From f29d569cd33a73da5ad675f43a34ad53c5cc9bc6 Mon Sep 17 00:00:00 2001 From: davidovski Date: Thu, 2 Feb 2023 14:10:02 +0000 Subject: Work --- skip/avahi/CVE-2021-3468.patch | 37 ++++++++++ skip/avahi/CVE-2021-36217.patch | 148 ++++++++++++++++++++++++++++++++++++++++ skip/avahi/avahi.pre-install | 12 ++++ skip/avahi/avahi.xibuild | 60 ++++++++++++++++ 4 files changed, 257 insertions(+) create mode 100644 skip/avahi/CVE-2021-3468.patch create mode 100644 skip/avahi/CVE-2021-36217.patch create mode 100644 skip/avahi/avahi.pre-install create mode 100644 skip/avahi/avahi.xibuild (limited to 'skip/avahi') diff --git a/skip/avahi/CVE-2021-3468.patch b/skip/avahi/CVE-2021-3468.patch new file mode 100644 index 0000000..3e0725a --- /dev/null +++ b/skip/avahi/CVE-2021-3468.patch @@ -0,0 +1,37 @@ +From 447affe29991ee99c6b9732fc5f2c1048a611d3b Mon Sep 17 00:00:00 2001 +From: Riccardo Schirone +Date: Fri, 26 Mar 2021 11:50:24 +0100 +Subject: [PATCH] Avoid infinite-loop in avahi-daemon by handling HUP event in + client_work + +If a client fills the input buffer, client_work() disables the +AVAHI_WATCH_IN event, thus preventing the function from executing the +`read` syscall the next times it is called. However, if the client then +terminates the connection, the socket file descriptor receives a HUP +event, which is not handled, thus the kernel keeps marking the HUP event +as occurring. While iterating over the file descriptors that triggered +an event, the client file descriptor will keep having the HUP event and +the client_work() function is always called with AVAHI_WATCH_HUP but +without nothing being done, thus entering an infinite loop. + +See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984938 +--- + avahi-daemon/simple-protocol.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/avahi-daemon/simple-protocol.c b/avahi-daemon/simple-protocol.c +index 3e0ebb11..6c0274d6 100644 +--- a/avahi-daemon/simple-protocol.c ++++ b/avahi-daemon/simple-protocol.c +@@ -424,6 +424,11 @@ static void client_work(AvahiWatch *watch, AVAHI_GCC_UNUSED int fd, AvahiWatchEv + } + } + ++ if (events & AVAHI_WATCH_HUP) { ++ client_free(c); ++ return; ++ } ++ + c->server->poll_api->watch_update( + watch, + (c->outbuf_length > 0 ? AVAHI_WATCH_OUT : 0) | diff --git a/skip/avahi/CVE-2021-36217.patch b/skip/avahi/CVE-2021-36217.patch new file mode 100644 index 0000000..7b0449a --- /dev/null +++ b/skip/avahi/CVE-2021-36217.patch @@ -0,0 +1,148 @@ +From 9d31939e55280a733d930b15ac9e4dda4497680c Mon Sep 17 00:00:00 2001 +From: Tommi Rantala +Date: Mon, 8 Feb 2021 11:04:43 +0200 +Subject: [PATCH] Fix NULL pointer crashes from #175 + +avahi-daemon is crashing when running "ping .local". +The crash is due to failing assertion from NULL pointer. +Add missing NULL pointer checks to fix it. + +Introduced in #175 - merge commit 8f75a045709a780c8cf92a6a21e9d35b593bdecd +--- + avahi-core/browse-dns-server.c | 5 ++++- + avahi-core/browse-domain.c | 5 ++++- + avahi-core/browse-service-type.c | 3 +++ + avahi-core/browse-service.c | 3 +++ + avahi-core/browse.c | 3 +++ + avahi-core/resolve-address.c | 5 ++++- + avahi-core/resolve-host-name.c | 5 ++++- + avahi-core/resolve-service.c | 5 ++++- + 8 files changed, 29 insertions(+), 5 deletions(-) + +diff --git a/avahi-core/browse-dns-server.c b/avahi-core/browse-dns-server.c +index 049752e9..c2d914fa 100644 +--- a/avahi-core/browse-dns-server.c ++++ b/avahi-core/browse-dns-server.c +@@ -343,7 +343,10 @@ AvahiSDNSServerBrowser *avahi_s_dns_server_browser_new( + AvahiSDNSServerBrowser* b; + + b = avahi_s_dns_server_browser_prepare(server, interface, protocol, domain, type, aprotocol, flags, callback, userdata); ++ if (!b) ++ return NULL; ++ + avahi_s_dns_server_browser_start(b); + + return b; +-} +\ No newline at end of file ++} +diff --git a/avahi-core/browse-domain.c b/avahi-core/browse-domain.c +index f145d56a..06fa70c0 100644 +--- a/avahi-core/browse-domain.c ++++ b/avahi-core/browse-domain.c +@@ -253,7 +253,10 @@ AvahiSDomainBrowser *avahi_s_domain_browser_new( + AvahiSDomainBrowser *b; + + b = avahi_s_domain_browser_prepare(server, interface, protocol, domain, type, flags, callback, userdata); ++ if (!b) ++ return NULL; ++ + avahi_s_domain_browser_start(b); + + return b; +-} +\ No newline at end of file ++} +diff --git a/avahi-core/browse-service-type.c b/avahi-core/browse-service-type.c +index fdd22dcd..b1fc7af8 100644 +--- a/avahi-core/browse-service-type.c ++++ b/avahi-core/browse-service-type.c +@@ -171,6 +171,9 @@ AvahiSServiceTypeBrowser *avahi_s_service_type_browser_new( + AvahiSServiceTypeBrowser *b; + + b = avahi_s_service_type_browser_prepare(server, interface, protocol, domain, flags, callback, userdata); ++ if (!b) ++ return NULL; ++ + avahi_s_service_type_browser_start(b); + + return b; +diff --git a/avahi-core/browse-service.c b/avahi-core/browse-service.c +index 5531360c..63e0275a 100644 +--- a/avahi-core/browse-service.c ++++ b/avahi-core/browse-service.c +@@ -184,6 +184,9 @@ AvahiSServiceBrowser *avahi_s_service_browser_new( + AvahiSServiceBrowser *b; + + b = avahi_s_service_browser_prepare(server, interface, protocol, service_type, domain, flags, callback, userdata); ++ if (!b) ++ return NULL; ++ + avahi_s_service_browser_start(b); + + return b; +diff --git a/avahi-core/browse.c b/avahi-core/browse.c +index 2941e579..e8a915e9 100644 +--- a/avahi-core/browse.c ++++ b/avahi-core/browse.c +@@ -634,6 +634,9 @@ AvahiSRecordBrowser *avahi_s_record_browser_new( + AvahiSRecordBrowser *b; + + b = avahi_s_record_browser_prepare(server, interface, protocol, key, flags, callback, userdata); ++ if (!b) ++ return NULL; ++ + avahi_s_record_browser_start_query(b); + + return b; +diff --git a/avahi-core/resolve-address.c b/avahi-core/resolve-address.c +index ac0b29b1..e61dd242 100644 +--- a/avahi-core/resolve-address.c ++++ b/avahi-core/resolve-address.c +@@ -286,7 +286,10 @@ AvahiSAddressResolver *avahi_s_address_resolver_new( + AvahiSAddressResolver *b; + + b = avahi_s_address_resolver_prepare(server, interface, protocol, address, flags, callback, userdata); ++ if (!b) ++ return NULL; ++ + avahi_s_address_resolver_start(b); + + return