gentoo Easter resync : 12.04.2020

3 files changed, 43 insertions, 2 deletions

diff --git a/net-dns/dnsmasq/Manifest b/net-dns/dnsmasq/Manifest
index 745a3a8f2695..1aaefb1cecf6 100644
--- a/net-dns/dnsmasq/Manifest
+++ b/net-dns/dnsmasq/Manifest
@@ -1,3 +1,4 @@
+AUX dnsmasq-2.80-cve-2019-14834.patch 1514 BLAKE2B 24aad94e0a324007c782337b94ee88dc61fdb3e23b06717a4f09255dfcadfa9091c211994d5b842a898692bd5302d96a2b2c4c2a551863a1f0bd7ff7a62c3df4 SHA512 1cb0148d93388c09762d770719dc842aa0b04c0770fb82ae6f3de4cf7c2742055cf54f1915d93bfaac543ccccd48d66fd6191758f0541ba8c30936af97b96296
 AUX dnsmasq-2.80-linux-headers-5.2.patch 696 BLAKE2B 10f39e0e7eab2f6d4b621bd33d558a93ff310c9800d0a8db3ff280f77556d0e9e05287d50e14f95661aaf56c2456939605bf0541fc0bd2d96b0d27d9f14cb85a SHA512 5a46deec52d18fe231c0f794c39ce97414c9fb0a1e26fda5e1d3c350a6c00652d193d1e4f55b14adbaa61a23c97683cde172711e8934b271b33ee9d4e0889135
 AUX dnsmasq-2.80-nettle-3.5.patch 1494 BLAKE2B e65092e18f8fbaa3b0f8be637b18ec976da1a1752b621ce1e1337bdc85e529ccf4bb21988296cae6574e8ff26983c32731656a751631455713afd93c0f7ea41d SHA512 df64088b22f996ff228fce18dd05b329d9fdf7b02290bc3992546004394e662be7bc416dc718ea866341403234eb20efd5bbf1eec96df1cb6ab099ebfd3fdee4
 AUX dnsmasq-init-dhcp-r3 721 BLAKE2B 94a7542419e2c931149edbd5a5167c7fcbe0233e48f3ed854dfe26090b596c4f2549e37d2680bfceb1c6d21f475012f81a2102bde85e7cd609979e555dbcfa3d SHA512 f7a64fb84a7877b5ec629f9ed92419799913b8f2f73594c510aedc083d72c5c1862da7e5aed4485102c3b89ca7217bcca88e7cdde82f5a65d4cd4bb19017c2fe
@@ -6,5 +7,5 @@ AUX dnsmasq.confd-r1 170 BLAKE2B 84d5cdb15236c9e1c83fa53d0e401df90e86c6687cc88f9
 AUX dnsmasq.logrotate 176 BLAKE2B 4932be8c2a4ba37e0ed61361cdfae6e6cd498e5292f9002a3426c05632896a5f94a84ada168d672cb38e236cbde72b59201c970e348ba052dff655be1a9a57b4 SHA512 b59b299849487dcdfc18ab30ded0605e2df4876cb778b2d1cd03b740406a5580001028eb33f1ecf0dc910f393c58b7cad7c28801aa4641c3fa376e3dac997abf
 AUX dnsmasq.service-r1 278 BLAKE2B 3bfe6a01efd5f8338c3bb134a061f8ecbef850293c4a8fce1f7360928a374fe4c429df1f8ec2ffc093752234f9e2ccc717a887fa2557e3efd99ab6bd58f9ac0f SHA512 3571417b23071d9c3cfaf6d00363adb2cb011d04f1ed38631ddecd6eaa2c9ed37e1435a1fd32c40b0de43b0a84dd1ac8691a0a29493b391bafbb843d581bafc1
 DIST dnsmasq-2.80.tar.xz 501072 BLAKE2B 39c9808df43a22e32286105c9e001b2f817a4f68b92b84282eeb8cfeaa61404d64275bbb3f944bec6fac1b015987fba6aeab7a88201446c0cff67f02c8d88d8c SHA512 58e56beb553fc41311e5dc16d8b0eb3b6801e2bdfbcd0e7a6659703f08960b6ad10d48b0b14a4d727636faf35483e01597cff2ae49e7fe9fa9e214f437b1c068
-EBUILD dnsmasq-2.80-r1.ebuild 4785 BLAKE2B 160e80bba3296fab50cdcff099b4b2aa1ec5dc7332895bc4bad36a97a9a3bc0a1cc1a00ba2f90a743ca7fbbc09c9576e6a11200a8a1a4974344a80e2ac08477c SHA512 87ee450195e6032ffa5f651133863cb1d6e49a1f1d877b7981f5a3e0f353f275332e54dc1f4bcb4d686ace3174cddf22ebf5eccd6d2ab1f7c01da653ac389ac9
+EBUILD dnsmasq-2.80-r2.ebuild 4831 BLAKE2B 6f9d26f373d551c7e623126daac06236dfd28a6bb1e8b240ce7cc67e925d1613463e2c8e95549aaad04566712ab697a57f039593dd94feb3e96768074831d90f SHA512 ded0f38b712acb054ebb2ddf13defbb79a162857d0432f781dad8d2aa63a115a6367fa679f2d39563a8f189b549060d119fec98f9832300e61339f03031b6efb
 MISC metadata.xml 1247 BLAKE2B cdaa193ae5c90b1f833968bafb1e725be1f67d21ee9025552fe2c153d096f2b4b7cd505aabe3713678426bea2a1059de3eeebd58a9d81793520f2690e5bf4851 SHA512 24cd4320dad43122014b0c5ddd5d65a199ef6d0bb378738180e03e4f0410cc1c21ee46b7973bdadca6e6323f3e9c6ce0073a813d4ecfe3e6bac44645dc9970dc
diff --git a/net-dns/dnsmasq/dnsmasq-2.80-r1.ebuild b/net-dns/dnsmasq/dnsmasq-2.80-r2.ebuild
index 21ac335b7b86..b1920a182914 100644
--- a/net-dns/dnsmasq/dnsmasq-2.80-r1.ebuild
+++ b/net-dns/dnsmasq/dnsmasq-2.80-r2.ebuild
@@ -11,7 +11,7 @@ SRC_URI="http://www.thekelleys.org.uk/dnsmasq/${P}.tar.xz"
 
