On Wed, May 20, 2026 at 8:29 PM Hugo Simeliere via lists.openembedded.org <[email protected]> wrote: > > From: "Hugo SIMELIERE (Schneider Electric)" > <[email protected]> > > Pick patch from [1] dnsmasq 2.90 debian bookworm pacthes. > > [1] > https://sources.debian.org/src/dnsmasq/2.90-4~deb12u2/debian/patches/CVE-2026-2291.patch > > Signed-off-by: Hugo SIMELIERE (Schneider Electric) > <[email protected]> > Reviewed-by: Bruno VERNAY <[email protected]> > --- > .../recipes-support/dnsmasq/dnsmasq_2.90.bb | 1 + > .../dnsmasq/files/CVE-2026-2291.patch | 41 +++++++++++++++++++ > 2 files changed, 42 insertions(+) > create mode 100644 > meta-networking/recipes-support/dnsmasq/files/CVE-2026-2291.patch > > diff --git a/meta-networking/recipes-support/dnsmasq/dnsmasq_2.90.bb > b/meta-networking/recipes-support/dnsmasq/dnsmasq_2.90.bb > index 38fa271dc3..3281404e42 100644 > --- a/meta-networking/recipes-support/dnsmasq/dnsmasq_2.90.bb > +++ b/meta-networking/recipes-support/dnsmasq/dnsmasq_2.90.bb > @@ -16,6 +16,7 @@ SRC_URI = > "http://www.thekelleys.org.uk/dnsmasq/${@['archive/', ''][float(d.getV > file://dnsmasq-resolvconf.service \ > file://dnsmasq-noresolvconf.service \ > file://dnsmasq-resolved.conf \ > + file://CVE-2026-2291.patch \ > " > SRC_URI[sha256sum] = > "8f6666b542403b5ee7ccce66ea73a4a51cf19dd49392aaccd37231a2c51b303b" > > diff --git > a/meta-networking/recipes-support/dnsmasq/files/CVE-2026-2291.patch > b/meta-networking/recipes-support/dnsmasq/files/CVE-2026-2291.patch > new file mode 100644 > index 0000000000..c59fa031f9 > --- /dev/null > +++ b/meta-networking/recipes-support/dnsmasq/files/CVE-2026-2291.patch > @@ -0,0 +1,41 @@ > +From c3059821cd52b423592aeffef7935fdf81035a81 Mon Sep 17 00:00:00 2001 > +From: Simon Kelley <[email protected]> > +Date: Fri, 10 Apr 2026 16:29:31 +0100 > +Subject: [PATCH] Fix buffer overflow in struct bigname. CVE-2026-2291 > + > +All buffers capable of holding a domain name should be > +at least MAXDNAME*2 + 1 bytes long, where MAXDNAME is the maximum > +size of a domain name. The accounts for the trailing zero and the > +fact that some characters are escaped in the internal representation > +of a domain name in dnsmasq. > + > +The declaration of struct bigname get this wrong, with the effect > +that a remote attacker capable of asking DNS queries or answering DNS > +queries can cause a large OOB write in the heap. > + > +This was first spotted by Andrew S. Fasano. > + > +CVE: CVE-2026-2291 > +Upstream-Status: Backport > [https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=014e909f787e808bb35daa546d3f8f3663918de2]
For this as well, please add backport notes.
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#127126): https://lists.openembedded.org/g/openembedded-devel/message/127126 Mute This Topic: https://lists.openembedded.org/mt/119406760/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
