0cc8ed3dc1
* CVE-2023-50387, CVE-2023-50868, bsc#1219823, bsc#1219826: Denial Of Service while trying to validate specially crafted DNSSEC responses * Fix reversion in --rev-server introduced in 2.88 which caused breakage if the prefix length is not exactly divisible by 8 (IPv4) or 4 (IPv6). * Fix possible SEGV when there server(s) for a particular domain are configured, but no server which is not qualified for a particular domain. * Set the default maximum DNS UDP packet sice to 1232. Obsoletes: dnsmasq-CVE-2023-28450.patch * Add --no-dhcpv4-interface and --no-dhcpv6-interface for better control over which inetrfaces are providing DHCP service. * Fix issue with stale caching * Add configurable caching for arbitrary RR-types. * Add --filter-rr option, to filter arbitrary RR-types. OBS-URL: https://build.opensuse.org/package/show/network/dnsmasq?expand=0&rev=165
17 lines
538 B
Diff
17 lines
538 B
Diff
--- src/dnsmasq.c.orig
|
|
+++ src/dnsmasq.c
|
|
@@ -728,11 +728,10 @@ int main (int argc, char **argv)
|
|
if (!option_bool(OPT_DEBUG) && getuid() == 0)
|
|
{
|
|
int bad_capabilities = 0;
|
|
- gid_t dummy;
|
|
|
|
- /* remove all supplementary groups */
|
|
+ /* set the supplementary groups of the daemon user */
|
|
if (gp &&
|
|
- (setgroups(0, &dummy) == -1 ||
|
|
+ (initgroups(daemon->username, gp->gr_gid) == -1 ||
|
|
setgid(gp->gr_gid) == -1))
|
|
{
|
|
send_event(err_pipe[1], EVENT_GROUP_ERR, errno, daemon->groupname);
|