Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 8 Sep 2022 18:41:45 GMT
From:      Matthias Andree <mandree@FreeBSD.org>
To:        ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-branches@FreeBSD.org
Subject:   git: 700a18a1aad6 - 2022Q3 - dns/dnsmasq-devel: update to 2.87test9
Message-ID:  <202209081841.288IfjBp059917@gitrepo.freebsd.org>

next in thread | raw e-mail | index | archive | help
The branch 2022Q3 has been updated by mandree:

URL: https://cgit.FreeBSD.org/ports/commit/?id=700a18a1aad620075c48a63b6ea7ee6c4d3ff0f0

commit 700a18a1aad620075c48a63b6ea7ee6c4d3ff0f0
Author:     Matthias Andree <mandree@FreeBSD.org>
AuthorDate: 2022-08-12 18:55:37 +0000
Commit:     Matthias Andree <mandree@FreeBSD.org>
CommitDate: 2022-09-08 18:33:01 +0000

    dns/dnsmasq-devel: update to 2.87test9
    
    CHANGELOG difference in Git between test8 and test9
    
    * Enhance --domain to accept, for instance,
      --domain=net2.thekelleys.org.uk,eth2 so that hosts get a domain
      which relects the interface they are attached to in a way which
      doesn't require hard-coding addresses. Thanks to Sten Spans for
      the idea.
    
    * Fix write-after-free error in DHCPv6 server code.
      CVE-2022-0934 refers.
    
    * Add the ability to specify destination port in
      DHCP-relay mode. This change also removes a previous bug
      where --dhcp-alternate-port would affect the port used
      to relay _to_ as well as the port being listened on.
      The new feature allows configuration to provide bug-for-bug
      compatibility, if required. Thanks to Damian Kaczkowski
      for the feature suggestion.
    
    * Bound the value of UDP packet size in the EDNS0 header of
      forwarded queries to the configured or default value of
      edns-packet-max. There's no point letting a client set a larger
      value if we're unable to return the answer. Thanks to Bertie
      Taylor for pointing out the problem and supplying the patch.
    
    * Fix problem with the configuration
    
          --server=/some.domain/# --address=/#/<ip> --server=<server_ip>
    
      This would return <ip> for queries in some.domain, rather than
      forwarding the query via the default server.
    
    (cherry picked from commit 37b050fb9c0fcc126e9ea741c772ba38d136cdd6)
---
 dns/dnsmasq-devel/Makefile                  |   4 +-
 dns/dnsmasq-devel/distinfo                  |   6 +-
 dns/dnsmasq-devel/files/patch-CVE-2022-0934 | 175 ----------------------------
 3 files changed, 5 insertions(+), 180 deletions(-)

diff --git a/dns/dnsmasq-devel/Makefile b/dns/dnsmasq-devel/Makefile
index c0762595e608..3aac68108c56 100644
--- a/dns/dnsmasq-devel/Makefile
+++ b/dns/dnsmasq-devel/Makefile
@@ -1,9 +1,9 @@
 # Created by: Steven Honson
 
