Commit Graph

147 Commits

Author SHA1 Message Date
Petr Menšík
db0bc30a48 Fix DNSSEC passtrough 2018-07-02 16:51:26 +02:00
Petr Menšík
41e404dd4c Do not own sysusers.d directory, already depends on systemd providing it 2018-03-22 18:25:04 +01:00
Petr Menšík
d198336fea Require nettle 3.4 2018-03-22 18:25:04 +01:00
Petr Menšík
1f9c5b6ea6 - Rebase to 2.79
- Stop using nettle_hashes directly, use access function (#1548060)
- Do not break on cname with spaces (#1498667)

Signed-off-by: Petr Menšík <pemensik@redhat.com>
2018-03-22 18:25:04 +01:00
Petr Menšík
144c414c67 Emit warning with dnssec enabled on FIPS system (#1549507)
Signed-off-by: Petr Menšík <pemensik@redhat.com>
2018-03-02 13:18:01 +01:00
Zbigniew Jędrzejewski-Szmek
d61ff2b613 Create user before installing files 2018-02-25 12:29:00 +01:00
Zbigniew Jędrzejewski-Szmek
f5bcbb09d9 Modernize the spec file a bit 2018-02-25 12:24:56 +01:00
Petr Menšík
dc378b565b Create user first and then restart service
Signed-off-by: Petr Menšík <pemensik@redhat.com>
2018-02-23 10:29:12 +01:00
Itamar Reis Peixoto
c81a33501e fix bz #1548050 2018-02-22 23:38:17 -03:00
Igor Gnatenko
1250e53590
Remove %clean section
None of currently supported distributions need that.
Last one was EL5 which is EOL for a while.

Signed-off-by: Igor Gnatenko <ignatenkobrain@fedoraproject.org>
2018-02-14 07:58:06 +01:00
Igor Gnatenko
d8871b193f Remove BuildRoot definition
None of currently supported distributions need that.
It was needed last for EL5 which is EOL now

Signed-off-by: Igor Gnatenko <ignatenkobrain@fedoraproject.org>
2018-02-13 23:13:50 +01:00
Fedora Release Engineering
d2b4129eba - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2018-02-07 07:04:50 +00:00
Petr Menšík
8cd7421e9d DNSSEC fix for wildcard NSEC records (CVE-2017-15107)
Signed-off-by: Petr Menšík <pemensik@redhat.com>
2018-01-22 15:38:46 +01:00
Petr Menšík
1447e0aebc Rebase to 2.78
Signed-off-by: Petr Menšík <pemensik@redhat.com>
2017-10-03 17:30:29 +02:00
Petr Menšík
35c602043d More patches related to CVE-2017-14491
Signed-off-by: Petr Menšík <pemensik@redhat.com>
2017-10-03 13:53:42 +02:00
Petr Menšík
d528970d82 Do not include stdio.h before dnsmasq.h
We define some constants in dnsmasq.h, which have an influence on
stdio.h. So do not include stdio.h before dnsmasq.h.

Signed-off-by: Petr Menšík <pemensik@redhat.com>
2017-10-02 17:25:16 +02:00
Petr Menšík
6379c5b2d4 Security fix, CVE-2017-14491, DNS heap buffer overflow.
Further fix to 0549c73b7ea6b22a3c49beb4d432f185a81efcbc
Handles case when RR name is not a pointer to the question,
only occurs for some auth-mode replies, therefore not
detected by fuzzing (?)

Signed-off-by: Petr Menšík <pemensik@redhat.com>
2017-10-02 17:17:17 +02:00
Petr Menšík
dfac991c15 Misc code cleanups arising from Google analysis.
No security impleications or CVEs.

Signed-off-by: Petr Menšík <pemensik@redhat.com>
2017-10-02 17:14:22 +02:00
Petr Menšík
ce9aecdce0 Security fix, CVE-2017-14495, OOM in DNS response
creation.

    Fix out-of-memory Dos vulnerability. An attacker which can
    send malicious DNS queries to dnsmasq can trigger memory
    allocations in the add_pseudoheader function
    The allocated memory is never freed which leads to a DoS
    through memory exhaustion. dnsmasq is vulnerable only
    if one of the following option is specified:
    --add-mac, --add-cpe-id or --add-subnet.

Signed-off-by: Petr Menšík <pemensik@redhat.com>
2017-10-02 17:08:22 +02:00
Petr Menšík
d75aef2c01 Security fix, CVE-2017-14496, Integer underflow in DNS response creation.
Fix DoS in DNS. Invalid boundary checks in the
    add_pseudoheader function allows a memcpy call with negative
    size An attacker which can send malicious DNS queries
    to dnsmasq can trigger a DoS remotely.
    dnsmasq is vulnerable only if one of the following option is
    specified: --add-mac, --add-cpe-id or --add-subnet.

