--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/dnsmasq/patches/04_CVE-2015-8899.patch	Wed Sep 07 14:48:21 2016 -0700
@@ -0,0 +1,44 @@
+Upstream patch to address CVE-2015-8899.
+
+From 41a8d9e99be9f2cc8b02051dd322cb45e0faac87 Mon Sep 17 00:00:00 2001
+From: =?utf8?q?Edwin=20T=C3=B6r=C3=B6k?= <[email protected]>
+Date: Sat, 14 Nov 2015 17:45:48 +0000
+Subject: [PATCH] Fix crash when empty address from DNS overlays A record from
+ hosts.
+
+---
+ CHANGELOG   |    5 +++++
+ src/cache.c |    2 +-
+ 2 files changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/CHANGELOG b/CHANGELOG
+index d6e309f..93c73d0 100644
+--- a/CHANGELOG
++++ b/CHANGELOG
+@@ -13,6 +13,11 @@ version 2.76
+ 	    was a dangling symbolic link, even of --no-resolv set.
+ 	    Thanks to Alexander Kurtz for spotting the problem.
+ 
++	    Fix crash when an A or AAAA record is defined locally,
++	    in a hosts file, and an upstream server sends a reply
++	    that the same name is empty. Thanks to Edwin Török for
++	    the patch.
++
+ 	
+ version 2.75
+             Fix reversion on 2.74 which caused 100% CPU use when a 
+diff --git a/src/cache.c b/src/cache.c
+index 178d654..1b76b67 100644
+--- a/src/cache.c
++++ b/src/cache.c
+@@ -481,7 +481,7 @@ struct crec *cache_insert(char *name, struct all_addr *addr,
+ 	 existing record is for an A or AAAA and
+ 	 the record we're trying to insert is the same, 
+ 	 just drop the insert, but don't error the whole process. */
+-      if ((flags & (F_IPV4 | F_IPV6)) && (flags & F_FORWARD))
++      if ((flags & (F_IPV4 | F_IPV6)) && (flags & F_FORWARD) && addr)
+ 	{
+ 	  if ((flags & F_IPV4) && (new->flags & F_IPV4) &&
+ 	      new->addr.addr.addr.addr4.s_addr == addr->addr.addr4.s_addr)
+-- 
+1.7.10.4