Here is an update to dnsmasq 2.87.
Index: Makefile =================================================================== RCS file: /home/cvs/ports/net/dnsmasq/Makefile,v retrieving revision 1.62 diff -u -p -u -p -r1.62 Makefile --- Makefile 24 Apr 2022 19:16:29 -0000 1.62 +++ Makefile 26 Sep 2022 05:47:10 -0000 @@ -1,12 +1,11 @@ COMMENT= lightweight caching DNS forwarder, DHCP and TFTP server -DISTNAME= dnsmasq-2.86 -REVISION= 0 +DISTNAME= dnsmasq-2.87 CATEGORIES= net -MASTER_SITES= https://www.thekelleys.org.uk/dnsmasq/ +MASTER_SITES= https://thekelleys.org.uk/dnsmasq/ EXTRACT_SUFX= .tar.xz -HOMEPAGE= https://www.thekelleys.org.uk/dnsmasq/doc.html +HOMEPAGE= https://dnsmasq.org/ MAINTAINER= Brad Smith <b...@comstyle.com> Index: distinfo =================================================================== RCS file: /home/cvs/ports/net/dnsmasq/distinfo,v retrieving revision 1.41 diff -u -p -u -p -r1.41 distinfo --- distinfo 7 Oct 2021 21:39:03 -0000 1.41 +++ distinfo 26 Sep 2022 05:47:27 -0000 @@ -1,2 +1,2 @@ -SHA256 (dnsmasq-2.86.tar.xz) = KNUs/J4gBKxPhSdPUrMuFke028l2G4Ln3h5BxJkH6wg= -SIZE (dnsmasq-2.86.tar.xz) = 531404 +SHA256 (dnsmasq-2.87.tar.xz) = AijANkp/I1b9fn8VSZN8vzCZp407LrG6W7DDHiuJ3no= +SIZE (dnsmasq-2.87.tar.xz) = 540528 Index: patches/patch-man_dnsmasq_8 =================================================================== RCS file: /home/cvs/ports/net/dnsmasq/patches/patch-man_dnsmasq_8,v retrieving revision 1.30 diff -u -p -u -p -r1.30 patch-man_dnsmasq_8 --- patches/patch-man_dnsmasq_8 11 Mar 2022 19:45:55 -0000 1.30 +++ patches/patch-man_dnsmasq_8 13 Aug 2022 05:36:50 -0000 @@ -17,8 +17,8 @@ Index: man/dnsmasq.8 .TP .B \-v, --version Print the version number. -@@ -2098,7 +2097,7 @@ in the configuration file included. Secondly, the file - therein is updated when dnsmasq receives SIGHUP. +@@ -2178,7 +2177,7 @@ and /share/ads-domains.gz containing a compressed + list of ad server domains will save disk space with large ad-server blocklists. .SH CONFIG FILE At startup, dnsmasq reads -.I /etc/dnsmasq.conf, @@ -26,7 +26,7 @@ Index: man/dnsmasq.8 if it exists. (On FreeBSD, the file is .I /usr/local/etc/dnsmasq.conf -@@ -2555,7 +2554,7 @@ dnsmasq has no direct way of determining the charset i +@@ -2637,7 +2636,7 @@ dnsmasq has no direct way of determining the charset i assume that it is the system default. .SH FILES Index: patches/patch-src_config_h =================================================================== RCS file: /home/cvs/ports/net/dnsmasq/patches/patch-src_config_h,v retrieving revision 1.27 diff -u -p -u -p -r1.27 patch-src_config_h --- patches/patch-src_config_h 11 Mar 2022 19:45:55 -0000 1.27 +++ patches/patch-src_config_h 11 Mar 2022 21:52:29 -0000 @@ -12,7 +12,7 @@ Index: src/config.h #define TFTP_MAX_CONNECTIONS 50 /* max simultaneous connections */ #define LOG_MAX 5 /* log-queue length */ #define RANDFILE "/dev/urandom" -@@ -212,7 +212,7 @@ RESOLVFILE +@@ -216,7 +216,7 @@ RESOLVFILE # if defined(__FreeBSD__) # define CONFFILE "/usr/local/etc/dnsmasq.conf" # else Index: patches/patch-src_rfc3315_c =================================================================== RCS file: patches/patch-src_rfc3315_c diff -N patches/patch-src_rfc3315_c --- patches/patch-src_rfc3315_c 24 Apr 2022 19:16:29 -0000 1.3 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,161 +0,0 @@ -Fix write-after-free error in DHCPv6 code. CVE-2022-0934 refers. -03345ecefeb0d82e3c3a4c28f27c3554f0611b39 - -Index: src/rfc3315.c ---- src/rfc3315.c.orig -+++ src/rfc3315.c -@@ -33,9 +33,9 @@ struct state { - unsigned int mac_len, mac_type; - }; - --static int dhcp6_maybe_relay(struct state *state, void *inbuff, size_t sz, -+static int dhcp6_maybe_relay(struct state *state, unsigned char *inbuff, size_t sz, - struct in6_addr *client_addr, int is_unicast, time_t now); --static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_t sz, int is_unicast, time_t now); -+static int dhcp6_no_relay(struct state *state, int msg_type, unsigned char *inbuff, size_t sz, int is_unicast, time_t now); - static void log6_opts(int nest, unsigned int xid, void *start_opts, void *end_opts); - static void log6_packet(struct state *state, char *type, struct in6_addr *addr, char *string); - static void log6_quiet(struct state *state, char *type, struct in6_addr *addr, char *string); -@@ -104,12 +104,12 @@ unsigned short dhcp6_reply(struct dhcp_context *contex - } - - /* This cost me blood to write, it will probably cost you blood to understand - srk. */ --static int dhcp6_maybe_relay(struct state *state, void *inbuff, size_t sz, -+static int dhcp6_maybe_relay(struct state *state, unsigned char *inbuff, size_t sz, - struct in6_addr *client_addr, int is_unicast, time_t now) - { - void *end = inbuff + sz; - void *opts = inbuff + 34; -- int msg_type = *((unsigned char *)inbuff); -+ int msg_type = *inbuff; - unsigned char *outmsgtypep; - void *opt; - struct dhcp_vendor *vendor; -@@ -259,15 +259,15 @@ static int dhcp6_maybe_relay(struct state *state, void - return 1; - } - --static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_t sz, int is_unicast, time_t now) -+static int dhcp6_no_relay(struct state *state, int msg_type, unsigned char *inbuff, size_t sz, int is_unicast, time_t now) - { - void *opt; -- int i, o, o1, start_opts; -+ int i, o, o1, start_opts, start_msg; - struct dhcp_opt *opt_cfg; - struct dhcp_netid *tagif; - struct dhcp_config *config = NULL; - struct dhcp_netid known_id, iface_id, v6_id; -- unsigned char *outmsgtypep; -+ unsigned char outmsgtype; - struct dhcp_vendor *vendor; - struct dhcp_context *context_tmp; - struct dhcp_mac *mac_opt; -@@ -296,12 +296,13 @@ static int dhcp6_no_relay(struct state *state, int msg - v6_id.next = state->tags; - state->tags = &v6_id; - -- /* copy over transaction-id, and save pointer to message type */ -- if (!