aboutsummaryrefslogtreecommitdiffstats
path: root/package/network
diff options
context:
space:
mode:
authorKevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>2018-01-20 08:46:28 +0000
committerJo-Philipp Wich <jo@mein.io>2018-01-20 14:25:52 +0100
commit2ae0741f3bd01fd50031959b5635a493628c6df0 (patch)
tree264ff4ca00557794f8057c3de527afd66a86a808 /package/network
parent58d60bd283c6401db8fcad94e3c45e2115a16553 (diff)
downloadupstream-2ae0741f3bd01fd50031959b5635a493628c6df0.tar.gz
upstream-2ae0741f3bd01fd50031959b5635a493628c6df0.tar.bz2
upstream-2ae0741f3bd01fd50031959b5635a493628c6df0.zip
dnsmasq: backport validation fix in dnssec security fix
A DNSSEC validation error was introduced in the fix for CVE-2017-15107 Backport the upstream fix to the fix (a simple typo) Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> (backported from commit adaf1cbcc8b253ea807dbe0416b4b04c33dceadf)
Diffstat (limited to 'package/network')
-rw-r--r--package/network/services/dnsmasq/Makefile2
-rw-r--r--package/network/services/dnsmasq/patches/270-dnssec-wildcards.patch2
2 files changed, 2 insertions, 2 deletions
diff --git a/package/network/services/dnsmasq/Makefile b/package/network/services/dnsmasq/Makefile
index f09b3a2d97..cd41b5f0ac 100644
--- a/package/network/services/dnsmasq/Makefile
+++ b/package/network/services/dnsmasq/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=dnsmasq
PKG_VERSION:=2.78
-PKG_RELEASE:=5
+PKG_RELEASE:=6
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=http://thekelleys.org.uk/dnsmasq/
diff --git a/package/network/services/dnsmasq/patches/270-dnssec-wildcards.patch b/package/network/services/dnsmasq/patches/270-dnssec-wildcards.patch
index 029e7ea7af..d13ac2cbad 100644
--- a/package/network/services/dnsmasq/patches/270-dnssec-wildcards.patch
+++ b/package/network/services/dnsmasq/patches/270-dnssec-wildcards.patch
@@ -160,7 +160,7 @@ in a domain which includes a wildcard for NSEC.
+ int type_covered;
+ unsigned char *psav = p1;
+
-+ if (rdlen < 18)
++ if (rdlen1 < 18)
+ return 0; /* bad packet */
+
+ GETSHORT(type_covered, p1);