pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/net/avahi
Module Name: pkgsrc
Committed By: nia
Date: Wed Feb 26 11:43:05 UTC 2025
Modified Files:
pkgsrc/net/avahi: Makefile Makefile.common distinfo
pkgsrc/net/avahi/patches: patch-ai
Added Files:
pkgsrc/net/avahi/patches: patch-CVE-2023-38469 patch-CVE-2023-38470
patch-CVE-2023-38472 patch-CVE-2023-38473
patch-avahi-core_browse-dns-server.c
patch-avahi-core_browse-domain.c
patch-avahi-core_browse-service-type.c
patch-avahi-core_browse-service.c patch-avahi-core_browse.c
patch-avahi-core_resolve-address.c
patch-avahi-core_resolve-host-name.c
patch-avahi-core_resolve-service.c
patch-avahi-daemon_simple-protocol.c
Log Message:
avahi: Patch various security issues.
CVE-2023-38469
CVE-2023-38470
CVE-2023-38472
CVE-2023-38473
CVE-2021-3468
CVE-2021-3502
Verified to build on macos, linux, netbsd, freebsd, openbsd by
drecklypkg ci.
To generate a diff of this commit:
cvs rdiff -u -r1.102 -r1.103 pkgsrc/net/avahi/Makefile
cvs rdiff -u -r1.2 -r1.3 pkgsrc/net/avahi/Makefile.common
cvs rdiff -u -r1.20 -r1.21 pkgsrc/net/avahi/distinfo
cvs rdiff -u -r0 -r1.1 pkgsrc/net/avahi/patches/patch-CVE-2023-38469 \
pkgsrc/net/avahi/patches/patch-CVE-2023-38470 \
pkgsrc/net/avahi/patches/patch-CVE-2023-38472 \
pkgsrc/net/avahi/patches/patch-CVE-2023-38473 \
pkgsrc/net/avahi/patches/patch-avahi-core_browse-dns-server.c \
pkgsrc/net/avahi/patches/patch-avahi-core_browse-domain.c \
pkgsrc/net/avahi/patches/patch-avahi-core_browse-service-type.c \
pkgsrc/net/avahi/patches/patch-avahi-core_browse-service.c \
pkgsrc/net/avahi/patches/patch-avahi-core_browse.c \
pkgsrc/net/avahi/patches/patch-avahi-core_resolve-address.c \
pkgsrc/net/avahi/patches/patch-avahi-core_resolve-host-name.c \
pkgsrc/net/avahi/patches/patch-avahi-core_resolve-service.c \
pkgsrc/net/avahi/patches/patch-avahi-daemon_simple-protocol.c
cvs rdiff -u -r1.3 -r1.4 pkgsrc/net/avahi/patches/patch-ai
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/net/avahi/Makefile
diff -u pkgsrc/net/avahi/Makefile:1.102 pkgsrc/net/avahi/Makefile:1.103
--- pkgsrc/net/avahi/Makefile:1.102 Mon Aug 14 05:24:57 2023
+++ pkgsrc/net/avahi/Makefile Wed Feb 26 11:43:05 2025
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.102 2023/08/14 05:24:57 wiz Exp $
+# $NetBSD: Makefile,v 1.103 2025/02/26 11:43:05 nia Exp $
.include "Makefile.common"
-PKGREVISION= 6
+PKGREVISION= 7
MAINTAINER= pkgsrc-users%NetBSD.org@localhost
COMMENT= Facilitate service discovery on a local network
Index: pkgsrc/net/avahi/Makefile.common
diff -u pkgsrc/net/avahi/Makefile.common:1.2 pkgsrc/net/avahi/Makefile.common:1.3
--- pkgsrc/net/avahi/Makefile.common:1.2 Sun Aug 11 22:33:54 2024
+++ pkgsrc/net/avahi/Makefile.common Wed Feb 26 11:43:05 2025
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile.common,v 1.2 2024/08/11 22:33:54 wiz Exp $
+# $NetBSD: Makefile.common,v 1.3 2025/02/26 11:43:05 nia Exp $
