pemensik pushed to dnsmasq (f33). "Update to 2.85 (#1947198) (..more)"
by notifications@fedoraproject.org
Notification time stamped 2021-04-08 08:36:10 UTC
From 0ecd37e640953cd8a8e07ba250011b7f0f9a3ad6 Mon Sep 17 00:00:00 2001
From: Petr Menšík <pemensik(a)redhat.com>
Date: Apr 08 2021 07:39:17 +0000
Subject: Update to 2.85 (#1947198)
Change to production release.
Update to 2.85rc2
Fixes CVE-2021-3448 and few more regressions.
Removed changelog entry
---
diff --git a/.gitignore b/.gitignore
index 38f9c5c..8f8dc3a 100644
--- a/.gitignore
+++ b/.gitignore
@@ -38,3 +38,5 @@ dnsmasq-2.52.tar.lzma
/dnsmasq-2.83.tar.xz.asc
/dnsmasq-2.84.tar.xz
/dnsmasq-2.84.tar.xz.asc
+/dnsmasq-2.85.tar.xz
+/dnsmasq-2.85.tar.xz.asc
diff --git a/dnsmasq-2.80-SIOCGSTAMP.patch b/dnsmasq-2.80-SIOCGSTAMP.patch
deleted file mode 100644
index 4b08f5d..0000000
--- a/dnsmasq-2.80-SIOCGSTAMP.patch
+++ /dev/null
@@ -1,59 +0,0 @@
-From 02b6209f8085cbe3443f8623ccdc31f020825507 Mon Sep 17 00:00:00 2001
-From: Petr Mensik <pemensik(a)redhat.com>
-Date: Wed, 31 Jul 2019 20:35:35 +0200
-Subject: [PATCH] Recent kernel no longer supports SIOCGSTAMP
-
-Build without it defined by kernel headers. Do not try SO_TIMESTAMP
-until fixed properly.
----
- src/dhcp.c | 30 +++++++++++++++++-------------
- 1 file changed, 17 insertions(+), 13 deletions(-)
-
-diff --git a/src/dhcp.c b/src/dhcp.c
-index bea4688..13373ae 100644
---- a/src/dhcp.c
-+++ b/src/dhcp.c
-@@ -178,23 +178,27 @@ void dhcp_packet(time_t now, int pxe_fd)
- (sz < (ssize_t)(sizeof(*mess) - sizeof(mess->options))))
- return;
-
-- #if defined (HAVE_LINUX_NETWORK)
-+#if defined (HAVE_LINUX_NETWORK)
-+#ifdef SIOCGSTAMP
- if (ioctl(fd, SIOCGSTAMP, &tv) == 0)
- recvtime = tv.tv_sec;
-+#endif
-
- if (msg.msg_controllen >= sizeof(struct cmsghdr))
-- for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr))
-- if (cmptr->cmsg_level == IPPROTO_IP && cmptr->cmsg_type == IP_PKTINFO)
-- {
-- union {
-- unsigned char *c;
-- struct in_pktinfo *p;
-- } p;
-- p.c = CMSG_DATA(cmptr);
-- iface_index = p.p->ipi_ifindex;
-- if (p.p->ipi_addr.s_addr != INADDR_BROADCAST)
-- unicast_dest = 1;
-- }
-+ {
-+ for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr))
-+ if (cmptr->cmsg_level == IPPROTO_IP && cmptr->cmsg_type == IP_PKTINFO)
-+ {
-+ union {
-+ unsigned char *c;
-+ struct in_pktinfo *p;
-+ } p;
-+ p.c = CMSG_DATA(cmptr);
-+ iface_index = p.p->ipi_ifindex;
-+ if (p.p->ipi_addr.s_addr != INADDR_BROADCAST)
-+ unicast_dest = 1;
-+ }
-+ }
-
- #elif defined(HAVE_BSD_NETWORK)
- if (msg.msg_controllen >= sizeof(struct cmsghdr))
---
-2.26.2
-
diff --git a/dnsmasq-2.81-rh1834454.patch b/dnsmasq-2.81-rh1834454.patch
deleted file mode 100644
index f31b230..0000000
--- a/dnsmasq-2.81-rh1834454.patch
+++ /dev/null
@@ -1,62 +0,0 @@
-From 3d113137fd64cd0723cbecab6a36a75d3ecfb0a6 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Harald=20Jens=C3=A5s?= <hjensas(a)redhat.com>
-Date: Thu, 7 May 2020 00:33:54 +0200
-Subject: [PATCH 1/1] Fix regression in s_config_in_context() method
-
-Prior to commit 137286e9baecf6a3ba97722ef1b49c851b531810
-a config would not be considered in context if:
-a) it has no address family flags set
-b) it has the address family flag of current context set
-
-Since above commit config is considered in context if the
-address family is the opposite of current context.
-
-The result is that a config with two dhcp-host records,
-one for IPv6 and another for IPv4 no longer works, for
-example with the below config the config with the IPv6
-address would be considered in context for a DHCP(v4)
-request.
- dhcp-host=52:54:00:bc:c3:fd,172.20.0.11,host2
- dhcp-host=52:54:00:bc:c3:fd,[fd12:3456:789a:1::aadd],host2
-
-This commit restores the previous behavior.
----
- src/dhcp-common.c | 10 +++++++---
- 1 file changed, 7 insertions(+), 3 deletions(-)
-
-diff --git a/src/dhcp-common.c b/src/dhcp-common.c
-index eae9886..ffc78ca 100644
---- a/src/dhcp-common.c
-+++ b/src/dhcp-common.c
-@@ -280,14 +280,18 @@ static int is_config_in_context(struct dhcp_context *context, struct dhcp_config
- {
- if (!context) /* called via find_config() from lease_update_from_configs() */
- return 1;
--
-+
-+ /* No address present in config == in context */
-+ if (!(config->flags & (CONFIG_ADDR | CONFIG_ADDR6)))
-+ return 1;
-+
- #ifdef HAVE_DHCP6
- if (context->flags & CONTEXT_V6)
- {
- struct addrlist *addr_list;
-
- if (!(config->flags & CONFIG_ADDR6))
-- return 1;
-+ return 0;
-
- for (; context; context = context->current)
- for (addr_list = config->addr6; addr_list; addr_list = addr_list->next)
-@@ -303,7 +307,7 @@ static int is_config_in_context(struct dhcp_context *context, struct dhcp_config
- #endif
- {
- if (!(config->flags & CONFIG_ADDR))
-- return 1;
-+ return 0;
-
- for (; context; context = context->current)
- if ((config->flags & CONFIG_ADDR) && is_same_net(config->addr, context->start, context->netmask))
---
-2.25.4
diff --git a/dnsmasq.spec b/dnsmasq.spec
index 03bd3e2..fcfaa2c 100644
--- a/dnsmasq.spec
+++ b/dnsmasq.spec
@@ -19,7 +19,7 @@
%bcond_with sourcegit
Name: dnsmasq
-Version: 2.84
+Version: 2.85
Release: 1%{?extraversion:.%{extraversion}}%{?dist}
Summary: A lightweight DHCP/caching DNS server
@@ -41,13 +41,8 @@ Patch1: dnsmasq-2.77-underflow.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1852373
Patch2: dnsmasq-2.81-configuration.patch
Patch3: dnsmasq-2.78-fips.patch
-Patch9: dnsmasq-2.80-SIOCGSTAMP.patch
-# https://bugzilla.redhat.com/show_bug.cgi?id=1834454
-Patch17: dnsmasq-2.81-rh1834454.patch
-# This is workaround to nettle bug #1549190
-# https://bugzilla.redhat.com/show_bug.cgi?id=1549190
-Requires: nettle >= 3.4
+Requires: nettle
BuildRequires: dbus-devel
BuildRequires: pkgconfig
@@ -186,6 +181,10 @@ install -Dpm 644 %{SOURCE2} %{buildroot}%{_sysusersdir}/%{name}.conf
%{_mandir}/man1/dhcp_*
%changelog
+* Thu Apr 08 2021 Petr Menšík <pemensik(a)redhat.com> - 2.85-1
+- Update to 2.85 (#1947198)
+- Randomize ports also on bound interfaces ((CVE-2021-3448)
+
* Tue Jan 26 2021 Petr Menšík <pemensik(a)redhat.com> - 2.84-1
- Update to 2.84
diff --git a/sources b/sources
index 54bcc55..37adc99 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
-SHA512 (dnsmasq-2.84.tar.xz) = e84bdcdf3cf35f08e8492eb5aa89ee6543233bdb821d01f164783bd6d0913ec01c513e85e2109352c77e77142a1a94bedcd3361f37d7b2a9a5d35a02448e85c6
-SHA512 (dnsmasq-2.84.tar.xz.asc) = 097bc87a6aa9c5a01b3eefd4593b1de26c8565e2ad40bbf8627a0fa143101deeea313d0266eb068ab378996e0ac033f4a5b1890a823b69a9dc216049239e316a
+SHA512 (dnsmasq-2.85.tar.xz) = 8beefe76b46f7d561f40d0900ba68b260a199cb62ab5b653746e3a1104c04fb8899b9e7a160a1be4fe8782bfb1607b556e9ffb9c25c4e99653e4bc74fcc03b09
+SHA512 (dnsmasq-2.85.tar.xz.asc) = 4ec4d51b80f5437cf56003e343646e2362b9451823ec3812bfbf496b57071c878b09052c9bd6e5491c91a2ece7010b841a8766d378ebc68b9dc71d18af1b2d31
https://src.fedoraproject.org/rpms/dnsmasq/c/0ecd37e640953cd8a8e07ba25001...