Signed-off-by: Petr Menšík <pemensik@redhat.com>
2017-10-02 17:08:22 +02:00
Petr Menšík
e66c11835d Security fix, CVE-2017-14494, Infoleak handling DHCPv6 forwarded requests.
Fix information leak in DHCPv6. A crafted DHCPv6 packet can
    cause dnsmasq to forward memory from outside the packet
    buffer to a DHCPv6 server when acting as a relay.

Signed-off-by: Petr Menšík <pemensik@redhat.com>
2017-10-02 17:08:22 +02:00
Petr Menšík
e84d4fc50e Security fix, CVE-2017-14493, DHCPv6 - Stack buffer overflow.
Fix stack overflow in DHCPv6 code. An attacker who can send
a DHCPv6 request to dnsmasq can overflow the stack frame and
crash or control dnsmasq.

Signed-off-by: Petr Menšík <pemensik@redhat.com>
2017-10-02 17:08:22 +02:00
Petr Menšík
2daf3ff20f Security fix, CVE-2017-14492, DHCPv6 RA heap overflow.
Fix heap overflow in IPv6 router advertisement code.
This is a potentially serious security hole, as a
crafted RA request can overflow a buffer and crash or
control dnsmasq. Attacker must be on the local network.

Signed-off-by: Petr Menšík <pemensik@redhat.com>
2017-10-02 17:08:22 +02:00
Petr Menšík
bd80bf435e Security fix, CVE-2017-14491 DNS heap buffer overflow.
Fix heap overflow in DNS code. This is a potentially serious
security hole. It allows an attacker who can make DNS
requests to dnsmasq, and who controls the contents of
a domain, which is thereby queried, to overflow
(by 2 bytes) a heap buffer and either crash, or
even take control of, dnsmasq.

Signed-off-by: Petr Menšík <pemensik@redhat.com>
2017-10-02 17:08:22 +02:00
Petr Menšík
9d2935df23 Actually apply CVE fix 2017-09-26 13:42:46 +02:00
Petr Menšík
234a50f2b7 Fix CVE-2017-13704 2017-09-14 18:14:52 +02:00
Petr Menšík
81f0dbf828 Own the /usr/share/dnsmasq dir (#1480856) 2017-08-14 15:40:33 +02:00
Fedora Release Engineering
5ffdeda31f - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild 2017-08-02 19:40:59 +00:00
Fedora Release Engineering
d47ff42c98 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild 2017-07-26 06:22:31 +00:00
Petr Menšík
4b7ea7ea04 Update to 2.77 2017-06-07 11:35:10 +02:00
Petr Menšík
a26c714178 Fix unresponsible DHCP 2017-05-12 16:23:10 +02:00
Petr Menšík
389f40bfd5 Update to 2.77rc2 2017-05-11 19:42:38 +02:00
Petr Menšík
1db48a66a4 Support for IDN 2008 (#1449150) 2017-05-11 17:58:36 +02:00
Petr Menšík
323f116aa8 Include dhcp_release6 tool and license in utils 2017-05-11 17:56:41 +02:00
Fedora Release Engineering
1e0b4d4c56 - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild 2017-02-10 08:29:47 +00:00
Pavel Šimerda
cfdd2cf764 Resolves: #1373485 - dns not updated after sleep and resume laptop 2016-10-19 16:00:41 +02:00
Pavel Šimerda
30dfb66768 New version 2.76 2016-07-15 14:30:31 +02:00
Dennis Gilmore
566245555d - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild 2016-02-03 18:51:06 +00:00
Tomas Hozza
14e228cae8 Fixed minor bug in dnsmasq.conf (#1295143) 2016-01-25 11:16:36 +01:00
Pavel Šimerda
e6ea56c2ab Resolves: #1239256 - install trust-anchors.conf 2015-10-02 16:24:49 +02:00
Pavel Šimerda
68c179ea5c new version 2.75 2015-08-05 16:10:25 +02:00
Dennis Gilmore
aca4e7adb5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild 2015-06-17 04:14:11 +00:00
Nils Philippsen
b707570673 drop %triggerun
We're not supposed to automatically migrate from SysV to systemd anyway.
2014-10-06 15:28:13 +02:00
Nils Philippsen
c4cad4212b bump release 2014-10-06 14:27:16 +02:00
Nils Philippsen
f638f9b864 only require systemd-sysv and chkconfig for %triggerun 2014-10-06 14:26:58 +02:00
Nils Philippsen
a333098036 package is dual-licensed GPL v2 or v3 2014-10-06 14:26:33 +02:00
Nils Philippsen
faf594624d don't include /etc/dnsmasq.d in triplicate
ignore RPM backup files instead
2014-10-06 14:25:38 +02:00
Tomas Hozza
c0cb2fb429 Fix typo in default configuration (#1149459)
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2014-10-06 10:35:08 +02:00
Tomas Hozza
848bf9f984 Update to 2.72 stable
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2014-09-25 17:36:51 +02:00
Peter Robinson
7bb1482771 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild 2014-08-16 03:08:55 +00:00