# used by net/avahi/Makefile
# used by net/avahi-ui/Makefile
@@ -45,7 +45,8 @@ AVAHI_GROUP?= avahi
BUILD_DEFS+= VARBASE PKG_SYSCONFBASE
PLIST_SRC= ${PKGDIR}/PLIST
PKG_SYSCONFSUBDIR= avahi
-USE_LANGUAGES= c99 c++
+USE_LANGUAGES= c c++
+FORCE_C_STD= gnu99
CFLAGS.NetBSD+= -D_NETBSD_SOURCE
CPPFLAGS.SunOS+= -D_XOPEN_SOURCE=600
Index: pkgsrc/net/avahi/distinfo
diff -u pkgsrc/net/avahi/distinfo:1.20 pkgsrc/net/avahi/distinfo:1.21
--- pkgsrc/net/avahi/distinfo:1.20 Tue Oct 26 11:05:23 2021
+++ pkgsrc/net/avahi/distinfo Wed Feb 26 11:43:05 2025
@@ -1,12 +1,25 @@
-$NetBSD: distinfo,v 1.20 2021/10/26 11:05:23 nia Exp $
+$NetBSD: distinfo,v 1.21 2025/02/26 11:43:05 nia Exp $
BLAKE2s (avahi-0.8.tar.gz) = d7f8334157bd36c5cdafbf804c293b593a7f2acd7b299454ac3823e9a705d608
SHA512 (avahi-0.8.tar.gz) = c6ba76feb6e92f70289f94b3bf12e5f5c66c11628ce0aeb3cadfb72c13a5d1a9bd56d71bdf3072627a76cd103b9b056d9131aa49ffe11fa334c24ab3b596c7de
Size (avahi-0.8.tar.gz) = 1591458 bytes
+SHA1 (patch-CVE-2023-38469) = 808917aa3ea4586124d8368d4579085d63b44116
+SHA1 (patch-CVE-2023-38470) = e2d6c8d561aa46b3f56ada9b01eee39ae6f956ba
+SHA1 (patch-CVE-2023-38472) = 1c816bc129e860e55ca7d88951f9ce041d02473c
+SHA1 (patch-CVE-2023-38473) = e07d9213ff1c045d6bc570f9fea8272a0fb7ed04
SHA1 (patch-aa) = 95b883bf14dd1852cdf0ea8a364c57717eebb03f
SHA1 (patch-ab) = 1f482b2a2f9a9bc59c3b1e300bad2896e2cf7bd2
SHA1 (patch-ah) = 4b3ffdb927daef8c939527fd5c5893f9f88b3ff3
-SHA1 (patch-ai) = 48c5fca5683323a30dc646e5eafb1834e7bedaeb
+SHA1 (patch-ai) = dcf1e3149b09d7354ce90490f9c1ff0b584710c8
+SHA1 (patch-avahi-core_browse-dns-server.c) = fc858a099ab0a9553fd10f0d0a4d7fd9b3072f16
+SHA1 (patch-avahi-core_browse-domain.c) = 4781119275f154c8e0a7063925703454ac3cb3ce
+SHA1 (patch-avahi-core_browse-service-type.c) = dfad087ae82b7bf1d327e96eba63983c2826ad80
+SHA1 (patch-avahi-core_browse-service.c) = 0cc89766108ad8facf04167e6f91471622a4bc95
+SHA1 (patch-avahi-core_browse.c) = 6f66aaea82c7a864c7d9067f6209dbc99a16db32
+SHA1 (patch-avahi-core_resolve-address.c) = c45c67bd2c7417472873aefcc077fd572c741d34
+SHA1 (patch-avahi-core_resolve-host-name.c) = 9a06a93dbb2a70c4dc70d09a84201e7c818e1396
+SHA1 (patch-avahi-core_resolve-service.c) = 870c60382c07ff174fa9cf78c9d16a3cb973b87b
SHA1 (patch-avahi-core_socket.c) = 503f05f77d95b6f73d933810371c53242d13058c
SHA1 (patch-avahi-daemon_main.c) = 672be922ca7516a29d7eb1a409e78199b00ddfa2
+SHA1 (patch-avahi-daemon_simple-protocol.c) = e714f672cf13ba637e9803fa66948d59e1cb80cb
SHA1 (patch-configure) = 5d81097a4d089a8bd57122dc384a4ae795301b03
Index: pkgsrc/net/avahi/patches/patch-ai
diff -u pkgsrc/net/avahi/patches/patch-ai:1.3 pkgsrc/net/avahi/patches/patch-ai:1.4
--- pkgsrc/net/avahi/patches/patch-ai:1.3 Sun Apr 21 00:58:47 2013
+++ pkgsrc/net/avahi/patches/patch-ai Wed Feb 26 11:43:05 2025
@@ -1,10 +1,12 @@
-$NetBSD: patch-ai,v 1.3 2013/04/21 00:58:47 rodent Exp $
+$NetBSD: patch-ai,v 1.4 2025/02/26 11:43:05 nia Exp $
-Check lower bounds on port.
