Date: Monday, October 2, 2017 @ 13:53:20 Author: eworm Revision: 306561
upgpkg: dnsmasq 2.78-1 new upstream release, fixing a number of security vulnerabilities: * CVE-2017-14495, OOM in DNS response creation. * CVE-2017-14496, Integer underflow in DNS response creation. * CVE-2017-14494, Infoleak handling DHCPv6 forwarded requests. * CVE-2017-14493, DHCPv6 - Stack buffer overflow. * CVE-2017-14492, DHCPv6 RA heap overflow. * CVE-2017-14491, DNS heap buffer overflow. Modified: dnsmasq/trunk/PKGBUILD Deleted: dnsmasq/trunk/0001-do-not-include-stdio-h-before-dnsmasq-h.patch dnsmasq/trunk/0002-Fix-logic-of-appending-layer-to-PXE-basename.patch ---------------------------------------------------------+ 0001-do-not-include-stdio-h-before-dnsmasq-h.patch | 24 --------- 0002-Fix-logic-of-appending-layer-to-PXE-basename.patch | 35 -------------- PKGBUILD | 17 +----- 3 files changed, 3 insertions(+), 73 deletions(-) Deleted: 0001-do-not-include-stdio-h-before-dnsmasq-h.patch =================================================================== --- 0001-do-not-include-stdio-h-before-dnsmasq-h.patch 2017-10-02 13:48:19 UTC (rev 306560) +++ 0001-do-not-include-stdio-h-before-dnsmasq-h.patch 2017-10-02 13:53:20 UTC (rev 306561) @@ -1,24 +0,0 @@ -Subject: [PATCH 1/1] do not include stdio.h before dnsmasq.h -Date: Tue, 22 Aug 2017 23:19:29 +0200 -From: Christian Hesse <m...@eworm.de> - -We define some constants in dnsmasq.h, which have an influence on -stdio.h. So do not include stdio.h before dnsmasq.h. - -Signed-off-by: Christian Hesse <m...@eworm.de> ---- - src/helper.c | 1 - - 1 file changed, 1 deletion(-) - -diff --git a/src/helper.c b/src/helper.c -index 635677e..281cb4a 100644 ---- a/src/helper.c -+++ b/src/helper.c -@@ -14,7 +14,6 @@ - along with this program. If not, see <http://www.gnu.org/licenses/>. - */ - --#include <stdio.h> - #include "dnsmasq.h" - - #ifdef HAVE_SCRIPT Deleted: 0002-Fix-logic-of-appending-layer-to-PXE-basename.patch =================================================================== --- 0002-Fix-logic-of-appending-layer-to-PXE-basename.patch 2017-10-02 13:48:19 UTC (rev 306560) +++ 0002-Fix-logic-of-appending-layer-to-PXE-basename.patch 2017-10-02 13:53:20 UTC (rev 306561) @@ -1,35 +0,0 @@ -From: Chris Novakovic <ch...@chrisn.me.uk> -Date: Tue, 6 Jun 2017 22:02:59 +0000 (+0100) -Subject: Fix logic of appending ".<layer>" to PXE basename -X-Git-Tag: v2.78test1~1 -X-Git-Url: http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commitdiff_plain;h=2446514e716075cfe2be35e2a9b9de4eacdbac99 - -Fix logic of appending ".<layer>" to PXE basename - -Commit f77700aa, which fixes a compiler warning, also breaks the -behaviour of prepending ".<layer>" to basenames in --pxe-service: in -situations where the basename contains a ".", the ".<layer>" suffix is -erroneously added, and in situations where the basename doesn't contain -a ".", the ".<layer>" suffix is erroneously omitted. - -A patch against the git HEAD is attached that inverts this logic and -restores the expected behaviour of --pxe-service. ---- - -diff --git a/src/rfc2131.c b/src/rfc2131.c -index a679470..1c850e5 100644 ---- a/src/rfc2131.c -+++ b/src/rfc2131.c -@@ -836,10 +836,10 @@ size_t dhcp_reply(struct dhcp_context *context, char *iface_name, int int_index, - - if (strchr(service->basename, '.')) - snprintf((char *)mess->file, sizeof(mess->file), -- "%s.%d", service->basename, layer); -+ "%s", service->basename); - else - snprintf((char *)mess->file, sizeof(mess->file), -- "%s", service->basename); -+ "%s.%d", service->basename, layer); - - option_put(mess, end, OPTION_MESSAGE_TYPE, 1, DHCPACK); - option_put(mess, end, OPTION_SERVER_IDENTIFIER, INADDRSZ, htonl(context->local.s_addr)); Modified: PKGBUILD =================================================================== --- PKGBUILD 2017-10-02 13:48:19 UTC (rev 306560) +++ PKGBUILD 2017-10-02 13:53:20 UTC (rev 306561) @@ -5,8 +5,8 @@ # Contributor: Tom Newsom <jeeps...@gmx.co.uk> pkgname=dnsmasq -pkgver=2.77 -pkgrel=4 +pkgver=2.78 +pkgrel=1 pkgdesc="Lightweight, easy to configure DNS forwarder and DHCP server" url="http://www.thekelleys.org.uk/dnsmasq/doc.html" arch=('i686' 'x86_64') @@ -15,26 +15,15 @@ backup=('etc/dnsmasq.conf') validpgpkeys=('D6EACBD6EE46B834248D111215CDDA6AE19135A2') # Simon Kelley <si...@thekelleys.org.uk> source=("http://www.thekelleys.org.uk/$pkgname/$pkgname-$pkgver.tar.xz"{,.asc} - '0001-do-not-include-stdio-h-before-dnsmasq-h.patch' - '0002-Fix-logic-of-appending-layer-to-PXE-basename.patch' 'dnsmasq-sysusers.conf' 'dnsmasq.service') -sha256sums=('6eac3b1c50ae25170e3ff8c96ddb55236cf45007633fdb8a35b1f3e02f5f8b8a' +sha256sums=('89949f438c74b0c7543f06689c319484bd126cc4b1f8c745c742ab397681252b' 'SKIP' - 'bd39af88222ec44d269734d0513656bed865fb0f0901b538fdbbe19768e91bcf' - '5c969e79037980f3d138434a40c4478f7383f9ee9a46689c96dcf93f74062e11' '7f6ff6a709038ae580758f4b6a754451d7f7ce22957b88a36b97f7b643d3c2ab' '983a3c7a68ce114cf7b44f0d9c59b74c266647a9e5ac34c1d1d5161610bc57fe') _build_copts="-DHAVE_DNSSEC -DHAVE_DBUS -DHAVE_IDN -DHAVE_CONNTRACK" -prepare() { - cd "$pkgname-$pkgver" - - patch -Np1 < "${srcdir}"/0001-do-not-include-stdio-h-before-dnsmasq-h.patch - patch -Np1 < "${srcdir}"/0002-Fix-logic-of-appending-layer-to-PXE-basename.patch -} - build() { cd "$pkgname-$pkgver"