pool/dnsmasq
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 1034136 from network

Browse Source 
OBS-URL: https://build.opensuse.org/request/show/1034136
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/dnsmasq?expand=0&rev=89
This commit is contained in:
Dominique Leuenberger 2022-11-08 09:53:18 +00:00 committed by Git OBS Bridge
commit 70d707bb81
8 changed files with 82 additions and 234 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
dnsmasq-2.86.tar.xz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:28d52cfc9e2004ac4f85274f52b32e1647b4dbc9761b82e7de1e41c49907eb08
size 531404

16
dnsmasq-2.86.tar.xz.asc
View File

@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEE1urL1u5GuDQkjRESFc3aauGRNaIFAmE5MDYACgkQFc3aauGR
NaKtqA//W2QQv/K6l009r6LBQdUxrYwygJ/TXKsZLb6JlpVSCgLJ0FvK95wJnt9S
YxeTbMogr/Pd2jbZJAnPz2mTxfqZAv1Xob+qaXfn/K772tMyjzgUCIfdsBSRKmUS
RYxln8NiMwahI8uYLBWLtSPBpaYLiHEp5W+wV6OHu4OGfCG1qyhlem4Hs1UJy2KN
I6UjLXYJYJBp1UBqsakEuNe4dzUp0v0OI4VYYRUriyTsmptcLFZMUAtdq6EJ9eUX
0p8zhxWotJCzkZrF/t6Myb8ydudwLkUqICA6a9PTw5o34KxZ2VKWtu6NQoWaT8WK
5c7gbk/UprlPhKEDMOuGNC5JHSpm+2Fhq8c8PkIn6zPYv0Wvb/M+2DYLjptfbodl
VHhuzngnneFOdNK+XzPCG37cG1qpzey1mLWtsl5Ji0d1hBLnlk9vl8Hqb5ozLAJC
rMlhIB85hyt6VAj29Ye3DnObNLRSmfDiN4frptmQssqMqO1+eI2b/8zvrxIByYG+
HboOt5/gotVavAmZwPfesbpje50PaPVTgFjQjc8BAwXEhFsn98MVRdz7Iwc5xQmG
upOd+44HC3at+So9+X9ocVofvItuDn7wYVnoZU7LcF5Isnoz3FhRMAusm8EsfJkI
lQr7vsg5/oUBU2Dr/NCBjbe/cYX4/+BEdnnQkLvG33pF8xTiyAQ=
=XpGA
-----END PGP SIGNATURE-----

3
dnsmasq-2.87.tar.xz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:0228c0364a7f2356fd7e7f1549937cbf3099a78d3b2eb1ba5bb0c31e2b89de7a
size 540528

16
dnsmasq-2.87.tar.xz.asc Normal file
View File

@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEE1urL1u5GuDQkjRESFc3aauGRNaIFAmMwyhgACgkQFc3aauGR
NaILSQ/+Kp/68XUjc6i5fArQOT3vfsbHWxPfyIm44sij50iJMMmuKFArJE7IRRTw
XJFu8ILIVKwLwFgGbQqcNlcL8gtQweKQioe/WPacvX6TeIVGZ2+SBBO69A6gDtUy
FmP47IgskXNlfQIJxUDgtC6khWNad0jTcb/tSVePDDuuUkHIcVZ8esEo7ZFRGitI
Uf+Kwjn81lwiaRHyCo26GRfUIrMEcLmaawKaeGsb09PCyRDK74vXGhkqcd49qMeF
xU4zOn9jqUrCvFKa4Vq6m9SJbnp+U3c10ETTUWDDm7sh4YN1XvM0B8MkRDlB8jlZ
f9YrdydTVXK4U21/YbQNJvyHCED7kB1T8xLRwomxZ9dhAL6Sna9NCGWIwosdzzgo
8fsYNhWammcxkok+5cL4GlBDIBua8VEtJARxvyQFgD1w2lgxMC1xcX8vT+9O1hWS
hwcld7mGD0sbnBuRYOFiV6vEk4UtvRIM+/JBnRJhDSSFL3+3Bw8BSjDgs293JPYT
/lX9/JyMfdz6L9VsJm8YtwtGcmwqQKdLpJDS104PE1S6GciF5ubvqpz1Go6JLoNA
vQGLs8CG2wlH1PJwFpCDQfOeBknPcvpB9PjbEWudQ+S3MJ/rA0J021OwIyfZ1QYZ
mxjUWmvXSDEPhkAnNnXtnOTbrmAbWxEqvgC1KHAxZWkk3HPyY1Y=
=w6LM
-----END PGP SIGNATURE-----

