dnsmasq: update to version 2.79 (security fix) (!42) · Merge requests · Turris / openwrt · GitLab

GitLab now enforces expiry dates on tokens that originally had no set expiration date. Those tokens were given an expiration date of one year later. Please review your personal access tokens, project access tokens, and group access tokens to ensure you are aware of upcoming expirations. Administrators of GitLab can find more information on how to identify and mitigate interruption in our documentation.

Self sign-up has been disabled due to increased spam activity. If you want to get access, please send an email to a project owner (preferred) or at gitlab(at)nic(dot)cz. We apologize for the inconvenience.

Jan Pavlinec requested to merge dnsmasq-fix-dnspooq into test Jan 28, 2021

Note: This commit adds backported patches from unbound to fix dnspooq security issues.

CVE-2020-25681: heap overflow in RRSets sorting
CVE-2020-25682: buffer overflow in extracting names from DNS packets
CVE-2020-25683: heap overflow in DNSSEC validation
CVE-2020-25684: cache poisoning issue via address/port
CVE-2020-25685: cache poisoning issue via weak hash
CVE-2020-25686: birthday attack via incorrect existing requests check
CVE-2020-25687: heap overflow in DNSSEC validation
CVE-2019-14834: memory leak via DHCP response creation

fixes https://gitlab.nic.cz/turris/openwrt/-/issues/348

Run tested on Omnia.

Edited Jan 29, 2021 by Jan Pavlinec