commit dnsmasq for openSUSE:Factory

Wed, 20 Nov 2019 04:43:31 -0800 

Hello community,

here is the log from the commit of package dnsmasq for openSUSE:Factory checked 
in at 2019-11-20 13:42:47
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/dnsmasq (Old)
 and      /work/SRC/openSUSE:Factory/.dnsmasq.new.26869 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "dnsmasq"

Wed Nov 20 13:42:47 2019 rev:75 rq:748378 version:2.80

Changes:
--------
--- /work/SRC/openSUSE:Factory/dnsmasq/dnsmasq.changes  2019-09-11 
10:21:34.503501965 +0200
+++ /work/SRC/openSUSE:Factory/.dnsmasq.new.26869/dnsmasq.changes       
2019-11-20 13:43:05.640277891 +0100
@@ -1,0 +2,9 @@
+Wed Nov 13 10:46:21 UTC 2019 - Reinhard Max <m...@suse.com>
+
+- bsc#1154849, CVE-2019-14834, dnsmasq-CVE-2019-14834.patch:
+  memory leak in the create_helper() function in /src/helper.c
+- bsc#1143454: Require user(tftp) instead of creating it ourselves.
+- Package contrib/lease-tools/dhcp_release6.
+- bsc#1152539: include config files from /etc/dnsmasq.d/*.conf .
+
+-------------------------------------------------------------------

New:
----
  dnsmasq-CVE-2019-14834.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ dnsmasq.spec ++++++
--- /var/tmp/diff_new_pack.iWa64P/_old  2019-11-20 13:43:14.096275307 +0100
+++ /var/tmp/diff_new_pack.iWa64P/_new  2019-11-20 13:43:14.100275307 +0100
@@ -16,6 +16,12 @@
 #
 
 
+%if 0%{?suse_version} < 1550
+%bcond_with tftp_user_package
+%else
+%bcond_without tftp_user_package
+%endif
+
 Name:           dnsmasq
 Summary:        DNS Forwarder and DHCP Server
 License:        GPL-2.0-only OR GPL-3.0-only
@@ -35,6 +41,7 @@
 Patch1:         0001-fix-build-after-y2038-changes-in-glibc.patch
 # PATCH-FIX-UPSTREAM -- 
http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=ab73a746a0d6fcac2e682c5548eeb87fb9c9c82e
 Patch2:         Fix-build-with-libnettle-3.5.patch
+Patch3:         dnsmasq-CVE-2019-14834.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 BuildRequires:  dbus-1-devel
 BuildRequires:  dos2unix
@@ -45,7 +52,12 @@
 BuildRequires:  pkgconfig(libnetfilter_conntrack)
 BuildRequires:  pkgconfig(systemd)
 Requires(pre):  group(nogroup)
+%if %{with tftp_user_package}
+Requires(pre):  user(tftp)
+%else
 Requires(pre):  /usr/sbin/useradd
+%else
+%endif
 
 %description
 Dnsmasq provides network infrastructure for small networks: DNS,
@@ -69,6 +81,7 @@
 %patch0
 %patch1 -p1
 %patch2 -p1
+%patch3
 
 # Remove the executable bit from python example files to
 # avoid unwanted automatic dependencies
@@ -86,7 +99,7 @@
 sed -i -e 's|lua5.2|lua5.3|' Makefile
 
 # SED-FIX-UPSTREAM -- Fix man page
-sed -i -e 's|The defaults to "dip",|The default is "nogroup",|' \
+sed -i -e 's|The default is "dip",|The default is "nogroup",|' \
        man/dnsmasq.8
 
 # SED-FIX-UPSTREAM -- Fix cachesize, group and user
@@ -95,8 +108,9 @@
           s|CHGRP "dip"|CHGRP "nogroup"|' \
        src/config.h
 
-# Fix trust-anchor.conf location
+# Fix trust-anchor.conf location and include /etc/dnsmasq.d/*.conf by default
 sed -i -e '/trust-anchors.conf/c\#conf-file=/etc/dnsmasq.d/trust-anchors.conf' 
\
+       -e '/conf-dir=.*conf/s/^\#//' \
        dnsmasq.conf.example
 
 %build
@@ -107,9 +121,9 @@
 # same flags for make and make install, else everything gets recompiled
 %define _copts   "-DHAVE_DBUS -DHAVE_CONNTRACK -DHAVE_LIBIDN2 -DHAVE_DNSSEC 
-DHAVE_LUASCRIPT"
 make %{?_smp_mflags} AWK=gawk all-i18n CFLAGS="$CFLAGS" LDFLAGS="$LDFLAGS" 
COPTS=%{_copts}
-make -C contrib/lease-tools %{?_smp_mflags}
 