179
dnsmasq-CVE-2022-0934.patch
View File

@ -1,179 +0,0 @@
From 03345ecefeb0d82e3c3a4c28f27c3554f0611b39 Mon Sep 17 00:00:00 2001
From: Simon Kelley <simon@thekelleys.org.uk>
Date: Thu, 31 Mar 2022 21:35:20 +0100
Subject: [PATCH] Fix write-after-free error in DHCPv6 code. CVE-2022-0934
refers.
---
CHANGELOG | 3 +++
src/rfc3315.c | 48 +++++++++++++++++++++++++++---------------------
2 files changed, 30 insertions(+), 21 deletions(-)
--- CHANGELOG.orig
+++ CHANGELOG
@@ -1,3 +1,8 @@
+
+ Fix write-after-free error in DHCPv6 server code.
+ CVE-2022-0934 refers.
+
+
version 2.86
Handle DHCPREBIND requests in the DHCPv6 server code.
Thanks to Aichun Li for spotting this omission, and the initial
--- src/rfc3315.c.orig
+++ src/rfc3315.c
@@ -33,9 +33,9 @@ struct state {
unsigned int mac_len, mac_type;
};
-static int dhcp6_maybe_relay(struct state *state, void *inbuff, size_t sz,
+static int dhcp6_maybe_relay(struct state *state, unsigned char *inbuff, size_t sz,
struct in6_addr *client_addr, int is_unicast, time_t now);
-static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_t sz, int is_unicast, time_t now);
+static int dhcp6_no_relay(struct state *state, int msg_type, unsigned char *inbuff, size_t sz, int is_unicast, time_t now);
static void log6_opts(int nest, unsigned int xid, void *start_opts, void *end_opts);
static void log6_packet(struct state *state, char *type, struct in6_addr *addr, char *string);
static void log6_quiet(struct state *state, char *type, struct in6_addr *addr, char *string);
@@ -104,12 +104,12 @@ unsigned short dhcp6_reply(struct dhcp_c
}
/* This cost me blood to write, it will probably cost you blood to understand - srk. */
-static int dhcp6_maybe_relay(struct state *state, void *inbuff, size_t sz,
+static int dhcp6_maybe_relay(struct state *state, unsigned char *inbuff, size_t sz,
struct in6_addr *client_addr, int is_unicast, time_t now)
{
void *end = inbuff + sz;
void *opts = inbuff + 34;
- int msg_type = *((unsigned char *)inbuff);
+ int msg_type = *inbuff;
unsigned char *outmsgtypep;
void *opt;
struct dhcp_vendor *vendor;
@@ -259,15 +259,15 @@ static int dhcp6_maybe_relay(struct stat
return 1;
}
-static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_t sz, int is_unicast, time_t now)
+static int dhcp6_no_relay(struct state *state, int msg_type, unsigned char *inbuff, size_t sz, int is_unicast, time_t now)
{
void *opt;
- int i, o, o1, start_opts;
+ int i, o, o1, start_opts, start_msg;
struct dhcp_opt *opt_cfg;
struct dhcp_netid *tagif;
struct dhcp_config *config = NULL;
struct dhcp_netid known_id, iface_id, v6_id;
- unsigned char *outmsgtypep;
+ unsigned char outmsgtype;
struct dhcp_vendor *vendor;
struct dhcp_context *context_tmp;
struct dhcp_mac *mac_opt;
@@ -296,12 +296,13 @@ static int dhcp6_no_relay(struct state *
v6_id.next = state->tags;
state->tags = &v6_id;
- /* copy over transaction-id, and save pointer to message type */
- if (!(outmsgtypep = put_opt6(inbuff, 4)))
+ start_msg = save_counter(-1);
+ /* copy over transaction-id */
+ if (!put_opt6(inbuff, 4))
return 0;
start_opts = save_counter(-1);
- state->xid = outmsgtypep[3] | outmsgtypep[2] << 8 | outmsgtypep[1] << 16;
-
+ state->xid = inbuff[3] | inbuff[2] << 8 | inbuff[1] << 16;
+
/* We're going to be linking tags from all context we use.
mark them as unused so we don't link one twice and break the list */
for (context_tmp = state->context; context_tmp; context_tmp = context_tmp->current)
@@ -347,7 +348,7 @@ static int dhcp6_no_relay(struct state *
(msg_type == DHCP6REQUEST || msg_type == DHCP6RENEW || msg_type == DHCP6RELEASE || msg_type == DHCP6DECLINE))
{
- *outmsgtypep = DHCP6REPLY;
+ outmsgtype = DHCP6REPLY;
o1 = new_opt6(OPTION6_STATUS_CODE);
put_opt6_short(DHCP6USEMULTI);
put_opt6_string("Use multicast");
@@ -619,11 +620,11 @@ static int dhcp6_no_relay(struct state *
struct dhcp_netid *solicit_tags;
struct dhcp_context *c;
- *outmsgtypep = DHCP6ADVERTISE;
+ outmsgtype = DHCP6ADVERTISE;
if (opt6_find(state->packet_options, state->end, OPTION6_RAPID_COMMIT, 0))
{
- *outmsgtypep = DHCP6REPLY;
+ outmsgtype = DHCP6REPLY;
state->lease_allocate = 1;
o = new_opt6(OPTION6_RAPID_COMMIT);
end_opt6(o);
@@ -809,7 +810,7 @@ static int dhcp6_no_relay(struct state *
int start = save_counter(-1);
/* set reply message type */
- *outmsgtypep = DHCP6REPLY;
+ outmsgtype = DHCP6REPLY;
state->lease_allocate = 1;
log6_quiet(state, "DHCPREQUEST", NULL, ignore ? _("ignored") : NULL);
@@ -924,7 +925,7 @@ static int dhcp6_no_relay(struct state *
int address_assigned = 0;
/* set reply message type */
- *outmsgtypep = DHCP6REPLY;
+ outmsgtype = DHCP6REPLY;
log6_quiet(state, msg_type == DHCP6RENEW ? "DHCPRENEW" : "DHCPREBIND", NULL, NULL);
@@ -1057,7 +1058,7 @@ static int dhcp6_no_relay(struct state *
int good_addr = 0;
/* set reply message type */
- *outmsgtypep = DHCP6REPLY;
+ outmsgtype = DHCP6REPLY;
log6_quiet(state, "DHCPCONFIRM", NULL, NULL);
@@ -1121,7 +1122,7 @@ static int dhcp6_no_relay(struct state *
log6_quiet(state, "DHCPINFORMATION-REQUEST", NULL, ignore ? _("ignored") : state->hostname);
if (ignore)
return 0;
- *outmsgtypep = DHCP6REPLY;
+ outmsgtype = DHCP6REPLY;
tagif = add_options(state, 1);
break;
}
@@ -1130,7 +1131,7 @@ static int dhcp6_no_relay(struct state *
case DHCP6RELEASE:
{
/* set reply message type */
- *outmsgtypep = DHCP6REPLY;
+ outmsgtype = DHCP6REPLY;
log6_quiet(state, "DHCPRELEASE", NULL, NULL);
@@ -1195,7 +1196,7 @@ static int dhcp6_no_relay(struct state *
case DHCP6DECLINE:
{
/* set reply message type */
- *outmsgtypep = DHCP6REPLY;
+ outmsgtype = DHCP6REPLY;
log6_quiet(state, "DHCPDECLINE", NULL, NULL);
@@ -1275,7 +1276,12 @@ static int dhcp6_no_relay(struct state *
}
}
-
+
+ /* Fill in the message type. Note that we store the offset,
+ not a direct pointer, since the packet memory may have been
+ reallocated. */
+ ((unsigned char *)(daemon->outpacket.iov_base))[start_msg] = outmsgtype;
+
log_tags(tagif, state->xid);
log6_opts(0, state->xid, daemon->outpacket.iov_base + start_opts, daemon->outpacket.iov_base + save_counter(-1));

