rpms/avahi/F-10 0001-Don-t-get-confused-by-UDP-packets-with-a-source-port.patch, NONE, 1.1 0001-Fix-force-bind-logic.patch, NONE, 1.1 0001-Include-host-in-invalid-packet-messages.patch, NONE, 1.1 0001-actually-set-thread_running.-Closes-251.patch, NONE, 1.1 0001-guarantee-that-we-never-calculate-an-invalid-ip-addr.patch, NONE, 1.1 avahi.spec, 1.109, 1.110
Lennart Poettering
lennart at fedoraproject.org
Sun Dec 14 19:26:56 UTC 2008
- Previous message (by thread): rpms/wfmath/F-10 sources,1.5,1.6 wfmath.spec,1.10,1.11
- Next message (by thread): rpms/telepathy-gabble/devel .cvsignore, 1.35, 1.36 sources, 1.35, 1.36 telepathy-gabble.spec, 1.44, 1.45
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: lennart
Update of /cvs/pkgs/rpms/avahi/F-10
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv26339
Modified Files:
avahi.spec
Added Files:
0001-Don-t-get-confused-by-UDP-packets-with-a-source-port.patch
0001-Fix-force-bind-logic.patch
0001-Include-host-in-invalid-packet-messages.patch
0001-actually-set-thread_running.-Closes-251.patch
0001-guarantee-that-we-never-calculate-an-invalid-ip-addr.patch
Log Message:
Fix a couple of issues, rhbz #475394, avahi bts #209, rhbz #438013, avahi bts #251, avahi bts #231. This includes low risk security issue CVE-2008-5081.
0001-Don-t-get-confused-by-UDP-packets-with-a-source-port.patch:
--- NEW FILE 0001-Don-t-get-confused-by-UDP-packets-with-a-source-port.patch ---
>From 3093047f1aa36bed8a37fa79004bf0ee287929f4 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart at poettering.net>
Date: Thu, 11 Dec 2008 20:57:45 +0100
Subject: [PATCH] Don't get confused by UDP packets with a source port that is zero
This is a fix for rhbz 475394.
Problem identified by Hugo Dias.
---
avahi-core/server.c | 6 ++++++
1 files changed, 6 insertions(+), 0 deletions(-)
diff --git a/avahi-core/server.c b/avahi-core/server.c
index c4980af..11ab6cf 100644
--- a/avahi-core/server.c
+++ b/avahi-core/server.c
@@ -898,6 +898,12 @@ static void dispatch_packet(AvahiServer *s, AvahiDnsPacket *p, const AvahiAddres
return;
}
+ if (port <= 0) {
+ /* This fixes RHBZ #475394 */
+ avahi_log_warn("Received packet from invalid source port.");
+ return;
+ }
+
if (avahi_address_is_ipv4_in_ipv6(src_address))
/* This is an IPv4 address encapsulated in IPv6, so let's ignore it. */
return;
--
1.6.0.5
0001-Fix-force-bind-logic.patch:
--- NEW FILE 0001-Fix-force-bind-logic.patch ---
>From f8ef650e9d7b633c67509666599c15f205fa5baf Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart at poettering.net>
Date: Fri, 12 Dec 2008 21:26:27 +0100
Subject: [PATCH] Fix --force-bind logic
Quoting Cocagne:
"line 1280 of autoipd's main.c: "else if (event ==
EVENT_ROUTABLE_ADDR_CONFIGURED)" is missing '&& !force_bind' in
the conditional. The lack of this condition causes the local
link IP to be released even if the --force-bind arugment is
passed.
The problem was noticed when attempting to use avahi-autoipd
acquire a link-local address during the early-userspace in a
Linux initramfs. Immediately after the call-out script assinged
the ll-address to the device, the daemon released the address
via this conditional. It's suspicious that the daemon would
consider this address "routable" but, even if it were,
--force-bind should prevent the address from being released.
After adding the && !force_bind to the conditional the daemon
appeard to behave as expected."
Closes #209.