3 years, 2 months
pemensik pushed to dnsmasq (f34). "Update to 2.85 (#1947198) (..more)"
by notifications@fedoraproject.org
Notification time stamped 2021-04-08 08:36:40 UTC
From b7d8bf109cb254d0c9966b65bb83fb3205f574cc Mon Sep 17 00:00:00 2001
From: Petr Menšík <pemensik(a)redhat.com>
Date: Apr 08 2021 07:20:46 +0000
Subject: Update to 2.85 (#1947198)
Change to production release.
Update to 2.85rc2
Fixes CVE-2021-3448 and few more regressions.
Removed changelog entry
---
diff --git a/.gitignore b/.gitignore
index 38f9c5c..8f8dc3a 100644
--- a/.gitignore
+++ b/.gitignore
@@ -38,3 +38,5 @@ dnsmasq-2.52.tar.lzma
/dnsmasq-2.83.tar.xz.asc
/dnsmasq-2.84.tar.xz
/dnsmasq-2.84.tar.xz.asc
+/dnsmasq-2.85.tar.xz
+/dnsmasq-2.85.tar.xz.asc
diff --git a/dnsmasq-2.80-SIOCGSTAMP.patch b/dnsmasq-2.80-SIOCGSTAMP.patch
deleted file mode 100644
index 4b08f5d..0000000
--- a/dnsmasq-2.80-SIOCGSTAMP.patch
+++ /dev/null
@@ -1,59 +0,0 @@
-From 02b6209f8085cbe3443f8623ccdc31f020825507 Mon Sep 17 00:00:00 2001
-From: Petr Mensik <pemensik(a)redhat.com>
-Date: Wed, 31 Jul 2019 20:35:35 +0200
-Subject: [PATCH] Recent kernel no longer supports SIOCGSTAMP
-
-Build without it defined by kernel headers. Do not try SO_TIMESTAMP
-until fixed properly.
----
- src/dhcp.c | 30 +++++++++++++++++-------------
- 1 file changed, 17 insertions(+), 13 deletions(-)
-
-diff --git a/src/dhcp.c b/src/dhcp.c
-index bea4688..13373ae 100644
---- a/src/dhcp.c
-+++ b/src/dhcp.c
-@@ -178,23 +178,27 @@ void dhcp_packet(time_t now, int pxe_fd)
- (sz < (ssize_t)(sizeof(*mess) - sizeof(mess->options))))
- return;
-
-- #if defined (HAVE_LINUX_NETWORK)
-+#if defined (HAVE_LINUX_NETWORK)
-+#ifdef SIOCGSTAMP
- if (ioctl(fd, SIOCGSTAMP, &tv) == 0)
- recvtime = tv.tv_sec;
-+#endif
-
- if (msg.msg_controllen >= sizeof(struct cmsghdr))
-- for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr))
-- if (cmptr->cmsg_level == IPPROTO_IP && cmptr->cmsg_type == IP_PKTINFO)
-- {
-- union {
-- unsigned char *c;
-- struct in_pktinfo *p;
-- } p;
-- p.c = CMSG_DATA(cmptr);
-- iface_index = p.p->ipi_ifindex;
-- if (p.p->ipi_addr.s_addr != INADDR_BROADCAST)
-- unicast_dest = 1;
-- }
-+ {
-+ for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr))
-+ if (cmptr->cmsg_level == IPPROTO_IP && cmptr->cmsg_type == IP_PKTINFO)
-+ {
-+ union {
-+ unsigned char *c;
-+ struct in_pktinfo *p;
-+ } p;
-+ p.c = CMSG_DATA(cmptr);
-+ iface_index = p.p->ipi_ifindex;
-+ if (p.p->ipi_addr.s_addr != INADDR_BROADCAST)
-+ unicast_dest = 1;
-+ }
-+ }
-
- #elif defined(HAVE_BSD_NETWORK)
- if (msg.msg_controllen >= sizeof(struct cmsghdr))
---
-2.26.2
-
diff --git a/dnsmasq-2.81-rh1834454.patch b/dnsmasq-2.81-rh1834454.patch
deleted file mode 100644
index f31b230..0000000
--- a/dnsmasq-2.81-rh1834454.patch
+++ /dev/null
@@ -1,62 +0,0 @@
-From 3d113137fd64cd0723cbecab6a36a75d3ecfb0a6 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Harald=20Jens=C3=A5s?= <hjensas(a)redhat.com>
-Date: Thu, 7 May 2020 00:33:54 +0200
-Subject: [PATCH 1/1] Fix regression in s_config_in_context() method
-
-Prior to commit 137286e9baecf6a3ba97722ef1b49c851b531810
-a config would not be considered in context if:
-a) it has no address family flags set
-b) it has the address family flag of current context set
-
-Since above commit config is considered in context if the
-address family is the opposite of current context.
-
-The result is that a config with two dhcp-host records,
-one for IPv6 and another for IPv4 no longer works, for
-example with the below config the config with the IPv6
-address would be considered in context for a DHCP(v4)
-request.
- dhcp-host=52:54:00:bc:c3:fd,172.20.0.11,host2
- dhcp-host=52:54:00:bc:c3:fd,[fd12:3456:789a:1::aadd],host2
-
-This commit restores the previous behavior.