(outmsgtypep = put_opt6(inbuff, 4))) -+ start_msg = save_counter(-1); -+ /* copy over transaction-id */ -+ if (!put_opt6(inbuff, 4)) - return 0; - start_opts = save_counter(-1); -- state->xid = outmsgtypep[3] | outmsgtypep[2] << 8 | outmsgtypep[1] << 16; -- -+ state->xid = inbuff[3] | inbuff[2] << 8 | inbuff[1] << 16; -+ - /* We're going to be linking tags from all context we use. - mark them as unused so we don't link one twice and break the list */ - for (context_tmp = state->context; context_tmp; context_tmp = context_tmp->current) -@@ -347,7 +348,7 @@ static int dhcp6_no_relay(struct state *state, int msg - (msg_type == DHCP6REQUEST || msg_type == DHCP6RENEW || msg_type == DHCP6RELEASE || msg_type == DHCP6DECLINE)) - - { -- *outmsgtypep = DHCP6REPLY; -+ outmsgtype = DHCP6REPLY; - o1 = new_opt6(OPTION6_STATUS_CODE); - put_opt6_short(DHCP6USEMULTI); - put_opt6_string("Use multicast"); -@@ -619,11 +620,11 @@ static int dhcp6_no_relay(struct state *state, int msg - struct dhcp_netid *solicit_tags; - struct dhcp_context *c; - -- *outmsgtypep = DHCP6ADVERTISE; -+ outmsgtype = DHCP6ADVERTISE; - - if (opt6_find(state->packet_options, state->end, OPTION6_RAPID_COMMIT, 0)) - { -- *outmsgtypep = DHCP6REPLY; -+ outmsgtype = DHCP6REPLY; - state->lease_allocate = 1; - o = new_opt6(OPTION6_RAPID_COMMIT); - end_opt6(o); -@@ -809,7 +810,7 @@ static int dhcp6_no_relay(struct state *state, int msg - int start = save_counter(-1); - - /* set reply message type */ -- *outmsgtypep = DHCP6REPLY; -+ outmsgtype = DHCP6REPLY; - state->lease_allocate = 1; - - log6_quiet(state, "DHCPREQUEST", NULL, ignore ? _("ignored") : NULL); -@@ -924,7 +925,7 @@ static int dhcp6_no_relay(struct state *state, int msg - int address_assigned = 0; - - /* set reply message type */ -- *outmsgtypep = DHCP6REPLY; -+ outmsgtype = DHCP6REPLY; - - log6_quiet(state, msg_type == DHCP6RENEW ? "DHCPRENEW" : "DHCPREBIND", NULL, NULL); - -@@ -1057,7 +1058,7 @@ static int dhcp6_no_relay(struct state *state, int msg - int good_addr = 0; - - /* set reply message type */ -- *outmsgtypep = DHCP6REPLY; -+ outmsgtype = DHCP6REPLY; - - log6_quiet(state, "DHCPCONFIRM", NULL, NULL); - -@@ -1121,7 +1122,7 @@ static int dhcp6_no_relay(struct state *state, int msg - log6_quiet(state, "DHCPINFORMATION-REQUEST", NULL, ignore ? _("ignored") : state->hostname); - if (ignore) - return 0; -- *outmsgtypep = DHCP6REPLY; -+ outmsgtype = DHCP6REPLY; - tagif = add_options(state, 1); - break; - } -@@ -1130,7 +1131,7 @@ static int dhcp6_no_relay(struct state *state, int msg - case DHCP6RELEASE: - { - /* set reply message type */ -- *outmsgtypep = DHCP6REPLY; -+ outmsgtype = DHCP6REPLY; - - log6_quiet(state, "DHCPRELEASE", NULL, NULL); - -@@ -1195,7 +1196,7 @@ static int dhcp6_no_relay(struct state *state, int msg - case DHCP6DECLINE: - { - /* set reply message type */ -- *outmsgtypep = DHCP6REPLY; -+ outmsgtype = DHCP6REPLY; - - log6_quiet(state, "DHCPDECLINE", NULL, NULL); - -@@ -1275,7 +1276,12 @@ static int dhcp6_no_relay(struct state *state, int msg - } - - } -- -+ -+ /* Fill in the message type. Note that we store the offset, -+ not a direct pointer, since the packet memory may have been -+ reallocated. */ -+ ((unsigned char *)(daemon->outpacket.iov_base))[start_msg] = outmsgtype; -+ - log_tags(tagif, state->xid); - log6_opts(0, state->xid, daemon->outpacket.iov_base + start_opts, daemon->outpacket.iov_base + save_counter(-1)); -