+Part 1: Check lower bounds on port.
---- avahi-core/server.c.orig 2010-06-29 18:51:53.000000000 +0000
+Part 2: Fix CVE-2023-38471 (https://github.com/avahi/avahi/commit/894f085f402e023a98cbb6f5a3d117bd88d93b09.patch)
+
+--- avahi-core/server.c.orig 2020-02-17 03:41:24.939967558 +0000
+++ avahi-core/server.c
-@@ -903,6 +903,11 @@ static void dispatch_packet(AvahiServer
+@@ -952,6 +952,11 @@ static void dispatch_packet(AvahiServer
return;
}
@@ -16,3 +18,50 @@ Check lower bounds on port.
if (avahi_address_is_ipv4_in_ipv6(src_address))
/* This is an IPv4 address encapsulated in IPv6, so let's ignore it. */
return;
+@@ -1295,7 +1300,11 @@ static void update_fqdn(AvahiServer *s)
+ }
+
+ int avahi_server_set_host_name(AvahiServer *s, const char *host_name) {
+- char *hn = NULL;
++ char label_escaped[AVAHI_LABEL_MAX*4+1];
++ char label[AVAHI_LABEL_MAX];
++ char *hn = NULL, *h;
++ size_t len;
++
+ assert(s);
+
+ AVAHI_CHECK_VALIDITY(s, !host_name || avahi_is_valid_host_name(host_name), AVAHI_ERR_INVALID_HOST_NAME);
+@@ -1305,17 +1314,28 @@ int avahi_server_set_host_name(AvahiServ
+ else
+ hn = avahi_normalize_name_strdup(host_name);
+
+- hn[strcspn(hn, ".")] = 0;
++ h = hn;
++ if (!avahi_unescape_label((const char **)&hn, label, sizeof(label))) {
++ avahi_free(h);
++ return AVAHI_ERR_INVALID_HOST_NAME;
++ }
++
++ avahi_free(h);
+
+- if (avahi_domain_equal(s->host_name, hn) && s->state != AVAHI_SERVER_COLLISION) {
+- avahi_free(hn);
++ h = label_escaped;
++ len = sizeof(label_escaped);
++ if (!avahi_escape_label(label, strlen(label), &h, &len))
++ return AVAHI_ERR_INVALID_HOST_NAME;
++
++ if (avahi_domain_equal(s->host_name, label_escaped) && s->state != AVAHI_SERVER_COLLISION)
+ return avahi_server_set_errno(s, AVAHI_ERR_NO_CHANGE);
+- }
+
+ withdraw_host_rrs(s);
+
+ avahi_free(s->host_name);
+- s->host_name = hn;
++ s->host_name = avahi_strdup(label_escaped);
++ if (!s->host_name)
++ return AVAHI_ERR_NO_MEMORY;
+
+ update_fqdn(s);
+
Added files:
Index: pkgsrc/net/avahi/patches/patch-CVE-2023-38469
diff -u /dev/null pkgsrc/net/avahi/patches/patch-CVE-2023-38469:1.1
--- /dev/null Wed Feb 26 11:43:06 2025
+++ pkgsrc/net/avahi/patches/patch-CVE-2023-38469 Wed Feb 26 11:43:05 2025
@@ -0,0 +1,39 @@
+$NetBSD: patch-CVE-2023-38469,v 1.1 2025/02/26 11:43:05 nia Exp $
+
+[PATCH] core: reject overly long TXT resource records
+
+Closes https://github.com/lathiat/avahi/issues/455
+
+CVE-2023-38469
+
+https://github.com/evverx/avahi/commit/a337a1ba7d15853fb56deef1f464529af6e3a1cf.patch
+
+--- avahi-core/rr.c.orig 2015-04-01 04:58:14.149727123 +0000
++++ avahi-core/rr.c
+@@ -32,6 +32,7 @@
+ #include <avahi-common/malloc.h>
+ #include <avahi-common/defs.h>
+
++#include "dns.h"
+ #include "rr.h"
+ #include "log.h"
+ #include "util.h"
