From patchwork Sat Jan 20 08:39:33 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kevin 'ldir' Darbyshire-Bryant X-Patchwork-Id: 863938 X-Patchwork-Delegate: jow@openwrt.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.infradead.org (client-ip=65.50.211.133; helo=bombadil.infradead.org; envelope-from=lede-dev-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="fuXTNVW3"; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=darbyshire-bryant.me.uk header.i=@darbyshire-bryant.me.uk header.b="yu7QhCj/"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [65.50.211.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3zNrjW2PYkz9s0g for ; Sat, 20 Jan 2018 19:39:59 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:Subject:MIME-Version:Message-Id:Date:To :From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References: List-Owner; bh=j/THg+9/15oEMzpl3PDDhnoYhpClCVNd7kQ5ZU36+4k=; b=fuXTNVW3iyTCK+ t3bqz6aXueZMhS0PxRvVoe0sbHP2/mBoDU+eI3LM/XA+YTNLXgznCdMpZIhk2wDyk5FPgu9EEqrKk foSHGoyJH6miVIiqZl9aP2hK72FmyogagBsrtZY/nSV057VfbrqN30lqrUnby9HM7YtIDa2Yzzy4+ LGUwRuCgAXCAogH/AOEx8OjGs6Ds/ZmHBXD3i6r9W098fgvehhC+FiCxuJrA/QkOu/cMCbdpraqad xXSBZyjTlE6vOmUFeUWa0g1p6yLDcnG03vSzqAIkgSuFjK3ekSyOZ/HIej7wovyoMN5MOvlJcfsiD hjSsXvCo8zSQPqTYrw4A==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.89 #1 (Red Hat Linux)) id 1ecogv-0004Qh-21; Sat, 20 Jan 2018 08:39:57 +0000 Received: from mail-eopbgr60080.outbound.protection.outlook.com ([40.107.6.80] helo=EUR01-DB5-obe.outbound.protection.outlook.com) by bombadil.infradead.org with esmtps (Exim 4.89 #1 (Red Hat Linux)) id 1ecogr-0004P0-1R for lede-dev@lists.infradead.org; Sat, 20 Jan 2018 08:39:55 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=darbyshire-bryant.me.uk; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=AbdIKebtZiwtXNgJom4yGUSVYySJ7Fn4ZPXrVz/khTE=; b=yu7QhCj/rWwBGv9ATu2IP2Zv2zK1yms3ceqa//Xw555TnxsDXu16OP80i0CRPG9RBSyW5EUk8V5fbrdHFi7H37R35SozCrjjJdmQsf6LWYfQzRgnoDmSA7oioNyd/JbW8ENoNKPPsXL4/EyuG4r84pX7aX3xCbHp7afgXuX7FT0= Received: from Rowlf.darbyshire-bryant.me.uk (151.224.34.91) by AM0PR0702MB3732.eurprd07.prod.outlook.com (2603:10a6:208:26::25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.444.5; Sat, 20 Jan 2018 08:39:39 +0000 From: Kevin Darbyshire-Bryant To: lede-dev@lists.infradead.org Date: Sat, 20 Jan 2018 08:39:33 +0000 Message-Id: <20180120083933.27693-1-ldir@darbyshire-bryant.me.uk> X-Mailer: git-send-email 2.14.3 (Apple Git-98) MIME-Version: 1.0 X-Originating-IP: [151.224.34.91] X-ClientProxiedBy: LNXP265CA0025.