Accepting request 903764 from GNOME:Next

- Add avahi-CVE-2021-3502.patch: fix NULL pointer crashes
  (boo#1184846 CVE-2021-3502).

OBS-URL: https://build.opensuse.org/request/show/903764
OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/avahi?expand=0&rev=188

avahi-CVE-2021-3502.patch

@@ -0,0 +1,151 @@
+From 9d31939e55280a733d930b15ac9e4dda4497680c Mon Sep 17 00:00:00 2001
+From: Tommi Rantala <tommi.t.rantala@nokia.com>
+Date: Mon, 8 Feb 2021 11:04:43 +0200
+Subject: [PATCH] Fix NULL pointer crashes from #175
+
+avahi-daemon is crashing when running "ping .local".
+The crash is due to failing assertion from NULL pointer.
+Add missing NULL pointer checks to fix it.
+
+Introduced in #175 - merge commit 8f75a045709a780c8cf92a6a21e9d35b593bdecd
+---
+ avahi-core/browse-dns-server.c   | 5 ++++-
+ avahi-core/browse-domain.c       | 5 ++++-
+ avahi-core/browse-service-type.c | 3 +++
+ avahi-core/browse-service.c      | 3 +++
+ avahi-core/browse.c              | 3 +++
+ avahi-core/resolve-address.c     | 5 ++++-
+ avahi-core/resolve-host-name.c   | 5 ++++-
+ avahi-core/resolve-service.c     | 5 ++++-
+ 8 files changed, 29 insertions(+), 5 deletions(-)
+
+diff --git a/avahi-core/browse-dns-server.c b/avahi-core/browse-dns-server.c
+index 049752e..c2d914f 100644
+--- a/avahi-core/browse-dns-server.c
++++ b/avahi-core/browse-dns-server.c
+@@ -343,7 +343,10 @@ AvahiSDNSServerBrowser *avahi_s_dns_server_browser_new(
+         AvahiSDNSServerBrowser* b;
+ 
+         b = avahi_s_dns_server_browser_prepare(server, interface, protocol, domain, type, aprotocol, flags, callback, userdata);
++        if (!b)
++            return NULL;
++
+         avahi_s_dns_server_browser_start(b);
+ 
+         return b;
+-}
+\ No newline at end of file
++}
+diff --git a/avahi-core/browse-domain.c b/avahi-core/browse-domain.c
+index f145d56..06fa70c 100644
+--- a/avahi-core/browse-domain.c
++++ b/avahi-core/browse-domain.c
+@@ -253,7 +253,10 @@ AvahiSDomainBrowser *avahi_s_domain_browser_new(
+         AvahiSDomainBrowser *b;
+ 
+         b = avahi_s_domain_browser_prepare(server, interface, protocol, domain, type, flags, callback, userdata);
++        if (!b)
++            return NULL;
++
+         avahi_s_domain_browser_start(b);
+ 
+         return b;
+-}
+\ No newline at end of file
++}
+diff --git a/avahi-core/browse-service-type.c b/avahi-core/browse-service-type.c
+index fdd22dc..b1fc7af 100644
+--- a/avahi-core/browse-service-type.c
++++ b/avahi-core/browse-service-type.c
+@@ -171,6 +171,9 @@ AvahiSServiceTypeBrowser *avahi_s_service_type_browser_new(
+         AvahiSServiceTypeBrowser *b;
+ 
+         b = avahi_s_service_type_browser_prepare(server, interface, protocol, domain, flags, callback, userdata);
++        if (!b)
++            return NULL;
++
+         avahi_s_service_type_browser_start(b);
+ 
+         return b;
+diff --git a/avahi-core/browse-service.c b/avahi-core/browse-service.c
+index 5531360..63e0275 100644
+--- a/avahi-core/browse-service.c
++++ b/avahi-core/browse-service.c
+@@ -184,6 +184,9 @@ AvahiSServiceBrowser *avahi_s_service_browser_new(
+         AvahiSServiceBrowser *b;
+ 
+         b = avahi_s_service_browser_prepare(server, interface, protocol, service_type, domain, flags, callback, userdata);
++        if (!b)
++            return NULL;
++
+         avahi_s_service_browser_start(b);
+ 
+         return b;
+diff --git a/avahi-core/browse.c b/avahi-core/browse.c
+index 2941e57..e8a915e 100644
+--- a/avahi-core/browse.c
++++ b/avahi-core/browse.c
+@@ -634,6 +634,9 @@ AvahiSRecordBrowser *avahi_s_record_browser_new(
+         AvahiSRecordBrowser *b;
+ 
+         b = avahi_s_record_browser_prepare(server, interface, protocol, key, flags, callback, userdata);
++        if (!b)
++            return NULL;
++
+         avahi_s_record_browser_start_query(b);
+ 
+         return b;
+diff --git a/avahi-core/resolve-address.c b/avahi-core/resolve-address.c
+index ac0b29b..e61dd24 100644
+--- a/avahi-core/resolve-address.c
++++ b/avahi-core/resolve-address.c
+@@ -286,7 +286,10 @@ AvahiSAddressResolver *avahi_s_address_resolver_new(
+         AvahiSAddressResolver *b;
+ 
+         b = avahi_s_address_resolver_prepare(server, interface, protocol, address, flags, callback, userdata);
++        if (!b)
++            return NULL;
++
+         avahi_s_address_resolver_start(b);
+ 
+         return b;
+-}
+\ No newline at end of file
++}
+diff --git a/avahi-core/resolve-host-name.c b/avahi-core/resolve-host-name.c
+index 808b0e7..4e8e597 100644
+--- a/avahi-core/resolve-host-name.c
++++ b/avahi-core/resolve-host-name.c
+@@ -318,7 +318,10 @@ AvahiSHostNameResolver *avahi_s_host_name_resolver_new(
+         AvahiSHostNameResolver *b;
+ 
+         b = avahi_s_host_name_resolver_prepare(server, interface, protocol, host_name, aprotocol, flags, callback, userdata);
++        if (!b)
++            return NULL;
++
+         avahi_s_host_name_resolver_start(b);
+ 
+         return b;
+-}
+\ No newline at end of file
++}
+diff --git a/avahi-core/resolve-service.c b/avahi-core/resolve-service.c
+index 66bf3ca..4377176 100644
+--- a/avahi-core/resolve-service.c
++++ b/avahi-core/resolve-service.c
+@@ -519,7 +519,10 @@ AvahiSServiceResolver *avahi_s_service_resolver_new(
+         AvahiSServiceResolver *b;
+ 
+         b = avahi_s_service_resolver_prepare(server, interface, protocol, name, type, domain, aprotocol, flags, callback, userdata);
++        if (!b)
++            return NULL;
++
+         avahi_s_service_resolver_start(b);
+ 
+         return b;
+-}
+\ No newline at end of file
++}
+-- 
+2.32.0
+