31
dnsmasq-resolv-conf.patch
View File

@ -1,31 +0,0 @@
From d290630d31f4517ab26392d00753d1397f9a4114 Mon Sep 17 00:00:00 2001
From: Simon Kelley <simon@thekelleys.org.uk>
Date: Wed, 6 Oct 2021 22:31:06 +0100
Subject: [PATCH] Fix crash after re-reading an empty resolv.conf file.
If dnsmasq re-reads a resolv file, and it's empty, it will
retry after a delay. In the meantime, the old servers from the
resolv file have been deleted, but the servers_array doesn't
get updated, leading to dangling pointers and crashes.
Thanks to Brad Jorsch for finding and analysing this bug.
This problem was introduced in 2.86.
---
src/dnsmasq.c | 5 +++++
1 file changed, 5 insertions(+)
--- src/dnsmasq.c.orig
+++ src/dnsmasq.c
@@ -1668,6 +1668,11 @@ static void poll_resolv(int force, int d
}
else
{
+ /* If we're delaying things, we don't call check_servers(), but
+ reload_servers() may have deleted some servers, rendering the server_array
+ invalid, so just rebuild that here. Once reload_servers() succeeds,
+ we call check_servers() above, which calls build_server_array itself. */
+ build_server_array();
latest->mtime = 0;
if (!warned)
{