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:5c::13) To AM0PR0702MB3732.eurprd07.prod.outlook.com (2603:10a6:208:26::25) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 569b1fe6-8bbe-4bb9-a054-08d55fe1580c X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(7021125)(5600026)(4604075)(4534125)(7022125)(4602075)(4603075)(4627221)(201702281549075)(7048125)(7024125)(7027125)(7028125)(7023125)(2017052603307)(7153060)(7193020); SRVR:AM0PR0702MB3732; X-Microsoft-Exchange-Diagnostics: 1; AM0PR0702MB3732; 3:T97in73QKh1ZeEVcnsSUCVnUFOMPa+OuOEHwaPEl8vQl2bQ3S2+HmWtNar7boTpIkLZ7waqGFp+1Xhy4P1i+s0u7XgI78+wEipDUmxVXmKwyy2QF20bUf0qWuSPAy/MnJPCY+Nd/b3yBgHI067A+/ywqilzrdS2z/5x6XKdRa8FmXYt0lcfLo9JcpevLjXUzM3NhP1wxrqKeZN5J+xPyjKj8InEY4H3ZqDVUKN0S/TtnjxCm5XZ7PzMhlUolmznx; 25:jJnEv8yEYK4tvBl0wOPJH7bb9F65FCQ/TD2qIXsAO4K53GrZW/OLHRBVATu+gUpZDMTzmBTWzn1AmjxSEkBMi3unMpeDeP1n1oj1BSyvT1MJ8HoYr8Qptp7D2TShotKBC1YL46+xps/0qlWHTdIGLnCTWn7V/rf62mDnu1dUPmFnkjUEnpaJNCe6fwnEeKziBRrS4kNHQUDlO0IGkYYmKApHv+zkO9GAoFfvL0onG7+Lxm8fNtsHqjG8cuaKPuEjiywKhYcwkACxhrdPCp5GOOzT1lEEPKyFQj4B9M5EPLzU2hGZKqk9+cjUk1ZPABONZH4UHteKlyG5xl+7WAoRRA==; 31:PQ4/jmKAvTwcbtmyqzwBJggVuEVUIkApV1KmKUxLOIJQrPmA3QSkIG3LXXUWvD8qO3ZFVrmTc7rO1eyGE43F1WcsEYA8KVkqGFSVo/ldAWZn2IZ9H9HHYTHePq/vqqcyJNUitCxYBS0louBr9iEtc+Jd7OAI0bbMJ568Rjkpq+mUrIjKdr/HdLF/euK/Aa87dzgt1oKg180zzNzayCz+czymwKKM3CDqk1WmnSbutMs= X-MS-TrafficTypeDiagnostic: AM0PR0702MB3732: X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(192374486261705); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040501)(2401047)(5005006)(8121501046)(10201501046)(3002001)(93006095)(93001095)(3231046)(2400081)(944501161)(6041288)(20161123564045)(20161123558120)(20161123562045)(2016111802025)(20161123560045)(6072148)(6043046)(201708071742011); SRVR:AM0PR0702MB3732; BCL:0; PCL:0; RULEID:(100000803126)(100110400120); SRVR:AM0PR0702MB3732; X-Microsoft-Exchange-Diagnostics: 1; AM0PR0702MB3732; 4:dwno+wRI1rNs0NGQKEGa5k/zU0dsvTCQ9+9x2mkeRAGQM3+zcSYekqa5lXF//Uy1miBsFN5DcTn5HZt4gFLGq1F/pD8zCMnZFSYiqWF/NJXlM5tQAmmsfZkb9pcUxrxrjmV/JC9LiVU0pKC2hqkWMWySh6GGvg6d3bINmLv/I3u7VXmF+Tfvd+gtKJXInCvNA+v5bobwvcoFoGMhYkQ75CYHoL8A7/EfG4OAa+lTJKjlC55he+4b7LWOwUnB3WX6ExETVKpyE+kb4AsunBF+N6uW7ElKwQRbWB21qTjNrJ9RlkF1U28ngxuO8hXPxtak X-Forefront-PRVS: 0558D3C5AC X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(346002)(39830400003)(366004)(396003)(39380400002)(376002)(288314003)(199004)(189003)(16586007)(2361001)(106356001)(5660300001)(53936002)(6916009)(42882006)(6306002)(69596002)(16526018)(26005)(575784001)(50466002)(478600001)(6666003)(2351001)(2906002)(6486002)(47776003)(66066001)(48376002)(316002)(97736004)(51416003)(386003)(53416004)(7736002)(25786009)(68736007)(7696005)(305945005)(52116002)(8676002)(74482002)(107886003)(6116002)(3846002)(81166006)(81156014)(8936002)(50226002)(1076002)(36756003)(4326008)(105586002)(6346003); DIR:OUT; SFP:1101; SCL:1; SRVR:AM0PR0702MB3732; H:Rowlf.darbyshire-bryant.me.uk; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; Received-SPF: