"
++ if grep "^\#[[:space:]]*define[[:space:]]*$pkg" config.h >/dev/null 2>&1 || \
++ echo $in | grep $pkg >/dev/null 2>&1; then
++ pkg=""
++ else
++ pkg="$*"
++ fi
+ elif grep "^\#[[:space:]]*define[[:space:]]*${search}_STATIC" config.h >/dev/null 2>&1 || \
+ echo $in | grep ${search}_STATIC >/dev/null 2>&1; then
+ pkg=`$pkg --static $op $*`
+diff --git a/src/config.h b/src/config.h
+index 2155544..ee6d218 100644
+--- a/src/config.h
++++ b/src/config.h
+@@ -105,6 +105,8 @@ HAVE_AUTH
+ define this to include the facility to act as an authoritative DNS
+ server for one or more zones.
+
++HAVE_DNSSEC
++ include DNSSEC validator.
+
+ NO_IPV6
+ NO_TFTP
+@@ -118,6 +120,11 @@ NO_AUTH
+ which are enabled by default in the distributed source tree. Building dnsmasq
+ with something like "make COPTS=-DNO_SCRIPT" will do the trick.
+
++NO_NETTLE_ECC
++ Don't include the ECDSA cypher in DNSSEC validation. Needed for older Nettle versions.
++NO_GMP
++ Don't use and link against libgmp, Useful if nettle is built with --enable-mini-gmp.
++
+ LEASEFILE
+ CONFFILE
+ RESOLVFILE
+diff --git a/src/dnssec.c b/src/dnssec.c
+index 44d626b..2ffb75d 100644
+--- a/src/dnssec.c
++++ b/src/dnssec.c
+@@ -26,7 +26,8 @@
+ # include <nettle/ecc-curve.h>
+ #endif
+ #include <nettle/nettle-meta.h>
+-#include <gmp.h>
++#include <nettle/bignum.h>
++
+
+ #define SERIAL_UNDEF -100
+ #define SERIAL_EQ 0
+--
+1.7.10.4
+