import CS avahi-0.8-15.el9
This commit is contained in:
parent
4deb260c2f
commit
5332d4e43f
@ -0,0 +1,40 @@
|
||||
From 447affe29991ee99c6b9732fc5f2c1048a611d3b Mon Sep 17 00:00:00 2001
|
||||
From: Riccardo Schirone <sirmy15@gmail.com>
|
||||
Date: Fri, 26 Mar 2021 11:50:24 +0100
|
||||
Subject: [PATCH] Avoid infinite-loop in avahi-daemon by handling HUP event in
|
||||
client_work
|
||||
|
||||
If a client fills the input buffer, client_work() disables the
|
||||
AVAHI_WATCH_IN event, thus preventing the function from executing the
|
||||
`read` syscall the next times it is called. However, if the client then
|
||||
terminates the connection, the socket file descriptor receives a HUP
|
||||
event, which is not handled, thus the kernel keeps marking the HUP event
|
||||
as occurring. While iterating over the file descriptors that triggered
|
||||
an event, the client file descriptor will keep having the HUP event and
|
||||
the client_work() function is always called with AVAHI_WATCH_HUP but
|
||||
without nothing being done, thus entering an infinite loop.
|
||||
|
||||
See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984938
|
||||
---
|
||||
avahi-daemon/simple-protocol.c | 5 +++++
|
||||
1 file changed, 5 insertions(+)
|
||||
|
||||
diff --git a/avahi-daemon/simple-protocol.c b/avahi-daemon/simple-protocol.c
|
||||
index 3e0ebb1..6c0274d 100644
|
||||
--- a/avahi-daemon/simple-protocol.c
|
||||
+++ b/avahi-daemon/simple-protocol.c
|
||||
@@ -424,6 +424,11 @@ static void client_work(AvahiWatch *watch, AVAHI_GCC_UNUSED int fd, AvahiWatchEv
|
||||
}
|
||||
}
|
||||
|
||||
+ if (events & AVAHI_WATCH_HUP) {
|
||||
+ client_free(c);
|
||||
+ return;
|
||||
+ }
|
||||
+
|
||||
c->server->poll_api->watch_update(
|
||||
watch,
|
||||
(c->outbuf_length > 0 ? AVAHI_WATCH_OUT : 0) |
|
||||
--
|
||||
2.40.0
|
||||
|
@ -0,0 +1,56 @@
|
||||
From a2696da2f2c50ac43b6c4903f72290d5c3fa9f6f Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
|
||||
Date: Thu, 17 Nov 2022 01:51:53 +0100
|
||||
Subject: [PATCH] Emit error if requested service is not found
|
||||
|
||||
It currently just crashes instead of replying with error. Check return
|
||||
value and emit error instead of passing NULL pointer to reply.
