aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAriadne Conill <ariadne@dereferenced.org>2021-06-22 01:15:43 -0600
committerAriadne Conill <ariadne@dereferenced.org>2021-06-22 01:23:19 -0600
commit123f4f43148e003bcd5713b8b109dc6782512f35 (patch)
tree1a6926acc910ac310d16d3868d7fccfa00b68ba4
parent5222deabeaadbaaa4cb5bf698a2f818039a1d86b (diff)
downloadaports-123f4f43148e003bcd5713b8b109dc6782512f35.tar.gz
aports-123f4f43148e003bcd5713b8b109dc6782512f35.tar.bz2
aports-123f4f43148e003bcd5713b8b109dc6782512f35.tar.xz
main/avahi: add mitigation for CVE-2021-3468
-rw-r--r--main/avahi/APKBUILD12
-rw-r--r--main/avahi/CVE-2021-3468.patch37
2 files changed, 46 insertions, 3 deletions
diff --git a/main/avahi/APKBUILD b/main/avahi/APKBUILD
index 9b6782c2da..eebbaaedde 100644
--- a/main/avahi/APKBUILD
+++ b/main/avahi/APKBUILD
@@ -1,7 +1,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=avahi
pkgver=0.7
-pkgrel=4
+pkgrel=5
pkgdesc="A multicast/unicast DNS-SD framework"
url="https://www.avahi.org/"
arch="all"
@@ -20,9 +20,12 @@ subpackages="$pkgname-dev $pkgname-doc $pkgname-tools $pkgname-glib
"
source="https://github.com/lathiat/avahi/releases/download/v$pkgver/avahi-$pkgver.tar.gz
CVE-2017-6519-and-CVE-2018-1000845.patch
+ CVE-2021-3468.patch
"
# secfixes:
+# 0.8-r1:
+# - CVE-2021-3468
# 0.7-r2:
# - CVE-2017-6519
# - CVE-2018-1000845
@@ -117,5 +120,8 @@ lidns_sd() {
"$subpkgdir"/usr/lib/
}
-sha512sums="bae5a1e9204aca90b90e7fd223d19e809e3514d03ba5fa2da1e55bf1d72d3d3b98567f357900c36393613dc17dc98e15ff3ebf0f226f2f6b9766e592452a6ce7 avahi-0.7.tar.gz
-dc5c9fde8d1244e70e3cf1c09bc274b094458d2fad982f5a79bcbf3cbddc43a0cf79e9ba106b3b0446a6f0b006fd3beeee48a03bd3d8a06cf8d9821f6945ffed CVE-2017-6519-and-CVE-2018-1000845.patch"
+sha512sums="
+bae5a1e9204aca90b90e7fd223d19e809e3514d03ba5fa2da1e55bf1d72d3d3b98567f357900c36393613dc17dc98e15ff3ebf0f226f2f6b9766e592452a6ce7 avahi-0.7.tar.gz
+dc5c9fde8d1244e70e3cf1c09bc274b094458d2fad982f5a79bcbf3cbddc43a0cf79e9ba106b3b0446a6f0b006fd3beeee48a03bd3d8a06cf8d9821f6945ffed CVE-2017-6519-and-CVE-2018-1000845.patch
+743430a532b8ec246672cd0997b7831efc15c461cbfe0461faac5d6525293297efb7c06f759b2bcd71d1842ba165464fd334508534e6c247211d613061c49da5 CVE-2021-3468.patch
+"
diff --git a/main/avahi/CVE-2021-3468.patch b/main/avahi/CVE-2021-3468.patch
new file mode 100644
index 0000000000..3e0725a602
--- /dev/null
+++ b/main/avahi/CVE-2021-3468.patch
@@ -0,0 +1,37 @@
+From 447affe29991ee99c6b9732fc5f2c1048a611d3b Mon Sep 17 00:00:00 2001
+From: Riccardo Schirone <sirmy15@gmail.com>
+Date: Fri, 26 Mar 2021 11:50:24 +0100
+Subject: [PATCH] Avoid infinite-loop in avahi-daemon by handling HUP event in
+ client_work
+
+If a client fills the input buffer, client_work() disables the
+AVAHI_WATCH_IN event, thus preventing the function from executing the
+`read` syscall the next times it is called. However, if the client then
+terminates the connection, the socket file descriptor receives a HUP
+event, which is not handled, thus the kernel keeps marking the HUP event
+as occurring. While iterating over the file descriptors that triggered
+an event, the client file descriptor will keep having the HUP event and
+the client_work() function is always called with AVAHI_WATCH_HUP but
+without nothing being done, thus entering an infinite loop.
+
+See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984938
+---
+ avahi-daemon/simple-protocol.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/avahi-daemon/simple-protocol.c b/avahi-daemon/simple-protocol.c
+index 3e0ebb11..6c0274d6 100644
+--- a/avahi-daemon/simple-protocol.c
++++ b/avahi-daemon/simple-protocol.c
+@@ -424,6 +424,11 @@ static void client_work(AvahiWatch *watch, AVAHI_GCC_UNUSED int fd, AvahiWatchEv
+ }
+ }
+
++ if (events & AVAHI_WATCH_HUP) {
++ client_free(c);
++ return;
++ }
++
+ c->server->poll_api->watch_update(
+ watch,
+ (c->outbuf_length > 0 ? AVAHI_WATCH_OUT : 0) |