diff --git a/avahi-CVE-2021-3468.patch b/avahi-CVE-2021-3468.patch
new file mode 100644
index 0000000..06e4618
--- /dev/null
+++ b/avahi-CVE-2021-3468.patch
@@ -0,0 +1,40 @@
+From 447affe29991ee99c6b9732fc5f2c1048a611d3b Mon Sep 17 00:00:00 2001
+From: Riccardo Schirone <sirmy15@gmail.com>
+Date: Fri, 26 Mar 2021 11:50:24 +0100
+Subject: [PATCH] Avoid infinite-loop in avahi-daemon by handling HUP event in
+ client_work
+
+If a client fills the input buffer, client_work() disables the
+AVAHI_WATCH_IN event, thus preventing the function from executing the
+`read` syscall the next times it is called. However, if the client then
+terminates the connection, the socket file descriptor receives a HUP
+event, which is not handled, thus the kernel keeps marking the HUP event
+as occurring. While iterating over the file descriptors that triggered
+an event, the client file descriptor will keep having the HUP event and
+the client_work() function is always called with AVAHI_WATCH_HUP but
+without nothing being done, thus entering an infinite loop.
+
+See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984938
+---
+ avahi-daemon/simple-protocol.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/avahi-daemon/simple-protocol.c b/avahi-daemon/simple-protocol.c
+index 3e0ebb1..6c0274d 100644
+--- a/avahi-daemon/simple-protocol.c
++++ b/avahi-daemon/simple-protocol.c
+@@ -424,6 +424,11 @@ static void client_work(AvahiWatch *watch, AVAHI_GCC_UNUSED int fd, AvahiWatchEv
+         }
+     }
+ 
++    if (events & AVAHI_WATCH_HUP) {
++        client_free(c);
++        return;
++    }
++
+     c->server->poll_api->watch_update(
+         watch,
+         (c->outbuf_length > 0 ? AVAHI_WATCH_OUT : 0) |
+-- 
+2.31.1
+
diff --git a/avahi-glib2.spec b/avahi-glib2.spec
index 3857eec..8358d28 100644
--- a/avahi-glib2.spec
+++ b/avahi-glib2.spec
@@ -77,6 +77,8 @@ Patch4:         avahi-daemon-check-dns-suse.patch
 Patch19:        avahi-0.6.32-suppress-resolv-conf-warning.patch
 # PATCH-FIX-UPSTREAM add-IT_PROG_INTLTOOL.patch alarrosa@suse.com -- add IT_PROG_INTLTOOL so intltool works
 Patch20:        add-IT_PROG_INTLTOOL.patch
+# PATCH-FIX-UPSTREAM avahi-CVE-2021-3468.patch boo#1184521 mgorse@suse.com -- avoid infinite loop by handling HUP event in client_work.
+Patch21:        avahi-CVE-2021-3468.patch
 BuildRequires:  fdupes
 BuildRequires:  gcc-c++
 BuildRequires:  gdbm-devel
@@ -261,6 +263,7 @@ Avahi is an implementation of the DNS Service Discovery and Multicast
 DNS specifications for Zeroconf Computing.
 
 %else
+
 %package -n python3-avahi
 Summary:        A set of Avahi utilities written in Python
 Group:          Development/Languages/Python
@@ -404,13 +407,14 @@ Avahi is an implementation of the DNS Service Discovery and Multicast
 DNS specifications for Zeroconf Computing.
 
 # This is the avahi-discover command, only provided for the primary python3 flavor
+
 %package -n python3-avahi-gtk
 Summary:        A set of Avahi utilities written in Python Using python-gtk
 Group:          Development/Languages/Python
 Requires:       python3-avahi = %{version}
 Requires:       python3-gobject
 Requires(post): coreutils
-Requires(postun): coreutils
+Requires(postun):coreutils
 Provides:       %{oldpython}-avahi-gtk = %{version}
 Obsoletes:      %{oldpython}-avahi-gtk < %{version}
 # Provide split-provides for update from <= 11.0:
@@ -514,6 +518,7 @@ translation-update-upstream
 %patch4
 %patch19 -p1
 %patch20 -p1
+%patch21 -p1
 
 %if !%{build_core}
 # Replace all .la references from local .la files to installed versions
@@ -798,6 +803,7 @@ find %{_localstatedir}/lib/avahi-autoipd -user avahi -exec chown avahi-autoipd:a
 %postun -n python-avahi
 %python_uninstall_alternative avahi-bookmarks
 %else
+
 %post -n python3-avahi
 %python_install_alternative avahi-bookmarks avahi-bookmarks.1
 