|
||||
|
||||
Fixes #375
|
||||
---
|
||||
avahi-daemon/dbus-protocol.c | 20 ++++++++++++++------
|
||||
1 file changed, 14 insertions(+), 6 deletions(-)
|
||||
|
||||
diff --git a/avahi-daemon/dbus-protocol.c b/avahi-daemon/dbus-protocol.c
|
||||
index 70d7687..406d0b4 100644
|
||||
--- a/avahi-daemon/dbus-protocol.c
|
||||
+++ b/avahi-daemon/dbus-protocol.c
|
||||
@@ -375,10 +375,14 @@ static DBusHandlerResult dbus_get_alternative_host_name(DBusConnection *c, DBusM
|
||||
}
|
||||
|
||||
t = avahi_alternative_host_name(n);
|
||||
- avahi_dbus_respond_string(c, m, t);
|
||||
- avahi_free(t);
|
||||
+ if (t) {
|
||||
+ avahi_dbus_respond_string(c, m, t);
|
||||
+ avahi_free(t);
|
||||
|
||||
- return DBUS_HANDLER_RESULT_HANDLED;
|
||||
+ return DBUS_HANDLER_RESULT_HANDLED;
|
||||
+ } else {
|
||||
+ return avahi_dbus_respond_error(c, m, AVAHI_ERR_NOT_FOUND, "Hostname not found");
|
||||
+ }
|
||||
}
|
||||
|
||||
static DBusHandlerResult dbus_get_alternative_service_name(DBusConnection *c, DBusMessage *m, DBusError *error) {
|
||||
@@ -389,10 +393,14 @@ static DBusHandlerResult dbus_get_alternative_service_name(DBusConnection *c, DB
|
||||
}
|
||||
|
||||
t = avahi_alternative_service_name(n);
|
||||
- avahi_dbus_respond_string(c, m, t);
|
||||
- avahi_free(t);
|
||||
+ if (t) {
|
||||
+ avahi_dbus_respond_string(c, m, t);
|
||||
+ avahi_free(t);
|
||||
|
||||
- return DBUS_HANDLER_RESULT_HANDLED;
|
||||
+ return DBUS_HANDLER_RESULT_HANDLED;
|
||||
+ } else {
|
||||
+ return avahi_dbus_respond_error(c, m, AVAHI_ERR_NOT_FOUND, "Service not found");
|
||||
+ }
|
||||
}
|
||||
|
||||
static DBusHandlerResult dbus_create_new_entry_group(DBusConnection *c, DBusMessage *m, DBusError *error) {
|
||||
--
|
||||
2.41.0
|
||||
|
151
SOURCES/0001-Fix-NULL-pointer-crashes-from-175.patch
Normal file
151
SOURCES/0001-Fix-NULL-pointer-crashes-from-175.patch
Normal file
@ -0,0 +1,151 @@
|
||||
From 9d31939e55280a733d930b15ac9e4dda4497680c Mon Sep 17 00:00:00 2001
|
||||
From: Tommi Rantala <tommi.t.rantala@nokia.com>
|
||||
Date: Mon, 8 Feb 2021 11:04:43 +0200
|
||||
Subject: [PATCH] Fix NULL pointer crashes from #175
|
||||
|
||||
avahi-daemon is crashing when running "ping .local".
|
||||
The crash is due to failing assertion from NULL pointer.
|
||||
Add missing NULL pointer checks to fix it.
|
||||
|
||||
Introduced in #175 - merge commit 8f75a045709a780c8cf92a6a21e9d35b593bdecd
|
||||
---
|
||||
avahi-core/browse-dns-server.c | 5 ++++-
|
||||
avahi-core/browse-domain.c | 5 ++++-
|
||||
avahi-core/browse-service-type.c | 3 +++
|
||||
avahi-core/browse-service.c | 3 +++
|
||||
avahi-core/browse.c | 3 +++
|
||||
avahi-core/resolve-address.c | 5 ++++-
|
||||
avahi-core/resolve-host-name.c | 5 ++++-
|
||||
avahi-core/resolve-service.c | 5 ++++-
|
||||
8 files changed, 29 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/avahi-core/browse-dns-server.c b/avahi-core/browse-dns-server.c
|
||||
index 049752e..c2d914f 100644
|
||||
--- a/avahi-core/browse-dns-server.c
