Ubuntu Pastebin

Paste from paelzer at Tue, 7 Nov 2017 10:04:02 +0000

Download as text 
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
diff -u dnsmasq-2.75/debian/changelog dnsmasq-2.75/debian/changelog
--- dnsmasq-2.75/debian/changelog
+++ dnsmasq-2.75/debian/changelog
@@ -1,3 +1,14 @@
+dnsmasq (2.75-1ubuntu0.16.04.4) xenial; urgency=medium
+
+  * Fix replying prematurely if one of many servers replies REFUSED
+    (LP: #1726017) by adding two upstream patches.
+    - 2.76: 4ace25c5d6: Treat REFUSED (not SERVFAIL) as an unsuccessful
+      upstream response
+    - 2.77: 68f6312d4b: Stop treating SERVFAIL as a successful response from
+      upstream servers.
+
+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Mon, 23 Oct 2017 08:32:22 +0200
+
 dnsmasq (2.75-1ubuntu0.16.04.3) xenial-security; urgency=medium
 
   * SECURITY UPDATE: add fixes to correct multiple security issues
only in patch2:
unchanged:
--- dnsmasq-2.75.orig/src/forward.c
+++ dnsmasq-2.75/src/forward.c
@@ -810,7 +810,8 @@
      we get a good reply from another server. Kill it when we've
      had replies from all to avoid filling the forwarding table when
      everything is broken */
-  if (forward->forwardall == 0 || --forward->forwardall == 1 || RCODE(header) != SERVFAIL)
+  if (forward->forwardall == 0 || --forward->forwardall == 1 ||
+      (RCODE(header) != REFUSED && RCODE(header) != SERVFAIL))
     {
       int check_rebind = 0, no_cache_dnssec = 0, cache_secure = 0, bogusanswer = 0;
Download as text