From d435ac35348c5888055ee99665a969f17f5290c7ad47247bdc8211c2311a20ba Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Adrian=20Schr=C3=B6ter?= <adrian@suse.de>
Date: Wed, 3 Jul 2024 10:52:22 +0200
Subject: [PATCH] Sync from SUSE:SLFO:Main avahi revision
 8c2470aca096f3f88f474414c9bd1fec

---
 avahi-filter-bogus-services.patch | 159 ++++++++++++++++++++++++++++++
 avahi.changes                     |  17 ++++
 avahi.spec                        |  12 ++-
 3 files changed, 184 insertions(+), 4 deletions(-)
 create mode 100644 avahi-filter-bogus-services.patch

diff --git a/avahi-filter-bogus-services.patch b/avahi-filter-bogus-services.patch
new file mode 100644
index 0000000..c37044a
--- /dev/null
+++ b/avahi-filter-bogus-services.patch
@@ -0,0 +1,159 @@
+From 93b14365c1c1e04efd1a890e8caa01a2a514bfd8 Mon Sep 17 00:00:00 2001
+From: Evgeny Vereshchagin <evvers@ya.ru>
+Date: Sun, 12 Nov 2023 01:16:58 +0000
+Subject: [PATCH] core: no longer supply bogus services to callbacks
+
+It was technically a DOS allowing packets with service names like
+"bogus.service.local" to bring down `avahi-browse -a`. In practice
+it was usually triggered by misconfigured smart devices but it isn't
+that hard to forge packets like that and send them deliberately.
+
+The tests are added to make sure invalid service names are rejected and
+valid service names keep working. The fuzz target is updated to make
+sure that avahi_service_name_split always supplies valid arguments to
+avahi_service_name_join. avahi now logs what exactly it fails to split
+```
+avahi-daemon[176]: Failed to split service name '0.1.9.1.8.8.e.f.f.f.f.a.a.1.4.7.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa'
+avahi-daemon[176]: Failed to split service name 'bogus\032.\032\209\129\208\181\209\128\208\178\208\184\209\129.local'
+avahi-daemon[176]: Failed to split service name '255.20.254.169.in-addr.arpa'
+avahi-daemon[176]: Failed to split service name 'bogus\032.\032\209\129\208\181\209\128\208\178\208\184\209\129.local'
+avahi-daemon[176]: Failed to split service name '33.93.168.192.in-addr.arpa'
+```
+when --debug is passed to it (which makes that part consistent with the
+other places where weird packets are rejected).
+
+Closes https://github.com/lathiat/avahi/issues/212
+---
+ .github/workflows/smoke-tests.sh |  2 ++
+ avahi-common/domain-test.c       | 36 ++++++++++++++++++++++++++++++++
+ avahi-common/domain.c            | 14 +++++++++++++
+ avahi-core/browse-service-type.c |  2 +-
+ avahi-core/browse-service.c      |  2 +-
+ fuzz/fuzz-packet.c               | 18 ++++++++--------
+ 6 files changed, 63 insertions(+), 11 deletions(-)
+
+diff --git a/avahi-common/domain-test.c b/avahi-common/domain-test.c
+index 7a662da..9679e98 100644
+--- a/avahi-common/domain-test.c
++++ b/avahi-common/domain-test.c
+@@ -26,6 +26,7 @@
+ #include <assert.h>
+ 
+ #include "domain.h"
++#include "error.h"
+ #include "malloc.h"
+ 
+ int main(AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char *argv[]) {
+@@ -34,6 +35,7 @@ int main(AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char *argv[]) {
+     const char *p;
+     size_t size;
+     char name[64], type[AVAHI_DOMAIN_NAME_MAX], domain[AVAHI_DOMAIN_NAME_MAX];
++    int res;
+ 
+     printf("%s\n", s = avahi_normalize_name_strdup("foo.foo\\046."));
+     avahi_free(s);
+@@ -132,5 +134,39 @@ int main(AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char *argv[]) {
+     assert(!avahi_is_valid_fqdn("::1"));
+     assert(!avahi_is_valid_fqdn(".192.168.50.1."));
+ 
++    res = avahi_service_name_split("test._ssh._tcp.local", name, sizeof(name), type, sizeof(type), domain, sizeof(domain));
++    assert(res >= 0);
++    assert(strcmp(name, "test") == 0);
++    assert(strcmp(type, "_ssh._tcp") == 0);
++    assert(strcmp(domain, "local") == 0);
++
++    res = avahi_service_name_split("test._hop._sub._ssh._tcp.local", name, sizeof(name), type, sizeof(type), domain, sizeof(domain));
++    assert(res >= 0);
++    assert(strcmp(name, "test") == 0);
++    assert(strcmp(type, "_hop._sub._ssh._tcp") == 0);
++    assert(strcmp(domain, "local") == 0);
++
++    res = avahi_service_name_split("_qotd._udp.hey.local", NULL, 0, type, sizeof(type), domain, sizeof(domain));
