aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSoumya Sambu <soumya.sambu@windriver.com>2024-03-21 12:07:15 +0000
committerArmin Kuster <akuster808@gmail.com>2024-03-25 07:11:05 -0400
commit8bb16533532b6abc2eded7d9961ab2a108fd7a5b (patch)
tree562e85f9e375d1faa0fd9376a50333f48f40e60b
parentbb16c640dd4604063a0c2aa6ee7cb4d9d5746e58 (diff)
downloadmeta-openembedded-kirkstone.tar.gz
dnsmasq: Upgrade 2.87 -> 2.90kirkstone-nextkirkstone
Fixes CVE-2023-50387 and CVE-2023-50868 Remove backported CVE patch. Remove patch for lua as hardcoding lua version was removed. Changelog: =========== https://thekelleys.org.uk/dnsmasq/CHANGELOG Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
-rw-r--r--meta-networking/recipes-support/dnsmasq/dnsmasq.inc1
-rw-r--r--meta-networking/recipes-support/dnsmasq/dnsmasq/lua.patch31
-rw-r--r--meta-networking/recipes-support/dnsmasq/dnsmasq_2.87.bb7
-rw-r--r--meta-networking/recipes-support/dnsmasq/dnsmasq_2.90.bb3
-rw-r--r--meta-networking/recipes-support/dnsmasq/files/CVE-2023-28450.patch48
5 files changed, 3 insertions, 87 deletions
diff --git a/meta-networking/recipes-support/dnsmasq/dnsmasq.inc b/meta-networking/recipes-support/dnsmasq/dnsmasq.inc
index 9e0f529ec1..a8ff21a125 100644
--- a/meta-networking/recipes-support/dnsmasq/dnsmasq.inc
+++ b/meta-networking/recipes-support/dnsmasq/dnsmasq.inc
@@ -14,7 +14,6 @@ SRC_URI = "http://www.thekelleys.org.uk/dnsmasq/${@['archive/', ''][float(d.getV
file://dnsmasq-resolvconf.service \
file://dnsmasq-noresolvconf.service \
file://dnsmasq-resolved.conf \
- file://CVE-2023-28450.patch \
"
inherit pkgconfig update-rc.d systemd
diff --git a/meta-networking/recipes-support/dnsmasq/dnsmasq/lua.patch b/meta-networking/recipes-support/dnsmasq/dnsmasq/lua.patch
deleted file mode 100644
index be2bb42fc2..0000000000
--- a/meta-networking/recipes-support/dnsmasq/dnsmasq/lua.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From be1b3d2d0f1608cba5efee73d6aac5ad0709041b Mon Sep 17 00:00:00 2001
-From: Joe MacDonald <joe_macdonald@mentor.com>
-Date: Tue, 9 Sep 2014 10:24:58 -0400
-Subject: [PATCH] Upstream-Status: Inappropriate [OE specific]
-
-Signed-off-by: Christopher Larson <chris_larson@mentor.com>
-Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
-
----
- Makefile | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/Makefile b/Makefile
-index 73ea23e..ed3eeb9 100644
---- a/Makefile
-+++ b/Makefile
-@@ -60,8 +60,8 @@ idn2_cflags = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_LIBIDN2 $(PKG_CONFI
- idn2_libs = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_LIBIDN2 $(PKG_CONFIG) --libs libidn2`
- ct_cflags = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_CONNTRACK $(PKG_CONFIG) --cflags libnetfilter_conntrack`
- ct_libs = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_CONNTRACK $(PKG_CONFIG) --libs libnetfilter_conntrack`
--lua_cflags = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_LUASCRIPT $(PKG_CONFIG) --cflags lua5.2`
--lua_libs = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_LUASCRIPT $(PKG_CONFIG) --libs lua5.2`
-+lua_cflags = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_LUASCRIPT $(PKG_CONFIG) --cflags lua`
-+lua_libs = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_LUASCRIPT $(PKG_CONFIG) --libs lua`
- nettle_cflags = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_DNSSEC $(PKG_CONFIG) --cflags 'nettle hogweed' \
