SOURCES/dnsmasq-2.80-synth-domain-RHEL-15216.patch

@@ -0,0 +1,28 @@
+From 0a970b2a19c9fe5166e846d8a0c8b4f4fa5f1b4f Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Mon, 30 Jul 2018 14:55:39 +0100
+Subject: [PATCH] Fix crash parsing a --synth-domain with no prefix. Problem
+ introduced in 2.79/6b2b564ac34cb3c862f168e6b1457f9f0b9ca69c
+
+---
+ src/option.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/src/option.c b/src/option.c
+index b22fc90..4e54afb 100644
+--- a/src/option.c
++++ b/src/option.c
+@@ -2347,7 +2347,9 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
+ 		      char *star;
+ 		      new->next = daemon->synth_domains;
+ 		      daemon->synth_domains = new;
+-		      if ((star = strrchr(new->prefix, '*')) && *(star+1) == 0)
++		      if (new->prefix &&
++			  (star = strrchr(new->prefix, '*'))
++			  && *(star+1) == 0)
+ 			{
+ 			  *star = 0;
+ 			  new->indexed = 1;
+-- 
+2.41.0
+

SPECS/dnsmasq.spec

@@ -13,7 +13,7 @@
 
 Name:           dnsmasq
 Version:        2.79
-Release:        31%{?extraversion:.%{extraversion}}%{?dist}
+Release:        33%{?extraversion:.%{extraversion}}%{?dist}
 Summary:        A lightweight DHCP/caching DNS server
 
 License:        GPLv2 or GPLv3
@@ -96,6 +96,10 @@ Patch43:        dnsmasq-2.87-log-root-writeable.patch
 # Downstream only patch; https://bugzilla.redhat.com/show_bug.cgi?id=2209031
 # complements patch42
 Patch44:        dnsmasq-2.85-domain-blocklist-speedup.patch
+# http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=dd33e98da09c487a58b6cb6693b8628c0b234a3b
+Patch45:        dnsmasq-2.80-synth-domain-RHEL-15216.patch
+# https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=214a046f47b9f7dd56f5eef3a8678ccbd6e973b7
+Patch46:	dnsmasq-2.90-CVE-2023-50387-CVE-2023-50868.patch
 
 # This is workaround to nettle bug #1549190
 # https://bugzilla.redhat.com/show_bug.cgi?id=1549190
@@ -173,6 +177,8 @@ server's leases.
 %patch42 -p1 -b .rh2186481-2
 %patch43 -p1 -b .rh2156789
 %patch44 -p1 -b .rh2209031
+%patch45 -p1 -b .RHEL-15216
+%patch46 -p1 -b .CVE-2023-50387-CVE-2023-50868
 
 # use /var/lib/dnsmasq instead of /var/lib/misc
 for file in dnsmasq.conf.example man/dnsmasq.8 man/es/dnsmasq.8 src/config.h; do
@@ -272,6 +278,14 @@ install -Dpm 644 %{SOURCE2} %{buildroot}%{_sysusersdir}/dnsmasq.conf
 %{_mandir}/man1/dhcp_*
 
 %changelog
+* Mon Mar 18 2024 Tomas Korbar <tkorbar@redhat.com> - 2.79-33
+- Fix CVE 2023-50387 and CVE 2023-50868
+- Resolves: RHEL-25667
+- Resolves: RHEL-25629
+
+* Wed Nov 01 2023 Petr Menšík <pemensik@redhat.com> - 2.79-32
+- Do not crash on invalid domain in --synth-domain option (RHEL-15216)
+
 * Wed Jun 14 2023 Petr Menšík <pemensik@redhat.com> - 2.79-31
 - Do not create and search --local and --address=/x/# domains (#2233542)