diff options
Diffstat (limited to 'main/avahi')
-rw-r--r-- | main/avahi/APKBUILD | 14 | ||||
-rw-r--r-- | main/avahi/CVE-2017-6519-and-CVE-2018-1000845.patch | 27 |
2 files changed, 37 insertions, 4 deletions
diff --git a/main/avahi/APKBUILD b/main/avahi/APKBUILD index 4d76fbc2c84..df85dd28b31 100644 --- a/main/avahi/APKBUILD +++ b/main/avahi/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=avahi pkgver=0.6.32 -pkgrel=4 +pkgrel=5 pkgdesc="A multicast/unicast DNS-SD framework" url="http://www.avahi.org/" arch="all" @@ -20,9 +20,16 @@ subpackages="$pkgname-dev $pkgname-doc $pkgname-tools $pkgname-glib py-avahi:py" source="https://github.com/lathiat/avahi/releases/download/v$pkgver/avahi-$pkgver.tar.gz openrc-run.patch + CVE-2017-6519-and-CVE-2018-1000845.patch " builddir="$srcdir"/$pkgname-$pkgver + +# secfixes: +# 0.6.32-r5: +# - CVE-2017-6519 +# - CVE-2018-1000845 + prepare() { default_prepare autoreconf -vif @@ -115,7 +122,6 @@ py() { mkdir -p "$subpkgdir"/usr/lib mv "$pkgdir"/usr/lib/py* "$subpkgdir"/usr/lib/ } - - sha512sums="6f8d0a64292439cbb989c531a4ba2f25a53ee9cf7ad9df04dedf73149489a92612f3b5955e10aa4b1c76496c34b90ad75590e8aa49468249508267c1c8b899ee avahi-0.6.32.tar.gz -2754d11bf027676f30de6322eb9251ae83df5ef8f7b354793263224d432514a49e021d8f819f5525eeaeead04b544e15bfd2183ac8bc9f97e871d246e2b6a108 openrc-run.patch" +2754d11bf027676f30de6322eb9251ae83df5ef8f7b354793263224d432514a49e021d8f819f5525eeaeead04b544e15bfd2183ac8bc9f97e871d246e2b6a108 openrc-run.patch +dc5c9fde8d1244e70e3cf1c09bc274b094458d2fad982f5a79bcbf3cbddc43a0cf79e9ba106b3b0446a6f0b006fd3beeee48a03bd3d8a06cf8d9821f6945ffed CVE-2017-6519-and-CVE-2018-1000845.patch" diff --git a/main/avahi/CVE-2017-6519-and-CVE-2018-1000845.patch b/main/avahi/CVE-2017-6519-and-CVE-2018-1000845.patch new file mode 100644 index 00000000000..513489fa5b7 --- /dev/null +++ b/main/avahi/CVE-2017-6519-and-CVE-2018-1000845.patch @@ -0,0 +1,27 @@ +diff --git a/avahi-core/server.c b/avahi-core/server.c +index a2cb19a..a2580e3 100644 +--- a/avahi-core/server.c ++++ b/avahi-core/server.c +@@ -930,6 +930,7 @@ static void dispatch_packet(AvahiServer *s, AvahiDnsPacket *p, const AvahiAddres + + if (avahi_dns_packet_is_query(p)) { + int legacy_unicast = 0; ++ char t[AVAHI_ADDRESS_STR_MAX]; + + /* For queries EDNS0 might allow ARCOUNT != 0. We ignore the + * AR section completely here, so far. Until the day we add +@@ -947,6 +948,13 @@ static void dispatch_packet(AvahiServer *s, AvahiDnsPacket *p, const AvahiAddres + legacy_unicast = 1; + } + ++ if (!is_mdns_mcast_address(dst_address) && ++ !avahi_interface_address_on_link(i, src_address)) { ++ ++ avahi_log_debug("Received non-local unicast query from host %s on interface '%s.%i'.", avahi_address_snprint(t, sizeof(t), src_address), i->hardware->name, i->protocol); ++ return; ++ } ++ + if (legacy_unicast) + reflect_legacy_unicast_query_packet(s, p, i, src_address, port); + + |