- HAVE_CRYPTOHASH $(PKG_CONFIG) --cflags nettle \
- HAVE_NETTLEHASH $(PKG_CONFIG) --cflags nettle`
-
---
-2.9.5
-
diff --git a/meta-networking/recipes-support/dnsmasq/dnsmasq_2.87.bb b/meta-networking/recipes-support/dnsmasq/dnsmasq_2.87.bb
deleted file mode 100644
index 793b61d712..0000000000
--- a/meta-networking/recipes-support/dnsmasq/dnsmasq_2.87.bb
+++ /dev/null
@@ -1,7 +0,0 @@
-require dnsmasq.inc
-
-SRC_URI[dnsmasq-2.87.sha256sum] = "ae39bffde9c37e4d64849b528afeb060be6bad6d1044a3bd94a49fce41357284"
-SRC_URI += "\
- file://lua.patch \
-"
-
diff --git a/meta-networking/recipes-support/dnsmasq/dnsmasq_2.90.bb b/meta-networking/recipes-support/dnsmasq/dnsmasq_2.90.bb
new file mode 100644
index 0000000000..6e4c331102
--- /dev/null
+++ b/meta-networking/recipes-support/dnsmasq/dnsmasq_2.90.bb
@@ -0,0 +1,3 @@
+require dnsmasq.inc
+
+SRC_URI[dnsmasq-2.90.sha256sum] = "8f6666b542403b5ee7ccce66ea73a4a51cf19dd49392aaccd37231a2c51b303b"
diff --git a/meta-networking/recipes-support/dnsmasq/files/CVE-2023-28450.patch b/meta-networking/recipes-support/dnsmasq/files/CVE-2023-28450.patch
deleted file mode 100644
index 129c9043e8..0000000000
--- a/meta-networking/recipes-support/dnsmasq/files/CVE-2023-28450.patch
+++ /dev/null
@@ -1,48 +0,0 @@
-From eb92fb32b746f2104b0f370b5b295bb8dd4bd5e5 Mon Sep 17 00:00:00 2001
-From: Simon Kelley <simon@thekelleys.org.uk>
-Date: Tue, 7 Mar 2023 22:07:46 +0000
-Subject: [PATCH] Set the default maximum DNS UDP packet size to 1232.
-
-http://www.dnsflagday.net/2020/ refers.
-
-Thanks to Xiang Li for the prompt.
-
-CVE: CVE-2023-28450
-Upstream-Status: Backport [https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=eb92fb32b746f2104b0f370b5b295bb8dd4bd5e5]
-
-Signed-off-by: Peter Marko <peter.marko@siemens.com>
----
- man/dnsmasq.8 | 3 ++-
- src/config.h | 2 +-
- 2 files changed, 3 insertions(+), 2 deletions(-)
-
-diff --git a/man/dnsmasq.8 b/man/dnsmasq.8
-index 41e2e04..5acb935 100644
---- a/man/dnsmasq.8
-+++ b/man/dnsmasq.8
-@@ -183,7 +183,8 @@ to zero completely disables DNS function, leaving only DHCP and/or TFTP.
- .TP
- .B \-P, --edns-packet-max=<size>
- Specify the largest EDNS.0 UDP packet which is supported by the DNS
--forwarder. Defaults to 4096, which is the RFC5625-recommended size.
-+forwarder. Defaults to 1232, which is the recommended size following the
-+DNS flag day in 2020. Only increase if you know what you are doing.
- .TP
- .B \-Q, --query-port=<query_port>
- Send outbound DNS queries from, and listen for their replies on, the
-diff --git a/src/config.h b/src/config.h
-index 1e7b30f..37b374e 100644
---- a/src/config.h
-+++ b/src/config.h
-@@ -19,7 +19,7 @@
- #define CHILD_LIFETIME 150 /* secs 'till terminated (RFC1035 suggests > 120s) */
- #define TCP_MAX_QUERIES 100 /* Maximum number of queries per incoming TCP connection */
- #define TCP_BACKLOG 32 /* kernel backlog limit for TCP connections */
--#define EDNS_PKTSZ 4096 /* default max EDNS.0 UDP packet from RFC5625 */
-+#define EDNS_PKTSZ 1232 /* default max EDNS.0 UDP packet from from /dnsflagday.net/2020 */
- #define SAFE_PKTSZ 1232 /* "go anywhere" UDP packet size, see https://dnsflagday.net/2020/ */
- #define KEYBLOCK_LEN 40 /* choose to minimise fragmentation when storing DNSSEC keys */
- #define DNSSEC_WORK 50 /* Max number of queries to validate one question */
---
-2.20.1
-