avahi-glib2.spec

@@ -79,6 +79,8 @@ Patch19:        avahi-0.6.32-suppress-resolv-conf-warning.patch
 Patch20:        add-IT_PROG_INTLTOOL.patch
 # PATCH-FIX-UPSTREAM avahi-CVE-2021-3468.patch boo#1184521 mgorse@suse.com -- avoid infinite loop by handling HUP event in client_work.
 Patch21:        avahi-CVE-2021-3468.patch
+# PATCH-FIX-UPSTREAM avahi-CVE-2021-3502.patch boo#1184846 mgorse@suse.com -- fix NULL pointer crashes.
+Patch22:        avahi-CVE-2021-3502.patch
 BuildRequires:  fdupes
 BuildRequires:  gcc-c++
 BuildRequires:  gdbm-devel
@@ -319,6 +321,7 @@ Requires:       glibc-devel
 Requires:       libavahi-client%{avahi_client_sover} = %{version}
 Requires:       libavahi-common%{avahi_common_sover} = %{version}
 Requires:       libavahi-core%{avahi_core_sover} = %{version}
+Requires:       libavahi-libevent%{avahi_libevent_sover} = %{version}
 # Last appeared in OpenSUSE 10.3:
 Provides:       avahi-devel = %{version}
 Obsoletes:      avahi-devel < %{version}
@@ -406,8 +409,8 @@ Obsoletes:      avahi-glib2-utils-gtk < %{version}
 Avahi is an implementation of the DNS Service Discovery and Multicast
 DNS specifications for Zeroconf Computing.
 
-# This is the avahi-discover command, only provided for the primary python3 flavor
 
+# This is the avahi-discover command, only provided for the primary python3 flavor
 %package -n python3-avahi-gtk
 Summary:        A set of Avahi utilities written in Python Using python-gtk
 Group:          Development/Languages/Python
@@ -519,6 +522,7 @@ translation-update-upstream
 %patch19 -p1
 %patch20 -p1
 %patch21 -p1
+%patch22 -p1
 
 %if !%{build_core}
 # Replace all .la references from local .la files to installed versions

avahi-mono.spec

@@ -79,6 +79,8 @@ Patch19:        avahi-0.6.32-suppress-resolv-conf-warning.patch
 Patch20:        add-IT_PROG_INTLTOOL.patch
 # PATCH-FIX-UPSTREAM avahi-CVE-2021-3468.patch boo#1184521 mgorse@suse.com -- avoid infinite loop by handling HUP event in client_work.
 Patch21:        avahi-CVE-2021-3468.patch
+# PATCH-FIX-UPSTREAM avahi-CVE-2021-3502.patch boo#1184846 mgorse@suse.com -- fix NULL pointer crashes.
+Patch22:        avahi-CVE-2021-3502.patch
 BuildRequires:  fdupes
 BuildRequires:  gcc-c++
 BuildRequires:  gdbm-devel
@@ -318,6 +320,7 @@ Requires:       glibc-devel
 Requires:       libavahi-client%{avahi_client_sover} = %{version}
 Requires:       libavahi-common%{avahi_common_sover} = %{version}
 Requires:       libavahi-core%{avahi_core_sover} = %{version}
+Requires:       libavahi-libevent%{avahi_libevent_sover} = %{version}
 # Last appeared in OpenSUSE 10.3:
 Provides:       avahi-devel = %{version}
 Obsoletes:      avahi-devel < %{version}
@@ -405,8 +408,8 @@ Obsoletes:      avahi-glib2-utils-gtk < %{version}
 Avahi is an implementation of the DNS Service Discovery and Multicast
 DNS specifications for Zeroconf Computing.
 
