Update to 2.85rc2
Fixes CVE-2021-3448 and few more regressions.
This commit is contained in:
parent
93943b79fb
commit
f497e41434
2
.gitignore
vendored
2
.gitignore
vendored
@ -38,3 +38,5 @@ dnsmasq-2.52.tar.lzma
|
|||||||
/dnsmasq-2.83.tar.xz.asc
|
/dnsmasq-2.83.tar.xz.asc
|
||||||
/dnsmasq-2.84.tar.xz
|
/dnsmasq-2.84.tar.xz
|
||||||
/dnsmasq-2.84.tar.xz.asc
|
/dnsmasq-2.84.tar.xz.asc
|
||||||
|
/dnsmasq-2.85rc2.tar.xz
|
||||||
|
/dnsmasq-2.85rc2.tar.xz.asc
|
||||||
|
@ -1,59 +0,0 @@
|
|||||||
From 02b6209f8085cbe3443f8623ccdc31f020825507 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Petr Mensik <pemensik@redhat.com>
|
|
||||||
Date: Wed, 31 Jul 2019 20:35:35 +0200
|
|
||||||
Subject: [PATCH] Recent kernel no longer supports SIOCGSTAMP
|
|
||||||
|
|
||||||
Build without it defined by kernel headers. Do not try SO_TIMESTAMP
|
|
||||||
until fixed properly.
|
|
||||||
---
|
|
||||||
src/dhcp.c | 30 +++++++++++++++++-------------
|
|
||||||
1 file changed, 17 insertions(+), 13 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/src/dhcp.c b/src/dhcp.c
|
|
||||||
index bea4688..13373ae 100644
|
|
||||||
--- a/src/dhcp.c
|
|
||||||
+++ b/src/dhcp.c
|
|
||||||
@@ -178,23 +178,27 @@ void dhcp_packet(time_t now, int pxe_fd)
|
|
||||||
(sz < (ssize_t)(sizeof(*mess) - sizeof(mess->options))))
|
|
||||||
return;
|
|
||||||
|
|
||||||
- #if defined (HAVE_LINUX_NETWORK)
|
|
||||||
+#if defined (HAVE_LINUX_NETWORK)
|
|
||||||
+#ifdef SIOCGSTAMP
|
|
||||||
if (ioctl(fd, SIOCGSTAMP, &tv) == 0)
|
|
||||||
recvtime = tv.tv_sec;
|
|
||||||
+#endif
|
|
||||||
|
|
||||||
if (msg.msg_controllen >= sizeof(struct cmsghdr))
|
|
||||||
- for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr))
|
|
||||||
- if (cmptr->cmsg_level == IPPROTO_IP && cmptr->cmsg_type == IP_PKTINFO)
|
|
||||||
- {
|
|
||||||
- union {
|
|
||||||
- unsigned char *c;
|
|
||||||
- struct in_pktinfo *p;
|
|
||||||
- } p;
|
|
||||||
- p.c = CMSG_DATA(cmptr);
|
|
||||||
- iface_index = p.p->ipi_ifindex;
|
|
||||||
- if (p.p->ipi_addr.s_addr != INADDR_BROADCAST)
|
|
||||||
- unicast_dest = 1;
|
|
||||||
- }
|
|
||||||
+ {
|
|
||||||
+ for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr))
|
|
||||||
+ if (cmptr->cmsg_level == IPPROTO_IP && cmptr->cmsg_type == IP_PKTINFO)
|
|
||||||
+ {
|
|
||||||
+ union {
|
|
||||||
+ unsigned char *c;
|
|
||||||
+ struct in_pktinfo *p;
|
|
||||||
+ } p;
|
|
||||||
+ p.c = CMSG_DATA(cmptr);
|
|
||||||
+ iface_index = p.p->ipi_ifindex;
|
|
||||||
+ if (p.p->ipi_addr.s_addr != INADDR_BROADCAST)
|
|
||||||
+ unicast_dest = 1;
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
|
|
||||||
#elif defined(HAVE_BSD_NETWORK)
|
|
||||||
if (msg.msg_controllen >= sizeof(struct cmsghdr))
|
|
||||||
--
|
|
||||||
2.26.2
|
|
||||||
|
|
@ -1,62 +0,0 @@
|
|||||||
From 3d113137fd64cd0723cbecab6a36a75d3ecfb0a6 Mon Sep 17 00:00:00 2001
|
|
||||||
From: =?UTF-8?q?Harald=20Jens=C3=A5s?= <hjensas@redhat.com>
|
|
||||||
Date: Thu, 7 May 2020 00:33:54 +0200
|
|
||||||
Subject: [PATCH 1/1] Fix regression in s_config_in_context() method
|
|
||||||
|
|
||||||
Prior to commit 137286e9baecf6a3ba97722ef1b49c851b531810
|
|
||||||
a config would not be considered in context if:
|
|
||||||
a) it has no address family flags set
|
|
||||||
b) it has the address family flag of current context set
|
|
||||||
|
|
||||||
Since above commit config is considered in context if the
|
|
||||||
address family is the opposite of current context.
