!61 Listen only on lo device
From: @renmingshuai Reviewed-by: @zengwefeng Signed-off-by: @zengwefeng
This commit is contained in:
openeuler-ci-bot
Gitee
commit
3dedea855b
34
backport-Listen-only-on-lo-device-fix-CVE-2020-14312.patch
Normal file
34
backport-Listen-only-on-lo-device-fix-CVE-2020-14312.patch
Normal file
@ -0,0 +1,34 @@
|
|||||||
|
Subject: [PATCH] backport-Listen only on lo device fix CVE-2020-14312
|
||||||
|
|
||||||
|
Reference:https://src.fedoraproject.org/rpms/dnsmasq/blob/f32/f/dnsmasq-2.81-configuration.patch
|
||||||
|
---
|
||||||
|
dnsmasq.conf.example | 6 ++++++
|
||||||
|
1 file changed, 6 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/dnsmasq.conf.example b/dnsmasq.conf.example
|
||||||
|
index 6aaa55a..9e1139a 100644
|
||||||
|
--- a/dnsmasq.conf.example
|
||||||
|
+++ b/dnsmasq.conf.example
|
||||||
|
@@ -104,6 +104,8 @@ group=dnsmasq
|
||||||
|
# interface (eg eth0) here.
|
||||||
|
# Repeat the line for more than one interface.
|
||||||
|
#interface=
|
||||||
|
+# Listen only on localhost by default
|
||||||
|
+interface=lo
|
||||||
|
# Or you can specify which interface _not_ to listen on
|
||||||
|
#except-interface=
|
||||||
|
# Or which to listen on by address (remember to include 127.0.0.1 if
|
||||||
|
@@ -122,6 +124,10 @@ group=dnsmasq
|
||||||
|
# uncomment this option. About the only time you may need this is when
|
||||||
|
# running another nameserver on the same machine.
|
||||||
|
#bind-interfaces
|
||||||
|
+# To listen only on localhost and do not receive packets on other
|
||||||
|
+# interfaces, bind only to lo device. Comment out to bind on siggle
|
||||||
|
+# wildcard socket.
|
||||||
|
+bind-interfaces
|
||||||
|
|
||||||
|
# If you don't want dnsmasq to read /etc/hosts, uncomment the
|
||||||
|
# following line.
|
||||||
|
--
|
||||||
|
1.8.3.1
|
||||||
|
|
||||||
@ -1,6 +1,6 @@
|
|||||||
Name: dnsmasq
|
Name: dnsmasq
|
||||||
Version: 2.82
|
Version: 2.82
|
||||||
Release: 10
|
Release: 11
|
||||||
Summary: Dnsmasq provides network infrastructure for small networks
|
Summary: Dnsmasq provides network infrastructure for small networks
|
||||||
License: GPLv2 or GPLv3
|
License: GPLv2 or GPLv3
|
||||||
URL: http://www.thekelleys.org.uk/dnsmasq/
|
URL: http://www.thekelleys.org.uk/dnsmasq/
|
||||||
@ -33,6 +33,7 @@ Patch22: backport-0008-Correct-occasional-bind-dynamic-synchronization-brea.
|
|||||||
Patch23: backport-0009-Move-fd-into-frec_src-fixes-15b60ddf935a531269bb8c68.patch
|
Patch23: backport-0009-Move-fd-into-frec_src-fixes-15b60ddf935a531269bb8c68.patch
|
||||||
Patch24: backport-0010-CVE-2021-3448.patch
|
Patch24: backport-0010-CVE-2021-3448.patch
|
||||||
Patch25: backport-Fix-write-after-free-in-DHCPv6-code-CVE-2022-0934.patch
|
Patch25: backport-Fix-write-after-free-in-DHCPv6-code-CVE-2022-0934.patch
|
||||||
|
Patch26: backport-Listen-only-on-lo-device-fix-CVE-2020-14312.patch
|
||||||
|
|
||||||
BuildRequires: dbus-devel pkgconfig libidn2-devel nettle-devel systemd
|
BuildRequires: dbus-devel pkgconfig libidn2-devel nettle-devel systemd
|
||||||
Requires: nettle >= 3.4 %{name}-help
|
Requires: nettle >= 3.4 %{name}-help
|
||||||
@ -125,6 +126,12 @@ install -Dpm644 %{SOURCE2} $RPM_BUILD_ROOT%{_sysusersdir}/dnsmasq.conf
|
|||||||
%{_mandir}/man8/dnsmasq*
|
%{_mandir}/man8/dnsmasq*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Jul 14 2022 renmingshuai <renmingshuai@huawei.com> - 2.82-11
|
||||||
|
- Type:CVE
|
||||||
|
- Id:NA
|
||||||
|
- SUG:NA
|
||||||
|
- DESC:fix CVE-2020-14312
|
||||||
|
|
||||||
* Wed Jul 13 2022 renmingshuai <renmingshuai@huawei.com> - 2.82-10
|
* Wed Jul 13 2022 renmingshuai <renmingshuai@huawei.com> - 2.82-10
|
||||||
- Type:CVE
|
- Type:CVE
|
||||||
- Id:NA
|
- Id:NA
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user