 PORTNAME=	dnsmasq
-DISTVERSION=	2.87test8
+DISTVERSION=	2.87test9
 # Leave the PORTREVISION in even if 0 to avoid accidental PORTEPOCH bumps:
-PORTREVISION=	1
+PORTREVISION=	0
 PORTEPOCH=	4 # attn - different between -devel and dnsmasq ports!
 CATEGORIES=	dns
 #MASTER_SITES=	https://www.thekelleys.org.uk/dnsmasq/release-candidates/ \
diff --git a/dns/dnsmasq-devel/distinfo b/dns/dnsmasq-devel/distinfo
index f2db25c3ecba..5b531933cfc6 100644
--- a/dns/dnsmasq-devel/distinfo
+++ b/dns/dnsmasq-devel/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1644432655
-SHA256 (dnsmasq-2.87test8.tar.xz) = cb7245f4726d5692dd27d8c5f8ece8b88c9995fc0d649fd76d2870f80b852369
-SIZE (dnsmasq-2.87test8.tar.xz) = 558724
+TIMESTAMP = 1660330300
+SHA256 (dnsmasq-2.87test9.tar.xz) = 325d2b953e06273cd7e0ed921b464203a4a26fae7a1afedd9b26528d25951fdf
+SIZE (dnsmasq-2.87test9.tar.xz) = 560708
diff --git a/dns/dnsmasq-devel/files/patch-CVE-2022-0934 b/dns/dnsmasq-devel/files/patch-CVE-2022-0934
deleted file mode 100644
index c063e15b2e34..000000000000
--- a/dns/dnsmasq-devel/files/patch-CVE-2022-0934
+++ /dev/null
@@ -1,175 +0,0 @@
-From dcc62a514092c8afeab4e502db9e65f03c2e1d47 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
-Date: Tue, 22 Feb 2022 00:45:01 +0100
-Subject: [PATCH] Change message type by dedicated function
-
-Long-term pointer to beginning of message does not work well. I case
-outpacket is reallocated in any new_opt6() section, original outmsgtypep
-pointer becomes invalid. Instead of using that pointer use dedicated
-function, which will change just the first byte of the message.
-
-This makes sure correct beginning of packet is always used.
----
- src/dnsmasq.h   |  1 +
- src/outpacket.c | 11 +++++++++++
- src/rfc3315.c   | 29 ++++++++++++++---------------
- 3 files changed, 26 insertions(+), 15 deletions(-)
-
-diff --git a/src/dnsmasq.h b/src/dnsmasq.h
-index 51a1aa6..c1c75c1 100644
---- a/src/dnsmasq.h
-+++ b/src/dnsmasq.h
-@@ -1736,6 +1736,7 @@ void put_opt6_long(unsigned int val);
- void put_opt6_short(unsigned int val);
- void put_opt6_char(unsigned int val);
- void put_opt6_string(char *s);
-+void put_msgtype6(unsigned int val);
- #endif
- 
- /* radv.c */
-diff --git a/src/outpacket.c b/src/outpacket.c
-index abb3a3a..f322811 100644
---- a/src/outpacket.c
-+++ b/src/outpacket.c
-@@ -115,4 +115,15 @@ void put_opt6_string(char *s)
-   put_opt6(s, strlen(s));
- }
- 
-+void put_msgtype6(unsigned int val)
-+{
-+  if (outpacket_counter == 0)
-+    put_opt6_char(val);
-+  else
-+    {
-+      unsigned char *p = daemon->outpacket.iov_base;
-+      *p = val;
-+    }
-+}
-+
- #endif
-diff --git a/src/rfc3315.c b/src/rfc3315.c
-index cee8382..baeb51e 100644
---- a/src/rfc3315.c
-+++ b/src/rfc3315.c
-@@ -110,7 +110,6 @@ static int dhcp6_maybe_relay(struct state *state, void *inbuff, size_t sz,
-   void *end = inbuff + sz;
-   void *opts = inbuff + 34;
-   int msg_type = *((unsigned char *)inbuff);
--  unsigned char *outmsgtypep;
-   void *opt;
-   struct dhcp_vendor *vendor;
- 
-@@ -192,9 +191,9 @@ static int dhcp6_maybe_relay(struct state *state, void *inbuff, size_t sz,
-     return 0;
-   
-   /* copy header stuff into reply message and set type to reply */
--  if (!(outmsgtypep = put_opt6(inbuff, 34)))
-+  if (!put_opt6(inbuff, 34))
-     return 0;
--  *outmsgtypep = DHCP6RELAYREPL;
-+  put_msgtype6(DHCP6RELAYREPL);
- 
-   /* look for relay options and set tags if found. */
-   for (vendor = daemon->dhcp_vendors; vendor; vendor = vendor->next)