None (protection.outlook.com: darbyshire-bryant.me.uk does not designate permitted sender hosts) Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=kevin@darbyshire-bryant.me.uk; X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; AM0PR0702MB3732; 23:5gqFxh6LAdLEwjxi7j/75gtREOtxFThrfQrTUbk?= /2ARLhfK03ZYWuqfv70ccmUuYGtr2B/OsNRtds5s6IxXnpTcZqTDeUsx97mQ1dTp0WQ2qzVAayUMYWGnDBiU26RMDLv7O2FIG+A5N4xoT08+NBzutj+011i11Zlt9yb7pG2x7TgZzp/C6SI9Lyl/56yiuYbNy1czu9yc21D2B7tO8nEnPScoHcOggAS/FDYHkKITEGMeBjAlrMFswJXaSsQYpuRV1cc0ZmIJG8dDl/ntGGvlkjbTcbeWZuf3nLQLAn5lZnDoIQrcqgd4ZcLJXM4M0cw+Gog0O1eJACG8CmB2tZyLsUf/UXE5Kbtm8DbP96SU+7PyEGn8kiBVtQHXdsIYp1Fp+Zqs3LDr8e7gPq7yywA5NuXtx2BeuTCXxljlvCOl0cu/KqL6qPUM3SNCPPNFQDjR4VTHY25G4iJenJ5c9xvX9thnkoTuAOmcBI4cYE/3FBmtdj/DAPWLAMBWhKbRM3V/c6JRTvi1GG/u2mdilOyMm/Si3LyPMJN9Jtw52qEdJK3gq4WwFIjAWkRhQf5yoy2vbwd35+Z+GgifFngf2WDa4vVfT9W+bjk+7rN/82O5bcW8hD1RmtRtknVKVAqI/Wy13qzer5ST/hhiYBEVHWHlScZyq1gytbqflJGZM5cAprL3ypej/lt+ipM35IyF4AITG1dSHiiSSx0f5VkGJ/Sci2wxEk7CEk+3BZ8binMGPGnx5K71jHpNfDaVfBvF95bZ6x5CVbz+CCghc+/2qUIaflUaJuyXCtMgYH9OE92JuLjWxl4c5U4pmYYWbUOF2YXl7LE2vjzOXMnLKMjC/J6gtMSvMJpFZD8lyrI5ITyOmwqrPQ5+o6tSMPHiy5E/Kw9dLGlzUIhyzOnedvjlpyGxUjyR6TVPEKSf3mKfYtzgkxLcJG8m6MWGhMAuWRXj8muBAlIY4sdCC5J9NLRYP4HvIw+wLHjg3NIEe2ztu/h11y9HDotJKQc8k+3jMUmz2RbwjC9rTEHGEfO63mWtFoqOsLK4gc9x0r15aLQ53l/Q5X6tSAtKr5BmquVFSmDoyM2qaV25rNmFYdOwrl5+/8UPwlMAbhgC/ea55SuW6ztWsfzxnpg3RtYQysiLY1e7vKW6I0zell3+eUyxwYsvuivXIg6WDihMH1mCuDXxnNsp+jTVxyDvh1DOVQRXDCllG40qJpdiqNFyXpkRS2YFjCxovGYv6YdtW78TkwpkxWhI= X-Microsoft-Exchange-Diagnostics: 1; AM0PR0702MB3732; 6:YUuj8Xx5jO/22HNymN2cfGsoQlM4umU2Bv31zcrvxFax0OE8N2KrY0zm4Iu4QFG+wKG12EzwiPWyj/zri5kVdssio93tfiZrfRNetxJOs6Jh4tzPUTOP9E6a8C+UaP8DUtOtifscp+6aKzR/gqvb5zxpGQqUdecGbRHcHRnrS+Ymo2HzMpjwHEP8Xo+ybx14Mj+wb3p/SEaSY+zTf7rLnEVloEvqLNR4p/zC2ocF2SZKcziyBnQUxGGeXrlGgg1IWXOvlCTZ1iV5Qj5dMX0wkMq3yyEoFgSPCLIh8cgmswAxsWoWpyodrXqTwHexqPewX9iu65POG9dpzxzNDWTdeZpvjSQNnm6ysy7YEjKX3GI=; 5:oKDE/w93IsFkHzSKgACa82nLytE/07+pZooHyobZl+I8yqsby1sjKus1ty9Qsm97Wgs7dDmqaBGvzspkIrE/8+9sl5XkJYd0uJCKmazReCEUTSIL4vdehvvNe+i23zjMv/4754ShEGIhRQNB4W7N6FpUZCqUXwpdM39h99mHI50=; 24:zTO/7XLxnNUNdI/W8CDyXRB0o77v0NTm/IkxlDpxFGfHmAkknUSN3DFWdn/Itir1UWM9emRvIA8zGVDEdHLF7YE+DMznGIH3Fxp56LCkw5w=; 7:AkhdMWIWo3hrs11EpyewUHxBM+IaALEYwwTCAY/ybpIaW2rNGgFCjgEBlojLn695DpCa9YGtaQeImQEthAk6pnYIv+tbB8eDOL3gT+86G23Y8I+LsDr1mCaVtkjD8picslWoZhKeTW+n9ZlIh3l9mVVgtTrv97iiDaVMoaas0eGExsbkc80dZ4sGDryBzO29g0ePT4hOFEikGw4fm2HhbuUfxbhWt9aOhnGIX6VWEZ6ZlbkrD67pJhGIHCsCRkNj SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-OriginatorOrg: darbyshire-bryant.me.uk X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Jan 2018 08:39:39.1514 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 569b1fe6-8bbe-4bb9-a054-08d55fe1580c X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 9151708b-c553-406f-8e56-694f435154a4 X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR0702MB3732 X-Spam-Note: CRM114 invocation failed X-Spam-Score: -2.0 (--) X-Spam-Report: SpamAssassin version 3.4.1 on bombadil.infradead.org summary: Content analysis details: (-2.0 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no trust [40.107.6.80 listed in list.dnswl.org] -0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3) [40.107.6.80 listed in wl.mailspike.net] -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -0.0 SPF_PASS SPF: sender matches SPF record -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.0 RCVD_IN_MSPIKE_WL Mailspike good senders Subject: [LEDE-DEV] [PATCH v1] dnsmasq: backport validation fix in dnssec security fix for 17.01 X-BeenThere: lede-dev@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Kevin Darbyshire-Bryant Sender: "Lede-dev" Errors-To: lede-dev-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org A DNSSEC validation error was introduced in the fix for CVE-2017-15107 Backport the upstream fix to the fix (a simple typo) Signed-off-by: Kevin Darbyshire-Bryant --- package/network/services/dnsmasq/Makefile | 2 +- package/network/services/dnsmasq/patches/270-dnssec-wildcards.patch | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/package/network/services/dnsmasq/Makefile b/package/network/services/dnsmasq/Makefile index f09b3a2d97..cd41b5f0ac 100644 --- a/package/network/services/dnsmasq/Makefile +++ b/package/network/services/dnsmasq/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=dnsmasq PKG_VERSION:=2.78 -PKG_RELEASE:=5 +PKG_RELEASE:=6 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=http://thekelleys.org.uk/dnsmasq/ diff --git a/package/network/services/dnsmasq/patches/270-dnssec-wildcards.patch b/package/network/services/dnsmasq/patches/270-dnssec-wildcards.patch index 029e7ea7af..d13ac2cbad 100644 --- a/package/network/services/dnsmasq/patches/270-dnssec-wildcards.patch +++ b/package/network/services/dnsmasq/patches/270-dnssec-wildcards.patch @@ -160,7 +160,7 @@ in a domain which includes a wildcard for NSEC. + int type_covered; + unsigned char *psav = p1; + -+ if (rdlen < 18) ++ if (rdlen1 < 18) + return 0; /* bad packet */ + + GETSHORT(type_covered, p1);