diff options
| author | Ariadne Conill <ariadne@dereferenced.org> | 2021-06-22 01:15:43 -0600 |
|---|---|---|
| committer | Ariadne Conill <ariadne@dereferenced.org> | 2021-06-22 01:23:19 -0600 |
| commit | 123f4f43148e003bcd5713b8b109dc6782512f35 (patch) | |
| tree | 1a6926acc910ac310d16d3868d7fccfa00b68ba4 | |
| parent | 5222deabeaadbaaa4cb5bf698a2f818039a1d86b (diff) | |
main/avahi: add mitigation for CVE-2021-3468
| -rw-r--r-- | main/avahi/APKBUILD | 12 | ||||
| -rw-r--r-- | main/avahi/CVE-2021-3468.patch | 37 |
2 files changed, 46 insertions, 3 deletions
diff --git a/main/avahi/APKBUILD b/main/avahi/APKBUILD index 9b6782c2da1..eebbaaedde3 100644 --- a/main/avahi/APKBUILD +++ b/main/avahi/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=avahi pkgver=0.7 -pkgrel=4 +pkgrel=5 pkgdesc="A multicast/unicast DNS-SD framework" url="https://www.avahi.org/" arch="all" @@ -20,9 +20,12 @@ subpackages="$pkgname-dev $pkgname-doc $pkgname-tools $pkgname-glib " source="https://github.com/lathiat/avahi/releases/download/v$pkgver/avahi-$pkgver.tar.gz CVE-2017-6519-and-CVE-2018-1000845.patch + CVE-2021-3468.patch " # secfixes: +# 0.8-r1: +# - CVE-2021-3468 # 0.7-r2: # - CVE-2017-6519 # - CVE-2018-1000845 @@ -117,5 +120,8 @@ lidns_sd() { "$subpkgdir"/usr/lib/ } -sha512sums="bae5a1e9204aca90b90e7fd223d19e809e3514d03ba5fa2da1e55bf1d72d3d3b98567f357900c36393613dc17dc98e15ff3ebf0f226f2f6b9766e592452a6ce7 avahi-0.7.tar.gz -dc5c9fde8d1244e70e3cf1c09bc274b094458d2fad982f5a79bcbf3cbddc43a0cf79e9ba106b3b0446a6f0b006fd3beeee48a03bd3d8a06cf8d9821f6945ffed CVE-2017-6519-and-CVE-2018-1000845.patch" +sha512sums=" +bae5a1e9204aca90b90e7fd223d19e809e3514d03ba5fa2da1e55bf1d72d3d3b98567f357900c36393613dc17dc98e15ff3ebf0f226f2f6b9766e592452a6ce7 avahi-0.7.tar.gz +dc5c9fde8d1244e70e3cf1c09bc274b094458d2fad982f5a79bcbf3cbddc43a0cf79e9ba106b3b0446a6f0b006fd3beeee48a03bd3d8a06cf8d9821f6945ffed CVE-2017-6519-and-CVE-2018-1000845.patch +743430a532b8ec246672cd0997b7831efc15c461cbfe0461faac5d6525293297efb7c06f759b2bcd71d1842ba165464fd334508534e6c247211d613061c49da5 CVE-2021-3468.patch +" diff --git a/main/avahi/CVE-2021-3468.patch b/main/avahi/CVE-2021-3468.patch new file mode 100644 index 00000000000..3e0725a6024 --- /dev/null +++ b/main/avahi/CVE-2021-3468.patch @@ -0,0 +1,37 @@ +From 447affe29991ee99c6b9732fc5f2c1048a611d3b Mon Sep 17 00:00:00 2001 +From: Riccardo Schirone <sirmy15@gmail.com> +Date: Fri, 26 Mar 2021 11:50:24 +0100 +Subject: [PATCH] Avoid infinite-loop in avahi-daemon by handling HUP event in + client_work + +If a client fills the input buffer, client_work() disables the +AVAHI_WATCH_IN event, thus preventing the function from executing the +`read` syscall the next times it is called. However, if the client then +terminates the connection, the socket file descriptor receives a HUP +event, which is not handled, thus the kernel keeps marking the HUP event +as occurring. While iterating over the file descriptors that triggered +an event, the client file descriptor will keep having the HUP event and +the client_work() function is always called with AVAHI_WATCH_HUP but +without nothing being done, thus entering an infinite loop. + +See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984938 +--- + avahi-daemon/simple-protocol.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/avahi-daemon/simple-protocol.c b/avahi-daemon/simple-protocol.c +index 3e0ebb11..6c0274d6 100644 +--- a/avahi-daemon/simple-protocol.c ++++ b/avahi-daemon/simple-protocol.c +@@ -424,6 +424,11 @@ static void client_work(AvahiWatch *watch, AVAHI_GCC_UNUSED int fd, AvahiWatchEv + } + } + ++ if (events & AVAHI_WATCH_HUP) { ++ client_free(c); ++ return; ++ } ++ + c->server->poll_api->watch_update( + watch, + (c->outbuf_length > 0 ? AVAHI_WATCH_OUT : 0) | |