From 7f1c3b18975c2c714d4e3df1eb0291b076e323f8cdff2bc03e6fe1c02340cfcf Mon Sep 17 00:00:00 2001 From: Dominique Leuenberger Date: Mon, 5 Jul 2021 13:36:28 +0000 Subject: [PATCH] Accepting request 903764 from GNOME:Next - Add avahi-CVE-2021-3502.patch: fix NULL pointer crashes (boo#1184846 CVE-2021-3502). OBS-URL: https://build.opensuse.org/request/show/903764 OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/avahi?expand=0&rev=188 --- avahi-CVE-2021-3502.patch | 151 ++++++++++++++++++++++++++++++++++++++ avahi-glib2.spec | 6 +- avahi-mono.spec | 6 +- avahi-qt5.spec | 6 +- avahi.changes | 6 ++ avahi.spec | 5 +- 6 files changed, 176 insertions(+), 4 deletions(-) create mode 100644 avahi-CVE-2021-3502.patch diff --git a/avahi-CVE-2021-3502.patch b/avahi-CVE-2021-3502.patch new file mode 100644 index 0000000..27e4e1a --- /dev/null +++ b/avahi-CVE-2021-3502.patch @@ -0,0 +1,151 @@ +From 9d31939e55280a733d930b15ac9e4dda4497680c Mon Sep 17 00:00:00 2001 +From: Tommi Rantala +Date: Mon, 8 Feb 2021 11:04:43 +0200 +Subject: [PATCH] Fix NULL pointer crashes from #175 + +avahi-daemon is crashing when running "ping .local". +The crash is due to failing assertion from NULL pointer. +Add missing NULL pointer checks to fix it. + +Introduced in #175 - merge commit 8f75a045709a780c8cf92a6a21e9d35b593bdecd +--- + avahi-core/browse-dns-server.c | 5 ++++- + avahi-core/browse-domain.c | 5 ++++- + avahi-core/browse-service-type.c | 3 +++ + avahi-core/browse-service.c | 3 +++ + avahi-core/browse.c | 3 +++ + avahi-core/resolve-address.c | 5 ++++- + avahi-core/resolve-host-name.c | 5 ++++- + avahi-core/resolve-service.c | 5 ++++- + 8 files changed, 29 insertions(+), 5 deletions(-) + +diff --git a/avahi-core/browse-dns-server.c b/avahi-core/browse-dns-server.c +index 049752e..c2d914f 100644 +--- a/avahi-core/browse-dns-server.c ++++ b/avahi-core/browse-dns-server.c +@@ -343,7 +343,10 @@ AvahiSDNSServerBrowser *avahi_s_dns_server_browser_new( + AvahiSDNSServerBrowser* b; + + b = avahi_s_dns_server_browser_prepare(server, interface, protocol, domain, type, aprotocol, flags, callback, userdata); ++ if (!b) ++ return NULL; ++ + avahi_s_dns_server_browser_start(b); + + return b; +-} +\ No newline at end of file ++} +diff --git a/avahi-core/browse-domain.c b/avahi-core/browse-domain.c +index f145d56..06fa70c 100644 +--- a/avahi-core/browse-domain.c ++++ b/avahi-core/browse-domain.c +@@ -253,7 +253,10 @@ AvahiSDomainBrowser *avahi_s_domain_browser_new( + AvahiSDomainBrowser *b; + + b = avahi_s_domain_browser_prepare(server, interface, protocol, domain, type, flags, callback, userdata); ++ if (!b) ++ return NULL; ++ + avahi_s_domain_browser_start(b); + + return b; +-} +\ No newline at end of file ++} +diff --git a/avahi-core/browse-service-type.c b/avahi-core/browse-service-type.c +index fdd22dc..b1fc7af 100644 +--- a/avahi-core/browse-service-type.c ++++ b/avahi-core/browse-service-type.c +@@ -171,6 +171,9 @@ AvahiSServiceTypeBrowser *avahi_s_service_type_browser_new( + AvahiSServiceTypeBrowser *b; + + b = avahi_s_service_type_browser_prepare(server, interface, protocol, domain, flags, callback, userdata); ++ if (!b) ++ return NULL; ++ + avahi_s_service_type_browser_start(b); + + return b; +diff --git a/avahi-core/browse-service.c b/avahi-core/browse-service.c +index 5531360..63e0275 100644 +--- a/avahi-core/browse-service.c ++++ b/avahi-core/browse-service.c +@@ -184,6 +184,9 @@ AvahiSServiceBrowser *avahi_s_service_browser_new( + AvahiSServiceBrowser *b; + + b = avahi_s_service_browser_prepare(server, interface, protocol, service_type, domain, flags, callback, userdata); ++ if (!b) ++ return NULL; ++ + avahi_s_service_browser_start(b); + + return b; +diff --git a/avahi-core/browse.c b/avahi-core/browse.c +index 2941e57..e8a915e 100644 +--- a/avahi-core/browse.c ++++ b/avahi-core/browse.c +@@ -634,6 +634,9 @@ AvahiSRecordBrowser *avahi_s_record_browser_new( + AvahiSRecordBrowser *b; + + b = avahi_s_record_browser_prepare(server, interface, protocol, key, flags, callback, userdata); ++ if (!b) ++ return NULL; ++ + avahi_s_record_browser_start_query(b); + + return b; +diff --git a/avahi-core/resolve-address.c b/avahi-core/resolve-address.c +index ac0b29b..e61dd24 100644 +--- a/avahi-core/resolve-address.c ++++ b/avahi-core/resolve-address.c +@@ -286,7 +286,10 @@ AvahiSAddressResolver *avahi_s_address_resolver_new( + AvahiSAddressResolver *b; + + b = avahi_s_address_resolver_prepare(server, interface, protocol, address, flags, callback, userdata); ++ if (!b) ++ return NULL; ++ + avahi_s_address_resolver_start(b); + + return b; +-} +\ No newline at end of file ++} +diff --git a/avahi-core/resolve-host-name.c b/avahi-core/resolve-host-name.c +index 808b0e7..4e8e597 100644 +--- a/avahi-core/resolve-host-name.c ++++ b/avahi-core/resolve-host-name.c +@@ -318,7 +318,10 @@ AvahiSHostNameResolver *avahi_s_host_name_resolver_new( + AvahiSHostNameResolver *b; + + b = avahi_s_host_name_resolver_prepare(server, interface, protocol, host_name, aprotocol, flags, callback, userdata); ++ if (!b) ++ return NULL; ++ + avahi_s_host_name_resolver_start(b); + + return b; +-} +\ No newline at end of file ++} +diff --git a/avahi-core/resolve-service.c b/avahi-core/resolve-service.c +index 66bf3ca..4377176 100644 +--- a/avahi-core/resolve-service.c ++++ b/avahi-core/resolve-service.c +@@ -519,7 +519,10 @@ AvahiSServiceResolver *avahi_s_service_resolver_new( + AvahiSServiceResolver *b; + + b = avahi_s_service_resolver_prepare(server, interface, protocol, name, type, domain, aprotocol, flags, callback, userdata); ++ if (!b) ++ return NULL; ++ + avahi_s_service_resolver_start(b); + + return b; +-} +\ No newline at end of file ++} +-- +2.32.0 + diff --git a/avahi-glib2.spec b/avahi-glib2.spec index 8358d28..5581e24 100644 --- a/avahi-glib2.spec +++ b/avahi-glib2.spec @@ -79,6 +79,8 @@ Patch19: avahi-0.6.32-suppress-resolv-conf-warning.patch Patch20: add-IT_PROG_INTLTOOL.patch # PATCH-FIX-UPSTREAM avahi-CVE-2021-3468.patch boo#1184521 mgorse@suse.com -- avoid infinite loop by handling HUP event in client_work. Patch21: avahi-CVE-2021-3468.patch +# PATCH-FIX-UPSTREAM avahi-CVE-2021-3502.patch boo#1184846 mgorse@suse.com -- fix NULL pointer