62
dnsmasq.changes
View File

@ -1,3 +1,65 @@
-------------------------------------------------------------------
Wed Oct 26 09:21:37 UTC 2022 - Dirk Müller <dmueller@suse.com>
- update to 2.87 (bsc#1197872, CVE-2022-0934):
* Allow arbitrary prefix lengths in --rev-server and
--domain=....,local
* Replace --address=/#/..... functionality which got
missed in the 2.86 domain search rewrite.
* Add --nftset option, like --ipset but for the newer nftables.
* Add --filter-A and --filter-AAAA options, to remove IPv4 or IPv6
addresses from DNS answers.
* Fix crash doing netbooting when --port is set to zero
to disable the DNS server. Thanks to Drexl Johannes
for the bug report.
* Generalise --dhcp-relay. Sending via broadcast/multicast is
now supported for both IPv4 and IPv6 and the configuration
syntax made easier (but backwards compatible).
* Add snooping of IPv6 prefix-delegations to the DHCP-relay system.
* Finesse parsing of --dhcp-remoteid and --dhcp-subscrid. To be treated
as hex, the pattern must consist of only hex digits AND contain
at least one ':'. Thanks to Bengt-Erik Sandstrom who tripped
over a pattern consisting of a decimal number which was interpreted
surprisingly.
* Include client address in TFTP file-not-found error reports.
Thanks to Stefan Rink for the initial patch, which has been
re-worked by me (srk). All bugs mine.
* Note in manpage the change in behaviour of -address. This behaviour
actually changed in v2.86, but was undocumented there. From 2.86 on,
(eg) --address=/example.com/1.2.3.4 ONLY applies to A queries. All other
types of query will be sent upstream. Pre 2.86, that would catch the
whole example.com domain and queries for other types would get
a local NODATA answer. The pre-2.86 behaviour is still available,
by configuring --address=/example.com/1.2.3.4 --local=/example.com/
* Fix problem with binding DHCP sockets to an individual interface.
Despite the fact that the system call tales the interface _name_ as
a parameter, it actually, binds the socket to interface _index_.
Deleting the interface and creating a new one with the same name
leaves the socket bound to the old index. (Creating new sockets
always allocates a fresh index, they are not reused). We now
take this behaviour into account and keep up with changing indexes.
* Add --conf-script configuration option.
* Enhance --domain to accept, for instance,
--domain=net2.thekelleys.org.uk,eth2 so that hosts get a domain
which relects the interface they are attached to in a way which
doesn't require hard-coding addresses. Thanks to Sten Spans for
the idea.
* Fix write-after-free error in DHCPv6 server code.
CVE-2022-0934 refers.
* Add the ability to specify destination port in
DHCP-relay mode. This change also removes a previous bug
where --dhcp-alternate-port would affect the port used
to relay _to_ as well as the port being listened on.
The new feature allows configuration to provide bug-for-bug
compatibility, if required. Thanks to Damian Kaczkowski
for the feature suggestion.
* Bound the value of UDP packet size in the EDNS0 header of
forwarded queries to the configured or default value of
edns-packet-max. There's no point letting a client set a larger
value if we're unable to return the answer. Thanks to Bertie
Taylor for pointing out the problem and supplying the patch.
- drop dnsmasq-CVE-2022-0934.patch, dnsmasq-resolv-conf.patch (upstream)
-------------------------------------------------------------------
Fri Sep 9 11:00:25 UTC 2022 - Callum Farmer <gmbr3@opensuse.org>

6
dnsmasq.spec
View File

@ -22,7 +22,7 @@
%bcond_with tftp_user_package
%endif
Name: dnsmasq
Version: 2.86
Version: 2.87
Release: 0
Summary: DNS Forwarder and DHCP Server
License: GPL-2.0-only OR GPL-3.0-only
@ -37,8 +37,6 @@ Source5: rc.dnsmasq-suse
Source6: system-user-dnsmasq.conf
Source8: %{name}-rpmlintrc
Patch0: dnsmasq-groups.patch
Patch1: dnsmasq-resolv-conf.patch
Patch2: dnsmasq-CVE-2022-0934.patch
BuildRequires: dbus-1-devel
BuildRequires: dos2unix
BuildRequires: libidn2-devel
@ -76,8 +74,6 @@ server's leases.
%prep
%setup -q
%patch0
%patch1
%patch2
# Remove the executable bit from python example files to
# avoid unwanted automatic dependencies