+@@ -688,11 +689,17 @@ int avahi_record_is_valid(AvahiRecord *r
+ case AVAHI_DNS_TYPE_TXT: {
+
+ AvahiStringList *strlst;
++ size_t used = 0;
+
+- for (strlst = r->data.txt.string_list; strlst; strlst = strlst->next)
++ for (strlst = r->data.txt.string_list; strlst; strlst = strlst->next) {
+ if (strlst->size > 255 || strlst->size <= 0)
+ return 0;
+
++ used += 1+strlst->size;
++ if (used > AVAHI_DNS_RDATA_MAX)
++ return 0;
++ }
++
+ return 1;
+ }
+ }
Index: pkgsrc/net/avahi/patches/patch-CVE-2023-38470
diff -u /dev/null pkgsrc/net/avahi/patches/patch-CVE-2023-38470:1.1
--- /dev/null Wed Feb 26 11:43:06 2025
+++ pkgsrc/net/avahi/patches/patch-CVE-2023-38470 Wed Feb 26 11:43:05 2025
@@ -0,0 +1,22 @@
+$NetBSD: patch-CVE-2023-38470,v 1.1 2025/02/26 11:43:05 nia Exp $
+
+[PATCH] Ensure each label is at least one byte long
+
+The only allowed exception is single dot, where it should return empty
+string.
+
+Fixes #454.
+
+https://github.com/avahi/avahi/commit/94cb6489114636940ac683515417990b55b5d66c.patch
+
+--- avahi-common/domain.c.orig 2015-04-01 04:58:14.145727222 +0000
++++ avahi-common/domain.c
+@@ -201,7 +201,7 @@ char *avahi_normalize_name(const char *s
+ }
+
+ if (!empty) {
+- if (size < 1)
++ if (size < 2)
+ return NULL;
+
+ *(r++) = '.';
Index: pkgsrc/net/avahi/patches/patch-CVE-2023-38472
diff -u /dev/null pkgsrc/net/avahi/patches/patch-CVE-2023-38472:1.1
--- /dev/null Wed Feb 26 11:43:06 2025
+++ pkgsrc/net/avahi/patches/patch-CVE-2023-38472 Wed Feb 26 11:43:05 2025
@@ -0,0 +1,21 @@
+$NetBSD: patch-CVE-2023-38472,v 1.1 2025/02/26 11:43:05 nia Exp $
+
+[PATCH] core: make sure there is rdata to process before parsing it
+
+Fixes #452
+
+CVE-2023-38472
+
+https://github.com/avahi/avahi/commit/b024ae5749f4aeba03478e6391687c3c9c8dee40.patch
+
+--- avahi-daemon/dbus-entry-group.c.orig 2015-04-01 04:58:14.153727024 +0000
++++ avahi-daemon/dbus-entry-group.c
+@@ -340,7 +340,7 @@ DBusHandlerResult avahi_dbus_msg_entry_g
+ if (!(r = avahi_record_new_full (name, clazz, type, ttl)))
+ return avahi_dbus_respond_error(c, m, AVAHI_ERR_NO_MEMORY, NULL);
+
+- if (avahi_rdata_parse (r, rdata, size) < 0) {
++ if (!rdata || avahi_rdata_parse (r, rdata, size) < 0) {
+ avahi_record_unref (r);
+ return avahi_dbus_respond_error(c, m, AVAHI_ERR_INVALID_RDATA, NULL);
+ }
Index: pkgsrc/net/avahi/patches/patch-CVE-2023-38473
diff -u /dev/null pkgsrc/net/avahi/patches/patch-CVE-2023-38473:1.1
--- /dev/null Wed Feb 26 11:43:06 2025
+++ pkgsrc/net/avahi/patches/patch-CVE-2023-38473 Wed Feb 26 11:43:05 2025
@@ -0,0 +1,85 @@
+$NetBSD: patch-CVE-2023-38473,v 1.1 2025/02/26 11:43:05 nia Exp $
+
+[PATCH] common: derive alternative host name from its unescaped
+ version
+
+Normalization of input makes sure we don't have to deal with special
+cases like unescaped dot at the end of label.