crashes. +Patch22: avahi-CVE-2021-3502.patch BuildRequires: fdupes BuildRequires: gcc-c++ BuildRequires: gdbm-devel @@ -319,6 +321,7 @@ Requires: glibc-devel Requires: libavahi-client%{avahi_client_sover} = %{version} Requires: libavahi-common%{avahi_common_sover} = %{version} Requires: libavahi-core%{avahi_core_sover} = %{version} +Requires: libavahi-libevent%{avahi_libevent_sover} = %{version} # Last appeared in OpenSUSE 10.3: Provides: avahi-devel = %{version} Obsoletes: avahi-devel < %{version} @@ -406,8 +409,8 @@ Obsoletes: avahi-glib2-utils-gtk < %{version} Avahi is an implementation of the DNS Service Discovery and Multicast DNS specifications for Zeroconf Computing. -# This is the avahi-discover command, only provided for the primary python3 flavor +# This is the avahi-discover command, only provided for the primary python3 flavor %package -n python3-avahi-gtk Summary: A set of Avahi utilities written in Python Using python-gtk Group: Development/Languages/Python @@ -519,6 +522,7 @@ translation-update-upstream %patch19 -p1 %patch20 -p1 %patch21 -p1 +%patch22 -p1 %if !%{build_core} # Replace all .la references from local .la files to installed versions diff --git a/avahi-mono.spec b/avahi-mono.spec index 0535ae3..99ea359 100644 --- a/avahi-mono.spec +++ b/avahi-mono.spec @@ -79,6 +79,8 @@ Patch19: avahi-0.6.32-suppress-resolv-conf-warning.patch Patch20: add-IT_PROG_INTLTOOL.patch # PATCH-FIX-UPSTREAM avahi-CVE-2021-3468.patch boo#1184521 mgorse@suse.com -- avoid infinite loop by handling HUP event in client_work. Patch21: avahi-CVE-2021-3468.patch +# PATCH-FIX-UPSTREAM avahi-CVE-2021-3502.patch boo#1184846 mgorse@suse.com -- fix NULL pointer crashes. +Patch22: avahi-CVE-2021-3502.patch BuildRequires: fdupes BuildRequires: gcc-c++ BuildRequires: gdbm-devel @@ -318,6 +320,7 @@ Requires: glibc-devel Requires: libavahi-client%{avahi_client_sover} = %{version} Requires: libavahi-common%{avahi_common_sover} = %{version} Requires: libavahi-core%{avahi_core_sover} = %{version} +Requires: libavahi-libevent%{avahi_libevent_sover} = %{version} # Last appeared in OpenSUSE 10.3: Provides: avahi-devel = %{version} Obsoletes: avahi-devel < %{version} @@ -405,8 +408,8 @@ Obsoletes: avahi-glib2-utils-gtk < %{version} Avahi is an implementation of the DNS Service Discovery and Multicast DNS specifications for Zeroconf Computing. -# This is the avahi-discover command, only provided for the primary python3 flavor +# This is the avahi-discover command, only provided for the primary python3 flavor %package -n python3-avahi-gtk Summary: A set of Avahi utilities written in Python Using python-gtk Group: Development/Languages/Python @@ -518,6 +521,7 @@ translation-update-upstream %patch19 -p1 %patch20 -p1 %patch21 -p1 +%patch22 -p1 %if !