----
- src/dhcp-common.c | 10 +++++++---
- 1 file changed, 7 insertions(+), 3 deletions(-)
-
-diff --git a/src/dhcp-common.c b/src/dhcp-common.c
-index eae9886..ffc78ca 100644
---- a/src/dhcp-common.c
-+++ b/src/dhcp-common.c
-@@ -280,14 +280,18 @@ static int is_config_in_context(struct dhcp_context *context, struct dhcp_config
- {
- if (!context) /* called via find_config() from lease_update_from_configs() */
- return 1;
--
-+
-+ /* No address present in config == in context */
-+ if (!(config->flags & (CONFIG_ADDR | CONFIG_ADDR6)))
-+ return 1;
-+
- #ifdef HAVE_DHCP6
- if (context->flags & CONTEXT_V6)
- {
- struct addrlist *addr_list;
-
- if (!(config->flags & CONFIG_ADDR6))
-- return 1;
-+ return 0;
-
- for (; context; context = context->current)
- for (addr_list = config->addr6; addr_list; addr_list = addr_list->next)
-@@ -303,7 +307,7 @@ static int is_config_in_context(struct dhcp_context *context, struct dhcp_config
- #endif
- {
- if (!(config->flags & CONFIG_ADDR))
-- return 1;
-+ return 0;
-
- for (; context; context = context->current)
- if ((config->flags & CONFIG_ADDR) && is_same_net(config->addr, context->start, context->netmask))
---
-2.25.4
diff --git a/dnsmasq.spec b/dnsmasq.spec
index 4573901..e003a01 100644
--- a/dnsmasq.spec
+++ b/dnsmasq.spec
@@ -19,7 +19,7 @@
%bcond_with sourcegit
Name: dnsmasq
-Version: 2.84
+Version: 2.85
Release: 1%{?extraversion:.%{extraversion}}%{?dist}
Summary: A lightweight DHCP/caching DNS server
@@ -41,13 +41,8 @@ Patch1: dnsmasq-2.77-underflow.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1852373
Patch2: dnsmasq-2.81-configuration.patch
Patch3: dnsmasq-2.78-fips.patch
-Patch9: dnsmasq-2.80-SIOCGSTAMP.patch
-# https://bugzilla.redhat.com/show_bug.cgi?id=1834454
-Patch17: dnsmasq-2.81-rh1834454.patch
-# This is workaround to nettle bug #1549190
-# https://bugzilla.redhat.com/show_bug.cgi?id=1549190
-Requires: nettle >= 3.4
+Requires: nettle
BuildRequires: dbus-devel
BuildRequires: pkgconfig
@@ -186,6 +181,10 @@ install -Dpm 644 %{SOURCE2} %{buildroot}%{_sysusersdir}/%{name}.conf
%{_mandir}/man1/dhcp_*
%changelog
+* Thu Apr 08 2021 Petr Menšík <pemensik(a)redhat.com> - 2.85-1
+- Update to 2.85 (#1947198)
+- Randomize ports also on bound interfaces ((CVE-2021-3448)
+
* Tue Jan 26 2021 Petr Menšík <pemensik(a)redhat.com> - 2.84-1
- Update to 2.84
diff --git a/sources b/sources
index 54bcc55..37adc99 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
-SHA512 (dnsmasq-2.84.tar.xz) = e84bdcdf3cf35f08e8492eb5aa89ee6543233bdb821d01f164783bd6d0913ec01c513e85e2109352c77e77142a1a94bedcd3361f37d7b2a9a5d35a02448e85c6
-SHA512 (dnsmasq-2.84.tar.xz.asc) = 097bc87a6aa9c5a01b3eefd4593b1de26c8565e2ad40bbf8627a0fa143101deeea313d0266eb068ab378996e0ac033f4a5b1890a823b69a9dc216049239e316a
+SHA512 (dnsmasq-2.85.tar.xz) = 8beefe76b46f7d561f40d0900ba68b260a199cb62ab5b653746e3a1104c04fb8899b9e7a160a1be4fe8782bfb1607b556e9ffb9c25c4e99653e4bc74fcc03b09
+SHA512 (dnsmasq-2.85.tar.xz.asc) = 4ec4d51b80f5437cf56003e343646e2362b9451823ec3812bfbf496b57071c878b09052c9bd6e5491c91a2ece7010b841a8766d378ebc68b9dc71d18af1b2d31
https://src.fedoraproject.org/rpms/dnsmasq/c/b7d8bf109cb254d0c9966b65bb83...
3 years, 2 months
pemensik pushed to dnsmasq (master). "Security fix, CVE-2017-14494,
Infoleak handling DHCPv6 forwarded requests. (..more)"
by notifications@fedoraproject.org
From e66c11835ddc2aeb2708c810432e78c3126658f0 Mon Sep 17 00:00:00 2001
From: Petr Menšík <pemensik(a)redhat.com>
Date: Oct 02 2017 15:08:22 +0000
Subject: Security fix, CVE-2017-14494, Infoleak handling DHCPv6 forwarded requests.
Fix information leak in DHCPv6. A crafted DHCPv6 packet can
cause dnsmasq to forward memory from outside the packet
buffer to a DHCPv6 server when acting as a relay.
Signed-off-by: Petr Menšík <pemensik(a)redhat.com>
---
diff --git a/dnsmasq-2.77-CVE-2017-14494.patch b/dnsmasq-2.77-CVE-2017-14494.patch
new file mode 100644
index 0000000..7b49907
--- /dev/null
+++ b/dnsmasq-2.77-CVE-2017-14494.patch
@@ -0,0 +1,30 @@
+From 33e3f1029c9ec6c63e430ff51063a6301d4b2262 Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon(a)thekelleys.org.uk>
+Date: Mon, 25 Sep 2017 20:05:11 +0100
+Subject: [PATCH 5/9] Security fix, CVE-2017-14494, Infoleak handling DHCPv6
+ forwarded requests.
+
+Fix information leak in DHCPv6. A crafted DHCPv6 packet can
+cause dnsmasq to forward memory from outside the packet
+buffer to a DHCPv6 server when acting as a relay.
+---
+ src/rfc3315.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/rfc3315.c b/src/rfc3315.c
+index 920907c..4ca43e0 100644
+--- a/src/rfc3315.c
++++ b/src/rfc3315.c
+@@ -216,6 +216,9 @@ static int dhcp6_maybe_relay(struct state *state, void *inbuff, size_t sz,
+
+ for (opt = opts; opt; opt = opt6_next(opt, end))
+ {
++ if (opt6_ptr(opt, 0) + opt6_len(opt) >= end) {
++ return 0;
++ }
+ int o = new_opt6(opt6_type(opt));
+ if (opt6_type(opt) == OPTION6_RELAY_MSG)
+ {
+--
+2.9.5
+
diff --git a/dnsmasq.spec b/dnsmasq.spec
index 9583493..a3a437d 100644
--- a/dnsmasq.spec
+++ b/dnsmasq.spec
@@ -26,6 +26,7 @@ Patch1: dnsmasq-2.77-CVE-2017-13704.patch
Patch2: dnsmasq-2.77-CVE-2017-14491.patch
Patch3: dnsmasq-2.77-CVE-2017-14492.patch
Patch4: dnsmasq-2.77-CVE-2017-14493.patch
+Patch5: dnsmasq-2.77-CVE-2017-14494.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -64,6 +65,7 @@ query/remove a DHCP server's leases.
%patch2 -p1 -b .CVE-2017-14491
%patch3 -p1 -b .CVE-2017-14492
%patch4 -p1 -b .CVE-2017-14493
+%patch5 -p1 -b .CVE-2017-14494
# use /var/lib/dnsmasq instead of /var/lib/misc
for file in dnsmasq.conf.example man/dnsmasq.8 man/es/dnsmasq.8 src/config.h; do
@@ -154,6 +156,7 @@ rm -rf $RPM_BUILD_ROOT
- Security fix, CVE-2017-14491, DNS heap buffer overflow
- Security fix, CVE-2017-14492, DHCPv6 RA heap overflow
- Security fix, CVE-2017-14493, DHCPv6 - Stack buffer overflow
+- Security fix, CVE-2017-14494, Infoleak handling DHCPv6
* Thu Sep 14 2017 Petr Menšík <pemensik(a)redhat.com> - 2.77-7
- Fix CVE-2017-13704
https://src.fedoraproject.org/rpms/dnsmasq/c/e66c11835ddc2aeb2708c810432e...
6 years, 8 months
pemensik pushed to dnsmasq (f27). "Security fix, CVE-2017-14494,
Infoleak handling DHCPv6 forwarded requests. (..more)"
by notifications@fedoraproject.org
From e66c11835ddc2aeb2708c810432e78c3126658f0 Mon Sep 17 00:00:00 2001
From: Petr Menšík <pemensik(a)redhat.com>
Date: Oct 02 2017 15:08:22 +0000
Subject: Security fix, CVE-2017-14494, Infoleak handling DHCPv6 forwarded requests.
