pool/avahi
SHA256
3
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 1129882 from home:AZhou:branches:GNOME:Factory

Browse Source 
- Add avahi-CVE-2023-38472.patch: Fix reachable assertion in
  avahi_rdata_parse (bsc#1216853, CVE-2023-38472).

OBS-URL: https://build.opensuse.org/request/show/1129882
OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/avahi?expand=0&rev=235
This commit is contained in:
Dominique Leuenberger 2023-11-30 12:47:16 +00:00 committed by Git OBS Bridge
parent 3e70ef716d
commit 88caf96f1d
3 changed files with 54 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
avahi-CVE-2023-38472.patch Normal file
View File

@ -0,0 +1,45 @@
diff --unified --recursive --text --new-file --color avahi-0.8.old/avahi-client/client-test.c avahi-0.8.new/avahi-client/client-test.c
--- avahi-0.8.old/avahi-client/client-test.c 2015-04-01 12:58:14.145727222 +0800
+++ avahi-0.8.new/avahi-client/client-test.c 2023-11-30 13:20:12.640085338 +0800
@@ -258,6 +258,9 @@
printf("%s\n", avahi_strerror(avahi_entry_group_add_service (group, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, 0, "Lathiat's Site", "_http._tcp", NULL, NULL, 80, "foo=bar", NULL)));
printf("add_record: %d\n", avahi_entry_group_add_record (group, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, 0, "TestX", 0x01, 0x10, 120, "\5booya", 6));
+ error = avahi_entry_group_add_record (group, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, 0, "TestX", 0x01, 0x10, 120, "", 0);
+ assert(error != AVAHI_OK);
+
avahi_entry_group_commit (group);
domain = avahi_domain_browser_new (avahi, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, NULL, AVAHI_DOMAIN_BROWSER_BROWSE, 0, avahi_domain_browser_callback, (char*) "omghai3u");
diff --unified --recursive --text --new-file --color avahi-0.8.old/avahi-core/rr.c avahi-0.8.new/avahi-core/rr.c
--- avahi-0.8.old/avahi-core/rr.c 2015-04-01 12:58:14.149727123 +0800
+++ avahi-0.8.new/avahi-core/rr.c 2023-11-30 13:20:57.120063792 +0800
@@ -426,6 +426,7 @@
copy->ref = 1;
copy->key = avahi_key_ref(r->key);
copy->ttl = r->ttl;
+ memset(&copy->data, 0, sizeof(copy->data));
switch (r->key->type) {
case AVAHI_DNS_TYPE_PTR:
@@ -466,7 +467,7 @@
break;
default:
- if (!(copy->data.generic.data = avahi_memdup(r->data.generic.data, r->data.generic.size)))
+ if (r->data.generic.size && !(copy->data.generic.data = avahi_memdup(r->data.generic.data, r->data.generic.size)))
goto fail;
copy->data.generic.size = r->data.generic.size;
break;
diff --unified --recursive --text --new-file --color avahi-0.8.old/avahi-daemon/dbus-entry-group.c avahi-0.8.new/avahi-daemon/dbus-entry-group.c
--- avahi-0.8.old/avahi-daemon/dbus-entry-group.c 2015-04-01 12:58:14.153727024 +0800
+++ avahi-0.8.new/avahi-daemon/dbus-entry-group.c 2023-11-30 13:20:12.640085338 +0800
@@ -340,7 +340,7 @@
if (!(r = avahi_record_new_full (name, clazz, type, ttl)))
return avahi_dbus_respond_error(c, m, AVAHI_ERR_NO_MEMORY, NULL);
- if (avahi_rdata_parse (r, rdata, size) < 0) {
+ if (!rdata || avahi_rdata_parse (r, rdata, size) < 0) {
avahi_record_unref (r);
return avahi_dbus_respond_error(c, m, AVAHI_ERR_INVALID_RDATA, NULL);
}

6
avahi.changes
View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Thu Nov 30 05:23:33 UTC 2023 - Alynx Zhou <alynx.zhou@suse.com>
- Add avahi-CVE-2023-38472.patch: Fix reachable assertion in
avahi_rdata_parse (bsc#1216853, CVE-2023-38472).
------------------------------------------------------------------- -------------------------------------------------------------------
Mon Nov 27 14:20:42 UTC 2023 - Dominique Leuenberger <dimstar@opensuse.org> Mon Nov 27 14:20:42 UTC 2023 - Dominique Leuenberger <dimstar@opensuse.org>

4
avahi.spec
View File

@ -1,5 +1,5 @@
# #
# spec file # spec file for package avahi
# #
# Copyright (c) 2023 SUSE LLC # Copyright (c) 2023 SUSE LLC
# #
@ -105,6 +105,8 @@ Patch30: avahi-CVE-2023-1981.patch
Patch31: avahi-CVE-2023-38473.patch Patch31: avahi-CVE-2023-38473.patch
# PATCH-FIX-UPSTREAM avahi-CVE-2023-38470.patch bsc#1215947 alynx.zhou@suse.com -- Ensure each label is at least one byte long # PATCH-FIX-UPSTREAM avahi-CVE-2023-38470.patch bsc#1215947 alynx.zhou@suse.com -- Ensure each label is at least one byte long
Patch32: avahi-CVE-2023-38470.patch Patch32: avahi-CVE-2023-38470.patch
# PATCH-FIX-UPSTREAM avahi-CVE-2023-38472.patch bsc#1216853 alynx.zhou@suse.com -- Fix reachable assertion in avahi_rdata_parse
Patch33: avahi-CVE-2023-38472.patch
BuildRequires: fdupes BuildRequires: fdupes
BuildRequires: gcc-c++ BuildRequires: gcc-c++
BuildRequires: gdbm-devel BuildRequires: gdbm-devel