---
avahi-autoipd/main.c | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/avahi-autoipd/main.c b/avahi-autoipd/main.c
index ef529b9..eb71c3b 100644
--- a/avahi-autoipd/main.c
+++ b/avahi-autoipd/main.c
@@ -1281,7 +1281,7 @@ static int loop(int iface, uint32_t addr) {
DEBUG(daemon_log(LOG_DEBUG, "Ignoring irrelevant ARP packet."));
}
- } else if (event == EVENT_ROUTABLE_ADDR_CONFIGURED) {
+ } else if (event == EVENT_ROUTABLE_ADDR_CONFIGURED && !force_bind) {
daemon_log(LOG_INFO, "A routable address has been configured.");
@@ -1306,7 +1306,7 @@ static int loop(int iface, uint32_t addr) {
elapse_time(&next_wakeup, 0, PROBE_WAIT*1000);
next_wakeup_valid = 1;
- } else if (event == EVENT_REFRESH_REQUEST && state == STATE_RUNNING && !force_bind) {
+ } else if (event == EVENT_REFRESH_REQUEST && state == STATE_RUNNING) {
/* The user requested a reannouncing of the address by a SIGHUP */
daemon_log(LOG_INFO, "Reannouncing address.");
--
1.6.0.5
0001-Include-host-in-invalid-packet-messages.patch:
--- NEW FILE 0001-Include-host-in-invalid-packet-messages.patch ---
>From 1e14daab904b4c74e1ee4edd081d42478aa5d12a Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart at poettering.net>
Date: Thu, 11 Dec 2008 20:11:42 +0100
Subject: [PATCH] Include host in invalid packet messages
Include the source host in warning messages about invalid packets.
This is a result of rhbz #438013
---
avahi-core/server.c | 12 ++++++++----
1 files changed, 8 insertions(+), 4 deletions(-)
diff --git a/avahi-core/server.c b/avahi-core/server.c
index 453db09..c4980af 100644
--- a/avahi-core/server.c
+++ b/avahi-core/server.c
@@ -941,26 +941,30 @@ static void dispatch_packet(AvahiServer *s, AvahiDnsPacket *p, const AvahiAddres
handle_query_packet(s, p, i, src_address, port, legacy_unicast, from_local_iface);
} else {
+ char t[AVAHI_ADDRESS_STR_MAX];
+
if (port != AVAHI_MDNS_PORT) {
- avahi_log_warn("Received response with invalid source port %u on interface '%s.%i'", port, i->hardware->name, i->protocol);
+ avahi_log_warn("Received response from host %s with invalid source port %u on interface '%s.%i'", avahi_address_snprint(t, sizeof(t), src_address), port, i->hardware->name, i->protocol);
return;
}
if (ttl != 255 && s->config.check_response_ttl) {
- avahi_log_warn("Received response with invalid TTL %u on interface '%s.%i'.", ttl, i->hardware->name, i->protocol);
+ avahi_log_warn("Received response from host %s with invalid TTL %u on interface '%s.%i'.", avahi_address_snprint(t, sizeof(t), src_address), ttl, i->hardware->name, i->protocol);
return;
}
if (!is_mdns_mcast_address(dst_address) &&
!avahi_interface_address_on_link(i, src_address)) {
- avahi_log_warn("Received non-local response on interface '%s.%i'.", i->hardware->name, i->protocol);
+
+ avahi_log_warn("Received non-local response from host %s on interface '%s.%i'.", avahi_address_snprint(t, sizeof(t), src_address), i->hardware->name, i->protocol);
return;
}
if (avahi_dns_packet_get_field(p, AVAHI_DNS_FIELD_QDCOUNT) != 0 ||
avahi_dns_packet_get_field(p, AVAHI_DNS_FIELD_ANCOUNT) == 0 ||
avahi_dns_packet_get_field(p, AVAHI_DNS_FIELD_NSCOUNT) != 0) {
- avahi_log_warn("Invalid response packet.");
+
