Mailinglist Archive: opensuse-commit (794 mails)
| < Previous | Next > |
commit dnsmasq for openSUSE:Factory
- From: root@xxxxxxxxxxxxxxx (h_root)
- Date: Wed, 02 Sep 2009 18:37:13 +0200
- Message-id: <20090902163713.9CB616482@xxxxxxxxxxxxxxx>
Hello community,
here is the log from the commit of package dnsmasq for openSUSE:Factory
checked in at Wed Sep 2 18:37:13 CEST 2009.
--------
--- dnsmasq/dnsmasq.changes 2009-06-16 10:58:20.000000000 +0200
+++ dnsmasq/dnsmasq.changes 2009-09-01 10:51:47.000000000 +0200
@@ -1,0 +2,8 @@
+Tue Sep 1 10:30:14 CEST 2009 - ug@xxxxxxx
+
+- Fix security problem which allowed any host permitted to
+ do TFTP to possibly compromise dnsmasq by remote buffer
+ overflow when TFTP enabled.
+- version 2.50
+
+-------------------------------------------------------------------
calling whatdependson for head-i586
Old:
----
dnsmasq-2.49.tar.bz2
New:
----
dnsmasq-2.50.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ dnsmasq.spec ++++++
--- /var/tmp/diff_new_pack.Z6TS9p/_old 2009-09-02 18:34:18.000000000 +0200
+++ /var/tmp/diff_new_pack.Z6TS9p/_new 2009-09-02 18:34:18.000000000 +0200
@@ -1,5 +1,5 @@
#
-# spec file for package dnsmasq (Version 2.49)
+# spec file for package dnsmasq (Version 2.50)
#
# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
@@ -20,7 +20,7 @@
Name: dnsmasq
Summary: Lightweight, Easy-to-Configure DNS Forwarder and DHCP Server
-Version: 2.49
+Version: 2.50
Release: 1
License: GPL v2 or later
Group: Productivity/Networking/DNS/Servers
++++++ dnsmasq-2.49.tar.bz2 -> dnsmasq-2.50.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/dnsmasq-2.49/CHANGELOG new/dnsmasq-2.50/CHANGELOG
--- old/dnsmasq-2.49/CHANGELOG 2009-06-10 15:01:41.000000000 +0200
+++ new/dnsmasq-2.50/CHANGELOG 2009-08-25 14:21:55.000000000 +0200
@@ -1,3 +1,18 @@
+version 2.50
+ Fix security problem which allowed any host permitted to
+ do TFTP to possibly compromise dnsmasq by remote buffer
+ overflow when TFTP enabled. Thanks to Core Security
+ Technologies and Iván Arce, Pablo Hernán Jorge, Alejandro
+ Pablo Rodriguez, Martín Coco, Alberto Soliño Testa and
+ Pablo Annetta. This problem has Bugtraq id: 36121
+ and CVE: 2009-2957
+
+ Fix a problem which allowed a malicious TFTP client to
+ crash dnsmasq. Thanks to Steve Grubb at Red Hat for
+ spotting this. This problem has Bugtraq id: 36120 and
+ CVE: 2009-2958
+
+
version 2.49
Fix regression in 2.48 which disables the lease-change
script. Thanks to Jose Luis Duran for spotting this.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/dnsmasq-2.49/src/config.h
new/dnsmasq-2.50/src/config.h
--- old/dnsmasq-2.49/src/config.h 2009-06-10 15:03:45.000000000 +0200
+++ new/dnsmasq-2.50/src/config.h 2009-08-21 23:21:55.000000000 +0200
@@ -14,7 +14,7 @@
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
-#define VERSION "2.49"
+#define VERSION "2.50"
#define FTABSIZ 150 /* max number of outstanding requests (default) */
#define MAX_PROCS 20 /* max no children for TCP requests */
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/dnsmasq-2.49/src/tftp.c new/dnsmasq-2.50/src/tftp.c
--- old/dnsmasq-2.49/src/tftp.c 2009-06-08 23:12:43.000000000 +0200
+++ new/dnsmasq-2.50/src/tftp.c 2009-08-21 23:21:56.000000000 +0200
@@ -192,20 +192,21 @@
while ((opt = next(&p, end)))
{
- if (strcasecmp(opt, "blksize") == 0 &&
- (opt = next(&p, end)) &&
- !(daemon->options & OPT_TFTP_NOBLOCK))
+ if (strcasecmp(opt, "blksize") == 0)
{
- transfer->blocksize = atoi(opt);
- if (transfer->blocksize < 1)
- transfer->blocksize = 1;
- if (transfer->blocksize > (unsigned)daemon->packet_buff_sz - 4)
- transfer->blocksize = (unsigned)daemon->packet_buff_sz - 4;
- transfer->opt_blocksize = 1;
- transfer->block = 0;
+ if ((opt = next(&p, end)) &&
+ !(daemon->options & OPT_TFTP_NOBLOCK))
+ {
+ transfer->blocksize = atoi(opt);
+ if (transfer->blocksize < 1)
+ transfer->blocksize = 1;
+ if (transfer->blocksize > (unsigned)daemon->packet_buff_sz -
4)
+ transfer->blocksize = (unsigned)daemon->packet_buff_sz - 4;
+ transfer->opt_blocksize = 1;
+ transfer->block = 0;
+ }
}
-
- if (strcasecmp(opt, "tsize") == 0 && next(&p, end) &&
!transfer->netascii)
+ else if (strcasecmp(opt, "tsize") == 0 && next(&p, end) &&
!transfer->netascii)
{
transfer->opt_transize = 1;
transfer->block = 0;
@@ -217,17 +218,17 @@
{
if (daemon->tftp_prefix[0] == '/')
daemon->namebuff[0] = 0;
- strncat(daemon->namebuff, daemon->tftp_prefix, MAXDNAME);
+ strncat(daemon->namebuff, daemon->tftp_prefix, (MAXDNAME-1) -
strlen(daemon->namebuff));
if (daemon->tftp_prefix[strlen(daemon->tftp_prefix)-1] != '/')
- strncat(daemon->namebuff, "/", MAXDNAME);
+ strncat(daemon->namebuff, "/", (MAXDNAME-1) -
strlen(daemon->namebuff));
if (daemon->options & OPT_TFTP_APREF)
{
size_t oldlen = strlen(daemon->namebuff);
struct stat statbuf;
- strncat(daemon->namebuff, inet_ntoa(peer.sin_addr), MAXDNAME);
- strncat(daemon->namebuff, "/", MAXDNAME);
+ strncat(daemon->namebuff, inet_ntoa(peer.sin_addr), (MAXDNAME-1)
- strlen(daemon->namebuff));
+ strncat(daemon->namebuff, "/", (MAXDNAME-1) -
strlen(daemon->namebuff));
/* remove unique-directory if it doesn't exist */
if (stat(daemon->namebuff, &statbuf) == -1 ||
!S_ISDIR(statbuf.st_mode))
@@ -245,8 +246,7 @@
}
else if (filename[0] == '/')
daemon->namebuff[0] = 0;
- strncat(daemon->namebuff, filename, MAXDNAME);
- daemon->namebuff[MAXDNAME-1] = 0;
+ strncat(daemon->namebuff, filename, (MAXDNAME-1) -
strlen(daemon->namebuff));
/* check permissions and open file */
if ((transfer->file = check_tftp_fileperm(&len)))
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Remember to have fun...
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-commit+help@xxxxxxxxxxxx
| < Previous | Next > |