Message ID | 20191122174552.58209-1-ldir@darbyshire-bryant.me.uk |
---|---|
State | Accepted |
Headers | show |
Series | [OpenWrt-Devel] dnsmasq: correct sense & usage of dnsseccheckunsigned | expand |
diff --git a/package/network/services/dnsmasq/Makefile b/package/network/services/dnsmasq/Makefile index a1b51896a9..c57a837e9e 100644 --- a/package/network/services/dnsmasq/Makefile +++ b/package/network/services/dnsmasq/Makefile @@ -10,7 +10,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=dnsmasq PKG_UPSTREAM_VERSION:=2.80 PKG_VERSION:=$(subst test,~~test,$(subst rc,~rc,$(PKG_UPSTREAM_VERSION))) -PKG_RELEASE:=14 +PKG_RELEASE:=15 PKG_SOURCE:=$(PKG_NAME)-$(PKG_UPSTREAM_VERSION).tar.xz PKG_SOURCE_URL:=http://thekelleys.org.uk/dnsmasq diff --git a/package/network/services/dnsmasq/files/dnsmasq.init b/package/network/services/dnsmasq/files/dnsmasq.init index 1054f7a12a..94a069f1ac 100644 --- a/package/network/services/dnsmasq/files/dnsmasq.init +++ b/package/network/services/dnsmasq/files/dnsmasq.init @@ -966,7 +966,8 @@ dnsmasq_start() [ -f "$TIMEVALIDFILE" ] || xappend "--dnssec-no-timecheck" } } - append_bool "$cfg" dnsseccheckunsigned "--dnssec-check-unsigned" + config_get_bool dnsseccheckunsigned "$cfg" dnsseccheckunsigned 1 + [ "$dnsseccheckunsigned" -eq 0 ] && xappend "--dnssec-check-unsigned=no" } config_get addmac "$cfg" addmac 0
dnsmasq v2.80 made 'dnssec-check-unsigned' the default, thus the uci option was rendered ineffectual: we checked unsigned zones no matter the setting. Disabling the checking of unsigned zones is now achieve with the "--dnssec-check-unsigned=no" dnsmasq option. Update init script to pass required option in the disabled case. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> --- package/network/services/dnsmasq/Makefile | 2 +- package/network/services/dnsmasq/files/dnsmasq.init | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-)