From a82b8502740652071b822f209c7ded902e20ec55 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Adrian=20Schr=C3=B6ter?= <adrian@suse.de>
Date: Thu, 19 Dec 2024 15:23:08 +0100
Subject: [PATCH] Sync from SUSE:ALP:Source:Standard:1.0 avahi revision
 7d2c82d27eb567658df76e75e27333f6

---
 avahi-CVE-2024-52616.patch | 102 +++++++++++++++++++++++++++++++++++++
 avahi.changes              |  34 +++++++++++--
 avahi.spec                 |  18 +++----
 3 files changed, 142 insertions(+), 12 deletions(-)
 create mode 100644 avahi-CVE-2024-52616.patch

diff --git a/avahi-CVE-2024-52616.patch b/avahi-CVE-2024-52616.patch
new file mode 100644
index 0000000..2d46299
--- /dev/null
+++ b/avahi-CVE-2024-52616.patch
@@ -0,0 +1,102 @@
+From f8710bdc8b29ee1176fe3bfaeabebbda1b7a79f7 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
+Date: Mon, 11 Nov 2024 00:56:09 +0100
+Subject: [PATCH] Properly randomize query id of DNS packets
+
+---
+ avahi-core/wide-area.c | 36 ++++++++++++++++++++++++++++--------
+ configure.ac           |  3 ++-
+ 2 files changed, 30 insertions(+), 9 deletions(-)
+
+diff --git a/avahi-core/wide-area.c b/avahi-core/wide-area.c
+index 971f5e7..00a1505 100644
+--- a/avahi-core/wide-area.c
++++ b/avahi-core/wide-area.c
+@@ -40,6 +40,13 @@
+ #include "addr-util.h"
+ #include "rr-util.h"
+ 
++#ifdef HAVE_SYS_RANDOM_H
++#include <sys/random.h>
++#endif
++#ifndef HAVE_GETRANDOM
++#  define getrandom(d, len, flags) (-1)
++#endif
++
+ #define CACHE_ENTRIES_MAX 500
+ 
+ typedef struct AvahiWideAreaCacheEntry AvahiWideAreaCacheEntry;
+@@ -84,8 +91,6 @@ struct AvahiWideAreaLookupEngine {
+     int fd_ipv4, fd_ipv6;
+     AvahiWatch *watch_ipv4, *watch_ipv6;
+ 
+-    uint16_t next_id;
+-
+     /* Cache */
+     AVAHI_LLIST_HEAD(AvahiWideAreaCacheEntry, cache);
+     AvahiHashmap *cache_by_key;
+@@ -201,6 +206,26 @@ static void sender_timeout_callback(AvahiTimeEvent *e, void *userdata) {
+     avahi_time_event_update(e, avahi_elapse_time(&tv, 1000, 0));
+ }
+ 
++static uint16_t get_random_uint16(void) {
++    uint16_t next_id;
++
++    if (getrandom(&next_id, sizeof(next_id), 0) == -1)
++        next_id = (uint16_t) rand();
++    return next_id;
++}
++
++static uint16_t avahi_wide_area_next_id(AvahiWideAreaLookupEngine *e) {
++    uint16_t next_id;
++
++    next_id = get_random_uint16();
++    while (find_lookup(e, next_id)) {
++        /* This ID is already used, get new. */
++        next_id = get_random_uint16();
++    }
++    return next_id;
++}
++
++
+ AvahiWideAreaLookup *avahi_wide_area_lookup_new(
+     AvahiWideAreaLookupEngine *e,
+     AvahiKey *key,
+@@ -227,11 +252,7 @@ AvahiWideAreaLookup *avahi_wide_area_lookup_new(
+     /* If more than 65K wide area quries are issued simultaneously,
+      * this will break. This should be limited by some higher level */
+ 
+-    for (;; e->next_id++)