Fix information leak in DHCPv6. A crafted DHCPv6 packet can
cause dnsmasq to forward memory from outside the packet
buffer to a DHCPv6 server when acting as a relay.
Signed-off-by: Petr Menšík <pemensik(a)redhat.com>
---
diff --git a/dnsmasq-2.77-CVE-2017-14494.patch b/dnsmasq-2.77-CVE-2017-14494.patch
new file mode 100644
index 0000000..7b49907
--- /dev/null
+++ b/dnsmasq-2.77-CVE-2017-14494.patch
@@ -0,0 +1,30 @@
+From 33e3f1029c9ec6c63e430ff51063a6301d4b2262 Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon(a)thekelleys.org.uk>
+Date: Mon, 25 Sep 2017 20:05:11 +0100
+Subject: [PATCH 5/9] Security fix, CVE-2017-14494, Infoleak handling DHCPv6
+ forwarded requests.
+
+Fix information leak in DHCPv6. A crafted DHCPv6 packet can
+cause dnsmasq to forward memory from outside the packet
+buffer to a DHCPv6 server when acting as a relay.
+---
+ src/rfc3315.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/rfc3315.c b/src/rfc3315.c
+index 920907c..4ca43e0 100644
+--- a/src/rfc3315.c
++++ b/src/rfc3315.c
+@@ -216,6 +216,9 @@ static int dhcp6_maybe_relay(struct state *state, void *inbuff, size_t sz,
+
+ for (opt = opts; opt; opt = opt6_next(opt, end))
+ {
++ if (opt6_ptr(opt, 0) + opt6_len(opt) >= end) {
++ return 0;
++ }
+ int o = new_opt6(opt6_type(opt));
+ if (opt6_type(opt) == OPTION6_RELAY_MSG)
+ {
+--
+2.9.5
+
diff --git a/dnsmasq.spec b/dnsmasq.spec
index 9583493..a3a437d 100644
--- a/dnsmasq.spec
+++ b/dnsmasq.spec
@@ -26,6 +26,7 @@ Patch1: dnsmasq-2.77-CVE-2017-13704.patch
Patch2: dnsmasq-2.77-CVE-2017-14491.patch
Patch3: dnsmasq-2.77-CVE-2017-14492.patch
Patch4: dnsmasq-2.77-CVE-2017-14493.patch
+Patch5: dnsmasq-2.77-CVE-2017-14494.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -64,6 +65,7 @@ query/remove a DHCP server's leases.
%patch2 -p1 -b .CVE-2017-14491
%patch3 -p1 -b .CVE-2017-14492
%patch4 -p1 -b .CVE-2017-14493
+%patch5 -p1 -b .CVE-2017-14494
# use /var/lib/dnsmasq instead of /var/lib/misc
for file in dnsmasq.conf.example man/dnsmasq.8 man/es/dnsmasq.8 src/config.h; do
@@ -154,6 +156,7 @@ rm -rf $RPM_BUILD_ROOT
- Security fix, CVE-2017-14491, DNS heap buffer overflow
- Security fix, CVE-2017-14492, DHCPv6 RA heap overflow
- Security fix, CVE-2017-14493, DHCPv6 - Stack buffer overflow
+- Security fix, CVE-2017-14494, Infoleak handling DHCPv6
* Thu Sep 14 2017 Petr Menšík <pemensik(a)redhat.com> - 2.77-7
- Fix CVE-2017-13704
https://src.fedoraproject.org/rpms/dnsmasq/c/e66c11835ddc2aeb2708c810432e...
6 years, 8 months
pemensik pushed to dnsmasq (f34). "Update to 2.86 (#2002475)"
by notifications@fedoraproject.org
Notification time stamped 2021-09-09 08:26:39 UTC
From 702d60b1329dd3b74bf8987f23e44940f272072a Mon Sep 17 00:00:00 2001
From: Petr Menšík <pemensik(a)redhat.com>
Date: Sep 09 2021 08:25:15 +0000
Subject: Update to 2.86 (#2002475)
---
diff --git a/.gitignore b/.gitignore
index 8f8dc3a..4730717 100644
--- a/.gitignore
+++ b/.gitignore
@@ -40,3 +40,5 @@ dnsmasq-2.52.tar.lzma
/dnsmasq-2.84.tar.xz.asc
/dnsmasq-2.85.tar.xz
/dnsmasq-2.85.tar.xz.asc
+/dnsmasq-2.86.tar.xz
+/dnsmasq-2.86.tar.xz.asc
diff --git a/dnsmasq-2.77-underflow.patch b/dnsmasq-2.77-underflow.patch
index 2a04039..dfddf4c 100644
--- a/dnsmasq-2.77-underflow.patch
+++ b/dnsmasq-2.77-underflow.patch
@@ -1,4 +1,4 @@
-From 684bede049a006a0a47ce88f017ada9f73bf4430 Mon Sep 17 00:00:00 2001
+From 77c7cabbeab1fbe1f7296f33762771f208586e59 Mon Sep 17 00:00:00 2001
From: Doran Moppert <dmoppert(a)redhat.com>
Date: Tue, 26 Sep 2017 14:48:20 +0930
Subject: [PATCH] google patch hand-applied
@@ -10,7 +10,7 @@ Subject: [PATCH] google patch hand-applied
3 files changed, 12 insertions(+), 5 deletions(-)
diff --git a/src/edns0.c b/src/edns0.c
-index d75d3cc..7d8cf7f 100644
+index 7bd26b8..7f96414 100644
--- a/src/edns0.c
+++ b/src/edns0.c
@@ -212,11 +212,11 @@ size_t add_pseudoheader(struct dns_header *header, size_t plen, unsigned char *l
@@ -31,10 +31,10 @@ index d75d3cc..7d8cf7f 100644
free(buff);
p += rdlen;
diff --git a/src/forward.c b/src/forward.c
-index ed9c8f6..77059ed 100644
+index 3d638e4..e254e35 100644
--- a/src/forward.c
+++ b/src/forward.c
-@@ -1542,6 +1542,10 @@ void receive_query(struct listener *listen, time_t now)
+@@ -1558,6 +1558,10 @@ void receive_query(struct listener *listen, time_t now)
udp_size = PACKETSZ; /* Sanity check - can't reduce below default. RFC 6891 6.2.3 */
}
@@ -42,14 +42,14 @@ index ed9c8f6..77059ed 100644
+ // do not underflow
+ if (udp_size < n) udp_size = n;
+
+ #ifdef HAVE_CONNTRACK
#ifdef HAVE_AUTH
- if (auth_dns)
- {
+ if (!auth_dns || local_auth)
diff --git a/src/rfc1035.c b/src/rfc1035.c
-index f1edc45..15041cc 100644
+index 6fc4f26..66fa00c 100644
--- a/src/rfc1035.c
+++ b/src/rfc1035.c
-@@ -1326,6 +1326,9 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
+@@ -1396,6 +1396,9 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
size_t len;
int rd_bit = (header->hb3 & HB3_RD);
@@ -60,5 +60,5 @@ index f1edc45..15041cc 100644
if (ntohs(header->ancount) != 0 ||
ntohs(header->nscount) != 0 ||
--
-2.21.1
+2.31.1
diff --git a/dnsmasq.spec b/dnsmasq.spec
index 3ef217f..18ab9da 100644
--- a/dnsmasq.spec
+++ b/dnsmasq.spec
@@ -19,8 +19,8 @@
%bcond_with sourcegit
Name: dnsmasq
-Version: 2.85
-Release: 4%{?extraversion:.%{extraversion}}%{?dist}
+Version: 2.86
+Release: 1%{?extraversion:.%{extraversion}}%{?dist}
Summary: A lightweight DHCP/caching DNS server
License: GPLv2 or GPLv3
@@ -200,6 +200,10 @@ install -Dpm 644 %{SOURCE2} %{buildroot}%{_sysusersdir}/%{name}.conf
%{_mandir}/man1/dhcp_*
%changelog
+* Thu Sep 09 2021 Petr Menšík <pemensik(a)redhat.com> - 2.86-1
+- Update to 2.86 (#2002475)
+- Apply coverity detected issues patches
+
* Wed Aug 04 2021 Petr Menšík <pemensik(a)redhat.com> - 2.85-4
- Do not require systemd
diff --git a/sources b/sources
index 37adc99..02ff1d0 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
-SHA512 (dnsmasq-2.85.tar.xz) = 8beefe76b46f7d561f40d0900ba68b260a199cb62ab5b653746e3a1104c04fb8899b9e7a160a1be4fe8782bfb1607b556e9ffb9c25c4e99653e4bc74fcc03b09
-SHA512 (dnsmasq-2.85.tar.xz.asc) = 4ec4d51b80f5437cf56003e343646e2362b9451823ec3812bfbf496b57071c878b09052c9bd6e5491c91a2ece7010b841a8766d378ebc68b9dc71d18af1b2d31
+SHA512 (dnsmasq-2.86.tar.xz) = 487eae0afbc8bb3d5282a729ffb0cb2c9bdc7d8e46e2e8aa114cd7c5d82e0fd66f49926e7fa4028577548d6f57e8a865aca17f33963a589874584d608ab2deaf
+SHA512 (dnsmasq-2.86.tar.xz.asc) = 852023cd5bf48e5e603288398989c63b3c4724d9d1d8abb0eb0ffcbe526d99f93371e244c706bf249387f337465433d439017fc23cfbdbae030900c2989605e6
https://src.fedoraproject.org/rpms/dnsmasq/c/702d60b1329dd3b74bf8987f23e4...
