From aa633d01a8fcdc9e88f20d37b266d3a5bb55387c Mon Sep 17 00:00:00 2001
From: eabdullin <eabdullin@almalinux.org>
Date: Tue, 14 Nov 2023 18:58:54 +0000
Subject: [PATCH] import UBI avahi-0.7-21.el8

---
 ...or-if-requested-service-is-not-found.patch | 56 +++++++++++++++++++
 SPECS/avahi.spec                              |  6 +-
 2 files changed, 61 insertions(+), 1 deletion(-)
 create mode 100644 SOURCES/0001-Emit-error-if-requested-service-is-not-found.patch

diff --git a/SOURCES/0001-Emit-error-if-requested-service-is-not-found.patch b/SOURCES/0001-Emit-error-if-requested-service-is-not-found.patch
new file mode 100644
index 0000000..2093669
--- /dev/null
+++ b/SOURCES/0001-Emit-error-if-requested-service-is-not-found.patch
@@ -0,0 +1,56 @@
+From 509b0d14fa46b7015e0bacf2a8105f1d14d7b5e5 Mon Sep 17 00:00:00 2001
+From: Petr Mensik <pemensik@redhat.com>
+Date: Wed, 23 Aug 2023 18:51:46 +0200
+Subject: [PATCH] Emit error if requested service is not found
+
+It currently just crashes instead of replying with error. Check return
+value and emit error instead of passing NULL pointer to reply.
+
+Fixes #375
+---
+ avahi-daemon/dbus-protocol.c | 20 ++++++++++++++------
+ 1 file changed, 14 insertions(+), 6 deletions(-)
+
+diff --git a/avahi-daemon/dbus-protocol.c b/avahi-daemon/dbus-protocol.c
+index eb8a662..a9b62fe 100644
+--- a/avahi-daemon/dbus-protocol.c
++++ b/avahi-daemon/dbus-protocol.c
+@@ -391,10 +391,14 @@ static DBusHandlerResult msg_server_impl(DBusConnection *c, DBusMessage *m, AVAH
+         }
+ 
+         t = avahi_alternative_host_name(n);
+-        avahi_dbus_respond_string(c, m, t);
+-        avahi_free(t);
++        if (t) {
++                avahi_dbus_respond_string(c, m, t);
++                avahi_free(t);
+ 
+-        return DBUS_HANDLER_RESULT_HANDLED;
++                return DBUS_HANDLER_RESULT_HANDLED;
++        } else {
++                return avahi_dbus_respond_error(c, m, AVAHI_ERR_NOT_FOUND, "Hostname not found");
++        }
+ 
+     } else if (dbus_message_is_method_call(m, AVAHI_DBUS_INTERFACE_SERVER, "GetAlternativeServiceName")) {
+         char *n, *t;
+@@ -405,10 +409,14 @@ static DBusHandlerResult msg_server_impl(DBusConnection *c, DBusMessage *m, AVAH
+         }
+ 
+         t = avahi_alternative_service_name(n);
+-        avahi_dbus_respond_string(c, m, t);
+-        avahi_free(t);
++        if (t) {
++                avahi_dbus_respond_string(c, m, t);
++                avahi_free(t);
+ 
+-        return DBUS_HANDLER_RESULT_HANDLED;
++                return DBUS_HANDLER_RESULT_HANDLED;
++        } else {
++                return avahi_dbus_respond_error(c, m, AVAHI_ERR_NOT_FOUND, "Service not found");
++        }
+ 
+     } else if (dbus_message_is_method_call(m, AVAHI_DBUS_INTERFACE_SERVER, "EntryGroupNew")) {
+         Client *client;
+-- 
+2.41.0
+
diff --git a/SPECS/avahi.spec b/SPECS/avahi.spec
index 1d9ef43..4b11a4f 100644
--- a/SPECS/avahi.spec
+++ b/SPECS/avahi.spec
@@ -26,7 +26,7 @@
 
 Name:             avahi
 Version:          0.7
-Release:          20%{?dist}
+Release:          21%{?dist}
 Summary:          Local network service discovery
 License:          LGPLv2+
 URL:              http://avahi.org
@@ -87,6 +87,7 @@ Patch0003:  0003-Remove-empty-avahi_discover-Python-module.patch
 # https://github.com/lathiat/avahi/pull/202
 Patch0004:  0004-avahi-client-fix-resource-leak.patch
 Patch0005:  0005-chroot-fix-bogus-assignments-in-assertions.patch
+Patch0006:  0001-Emit-error-if-requested-service-is-not-found.patch
 
 ## downstream patches
 Patch100:         avahi-0.6.30-mono-libdir.patch
@@ -655,6 +656,9 @@ exit 0
 
 
 %changelog
+* Wed Aug 23 2023 Michal Sekletar <msekleta@redhat.com> - 0.7-21
+- Fix CVE-2023-1981 (#2186688)
+
 * Tue Nov 03 2020 Michal Sekletár <msekleta@redhat.com> - 0.7-20
 - rebuild to include UI related subpackages to CodeReady Builder repo (#1879714)