diff options
| author | Marius Bakke <mbakke@fastmail.com> | 2020-03-17 11:21:37 +0100 |
|---|---|---|
| committer | Marius Bakke <mbakke@fastmail.com> | 2020-03-18 19:23:46 +0100 |
| commit | 850093ac24f92ae805a2ee90681d1e4cb01ff8eb (patch) | |
| tree | 717334fc5a9d1ede044e81a90007c45f41117877 | |
| parent | 32b089f4f4e86a32bb34c2c7983be5dbe9603784 (diff) | |
| download | patches-850093ac24f92ae805a2ee90681d1e4cb01ff8eb.tar patches-850093ac24f92ae805a2ee90681d1e4cb01ff8eb.tar.gz | |
gnu: avahi: Update to 0.8.
* gnu/packages/patches/avahi-CVE-2018-1000845.patch: Delete file.
* gnu/local.mk (dist_patch_DATA): Adjust accordingly.
* gnu/packages/avahi.scm (avahi): Update to 0.8.
[source](patches): Remove obsolete patch.
[properties]: Remove.
[arguments]: Remove "--disable-qt3" from #:configure-flags. Add "--disable-qt5".
[inputs]: Add LIBEVENT. Sort lexicographically.
[native-inputs]: Remove INTLTOOL. Add GETTEXT-MINIMAL.
| -rw-r--r-- | gnu/local.mk | 1 | ||||
| -rw-r--r-- | gnu/packages/avahi.scm | 36 | ||||
| -rw-r--r-- | gnu/packages/patches/avahi-CVE-2018-1000845.patch | 42 |
3 files changed, 23 insertions, 56 deletions
diff --git a/gnu/local.mk b/gnu/local.mk index 21a149c469..1d3d6ff4e7 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -743,7 +743,6 @@ dist_patch_DATA = \ %D%/packages/patches/audiofile-hurd.patch \ %D%/packages/patches/audiofile-signature-of-multiplyCheckOverflow.patch \ %D%/packages/patches/automake-skip-amhello-tests.patch \ - %D%/packages/patches/avahi-CVE-2018-1000845.patch \ %D%/packages/patches/avahi-localstatedir.patch \ %D%/packages/patches/avogadro-boost148.patch \ %D%/packages/patches/avogadro-eigen3-update.patch \ diff --git a/gnu/packages/avahi.scm b/gnu/packages/avahi.scm index 4675f3b011..602f9d7997 100644 --- a/gnu/packages/avahi.scm +++ b/gnu/packages/avahi.scm @@ -2,6 +2,7 @@ ;;; Copyright © 2013, 2014, 2015, 2017, 2018 Ludovic Courtès <ludo@gnu.org> ;;; Copyright © 2014 Mark H Weaver <mhw@netris.org> ;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr> +;;; Copyright © 2020 Marius Bakke <mbakke@fastmail.com> ;;; ;;; This file is part of GNU Guix. ;;; @@ -25,16 +26,18 @@ #:use-module (guix build-system gnu) #:use-module (gnu packages) #:use-module (gnu packages dbm) + #:use-module (gnu packages gettext) + #:use-module (gnu packages glib) #:use-module (gnu packages libdaemon) + #:use-module (gnu packages libevent) #:use-module (gnu packages linux) #:use-module (gnu packages pkg-config) - #:use-module (gnu packages glib) #:use-module (gnu packages xml)) (define-public avahi (package (name "avahi") - (version "0.7") + (version "0.8") (home-page "https://avahi.org") (source (origin (method url-fetch) @@ -42,11 +45,17 @@ version ".tar.gz")) (sha256 (base32 - "0128n7jlshw4bpx0vg8lwj8qwdisjxi7mvniwfafgnkzzrfrpaap")) - (patches (search-patches "avahi-localstatedir.patch" - "avahi-CVE-2018-1000845.patch")))) - ;; Hide a duplicate of the CVE fixed