Update to 2.85rc2
Fixes CVE-2021-3448 and few more regressions.
This commit is contained in:
Petr Menšík
parent
93943b79fb
commit
f497e41434
|
|
@ -38,3 +38,5 @@ dnsmasq-2.52.tar.lzma
|
|||
/dnsmasq-2.83.tar.xz.asc
|
||||
/dnsmasq-2.84.tar.xz
|
||||
/dnsmasq-2.84.tar.xz.asc
|
||||
/dnsmasq-2.85rc2.tar.xz
|
||||
/dnsmasq-2.85rc2.tar.xz.asc
|
||||
|
|
|
|||
|
|
@ -1,59 +0,0 @@
|
|||
From 02b6209f8085cbe3443f8623ccdc31f020825507 Mon Sep 17 00:00:00 2001
|
||||
From: Petr Mensik <pemensik@redhat.com>
|
||||
Date: Wed, 31 Jul 2019 20:35:35 +0200
|
||||
Subject: [PATCH] Recent kernel no longer supports SIOCGSTAMP
|
||||
|
||||
Build without it defined by kernel headers. Do not try SO_TIMESTAMP
|
||||
until fixed properly.
|
||||
---
|
||||
src/dhcp.c | 30 +++++++++++++++++-------------
|
||||
1 file changed, 17 insertions(+), 13 deletions(-)
|
||||
|
||||
diff --git a/src/dhcp.c b/src/dhcp.c
|
||||
index bea4688..13373ae 100644
|
||||
--- a/src/dhcp.c
|
||||
+++ b/src/dhcp.c
|
||||
@@ -178,23 +178,27 @@ void dhcp_packet(time_t now, int pxe_fd)
|
||||
(sz < (ssize_t)(sizeof(*mess) - sizeof(mess->options))))
|
||||
return;
|
||||
|
||||
- #if defined (HAVE_LINUX_NETWORK)
|
||||
+#if defined (HAVE_LINUX_NETWORK)
|
||||
+#ifdef SIOCGSTAMP
|
||||
if (ioctl(fd, SIOCGSTAMP, &tv) == 0)
|
||||
recvtime = tv.tv_sec;
|
||||
+#endif
|
||||
|
||||
if (msg.msg_controllen >= sizeof(struct cmsghdr))
|
||||
- for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr))
|
||||
- if (cmptr->cmsg_level == IPPROTO_IP && cmptr->cmsg_type == IP_PKTINFO)
|
||||
- {
|
||||
- union {
|
||||
- unsigned char *c;
|
||||
- struct in_pktinfo *p;
|
||||
- } p;
|
||||
- p.c = CMSG_DATA(cmptr);
|
||||
- iface_index = p.p->ipi_ifindex;
|
||||
- if (p.p->ipi_addr.s_addr != INADDR_BROADCAST)
|
||||
- unicast_dest = 1;
|
||||
- }
|
||||
+ {
|
||||
+ for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr))
|
||||
+ if (cmptr->cmsg_level == IPPROTO_IP && cmptr->cmsg_type == IP_PKTINFO)
|
||||
+ {
|
||||
+ union {
|
||||
+ unsigned char *c;
|
||||
+ struct in_pktinfo *p;
|
||||
+ } p;
|
||||
+ p.c = CMSG_DATA(cmptr);
|
||||
+ iface_index = p.p->ipi_ifindex;
|
||||
+ if (p.p->ipi_addr.s_addr != INADDR_BROADCAST)
|
||||
+ unicast_dest = 1;
|
||||
+ }
|
||||
+ }
|
||||
|
||||
#elif defined(HAVE_BSD_NETWORK)
|
||||
if (msg.msg_controllen >= sizeof(struct cmsghdr))
|
||||
--
|
||||
2.26.2
|
||||
|
||||
|
|
@ -1,62 +0,0 @@
|
|||
From 3d113137fd64cd0723cbecab6a36a75d3ecfb0a6 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Harald=20Jens=C3=A5s?= <hjensas@redhat.com>
|
||||
Date: Thu, 7 May 2020 00:33:54 +0200
|
||||
Subject: [PATCH 1/1] Fix regression in s_config_in_context() method
|
||||
|
||||
Prior to commit 137286e9baecf6a3ba97722ef1b49c851b531810
|
||||
a config would not be considered in context if:
|
||||
a) it has no address family flags set
|
||||
b) it has the address family flag of current context set
|
||||
|
||||
Since above commit config is considered in context if the
|
||||
address family is the opposite of current context.
|
||||
|
||||
The result is that a config with two dhcp-host records,
|
||||
one for IPv6 and another for IPv4 no longer works, for
|
||||
example with the below config the config with the IPv6
|
||||
address would be considered in context for a DHCP(v4)
|
||||
request.
|
||||
dhcp-host=52:54:00:bc:c3:fd,172.20.0.11,host2
|
||||
dhcp-host=52:54:00:bc:c3:fd,[fd12:3456:789a:1::aadd],host2
|
||||
|
||||
This commit restores the previous behavior.
