gnu: avahi: Update to 0.8.
* gnu/packages/patches/avahi-CVE-2018-1000845.patch: Delete file. * gnu/local.mk (dist_patch_DATA): Adjust accordingly. * gnu/packages/avahi.scm (avahi): Update to 0.8. [source](patches): Remove obsolete patch. [properties]: Remove. [arguments]: Remove "--disable-qt3" from #:configure-flags. Add "--disable-qt5". [inputs]: Add LIBEVENT. Sort lexicographically. [native-inputs]: Remove INTLTOOL. Add GETTEXT-MINIMAL.
This commit is contained in:
parent
32b089f4f4
commit
850093ac24
@ -743,7 +743,6 @@ dist_patch_DATA = \
|
||||
%D%/packages/patches/audiofile-hurd.patch \
|
||||
%D%/packages/patches/audiofile-signature-of-multiplyCheckOverflow.patch \
|
||||
%D%/packages/patches/automake-skip-amhello-tests.patch \
|
||||
%D%/packages/patches/avahi-CVE-2018-1000845.patch \
|
||||
%D%/packages/patches/avahi-localstatedir.patch \
|
||||
%D%/packages/patches/avogadro-boost148.patch \
|
||||
%D%/packages/patches/avogadro-eigen3-update.patch \
|
||||
|
@ -2,6 +2,7 @@
|
||||
;;; Copyright © 2013, 2014, 2015, 2017, 2018 Ludovic Courtès <ludo@gnu.org>
|
||||
;;; Copyright © 2014 Mark H Weaver <mhw@netris.org>
|
||||
;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr>
|
||||
;;; Copyright © 2020 Marius Bakke <mbakke@fastmail.com>
|
||||
;;;
|
||||
;;; This file is part of GNU Guix.
|
||||
;;;
|
||||
@ -25,16 +26,18 @@
|
||||
#:use-module (guix build-system gnu)
|
||||
#:use-module (gnu packages)
|
||||
#:use-module (gnu packages dbm)
|
||||
#:use-module (gnu packages gettext)
|
||||
#:use-module (gnu packages glib)
|
||||
#:use-module (gnu packages libdaemon)
|
||||
#:use-module (gnu packages libevent)
|
||||
#:use-module (gnu packages linux)
|
||||
#:use-module (gnu packages pkg-config)
|
||||
#:use-module (gnu packages glib)
|
||||
#:use-module (gnu packages xml))
|
||||
|
||||
(define-public avahi
|
||||
(package
|
||||
(name "avahi")
|
||||
(version "0.7")
|
||||
(version "0.8")
|
||||
(home-page "https://avahi.org")
|
||||
(source (origin
|
||||
(method url-fetch)
|
||||
@ -42,11 +45,17 @@
|
||||
version ".tar.gz"))
|
||||
(sha256
|
||||
(base32
|
||||
"0128n7jlshw4bpx0vg8lwj8qwdisjxi7mvniwfafgnkzzrfrpaap"))
|
||||
(patches (search-patches "avahi-localstatedir.patch"
|
||||
"avahi-CVE-2018-1000845.patch"))))
|
||||
;; Hide a duplicate of the CVE fixed above.
|
||||
(properties `((lint-hidden-cve . ("CVE-2017-6519"))))
|
||||
"1npdixwxxn3s9q1f365x9n9rc5xgfz39hxf23faqvlrklgbhj0q6"))
|
||||
(patches (search-patches "avahi-localstatedir.patch"))
|
||||
(modules '((guix build utils)))
|
||||
(snippet
|
||||
'(begin
|
||||
;; Fix version constraint in the avahi-libevent pkg-config file.
|
||||
;; This can be removed for Avahi versions > 0.8.
