Age | Commit message (Collapse) | Author |
|
to 4096 but should be 1232
Set the default maximum DNS UDP packet size to 1232.
http://www.dnsflagday.net/2020/ refers.
Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Source: https://thekelleys.org.uk/gitweb/?p=dnsmasq.git
MR: 121726
Type: Security Fix
Disposition: Backport from https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=03345ecefeb0d82e3c3a4c28f27c3554f0611b39
ChangeID: be554ef6ebedd7148404ea3cc280f2e42e17dc8c
Description:
CVE-2022-0934 dnsmasq: Heap use after free in dhcp6_no_relay.
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
|
|
Source: https://thekelleys.org.uk/dnsmasq.git
MR: 110238
Type: Security Fix
Disposition: Backport from https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=74d4fcd756a85bc1823232ea74334f7ccfb9d5d2
ChangeID: 3365bcc47b0467b487f14fc6bfad89bc560cd818
Description:
A flaw was found in dnsmasq in versions before 2.85. When configured to use a specific server for a given network interface, dnsmasq uses a fixed port while forwarding queries. An attacker on the network, able to find the outgoing port used by dnsmasq, only needs to guess the random transmission ID to forge a reply and get it accepted by dnsmasq. This flaw makes a DNS Cache Poisoning attack much easier. The highest threat from this vulnerability is to data integrity.
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
Applied single patch for below listed CVEs:
CVE-2020-25681
CVE-2020-25682
CVE-2020-25683
CVE-2020-25687
as they are fixed by single commit
http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=4e96a4be685c9e4445f6ee79ad0b36b9119b502a
Link: https://www.openwall.com/lists/oss-security/2021/01/19/1
Also, applied patch for below listed CVEs:
CVE-2020-25684
CVE-2020-25685
CVE-2020-25686
all CVEs applicable to v2.81
Signed-off-by: Sana Kazi <Sana.Kazi@kpit.com>
Signed-off-by: Nisha Parrakat <nishaparrakat@gmail.com>
[Refreshed patches]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Systemd service file option 'ExecStopPre' is warned and ignored by
systemd. By replacing 'ExecStopPre' with 'ExecStop', the intended
behavior is realized. The 'ExecStop' commands are executed one after the
other.
Signed-off-by: Mario Schuknecht <mario.schuknecht@dresearch-fe.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 55c94cb3196f53d0c1c76bbd74136d1b5d51802d)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
(cherry picked from commit 83842c9150fdead52dc7b0913ffac32677720f98)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
-dnsmasq/0001-dnsmasq-fix-build-against-5.2-headers.patch
-dnsmasq/0001-dnsmasq-fix-memory-leak-in-helper-c.patch
Removed since these are included in 2.81
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 36ece5c83f20f4fc923f1606979ea911ecb93da8)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Backport the CVE patch from the upstream to fix the memory leak.
Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
we install dnsmasq under /usr/bin by default, correct
the path in comments.
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Upstream linux y2038 work has moved some definitions SIOCGSTAMP is
defined in linux/sockios.h, not asm/sockios.h now. So we need to
add that include to fix the build.
Upstream-status: backport of http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=3052ce208acf602f0163166dcefb7330d537cedb
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Add a drop-in configuration file for systemd-resolved to avoid
conflict about port 53. The error message is as below.
failed to create listening socket for port 53: Address already in us
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Versions 2.16 to 2.69 have now also moved into the archives folder.
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
This update fixes a number of bugs including the following
vulnerabilities:
CVE-2017-13704
CVE-2017-14491
CVE-2017-14492
CVE-2017-14493
CVE-2017-14494
CVE-2017-14495
CVE-2017-14496
Further details can be found in the changelog here:
http://www.thekelleys.org.uk/dnsmasq/CHANGELOG
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
The info is taken from CentOS which is usefull
when bind (provides named) and dnsmasq are both
installed and one may fail to start:
| dnsmasq: failed to create listening socket for port 53: Address already in use
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
getVar() now defaults to expanding by default, thus remove the True
option from getVar() calls. Fix a small number of cases not addressed
by the original patch:
http://git.openembedded.org/meta-openembedded/commit/?id=efd3696e70a6603f1a45faa4a172433514f0a487
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
By defining 'listen-address' in the global dnsmasq.conf file we
prevent other instances of dnsmasq from using the global config as we
will get an error that the address is already in use. Instead we pass
'local-service' when we start the main dnsmasq instance which will
listen on the loopback address as well as any other local
subnets. This will allow the main dnsmasq instance to play nice with
other instances we might start for network-manager, libvirt, lxc...
