[openwrt/openwrt] dnsmasq: Update to version 2.83

LEDE Commits lede-commits at lists.infradead.org
Tue Jan 19 07:04:17 EST 2021 

hauke pushed a commit to openwrt/openwrt.git, branch master:
https://git.openwrt.org/e87c0d934c54d0b07caef1db3af170510acf3cfa

commit e87c0d934c54d0b07caef1db3af170510acf3cfa
Author: Hauke Mehrtens <hauke at hauke-m.de>
AuthorDate: Mon Jan 11 00:33:07 2021 +0100

    dnsmasq: Update to version 2.83
    
    This fixes the following security problems in dnsmasq:
    * CVE-2020-25681:
      Dnsmasq versions before 2.83 is susceptible to a heap-based buffer
      overflow in sort_rrset() when DNSSEC is used. This can allow a remote
      attacker to write arbitrary data into target device's memory that can
      lead to memory corruption and other unexpected behaviors on the target
      device.
    * CVE-2020-25682:
      Dnsmasq versions before 2.83 is susceptible to buffer overflow in
      extract_name() function due to missing length check, when DNSSEC is
      enabled. This can allow a remote attacker to cause memory corruption
      on the target device.
    * CVE-2020-25683:
      Dnsmasq version before 2.83 is susceptible to a heap-based buffer
      overflow when DNSSEC is enabled. A remote attacker, who can create
      valid DNS replies, could use this flaw to cause an overflow in a heap-
      allocated memory. This flaw is caused by the lack of length checks in
      rtc1035.c:extract_name(), which could be abused to make the code
      execute memcpy() with a negative size in get_rdata() and cause a crash
      in Dnsmasq, resulting in a Denial of Service.
    * CVE-2020-25684:
      A lack of proper address/port check implemented in Dnsmasq version <
      2.83 reply_query function makes forging replies easier to an off-path
      attacker.
    * CVE-2020-25685:
      A lack of query resource name (RRNAME) checks implemented in Dnsmasq's
      versions before 2.83 reply_query function allows remote attackers to
      spoof DNS traffic that can lead to DNS cache poisoning.
    * CVE-2020-25686:
      Multiple DNS query requests for the same resource name (RRNAME) by
      Dnsmasq versions before 2.83 allows for remote attackers to spoof DNS
      traffic, using a birthday attack (RFC 5452), that can lead to DNS
      cache poisoning.
    * CVE-2020-25687:
      Dnsmasq versions before 2.83 is vulnerable to a heap-based buffer
      overflow with large memcpy in sort_rrset() when DNSSEC is enabled. A
      remote attacker, who can create valid DNS replies, could use this flaw
      to cause an overflow in a heap-allocated memory. This flaw is caused
      by the lack of length checks in rtc1035.c:extract_name(), which could
      be abused to make the code execute memcpy() with a negative size in
      sort_rrset() and cause a crash in dnsmasq, resulting in a Denial of
      Service.
    
    Signed-off-by: Hauke Mehrtens <hauke at hauke-m.de>
---
 package/network/services/dnsmasq/Makefile                           | 6 +++---
 .../dnsmasq/patches/100-remove-old-runtime-kernel-support.patch     | 4 ++--
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/package/network/services/dnsmasq/Makefile b/package/network/services/dnsmasq/Makefile
index ba10ded333..7b5af1dd27 100644
--- a/package/network/services/dnsmasq/Makefile
+++ b/package/network/services/dnsmasq/Makefile
@@ -8,13 +8,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=dnsmasq
-PKG_UPSTREAM_VERSION:=2.82
+PKG_UPSTREAM_VERSION:=2.83
 PKG_VERSION:=$(subst test,~~test,$(subst rc,~rc,$(PKG_UPSTREAM_VERSION)))
-PKG_RELEASE:=10
+PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_UPSTREAM_VERSION).tar.xz
 PKG_SOURCE_URL:=http://thekelleys.org.uk/dnsmasq
-PKG_HASH:=84523646f3116bb5e1151efb66e645030f6e6a8256f29aab444777a343ebc132
+PKG_HASH:=ffc1f7e8b05e22d910b9a71d09f1128197292766dc7c54cb7018a1b2c3af4aea
 
 PKG_LICENSE:=GPL-2.0
 PKG_LICENSE_FILES:=COPYING
diff --git a/package/network/services/dnsmasq/patches/100-remove-old-runtime-kernel-support.patch b/package/network/services/dnsmasq/patches/100-remove-old-runtime-kernel-support.patch
index aaa5a76909..bd11806ae0 100644
--- a/package/network/services/dnsmasq/patches/100-remove-old-runtime-kernel-support.patch
+++ b/package/network/services/dnsmasq/patches/100-remove-old-runtime-kernel-support.patch
@@ -27,7 +27,7 @@ Signed-off-by: Kevin Darbyshire-Bryant <ldir at darbyshire-bryant.me.uk>
  
 --- a/src/dnsmasq.h
 +++ b/src/dnsmasq.h
-@@ -1112,7 +1112,7 @@ extern struct daemon {
+@@ -1125,7 +1125,7 @@ extern struct daemon {
    int inotifyfd;
  #endif
  #if defined(HAVE_LINUX_NETWORK)
@@ -36,7 +36,7 @@ Signed-off-by: Kevin Darbyshire-Bryant <ldir at darbyshire-bryant.me.uk>
  #elif defined(HAVE_BSD_NETWORK)
    int dhcp_raw_fd, dhcp_icmp_fd, routefd;
  #endif
-@@ -1292,9 +1292,6 @@ int read_write(int fd, unsigned char *pa
+@@ -1306,9 +1306,6 @@ int read_write(int fd, unsigned char *pa
  void close_fds(long max_fd, int spare1, int spare2, int spare3);
  int wildcard_match(const char* wildcard, const char* match);
  int wildcard_matchn(const char* wildcard, const char* match, int num);

More information about the lede-commits mailing list