++    assert(res >= 0);
++    assert(strcmp(type, "_qotd._udp") == 0);
++    assert(strcmp(domain, "hey.local") == 0);
++
++    res = avahi_service_name_split("_wat._sub._qotd._udp.hey.local", NULL, 0, type, sizeof(type), domain, sizeof(domain));
++    assert(res >= 0);
++    assert(strcmp(type, "_wat._sub._qotd._udp") == 0);
++    assert(strcmp(domain, "hey.local") == 0);
++
++    res = avahi_service_name_split("wat.bogus.service.local", name, sizeof(name), type, sizeof(type), domain, sizeof(domain));
++    assert(res == AVAHI_ERR_INVALID_SERVICE_TYPE);
++
++    res = avahi_service_name_split("bogus.service.local", NULL, 0, type, sizeof(type), domain, sizeof(domain));
++    assert(res == AVAHI_ERR_INVALID_SERVICE_TYPE);
++
++    res = avahi_service_name_split("", name, sizeof(name), type, sizeof(type), domain, sizeof(domain));
++    assert(res == AVAHI_ERR_INVALID_SERVICE_NAME);
++
++    res = avahi_service_name_split("", NULL, 0, type, sizeof(type), domain, sizeof(domain));
++    assert(res == AVAHI_ERR_INVALID_SERVICE_TYPE);
++
+     return 0;
+ }
+diff --git a/avahi-common/domain.c b/avahi-common/domain.c
+index c7af116..9e93018 100644
+--- a/avahi-common/domain.c
++++ b/avahi-common/domain.c
+@@ -501,6 +501,7 @@ int avahi_service_name_split(const char *p, char *name, size_t name_size, char *
+         DOMAIN
+     } state;
+     int type_empty = 1, domain_empty = 1;
++    char *oname, *otype, *odomain;
+ 
+     assert(p);
+     assert(type);
+@@ -508,6 +509,10 @@ int avahi_service_name_split(const char *p, char *name, size_t name_size, char *
+     assert(domain);
+     assert(domain_size > 0);
+ 
++    oname = name;
++    otype = type;
++    odomain = domain;
++
+     if (name) {
+         assert(name_size > 0);
+         *name = 0;
+@@ -570,6 +575,15 @@ int avahi_service_name_split(const char *p, char *name, size_t name_size, char *
+         }
+     }
+ 
++    if ((oname && !avahi_is_valid_service_name(oname)))
++        return AVAHI_ERR_INVALID_SERVICE_NAME;
++
++    if (!avahi_is_valid_service_type_generic(otype))
++        return AVAHI_ERR_INVALID_SERVICE_TYPE;
++
++    if (!avahi_is_valid_domain_name(odomain))
++        return AVAHI_ERR_INVALID_DOMAIN_NAME;
++
+     return 0;
+ }
+ 
+diff --git a/avahi-core/browse-service-type.c b/avahi-core/browse-service-type.c
+index b1fc7af..f0d6938 100644
+--- a/avahi-core/browse-service-type.c
++++ b/avahi-core/browse-service-type.c
+@@ -65,7 +65,7 @@ static void record_browser_callback(
+         assert(record->key->type == AVAHI_DNS_TYPE_PTR);
+ 
+         if (avahi_service_name_split(record->data.ptr.name, NULL, 0, type, sizeof(type), domain, sizeof(domain)) < 0) {
+-            avahi_log_warn("Invalid service type '%s'", record->key->name);
++            avahi_log_debug("Failed to split service name '%s'", record->data.ptr.name);
+             return;
+         }
+ 
+diff --git a/avahi-core/browse-service.c b/avahi-core/browse-service.c
+index 63e0275..e924bae 100644
+--- a/avahi-core/browse-service.c
++++ b/avahi-core/browse-service.c
+@@ -69,7 +69,7 @@ static void record_browser_callback(
+             flags |= AVAHI_LOOKUP_RESULT_LOCAL;
+ 
+         if (avahi_service_name_split(record->data.ptr.name, service, sizeof(service), type, sizeof(type), domain, sizeof(domain)) < 0) {
+-            avahi_log_warn("Failed to split '%s'", record->key->name);
++            avahi_log_debug("Failed to split service name '%s'", record->data.ptr.name);
+             return;
+         }
+ 
diff --git a/avahi.changes b/avahi.changes
index 6a01382..0e55dae 100644
--- a/avahi.changes
+++ b/avahi.changes
@@ -1,3 +1,14 @@
+-------------------------------------------------------------------
+Thu Jun 20 16:01:22 UTC 2024 - Michael Gorse <mgorse@suse.com>
+
+- Add avahi-filter-bogus-services.patch: no longer supply bogus
+  services to callbacks (bsc#1226586).
+
+-------------------------------------------------------------------
+Thu Apr  4 13:44:36 UTC 2024 - Dominique Leuenberger <dimstar@opensuse.org>
+
+- Tag hardening patches as PATCH-FEATURE-OPENSUSE
+
 -------------------------------------------------------------------
 Tue Mar 26 02:28:37 UTC 2024 - Xiaoguang Wang <xiaoguang.wang@suse.com>
 