+
+Fixes #451 #487
+CVE-2023-38473
+
+https://github.com/avahi/avahi/commit/b448c9f771bada14ae8de175695a9729f8646797.patch
+
+--- avahi-common/alternative.c.orig 2015-04-01 04:58:14.145727222 +0000
++++ avahi-common/alternative.c
+@@ -49,15 +49,20 @@ static void drop_incomplete_utf8(char *c
+ }
+
+ char *avahi_alternative_host_name(const char *s) {
++ char label[AVAHI_LABEL_MAX], alternative[AVAHI_LABEL_MAX*4+1];
++ char *alt, *r, *ret;
+ const char *e;
+- char *r;
++ size_t len;
+
+ assert(s);
+
+ if (!avahi_is_valid_host_name(s))
+ return NULL;
+
+- if ((e = strrchr(s, '-'))) {
++ if (!avahi_unescape_label(&s, label, sizeof(label)))
++ return NULL;
++
++ if ((e = strrchr(label, '-'))) {
+ const char *p;
+
+ e++;
+@@ -74,19 +79,18 @@ char *avahi_alternative_host_name(const
+
+ if (e) {
+ char *c, *m;
+- size_t l;
+ int n;
+
+ n = atoi(e)+1;
+ if (!(m = avahi_strdup_printf("%i", n)))
+ return NULL;
+
+- l = e-s-1;
++ len = e-label-1;
+
+- if (l >= AVAHI_LABEL_MAX-1-strlen(m)-1)
+- l = AVAHI_LABEL_MAX-1-strlen(m)-1;
++ if (len >= AVAHI_LABEL_MAX-1-strlen(m)-1)
++ len = AVAHI_LABEL_MAX-1-strlen(m)-1;
+
+- if (!(c = avahi_strndup(s, l))) {
++ if (!(c = avahi_strndup(label, len))) {
+ avahi_free(m);
+ return NULL;
+ }
+@@ -100,7 +104,7 @@ char *avahi_alternative_host_name(const
+ } else {
+ char *c;
+
+- if (!(c = avahi_strndup(s, AVAHI_LABEL_MAX-1-2)))
++ if (!(c = avahi_strndup(label, AVAHI_LABEL_MAX-1-2)))
+ return NULL;
+
+ drop_incomplete_utf8(c);
+@@ -109,6 +113,13 @@ char *avahi_alternative_host_name(const
+ avahi_free(c);
+ }
+
++ alt = alternative;
++ len = sizeof(alternative);
++ ret = avahi_escape_label(r, strlen(r), &alt, &len);
++
++ avahi_free(r);
++ r = avahi_strdup(ret);
++
+ assert(avahi_is_valid_host_name(r));
+
+ return r;
Index: pkgsrc/net/avahi/patches/patch-avahi-core_browse-dns-server.c
diff -u /dev/null pkgsrc/net/avahi/patches/patch-avahi-core_browse-dns-server.c:1.1
--- /dev/null Wed Feb 26 11:43:06 2025
+++ pkgsrc/net/avahi/patches/patch-avahi-core_browse-dns-server.c Wed Feb 26 11:43:05 2025
@@ -0,0 +1,27 @@
+$NetBSD: patch-avahi-core_browse-dns-server.c,v 1.1 2025/02/26 11:43:05 nia Exp $
+
+[PATCH] Fix NULL pointer crashes from #175
+
+avahi-daemon is crashing when running "ping .local".
+The crash is due to failing assertion from NULL pointer.
+Add missing NULL pointer checks to fix it.
