* [PR PATCH] dnsmasq: patch for CVE-2019-14834
@ 2020-01-09 5:17 voidlinux-github
2020-01-09 11:42 ` [PR PATCH] [Merged]: " voidlinux-github
0 siblings, 1 reply; 2+ messages in thread
From: voidlinux-github @ 2020-01-09 5:17 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 318 bytes --]
There is a new pull request by ndowens against master on the void-packages repository
https://github.com/ndowens/void-packages dnsmasq
https://github.com/void-linux/void-packages/pull/18124
dnsmasq: patch for CVE-2019-14834
A patch file from https://github.com/void-linux/void-packages/pull/18124.patch is attached
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-dnsmasq-18124.patch --]
[-- Type: text/x-diff, Size: 2723 bytes --]
From 7e89743e1dc581a02e0d72586cdc84dbc94112f1 Mon Sep 17 00:00:00 2001
From: Nathan Owens <ndowens04@gmail.com>
Date: Wed, 8 Jan 2020 23:15:05 -0600
Subject: [PATCH] dnsmasq: patch for CVE-2019-14834
---
srcpkgs/dnsmasq/patches/CVE-2019-14834.patch | 45 ++++++++++++++++++++
srcpkgs/dnsmasq/template | 2 +-
2 files changed, 46 insertions(+), 1 deletion(-)
create mode 100644 srcpkgs/dnsmasq/patches/CVE-2019-14834.patch
diff --git a/srcpkgs/dnsmasq/patches/CVE-2019-14834.patch b/srcpkgs/dnsmasq/patches/CVE-2019-14834.patch
new file mode 100644
index 00000000000..77748e31bdc
--- /dev/null
+++ b/srcpkgs/dnsmasq/patches/CVE-2019-14834.patch
@@ -0,0 +1,45 @@
+From 69bc94779c2f035a9fffdb5327a54c3aeca73ed5 Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Wed, 14 Aug 2019 20:44:50 +0100
+Subject: [PATCH] Fix memory leak in helper.c
+
+Thanks to Xu Mingjie <xumingjie1995@outlook.com> for spotting this.
+---
+ src/helper.c | 12 +++++++++---
+ 1 file changed, 9 insertions(+), 3 deletions(-)
+
+diff --git a/src/helper.c b/src/helper.c
+index 33ba120..c392eec 100644
+--- src/helper.c
++++ src/helper.c
+@@ -80,7 +80,8 @@ int create_helper(int event_fd, int err_fd, uid_t uid, gid_t gid, long max_fd)
+ pid_t pid;
+ int i, pipefd[2];
+ struct sigaction sigact;
+-
++ unsigned char *alloc_buff = NULL;
++
+ /* create the pipe through which the main program sends us commands,
+ then fork our process. */
+ if (pipe(pipefd) == -1 || !fix_fd(pipefd[1]) || (pid = fork()) == -1)
+@@ -186,11 +187,16 @@ int create_helper(int event_fd, int err_fd, uid_t uid, gid_t gid, long max_fd)
+ struct script_data data;
+ char *p, *action_str, *hostname = NULL, *domain = NULL;
+ unsigned char *buf = (unsigned char *)daemon->namebuff;
+- unsigned char *end, *extradata, *alloc_buff = NULL;
++ unsigned char *end, *extradata;
+ int is6, err = 0;
+ int pipeout[2];
+
+- free(alloc_buff);
++ /* Free rarely-allocated memory from previous iteration. */
++ if (alloc_buff)
++ {
++ free(alloc_buff);
++ alloc_buff = NULL;
++ }
+
+ /* we read zero bytes when pipe closed: this is our signal to exit */
+ if (!read_write(pipefd[0], (unsigned char *)&data, sizeof(data), 1))
+--
+1.7.10.4
diff --git a/srcpkgs/dnsmasq/template b/srcpkgs/dnsmasq/template
index 946e9792655..a4e6be72e78 100644
--- a/srcpkgs/dnsmasq/template
+++ b/srcpkgs/dnsmasq/template
@@ -1,7 +1,7 @@
# Template file for 'dnsmasq'
pkgname=dnsmasq
version=2.80
-revision=6
+revision=7
conf_files="/etc/dnsmasq.conf"
hostmakedepends="pkg-config"
makedepends="dbus-devel libcap-devel libidn2-devel $(vopt_if dnssec nettle-devel)"
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [PR PATCH] [Merged]: dnsmasq: patch for CVE-2019-14834
2020-01-09 5:17 [PR PATCH] dnsmasq: patch for CVE-2019-14834 voidlinux-github
@ 2020-01-09 11:42 ` voidlinux-github
0 siblings, 0 replies; 2+ messages in thread
From: voidlinux-github @ 2020-01-09 11:42 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 167 bytes --]
There's a merged pull request on the void-packages repository
dnsmasq: patch for CVE-2019-14834
https://github.com/void-linux/void-packages/pull/18124
Description:
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2020-01-09 11:42 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-01-09 5:17 [PR PATCH] dnsmasq: patch for CVE-2019-14834 voidlinux-github
2020-01-09 11:42 ` [PR PATCH] [Merged]: " voidlinux-github
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).