Commit Graph

11 Commits

Author SHA1 Message Date
Tomas Korbar
f76916a4d7 Fix CVE 2023-50387 and CVE 2023-50868
Resolves: RHEL-25667
Resolves: RHEL-25629
2024-03-18 11:25:04 +01:00
Petr Menšík
c5009ce16a Do not crash on invalid domain in --synth-domain option
Avoid crashing on empty or . domains specified.

Upstream Changelog:
Fix crash on startup with a --synth-domain which has no prefix.
Introduced in 2.79. Thanks to Andreas Engel for the bug report.

Resolves: RHEL-15216
2023-11-01 18:47:53 +01:00
Petr Menšík
8a2a7d987c Do not create server_domain for non-server records
--local=/example/ and --address=/example/# create records, which contain
no address or just NULL address. Some people generate quite large
blocklists, which then can take quite long to walk through. Because it
uses linear algorithm, it gets quite slow.

Similar to upstream in 2.86, avoid walking through literal addresses or
local blocks. Speeds up significantly loading of 50k or more records.

Fixed regression caused by commit 73f4c86bcc

Resolves: rhbz#2233542
(cherry picked from commit 418de6681f)
2023-08-22 16:06:39 +02:00
Petr Menšík
d4f93c3c5e Add group writeable permission for log file
When log-facility is used to create a new file, make that file also
writeable by root. Systemd strips the ability to write into this file
even when started by root. Allow root explicitly.

Resolves: rhbz#2207798
(cherry picked from commit cafac891ea)
2023-07-20 22:02:17 +02:00
Petr Menšík
2084d400c7 fixup! Correct releasing of serv_domain
Ensure correct domain entries are prepared also for DBus specified
domains. Initialize server_domain when adding new nameserver, no matter
what is its source. Do not wait for check_servers() to domain
initialization.

Resolves: rhbz#2186481
2023-05-10 13:43:45 +02:00
Petr Menšík
764271fcfc Correct releasing of serv_domain
In case the server->serv_domain points to domain also when it is not the
last server used, ensure the reference to last_server is always reset.
Some records might reference the server_domain, but cannot ever become
last_server. Such as server=/example.com/#

Do proper check also for above case and do not delete used serv_domain
structure. Also do optimization to reuse common server domains and do
not create new entry to already existing one.

Do two step cleaning during nameservers cleanup stage. Should avoid any
invalid pointer present.

Resolves: rhbz#2186481
2023-04-21 19:21:08 +02:00
Petr Menšík
f132a4c40b Set the default maximum DNS UDP packet size to 1232
Resolves: CVE-2023-28450
2023-04-21 19:19:26 +02:00
CentOS Sources
8237ae4b13 Auto sync2gitlab import of dnsmasq-2.79-26.el8.src.rpm 2023-02-18 00:17:53 +00:00
CentOS Sources
65adf43f35 Auto sync2gitlab import of dnsmasq-2.79-24.el8.src.rpm 2022-08-26 16:14:04 +00:00
CentOS Sources
079cef3ac0 Auto sync2gitlab import of dnsmasq-2.79-23.el8.src.rpm 2022-08-02 06:12:39 +00:00
James Antill
ede9cffdaa Auto sync2gitlab import of dnsmasq-2.79-21.el8.src.rpm 2022-05-26 01:20:47 -04:00