Notification time stamped 2021-04-08 08:36:10 UTC
From 0ecd37e640953cd8a8e07ba250011b7f0f9a3ad6 Mon Sep 17 00:00:00 2001 From: Petr Menšík pemensik@redhat.com Date: Apr 08 2021 07:39:17 +0000 Subject: Update to 2.85 (#1947198)
Change to production release.
Update to 2.85rc2
Fixes CVE-2021-3448 and few more regressions.
Removed changelog entry
---
diff --git a/.gitignore b/.gitignore index 38f9c5c..8f8dc3a 100644 --- a/.gitignore +++ b/.gitignore @@ -38,3 +38,5 @@ dnsmasq-2.52.tar.lzma /dnsmasq-2.83.tar.xz.asc /dnsmasq-2.84.tar.xz /dnsmasq-2.84.tar.xz.asc +/dnsmasq-2.85.tar.xz +/dnsmasq-2.85.tar.xz.asc diff --git a/dnsmasq-2.80-SIOCGSTAMP.patch b/dnsmasq-2.80-SIOCGSTAMP.patch deleted file mode 100644 index 4b08f5d..0000000 --- a/dnsmasq-2.80-SIOCGSTAMP.patch +++ /dev/null @@ -1,59 +0,0 @@ -From 02b6209f8085cbe3443f8623ccdc31f020825507 Mon Sep 17 00:00:00 2001 -From: Petr Mensik pemensik@redhat.com -Date: Wed, 31 Jul 2019 20:35:35 +0200 -Subject: [PATCH] Recent kernel no longer supports SIOCGSTAMP - -Build without it defined by kernel headers. Do not try SO_TIMESTAMP -until fixed properly. ---- - src/dhcp.c | 30 +++++++++++++++++------------- - 1 file changed, 17 insertions(+), 13 deletions(-) - -diff --git a/src/dhcp.c b/src/dhcp.c -index bea4688..13373ae 100644 ---- a/src/dhcp.c -+++ b/src/dhcp.c -@@ -178,23 +178,27 @@ void dhcp_packet(time_t now, int pxe_fd) - (sz < (ssize_t)(sizeof(*mess) - sizeof(mess->options)))) - return; - -- #if defined (HAVE_LINUX_NETWORK) -+#if defined (HAVE_LINUX_NETWORK) -+#ifdef SIOCGSTAMP - if (ioctl(fd, SIOCGSTAMP, &tv) == 0) - recvtime = tv.tv_sec; -+#endif - - if (msg.msg_controllen >= sizeof(struct cmsghdr)) -- for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr)) -- if (cmptr->cmsg_level == IPPROTO_IP && cmptr->cmsg_type == IP_PKTINFO) -- { -- union { -- unsigned char *c; -- struct in_pktinfo *p; -- } p; -- p.c = CMSG_DATA(cmptr); -- iface_index = p.p->ipi_ifindex; -- if (p.p->ipi_addr.s_addr != INADDR_BROADCAST) -- unicast_dest = 1; -- } -+ { -+ for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr)) -+ if (cmptr->cmsg_level == IPPROTO_IP && cmptr->cmsg_type == IP_PKTINFO) -+ { -+ union { -+ unsigned char *c; -+ struct in_pktinfo *p; -+ } p; -+ p.c = CMSG_DATA(cmptr); -+ iface_index = p.p->ipi_ifindex; -+ if (p.p->ipi_addr.s_addr != INADDR_BROADCAST) -+ unicast_dest = 1; -+ } -+ } - - #elif defined(HAVE_BSD_NETWORK) - if (msg.msg_controllen >= sizeof(struct cmsghdr)) --- -2.26.2 - diff --git a/dnsmasq-2.81-rh1834454.patch b/dnsmasq-2.81-rh1834454.patch deleted file mode 100644 index f31b230..0000000 --- a/dnsmasq-2.81-rh1834454.patch +++ /dev/null @@ -1,62 +0,0 @@ -From 3d113137fd64cd0723cbecab6a36a75d3ecfb0a6 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Harald=20Jens=C3=A5s?= hjensas@redhat.com -Date: Thu, 7 May 2020 00:33:54 +0200 -Subject: [PATCH 1/1] Fix regression in s_config_in_context() method - -Prior to commit 137286e9baecf6a3ba97722ef1b49c851b531810 -a config would not be considered in context if: -a) it has no address family flags set -b) it has the address family flag of current context set - -Since above commit config is considered in context if the -address family is the opposite of current context. - -The result is that a config with two dhcp-host records, -one for IPv6 and another for IPv4 no longer works, for -example with the below config the config with