pemensik pushed to dnsmasq (f33). "Update to 2.85 (#1947198) (..more)"

8 Apr 2021

Notification time stamped 2021-04-08 08:36:10 UTC
From 0ecd37e640953cd8a8e07ba250011b7f0f9a3ad6 Mon Sep 17 00:00:00 2001
From: Petr Menšík pemensik@redhat.com
Date: Apr 08 2021 07:39:17 +0000
Subject: Update to 2.85 (#1947198)
Change to production release.
Update to 2.85rc2
Fixes CVE-2021-3448 and few more regressions.
Removed changelog entry
---

diff --git a/.gitignore b/.gitignore
index 38f9c5c..8f8dc3a 100644
--- a/.gitignore
+++ b/.gitignore
@@ -38,3 +38,5 @@ dnsmasq-2.52.tar.lzma
 /dnsmasq-2.83.tar.xz.asc
 /dnsmasq-2.84.tar.xz
 /dnsmasq-2.84.tar.xz.asc
+/dnsmasq-2.85.tar.xz
+/dnsmasq-2.85.tar.xz.asc
diff --git a/dnsmasq-2.80-SIOCGSTAMP.patch b/dnsmasq-2.80-SIOCGSTAMP.patch
deleted file mode 100644
index 4b08f5d..0000000
--- a/dnsmasq-2.80-SIOCGSTAMP.patch
+++ /dev/null
@@ -1,59 +0,0 @@
-From 02b6209f8085cbe3443f8623ccdc31f020825507 Mon Sep 17 00:00:00 2001
-From: Petr Mensik pemensik@redhat.com
-Date: Wed, 31 Jul 2019 20:35:35 +0200
-Subject: [PATCH] Recent kernel no longer supports SIOCGSTAMP
-
-Build without it defined by kernel headers. Do not try SO_TIMESTAMP
-until fixed properly.
----
- src/dhcp.c | 30 +++++++++++++++++-------------
- 1 file changed, 17 insertions(+), 13 deletions(-)
-
-diff --git a/src/dhcp.c b/src/dhcp.c
-index bea4688..13373ae 100644
---- a/src/dhcp.c
-+++ b/src/dhcp.c
-@@ -178,23 +178,27 @@ void dhcp_packet(time_t now, int pxe_fd)
-       (sz < (ssize_t)(sizeof(*mess) - sizeof(mess->options)))) 
-     return;
-     
--  #if defined (HAVE_LINUX_NETWORK)
-+#if defined (HAVE_LINUX_NETWORK)
-+#ifdef SIOCGSTAMP
-   if (ioctl(fd, SIOCGSTAMP, &tv) == 0)
-     recvtime = tv.tv_sec;
-+#endif
- 
-   if (msg.msg_controllen >= sizeof(struct cmsghdr))
--    for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr))
--      if (cmptr->cmsg_level == IPPROTO_IP && cmptr->cmsg_type == IP_PKTINFO)
--	{
--	  union {
--	    unsigned char *c;
--	    struct in_pktinfo *p;
--	  } p;
--	  p.c = CMSG_DATA(cmptr);
--	  iface_index = p.p->ipi_ifindex;
--	  if (p.p->ipi_addr.s_addr != INADDR_BROADCAST)
--	    unicast_dest = 1;
--	}
-+    {
-+      for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr))
-+        if (cmptr->cmsg_level == IPPROTO_IP && cmptr->cmsg_type == IP_PKTINFO)
-+	  {
-+	    union {
-+	      unsigned char *c;
-+	      struct in_pktinfo *p;
-+	    } p;
-+	    p.c = CMSG_DATA(cmptr);
-+	    iface_index = p.p->ipi_ifindex;
-+	    if (p.p->ipi_addr.s_addr != INADDR_BROADCAST)
-+	      unicast_dest = 1;
-+	  }
-+    }
- 
- #elif defined(HAVE_BSD_NETWORK) 
-   if (msg.msg_controllen >= sizeof(struct cmsghdr))
--- 
-2.26.2
-
diff --git a/dnsmasq-2.81-rh1834454.patch b/dnsmasq-2.81-rh1834454.patch
deleted file mode 100644
index f31b230..0000000
--- a/dnsmasq-2.81-rh1834454.patch
+++ /dev/null
@@ -1,62 +0,0 @@
-From 3d113137fd64cd0723cbecab6a36a75d3ecfb0a6 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Harald=20Jens=C3=A5s?= hjensas@redhat.com
-Date: Thu, 7 May 2020 00:33:54 +0200
-Subject: [PATCH 1/1] Fix regression in s_config_in_context() method
-
-Prior to commit 137286e9baecf6a3ba97722ef1b49c851b531810
-a config would not be considered in context if:
-a) it has no address family flags set
-b) it has the address family flag of current context set
-
-Since above commit config is considered in context if the
-address family is the opposite of current context.
-
-The result is that a config with two dhcp-host records,
-one for IPv6 and another for IPv4 no longer works, for
-example with the below config the config with the IPv6
-address would be considered in context for a DHCP(v4)
