aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAriadne Conill <ariadne@dereferenced.org>2021-07-16 16:39:55 -0600
committerAriadne Conill <ariadne@dereferenced.org>2021-07-16 16:44:49 -0600
commite5c8d4b73f9195ca485604bf10532f3651131657 (patch)
tree33ef2a8d1f68e40c55d52d9ab9cdfe28caec6621
parent66a4d9f90c341674b0da54d18ddfff0b19c0d885 (diff)
downloadaports-e5c8d4b73f9195ca485604bf10532f3651131657.tar.gz
aports-e5c8d4b73f9195ca485604bf10532f3651131657.tar.bz2
aports-e5c8d4b73f9195ca485604bf10532f3651131657.tar.xz
main/avahi: add mitigation for CVE-2021-36217
-rw-r--r--main/avahi/APKBUILD6
-rw-r--r--main/avahi/CVE-2021-36217.patch148
2 files changed, 153 insertions, 1 deletions
diff --git a/main/avahi/APKBUILD b/main/avahi/APKBUILD
index d82fd6cc5d..ea11dc301d 100644
--- a/main/avahi/APKBUILD
+++ b/main/avahi/APKBUILD
@@ -1,7 +1,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=avahi
pkgver=0.8
-pkgrel=1
+pkgrel=4
pkgdesc="A multicast/unicast DNS-SD framework"
url="https://www.avahi.org/"
arch="all"
@@ -21,9 +21,12 @@ subpackages="$pkgname-dev $pkgname-doc $pkgname-tools $pkgname-glib
"
source="https://github.com/lathiat/avahi/releases/download/v$pkgver/avahi-$pkgver.tar.gz
CVE-2021-3468.patch
+ CVE-2021-36217.patch
"
# secfixes:
+# 0.8-r2:
+# - CVE-2021-36217
# 0.8-r1:
# - CVE-2021-3468
# 0.7-r2:
@@ -124,4 +127,5 @@ lidns_sd() {
sha512sums="
c6ba76feb6e92f70289f94b3bf12e5f5c66c11628ce0aeb3cadfb72c13a5d1a9bd56d71bdf3072627a76cd103b9b056d9131aa49ffe11fa334c24ab3b596c7de avahi-0.8.tar.gz
743430a532b8ec246672cd0997b7831efc15c461cbfe0461faac5d6525293297efb7c06f759b2bcd71d1842ba165464fd334508534e6c247211d613061c49da5 CVE-2021-3468.patch
+9e4688ffd8e512c0f614fd24fff2a2a1c66e009069229a6f81dcd382edfff5a8635e0551533c7f9271973a87e62e199fdb34a5560dab27c0a328f531c94f757d CVE-2021-36217.patch
"
diff --git a/main/avahi/CVE-2021-36217.patch b/main/avahi/CVE-2021-36217.patch
new file mode 100644
index 0000000000..7b0449a2e4
--- /dev/null
+++ b/main/avahi/CVE-2021-36217.patch
@@ -0,0 +1,148 @@
+From 9d31939e55280a733d930b15ac9e4dda4497680c Mon Sep 17 00:00:00 2001
+From: Tommi Rantala <tommi.t.rantala@nokia.com>
+Date: Mon, 8 Feb 2021 11:04:43 +0200
+Subject: [PATCH] Fix NULL pointer crashes from #175
+
+avahi-daemon is crashing when running "ping .local".
+The crash is due to failing assertion from NULL pointer.
+Add missing NULL pointer checks to fix it.
