Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package avahi for openSUSE:Factory checked
in at 2023-10-29 19:39:16
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/avahi (Old)
and /work/SRC/openSUSE:Factory/.avahi.new.17445 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "avahi"
Sun Oct 29 19:39:16 2023 rev:160 rq:1120633 version:0.8
Changes:
--------
--- /work/SRC/openSUSE:Factory/avahi/avahi.changes 2023-09-25
20:00:08.579540782 +0200
+++ /work/SRC/openSUSE:Factory/.avahi.new.17445/avahi.changes 2023-10-29
19:39:18.705944385 +0100
@@ -1,0 +2,6 @@
+Thu Oct 26 08:33:36 UTC 2023 - Xiaoguang Wang <xiaoguang.w...@suse.com>
+
+- Add avahi-CVE-2023-38473.patch: derive alternative host name from
+ its unescaped version (bsc#1216419 CVE-2023-38473).
+
+-------------------------------------------------------------------
New:
----
avahi-CVE-2023-38473.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ avahi.spec ++++++
--- /var/tmp/diff_new_pack.D1Fdr1/_old 2023-10-29 19:39:19.549975089 +0100
+++ /var/tmp/diff_new_pack.D1Fdr1/_new 2023-10-29 19:39:19.549975089 +0100
@@ -101,6 +101,8 @@
Patch29: harden_avahi-dnsconfd.service.patch
# PATCH-FIX-UPSTREAM avahi-CVE-2023-1981.patch boo#1210328 mgo...@suse.com --
emit error if requested service is not found.
Patch30: avahi-CVE-2023-1981.patch
+# PATCH-FIX-UPSTREAM avahi-CVE-2023-38473.patch bsc#1216419 xw...@suse.com --
derive alternative host name from its unescaped version
+Patch31: avahi-CVE-2023-38473.patch
BuildRequires: fdupes
BuildRequires: gcc-c++
BuildRequires: gdbm-devel
@@ -410,6 +412,7 @@
DNS specifications for Zeroconf Computing.
# This is the avahi-discover command, only provided for the primary python3
flavor
+
%package -n python3-avahi-gtk
Summary: A set of Avahi utilities written in Python Using python-gtk
Group: Development/Languages/Python
@@ -503,6 +506,7 @@
%patch28 -p1
%patch29 -p1
%patch30 -p1
+%patch31 -p1
%if !%{build_core}
# Replace all .la references from local .la files to installed versions
++++++ avahi-CVE-2023-38473.patch ++++++
>From b448c9f771bada14ae8de175695a9729f8646797 Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekl...@redhat.com>
Date: Wed, 11 Oct 2023 17:45:44 +0200
Subject: [PATCH] common: derive alternative host name from its unescaped
version
Normalization of input makes sure we don't have to deal with special
cases like unescaped dot at the end of label.
Fixes #451 #487
CVE-2023-38473
---
avahi-common/alternative-test.c | 3 +++
avahi-common/alternative.c | 27 +++++++++++++++++++--------
2 files changed, 22 insertions(+), 8 deletions(-)
diff --git a/avahi-common/alternative-test.c b/avahi-common/alternative-test.c
index 9255435..681fc15 100644
--- a/avahi-common/alternative-test.c
+++ b/avahi-common/alternative-test.c
@@ -31,6 +31,9 @@ int main(AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char
*argv[]) {
const char* const test_strings[] = {
"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXüüüüüüü",
+ ").",
+ "\\.",
+ "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\\\\",
"gurke",
"-",
" #",
diff --git a/avahi-common/alternative.c b/avahi-common/alternative.c
index b3d39f0..a094e6d 100644
--- a/avahi-common/alternative.c
+++ b/avahi-common/alternative.c
@@ -49,15 +49,20 @@ static void drop_incomplete_utf8(char *c) {
}
char *avahi_alternative_host_name(const char *s) {
+ char label[AVAHI_LABEL_MAX], alternative[AVAHI_LABEL_MAX*4+1];
+ char *alt, *r, *ret;
const char *e;
- char *r;
+ size_t len;
assert(s);
if (!avahi_is_valid_host_name(s))
return NULL;
- if ((e = strrchr(s, '-'))) {
+ if (!avahi_unescape_label(&s, label, sizeof(label)))
+ return NULL;
+
+ if ((e = strrchr(label, '-'))) {
const char *p;
e++;
@@ -74,19 +79,18 @@ char *avahi_alternative_host_name(const char *s) {
if (e) {
char *c, *m;
- size_t l;
int n;
n = atoi(e)+1;
if (!(m = avahi_strdup_printf("%i", n)))
return NULL;
- l = e-s-1;
+ len = e-label-1;
- if (l >= AVAHI_LABEL_MAX-1-strlen(m)-1)
- l = AVAHI_LABEL_MAX-1-strlen(m)-1;
+ if (len >= AVAHI_LABEL_MAX-1-strlen(m)-1)
+ len = AVAHI_LABEL_MAX-1-strlen(m)-1;
- if (!(c = avahi_strndup(s, l))) {
+ if (!(c = avahi_strndup(label, len))) {
avahi_free(m);
return NULL;
}
@@ -100,7 +104,7 @@ char *avahi_alternative_host_name(const char *s) {
} else {
char *c;
- if (!(c = avahi_strndup(s, AVAHI_LABEL_MAX-1-2)))
+ if (!(c = avahi_strndup(label, AVAHI_LABEL_MAX-1-2)))
return NULL;
drop_incomplete_utf8(c);
@@ -109,6 +113,13 @@ char *avahi_alternative_host_name(const char *s) {
avahi_free(c);
}
+ alt = alternative;
+ len = sizeof(alternative);
+ ret = avahi_escape_label(r, strlen(r), &alt, &len);
+
+ avahi_free(r);
+ r = avahi_strdup(ret);
+
assert(avahi_is_valid_host_name(r));
return r;
--
2.42.0
