* [Buildroot] [PATCH v2 1/2] dnsmasq: security bump to version 2.78
@ 2017-10-02 17:38 Baruch Siach
2017-10-02 17:38 ` [Buildroot] [PATCH v2 2/2] dnsmasq: simplify build configuration Baruch Siach
` (3 more replies)
0 siblings, 4 replies; 5+ messages in thread
From: Baruch Siach @ 2017-10-02 17:38 UTC (permalink / raw)
To: buildroot
Supported Lua version is now 5.2.
Add licenses hash.
Fixes a number of security issues:
CVE-2017-13704 - Crash when DNS query exceeded 512 bytes (a regression
in 2.77, so technically not fixed by this bump)
CVE-2017-14491 - Heap overflow in DNS code
CVE-2017-14492 - Heap overflow in IPv6 router advertisement code
CVE-2017-14493 - Stack overflow in DHCPv6 code
CVE-2017-14494 - Information leak in DHCPv6
CVE-2017-14496 - Invalid boundary checks allows a malicious DNS queries
to trigger DoS
CVE-2017-14495 - Out-of-memory Dos vulnerability
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
---
v2: Bump to 2.78
Note security fixes in the commit log
---
package/dnsmasq/dnsmasq.hash | 6 +++++-
package/dnsmasq/dnsmasq.mk | 4 ++--
2 files changed, 7 insertions(+), 3 deletions(-)
diff --git a/package/dnsmasq/dnsmasq.hash b/package/dnsmasq/dnsmasq.hash
index a73e911a2654..28e2e658e276 100644
--- a/package/dnsmasq/dnsmasq.hash
+++ b/package/dnsmasq/dnsmasq.hash
@@ -1,2 +1,6 @@
# Locally calculated after checking pgp signature
-sha256 4b92698dee19ca0cb2a8f2e48f1d2dffd01a21eb15d1fbed4cf085630c8c9f96 dnsmasq-2.76.tar.xz
+# http://www.thekelleys.org.uk/dnsmasq/dnsmasq-2.78.tar.xz.asc
+sha256 89949f438c74b0c7543f06689c319484bd126cc4b1f8c745c742ab397681252b dnsmasq-2.78.tar.xz
+# Locally calculated
+sha256 dcc100d4161cc0b7177545ab6e47216f84857cda3843847c792a25289852dcaa COPYING
+sha256 8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903 COPYING-v3
diff --git a/package/dnsmasq/dnsmasq.mk b/package/dnsmasq/dnsmasq.mk
index 63295ce41090..7322170432a0 100644
--- a/package/dnsmasq/dnsmasq.mk
+++ b/package/dnsmasq/dnsmasq.mk
@@ -4,7 +4,7 @@
#
################################################################################
-DNSMASQ_VERSION = 2.76
+DNSMASQ_VERSION = 2.78
DNSMASQ_SOURCE = dnsmasq-$(DNSMASQ_VERSION).tar.xz
DNSMASQ_SITE = http://thekelleys.org.uk/dnsmasq
DNSMASQ_MAKE_ENV = $(TARGET_MAKE_ENV) CC="$(TARGET_CC)"
@@ -58,7 +58,7 @@ DNSMASQ_MAKE_OPTS += LIBS+="-ldl"
endif
define DNSMASQ_ENABLE_LUA
- $(SED) 's/lua5.1/lua/g' $(DNSMASQ_DIR)/Makefile
+ $(SED) 's/lua5.2/lua/g' $(DNSMASQ_DIR)/Makefile
$(SED) 's^.*#define HAVE_LUASCRIPT.*^#define HAVE_LUASCRIPT^' \
$(DNSMASQ_DIR)/src/config.h
endef
--
2.14.2
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [Buildroot] [PATCH v2 2/2] dnsmasq: simplify build configuration
2017-10-02 17:38 [Buildroot] [PATCH v2 1/2] dnsmasq: security bump to version 2.78 Baruch Siach
@ 2017-10-02 17:38 ` Baruch Siach
2017-10-02 19:04 ` [Buildroot] [PATCH v2 1/2] dnsmasq: security bump to version 2.78 Thomas Petazzoni
` (2 subsequent siblings)
3 siblings, 0 replies; 5+ messages in thread
From: Baruch Siach @ 2017-10-02 17:38 UTC (permalink / raw)
To: buildroot
Drop direct sed'ing of config.h for HAVE_CONNTRACK, HAVE_LUASCRIPT, and
HAVE_DBUS. Use MAKE_OPTS COPTS parameters instead, like we do already
for all other options.
Rename DNSMASQ_ENABLE_LUA to DNSMASQ_TWEAK_LIBLUA since it now does only
that.