+-        if (!find_lookup(e, e->next_id))
+-            break; /* This ID is not yet used. */
+-
+-    l->id = e->next_id++;
++    l->id = avahi_wide_area_next_id(e);
+ 
+     /* We keep the packet around in case we need to repeat our query */
+     l->packet = avahi_dns_packet_new(0);
+@@ -604,7 +625,6 @@ AvahiWideAreaLookupEngine *avahi_wide_area_engine_new(AvahiServer *s) {
+         e->watch_ipv6 = s->poll_api->watch_new(e->server->poll_api, e->fd_ipv6, AVAHI_WATCH_IN, socket_event, e);
+ 
+     e->n_dns_servers = e->current_dns_server = 0;
+-    e->next_id = (uint16_t) rand();
+ 
+     /* Initialize cache */
+     AVAHI_LLIST_HEAD_INIT(AvahiWideAreaCacheEntry, e->cache);
+diff --git a/configure.ac b/configure.ac
+index a3211b8..31bce3d 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -367,7 +367,8 @@ AC_FUNC_SELECT_ARGTYPES
+ # whether libc's malloc does too. (Same for realloc.)
+ #AC_FUNC_MALLOC
+ #AC_FUNC_REALLOC
+-AC_CHECK_FUNCS([gethostname memchr memmove memset mkdir select socket strchr strcspn strdup strerror strrchr strspn strstr uname setresuid setreuid setresgid setregid strcasecmp gettimeofday putenv strncasecmp strlcpy gethostbyname seteuid setegid setproctitle getprogname])
++AC_CHECK_FUNCS([gethostname memchr memmove memset mkdir select socket strchr strcspn strdup strerror strrchr strspn strstr uname setresuid setreuid setresgid setregid strcasecmp gettimeofday putenv strncasecmp strlcpy gethostbyname seteuid setegid setproctitle getprogname getrandom])
++AC_CHECK_HEADERS([sys/random.h])
+ 
+ AC_FUNC_CHOWN
+ AC_FUNC_STAT
+-- 
+2.44.0
+
diff --git a/avahi.changes b/avahi.changes
index 84fdf4c..bf32bc3 100644
--- a/avahi.changes
+++ b/avahi.changes
@@ -1,12 +1,40 @@
 -------------------------------------------------------------------
-Mon Aug  5 20:01:31 UTC 2024 - Michael Gorse <mgorse@suse.com>
+Wed Nov 20 10:09:45 UTC 2024 - Cliff Zhao <qzhao@suse.com>
+
+- Add avahi-CVE-2024-52616.patch:
+  Backporting 1dade81c from upstream: Properly randomize query id
+  of DNS packets.
+  (CVE-2024-52616, bsc#1233420)
+
+-------------------------------------------------------------------
+Tue Oct 15 11:56:48 UTC 2024 - Dominique Leuenberger <dimstar@opensuse.org>
+
+- Drop rcFOO symlinks (PED-266).
+
+-------------------------------------------------------------------
+Thu Jun 20 16:01:22 UTC 2024 - Michael Gorse <mgorse@suse.com>
+
+- Add avahi-filter-bogus-services.patch: no longer supply bogus
+  services to callbacks (bsc#1226586).
+
+-------------------------------------------------------------------
+Thu Apr  4 13:44:36 UTC 2024 - Dominique Leuenberger <dimstar@opensuse.org>
+
+- Tag hardening patches as PATCH-FEATURE-OPENSUSE
+
+-------------------------------------------------------------------
+Tue Mar 26 02:28:37 UTC 2024 - Xiaoguang Wang <xiaoguang.wang@suse.com>
 