2 years, 9 months
pemensik pushed to dnsmasq (rawhide). "Update to 2.86 (#2002475)"
by notifications@fedoraproject.org
Notification time stamped 2021-09-09 08:04:29 UTC
From d5947e0b6146add7fc13effd73a955b62664a43d Mon Sep 17 00:00:00 2001
From: Petr Menšík <pemensik(a)redhat.com>
Date: Sep 09 2021 08:03:17 +0000
Subject: Update to 2.86 (#2002475)
---
diff --git a/.gitignore b/.gitignore
index 29cbea9..958a268 100644
--- a/.gitignore
+++ b/.gitignore
@@ -42,3 +42,5 @@ dnsmasq-2.52.tar.lzma
/dnsmasq-2.85rc2.tar.xz.asc
/dnsmasq-2.85.tar.xz
/dnsmasq-2.85.tar.xz.asc
+/dnsmasq-2.86.tar.xz
+/dnsmasq-2.86.tar.xz.asc
diff --git a/dnsmasq-2.77-underflow.patch b/dnsmasq-2.77-underflow.patch
index 2a04039..dfddf4c 100644
--- a/dnsmasq-2.77-underflow.patch
+++ b/dnsmasq-2.77-underflow.patch
@@ -1,4 +1,4 @@
-From 684bede049a006a0a47ce88f017ada9f73bf4430 Mon Sep 17 00:00:00 2001
+From 77c7cabbeab1fbe1f7296f33762771f208586e59 Mon Sep 17 00:00:00 2001
From: Doran Moppert <dmoppert(a)redhat.com>
Date: Tue, 26 Sep 2017 14:48:20 +0930
Subject: [PATCH] google patch hand-applied
@@ -10,7 +10,7 @@ Subject: [PATCH] google patch hand-applied
3 files changed, 12 insertions(+), 5 deletions(-)
diff --git a/src/edns0.c b/src/edns0.c
-index d75d3cc..7d8cf7f 100644
+index 7bd26b8..7f96414 100644
--- a/src/edns0.c
+++ b/src/edns0.c
@@ -212,11 +212,11 @@ size_t add_pseudoheader(struct dns_header *header, size_t plen, unsigned char *l
@@ -31,10 +31,10 @@ index d75d3cc..7d8cf7f 100644
free(buff);
p += rdlen;
diff --git a/src/forward.c b/src/forward.c
-index ed9c8f6..77059ed 100644
+index 3d638e4..e254e35 100644
--- a/src/forward.c
+++ b/src/forward.c
-@@ -1542,6 +1542,10 @@ void receive_query(struct listener *listen, time_t now)
+@@ -1558,6 +1558,10 @@ void receive_query(struct listener *listen, time_t now)
udp_size = PACKETSZ; /* Sanity check - can't reduce below default. RFC 6891 6.2.3 */
}
@@ -42,14 +42,14 @@ index ed9c8f6..77059ed 100644
+ // do not underflow
+ if (udp_size < n) udp_size = n;
+
+ #ifdef HAVE_CONNTRACK
#ifdef HAVE_AUTH
- if (auth_dns)
- {
+ if (!auth_dns || local_auth)
diff --git a/src/rfc1035.c b/src/rfc1035.c
-index f1edc45..15041cc 100644
+index 6fc4f26..66fa00c 100644
--- a/src/rfc1035.c
+++ b/src/rfc1035.c
-@@ -1326,6 +1326,9 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
+@@ -1396,6 +1396,9 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
size_t len;
int rd_bit = (header->hb3 & HB3_RD);
@@ -60,5 +60,5 @@ index f1edc45..15041cc 100644
if (ntohs(header->ancount) != 0 ||
ntohs(header->nscount) != 0 ||
--
-2.21.1
+2.31.1
diff --git a/dnsmasq.spec b/dnsmasq.spec
index 3af1202..0f87341 100644
--- a/dnsmasq.spec
+++ b/dnsmasq.spec
@@ -19,8 +19,8 @@
%bcond_with sourcegit
Name: dnsmasq
-Version: 2.85
-Release: 6%{?extraversion:.%{extraversion}}%{?dist}
+Version: 2.86
+Release: 1%{?extraversion:.%{extraversion}}%{?dist}
Summary: A lightweight DHCP/caching DNS server
License: GPLv2 or GPLv3
@@ -200,6 +200,10 @@ install -Dpm 644 %{SOURCE2} %{buildroot}%{_sysusersdir}/%{name}.conf
%{_mandir}/man1/dhcp_*
%changelog
+* Thu Sep 09 2021 Petr Menšík <pemensik(a)redhat.com> - 2.86-1
+- Update to 2.86 (#2002475)
+- Apply coverity detected issues patches
+
* Wed Aug 04 2021 Petr Menšík <pemensik(a)redhat.com> - 2.85-6
- Do not require systemd
diff --git a/sources b/sources
index 37adc99..02ff1d0 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
-SHA512 (dnsmasq-2.85.tar.xz) = 8beefe76b46f7d561f40d0900ba68b260a199cb62ab5b653746e3a1104c04fb8899b9e7a160a1be4fe8782bfb1607b556e9ffb9c25c4e99653e4bc74fcc03b09
-SHA512 (dnsmasq-2.85.tar.xz.asc) = 4ec4d51b80f5437cf56003e343646e2362b9451823ec3812bfbf496b57071c878b09052c9bd6e5491c91a2ece7010b841a8766d378ebc68b9dc71d18af1b2d31
+SHA512 (dnsmasq-2.86.tar.xz) = 487eae0afbc8bb3d5282a729ffb0cb2c9bdc7d8e46e2e8aa114cd7c5d82e0fd66f49926e7fa4028577548d6f57e8a865aca17f33963a589874584d608ab2deaf
+SHA512 (dnsmasq-2.86.tar.xz.asc) = 852023cd5bf48e5e603288398989c63b3c4724d9d1d8abb0eb0ffcbe526d99f93371e244c706bf249387f337465433d439017fc23cfbdbae030900c2989605e6
https://src.fedoraproject.org/rpms/dnsmasq/c/d5947e0b6146add7fc13effd73a9...
