Bug 222739

Summary:

dns/dnsmasq: Security update to 2.78

Product:

Ports & Packages

Reporter:

Bernard Spil <brnrd>

Component:

Individual Port(s)

Assignee:

Matthias Andree <mandree>

Status:

Closed FIXED

Severity:

Affects Many People

CC:

brnrd, delphij, mandree

Priority:

---

Keywords:

needs-qa, patch, security

Version:

Latest

Flags:

delphij: maintainer-feedback+
mandree: maintainer-feedback+

Hardware:

Any

OS:

Any

Attachments:

Description	Flags
svn diff for dns/dnsmasq	mandree: maintainer-approval+

Description Bernard Spil freebsd_committer

2017-10-02 14:18:48 UTC

Created attachment 186864 [details]
svn diff for dns/dnsmasq

```
dns/dnsmasq: Security update to 2.78

PR:
Security: b77b5646-a778-11e7-ac58-b499baebfeaf
```

Built/running locally on 11.1amd64
removed patch is included in the release

Comment 1 Bernard Spil freebsd_committer

2017-10-02 14:21:42 UTC

Builds in vanilla FreeBSD jails
https://brnrd.eu/poudriere/build.html?mastername=110amd64-svn&build=2017-10-02_16h15m04s
https://brnrd.eu/poudriere/build.html?mastername=110i386-svn&build=2017-10-02_16h15m24s
https://brnrd.eu/poudriere/build.html?mastername=103amd64-svn&build=2017-10-02_16h15m44s
https://brnrd.eu/poudriere/build.html?mastername=103i386-svn&build=2017-10-02_16h16m01s

This fixes multiple RCEs... Not seen CVSS scores yet

Comment 2 Xin LI freebsd_committer

2017-10-02 17:13:11 UTC

Hi, Bernard,

Matthias have told us that he would have limited availability for doing the update, since you are already on it, could you please go ahead and commit the fix? (Use Approved by: ports-secteam@ for this and for the MFH).

Thanks in advance!

Cheers,

Comment 3 Matthias Andree freebsd_committer

2017-10-02 18:39:34 UTC

I actually have a bit time on my hands now, so I'll try to do it myself.

Comment 4 commit-hook freebsd_committer

2017-10-02 18:41:13 UTC

A commit references this bug:

Author: brnrd
Date: Mon Oct  2 18:40:31 UTC 2017
New revision: 451095
URL: https://svnweb.freebsd.org/changeset/ports/451095

Log:
  dns/dnsmasq: Security update to 2.78

  PR:		222739
  Approved by:	ports-secteam
  MFH:		2017Q4
  Security:	b77b5646-a778-11e7-ac58-b499baebfeaf

Changes:
  head/dns/dnsmasq/Makefile
  head/dns/dnsmasq/distinfo
  head/dns/dnsmasq/files/patch-src_rfc2131.c

Comment 5 commit-hook freebsd_committer

2017-10-02 18:42:15 UTC

A commit references this bug:

Author: brnrd
Date: Mon Oct  2 18:41:59 UTC 2017
New revision: 451096
URL: https://svnweb.freebsd.org/changeset/ports/451096

Log:
  MFH: r451095

  dns/dnsmasq: Security update to 2.78

  PR:		222739
  Approved by:	ports-secteam
  Security:	b77b5646-a778-11e7-ac58-b499baebfeaf

  Approved by:	ports-secteam (delphij)

Changes:
_U  branches/2017Q4/
  branches/2017Q4/dns/dnsmasq/Makefile
  branches/2017Q4/dns/dnsmasq/distinfo
  branches/2017Q4/dns/dnsmasq/files/patch-src_rfc2131.c

Comment 6 Bernard Spil freebsd_committer

2017-10-02 18:45:06 UTC

(In reply to Matthias Andree from comment #3)
Saw your comment just too late... Just committed the new version.

Please let me know if all's well with the patches.
The removed patch I checked and is part of the upstream tarball.

Comment 7 Matthias Andree freebsd_committer

2017-10-02 18:52:14 UTC

Bernard, thanks a lot, I'll review things.

Comment 8 Matthias Andree freebsd_committer

2017-10-02 19:23:09 UTC

Good job, removing the patch was also the right thing to do. I fixed a typo in the vuln.xml entry, other than that, this seems good.

Xin, Bernard, thanks again! (Also to Google and Simon Kelley.)