|
||||
(substitute* "avahi-libevent.pc.in"
|
||||
(("libevent-2\\.1\\.5")
|
||||
"libevent >= 2.1.5"))
|
||||
#t))))
|
||||
(build-system gnu-build-system)
|
||||
(arguments
|
||||
'(#:configure-flags '("--with-distro=none"
|
||||
@ -57,18 +66,19 @@
|
||||
"--disable-doxygen-doc"
|
||||
"--disable-xmltoman"
|
||||
"--enable-tests"
|
||||
"--disable-qt3" "--disable-qt4"
|
||||
"--disable-qt4" "--disable-qt5"
|
||||
"--disable-gtk" "--disable-gtk3"
|
||||
"--enable-compat-libdns_sd")))
|
||||
(inputs
|
||||
`(("expat" ,expat)
|
||||
("glib" ,glib)
|
||||
("dbus" ,dbus)
|
||||
`(("dbus" ,dbus)
|
||||
("expat" ,expat)
|
||||
("gdbm" ,gdbm)
|
||||
("glib" ,glib)
|
||||
("libcap" ,libcap) ;to enable chroot support in avahi-daemon
|
||||
("libdaemon" ,libdaemon)))
|
||||
("libdaemon" ,libdaemon)
|
||||
("libevent" ,libevent)))
|
||||
(native-inputs
|
||||
`(("intltool" ,intltool)
|
||||
`(("gettext" ,gettext-minimal)
|
||||
("glib" ,glib "bin")
|
||||
("pkg-config" ,pkg-config)))
|
||||
(synopsis "Implementation of mDNS/DNS-SD protocols")
|
||||
|
@ -1,42 +0,0 @@
|
||||
From e111def44a7df4624a4aa3f85fe98054bffb6b4f Mon Sep 17 00:00:00 2001
|
||||
From: Trent Lloyd <trent@lloyd.id.au>
|
||||
Date: Sat, 22 Dec 2018 09:06:07 +0800
|
||||
Subject: [PATCH] Drop legacy unicast queries from address not on local link
|
||||
|
||||
When handling legacy unicast queries, ensure that the source IP is
|
||||
inside a subnet on the local link, otherwise drop the packet.
|
||||
|
||||
Fixes #145
|
||||
Fixes #203
|
||||
CVE-2017-6519
|
||||
CVE-2018-100084
|
||||
---
|
||||
avahi-core/server.c | 8 ++++++++
|
||||
1 file changed, 8 insertions(+)
|
||||
|
||||
diff --git a/avahi-core/server.c b/avahi-core/server.c
|
||||
index a2cb19a8..a2580e38 100644
|
||||
--- a/avahi-core/server.c
|
||||
+++ b/avahi-core/server.c
|
||||
@@ -930,6 +930,7 @@ static void dispatch_packet(AvahiServer *s, AvahiDnsPacket *p, const AvahiAddres
|
||||
|
||||
if (avahi_dns_packet_is_query(p)) {
|
||||
int legacy_unicast = 0;
|
||||
+ char t[AVAHI_ADDRESS_STR_MAX];
|
||||
|
||||
/* For queries EDNS0 might allow ARCOUNT != 0. We ignore the
|
||||
* AR section completely here, so far. Until the day we add
|
||||
@@ -947,6 +948,13 @@ static void dispatch_packet(AvahiServer *s, AvahiDnsPacket *p, const AvahiAddres
|
||||
legacy_unicast = 1;
|
||||
}
|
||||
|
||||
+ if (!is_mdns_mcast_address(dst_address) &&
|
||||
+ !avahi_interface_address_on_link(i, src_address)) {
|
||||
+
|
||||
+ avahi_log_debug("Received non-local unicast query from host %s on interface '%s.%i'.", avahi_address_snprint(t, sizeof(t), src_address), i->hardware->name, i->protocol);
|
||||
+ return;
|
||||
+ }
|
||||
+
|
||||
if (legacy_unicast)
|
||||
reflect_legacy_unicast_query_packet(s, p, i, src_address, port);
|
||||
|
Loading…
Reference in New Issue
Block a user