b; +-} +\ No newline at end of file ++} +diff --git a/avahi-core/resolve-host-name.c b/avahi-core/resolve-host-name.c +index 808b0e72..4e8e5973 100644 +--- a/avahi-core/resolve-host-name.c ++++ b/avahi-core/resolve-host-name.c +@@ -318,7 +318,10 @@ AvahiSHostNameResolver *avahi_s_host_name_resolver_new( + AvahiSHostNameResolver *b; + + b = avahi_s_host_name_resolver_prepare(server, interface, protocol, host_name, aprotocol, flags, callback, userdata); ++ if (!b) ++ return NULL; ++ + avahi_s_host_name_resolver_start(b); + + return b; +-} +\ No newline at end of file ++} +diff --git a/avahi-core/resolve-service.c b/avahi-core/resolve-service.c +index 66bf3cae..43771763 100644 +--- a/avahi-core/resolve-service.c ++++ b/avahi-core/resolve-service.c +@@ -519,7 +519,10 @@ AvahiSServiceResolver *avahi_s_service_resolver_new( + AvahiSServiceResolver *b; + + b = avahi_s_service_resolver_prepare(server, interface, protocol, name, type, domain, aprotocol, flags, callback, userdata); ++ if (!b) ++ return NULL; ++ + avahi_s_service_resolver_start(b); + + return b; +-} +\ No newline at end of file ++} diff --git a/skip/avahi/avahi.pre-install b/skip/avahi/avahi.pre-install new file mode 100644 index 0000000..89b2fd4 --- /dev/null +++ b/skip/avahi/avahi.pre-install @@ -0,0 +1,12 @@ +#!/bin/sh + +addgroup -S -g 28 netdev 2>/dev/null +addgroup -S -g 86 avahi 2>/dev/null +adduser -S -u 86 -D -H \ + -h /var/run/avahi-daemon \ + -s /sbin/nologin \ + -G avahi \ + -g "Avahi System User" \ + avahi 2>/dev/null + +exit 0 diff --git a/skip/avahi/avahi.xibuild b/skip/avahi/avahi.xibuild new file mode 100644 index 0000000..d1e53f4 --- /dev/null +++ b/skip/avahi/avahi.xibuild @@ -0,0 +1,60 @@ +#!/bin/sh + +NAME="avahi" +DESC="multicast/unicast DNS-SD framework" + +MAKEDEPS="gdbm intltool gobject-introspection expat libdaemon glib dbus libcap gettext autoconf automake libtool libevent" + +PKG_VER=0.8 +SOURCE="https://github.com/lathiat/avahi/releases/download/v$PKG_VER/avahi-$PKG_VER.tar.gz" + +ADDITIONAL=" +CVE-2021-3468.patch +CVE-2021-36217.patch +avahi.pre-install +" + +prepare() { + apply_patches + autoreconf -vif +} + +build() { + # we dont build autoipd since dhcpcd does same job + LDFLAGS="$LDFLAGS -lintl" \ + ./configure \ + --prefix=/usr \ + --sysconfdir=/etc \ + --localstatedir=/var \ + --disable-autoipd \ + --disable-qt3 \ + --disable-qt4 \ + --disable-qt5 \ + --disable-gtk \ + --disable-gtk3 \ + --disable-mono \ + --disable-monodoc \ + --disable-doxygen-doc \ + --disable-xmltoman \ + --enable-compat-libdns_sd \ + --enable-compat-howl \ + --disable-python \ + --with-dbus-sys=/usr/share/dbus-1/system.d \ + --with-distro="gentoo" + make +} + +check() { + make check +} + +package() { + make DESTDIR="$PKG_DEST" install + + install -d -o avahi -g avahi "$PKG_DEST"/var/run/avahi-daemon + + ln -s avahi-compat-howl.pc "$PKG_DEST"/usr/lib/pkgconfig/howl.pc + ln -s avahi-compat-libdns_sd.pc "$PKG_DEST"/usr/lib/pkgconfig/libdns_sd.pc + ln -s avahi-compat-libdns_sd/dns_sd.h "$PKG_DEST"/usr/include/ +} + -- cgit v1.2.1