+
+(CVE-2021-3502)
+
+https://github.com/dkerr64/avahi/commit/fd482a74625b8db8547b8cfca3ee3d3c6c721423.patch
+
+--- avahi-core/browse-dns-server.c.orig 2020-02-17 03:41:02.380380789 +0000
++++ avahi-core/browse-dns-server.c
+@@ -343,7 +343,10 @@ AvahiSDNSServerBrowser *avahi_s_dns_serv
+ AvahiSDNSServerBrowser* b;
+
+ b = avahi_s_dns_server_browser_prepare(server, interface, protocol, domain, type, aprotocol, flags, callback, userdata);
++ if (!b)
++ return NULL;
++
+ avahi_s_dns_server_browser_start(b);
+
+ return b;
+-}
+\ No newline at end of file
++}
Index: pkgsrc/net/avahi/patches/patch-avahi-core_browse-domain.c
diff -u /dev/null pkgsrc/net/avahi/patches/patch-avahi-core_browse-domain.c:1.1
--- /dev/null Wed Feb 26 11:43:06 2025
+++ pkgsrc/net/avahi/patches/patch-avahi-core_browse-domain.c Wed Feb 26 11:43:05 2025
@@ -0,0 +1,27 @@
+$NetBSD: patch-avahi-core_browse-domain.c,v 1.1 2025/02/26 11:43:05 nia Exp $
+
+[PATCH] Fix NULL pointer crashes from #175
+
+avahi-daemon is crashing when running "ping .local".
+The crash is due to failing assertion from NULL pointer.
+Add missing NULL pointer checks to fix it.
+
+(CVE-2021-3502)
+
+https://github.com/dkerr64/avahi/commit/fd482a74625b8db8547b8cfca3ee3d3c6c721423.patch
+
+--- avahi-core/browse-domain.c.orig 2020-02-17 03:41:02.380380789 +0000
++++ avahi-core/browse-domain.c
+@@ -253,7 +253,10 @@ AvahiSDomainBrowser *avahi_s_domain_brow
+ AvahiSDomainBrowser *b;
+
+ b = avahi_s_domain_browser_prepare(server, interface, protocol, domain, type, flags, callback, userdata);
++ if (!b)
++ return NULL;
++
+ avahi_s_domain_browser_start(b);
+
+ return b;
+-}
+\ No newline at end of file
++}
Index: pkgsrc/net/avahi/patches/patch-avahi-core_browse-service-type.c
diff -u /dev/null pkgsrc/net/avahi/patches/patch-avahi-core_browse-service-type.c:1.1
--- /dev/null Wed Feb 26 11:43:06 2025
+++ pkgsrc/net/avahi/patches/patch-avahi-core_browse-service-type.c Wed Feb 26 11:43:05 2025
@@ -0,0 +1,24 @@
+$NetBSD: patch-avahi-core_browse-service-type.c,v 1.1 2025/02/26 11:43:05 nia Exp $
+
+[PATCH] Fix NULL pointer crashes from #175
+
+avahi-daemon is crashing when running "ping .local".
+The crash is due to failing assertion from NULL pointer.
+Add missing NULL pointer checks to fix it.
+
+(CVE-2021-3502)
+
+https://github.com/dkerr64/avahi/commit/fd482a74625b8db8547b8cfca3ee3d3c6c721423.patch
+
+--- avahi-core/browse-service-type.c.orig 2020-02-17 03:41:02.380380789 +0000
++++ avahi-core/browse-service-type.c
+@@ -171,6 +171,9 @@ AvahiSServiceTypeBrowser *avahi_s_servic
+ AvahiSServiceTypeBrowser *b;
+
+ b = avahi_s_service_type_browser_prepare(server, interface, protocol, domain, flags, callback, userdata);
++ if (!b)
++ return NULL;
++
+ avahi_s_service_type_browser_start(b);
+
+ return b;
Index: pkgsrc/net/avahi/patches/patch-avahi-core_browse-service.c
diff -u /dev/null pkgsrc/net/avahi/patches/patch-avahi-core_browse-service.c:1.1
--- /dev/null Wed Feb 26 11:43:06 2025
+++ pkgsrc/net/avahi/patches/patch-avahi-core_browse-service.c Wed Feb 26 11:43:05 2025
@@ -0,0 +1,24 @@
+$NetBSD: patch-avahi-core_browse-service.c,v 1.1 2025/02/26 11:43:05 nia Exp $
+
+[PATCH] Fix NULL pointer crashes from #175
+
+avahi-daemon is crashing when running "ping .local".
