Accepting request 1129990 from GNOME:Factory

OBS-URL: https://build.opensuse.org/request/show/1129990
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/avahi?expand=0&rev=165

avahi-CVE-2023-38472.patch

@@ -0,0 +1,45 @@
+diff --unified --recursive --text --new-file --color avahi-0.8.old/avahi-client/client-test.c avahi-0.8.new/avahi-client/client-test.c
+--- avahi-0.8.old/avahi-client/client-test.c	2015-04-01 12:58:14.145727222 +0800
++++ avahi-0.8.new/avahi-client/client-test.c	2023-11-30 13:20:12.640085338 +0800
+@@ -258,6 +258,9 @@
+     printf("%s\n", avahi_strerror(avahi_entry_group_add_service (group, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, 0, "Lathiat's Site", "_http._tcp", NULL, NULL, 80, "foo=bar", NULL)));
+     printf("add_record: %d\n", avahi_entry_group_add_record (group, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, 0, "TestX", 0x01, 0x10, 120, "\5booya", 6));
+ 
++    error = avahi_entry_group_add_record (group, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, 0, "TestX", 0x01, 0x10, 120, "", 0);
++    assert(error != AVAHI_OK);
++
+     avahi_entry_group_commit (group);
+ 
+     domain = avahi_domain_browser_new (avahi, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, NULL, AVAHI_DOMAIN_BROWSER_BROWSE, 0, avahi_domain_browser_callback, (char*) "omghai3u");
+diff --unified --recursive --text --new-file --color avahi-0.8.old/avahi-core/rr.c avahi-0.8.new/avahi-core/rr.c
+--- avahi-0.8.old/avahi-core/rr.c	2015-04-01 12:58:14.149727123 +0800
++++ avahi-0.8.new/avahi-core/rr.c	2023-11-30 13:20:57.120063792 +0800
+@@ -426,6 +426,7 @@
+     copy->ref = 1;
+     copy->key = avahi_key_ref(r->key);
+     copy->ttl = r->ttl;
++    memset(&copy->data, 0, sizeof(copy->data));
+ 
+     switch (r->key->type) {
+         case AVAHI_DNS_TYPE_PTR:
+@@ -466,7 +467,7 @@
+             break;
+ 
+         default:
+-            if (!(copy->data.generic.data = avahi_memdup(r->data.generic.data, r->data.generic.size)))
++            if (r->data.generic.size && !(copy->data.generic.data = avahi_memdup(r->data.generic.data, r->data.generic.size)))
+                 goto fail;
+             copy->data.generic.size = r->data.generic.size;
+             break;
+diff --unified --recursive --text --new-file --color avahi-0.8.old/avahi-daemon/dbus-entry-group.c avahi-0.8.new/avahi-daemon/dbus-entry-group.c
+--- avahi-0.8.old/avahi-daemon/dbus-entry-group.c	2015-04-01 12:58:14.153727024 +0800
++++ avahi-0.8.new/avahi-daemon/dbus-entry-group.c	2023-11-30 13:20:12.640085338 +0800
+@@ -340,7 +340,7 @@
+         if (!(r = avahi_record_new_full (name, clazz, type, ttl)))
+             return avahi_dbus_respond_error(c, m, AVAHI_ERR_NO_MEMORY, NULL);
+ 
+-        if (avahi_rdata_parse (r, rdata, size) < 0) {
++        if (!rdata || avahi_rdata_parse (r, rdata, size) < 0) {
+             avahi_record_unref (r);
+             return avahi_dbus_respond_error(c, m, AVAHI_ERR_INVALID_RDATA, NULL);
+         }

avahi.changes

@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Thu Nov 30 05:23:33 UTC 2023 - Alynx Zhou <alynx.zhou@suse.com>
+
+- Add avahi-CVE-2023-38472.patch: Fix reachable assertion in
+  avahi_rdata_parse (bsc#1216853, CVE-2023-38472).
+
 -------------------------------------------------------------------
 Mon Nov 27 14:20:42 UTC 2023 - Dominique Leuenberger <dimstar@opensuse.org>
 

avahi.spec

@@ -1,5 +1,5 @@
 #
-# spec file
+# spec file for package avahi
 #
 # Copyright (c) 2023 SUSE LLC
 #
@@ -105,6 +105,8 @@ Patch30:        avahi-CVE-2023-1981.patch
 Patch31:        avahi-CVE-2023-38473.patch
 # PATCH-FIX-UPSTREAM avahi-CVE-2023-38470.patch bsc#1215947 alynx.zhou@suse.com -- Ensure each label is at least one byte long
 Patch32:        avahi-CVE-2023-38470.patch
+# PATCH-FIX-UPSTREAM avahi-CVE-2023-38472.patch bsc#1216853 alynx.zhou@suse.com -- Fix reachable assertion in avahi_rdata_parse
+Patch33:        avahi-CVE-2023-38472.patch
 BuildRequires:  fdupes
 BuildRequires:  gcc-c++
 BuildRequires:  gdbm-devel