the IPv6 -address would be considered in context for a DHCP(v4) -request. - dhcp-host=52:54:00:bc:c3:fd,172.20.0.11,host2 - dhcp-host=52:54:00:bc:c3:fd,[fd12:3456:789a:1::aadd],host2 - -This commit restores the previous behavior. ---- - src/dhcp-common.c | 10 +++++++--- - 1 file changed, 7 insertions(+), 3 deletions(-) - -diff --git a/src/dhcp-common.c b/src/dhcp-common.c -index eae9886..ffc78ca 100644 ---- a/src/dhcp-common.c -+++ b/src/dhcp-common.c -@@ -280,14 +280,18 @@ static int is_config_in_context(struct dhcp_context *context, struct dhcp_config - { - if (!context) /* called via find_config() from lease_update_from_configs() */ - return 1; -- -+ -+ /* No address present in config == in context */ -+ if (!(config->flags & (CONFIG_ADDR | CONFIG_ADDR6))) -+ return 1; -+ - #ifdef HAVE_DHCP6 - if (context->flags & CONTEXT_V6) - { - struct addrlist *addr_list; - - if (!(config->flags & CONFIG_ADDR6)) -- return 1; -+ return 0; - - for (; context; context = context->current) - for (addr_list = config->addr6; addr_list; addr_list = addr_list->next) -@@ -303,7 +307,7 @@ static int is_config_in_context(struct dhcp_context *context, struct dhcp_config - #endif - { - if (!(config->flags & CONFIG_ADDR)) -- return 1; -+ return 0; - - for (; context; context = context->current) - if ((config->flags & CONFIG_ADDR) && is_same_net(config->addr, context->start, context->netmask)) --- -2.25.4 diff --git a/dnsmasq.spec b/dnsmasq.spec index 03bd3e2..fcfaa2c 100644 --- a/dnsmasq.spec +++ b/dnsmasq.spec @@ -19,7 +19,7 @@ %bcond_with sourcegit
Name: dnsmasq -Version: 2.84 +Version: 2.85 Release: 1%{?extraversion:.%{extraversion}}%{?dist} Summary: A lightweight DHCP/caching DNS server
@@ -41,13 +41,8 @@ Patch1: dnsmasq-2.77-underflow.patch # https://bugzilla.redhat.com/show_bug.cgi?id=1852373 Patch2: dnsmasq-2.81-configuration.patch Patch3: dnsmasq-2.78-fips.patch -Patch9: dnsmasq-2.80-SIOCGSTAMP.patch -# https://bugzilla.redhat.com/show_bug.cgi?id=1834454 -Patch17: dnsmasq-2.81-rh1834454.patch
-# This is workaround to nettle bug #1549190 -# https://bugzilla.redhat.com/show_bug.cgi?id=1549190 -Requires: nettle >= 3.4 +Requires: nettle
BuildRequires: dbus-devel BuildRequires: pkgconfig @@ -186,6 +181,10 @@ install -Dpm 644 %{SOURCE2} %{buildroot}%{_sysusersdir}/%{name}.conf %{_mandir}/man1/dhcp_*
%changelog +* Thu Apr 08 2021 Petr Menšík pemensik@redhat.com - 2.85-1 +- Update to 2.85 (#1947198) +- Randomize ports also on bound interfaces ((CVE-2021-3448) + * Tue Jan 26 2021 Petr Menšík pemensik@redhat.com - 2.84-1 - Update to 2.84
diff --git a/sources b/sources index 54bcc55..37adc99 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (dnsmasq-2.84.tar.xz) = e84bdcdf3cf35f08e8492eb5aa89ee6543233bdb821d01f164783bd6d0913ec01c513e85e2109352c77e77142a1a94bedcd3361f37d7b2a9a5d35a02448e85c6 -SHA512 (dnsmasq-2.84.tar.xz.asc) = 097bc87a6aa9c5a01b3eefd4593b1de26c8565e2ad40bbf8627a0fa143101deeea313d0266eb068ab378996e0ac033f4a5b1890a823b69a9dc216049239e316a +SHA512 (dnsmasq-2.85.tar.xz) = 8beefe76b46f7d561f40d0900ba68b260a199cb62ab5b653746e3a1104c04fb8899b9e7a160a1be4fe8782bfb1607b556e9ffb9c25c4e99653e4bc74fcc03b09 +SHA512 (dnsmasq-2.85.tar.xz.asc) = 4ec4d51b80f5437cf56003e343646e2362b9451823ec3812bfbf496b57071c878b09052c9bd6e5491c91a2ece7010b841a8766d378ebc68b9dc71d18af1b2d31
https://src.fedoraproject.org/rpms/dnsmasq/c/0ecd37e640953cd8a8e07ba250011b7...