<div dir="ltr">Hi,<br><div class="gmail_extra"><br><div class="gmail_quote">2015-10-01 12:19 GMT+02:00 Kevin Darbyshire-Bryant <span dir="ltr"><<a href="mailto:kevin@darbyshire-bryant.me.uk" target="_blank">kevin@darbyshire-bryant.me.uk</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">This patch stops SIGHUP from enabling dnssec timechecks if disabled by<br>
use of --dnssec-no-timecheck option.  --dnssec-timestamp continues to<br>
work correctly.<br></blockquote><div><br></div><div>I haven't really followed the previous discusion,<br></div><div>but maybe you can just use another signal?<br></div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
Enabling dnssec timechecks now requires restarting dnsmasq without<br>
the --dnssec-no-timecheck configuration option and closes a<br>
potential denial of service exploit by sending SIGHUP when system<br>
time does not correspond with Internet time.<br></blockquote><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
This change may be useful for future ntpd/dnsmasq hotplug integration.<br>
<br>
<br>
Signed-off-by: Kevin Darbyshire-Bryant <<a href="mailto:kevin@darbyshire-bryant.me.uk">kevin@darbyshire-bryant.me.uk</a>><br>
---<br>
 .../dnsmasq/patches/220-dnssec-disable-timecheck-hup.patch  | 13 +++++++++++++<br>
 1 file changed, 13 insertions(+)<br>
 create mode 100644 package/network/services/dnsmasq/patches/220-dnssec-disable-timecheck-hup.patch<br>
<span class="HOEnZb"><font color="#888888"><br>
</font></span></blockquote></div><br></div></div>