|
|
||||||
|
|
||||||
The result is that a config with two dhcp-host records,
|
|
||||||
one for IPv6 and another for IPv4 no longer works, for
|
|
||||||
example with the below config the config with the IPv6
|
|
||||||
address would be considered in context for a DHCP(v4)
|
|
||||||
request.
|
|
||||||
dhcp-host=52:54:00:bc:c3:fd,172.20.0.11,host2
|
|
||||||
dhcp-host=52:54:00:bc:c3:fd,[fd12:3456:789a:1::aadd],host2
|
|
||||||
|
|
||||||
This commit restores the previous behavior.
|
|
||||||
---
|
|
||||||
src/dhcp-common.c | 10 +++++++---
|
|
||||||
1 file changed, 7 insertions(+), 3 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/src/dhcp-common.c b/src/dhcp-common.c
|
|
||||||
index eae9886..ffc78ca 100644
|
|
||||||
--- a/src/dhcp-common.c
|
|
||||||
+++ b/src/dhcp-common.c
|
|
||||||
@@ -280,14 +280,18 @@ static int is_config_in_context(struct dhcp_context *context, struct dhcp_config
|
|
||||||
{
|
|
||||||
if (!context) /* called via find_config() from lease_update_from_configs() */
|
|
||||||
return 1;
|
|
||||||
-
|
|
||||||
+
|
|
||||||
+ /* No address present in config == in context */
|
|
||||||
+ if (!(config->flags & (CONFIG_ADDR | CONFIG_ADDR6)))
|
|
||||||
+ return 1;
|
|
||||||
+
|
|
||||||
#ifdef HAVE_DHCP6
|
|
||||||
if (context->flags & CONTEXT_V6)
|
|
||||||
{
|
|
||||||
struct addrlist *addr_list;
|
|
||||||
|
|
||||||
if (!(config->flags & CONFIG_ADDR6))
|
|
||||||
- return 1;
|
|
||||||
+ return 0;
|
|
||||||
|
|
||||||
for (; context; context = context->current)
|
|
||||||
for (addr_list = config->addr6; addr_list; addr_list = addr_list->next)
|
|
||||||
@@ -303,7 +307,7 @@ static int is_config_in_context(struct dhcp_context *context, struct dhcp_config
|
|
||||||
#endif
|
|
||||||
{
|
|
||||||
if (!(config->flags & CONFIG_ADDR))
|
|
||||||
- return 1;
|
|
||||||
+ return 0;
|
|
||||||
|
|
||||||
for (; context; context = context->current)
|
|
||||||
if ((config->flags & CONFIG_ADDR) && is_same_net(config->addr, context->start, context->netmask))
|
|
||||||
--
|
|
||||||
2.25.4
|
|
16
dnsmasq.spec
16
dnsmasq.spec
@ -1,5 +1,5 @@
|
|||||||
%define testrelease 0
|
%define testrelease 0
|
||||||
%define releasecandidate 0
|
%define releasecandidate 2
|
||||||
%if 0%{testrelease}
|
%if 0%{testrelease}
|
||||||
%define extrapath test-releases/
|
%define extrapath test-releases/
|
||||||
%define extraversion test%{testrelease}
|
%define extraversion test%{testrelease}
|
||||||
@ -19,8 +19,8 @@
|
|||||||
%bcond_with sourcegit
|
%bcond_with sourcegit
|
||||||
|
|
||||||
Name: dnsmasq
|
Name: dnsmasq
|
||||||