@@ -6,6 +17,12 @@ Tue Mar 26 02:28:37 UTC 2024 - Xiaoguang Wang <xiaoguang.wang@suse.com>
 - Add avahi-CVE-2023-38469.patch: Reject overly long TXT resource
   records (bsc#1216598, CVE-2023-38469).
 
+-------------------------------------------------------------------
+Tue Mar 12 14:42:24 UTC 2024 - pgajdos@suse.com
+
+- remove dependency on /usr/bin/python3 using
+  %python3_fix_shebang macro, [bsc#1212476]
+
 -------------------------------------------------------------------
 Thu Nov 30 05:23:33 UTC 2023 - Alynx Zhou <alynx.zhou@suse.com>
 
diff --git a/avahi.spec b/avahi.spec
index 8ac3385..d32f18c 100644
--- a/avahi.spec
+++ b/avahi.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package avahi
 #
-# Copyright (c) 2023 SUSE LLC
+# Copyright (c) 2024 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -97,7 +97,9 @@ Patch25:        0006-man-add-missing-bshell.1-symlink.patch
 Patch26:        0007-Ship-avahi-discover-1-bssh-1-and-bvnc-1-also-for-GTK.patch
 # PATCH-FIX-UPSTREAM 0009-fix-bytestring-decoding-for-proper-display.patch mgorse@suse.com -- fix bytestring decoding for proper display.
 Patch27:        0009-fix-bytestring-decoding-for-proper-display.patch
+# PATCH-FEATURE-OPENSUSE
 Patch28:        harden_avahi-daemon.service.patch
+# PATCH-FEATURE-OPENSUSE
 Patch29:        harden_avahi-dnsconfd.service.patch
 # PATCH-FIX-UPSTREAM avahi-CVE-2023-1981.patch boo#1210328 mgorse@suse.com -- emit error if requested service is not found.
 Patch30:        avahi-CVE-2023-1981.patch
@@ -111,6 +113,8 @@ Patch33:        avahi-CVE-2023-38472.patch
 Patch34:        avahi-CVE-2023-38469.patch
 # PATCH-FIX-UPSTREAM avahi-CVE-2023-38471.patch bsc#1216594 xwang@suse.com -- Extract host name using avahi_unescape_label
 Patch35:        avahi-CVE-2023-38471.patch
+# PATCH-FIX-UPSTREAM avahi-filter-bogus-services.patch bsc#1226586 mgorse@suse.com -- no longer supply bogus services to callbacks.
+Patch36:        avahi-filter-bogus-services.patch
 BuildRequires:  fdupes
 BuildRequires:  gcc-c++
 BuildRequires:  gdbm-devel
@@ -420,8 +424,6 @@ Avahi is an implementation of the DNS Service Discovery and Multicast
 DNS specifications for Zeroconf Computing.
 
 
-
-
 # This is the avahi-discover command, only provided for the primary python3 flavor
 %package -n python3-avahi-gtk
 Summary:        A set of Avahi utilities written in Python Using python-gtk
@@ -429,7 +431,7 @@ Group:          Development/Languages/Python
 Requires:       python3-avahi = %{version}
 Requires:       python3-gobject
 Requires(post): coreutils
-Requires(postun):coreutils
+Requires(postun): coreutils
 Provides:       %{oldpython}-avahi-gtk = %{version}
 Obsoletes:      %{oldpython}-avahi-gtk < %{version}
 # Provide split-provides for update from <= 11.0:
@@ -604,6 +606,8 @@ rm -rf %{buildroot}%{_sysconfdir}/init.d/
 rm -rf %{buildroot}%{_sysconfdir}/avahi/services/ssh.service
 rm -rf %{buildroot}%{_sysconfdir}/avahi/services/sftp-ssh.service
 
+%python3_fix_shebang
+
 %if !%{build_core}
 cd ..
 %make_build install-pkgconfigDATA DESTDIR=%{buildroot}