+
+Introduced in #175 - merge commit 8f75a045709a780c8cf92a6a21e9d35b593bdecd
+---
+ avahi-core/browse-dns-server.c | 5 ++++-
+ avahi-core/browse-domain.c | 5 ++++-
+ avahi-core/browse-service-type.c | 3 +++
+ avahi-core/browse-service.c | 3 +++
+ avahi-core/browse.c | 3 +++
+ avahi-core/resolve-address.c | 5 ++++-
+ avahi-core/resolve-host-name.c | 5 ++++-
+ avahi-core/resolve-service.c | 5 ++++-
+ 8 files changed, 29 insertions(+), 5 deletions(-)
+
+diff --git a/avahi-core/browse-dns-server.c b/avahi-core/browse-dns-server.c
+index 049752e9..c2d914fa 100644
+--- a/avahi-core/browse-dns-server.c
++++ b/avahi-core/browse-dns-server.c
+@@ -343,7 +343,10 @@ AvahiSDNSServerBrowser *avahi_s_dns_server_browser_new(
+ AvahiSDNSServerBrowser* b;
+
+ b = avahi_s_dns_server_browser_prepare(server, interface, protocol, domain, type, aprotocol, flags, callback, userdata);
++ if (!b)
++ return NULL;
++
+ avahi_s_dns_server_browser_start(b);
+
+ return b;
+-}
+\ No newline at end of file
++}
+diff --git a/avahi-core/browse-domain.c b/avahi-core/browse-domain.c
+index f145d56a..06fa70c0 100644
+--- a/avahi-core/browse-domain.c
++++ b/avahi-core/browse-domain.c
+@@ -253,7 +253,10 @@ AvahiSDomainBrowser *avahi_s_domain_browser_new(
+ AvahiSDomainBrowser *b;
+
+ b = avahi_s_domain_browser_prepare(server, interface, protocol, domain, type, flags, callback, userdata);
++ if (!b)
++ return NULL;
++
+ avahi_s_domain_browser_start(b);
+
+ return b;
+-}
+\ No newline at end of file
++}
+diff --git a/avahi-core/browse-service-type.c b/avahi-core/browse-service-type.c
+index fdd22dcd..b1fc7af8 100644
+--- a/avahi-core/browse-service-type.c
++++ b/avahi-core/browse-service-type.c
+@@ -171,6 +171,9 @@ AvahiSServiceTypeBrowser *avahi_s_service_type_browser_new(
+ AvahiSServiceTypeBrowser *b;
+
+ b = avahi_s_service_type_browser_prepare(server, interface, protocol, domain, flags, callback, userdata);
++ if (!b)
++ return NULL;
++
+ avahi_s_service_type_browser_start(b);
+
+ return b;
+diff --git a/avahi-core/browse-service.c b/avahi-core/browse-service.c
+index 5531360c..63e0275a 100644
+--- a/avahi-core/browse-service.c
++++ b/avahi-core/browse-service.c
+@@ -184,6 +184,9 @@ AvahiSServiceBrowser *avahi_s_service_browser_new(
+ AvahiSServiceBrowser *b;
+
+ b = avahi_s_service_browser_prepare(server, interface, protocol, service_type, domain, flags, callback, userdata);
++ if (!b)
++ return NULL;
++
+ avahi_s_service_browser_start(b);
+
+ return b;
+diff --git a/avahi-core/browse.c b/avahi-core/browse.c
+index 2941e579..e8a915e9 100644
+--- a/avahi-core/browse.c
++++ b/avahi-core/browse.c
+@@ -634,6 +634,9 @@ AvahiSRecordBrowser *avahi_s_record_browser_new(
+ AvahiSRecordBrowser *b;
+
+ b = avahi_s_record_browser_prepare(server, interface, protocol, key, flags, callback, userdata);
++ if (!b)
++ return NULL;
++
+ avahi_s_record_browser_start_query(b);
+
+ return b;
+diff --git a/avahi-core/resolve-address.c b/avahi-core/resolve-address.c
+index ac0b29b1..e61dd242 100644
+--- a/avahi-core/resolve-address.c
++++ b/avahi-core/resolve-address.c
+@@ -286,7 +286,10 @@ AvahiSAddressResolver *avahi_s_address_resolver_new(
+ AvahiSAddressResolver *b;
+
+ b = avahi_s_address_resolver_prepare(server, interface, protocol, address, flags, callback, userdata);
++ if (!b)
++ return NULL;
++
+ avahi_s_address_resolver_start(b);
+
+ return b;
+-}
+\ No newline at end of file
++}
+diff --git a/avahi-core/resolve-host-name.c b/avahi-core/resolve-host-name.c
+index 808b0e72..4e8e5973 100644
+--- a/avahi-core/resolve-host-name.c
++++ b/avahi-core/resolve-host-name.c
+@@ -318,7 +318,10 @@ AvahiSHostNameResolver *avahi_s_host_name_resolver_new(
+ AvahiSHostNameResolver *b;
+
+ b = avahi_s_host_name_resolver_prepare(server, interface, protocol, host_name, aprotocol, flags, callback, userdata);
++ if (!b)
++ return NULL;
++
+ avahi_s_host_name_resolver_start(b);
+
+ return b;
+-}
+\ No newline at end of file
++}
+diff --git a/avahi-core/resolve-service.c b/avahi-core/resolve-service.c
+index 66bf3cae..43771763 100644
+--- a/avahi-core/resolve-service.c
++++ b/avahi-core/resolve-service.c
+@@ -519,7 +519,10 @@ AvahiSServiceResolver *avahi_s_service_resolver_new(
+ AvahiSServiceResolver *b;
+
+ b = avahi_s_service_resolver_prepare(server, interface, protocol, name, type, domain, aprotocol, flags, callback, userdata);
++ if (!b)
++ return NULL;
++
+ avahi_s_service_resolver_start(b);
+
+ return b;
+-}
+\ No newline at end of file
++}