%{build_core} # Replace all .la references from local .la files to installed versions diff --git a/avahi-qt5.spec b/avahi-qt5.spec index 84eff2d..49a7921 100644 --- a/avahi-qt5.spec +++ b/avahi-qt5.spec @@ -79,6 +79,8 @@ Patch19: avahi-0.6.32-suppress-resolv-conf-warning.patch Patch20: add-IT_PROG_INTLTOOL.patch # PATCH-FIX-UPSTREAM avahi-CVE-2021-3468.patch boo#1184521 mgorse@suse.com -- avoid infinite loop by handling HUP event in client_work. Patch21: avahi-CVE-2021-3468.patch +# PATCH-FIX-UPSTREAM avahi-CVE-2021-3502.patch boo#1184846 mgorse@suse.com -- fix NULL pointer crashes. +Patch22: avahi-CVE-2021-3502.patch BuildRequires: fdupes BuildRequires: gcc-c++ BuildRequires: gdbm-devel @@ -319,6 +321,7 @@ Requires: glibc-devel Requires: libavahi-client%{avahi_client_sover} = %{version} Requires: libavahi-common%{avahi_common_sover} = %{version} Requires: libavahi-core%{avahi_core_sover} = %{version} +Requires: libavahi-libevent%{avahi_libevent_sover} = %{version} # Last appeared in OpenSUSE 10.3: Provides: avahi-devel = %{version} Obsoletes: avahi-devel < %{version} @@ -406,8 +409,8 @@ Obsoletes: avahi-glib2-utils-gtk < %{version} Avahi is an implementation of the DNS Service Discovery and Multicast DNS specifications for Zeroconf Computing. -# This is the avahi-discover command, only provided for the primary python3 flavor +# This is the avahi-discover command, only provided for the primary python3 flavor %package -n python3-avahi-gtk Summary: A set of Avahi utilities written in Python Using python-gtk Group: Development/Languages/Python @@ -519,6 +522,7 @@ translation-update-upstream %patch19 -p1 %patch20 -p1 %patch21 -p1 +%patch22 -p1 %if !%{build_core} # Replace all .la references from local .la files to installed versions diff --git a/avahi.changes b/avahi.changes index ec1c7b5..e6d55e2 100644 --- a/avahi.changes +++ b/avahi.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Fri Jul 2 17:40:20 UTC 2021 - Michael Gorse + +- Add avahi-CVE-2021-3502.patch: fix NULL pointer crashes + (boo#1184846 CVE-2021-3502). + ------------------------------------------------------------------- Wed Jun 2 09:37:12 UTC 2021 - Christophe Giboudeaux diff --git a/avahi.spec b/avahi.spec index 0063288..2088e2d 100644 --- a/avahi.spec +++ b/avahi.spec @@ -81,6 +81,8 @@ Patch19: avahi-0.6.32-suppress-resolv-conf-warning.patch Patch20: add-IT_PROG_INTLTOOL.patch # PATCH-FIX-UPSTREAM avahi-CVE-2021-3468.patch boo#1184521 mgorse@suse.com -- avoid infinite loop by handling HUP event in client_work. Patch21: avahi-CVE-2021-3468.patch +# PATCH-FIX-UPSTREAM avahi-CVE-2021-3502.patch boo#1184846 mgorse@suse.com -- fix NULL pointer crashes. +Patch22: avahi-CVE-2021-3502.patch BuildRequires: fdupes BuildRequires: gcc-c++ BuildRequires: gdbm-devel @@ -409,8 +411,8 @@ Obsoletes: avahi-glib2-utils-gtk < %{version} Avahi is an implementation of the DNS Service Discovery and Multicast DNS specifications for Zeroconf Computing. -# This is the avahi-discover command, only provided for the primary python3 flavor +# This is the avahi-discover command, only provided for the primary python3 flavor %package -n python3-avahi-gtk Summary: A set of Avahi utilities written in Python Using python-gtk Group: Development/Languages/Python @@ -515,6 +517,7 @@ translation-update-upstream %patch19 -p1 %patch20 -p1 %patch21 -p1 +%patch22 -p1 %if !%{build_core} # Replace all .la references from local .la files to installed versions