0cc8ed3dc1
* CVE-2023-50387, CVE-2023-50868, bsc#1219823, bsc#1219826:
Denial Of Service while trying to validate specially crafted
DNSSEC responses
* Fix reversion in --rev-server introduced in 2.88 which caused
breakage if the prefix length is not exactly divisible by 8
(IPv4) or 4 (IPv6).
* Fix possible SEGV when there server(s) for a particular domain
are configured, but no server which is not qualified for a
particular domain.
* Set the default maximum DNS UDP packet sice to 1232.
Obsoletes: dnsmasq-CVE-2023-28450.patch
* Add --no-dhcpv4-interface and --no-dhcpv6-interface for better
control over which inetrfaces are providing DHCP service.
* Fix issue with stale caching
* Add configurable caching for arbitrary RR-types.
* Add --filter-rr option, to filter arbitrary RR-types.
OBS-URL: https://build.opensuse.org/package/show/network/dnsmasq?expand=0&rev=165
17 lines
538 B
Diff
17 lines
538 B
Diff
--- src/dnsmasq.c.orig
|
|
+++ src/dnsmasq.c
|
|
@@ -728,11 +728,10 @@ int main (int argc, char **argv)
|
|
if (!option_bool(OPT_DEBUG) && getuid() == 0)
|
|
{
|
|
int bad_capabilities = 0;
|
|
- gid_t dummy;
|
|
|
|
- /* remove all supplementary groups */
|
|
+ /* set the supplementary groups of the daemon user */
|
|
if (gp &&
|
|
- (setgroups(0, &dummy) == -1 ||
|
|
+ (initgroups(daemon->username, gp->gr_gid) == -1 ||
|
|
setgid(gp->gr_gid) == -1))
|
|
{
|
|
send_event(err_pipe[1], EVENT_GROUP_ERR, errno, daemon->groupname);
|