-@@ -267,7 +266,7 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
-   struct dhcp_netid *tagif;
-   struct dhcp_config *config = NULL;
-   struct dhcp_netid known_id, iface_id, v6_id;
--  unsigned char *outmsgtypep;
-+  unsigned char *xid;
-   struct dhcp_vendor *vendor;
-   struct dhcp_context *context_tmp;
-   struct dhcp_mac *mac_opt;
-@@ -297,10 +296,10 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
-   state->tags = &v6_id;
- 
-   /* copy over transaction-id, and save pointer to message type */
--  if (!(outmsgtypep = put_opt6(inbuff, 4)))
-+  if (!(xid = put_opt6(inbuff, 4)))
-     return 0;
-   start_opts = save_counter(-1);
--  state->xid = outmsgtypep[3] | outmsgtypep[2] << 8 | outmsgtypep[1] << 16;
-+  state->xid = xid[3] | xid[2] << 8 | xid[1] << 16;
-    
-   /* We're going to be linking tags from all context we use. 
-      mark them as unused so we don't link one twice and break the list */
-@@ -347,7 +346,7 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
-       (msg_type == DHCP6REQUEST || msg_type == DHCP6RENEW || msg_type == DHCP6RELEASE || msg_type == DHCP6DECLINE))
-     
-     {  
--      *outmsgtypep = DHCP6REPLY;
-+      put_msgtype6(DHCP6REPLY);
-       o1 = new_opt6(OPTION6_STATUS_CODE);
-       put_opt6_short(DHCP6USEMULTI);
-       put_opt6_string("Use multicast");
-@@ -619,11 +618,11 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
- 	struct dhcp_netid *solicit_tags;
- 	struct dhcp_context *c;
- 	
--	*outmsgtypep = DHCP6ADVERTISE;
-+	put_msgtype6(DHCP6ADVERTISE);
- 	
- 	if (opt6_find(state->packet_options, state->end, OPTION6_RAPID_COMMIT, 0))
- 	  {
--	    *outmsgtypep = DHCP6REPLY;
-+	    put_msgtype6(DHCP6REPLY);
- 	    state->lease_allocate = 1;
- 	    o = new_opt6(OPTION6_RAPID_COMMIT);
- 	    end_opt6(o);
-@@ -809,7 +808,7 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
- 	int start = save_counter(-1);
- 
- 	/* set reply message type */
--	*outmsgtypep = DHCP6REPLY;
-+	put_msgtype6(DHCP6REPLY);
- 	state->lease_allocate = 1;
- 
- 	log6_quiet(state, "DHCPREQUEST", NULL, ignore ? _("ignored") : NULL);
-@@ -924,7 +923,7 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
- 	int address_assigned = 0;
- 
- 	/* set reply message type */
--	*outmsgtypep = DHCP6REPLY;
-+	put_msgtype6(DHCP6REPLY);
- 	
- 	log6_quiet(state, msg_type == DHCP6RENEW ? "DHCPRENEW" : "DHCPREBIND", NULL, NULL);
- 
-@@ -1057,7 +1056,7 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
- 	int good_addr = 0;
- 
- 	/* set reply message type */
--	*outmsgtypep = DHCP6REPLY;
-+	put_msgtype6(DHCP6REPLY);
- 	
- 	log6_quiet(state, "DHCPCONFIRM", NULL, NULL);
- 	
-@@ -1121,7 +1120,7 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
- 	log6_quiet(state, "DHCPINFORMATION-REQUEST", NULL, ignore ? _("ignored") : state->hostname);
- 	if (ignore)
- 	  return 0;
--	*outmsgtypep = DHCP6REPLY;
-+	put_msgtype6(DHCP6REPLY);
- 	tagif = add_options(state, 1);
- 	break;
-       }
-@@ -1130,7 +1129,7 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
-     case DHCP6RELEASE:
-       {
- 	/* set reply message type */
--	*outmsgtypep = DHCP6REPLY;
-+	put_msgtype6(DHCP6REPLY);
- 
- 	log6_quiet(state, "DHCPRELEASE", NULL, NULL);
- 
-@@ -1195,7 +1194,7 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
-     case DHCP6DECLINE:
-       {
- 	/* set reply message type */
--	*outmsgtypep = DHCP6REPLY;
-+	put_msgtype6(DHCP6REPLY);
- 	
- 	log6_quiet(state, "DHCPDECLINE", NULL, NULL);
- 
--- 
-2.34.1
-



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202209081841.288IfjBp059917>