On Wed, May 20, 2026 at 8:29 PM Hugo Simeliere via
lists.openembedded.org
<[email protected]> wrote:
>
> From: "Hugo SIMELIERE (Schneider Electric)" 
> <[email protected]>
>
> Pick patch from [1] dnsmasq 2.90 debian bookworm pacthes.
>
> [1] 
> https://sources.debian.org/src/dnsmasq/2.90-4~deb12u2/debian/patches/CVE-2026-2291.patch
>
> Signed-off-by: Hugo SIMELIERE (Schneider Electric) 
> <[email protected]>
> Reviewed-by: Bruno VERNAY <[email protected]>
> ---
>  .../recipes-support/dnsmasq/dnsmasq_2.90.bb   |  1 +
>  .../dnsmasq/files/CVE-2026-2291.patch         | 41 +++++++++++++++++++
>  2 files changed, 42 insertions(+)
>  create mode 100644 
> meta-networking/recipes-support/dnsmasq/files/CVE-2026-2291.patch
>
> diff --git a/meta-networking/recipes-support/dnsmasq/dnsmasq_2.90.bb 
> b/meta-networking/recipes-support/dnsmasq/dnsmasq_2.90.bb
> index 38fa271dc3..3281404e42 100644
> --- a/meta-networking/recipes-support/dnsmasq/dnsmasq_2.90.bb
> +++ b/meta-networking/recipes-support/dnsmasq/dnsmasq_2.90.bb
> @@ -16,6 +16,7 @@ SRC_URI = 
> "http://www.thekelleys.org.uk/dnsmasq/${@['archive/', ''][float(d.getV
>             file://dnsmasq-resolvconf.service \
>             file://dnsmasq-noresolvconf.service \
>             file://dnsmasq-resolved.conf \
> +           file://CVE-2026-2291.patch \
>  "
>  SRC_URI[sha256sum] = 
> "8f6666b542403b5ee7ccce66ea73a4a51cf19dd49392aaccd37231a2c51b303b"
>
> diff --git 
> a/meta-networking/recipes-support/dnsmasq/files/CVE-2026-2291.patch 
> b/meta-networking/recipes-support/dnsmasq/files/CVE-2026-2291.patch
> new file mode 100644
> index 0000000000..c59fa031f9
> --- /dev/null
> +++ b/meta-networking/recipes-support/dnsmasq/files/CVE-2026-2291.patch
> @@ -0,0 +1,41 @@
> +From c3059821cd52b423592aeffef7935fdf81035a81 Mon Sep 17 00:00:00 2001
> +From: Simon Kelley <[email protected]>
> +Date: Fri, 10 Apr 2026 16:29:31 +0100
> +Subject: [PATCH] Fix buffer overflow in struct bigname. CVE-2026-2291
> +
> +All buffers capable of holding a domain name should be
> +at least MAXDNAME*2 + 1 bytes long, where MAXDNAME is the maximum
> +size of a domain name. The accounts for the trailing zero and the
> +fact that some characters are escaped in the internal representation
> +of a domain name in dnsmasq.
> +
> +The declaration of struct bigname get this wrong, with the effect
> +that a remote attacker capable of asking DNS queries or answering DNS
> +queries can cause a large OOB write in the heap.
> +
> +This was first spotted by Andrew S. Fasano.
> +
> +CVE: CVE-2026-2291
> +Upstream-Status: Backport 
> [https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=014e909f787e808bb35daa546d3f8f3663918de2]

For this as well, please add backport notes.
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#127126): 
https://lists.openembedded.org/g/openembedded-devel/message/127126
Mute This Topic: https://lists.openembedded.org/mt/119406760/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub 
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to