|
||||
---
|
||||
src/dhcp-common.c | 10 +++++++---
|
||||
1 file changed, 7 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/src/dhcp-common.c b/src/dhcp-common.c
|
||||
index eae9886..ffc78ca 100644
|
||||
--- a/src/dhcp-common.c
|
||||
+++ b/src/dhcp-common.c
|
||||
@@ -280,14 +280,18 @@ static int is_config_in_context(struct dhcp_context *context, struct dhcp_config
|
||||
{
|
||||
if (!context) /* called via find_config() from lease_update_from_configs() */
|
||||
return 1;
|
||||
-
|
||||
+
|
||||
+ /* No address present in config == in context */
|
||||
+ if (!(config->flags & (CONFIG_ADDR | CONFIG_ADDR6)))
|
||||
+ return 1;
|
||||
+
|
||||
#ifdef HAVE_DHCP6
|
||||
if (context->flags & CONTEXT_V6)
|
||||
{
|
||||
struct addrlist *addr_list;
|
||||
|
||||
if (!(config->flags & CONFIG_ADDR6))
|
||||
- return 1;
|
||||
+ return 0;
|
||||
|
||||
for (; context; context = context->current)
|
||||
for (addr_list = config->addr6; addr_list; addr_list = addr_list->next)
|
||||
@@ -303,7 +307,7 @@ static int is_config_in_context(struct dhcp_context *context, struct dhcp_config
|
||||
#endif
|
||||
{
|
||||
if (!(config->flags & CONFIG_ADDR))
|
||||
- return 1;
|
||||
+ return 0;
|
||||
|
||||
for (; context; context = context->current)
|
||||
if ((config->flags & CONFIG_ADDR) && is_same_net(config->addr, context->start, context->netmask))
|
||||
--
|
||||
2.25.4
|
||||
16
dnsmasq.spec
16
dnsmasq.spec
|
|
@ -1,5 +1,5 @@
|
|||
%define testrelease 0
|
||||
%define releasecandidate 0
|
||||
%define releasecandidate 2
|
||||
%if 0%{testrelease}
|
||||
%define extrapath test-releases/
|
||||
%define extraversion test%{testrelease}
|
||||
|
|
@ -19,8 +19,8 @@
|
|||
%bcond_with sourcegit
|
||||
|
||||
Name: dnsmasq
|
||||
Version: 2.84
|
||||
Release: 2%{?extraversion:.%{extraversion}}%{?dist}
|
||||
Version: 2.85
|
||||
Release: 1%{?extraversion:.%{extraversion}}%{?dist}
|
||||
Summary: A lightweight DHCP/caching DNS server
|
||||
|
||||
License: GPLv2 or GPLv3
|
||||
|
|
@ -41,13 +41,8 @@ Patch1: dnsmasq-2.77-underflow.patch
|
|||
# https://bugzilla.redhat.com/show_bug.cgi?id=1852373
|
||||
Patch2: dnsmasq-2.81-configuration.patch
|
||||
Patch3: dnsmasq-2.78-fips.patch
|
||||
Patch9: dnsmasq-2.80-SIOCGSTAMP.patch
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1834454
|
||||
Patch17: dnsmasq-2.81-rh1834454.patch
|
||||
|
||||
# This is workaround to nettle bug #1549190
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1549190
|
||||
Requires: nettle >= 3.4
|
||||
Requires: nettle
|
||||
|
||||
BuildRequires: dbus-devel
|
||||
BuildRequires: pkgconfig
|
||||
|
|
@ -186,6 +181,9 @@ install -Dpm 644 %{SOURCE2} %{buildroot}%{_sysusersdir}/%{name}.conf
|
|||
%{_mandir}/man1/dhcp_*
|
||||
|
||||
%changelog
|
||||
* Wed Mar 31 2021 Petr Menšík <pemensik@redhat.com> - 2.85-1.rc2
|
||||
- Update to 2.85rc2 (CVE-2021-3448)
|
||||
|
||||
* Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 2.84-2
|
||||
- Rebuilt for updated systemd-rpm-macros
|
||||
See https://pagure.io/fesco/issue/2583.
|
||||
|
|
|
|||
4
sources
4
sources
|
|
@ -1,2 +1,2 @@
|
|||
SHA512 (dnsmasq-2.84.tar.xz) = e84bdcdf3cf35f08e8492eb5aa89ee6543233bdb821d01f164783bd6d0913ec01c513e85e2109352c77e77142a1a94bedcd3361f37d7b2a9a5d35a02448e85c6
|
||||
SHA512 (dnsmasq-2.84.tar.xz.asc) = 097bc87a6aa9c5a01b3eefd4593b1de26c8565e2ad40bbf8627a0fa143101deeea313d0266eb068ab378996e0ac033f4a5b1890a823b69a9dc216049239e316a
|
||||
SHA512 (dnsmasq-2.85rc2.tar.xz) = a27576702c7f162d84dafc0e1d5fb41c76647191eb687eab902b8d2f8e10cf4a901fc3273cae5f0c315c83d2987416c8d8da7eb35118294ffcc67a803c2c7f72
|
||||
SHA512 (dnsmasq-2.85rc2.tar.xz.asc) = 72bbe0c1602244af27172f4ae07c77e05095b747f0a353e8c883b6abcb2bba898fd83b85fa8631a62652ec784348481327b059e7ce8084613d6815a022e54d24
|
||||
|
|
|
|||
Loading…
Reference in New Issue