-request.
- dhcp-host=52:54:00:bc:c3:fd,172.20.0.11,host2
- dhcp-host=52:54:00:bc:c3:fd,[fd12:3456:789a:1::aadd],host2
-
-This commit restores the previous behavior.
----
- src/dhcp-common.c | 10 +++++++---
- 1 file changed, 7 insertions(+), 3 deletions(-)
-
-diff --git a/src/dhcp-common.c b/src/dhcp-common.c
-index eae9886..ffc78ca 100644
---- a/src/dhcp-common.c
-+++ b/src/dhcp-common.c
-@@ -280,14 +280,18 @@ static int is_config_in_context(struct dhcp_context *context, struct dhcp_config
- {
-   if (!context) /* called via find_config() from lease_update_from_configs() */
-     return 1; 
--  
-+
-+  /* No address present in config == in context */
-+  if (!(config->flags & (CONFIG_ADDR | CONFIG_ADDR6)))
-+    return 1;
-+
- #ifdef HAVE_DHCP6
-   if (context->flags & CONTEXT_V6)
-     {
-        struct addrlist *addr_list;
- 
-        if (!(config->flags & CONFIG_ADDR6))
--	 return 1;
-+	 return 0;
-        
-         for (; context; context = context->current)
- 	  for (addr_list = config->addr6; addr_list; addr_list = addr_list->next)
-@@ -303,7 +307,7 @@ static int is_config_in_context(struct dhcp_context *context, struct dhcp_config
- #endif
-     {
-       if (!(config->flags & CONFIG_ADDR))
--	return 1;
-+	return 0;
-       
-       for (; context; context = context->current)
- 	if ((config->flags & CONFIG_ADDR) && is_same_net(config->addr, context->start, context->netmask))
--- 
-2.25.4
diff --git a/dnsmasq.spec b/dnsmasq.spec
index 03bd3e2..fcfaa2c 100644
--- a/dnsmasq.spec
+++ b/dnsmasq.spec
@@ -19,7 +19,7 @@
 %bcond_with sourcegit
Name:           dnsmasq
-Version:        2.84
+Version:        2.85
 Release:        1%{?extraversion:.%{extraversion}}%{?dist}
 Summary:        A lightweight DHCP/caching DNS server
@@ -41,13 +41,8 @@ Patch1:         dnsmasq-2.77-underflow.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=1852373
 Patch2:         dnsmasq-2.81-configuration.patch
 Patch3:         dnsmasq-2.78-fips.patch
-Patch9:         dnsmasq-2.80-SIOCGSTAMP.patch
-# https://bugzilla.redhat.com/show_bug.cgi?id=1834454
-Patch17:        dnsmasq-2.81-rh1834454.patch
-# This is workaround to nettle bug #1549190
-# https://bugzilla.redhat.com/show_bug.cgi?id=1549190
-Requires:       nettle >= 3.4
+Requires:       nettle
BuildRequires:  dbus-devel
 BuildRequires:  pkgconfig
@@ -186,6 +181,10 @@ install -Dpm 644 %{SOURCE2} %{buildroot}%{_sysusersdir}/%{name}.conf
 %{_mandir}/man1/dhcp_*
%changelog
+* Thu Apr 08 2021 Petr Menšík pemensik@redhat.com - 2.85-1
+- Update to 2.85 (#1947198)
+- Randomize ports also on bound interfaces ((CVE-2021-3448)
+
 * Tue Jan 26 2021 Petr Menšík pemensik@redhat.com - 2.84-1
 - Update to 2.84
diff --git a/sources b/sources
index 54bcc55..37adc99 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
-SHA512 (dnsmasq-2.84.tar.xz) = e84bdcdf3cf35f08e8492eb5aa89ee6543233bdb821d01f164783bd6d0913ec01c513e85e2109352c77e77142a1a94bedcd3361f37d7b2a9a5d35a02448e85c6
-SHA512 (dnsmasq-2.84.tar.xz.asc) = 097bc87a6aa9c5a01b3eefd4593b1de26c8565e2ad40bbf8627a0fa143101deeea313d0266eb068ab378996e0ac033f4a5b1890a823b69a9dc216049239e316a
+SHA512 (dnsmasq-2.85.tar.xz) = 8beefe76b46f7d561f40d0900ba68b260a199cb62ab5b653746e3a1104c04fb8899b9e7a160a1be4fe8782bfb1607b556e9ffb9c25c4e99653e4bc74fcc03b09
+SHA512 (dnsmasq-2.85.tar.xz.asc) = 4ec4d51b80f5437cf56003e343646e2362b9451823ec3812bfbf496b57071c878b09052c9bd6e5491c91a2ece7010b841a8766d378ebc68b9dc71d18af1b2d31
https://src.fedoraproject.org/rpms/dnsmasq/c/0ecd37e640953cd8a8e07ba250011b7...

    

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

pemensik pushed to dnsmasq (f33). "Update to 2.85 (#1947198) (..more)"