+The crash is due to failing assertion from NULL pointer.
+Add missing NULL pointer checks to fix it.
+
+(CVE-2021-3502)
+
+https://github.com/dkerr64/avahi/commit/fd482a74625b8db8547b8cfca3ee3d3c6c721423.patch
+
+--- avahi-core/browse-service.c.orig 2020-02-17 03:41:02.380380789 +0000
++++ avahi-core/browse-service.c
+@@ -184,6 +184,9 @@ AvahiSServiceBrowser *avahi_s_service_br
+ AvahiSServiceBrowser *b;
+
+ b = avahi_s_service_browser_prepare(server, interface, protocol, service_type, domain, flags, callback, userdata);
++ if (!b)
++ return NULL;
++
+ avahi_s_service_browser_start(b);
+
+ return b;
Index: pkgsrc/net/avahi/patches/patch-avahi-core_browse.c
diff -u /dev/null pkgsrc/net/avahi/patches/patch-avahi-core_browse.c:1.1
--- /dev/null Wed Feb 26 11:43:06 2025
+++ pkgsrc/net/avahi/patches/patch-avahi-core_browse.c Wed Feb 26 11:43:05 2025
@@ -0,0 +1,24 @@
+$NetBSD: patch-avahi-core_browse.c,v 1.1 2025/02/26 11:43:05 nia Exp $
+
+[PATCH] Fix NULL pointer crashes from #175
+
+avahi-daemon is crashing when running "ping .local".
+The crash is due to failing assertion from NULL pointer.
+Add missing NULL pointer checks to fix it.
+
+(CVE-2021-3502)
+
+https://github.com/dkerr64/avahi/commit/fd482a74625b8db8547b8cfca3ee3d3c6c721423.patch
+
+--- avahi-core/browse.c.orig 2020-02-17 03:41:02.380380789 +0000
++++ avahi-core/browse.c
+@@ -634,6 +634,9 @@ AvahiSRecordBrowser *avahi_s_record_brow
+ AvahiSRecordBrowser *b;
+
+ b = avahi_s_record_browser_prepare(server, interface, protocol, key, flags, callback, userdata);
++ if (!b)
++ return NULL;
++
+ avahi_s_record_browser_start_query(b);
+
+ return b;
Index: pkgsrc/net/avahi/patches/patch-avahi-core_resolve-address.c
diff -u /dev/null pkgsrc/net/avahi/patches/patch-avahi-core_resolve-address.c:1.1
--- /dev/null Wed Feb 26 11:43:06 2025
+++ pkgsrc/net/avahi/patches/patch-avahi-core_resolve-address.c Wed Feb 26 11:43:05 2025
@@ -0,0 +1,27 @@
+$NetBSD: patch-avahi-core_resolve-address.c,v 1.1 2025/02/26 11:43:05 nia Exp $
+
+[PATCH] Fix NULL pointer crashes from #175
+
+avahi-daemon is crashing when running "ping .local".
+The crash is due to failing assertion from NULL pointer.
+Add missing NULL pointer checks to fix it.
+
+(CVE-2021-3502)
+
+https://github.com/dkerr64/avahi/commit/fd482a74625b8db8547b8cfca3ee3d3c6c721423.patch
+
+--- avahi-core/resolve-address.c.orig 2020-02-17 03:41:02.380380789 +0000
++++ avahi-core/resolve-address.c
+@@ -286,7 +286,10 @@ AvahiSAddressResolver *avahi_s_address_r
+ AvahiSAddressResolver *b;
+
+ b = avahi_s_address_resolver_prepare(server, interface, protocol, address, flags, callback, userdata);
++ if (!b)
++ return NULL;
++
+ avahi_s_address_resolver_start(b);
+
+ return b;
+-}
+\ No newline at end of file
++}
Index: pkgsrc/net/avahi/patches/patch-avahi-core_resolve-host-name.c
diff -u /dev/null pkgsrc/net/avahi/patches/patch-avahi-core_resolve-host-name.c:1.1
--- /dev/null Wed Feb 26 11:43:06 2025
+++ pkgsrc/net/avahi/patches/patch-avahi-core_resolve-host-name.c Wed Feb 26 11:43:05 2025
@@ -0,0 +1,27 @@
+$NetBSD: patch-avahi-core_resolve-host-name.c,v 1.1 2025/02/26 11:43:05 nia Exp $
+
+[PATCH] Fix NULL pointer crashes from #175
+
+avahi-daemon is crashing when running "ping .local".