2 years, 9 months
pemensik pushed to dnsmasq (f35). "Update to 2.86 (#2002475)"
by notifications@fedoraproject.org
Notification time stamped 2021-09-09 08:21:10 UTC
From d5947e0b6146add7fc13effd73a955b62664a43d Mon Sep 17 00:00:00 2001
From: Petr Menšík <pemensik(a)redhat.com>
Date: Sep 09 2021 08:03:17 +0000
Subject: Update to 2.86 (#2002475)
---
diff --git a/.gitignore b/.gitignore
index 29cbea9..958a268 100644
--- a/.gitignore
+++ b/.gitignore
@@ -42,3 +42,5 @@ dnsmasq-2.52.tar.lzma
/dnsmasq-2.85rc2.tar.xz.asc
/dnsmasq-2.85.tar.xz
/dnsmasq-2.85.tar.xz.asc
+/dnsmasq-2.86.tar.xz
+/dnsmasq-2.86.tar.xz.asc
diff --git a/dnsmasq-2.77-underflow.patch b/dnsmasq-2.77-underflow.patch
index 2a04039..dfddf4c 100644
--- a/dnsmasq-2.77-underflow.patch
+++ b/dnsmasq-2.77-underflow.patch
@@ -1,4 +1,4 @@
-From 684bede049a006a0a47ce88f017ada9f73bf4430 Mon Sep 17 00:00:00 2001
+From 77c7cabbeab1fbe1f7296f33762771f208586e59 Mon Sep 17 00:00:00 2001
From: Doran Moppert <dmoppert(a)redhat.com>
Date: Tue, 26 Sep 2017 14:48:20 +0930
Subject: [PATCH] google patch hand-applied
@@ -10,7 +10,7 @@ Subject: [PATCH] google patch hand-applied
3 files changed, 12 insertions(+), 5 deletions(-)
diff --git a/src/edns0.c b/src/edns0.c
-index d75d3cc..7d8cf7f 100644
+index 7bd26b8..7f96414 100644
--- a/src/edns0.c
+++ b/src/edns0.c
@@ -212,11 +212,11 @@ size_t add_pseudoheader(struct dns_header *header, size_t plen, unsigned char *l
@@ -31,10 +31,10 @@ index d75d3cc..7d8cf7f 100644
free(buff);
p += rdlen;
diff --git a/src/forward.c b/src/forward.c
-index ed9c8f6..77059ed 100644
+index 3d638e4..e254e35 100644
--- a/src/forward.c
+++ b/src/forward.c
-@@ -1542,6 +1542,10 @@ void receive_query(struct listener *listen, time_t now)
+@@ -1558,6 +1558,10 @@ void receive_query(struct listener *listen, time_t now)
udp_size = PACKETSZ; /* Sanity check - can't reduce below default. RFC 6891 6.2.3 */
}
@@ -42,14 +42,14 @@ index ed9c8f6..77059ed 100644
+ // do not underflow
+ if (udp_size < n) udp_size = n;
+
+ #ifdef HAVE_CONNTRACK
#ifdef HAVE_AUTH
- if (auth_dns)
- {
+ if (!auth_dns || local_auth)
diff --git a/src/rfc1035.c b/src/rfc1035.c
-index f1edc45..15041cc 100644
+index 6fc4f26..66fa00c 100644
--- a/src/rfc1035.c
+++ b/src/rfc1035.c
-@@ -1326,6 +1326,9 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
+@@ -1396,6 +1396,9 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
size_t len;
int rd_bit = (header->hb3 & HB3_RD);
@@ -60,5 +60,5 @@ index f1edc45..15041cc 100644
if (ntohs(header->ancount) != 0 ||
ntohs(header->nscount) != 0 ||
--
-2.21.1
+2.31.1
diff --git a/dnsmasq.spec b/dnsmasq.spec
index 3af1202..0f87341 100644
--- a/dnsmasq.spec
+++ b/dnsmasq.spec
@@ -19,8 +19,8 @@
%bcond_with sourcegit
Name: dnsmasq
-Version: 2.85
-Release: 6%{?extraversion:.%{extraversion}}%{?dist}
+Version: 2.86
+Release: 1%{?extraversion:.%{extraversion}}%{?dist}
Summary: A lightweight DHCP/caching DNS server
License: GPLv2 or GPLv3
@@ -200,6 +200,10 @@ install -Dpm 644 %{SOURCE2} %{buildroot}%{_sysusersdir}/%{name}.conf
%{_mandir}/man1/dhcp_*
%changelog
+* Thu Sep 09 2021 Petr Menšík <pemensik(a)redhat.com> - 2.86-1
+- Update to 2.86 (#2002475)
+- Apply coverity detected issues patches
+
* Wed Aug 04 2021 Petr Menšík <pemensik(a)redhat.com> - 2.85-6
- Do not require systemd
diff --git a/sources b/sources
index 37adc99..02ff1d0 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
-SHA512 (dnsmasq-2.85.tar.xz) = 8beefe76b46f7d561f40d0900ba68b260a199cb62ab5b653746e3a1104c04fb8899b9e7a160a1be4fe8782bfb1607b556e9ffb9c25c4e99653e4bc74fcc03b09
-SHA512 (dnsmasq-2.85.tar.xz.asc) = 4ec4d51b80f5437cf56003e343646e2362b9451823ec3812bfbf496b57071c878b09052c9bd6e5491c91a2ece7010b841a8766d378ebc68b9dc71d18af1b2d31
+SHA512 (dnsmasq-2.86.tar.xz) = 487eae0afbc8bb3d5282a729ffb0cb2c9bdc7d8e46e2e8aa114cd7c5d82e0fd66f49926e7fa4028577548d6f57e8a865aca17f33963a589874584d608ab2deaf
+SHA512 (dnsmasq-2.86.tar.xz.asc) = 852023cd5bf48e5e603288398989c63b3c4724d9d1d8abb0eb0ffcbe526d99f93371e244c706bf249387f337465433d439017fc23cfbdbae030900c2989605e6
https://src.fedoraproject.org/rpms/dnsmasq/c/d5947e0b6146add7fc13effd73a9...
2 years, 9 months
pemensik pushed to dnsmasq (f26). "Security fix, CVE-2017-14494,
Infoleak handling DHCPv6 forwarded requests. (..more)"
by notifications@fedoraproject.org
From 4b39bb3db4590e5332e9c67af9d2b94213839996 Mon Sep 17 00:00:00 2001
From: Petr Menšík <pemensik(a)redhat.com>
Date: Oct 02 2017 15:37:39 +0000
Subject: Security fix, CVE-2017-14494, Infoleak handling DHCPv6 forwarded requests.
Fix information leak in DHCPv6. A crafted DHCPv6 packet can
cause dnsmasq to forward memory from outside the packet
buffer to a DHCPv6 server when acting as a relay.
Signed-off-by: Petr Menšík <pemensik(a)redhat.com>
---
diff --git a/dnsmasq-2.77-CVE-2017-14494.patch b/dnsmasq-2.77-CVE-2017-14494.patch
new file mode 100644
index 0000000..7b49907
--- /dev/null
+++ b/dnsmasq-2.77-CVE-2017-14494.patch
@@ -0,0 +1,30 @@
+From 33e3f1029c9ec6c63e430ff51063a6301d4b2262 Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon(a)thekelleys.org.uk>
+Date: Mon, 25 Sep 2017 20:05:11 +0100
+Subject: [PATCH 5/9] Security fix, CVE-2017-14494, Infoleak handling DHCPv6
+ forwarded requests.
+
+Fix information leak in DHCPv6. A crafted DHCPv6 packet can
+cause dnsmasq to forward memory from outside the packet
+buffer to a DHCPv6 server when acting as a relay.