 %pre
+%if %{without tftp_user_package}
 if ! /usr/bin/getent group tftp >/dev/null; then
     %{_sbindir}/groupadd -r tftp
 fi
@@ -117,6 +131,7 @@
     %{_sbindir}/useradd -c "TFTP account" -d /srv/tftpboot -G tftp -g tftp \
     -r -s /bin/false tftp
 fi
+%endif
 if ! /usr/bin/getent passwd dnsmasq >/dev/null; then
     /usr/sbin/useradd -r -d /var/lib/empty -s /bin/false -c "dnsmasq" -g 
nogroup -G tftp dnsmasq
 fi
@@ -149,18 +164,23 @@
 install -d 755 %{buildroot}/etc/dbus-1/system.d/
 install -m 644 dbus/dnsmasq.conf %{buildroot}/etc/dbus-1/system.d/dnsmasq.conf
 install -D -m 0644 %SOURCE4 %{buildroot}%{_unitdir}/dnsmasq.service
+%if %{without tftp_user_package}
 install -d -m 0755 %{buildroot}/srv/tftpboot
+%endif
 ln -sf %{_sbindir}/service %{buildroot}/usr/sbin/rcdnsmasq
 install -d -m 755 %{buildroot}/%{_sysconfdir}/dnsmasq.d
 install -m 644 trust-anchors.conf 
%{buildroot}/%{_sysconfdir}/dnsmasq.d/trust-anchors.conf
 
 # utils subpackage
 mkdir -p %{buildroot}/%{_bindir} %{buildroot}/%{_mandir}/man1
+make -C contrib/lease-tools %{?_smp_mflags}
 install -m 755 contrib/lease-tools/dhcp_release 
%{buildroot}/%{_bindir}/dhcp_release
 install -m 644 contrib/lease-tools/dhcp_release.1 
%{buildroot}/%{_mandir}/man1/dhcp_release.1
+install -m 755 contrib/lease-tools/dhcp_release6 
%{buildroot}/%{_bindir}/dhcp_release6
+install -m 644 contrib/lease-tools/dhcp_release6.1 
%{buildroot}/%{_mandir}/man1/dhcp_release6.1
 install -m 755 contrib/lease-tools/dhcp_lease_time 
%{buildroot}/%{_bindir}/dhcp_lease_time
 install -m 644 contrib/lease-tools/dhcp_lease_time.1 
%{buildroot}/%{_mandir}/man1/dhcp_lease_time.1
-rm contrib/lease-tools/{dhcp_release,dhcp_lease_time}
+make -C contrib/lease-tools clean
 rm -rf contrib/Suse
 rm -rf contrib/Solaris10
 rm -rf contrib/dnsmasq_MacOSX-pre10.4
@@ -182,8 +202,9 @@
 %{_unitdir}/dnsmasq.service
 %dir %{_sysconfdir}/dnsmasq.d
 %config(noreplace) %{_sysconfdir}/dnsmasq.d/trust-anchors.conf
-
+%if %{without tftp_user_package}
 %dir %attr(0755,tftp,tftp) /srv/tftpboot
+%endif
 
 %files utils
 %{_bindir}/dhcp_*


++++++ dnsmasq-CVE-2019-14834.patch ++++++
X-Git-Url: 
http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=blobdiff_plain;f=src%2Fhelper.c;h=c392eeced3e73762d3ea6a2f9fa27ab5ae389241;hp=33ba120ab39e3788719a18796b5b58338972e1e8;hb=69bc94779c2f035a9fffdb5327a54c3aeca73ed5;hpb=3052ce208acf602f0163166dcefb7330d537cedb

--- src/helper.c.orig
+++ src/helper.c
@@ -82,7 +82,8 @@ int create_helper(int event_fd, int err_
   pid_t pid;
   int i, pipefd[2];
   struct sigaction sigact;
-
+  unsigned char *alloc_buff = NULL;
+  
   /* create the pipe through which the main program sends us commands,
      then fork our process. */
   if (pipe(pipefd) == -1 || !fix_fd(pipefd[1]) || (pid = fork()) == -1)
@@ -188,11 +189,16 @@ int create_helper(int event_fd, int err_
       struct script_data data;
       char *p, *action_str, *hostname = NULL, *domain = NULL;
       unsigned char *buf = (unsigned char *)daemon->namebuff;
-      unsigned char *end, *extradata, *alloc_buff = NULL;
+      unsigned char *end, *extradata;
       int is6, err = 0;
       int pipeout[2];
 
-      free(alloc_buff);
+      /* Free rarely-allocated memory from previous iteration. */
+      if (alloc_buff)
+       {
+         free(alloc_buff);
+         alloc_buff = NULL;
+       }
       
       /* we read zero bytes when pipe closed: this is our signal to exit */ 
       if (!read_write(pipefd[0], (unsigned char *)&data, sizeof(data), 1))

Reply via email to