Version: 2.84
|
Version: 2.85
|
||||||
Release: 2%{?extraversion:.%{extraversion}}%{?dist}
|
Release: 1%{?extraversion:.%{extraversion}}%{?dist}
|
||||||
Summary: A lightweight DHCP/caching DNS server
|
Summary: A lightweight DHCP/caching DNS server
|
||||||
|
|
||||||
License: GPLv2 or GPLv3
|
License: GPLv2 or GPLv3
|
||||||
@ -41,13 +41,8 @@ Patch1: dnsmasq-2.77-underflow.patch
|
|||||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1852373
|
# https://bugzilla.redhat.com/show_bug.cgi?id=1852373
|
||||||
Patch2: dnsmasq-2.81-configuration.patch
|
Patch2: dnsmasq-2.81-configuration.patch
|
||||||
Patch3: dnsmasq-2.78-fips.patch
|
Patch3: dnsmasq-2.78-fips.patch
|
||||||
Patch9: dnsmasq-2.80-SIOCGSTAMP.patch
|
|
||||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1834454
|
|
||||||
Patch17: dnsmasq-2.81-rh1834454.patch
|
|
||||||
|
|
||||||
# This is workaround to nettle bug #1549190
|
Requires: nettle
|
||||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1549190
|
|
||||||
Requires: nettle >= 3.4
|
|
||||||
|
|
||||||
BuildRequires: dbus-devel
|
BuildRequires: dbus-devel
|
||||||
BuildRequires: pkgconfig
|
BuildRequires: pkgconfig
|
||||||
@ -186,6 +181,9 @@ install -Dpm 644 %{SOURCE2} %{buildroot}%{_sysusersdir}/%{name}.conf
|
|||||||
%{_mandir}/man1/dhcp_*
|
%{_mandir}/man1/dhcp_*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Mar 31 2021 Petr Menšík <pemensik@redhat.com> - 2.85-1.rc2
|
||||||
|
- Update to 2.85rc2 (CVE-2021-3448)
|
||||||
|
|
||||||
* Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 2.84-2
|
* Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 2.84-2
|
||||||
- Rebuilt for updated systemd-rpm-macros
|
- Rebuilt for updated systemd-rpm-macros
|
||||||
See https://pagure.io/fesco/issue/2583.
|
See https://pagure.io/fesco/issue/2583.
|
||||||
|
4
sources
4
sources
@ -1,2 +1,2 @@
|
|||||||
SHA512 (dnsmasq-2.84.tar.xz) = e84bdcdf3cf35f08e8492eb5aa89ee6543233bdb821d01f164783bd6d0913ec01c513e85e2109352c77e77142a1a94bedcd3361f37d7b2a9a5d35a02448e85c6
|
SHA512 (dnsmasq-2.85rc2.tar.xz) = a27576702c7f162d84dafc0e1d5fb41c76647191eb687eab902b8d2f8e10cf4a901fc3273cae5f0c315c83d2987416c8d8da7eb35118294ffcc67a803c2c7f72
|
||||||
SHA512 (dnsmasq-2.84.tar.xz.asc) = 097bc87a6aa9c5a01b3eefd4593b1de26c8565e2ad40bbf8627a0fa143101deeea313d0266eb068ab378996e0ac033f4a5b1890a823b69a9dc216049239e316a
|
SHA512 (dnsmasq-2.85rc2.tar.xz.asc) = 72bbe0c1602244af27172f4ae07c77e05095b747f0a353e8c883b6abcb2bba898fd83b85fa8631a62652ec784348481327b059e7ce8084613d6815a022e54d24
|
||||||
|
Loading…
Reference in New Issue
Block a user