+---
+ src/rfc3315.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/rfc3315.c b/src/rfc3315.c
+index 920907c..4ca43e0 100644
+--- a/src/rfc3315.c
++++ b/src/rfc3315.c
+@@ -216,6 +216,9 @@ static int dhcp6_maybe_relay(struct state *state, void *inbuff, size_t sz,
+
+ for (opt = opts; opt; opt = opt6_next(opt, end))
+ {
++ if (opt6_ptr(opt, 0) + opt6_len(opt) >= end) {
++ return 0;
++ }
+ int o = new_opt6(opt6_type(opt));
+ if (opt6_type(opt) == OPTION6_RELAY_MSG)
+ {
+--
+2.9.5
+
diff --git a/dnsmasq.spec b/dnsmasq.spec
index 0e7246e..2cd2101 100644
--- a/dnsmasq.spec
+++ b/dnsmasq.spec
@@ -28,6 +28,7 @@ Patch0: dnsmasq-2.76-dns-sleep-resume.patch
Patch2: dnsmasq-2.77-CVE-2017-14491.patch
Patch3: dnsmasq-2.77-CVE-2017-14492.patch
Patch4: dnsmasq-2.77-CVE-2017-14493.patch
+Patch5: dnsmasq-2.77-CVE-2017-14494.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -66,6 +67,7 @@ query/remove a DHCP server's leases.
%patch2 -p1 -b .CVE-2017-14491
%patch3 -p1 -b .CVE-2017-14492
%patch4 -p1 -b .CVE-2017-14493
+%patch5 -p1 -b .CVE-2017-14494
# use /var/lib/dnsmasq instead of /var/lib/misc
for file in dnsmasq.conf.example man/dnsmasq.8 man/es/dnsmasq.8 src/config.h; do
@@ -157,6 +159,7 @@ rm -rf $RPM_BUILD_ROOT
- Security fix, CVE-2017-14491, DNS heap buffer overflow
- Security fix, CVE-2017-14492, DHCPv6 RA heap overflow
- Security fix, CVE-2017-14493, DHCPv6 - Stack buffer overflow
+- Security fix, CVE-2017-14494, Infoleak handling DHCPv6
* Fri Feb 10 2017 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.76-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
https://src.fedoraproject.org/rpms/dnsmasq/c/4b39bb3db4590e5332e9c67af9d2...
6 years, 8 months
pemensik pushed to dnsmasq (f32). "Update to 2.85 (#1947198) (..more)"
by notifications@fedoraproject.org
Notification time stamped 2021-04-08 08:26:10 UTC
From ebfde5c6ccec333eab6cccb2ab2c7f82ba57110b Mon Sep 17 00:00:00 2001
From: Petr Menšík <pemensik(a)redhat.com>
Date: Apr 08 2021 07:40:08 +0000
Subject: Update to 2.85 (#1947198)
Change to production release.
Update to 2.85rc2
Fixes CVE-2021-3448 and few more regressions.
Removed changelog entry
---
diff --git a/.gitignore b/.gitignore
index 38f9c5c..8f8dc3a 100644
--- a/.gitignore
+++ b/.gitignore
@@ -38,3 +38,5 @@ dnsmasq-2.52.tar.lzma
/dnsmasq-2.83.tar.xz.asc
/dnsmasq-2.84.tar.xz
/dnsmasq-2.84.tar.xz.asc
+/dnsmasq-2.85.tar.xz
+/dnsmasq-2.85.tar.xz.asc
diff --git a/dnsmasq-2.80-SIOCGSTAMP.patch b/dnsmasq-2.80-SIOCGSTAMP.patch
deleted file mode 100644
index 3a32bb8..0000000
--- a/dnsmasq-2.80-SIOCGSTAMP.patch
+++ /dev/null
@@ -1,60 +0,0 @@
-From 31e14f6e52677c675ee4683f9daab5bf21c07dd6 Mon Sep 17 00:00:00 2001
-From: Petr Mensik <pemensik(a)redhat.com>
-Date: Wed, 31 Jul 2019 20:35:35 +0200
-Subject: [PATCH] Recent kernel no longer supports SIOCGSTAMP
-
-Build without it defined by kernel headers. Do not try SO_TIMESTAMP
-until fixed properly.
----
- src/dhcp.c | 32 ++++++++++++++++++--------------
- 1 file changed, 18 insertions(+), 14 deletions(-)
-
-diff --git a/src/dhcp.c b/src/dhcp.c
-index f8d323b..9afdccf 100644
---- a/src/dhcp.c
-+++ b/src/dhcp.c
-@@ -178,23 +178,27 @@ void dhcp_packet(time_t now, int pxe_fd)
- (sz < (ssize_t)(sizeof(*mess) - sizeof(mess->options))))
- return;
-
-- #if defined (HAVE_LINUX_NETWORK)
-- if (ioctl(fd, SIOCGSTAMP, &tv) == 0)
-+#if defined (HAVE_LINUX_NETWORK)
-+#ifdef SIOCGSTAMP
-+ if (tv.tv_sec == 0 && ioctl(fd, SIOCGSTAMP, &tv) == 0)
- recvtime = tv.tv_sec;
-+#endif
-
- if (msg.msg_controllen >= sizeof(struct cmsghdr))
-- for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr))
-- if (cmptr->cmsg_level == IPPROTO_IP && cmptr->cmsg_type == IP_PKTINFO)
-- {
-- union {
-- unsigned char *c;
-- struct in_pktinfo *p;
-- } p;
-- p.c = CMSG_DATA(cmptr);
-- iface_index = p.p->ipi_ifindex;
-- if (p.p->ipi_addr.s_addr != INADDR_BROADCAST)
-- unicast_dest = 1;
-- }
-+ {
-+ for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr))
-+ if (cmptr->cmsg_level == IPPROTO_IP && cmptr->cmsg_type == IP_PKTINFO)
-+ {
-+ union {
-+ unsigned char *c;
-+ struct in_pktinfo *p;
-+ } p;
-+ p.c = CMSG_DATA(cmptr);
-+ iface_index = p.p->ipi_ifindex;
-+ if (p.p->ipi_addr.s_addr != INADDR_BROADCAST)
-+ unicast_dest = 1;
-+ }
-+ }
-
- #elif defined(HAVE_BSD_NETWORK)
- if (msg.msg_controllen >= sizeof(struct cmsghdr))
---
-2.20.1
-
diff --git a/dnsmasq-2.81-rh1834454.patch b/dnsmasq-2.81-rh1834454.patch
deleted file mode 100644
index f31b230..0000000
--- a/dnsmasq-2.81-rh1834454.patch
+++ /dev/null
@@ -1,62 +0,0 @@
-From 3d113137fd64cd0723cbecab6a36a75d3ecfb0a6 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Harald=20Jens=C3=A5s?= <hjensas(a)redhat.com>
-Date: Thu, 7 May 2020 00:33:54 +0200
-Subject: [PATCH 1/1] Fix regression in s_config_in_context() method
-
-Prior to commit 137286e9baecf6a3ba97722ef1b49c851b531810
-a config would not be considered in context if:
-a) it has no address family flags set
-b) it has the address family flag of current context set
-
-Since above commit config is considered in context if the
-address family is the opposite of current context.
-
-The result is that a config with two dhcp-host records,
-one for IPv6 and another for IPv4 no longer works, for
-example with the below config the config with the IPv6
-address would be considered in context for a DHCP(v4)
-request.
- dhcp-host=52:54:00:bc:c3:fd,172.20.0.11,host2
- dhcp-host=52:54:00:bc:c3:fd,[fd12:3456:789a:1::aadd],host2
-
-This commit restores the previous behavior.
