From: Kevin Darbyshire-Bryant Date: Fri, 22 Nov 2019 14:04:02 +0000 (+0000) Subject: dnsmasq: correct sense & usage of dnsseccheckunsigned X-Git-Tag: v21.02.0-rc1~4474 X-Git-Url: http://git.lede-project.org./?a=commitdiff_plain;h=f1ca27740595105ec7b3d7ffc4b046c038916082;p=openwrt%2Fstaging%2Fhauke.git dnsmasq: correct sense & usage of dnsseccheckunsigned dnsmasq v2.80 made 'dnssec-check-unsigned' the default, thus the uci option was rendered ineffectual: we checked unsigned zones no matter the setting. Disabling the checking of unsigned zones is now achieve with the "--dnssec-check-unsigned=no" dnsmasq option. Update init script to pass required option in the disabled case. Signed-off-by: Kevin Darbyshire-Bryant --- diff --git a/package/network/services/dnsmasq/Makefile b/package/network/services/dnsmasq/Makefile index a1b51896a9..c57a837e9e 100644 --- a/package/network/services/dnsmasq/Makefile +++ b/package/network/services/dnsmasq/Makefile @@ -10,7 +10,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=dnsmasq PKG_UPSTREAM_VERSION:=2.80 PKG_VERSION:=$(subst test,~~test,$(subst rc,~rc,$(PKG_UPSTREAM_VERSION))) -PKG_RELEASE:=14 +PKG_RELEASE:=15 PKG_SOURCE:=$(PKG_NAME)-$(PKG_UPSTREAM_VERSION).tar.xz PKG_SOURCE_URL:=http://thekelleys.org.uk/dnsmasq diff --git a/package/network/services/dnsmasq/files/dnsmasq.init b/package/network/services/dnsmasq/files/dnsmasq.init index 1054f7a12a..94a069f1ac 100644 --- a/package/network/services/dnsmasq/files/dnsmasq.init +++ b/package/network/services/dnsmasq/files/dnsmasq.init @@ -966,7 +966,8 @@ dnsmasq_start() [ -f "$TIMEVALIDFILE" ] || xappend "--dnssec-no-timecheck" } } - append_bool "$cfg" dnsseccheckunsigned "--dnssec-check-unsigned" + config_get_bool dnsseccheckunsigned "$cfg" dnsseccheckunsigned 1 + [ "$dnsseccheckunsigned" -eq 0 ] && xappend "--dnssec-check-unsigned=no" } config_get addmac "$cfg" addmac 0