Sync from SUSE:ALP:Source:Standard:1.0 avahi revision 7d2c82d27eb567658df76e75e27333f6

This commit is contained in:
Adrian Schröter 2024-12-19 15:23:08 +01:00
parent 5f57cbe813
commit a82b850274
3 changed files with 142 additions and 12 deletions

102
avahi-CVE-2024-52616.patch Normal file
View File

@ -0,0 +1,102 @@
From f8710bdc8b29ee1176fe3bfaeabebbda1b7a79f7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
Date: Mon, 11 Nov 2024 00:56:09 +0100
Subject: [PATCH] Properly randomize query id of DNS packets
---
avahi-core/wide-area.c | 36 ++++++++++++++++++++++++++++--------
configure.ac | 3 ++-
2 files changed, 30 insertions(+), 9 deletions(-)
diff --git a/avahi-core/wide-area.c b/avahi-core/wide-area.c
index 971f5e7..00a1505 100644
--- a/avahi-core/wide-area.c
+++ b/avahi-core/wide-area.c
@@ -40,6 +40,13 @@
#include "addr-util.h"
#include "rr-util.h"
+#ifdef HAVE_SYS_RANDOM_H
+#include <sys/random.h>
+#endif
+#ifndef HAVE_GETRANDOM
+# define getrandom(d, len, flags) (-1)
+#endif
+
#define CACHE_ENTRIES_MAX 500
typedef struct AvahiWideAreaCacheEntry AvahiWideAreaCacheEntry;
@@ -84,8 +91,6 @@ struct AvahiWideAreaLookupEngine {
int fd_ipv4, fd_ipv6;
AvahiWatch *watch_ipv4, *watch_ipv6;
- uint16_t next_id;
-
/* Cache */
AVAHI_LLIST_HEAD(AvahiWideAreaCacheEntry, cache);
AvahiHashmap *cache_by_key;
@@ -201,6 +206,26 @@ static void sender_timeout_callback(AvahiTimeEvent *e, void *userdata) {
avahi_time_event_update(e, avahi_elapse_time(&tv, 1000, 0));
}
+static uint16_t get_random_uint16(void) {
+ uint16_t next_id;
+
+ if (getrandom(&next_id, sizeof(next_id), 0) == -1)
+ next_id = (uint16_t) rand();
+ return next_id;
+}
+
+static uint16_t avahi_wide_area_next_id(AvahiWideAreaLookupEngine *e) {
+ uint16_t next_id;
+
+ next_id = get_random_uint16();
+ while (find_lookup(e, next_id)) {
+ /* This ID is already used, get new. */
+ next_id = get_random_uint16();
+ }
+ return next_id;
+}
+
+
AvahiWideAreaLookup *avahi_wide_area_lookup_new(
AvahiWideAreaLookupEngine *e,
AvahiKey *key,
@@ -227,11 +252,7 @@ AvahiWideAreaLookup *avahi_wide_area_lookup_new(
/* If more than 65K wide area quries are issued simultaneously,
* this will break. This should be limited by some higher level */
- for (;; e->next_id++)
- if (!find_lookup(e, e->next_id))
- break; /* This ID is not yet used. */
-
- l->id = e->next_id++;
+ l->id = avahi_wide_area_next_id(e);
/* We keep the packet around in case we need to repeat our query */
l->packet = avahi_dns_packet_new(0);
@@ -604,7 +625,6 @@ AvahiWideAreaLookupEngine *avahi_wide_area_engine_new(AvahiServer *s) {
e->watch_ipv6 = s->poll_api->watch_new(e->server->poll_api, e->fd_ipv6, AVAHI_WATCH_IN, socket_event, e);
e->n_dns_servers = e->current_dns_server = 0;
- e->next_id = (uint16_t) rand();
/* Initialize cache */
AVAHI_LLIST_HEAD_INIT(AvahiWideAreaCacheEntry, e->cache);
diff --git a/configure.ac b/configure.ac
index a3211b8..31bce3d 100644
--- a/configure.ac
+++ b/configure.ac
@@ -367,7 +367,8 @@ AC_FUNC_SELECT_ARGTYPES
# whether libc's malloc does too. (Same for realloc.)
#AC_FUNC_MALLOC
#AC_FUNC_REALLOC
-AC_CHECK_FUNCS([gethostname memchr memmove memset mkdir select socket strchr strcspn strdup strerror strrchr strspn strstr uname setresuid setreuid setresgid setregid strcasecmp gettimeofday putenv strncasecmp strlcpy gethostbyname seteuid setegid setproctitle getprogname])
+AC_CHECK_FUNCS([gethostname memchr memmove memset mkdir select socket strchr strcspn strdup strerror strrchr strspn strstr uname setresuid setreuid setresgid setregid strcasecmp gettimeofday putenv strncasecmp strlcpy gethostbyname seteuid setegid setproctitle getprogname getrandom])
+AC_CHECK_HEADERS([sys/random.h])
AC_FUNC_CHOWN
AC_FUNC_STAT
--
2.44.0