----
- src/dhcp-common.c | 10 +++++++---
- 1 file changed, 7 insertions(+), 3 deletions(-)
-
-diff --git a/src/dhcp-common.c b/src/dhcp-common.c
-index eae9886..ffc78ca 100644
---- a/src/dhcp-common.c
-+++ b/src/dhcp-common.c
-@@ -280,14 +280,18 @@ static int is_config_in_context(struct dhcp_context *context, struct dhcp_config
- {
- if (!context) /* called via find_config() from lease_update_from_configs() */
- return 1;
--
-+
-+ /* No address present in config == in context */
-+ if (!(config->flags & (CONFIG_ADDR | CONFIG_ADDR6)))
-+ return 1;
-+
- #ifdef HAVE_DHCP6
- if (context->flags & CONTEXT_V6)
- {
- struct addrlist *addr_list;
-
- if (!(config->flags & CONFIG_ADDR6))
-- return 1;
-+ return 0;
-
- for (; context; context = context->current)
- for (addr_list = config->addr6; addr_list; addr_list = addr_list->next)
-@@ -303,7 +307,7 @@ static int is_config_in_context(struct dhcp_context *context, struct dhcp_config
- #endif
- {
- if (!(config->flags & CONFIG_ADDR))
-- return 1;
-+ return 0;
-
- for (; context; context = context->current)
- if ((config->flags & CONFIG_ADDR) && is_same_net(config->addr, context->start, context->netmask))
---
-2.25.4
diff --git a/dnsmasq.spec b/dnsmasq.spec
index 7807951..8eb9179 100644
--- a/dnsmasq.spec
+++ b/dnsmasq.spec
@@ -19,7 +19,7 @@
%bcond_with sourcegit
Name: dnsmasq
-Version: 2.84
+Version: 2.85
Release: 1%{?extraversion:.%{extraversion}}%{?dist}
Summary: A lightweight DHCP/caching DNS server
@@ -41,13 +41,8 @@ Patch1: dnsmasq-2.77-underflow.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1852373
Patch2: dnsmasq-2.81-configuration.patch
Patch3: dnsmasq-2.78-fips.patch
-Patch9: dnsmasq-2.80-SIOCGSTAMP.patch
-# https://bugzilla.redhat.com/show_bug.cgi?id=1834454
-Patch17: dnsmasq-2.81-rh1834454.patch
-# This is workaround to nettle bug #1549190
-# https://bugzilla.redhat.com/show_bug.cgi?id=1549190
-Requires: nettle >= 3.4
+Requires: nettle
BuildRequires: dbus-devel
BuildRequires: pkgconfig
@@ -185,6 +180,10 @@ install -Dpm 644 %{SOURCE2} %{buildroot}%{_sysusersdir}/%{name}.conf
%{_mandir}/man1/dhcp_*
%changelog
+* Thu Apr 08 2021 Petr Menšík <pemensik(a)redhat.com> - 2.85-1
+- Update to 2.85 (#1947198)
+- Randomize ports also on bound interfaces ((CVE-2021-3448)
+
* Tue Jan 26 2021 Petr Menšík <pemensik(a)redhat.com> - 2.84-1
- Update to 2.84
diff --git a/sources b/sources
index 54bcc55..37adc99 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
-SHA512 (dnsmasq-2.84.tar.xz) = e84bdcdf3cf35f08e8492eb5aa89ee6543233bdb821d01f164783bd6d0913ec01c513e85e2109352c77e77142a1a94bedcd3361f37d7b2a9a5d35a02448e85c6
-SHA512 (dnsmasq-2.84.tar.xz.asc) = 097bc87a6aa9c5a01b3eefd4593b1de26c8565e2ad40bbf8627a0fa143101deeea313d0266eb068ab378996e0ac033f4a5b1890a823b69a9dc216049239e316a
+SHA512 (dnsmasq-2.85.tar.xz) = 8beefe76b46f7d561f40d0900ba68b260a199cb62ab5b653746e3a1104c04fb8899b9e7a160a1be4fe8782bfb1607b556e9ffb9c25c4e99653e4bc74fcc03b09
+SHA512 (dnsmasq-2.85.tar.xz.asc) = 4ec4d51b80f5437cf56003e343646e2362b9451823ec3812bfbf496b57071c878b09052c9bd6e5491c91a2ece7010b841a8766d378ebc68b9dc71d18af1b2d31
https://src.fedoraproject.org/rpms/dnsmasq/c/ebfde5c6ccec333eab6cccb2ab2c...
3 years, 2 months
pemensik pushed to dnsmasq (f25). "Security fix, CVE-2017-14494,
Infoleak handling DHCPv6 forwarded requests. (..more)"
by notifications@fedoraproject.org
From 069306ad321ba09956473c8fb6e8f5502fbd3141 Mon Sep 17 00:00:00 2001
From: Petr Menšík <pemensik(a)redhat.com>
Date: Oct 02 2017 15:41:10 +0000
Subject: Security fix, CVE-2017-14494, Infoleak handling DHCPv6 forwarded requests.
Fix information leak in DHCPv6. A crafted DHCPv6 packet can
cause dnsmasq to forward memory from outside the packet
buffer to a DHCPv6 server when acting as a relay.
Signed-off-by: Petr Menšík <pemensik(a)redhat.com>
---
diff --git a/dnsmasq-2.77-CVE-2017-14494.patch b/dnsmasq-2.77-CVE-2017-14494.patch
new file mode 100644
index 0000000..7b49907
--- /dev/null
+++ b/dnsmasq-2.77-CVE-2017-14494.patch
@@ -0,0 +1,30 @@
+From 33e3f1029c9ec6c63e430ff51063a6301d4b2262 Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon(a)thekelleys.org.uk>
+Date: Mon, 25 Sep 2017 20:05:11 +0100
+Subject: [PATCH 5/9] Security fix, CVE-2017-14494, Infoleak handling DHCPv6
+ forwarded requests.
+
+Fix information leak in DHCPv6. A crafted DHCPv6 packet can
+cause dnsmasq to forward memory from outside the packet
+buffer to a DHCPv6 server when acting as a relay.
+---
+ src/rfc3315.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/rfc3315.c b/src/rfc3315.c
+index 920907c..4ca43e0 100644
+--- a/src/rfc3315.c
++++ b/src/rfc3315.c
+@@ -216,6 +216,9 @@ static int dhcp6_maybe_relay(struct state *state, void *inbuff, size_t sz,
+
+ for (opt = opts; opt; opt = opt6_next(opt, end))
+ {
++ if (opt6_ptr(opt, 0) + opt6_len(opt) >= end) {
++ return 0;
++ }
+ int o = new_opt6(opt6_type(opt));
+ if (opt6_type(opt) == OPTION6_RELAY_MSG)
+ {
+--
+2.9.5
+
diff --git a/dnsmasq.spec b/dnsmasq.spec
index 5b3f53c..6138ba4 100644
--- a/dnsmasq.spec
+++ b/dnsmasq.spec
@@ -28,6 +28,7 @@ Patch0: dnsmasq-2.76-dns-sleep-resume.patch
Patch2: dnsmasq-2.77-CVE-2017-14491.patch
Patch3: dnsmasq-2.77-CVE-2017-14492.patch
Patch4: dnsmasq-2.77-CVE-2017-14493.patch
+Patch5: dnsmasq-2.77-CVE-2017-14494.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -66,6 +67,7 @@ query/remove a DHCP server's leases.
%patch2 -p1 -b .CVE-2017-14491
%patch3 -p1 -b .CVE-2017-14492
%patch4 -p1 -b .CVE-2017-14493
+%patch5 -p1 -b .CVE-2017-14494
# use /var/lib/dnsmasq instead of /var/lib/misc
for file in dnsmasq.conf.example man/dnsmasq.8 man/es/dnsmasq.8 src/config.h; do
@@ -157,6 +159,7 @@ rm -rf $RPM_BUILD_ROOT
- Security fix, CVE-2017-14491, DNS heap buffer overflow
- Security fix, CVE-2017-14492, DHCPv6 RA heap overflow
- Security fix, CVE-2017-14493, DHCPv6 - Stack buffer overflow
+- Security fix, CVE-2017-14494, Infoleak handling DHCPv6
* Wed Oct 19 2016 Pavel Šimerda <psimerda(a)redhat.com> - 2.76-2
- Resolves: #1373485 - dns not updated after sleep and resume laptop
https://src.fedoraproject.org/rpms/dnsmasq/c/069306ad321ba09956473c8fb6e8...
6 years, 8 months