@@ -974,6 +980,7 @@ find %{_localstatedir}/lib/avahi-autoipd -user avahi -exec chown avahi-autoipd:a
 %if %{build_core}
 %files -n avahi-mono
 %else
+
 %files
 %endif
 %defattr(-,root,root)
diff --git a/avahi-mono.spec b/avahi-mono.spec
index d1e92fd..0535ae3 100644
--- a/avahi-mono.spec
+++ b/avahi-mono.spec
@@ -77,6 +77,8 @@ Patch4:         avahi-daemon-check-dns-suse.patch
 Patch19:        avahi-0.6.32-suppress-resolv-conf-warning.patch
 # PATCH-FIX-UPSTREAM add-IT_PROG_INTLTOOL.patch alarrosa@suse.com -- add IT_PROG_INTLTOOL so intltool works
 Patch20:        add-IT_PROG_INTLTOOL.patch
+# PATCH-FIX-UPSTREAM avahi-CVE-2021-3468.patch boo#1184521 mgorse@suse.com -- avoid infinite loop by handling HUP event in client_work.
+Patch21:        avahi-CVE-2021-3468.patch
 BuildRequires:  fdupes
 BuildRequires:  gcc-c++
 BuildRequires:  gdbm-devel
@@ -260,6 +262,7 @@ Avahi is an implementation of the DNS Service Discovery and Multicast
 DNS specifications for Zeroconf Computing.
 
 %else
+
 %package -n python3-avahi
 Summary:        A set of Avahi utilities written in Python
 Group:          Development/Languages/Python
@@ -403,13 +406,14 @@ Avahi is an implementation of the DNS Service Discovery and Multicast
 DNS specifications for Zeroconf Computing.
 
 # This is the avahi-discover command, only provided for the primary python3 flavor
+
 %package -n python3-avahi-gtk
 Summary:        A set of Avahi utilities written in Python Using python-gtk
 Group:          Development/Languages/Python
 Requires:       python3-avahi = %{version}
 Requires:       python3-gobject
 Requires(post): coreutils
-Requires(postun): coreutils
+Requires(postun):coreutils
 Provides:       %{oldpython}-avahi-gtk = %{version}
 Obsoletes:      %{oldpython}-avahi-gtk < %{version}
 # Provide split-provides for update from <= 11.0:
@@ -451,7 +455,6 @@ DNS specifications for Zeroconf Computing.
 %if %{build_mono}
 %package -n avahi-mono
 Summary:        Mono Bindings for avahi, the D-BUS Service for Zeroconf and Bonjour
-License:        LGPL-2.1-or-later
 Group:          Development/Languages/Mono
 Requires:       gtk-sharp2
 Requires:       libavahi-client%{avahi_client_sover} >= %{version}
@@ -514,6 +517,7 @@ translation-update-upstream
 %patch4
 %patch19 -p1
 %patch20 -p1
+%patch21 -p1
 
 %if !%{build_core}
 # Replace all .la references from local .la files to installed versions
@@ -798,6 +802,7 @@ find %{_localstatedir}/lib/avahi-autoipd -user avahi -exec chown avahi-autoipd:a
 %postun -n python-avahi
 %python_uninstall_alternative avahi-bookmarks
 %else
+
 %post -n python3-avahi
 %python_install_alternative avahi-bookmarks avahi-bookmarks.1
 
@@ -974,6 +979,7 @@ find %{_localstatedir}/lib/avahi-autoipd -user avahi -exec chown avahi-autoipd:a
 %if %{build_core}
 %files -n avahi-mono
 %else
+
 %files
 %endif
 %defattr(-,root,root)
diff --git a/avahi-qt5.spec b/avahi-qt5.spec
index a669eca..84eff2d 100644
--- a/avahi-qt5.spec
+++ b/avahi-qt5.spec
@@ -77,6 +77,8 @@ Patch4:         avahi-daemon-check-dns-suse.patch
 Patch19:        avahi-0.6.32-suppress-resolv-conf-warning.patch
 # PATCH-FIX-UPSTREAM add-IT_PROG_INTLTOOL.patch alarrosa@suse.com -- add IT_PROG_INTLTOOL so intltool works
 Patch20:        add-IT_PROG_INTLTOOL.patch
+# PATCH-FIX-UPSTREAM avahi-CVE-2021-3468.patch boo#1184521 mgorse@suse.com -- avoid infinite loop by handling HUP event in client_work.
+Patch21:        avahi-CVE-2021-3468.patch
 BuildRequires:  fdupes
 BuildRequires:  gcc-c++
 BuildRequires:  gdbm-devel
@@ -261,6 +263,7 @@ Avahi is an implementation of the DNS Service Discovery and Multicast
 DNS specifications for Zeroconf Computing.
 
 %else
+
 %package -n python3-avahi
 Summary:        A set of Avahi utilities written in Python
 Group:          Development/Languages/Python
@@ -404,13 +407,14 @@ Avahi is an implementation of the DNS Service Discovery and Multicast
 DNS specifications for Zeroconf Computing.
 