-# This is the avahi-discover command, only provided for the primary python3 flavor
 
+# This is the avahi-discover command, only provided for the primary python3 flavor
 %package -n python3-avahi-gtk
 Summary:        A set of Avahi utilities written in Python Using python-gtk
 Group:          Development/Languages/Python
@@ -518,6 +521,7 @@ translation-update-upstream
 %patch19 -p1
 %patch20 -p1
 %patch21 -p1
+%patch22 -p1
 
 %if !%{build_core}
 # Replace all .la references from local .la files to installed versions

avahi-qt5.spec

@@ -79,6 +79,8 @@ Patch19:        avahi-0.6.32-suppress-resolv-conf-warning.patch
 Patch20:        add-IT_PROG_INTLTOOL.patch
 # PATCH-FIX-UPSTREAM avahi-CVE-2021-3468.patch boo#1184521 mgorse@suse.com -- avoid infinite loop by handling HUP event in client_work.
 Patch21:        avahi-CVE-2021-3468.patch
+# PATCH-FIX-UPSTREAM avahi-CVE-2021-3502.patch boo#1184846 mgorse@suse.com -- fix NULL pointer crashes.
+Patch22:        avahi-CVE-2021-3502.patch
 BuildRequires:  fdupes
 BuildRequires:  gcc-c++
 BuildRequires:  gdbm-devel
@@ -319,6 +321,7 @@ Requires:       glibc-devel
 Requires:       libavahi-client%{avahi_client_sover} = %{version}
 Requires:       libavahi-common%{avahi_common_sover} = %{version}
 Requires:       libavahi-core%{avahi_core_sover} = %{version}
+Requires:       libavahi-libevent%{avahi_libevent_sover} = %{version}
 # Last appeared in OpenSUSE 10.3:
 Provides:       avahi-devel = %{version}
 Obsoletes:      avahi-devel < %{version}
@@ -406,8 +409,8 @@ Obsoletes:      avahi-glib2-utils-gtk < %{version}
 Avahi is an implementation of the DNS Service Discovery and Multicast
 DNS specifications for Zeroconf Computing.
 
-# This is the avahi-discover command, only provided for the primary python3 flavor
 
+# This is the avahi-discover command, only provided for the primary python3 flavor
 %package -n python3-avahi-gtk
 Summary:        A set of Avahi utilities written in Python Using python-gtk
 Group:          Development/Languages/Python
@@ -519,6 +522,7 @@ translation-update-upstream
 %patch19 -p1
 %patch20 -p1
 %patch21 -p1
+%patch22 -p1
 
 %if !%{build_core}
 # Replace all .la references from local .la files to installed versions

avahi.changes

@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Fri Jul  2 17:40:20 UTC 2021 - Michael Gorse <mgorse@suse.com>
+
+- Add avahi-CVE-2021-3502.patch: fix NULL pointer crashes
+  (boo#1184846 CVE-2021-3502).
+
 -------------------------------------------------------------------
 Wed Jun  2 09:37:12 UTC 2021 - Christophe Giboudeaux <christophe@krop.fr>
 

avahi.spec

@@ -81,6 +81,8 @@ Patch19:        avahi-0.6.32-suppress-resolv-conf-warning.patch
 Patch20:        add-IT_PROG_INTLTOOL.patch
 # PATCH-FIX-UPSTREAM avahi-CVE-2021-3468.patch boo#1184521 mgorse@suse.com -- avoid infinite loop by handling HUP event in client_work.
 Patch21:        avahi-CVE-2021-3468.patch
+# PATCH-FIX-UPSTREAM avahi-CVE-2021-3502.patch boo#1184846 mgorse@suse.com -- fix NULL pointer crashes.
+Patch22:        avahi-CVE-2021-3502.patch
 BuildRequires:  fdupes
 BuildRequires:  gcc-c++
 BuildRequires:  gdbm-devel
@@ -409,8 +411,8 @@ Obsoletes:      avahi-glib2-utils-gtk < %{version}
 Avahi is an implementation of the DNS Service Discovery and Multicast
 DNS specifications for Zeroconf Computing.
 
-# This is the avahi-discover command, only provided for the primary python3 flavor
 
+# This is the avahi-discover command, only provided for the primary python3 flavor
 %package -n python3-avahi-gtk
 Summary:        A set of Avahi utilities written in Python Using python-gtk
 Group:          Development/Languages/Python
@@ -515,6 +517,7 @@ translation-update-upstream
 %patch19 -p1
 %patch20 -p1
 %patch21 -p1
+%patch22 -p1
 
 %if !%{build_core}
 # Replace all .la references from local .la files to installed versions