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
The dnsmasq package installs a ${sysconfigdir}/dnsmasq.d directory but
doesn't currently use any configuration files that might be placed
there. This goes against what the user would expect and doesn't match
what you see in other distros.
We could ensure this config directory is read when dnsmasq is started,
as we are doing here, or by including it in the main dnsmasq.conf
file. By doing it here we can have better reuseability of the main
dnsmasq.conf file by other instances of dnsmasq.
There are currently no files added to the dnsmasq.d directory for core
oe images, so this should not result in any runtime behavior changes.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
Correct do_compile_append() and do_install(), as the location of
the DHCP lease tools has changed.
Signed-off-by: Terry Boese <terry.boese@vecima.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
base_contains() is a compatibility wrapper and may warn in the future, so
replace all instances with bb.utils.contains().
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
The changes made in commit 2497cf2960537152427c99629b2af412787eb6c2
[dnsmasq: steal resolvconf support from Ubuntu] broke systemd only
dnsmasq runtime. No sysvinit scripts are included in systemd only
builds (and should not be) and the dnsmasq executable has not moved to
/usr/sbin.
Reverting to the previous version of the systemd service file. If
folks want the local dnsmasq instance to be queried before going to
an external DNS they should add 'nameserver 127.0.0.1' to
/etc/resolv.conf. Or submit a change which will work with systemd.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Acked-by: Anders Darander <anders@chargestorm.se>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
Add support for resolvconf integration as done in Ubuntu. This implies
updates of start-scripts, resolvconf plugin (on nameserver update ...),
populate-volatiles control file for saved nameserver list.
Signed-off-by: Jens Rehsack <sno@netbsd.org>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
Dnsmasq functions as DHCP and DNS servers by default and listens on all
interfaces. This conflicts with other DHCP or DNS servers already on
the network and corrupts DNS configuration on Windows systems.
We noticed that after installing docker, the Linux system became a
magnet for DNS requests coming from Windows systems. Dnsmasq is a
dependency for lxc which is recommended for docker.
Windows periodically broadcasts DHCPInform and DHCP servers reply with
DHCPAck. If the DHCPAck from the Linux target reaches the Windows
system first, Windows changes its DNS server IP to the Linux system
running dnsmasq. Dnsmasq ends up forwarding the DNS requests to the
official DNS server and replies back the answer to the original
requestor. The Linux system transparently becomes a DNS proxy on the
subnet.
Signed-off-by: Ovidiu Vancea <ovidiu.vancea@ni.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
-parallel-make.patch is not needed any more,so delete.
Signed-off-by: Lei Maohui <leimaohui@cn.fujitsu.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
SECTION has been used inconsistently throughout the recipes in this layer.
Convert them to all use the same convention.
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
Refreshed lua.patch due to whitespace changes in top-level Makefile.
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
Signed-off-by: Christopher Larson <chris_larson@mentor.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
Signed-off-by: Christopher Larson <chris_larson@mentor.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
Patches really belong in the recipe, not the .inc, given patches are generally
version-bound.
Signed-off-by: Christopher Larson <chris_larson@mentor.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
Signed-off-by: Christopher Larson <chris_larson@mentor.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
dnsmasq runs pkg-config to get cflags/libs for its dependencies.
Signed-off-by: Christopher Larson <chris_larson@mentor.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
The dnsmasq target depends on .configured and $(objs). .configured does an rm
-f *.o. Yet the only thing telling make to build the .configured target before
the $(objs) target was the order of the dependencies of the dnsmasq target. We
can't rely on that order when doing a paralllel make build, so add an explicit
rule to enforce that order.
Signed-off-by: Christopher Larson <kergoth@gmail.com>
Signed-off-by: Shrikant Bobade <Shrikant_Bobade@mentor.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
Fixes a bug with libvirt and DHCP, which is fixed in 2.66.
"Handle the situation where libc headers define
SO_REUSEPORT, but the kernel in use doesn't, to cope with
the introduction of this option to Linux. Thanks to Rich
Felker for the bug report."
Signed-off-by: Christian Ziethén <Christian.Ziethen@enea.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
A minimum dnsmasq version of 2.5.9 is required deal with IPv6 link local
addresses. So instead of just going to the minimum version, we can go
all the way to 2.6.3.
As part of this update, the following changes have been made in addition to
the pure version update:
- PR is dropped in favour of PRSERVER functionality
- dhcp_release is added to the default build, since it is used in the
cleanup phase for virtual machines.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
* Make dbus a PACKAGECONFIG option and remove dnsmasq-dbus recipe
* Set LICENSE to correctly indicate choice of licenses
* Set SUMMARY instead of DESCRIPTION
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|