Merge two conntrack and three dbus conditional sections.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
---
v2: No change
---
package/dnsmasq/dnsmasq.mk | 42 ++++++++++--------------------------------
1 file changed, 10 insertions(+), 32 deletions(-)
diff --git a/package/dnsmasq/dnsmasq.mk b/package/dnsmasq/dnsmasq.mk
index 7322170432a0..9f96030eb624 100644
--- a/package/dnsmasq/dnsmasq.mk
+++ b/package/dnsmasq/dnsmasq.mk
@@ -40,32 +40,31 @@ endif
ifeq ($(BR2_PACKAGE_DNSMASQ_CONNTRACK),y)
DNSMASQ_DEPENDENCIES += libnetfilter_conntrack
-endif
-
-ifeq ($(BR2_PACKAGE_DNSMASQ_CONNTRACK),y)
-define DNSMASQ_ENABLE_CONNTRACK
- $(SED) 's^.*#define HAVE_CONNTRACK.*^#define HAVE_CONNTRACK^' \
- $(DNSMASQ_DIR)/src/config.h
-endef
+DNSMASQ_COPTS += -DHAVE_CONNTRACK
endif
ifeq ($(BR2_PACKAGE_DNSMASQ_LUA),y)
DNSMASQ_DEPENDENCIES += lua
+DNSMASQ_COPTS += -DHAVE_LUASCRIPT
# liblua uses dlopen when dynamically linked
ifneq ($(BR2_STATIC_LIBS),y)
DNSMASQ_MAKE_OPTS += LIBS+="-ldl"
endif
-define DNSMASQ_ENABLE_LUA
+define DNSMASQ_TWEAK_LIBLUA
$(SED) 's/lua5.2/lua/g' $(DNSMASQ_DIR)/Makefile
- $(SED) 's^.*#define HAVE_LUASCRIPT.*^#define HAVE_LUASCRIPT^' \
- $(DNSMASQ_DIR)/src/config.h
endef
endif
ifeq ($(BR2_PACKAGE_DBUS),y)
DNSMASQ_DEPENDENCIES += dbus
+DNSMASQ_COPTS += -DHAVE_DBUS
+
+define DNSMASQ_INSTALL_DBUS
+ $(INSTALL) -m 0644 -D $(@D)/dbus/dnsmasq.conf \
+ $(TARGET_DIR)/etc/dbus-1/system.d/dnsmasq.conf
+endef
endif
define DNSMASQ_FIX_PKGCONFIG
@@ -73,33 +72,12 @@ define DNSMASQ_FIX_PKGCONFIG
$(DNSMASQ_DIR)/Makefile
endef
-ifeq ($(BR2_PACKAGE_DBUS),y)
-define DNSMASQ_ENABLE_DBUS
- $(SED) 's^.*#define HAVE_DBUS.*^#define HAVE_DBUS^' \
- $(DNSMASQ_DIR)/src/config.h
-endef
-else
-define DNSMASQ_ENABLE_DBUS
- $(SED) 's^.*#define HAVE_DBUS.*^/* #define HAVE_DBUS */^' \
- $(DNSMASQ_DIR)/src/config.h
-endef
-endif
-
define DNSMASQ_BUILD_CMDS
$(DNSMASQ_FIX_PKGCONFIG)
- $(DNSMASQ_ENABLE_DBUS)
- $(DNSMASQ_ENABLE_LUA)
- $(DNSMASQ_ENABLE_CONNTRACK)
+ $(DNSMASQ_TWEAK_LIBLUA)
$(DNSMASQ_MAKE_ENV) $(MAKE) -C $(@D) $(DNSMASQ_MAKE_OPTS) all$(DNSMASQ_I18N)
endef
-ifeq ($(BR2_PACKAGE_DBUS),y)
-define DNSMASQ_INSTALL_DBUS
- $(INSTALL) -m 0644 -D $(@D)/dbus/dnsmasq.conf \
- $(TARGET_DIR)/etc/dbus-1/system.d/dnsmasq.conf
-endef
-endif
-
define DNSMASQ_INSTALL_TARGET_CMDS
$(DNSMASQ_MAKE_ENV) $(MAKE) -C $(@D) $(DNSMASQ_MAKE_OPTS) install$(DNSMASQ_I18N)
mkdir -p $(TARGET_DIR)/var/lib/misc/
--
2.14.2
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [Buildroot] [PATCH v2 1/2] dnsmasq: security bump to version 2.78
2017-10-02 17:38 [Buildroot] [PATCH v2 1/2] dnsmasq: security bump to version 2.78 Baruch Siach
2017-10-02 17:38 ` [Buildroot] [PATCH v2 2/2] dnsmasq: simplify build configuration Baruch Siach
@ 2017-10-02 19:04 ` Thomas Petazzoni
2017-10-03 8:11 ` Peter Korsgaard
2017-10-17 9:01 ` Peter Korsgaard
3 siblings, 0 replies; 5+ messages in thread
From: Thomas Petazzoni @ 2017-10-02 19:04 UTC (permalink / raw)
To: buildroot
Hello,
On Mon, 2 Oct 2017 20:38:25 +0300, Baruch Siach wrote:
> Supported Lua version is now 5.2.
>
> Add licenses hash.