+The crash is due to failing assertion from NULL pointer.
+Add missing NULL pointer checks to fix it.
+
+(CVE-2021-3502)
+
+https://github.com/dkerr64/avahi/commit/fd482a74625b8db8547b8cfca3ee3d3c6c721423.patch
+
+--- avahi-core/resolve-host-name.c.orig 2020-02-17 03:41:02.380380789 +0000
++++ avahi-core/resolve-host-name.c
+@@ -318,7 +318,10 @@ AvahiSHostNameResolver *avahi_s_host_nam
+ AvahiSHostNameResolver *b;
+
+ b = avahi_s_host_name_resolver_prepare(server, interface, protocol, host_name, aprotocol, flags, callback, userdata);
++ if (!b)
++ return NULL;
++
+ avahi_s_host_name_resolver_start(b);
+
+ return b;
+-}
+\ No newline at end of file
++}
Index: pkgsrc/net/avahi/patches/patch-avahi-core_resolve-service.c
diff -u /dev/null pkgsrc/net/avahi/patches/patch-avahi-core_resolve-service.c:1.1
--- /dev/null Wed Feb 26 11:43:06 2025
+++ pkgsrc/net/avahi/patches/patch-avahi-core_resolve-service.c Wed Feb 26 11:43:05 2025
@@ -0,0 +1,27 @@
+$NetBSD: patch-avahi-core_resolve-service.c,v 1.1 2025/02/26 11:43:05 nia Exp $
+
+[PATCH] Fix NULL pointer crashes from #175
+
+avahi-daemon is crashing when running "ping .local".
+The crash is due to failing assertion from NULL pointer.
+Add missing NULL pointer checks to fix it.
+
+(CVE-2021-3502)
+
+https://github.com/dkerr64/avahi/commit/fd482a74625b8db8547b8cfca3ee3d3c6c721423.patch
+
+--- avahi-core/resolve-service.c.orig 2020-02-17 03:41:02.380380789 +0000
++++ avahi-core/resolve-service.c
+@@ -519,7 +519,10 @@ AvahiSServiceResolver *avahi_s_service_r
+ AvahiSServiceResolver *b;
+
+ b = avahi_s_service_resolver_prepare(server, interface, protocol, name, type, domain, aprotocol, flags, callback, userdata);
++ if (!b)
++ return NULL;
++
+ avahi_s_service_resolver_start(b);
+
+ return b;
+-}
+\ No newline at end of file
++}
Index: pkgsrc/net/avahi/patches/patch-avahi-daemon_simple-protocol.c
diff -u /dev/null pkgsrc/net/avahi/patches/patch-avahi-daemon_simple-protocol.c:1.1
--- /dev/null Wed Feb 26 11:43:06 2025
+++ pkgsrc/net/avahi/patches/patch-avahi-daemon_simple-protocol.c Wed Feb 26 11:43:05 2025
@@ -0,0 +1,22 @@
+$NetBSD: patch-avahi-daemon_simple-protocol.c,v 1.1 2025/02/26 11:43:05 nia Exp $
+
+[PATCH] Avoid infinite-loop in avahi-daemon by handling HUP event in
+ client_work
+
+CVE-2021-3468
+https://github.com/avahi/avahi/commit/6e72b8436b75481c8fd78b434d91b43c459e11e3.patch
+
+--- avahi-daemon/simple-protocol.c.orig 2018-09-14 05:31:28.486023126 +0000
++++ avahi-daemon/simple-protocol.c
+@@ -424,6 +424,11 @@ static void client_work(AvahiWatch *watc
+ }
+ }
+
++ if (events & AVAHI_WATCH_HUP) {
++ client_free(c);
++ return;
++ }
++
+ c->server->poll_api->watch_update(
+ watch,
+ (c->outbuf_length > 0 ? AVAHI_WATCH_OUT : 0) |
Home |
Main Index |
Thread Index |
Old Index