 # This is the avahi-discover command, only provided for the primary python3 flavor
+
 %package -n python3-avahi-gtk
 Summary:        A set of Avahi utilities written in Python Using python-gtk
 Group:          Development/Languages/Python
 Requires:       python3-avahi = %{version}
 Requires:       python3-gobject
 Requires(post): coreutils
-Requires(postun): coreutils
+Requires(postun):coreutils
 Provides:       %{oldpython}-avahi-gtk = %{version}
 Obsoletes:      %{oldpython}-avahi-gtk < %{version}
 # Provide split-provides for update from <= 11.0:
@@ -514,6 +518,7 @@ translation-update-upstream
 %patch4
 %patch19 -p1
 %patch20 -p1
+%patch21 -p1
 
 %if !%{build_core}
 # Replace all .la references from local .la files to installed versions
@@ -798,6 +803,7 @@ find %{_localstatedir}/lib/avahi-autoipd -user avahi -exec chown avahi-autoipd:a
 %postun -n python-avahi
 %python_uninstall_alternative avahi-bookmarks
 %else
+
 %post -n python3-avahi
 %python_install_alternative avahi-bookmarks avahi-bookmarks.1
 
@@ -974,6 +980,7 @@ find %{_localstatedir}/lib/avahi-autoipd -user avahi -exec chown avahi-autoipd:a
 %if %{build_core}
 %files -n avahi-mono
 %else
+
 %files
 %endif
 %defattr(-,root,root)
diff --git a/avahi.changes b/avahi.changes
index f2b4f5a..f4c9e60 100644
--- a/avahi.changes
+++ b/avahi.changes
@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Tue Apr 20 16:17:54 UTC 2021 - Michael Gorse <mgorse@suse.com>
+
+- Add avahi-CVE-2021-3468.patch: avoid infinite loop by handling
+  HUP event in client_work (boo#1184521 CVE-2021-3468).
+  https://github.com/lathiat/avahi/pull/330
+
 -------------------------------------------------------------------
 Tue Feb 16 22:37:35 UTC 2021 - Michael Gorse <mgorse@suse.com>
 
diff --git a/avahi.spec b/avahi.spec
index 510011b..8800493 100644
--- a/avahi.spec
+++ b/avahi.spec
@@ -79,6 +79,8 @@ Patch4:         avahi-daemon-check-dns-suse.patch
 Patch19:        avahi-0.6.32-suppress-resolv-conf-warning.patch
 # PATCH-FIX-UPSTREAM add-IT_PROG_INTLTOOL.patch alarrosa@suse.com -- add IT_PROG_INTLTOOL so intltool works
 Patch20:        add-IT_PROG_INTLTOOL.patch
+# PATCH-FIX-UPSTREAM avahi-CVE-2021-3468.patch boo#1184521 mgorse@suse.com -- avoid infinite loop by handling HUP event in client_work.
+Patch21:        avahi-CVE-2021-3468.patch
 BuildRequires:  fdupes
 BuildRequires:  gcc-c++
 BuildRequires:  gdbm-devel
@@ -263,6 +265,7 @@ Avahi is an implementation of the DNS Service Discovery and Multicast
 DNS specifications for Zeroconf Computing.
 
 %else
+
 %package -n python3-avahi
 Summary:        A set of Avahi utilities written in Python
 Group:          Development/Languages/Python
@@ -406,13 +409,14 @@ Avahi is an implementation of the DNS Service Discovery and Multicast
 DNS specifications for Zeroconf Computing.
 
 # This is the avahi-discover command, only provided for the primary python3 flavor
+
 %package -n python3-avahi-gtk
 Summary:        A set of Avahi utilities written in Python Using python-gtk
 Group:          Development/Languages/Python
 Requires:       python3-avahi = %{version}
 Requires:       python3-gobject
 Requires(post): coreutils
-Requires(postun): coreutils
+Requires(postun):coreutils
 Provides:       %{oldpython}-avahi-gtk = %{version}
 Obsoletes:      %{oldpython}-avahi-gtk < %{version}
 # Provide split-provides for update from <= 11.0:
@@ -509,6 +513,7 @@ translation-update-upstream
 %patch4
 %patch19 -p1
 %patch20 -p1
+%patch21 -p1
 
 %if !%{build_core}
 # Replace all .la references from local .la files to installed versions
@@ -793,6 +798,7 @@ find %{_localstatedir}/lib/avahi-autoipd -user avahi -exec chown avahi-autoipd:a
 %postun -n python-avahi
 %python_uninstall_alternative avahi-bookmarks
 %else
+
 %post -n python3-avahi
 %python_install_alternative avahi-bookmarks avahi-bookmarks.1
 
@@ -969,6 +975,7 @@ find %{_localstatedir}/lib/avahi-autoipd -user avahi -exec chown avahi-autoipd:a
 %if %{build_core}
 %files -n avahi-mono
 %else
+
 %files
 %endif
 %defattr(-,root,root)