|
||||
+++ b/avahi-core/browse-dns-server.c
|
||||
@@ -343,7 +343,10 @@ AvahiSDNSServerBrowser *avahi_s_dns_server_browser_new(
|
||||
AvahiSDNSServerBrowser* b;
|
||||
|
||||
b = avahi_s_dns_server_browser_prepare(server, interface, protocol, domain, type, aprotocol, flags, callback, userdata);
|
||||
+ if (!b)
|
||||
+ return NULL;
|
||||
+
|
||||
avahi_s_dns_server_browser_start(b);
|
||||
|
||||
return b;
|
||||
-}
|
||||
\ No newline at end of file
|
||||
+}
|
||||
diff --git a/avahi-core/browse-domain.c b/avahi-core/browse-domain.c
|
||||
index f145d56..06fa70c 100644
|
||||
--- a/avahi-core/browse-domain.c
|
||||
+++ b/avahi-core/browse-domain.c
|
||||
@@ -253,7 +253,10 @@ AvahiSDomainBrowser *avahi_s_domain_browser_new(
|
||||
AvahiSDomainBrowser *b;
|
||||
|
||||
b = avahi_s_domain_browser_prepare(server, interface, protocol, domain, type, flags, callback, userdata);
|
||||
+ if (!b)
|
||||
+ return NULL;
|
||||
+
|
||||
avahi_s_domain_browser_start(b);
|
||||
|
||||
return b;
|
||||
-}
|
||||
\ No newline at end of file
|
||||
+}
|
||||
diff --git a/avahi-core/browse-service-type.c b/avahi-core/browse-service-type.c
|
||||
index fdd22dc..b1fc7af 100644
|
||||
--- a/avahi-core/browse-service-type.c
|
||||
+++ b/avahi-core/browse-service-type.c
|
||||
@@ -171,6 +171,9 @@ AvahiSServiceTypeBrowser *avahi_s_service_type_browser_new(
|
||||
AvahiSServiceTypeBrowser *b;
|
||||
|
||||
b = avahi_s_service_type_browser_prepare(server, interface, protocol, domain, flags, callback, userdata);
|
||||
+ if (!b)
|
||||
+ return NULL;
|
||||
+
|
||||
avahi_s_service_type_browser_start(b);
|
||||
|
||||
return b;
|
||||
diff --git a/avahi-core/browse-service.c b/avahi-core/browse-service.c
|
||||
index 5531360..63e0275 100644
|
||||
--- a/avahi-core/browse-service.c
|
||||
+++ b/avahi-core/browse-service.c
|
||||
@@ -184,6 +184,9 @@ AvahiSServiceBrowser *avahi_s_service_browser_new(
|
||||
AvahiSServiceBrowser *b;
|
||||
|
||||
b = avahi_s_service_browser_prepare(server, interface, protocol, service_type, domain, flags, callback, userdata);
|
||||
+ if (!b)
|
||||
+ return NULL;
|
||||
+
|
||||
avahi_s_service_browser_start(b);
|
||||
|
||||
return b;
|
||||
diff --git a/avahi-core/browse.c b/avahi-core/browse.c
|
||||
index 2941e57..e8a915e 100644
|
||||
--- a/avahi-core/browse.c
|
||||
+++ b/avahi-core/browse.c
|
||||
@@ -634,6 +634,9 @@ AvahiSRecordBrowser *avahi_s_record_browser_new(
|
||||
AvahiSRecordBrowser *b;
|
||||
|
||||
b = avahi_s_record_browser_prepare(server, interface, protocol, key, flags, callback, userdata);
|
||||
+ if (!b)
|
||||
+ return NULL;
|
||||
+
|
||||
avahi_s_record_browser_start_query(b);
|
||||
|
||||
return b;
|
||||
diff --git a/avahi-core/resolve-address.c b/avahi-core/resolve-address.c
|
||||
index ac0b29b..e61dd24 100644
|
||||
--- a/avahi-core/resolve-address.c
|
||||
+++ b/avahi-core/resolve-address.c
|
||||
@@ -286,7 +286,10 @@ AvahiSAddressResolver *avahi_s_address_resolver_new(
|
||||
AvahiSAddressResolver *b;
|
