These were not deleted except in the case that a dhcp-optsfile
option was coincidentally provided.

I got reported bug in Fedora [1], that cname is broken in new releases.
At first I though this was false report, but there is still new
regression in cname handling.

Before, it accepted alias with trailing dot. Not it would accept only
target, but not alias.

cname=alias.,target

is no longer valid. The issue is it will count size to skip after
canonicalize. If that ignores trailing dot, next name would be "". And
that is invalid and refused, dnsmasq refuses to start.

I also think that any whitespace like tab should be possible after
comma. So this fixes also 30858e3b.

The way of accessing the list of available hashes on nettle was
vulnerable to breaking if the version of libnettle in use was
different to the version dnsmasq was compiled against.
Change to a new system if libnettle >= 3.4 is in use.
Older versions if nettle are still OK, once 3.4 is reached,
the ABi problem is fixed. Thanks to Petr Menšík for clues on this.

This fixes breakage of  DHCPv6 relay.

Use strlen to determine the length of the filename returned by
inotify, as in->len refers to the length of the buffer containing
the name, not the length of the name itself.

http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2018q1/011950.htmlSigned-off-by: Andy Hawkins <andy@gently.org.uk>

Patch further modified by simon@thekelleys.org to avoid
out-of-bounds array access with an empty string, call strlen once,
and reverse order of filename verifcation and resolv-file test.

It's OK for NSEC records to be expanded from wildcards,
but in that case, the proof of non-existence is only valid
starting at the wildcard name, *.<domain> NOT the name expanded
from the wildcard. Without this check it's possible for an
attacker to craft an NSEC which wrongly proves non-existence
in a domain which includes a wildcard for NSEC.

Development of EtherBoot gPXE was always development
of iPXE core developer Michael Brown.

http://git.etherboot.org/?p=gpxe.git was last updated in 2011
https://git.ipxe.org/ipxe.git is well alive

This  s/gPXE/iPXE/ reflects that.
Signed-off-by: Geert Stappers <stappers@stappers.nl>

RFC 4034 says:
  [RFC2181] specifies that an RRset is not allowed to contain duplicate
  records (multiple RRs with the same owner name, class, type, and
  RDATA).  Therefore, if an implementation detects duplicate RRs when
  putting the RRset in canonical form, it MUST treat this as a protocol
  error.  If the implementation chooses to handle this protocol error
  in the spirit of the robustness principle (being liberal in what it
  accepts), it MUST remove all but one of the duplicate RR(s) for the
  purposes of calculating the canonical form of the RRset.

We chose to handle this robustly, having found at least one recursive
server in the wild which returns duplicate NSEC records in the AUTHORITY
section of an answer generated from a wildcard record. sort_rrset() is
therefore modified to delete duplicate RRs which are detected almost
for free during the bubble-sort process.

Thanks to Toralf Förster for helping to diagnose this problem.