 - Add avahi-CVE-2023-38471.patch: Extract host name using
   avahi_unescape_label (bsc#1216594, CVE-2023-38471).
 - Add avahi-CVE-2023-38469.patch: Reject overly long TXT resource
   records (bsc#1216598, CVE-2023-38469).
-- Add avahi-filter-bogus-services.patch: no longer supply bogus
-  services to callbacks (bsc#1226586).
+
+-------------------------------------------------------------------
+Tue Mar 12 14:42:24 UTC 2024 - pgajdos@suse.com
+
+- remove dependency on /usr/bin/python3 using
+  %python3_fix_shebang macro, [bsc#1212476]
 
 -------------------------------------------------------------------
 Thu Nov 30 05:23:33 UTC 2023 - Alynx Zhou <alynx.zhou@suse.com>
diff --git a/avahi.spec b/avahi.spec
index 4649b2b..8ac4dff 100644
--- a/avahi.spec
+++ b/avahi.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package avahi
 #
-# Copyright (c) 2023 SUSE LLC
+# Copyright (c) 2024 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -97,7 +97,9 @@ Patch25:        0006-man-add-missing-bshell.1-symlink.patch
 Patch26:        0007-Ship-avahi-discover-1-bssh-1-and-bvnc-1-also-for-GTK.patch
 # PATCH-FIX-UPSTREAM 0009-fix-bytestring-decoding-for-proper-display.patch mgorse@suse.com -- fix bytestring decoding for proper display.
 Patch27:        0009-fix-bytestring-decoding-for-proper-display.patch
+# PATCH-FEATURE-OPENSUSE
 Patch28:        harden_avahi-daemon.service.patch
+# PATCH-FEATURE-OPENSUSE
 Patch29:        harden_avahi-dnsconfd.service.patch
 # PATCH-FIX-UPSTREAM avahi-CVE-2023-1981.patch boo#1210328 mgorse@suse.com -- emit error if requested service is not found.
 Patch30:        avahi-CVE-2023-1981.patch
@@ -113,6 +115,8 @@ Patch34:        avahi-CVE-2023-38469.patch
 Patch35:        avahi-CVE-2023-38471.patch
 # PATCH-FIX-UPSTREAM avahi-filter-bogus-services.patch bsc#1226586 mgorse@suse.com -- no longer supply bogus services to callbacks.
 Patch36:        avahi-filter-bogus-services.patch
+# PATCH-FIX-UPSTREAM avahi-CVE-2024-52616.patch CVE-2024-52616 bsc#1233420 qzhao@suse.com -- Properly randomize query id of DNS packets.
+Patch37:        avahi-CVE-2024-52616.patch
 BuildRequires:  fdupes
 BuildRequires:  gcc-c++
 BuildRequires:  gdbm-devel
@@ -422,16 +426,15 @@ Avahi is an implementation of the DNS Service Discovery and Multicast
 DNS specifications for Zeroconf Computing.
 
 
-
-
 # This is the avahi-discover command, only provided for the primary python3 flavor
+
 %package -n python3-avahi-gtk
 Summary:        A set of Avahi utilities written in Python Using python-gtk
 Group:          Development/Languages/Python
 Requires:       python3-avahi = %{version}
 Requires:       python3-gobject
 Requires(post): coreutils
-Requires(postun):coreutils
+Requires(postun): coreutils
 Provides:       %{oldpython}-avahi-gtk = %{version}
 Obsoletes:      %{oldpython}-avahi-gtk < %{version}
 # Provide split-provides for update from <= 11.0:
@@ -606,6 +609,8 @@ rm -rf %{buildroot}%{_sysconfdir}/init.d/
 rm -rf %{buildroot}%{_sysconfdir}/avahi/services/ssh.service
 rm -rf %{buildroot}%{_sysconfdir}/avahi/services/sftp-ssh.service
 
+%python3_fix_shebang
+
 %if !%{build_core}
 cd ..
 %make_build install-pkgconfigDATA DESTDIR=%{buildroot}
@@ -626,9 +631,6 @@ ln -s avahi-compat-libdns_sd/dns_sd.h %{buildroot}/%{_includedir}/
 ln -s avahi-compat-howl.pc %{buildroot}/%{_libdir}/pkgconfig/howl.pc
 install -d %{buildroot}/%{_prefix}/lib/avahi
 install -d %{buildroot}/%{_localstatedir}/lib/avahi-autoipd
-mkdir -p %{buildroot}/%{_sbindir}
-ln -s %{_sbindir}/service %{buildroot}/%{_sbindir}/rcavahi-daemon
-ln -s %{_sbindir}/service %{buildroot}/%{_sbindir}/rcavahi-dnsconfd
 install -d %{buildroot}/%{_datadir}/pixmaps
 install -d %{buildroot}%{_fillupdir}
 install -m 644 sysconfig.avahi* %{buildroot}%{_fillupdir}/
@@ -766,8 +768,6 @@ fi
 %exclude %{_mandir}/man8/avahi-autoipd.8.*
 %{_sbindir}/avahi-*
 %exclude %{_sbindir}/avahi-autoipd
-%{_sbindir}/rcavahi-daemon
-%{_sbindir}/rcavahi-dnsconfd
 %dir %{_sysconfdir}/avahi
 %config %{_sysconfdir}/avahi/avahi-daemon.conf
 %{_sysconfdir}/avahi/avahi-dnsconfd.action