above. - (properties `((lint-hidden-cve . ("CVE-2017-6519")))) + "1npdixwxxn3s9q1f365x9n9rc5xgfz39hxf23faqvlrklgbhj0q6")) + (patches (search-patches "avahi-localstatedir.patch")) + (modules '((guix build utils))) + (snippet + '(begin + ;; Fix version constraint in the avahi-libevent pkg-config file. + ;; This can be removed for Avahi versions > 0.8. + (substitute* "avahi-libevent.pc.in" + (("libevent-2\\.1\\.5") + "libevent >= 2.1.5")) + #t)))) (build-system gnu-build-system) (arguments '(#:configure-flags '("--with-distro=none" @@ -57,18 +66,19 @@ "--disable-doxygen-doc" "--disable-xmltoman" "--enable-tests" - "--disable-qt3" "--disable-qt4" + "--disable-qt4" "--disable-qt5" "--disable-gtk" "--disable-gtk3" "--enable-compat-libdns_sd"))) (inputs - `(("expat" ,expat) - ("glib" ,glib) - ("dbus" ,dbus) + `(("dbus" ,dbus) + ("expat" ,expat) ("gdbm" ,gdbm) + ("glib" ,glib) ("libcap" ,libcap) ;to enable chroot support in avahi-daemon - ("libdaemon" ,libdaemon))) + ("libdaemon" ,libdaemon) + ("libevent" ,libevent))) (native-inputs - `(("intltool" ,intltool) + `(("gettext" ,gettext-minimal) ("glib" ,glib "bin") ("pkg-config" ,pkg-config))) (synopsis "Implementation of mDNS/DNS-SD protocols") diff --git a/gnu/packages/patches/avahi-CVE-2018-1000845.patch b/gnu/packages/patches/avahi-CVE-2018-1000845.patch deleted file mode 100644 index e5b13e0bee..0000000000 --- a/gnu/packages/patches/avahi-CVE-2018-1000845.patch +++ /dev/null @@ -1,42 +0,0 @@ -From e111def44a7df4624a4aa3f85fe98054bffb6b4f Mon Sep 17 00:00:00 2001 -From: Trent Lloyd <trent@lloyd.id.au> -Date: Sat, 22 Dec 2018 09:06:07 +0800 -Subject: [PATCH] Drop legacy unicast queries from address not on local link - -When handling legacy unicast queries, ensure that the source IP is -inside a subnet on the local link, otherwise drop the packet. - -Fixes #145 -Fixes #203 -CVE-2017-6519 -CVE-2018-100084 ---- - avahi-core/server.c | 8 ++++++++ - 1 file changed, 8 insertions(+) - -diff --git a/avahi-core/server.c b/avahi-core/server.c -index a2cb19a8..a2580e38 100644 ---- a/avahi-core/server.c -+++ b/avahi-core/server.c -@@ -930,6 +930,7 @@ static void dispatch_packet(AvahiServer *s, AvahiDnsPacket *p, const AvahiAddres - - if (avahi_dns_packet_is_query(p)) { - int legacy_unicast = 0; -+ char t[AVAHI_ADDRESS_STR_MAX]; - - /* For queries EDNS0 might allow ARCOUNT != 0. We ignore the - * AR section completely here, so far. Until the day we add -@@ -947,6 +948,13 @@ static void dispatch_packet(AvahiServer *s, AvahiDnsPacket *p, const AvahiAddres - legacy_unicast = 1; - } - -+ if (!is_mdns_mcast_address(dst_address) && -+ !avahi_interface_address_on_link(i, src_address)) { -+ -+ avahi_log_debug("Received non-local unicast query from host %s on interface '%s.%i'.", avahi_address_snprint(t, sizeof(t), src_address), i->hardware->name, i->protocol); -+ return; -+ } -+ - if (legacy_unicast) - reflect_legacy_unicast_query_packet(s, p, i, src_address, port); - |