--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/dnsmasq/patches/04_CVE-2015-8899.patch Wed Sep 07 14:48:21 2016 -0700
@@ -0,0 +1,44 @@
+Upstream patch to address CVE-2015-8899.
+
+From 41a8d9e99be9f2cc8b02051dd322cb45e0faac87 Mon Sep 17 00:00:00 2001
+From: =?utf8?q?Edwin=20T=C3=B6r=C3=B6k?= <[email protected]>
+Date: Sat, 14 Nov 2015 17:45:48 +0000
+Subject: [PATCH] Fix crash when empty address from DNS overlays A record from
+ hosts.
+
+---
+ CHANGELOG | 5 +++++
+ src/cache.c | 2 +-
+ 2 files changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/CHANGELOG b/CHANGELOG
+index d6e309f..93c73d0 100644
+--- a/CHANGELOG
++++ b/CHANGELOG
+@@ -13,6 +13,11 @@ version 2.76
+ was a dangling symbolic link, even of --no-resolv set.
+ Thanks to Alexander Kurtz for spotting the problem.
+
++ Fix crash when an A or AAAA record is defined locally,
++ in a hosts file, and an upstream server sends a reply
++ that the same name is empty. Thanks to Edwin Török for
++ the patch.
++
+
+ version 2.75
+ Fix reversion on 2.74 which caused 100% CPU use when a
+diff --git a/src/cache.c b/src/cache.c
+index 178d654..1b76b67 100644
+--- a/src/cache.c
++++ b/src/cache.c
+@@ -481,7 +481,7 @@ struct crec *cache_insert(char *name, struct all_addr *addr,
+ existing record is for an A or AAAA and
+ the record we're trying to insert is the same,
+ just drop the insert, but don't error the whole process. */
+- if ((flags & (F_IPV4 | F_IPV6)) && (flags & F_FORWARD))
++ if ((flags & (F_IPV4 | F_IPV6)) && (flags & F_FORWARD) && addr)
+ {
+ if ((flags & F_IPV4) && (new->flags & F_IPV4) &&
+ new->addr.addr.addr.addr4.s_addr == addr->addr.addr4.s_addr)
+--
+1.7.10.4