>
> Fixes a number of security issues:
>
> CVE-2017-13704 - Crash when DNS query exceeded 512 bytes (a regression
> in 2.77, so technically not fixed by this bump)
>
> CVE-2017-14491 - Heap overflow in DNS code
>
> CVE-2017-14492 - Heap overflow in IPv6 router advertisement code
>
> CVE-2017-14493 - Stack overflow in DHCPv6 code
>
> CVE-2017-14494 - Information leak in DHCPv6
>
> CVE-2017-14496 - Invalid boundary checks allows a malicious DNS queries
> to trigger DoS
>
> CVE-2017-14495 - Out-of-memory Dos vulnerability
>
> Signed-off-by: Baruch Siach <baruch@tkos.co.il>
> ---
> v2: Bump to 2.78
> Note security fixes in the commit log
> ---
> package/dnsmasq/dnsmasq.hash | 6 +++++-
> package/dnsmasq/dnsmasq.mk | 4 ++--
> 2 files changed, 7 insertions(+), 3 deletions(-)
Both applied. Thanks!
Thomas
--
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux, Kernel and Android engineering
http://free-electrons.com
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Buildroot] [PATCH v2 1/2] dnsmasq: security bump to version 2.78
2017-10-02 17:38 [Buildroot] [PATCH v2 1/2] dnsmasq: security bump to version 2.78 Baruch Siach
2017-10-02 17:38 ` [Buildroot] [PATCH v2 2/2] dnsmasq: simplify build configuration Baruch Siach
2017-10-02 19:04 ` [Buildroot] [PATCH v2 1/2] dnsmasq: security bump to version 2.78 Thomas Petazzoni
@ 2017-10-03 8:11 ` Peter Korsgaard
2017-10-17 9:01 ` Peter Korsgaard
3 siblings, 0 replies; 5+ messages in thread
From: Peter Korsgaard @ 2017-10-03 8:11 UTC (permalink / raw)
To: buildroot
>>>>> "Baruch" == Baruch Siach <baruch@tkos.co.il> writes:
> Supported Lua version is now 5.2.
> Add licenses hash.
> Fixes a number of security issues:
> CVE-2017-13704 - Crash when DNS query exceeded 512 bytes (a regression
> in 2.77, so technically not fixed by this bump)
> CVE-2017-14491 - Heap overflow in DNS code
> CVE-2017-14492 - Heap overflow in IPv6 router advertisement code
> CVE-2017-14493 - Stack overflow in DHCPv6 code
> CVE-2017-14494 - Information leak in DHCPv6
> CVE-2017-14496 - Invalid boundary checks allows a malicious DNS queries
> to trigger DoS
> CVE-2017-14495 - Out-of-memory Dos vulnerability
> Signed-off-by: Baruch Siach <baruch@tkos.co.il>
> ---
> v2: Bump to 2.78
> Note security fixes in the commit log
Committed to 2017.02.x, thanks.
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Buildroot] [PATCH v2 1/2] dnsmasq: security bump to version 2.78
2017-10-02 17:38 [Buildroot] [PATCH v2 1/2] dnsmasq: security bump to version 2.78 Baruch Siach
` (2 preceding siblings ...)
2017-10-03 8:11 ` Peter Korsgaard
@ 2017-10-17 9:01 ` Peter Korsgaard
3 siblings, 0 replies; 5+ messages in thread
From: Peter Korsgaard @ 2017-10-17 9:01 UTC (permalink / raw)
To: buildroot
>>>>> "Baruch" == Baruch Siach <baruch@tkos.co.il> writes:
> Supported Lua version is now 5.2.
> Add licenses hash.
> Fixes a number of security issues:
> CVE-2017-13704 - Crash when DNS query exceeded 512 bytes (a regression
> in 2.77, so technically not fixed by this bump)
> CVE-2017-14491 - Heap overflow in DNS code
> CVE-2017-14492 - Heap overflow in IPv6 router advertisement code
> CVE-2017-14493 - Stack overflow in DHCPv6 code
> CVE-2017-14494 - Information leak in DHCPv6
> CVE-2017-14496 - Invalid boundary checks allows a malicious DNS queries
> to trigger DoS
> CVE-2017-14495 - Out-of-memory Dos vulnerability
> Signed-off-by: Baruch Siach <baruch@tkos.co.il>
> ---
> v2: Bump to 2.78
> Note security fixes in the commit log
Committed to 2017.08.x, thanks.
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2017-10-17 9:01 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-10-02 17:38 [Buildroot] [PATCH v2 1/2] dnsmasq: security bump to version 2.78 Baruch Siach
2017-10-02 17:38 ` [Buildroot] [PATCH v2 2/2] dnsmasq: simplify build configuration Baruch Siach
2017-10-02 19:04 ` [Buildroot] [PATCH v2 1/2] dnsmasq: security bump to version 2.78 Thomas Petazzoni
2017-10-03 8:11 ` Peter Korsgaard
2017-10-17 9:01 ` Peter Korsgaard
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox