| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| 01_fix_listen_udp_port.patch | dnsproxy listen UDP port on all interfaces When dnsproxy starts it listens to a random UDP port on all interfaces. That socket need to be opened, but not always on all interfaces. If someone connects on that port it's possible to send unwanted DNS answers to dnsproxy, these answers can be forwarded to the client, but an attacker needs to know the DNS ID used by the client and the DNS ID used by dnsproxy. . The discussion about this you can find at upstream VCS [1]. . Until this is fixed by upstream, was created two additional configuration parameters: * listen_answer: To user indicate what IP address assign to sock_answer. * port_answer: To user indicate what UDP port assing to sock_answer. If the user does not use these new variables in dnsproxy.conf, the dnsproxy will only work within DNS servers at localhost. An explanation about the use of these new variables was added to dnsproxy.conf. . [1] https://github.com/awaw/dnsproxy/issues/6 |
Marcos Talau <marcos@talau.info> | yes | debian | 2023-09-06 | |
| 02_update_configure_ac.patch | update configure.ac file This patch remove obsolete autoconf macros, due to this, small parts of the C code were changed. =================================================================== |
Marcos Talau <marcos@talau.info> | yes | 2022-03-31 | ||
| 03_fix_daemon_chdir.patch | fix the use of chdir in daemon.c =================================================================== |
Marcos Talau <marcos@talau.info> | yes | 2022-03-31 |