||||
|
||||
b = avahi_s_address_resolver_prepare(server, interface, protocol, address, flags, callback, userdata);
|
||||
+ if (!b)
|
||||
+ return NULL;
|
||||
+
|
||||
avahi_s_address_resolver_start(b);
|
||||
|
||||
return b;
|
||||
-}
|
||||
\ No newline at end of file
|
||||
+}
|
||||
diff --git a/avahi-core/resolve-host-name.c b/avahi-core/resolve-host-name.c
|
||||
index 808b0e7..4e8e597 100644
|
||||
--- a/avahi-core/resolve-host-name.c
|
||||
+++ b/avahi-core/resolve-host-name.c
|
||||
@@ -318,7 +318,10 @@ AvahiSHostNameResolver *avahi_s_host_name_resolver_new(
|
||||
AvahiSHostNameResolver *b;
|
||||
|
||||
b = avahi_s_host_name_resolver_prepare(server, interface, protocol, host_name, aprotocol, flags, callback, userdata);
|
||||
+ if (!b)
|
||||
+ return NULL;
|
||||
+
|
||||
avahi_s_host_name_resolver_start(b);
|
||||
|
||||
return b;
|
||||
-}
|
||||
\ No newline at end of file
|
||||
+}
|
||||
diff --git a/avahi-core/resolve-service.c b/avahi-core/resolve-service.c
|
||||
index 66bf3ca..4377176 100644
|
||||
--- a/avahi-core/resolve-service.c
|
||||
+++ b/avahi-core/resolve-service.c
|
||||
@@ -519,7 +519,10 @@ AvahiSServiceResolver *avahi_s_service_resolver_new(
|
||||
AvahiSServiceResolver *b;
|
||||
|
||||
b = avahi_s_service_resolver_prepare(server, interface, protocol, name, type, domain, aprotocol, flags, callback, userdata);
|
||||
+ if (!b)
|
||||
+ return NULL;
|
||||
+
|
||||
avahi_s_service_resolver_start(b);
|
||||
|
||||
return b;
|
||||
-}
|
||||
\ No newline at end of file
|
||||
+}
|
||||
--
|
||||
2.41.0
|
||||
|
@ -48,7 +48,7 @@
|
||||
|
||||
Name: avahi
|
||||
Version: 0.8
|
||||
Release: 12%{?dist}
|
||||
Release: 15%{?dist}
|
||||
Summary: Local network service discovery
|
||||
License: LGPLv2+
|
||||
URL: http://avahi.org
|
||||
@ -132,6 +132,9 @@ Patch8: 0008-Ship-avahi-discover-1-bssh-1-and-bvnc-1-also-for-GTK.patch
|
||||
Patch9: 0009-fix-requires-in-pc-file.patch
|
||||
Patch10: 0010-fix-bytestring-decoding-for-proper-display.patch
|
||||
Patch11: 0011-avahi_dns_packet_consume_uint32-fix-potential-undefi.patch
|
||||
Patch12: 0001-Avoid-infinite-loop-in-avahi-daemon-by-handling-HUP-.patch
|
||||
Patch13: 0001-Fix-NULL-pointer-crashes-from-175.patch
|
||||
Patch14: 0001-Emit-error-if-requested-service-is-not-found.patch
|
||||
|
||||
## downstream patches
|
||||
Patch100: avahi-0.6.30-mono-libdir.patch
|
||||
@ -827,6 +830,15 @@ exit 0
|
||||
|
||||
|
||||
%changelog
|
||||
* Wed Aug 23 2023 Michal Sekletar <msekleta@redhat.com> - 0.8-15
|
||||
- Fix CVE-2023-1981 (#2186689)
|
||||
|
||||
* Wed Aug 23 2023 Michal Sekletar <msekleta@redhat.com> - 0.8-14
|
||||
- Fix CVE-2021-3502 (#1949949)
|
||||
|
||||
* Thu Aug 17 2023 Michal Sekletar <msekleta@redhat.com> - 0.8-13
|
||||
- Fix CVE-2021-3468 (#1944092)
|
||||
|
||||
* Mon Feb 21 2022 Michal Sekletár <msekleta@redhat.com> - 0.8-12
|
||||
- make sure we get compiled with -fstack-protector-strong (#2044643)
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user