View File

@ -1,12 +1,40 @@
-------------------------------------------------------------------
Mon Aug 5 20:01:31 UTC 2024 - Michael Gorse <mgorse@suse.com>
Wed Nov 20 10:09:45 UTC 2024 - Cliff Zhao <qzhao@suse.com>
- Add avahi-CVE-2024-52616.patch:
Backporting 1dade81c from upstream: Properly randomize query id
of DNS packets.
(CVE-2024-52616, bsc#1233420)
-------------------------------------------------------------------
Tue Oct 15 11:56:48 UTC 2024 - Dominique Leuenberger <dimstar@opensuse.org>
- Drop rcFOO symlinks (PED-266).
-------------------------------------------------------------------
Thu Jun 20 16:01:22 UTC 2024 - Michael Gorse <mgorse@suse.com>
- Add avahi-filter-bogus-services.patch: no longer supply bogus
services to callbacks (bsc#1226586).
-------------------------------------------------------------------
Thu Apr 4 13:44:36 UTC 2024 - Dominique Leuenberger <dimstar@opensuse.org>
- Tag hardening patches as PATCH-FEATURE-OPENSUSE
-------------------------------------------------------------------
Tue Mar 26 02:28:37 UTC 2024 - Xiaoguang Wang <xiaoguang.wang@suse.com>
- Add avahi-CVE-2023-38471.patch: Extract host name using
avahi_unescape_label (bsc#1216594, CVE-2023-38471).
- Add avahi-CVE-2023-38469.patch: Reject overly long TXT resource
records (bsc#1216598, CVE-2023-38469).
- Add avahi-filter-bogus-services.patch: no longer supply bogus
services to callbacks (bsc#1226586).
-------------------------------------------------------------------
Tue Mar 12 14:42:24 UTC 2024 - pgajdos@suse.com
- remove dependency on /usr/bin/python3 using
%python3_fix_shebang macro, [bsc#1212476]
-------------------------------------------------------------------
Thu Nov 30 05:23:33 UTC 2023 - Alynx Zhou <alynx.zhou@suse.com>

View File

@ -1,7 +1,7 @@
#
# spec file for package avahi
#
# Copyright (c) 2023 SUSE LLC
# Copyright (c) 2024 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@ -97,7 +97,9 @@ Patch25: 0006-man-add-missing-bshell.1-symlink.patch
Patch26: 0007-Ship-avahi-discover-1-bssh-1-and-bvnc-1-also-for-GTK.patch
# PATCH-FIX-UPSTREAM 0009-fix-bytestring-decoding-for-proper-display.patch mgorse@suse.com -- fix bytestring decoding for proper display.
Patch27: 0009-fix-bytestring-decoding-for-proper-display.patch
# PATCH-FEATURE-OPENSUSE
Patch28: harden_avahi-daemon.service.patch
# PATCH-FEATURE-OPENSUSE
Patch29: harden_avahi-dnsconfd.service.patch
# PATCH-FIX-UPSTREAM avahi-CVE-2023-1981.patch boo#1210328 mgorse@suse.com -- emit error if requested service is not found.
Patch30: avahi-CVE-2023-1981.patch
@ -113,6 +115,8 @@ Patch34: avahi-CVE-2023-38469.patch
Patch35: avahi-CVE-2023-38471.patch
# PATCH-FIX-UPSTREAM avahi-filter-bogus-services.patch bsc#1226586 mgorse@suse.com -- no longer supply bogus services to callbacks.
Patch36: avahi-filter-bogus-services.patch
# PATCH-FIX-UPSTREAM avahi-CVE-2024-52616.patch CVE-2024-52616 bsc#1233420 qzhao@suse.com -- Properly randomize query id of DNS packets.
Patch37: avahi-CVE-2024-52616.patch
BuildRequires: fdupes
BuildRequires: gcc-c++
BuildRequires: gdbm-devel
@ -422,9 +426,8 @@ Avahi is an implementation of the DNS Service Discovery and Multicast
DNS specifications for Zeroconf Computing.
# This is the avahi-discover command, only provided for the primary python3 flavor
%package -n python3-avahi-gtk
Summary: A set of Avahi utilities written in Python Using python-gtk
Group: Development/Languages/Python
@ -606,6 +609,8 @@ rm -rf %{buildroot}%{_sysconfdir}/init.d/
rm -rf %{buildroot}%{_sysconfdir}/avahi/services/ssh.service
rm -rf %{buildroot}%{_sysconfdir}/avahi/services/sftp-ssh.service
%python3_fix_shebang
%if !%{build_core}
cd ..
%make_build install-pkgconfigDATA DESTDIR=%{buildroot}
@ -626,9 +631,6 @@ ln -s avahi-compat-libdns_sd/dns_sd.h %{buildroot}/%{_includedir}/
ln -s avahi-compat-howl.pc %{buildroot}/%{_libdir}/pkgconfig/howl.pc
install -d %{buildroot}/%{_prefix}/lib/avahi
install -d %{buildroot}/%{_localstatedir}/lib/avahi-autoipd
mkdir -p %{buildroot}/%{_sbindir}
ln -s %{_sbindir}/service %{buildroot}/%{_sbindir}/rcavahi-daemon
ln -s %{_sbindir}/service %{buildroot}/%{_sbindir}/rcavahi-dnsconfd
install -d %{buildroot}/%{_datadir}/pixmaps
install -d %{buildroot}%{_fillupdir}
install -m 644 sysconfig.avahi* %{buildroot}%{_fillupdir}/
@ -766,8 +768,6 @@ fi
%exclude %{_mandir}/man8/avahi-autoipd.8.*
%{_sbindir}/avahi-*
%exclude %{_sbindir}/avahi-autoipd
%{_sbindir}/rcavahi-daemon
%{_sbindir}/rcavahi-dnsconfd
%dir %{_sysconfdir}/avahi
%config %{_sysconfdir}/avahi/avahi-daemon.conf
%{_sysconfdir}/avahi/avahi-dnsconfd.action