[Alozaros]

www.thekelleys.org.uk/dnsmasq/CHANGELOG

BS... not bad to update to this one 2.83, as lots of new holes will be patched...it seams 2.82 if plain used is open to vulnerabilities of cache poisoning and SAD DNS attacks...
the only way to mitigate those in 2.82 is using a DoT, DoH as well DNScrypt...but still prone to crc32 or sha-1 weakness in DNSSEC verification
I believe im not the first that have found the hot water today...

[egc]

We are already using that for the last 4 weeks.

DDWRT Rocks

[Alozaros]

hmmm... i couldn't find it on SVN....
2.83 came out today, if im not wrong...

'LATEST_IS_2.83 2021-01-19 11:47'

unless BS had a secret 2.83 RC1...???

https://www.thekelleys.org.uk/dnsmasq/test-releases/

on DDWRT 45454 is reported DNSmasq - UNKNOWN

but 448xx builds are still on 2.82...

[egc]

Indeed he was on nda until today.

There is a commit using his private dnsmasq I had to reverse it to keep on building for the community build that is why I know it

[kernel-panic69]

I would have to back-track on the driver_changelogs to see, but the public repo is still v2.82:

https://svn.dd-wrt.com/browser/src/router/dnsmasq/CHANGELOG

https://svn.dd-wrt.com/browser/src/router/driver_changelogs

Upstream is v2.83:

http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=327bbc92bc9ff8672e9cd598ae1b33daba41de2d

(44 hours ago)...

[egc]

https://svn.dd-wrt.com/changeset/45026

[Alozaros]

[egc]

Yes they are.

That commit did ddwrt switch to 2.83

[Alozaros]

like a little kiddos, nope they are not...

https://ubuntu.com/security/CVE-2020-25682
https://ubuntu.com/security/CVE-2020-25681
https://ubuntu.com/security/CVE-2020-25683
https://www.jsof-tech.com/disclosures/dnspooq/
https://ubuntu.com/security/notices/USN-4698-1
those holes are fresh like, a clean new pussy's...
there was a known buffer overflow in dnsmasq's DNSSEC code but not well mitigated by the both end, till now...

not patched in DDWRT 45493, so we expect a new build soon...

[egc]

That is why starting with that commit on 16 December, BS was building from his private repo because it was still under nda until 19 January.

I know that because I asked as we could no longer build and that is what he told me and of course I had to keep quiet too.

[kernel-panic69]

"dnsmasq-pre-2.83" is _not_ v2.83. I don't know of anything that is ever pre-public release of any package that is ever merged into DD-WRT, but if you say so...

[egc]

That is what BS told me he had a private pre-release version necessary because of serious security problems.

It had to stay private until 19th January as the official release would then came out and the disclosure of the security problems.

As it is private we cannot check, but that is probably why the DNSMASQ version shows UNKNOWN.

[blkt]

Thank you BrainSlayer and egc!

[Alozaros]

hmmm... the only thing i could see in SVN was regarding DHCP, ipv6 and some stuff about DNSSEC... + DNSmasq - UNKNOWN at the current builds...
Yes DNSSEC issues ware known, before those holes ware exposed to public...as well some others...so good move from BS side...patching those, in advance if so...
But DDWRT still needs the proper full version of it (2.83), as its has more complex approach...to the known issues..
https://svn.dd-wrt.com/changeset/45503

Thanks for letting us know egc and thanks to BS too...

p.s. im sorry if i opened an inappropriate thread, mods can delete it now...

[kernel-panic69]

Not an inappropriate thread. And yes, v2.83 official is now merged in and will be available in the next release

@egc: Indeed, you are probably right. All good, moving forward