!61 Listen only on lo device

From: @renmingshuai Reviewed-by: @zengwefeng Signed-off-by: @zengwefeng
2022-07-14 08:57:02 +00:00 · 2022-07-14 08:57:02 +00:00 · 3dedea855b
commit 3dedea855b
parent d7532c7bad 59c1640a4d
2 changed files with 42 additions and 1 deletions
--- a/backport-Listen-only-on-lo-device-fix-CVE-2020-14312.patch
+++ b/backport-Listen-only-on-lo-device-fix-CVE-2020-14312.patch
@ -0,0 +1,34 @@
+Subject: [PATCH] backport-Listen only on lo device fix CVE-2020-14312
+
+Reference:https://src.fedoraproject.org/rpms/dnsmasq/blob/f32/f/dnsmasq-2.81-configuration.patch
+---
+ dnsmasq.conf.example | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/dnsmasq.conf.example b/dnsmasq.conf.example
+index 6aaa55a..9e1139a 100644
+--- a/dnsmasq.conf.example
+++ b/dnsmasq.conf.example
+@@ -104,6 +104,8 @@ group=dnsmasq
+ # interface (eg eth0) here.
+ # Repeat the line for more than one interface.
+ #interface=
+# Listen only on localhost by default
+interface=lo
+ # Or you can specify which interface _not_ to listen on
+ #except-interface=
+ # Or which to listen on by address (remember to include 127.0.0.1 if
+@@ -122,6 +124,10 @@ group=dnsmasq
+ # uncomment this option. About the only time you may need this is when
+ # running another nameserver on the same machine.
+ #bind-interfaces
+# To listen only on localhost and do not receive packets on other
+# interfaces, bind only to lo device. Comment out to bind on siggle
+# wildcard socket.
+bind-interfaces
+ 
+ # If you don't want dnsmasq to read /etc/hosts, uncomment the
+ # following line.
+-- 
+1.8.3.1
+
--- a/dnsmasq.spec
+++ b/dnsmasq.spec
@ -1,6 +1,6 @@
 Name:           dnsmasq
 Version:        2.82
-Release:        10
+Release:        11
 Summary:        Dnsmasq provides network infrastructure for small networks
 License:        GPLv2 or GPLv3
 URL:            http://www.thekelleys.org.uk/dnsmasq/
@ -33,6 +33,7 @@ Patch22:     backport-0008-Correct-occasional-bind-dynamic-synchronization-brea.
 Patch23:     backport-0009-Move-fd-into-frec_src-fixes-15b60ddf935a531269bb8c68.patch
 Patch24:     backport-0010-CVE-2021-3448.patch
 Patch25:     backport-Fix-write-after-free-in-DHCPv6-code-CVE-2022-0934.patch
+Patch26:     backport-Listen-only-on-lo-device-fix-CVE-2020-14312.patch

 BuildRequires:  dbus-devel pkgconfig libidn2-devel nettle-devel systemd
 Requires:       nettle >= 3.4 %{name}-help
@ -125,6 +126,12 @@ install -Dpm644 %{SOURCE2} $RPM_BUILD_ROOT%{_sysusersdir}/dnsmasq.conf
 %{_mandir}/man8/dnsmasq*

 %changelog
+* Thu Jul 14 2022 renmingshuai <renmingshuai@huawei.com> - 2.82-11
+- Type:CVE
+- Id:NA
+- SUG:NA
+- DESC:fix CVE-2020-14312
+
 * Wed Jul 13 2022 renmingshuai <renmingshuai@huawei.com> - 2.82-10
 - Type:CVE
 - Id:NA