 LICENSE="|| ( GPL-2 GPL-3 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 hppa ia64 ~mips ppc ppc64 ~s390 ~sh sparc x86"
+KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~mips ppc ppc64 ~s390 sparc x86"
 
 IUSE="auth-dns conntrack dbus +dhcp dhcp-tools dnssec +dumpfile id idn libidn2"
 IUSE+=" +inotify ipv6 lua nls script selinux static tftp"
@@ -56,6 +56,7 @@ REQUIRED_USE="dhcp-tools? ( dhcp )
 PATCHES=(
 	"${FILESDIR}/dnsmasq-2.80-nettle-3.5.patch"
 	"${FILESDIR}/dnsmasq-2.80-linux-headers-5.2.patch"
+	"${FILESDIR}/dnsmasq-2.80-cve-2019-14834.patch"
 )
 
 use_have() {
diff --git a/net-dns/dnsmasq/files/dnsmasq-2.80-cve-2019-14834.patch b/net-dns/dnsmasq/files/dnsmasq-2.80-cve-2019-14834.patch
new file mode 100644
index 000000000000..a44ceabece71
--- /dev/null
+++ b/net-dns/dnsmasq/files/dnsmasq-2.80-cve-2019-14834.patch
@@ -0,0 +1,39 @@
+Fix memory leak in helper.c
+
+Thanks to Xu Mingjie <xumingjie1995@outlook.com> for spotting this.
+
+author: Simon Kelley <simon@thekelleys.org.uk>	
+commit-url: http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=69bc94779c2f035a9fffdb5327a54c3aeca73ed5
+diff --git a/src/helper.c b/src/helper.c
+index 33ba120..c392eec 100644 (file)
+--- a/src/helper.c
++++ b/src/helper.c
+@@ -80,7 +80,8 @@ int create_helper(int event_fd, int err_fd, uid_t uid, gid_t gid, long max_fd)
+   pid_t pid;
+   int i, pipefd[2];
+   struct sigaction sigact;
+-
++  unsigned char *alloc_buff = NULL;
++  
+   /* create the pipe through which the main program sends us commands,
+      then fork our process. */
+   if (pipe(pipefd) == -1 || !fix_fd(pipefd[1]) || (pid = fork()) == -1)
+@@ -186,11 +187,16 @@ int create_helper(int event_fd, int err_fd, uid_t uid, gid_t gid, long max_fd)
+       struct script_data data;
+       char *p, *action_str, *hostname = NULL, *domain = NULL;
+       unsigned char *buf = (unsigned char *)daemon->namebuff;
+-      unsigned char *end, *extradata, *alloc_buff = NULL;
++      unsigned char *end, *extradata;
+       int is6, err = 0;
+       int pipeout[2];
+ 
+-      free(alloc_buff);
++      /* Free rarely-allocated memory from previous iteration. */
++      if (alloc_buff)
++       {
++         free(alloc_buff);
++         alloc_buff = NULL;
++       }
+       
+       /* we read zero bytes when pipe closed: this is our signal to exit */ 
+       if (!read_write(pipefd[0], (unsigned char *)&data, sizeof(data), 1))