+ avahi_log_warn("Invalid response packet from host %s.", avahi_address_snprint(t, sizeof(t), src_address));
return;
}
--
1.6.0.5
0001-actually-set-thread_running.-Closes-251.patch:
--- NEW FILE 0001-actually-set-thread_running.-Closes-251.patch ---
>From df0f904f29312efd82cdbf55adb37b10cee47a6e Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart at poettering.net>
Date: Fri, 12 Dec 2008 19:37:24 +0100
Subject: [PATCH] actually set thread_running. Closes #251
---
avahi-common/thread-watch.c | 2 ++
1 files changed, 2 insertions(+), 0 deletions(-)
diff --git a/avahi-common/thread-watch.c b/avahi-common/thread-watch.c
index 1a5d9d2..4f23608 100644
--- a/avahi-common/thread-watch.c
+++ b/avahi-common/thread-watch.c
@@ -136,6 +136,8 @@ int avahi_threaded_poll_start(AvahiThreadedPoll *p) {
if (pthread_create(&p->thread_id, NULL, thread, p) < 0)
return -1;
+ p->thread_running = 1;
+
return 0;
}
--
1.6.0.5
0001-guarantee-that-we-never-calculate-an-invalid-ip-addr.patch:
--- NEW FILE 0001-guarantee-that-we-never-calculate-an-invalid-ip-addr.patch ---
>From d6ce91c0b5258c2e107415704413f42edfab2c30 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart at poettering.net>
Date: Tue, 5 Aug 2008 15:53:23 +0200
Subject: [PATCH] guarantee that we never calculate an invalid ip address from the mac address
---
avahi-autoipd/main.c | 4 ++++
1 files changed, 4 insertions(+), 0 deletions(-)
diff --git a/avahi-autoipd/main.c b/avahi-autoipd/main.c
index 01ccc79..ef529b9 100644
--- a/avahi-autoipd/main.c
+++ b/avahi-autoipd/main.c
@@ -1144,9 +1144,13 @@ static int loop(int iface, uint32_t addr) {
for (i = 0; i < ETHER_ADDRLEN; i++)
a += hw_address[i]*i;
+ a = (a % 0xFE00) + 0x0100;
+
addr = htonl(IPV4LL_NETWORK | (uint32_t) a);
}
+ assert(is_ll_address(addr));
+
set_state(st, 1, addr);
daemon_log(LOG_INFO, "Starting with address %s", inet_ntop(AF_INET, &addr, buf, sizeof(buf)));
--
1.6.0.5
Index: avahi.spec
===================================================================
RCS file: /cvs/pkgs/rpms/avahi/F-10/avahi.spec,v
retrieving revision 1.109
retrieving revision 1.110
diff -u -r1.109 -r1.110
--- avahi.spec 4 Jun 2008 14:20:32 -0000 1.109
+++ avahi.spec 14 Dec 2008 19:26:25 -0000 1.110
@@ -6,7 +6,7 @@
%endif
Name: avahi
Version: 0.6.22
-Release: 11%{?dist}
+Release: 12%{?dist}
Summary: Local network service discovery
Group: System Environment/Base
License: LGPLv2
@@ -42,6 +42,11 @@
Patch2: avahi-0.6.3-MONO_SHARED_DIR.patch
Patch3: avahi-0.6.22-vncviewer.patch
Patch4: avahi-0.6.22-update-de.patch
+Patch5: 0001-actually-set-thread_running.-Closes-251.patch
+Patch6: 0001-Don-t-get-confused-by-UDP-packets-with-a-source-port.patch
+Patch7: 0001-Fix-force-bind-logic.patch
+Patch8: 0001-guarantee-that-we-never-calculate-an-invalid-ip-addr.patch
+Patch9: 0001-Include-host-in-invalid-packet-messages.patch
%description
Avahi is a system which facilitates service discovery on
@@ -267,6 +272,11 @@
%endif
%patch3 -p1 -b .vncviewer
%patch4 -p1 -b .update-de
+%patch5 -p1 -b .0001-actually-set-thread_running.-Closes-251
+%patch6 -p1 -b .0001-Don-t-get-confused-by-UDP-packets-with-a-source-port
+%patch7 -p1 -b .0001-Fix-force-bind-logic
+%patch8 -p1 -b .0001-guarantee-that-we-never-calculate-an-invalid-ip-addr
+%patch9 -p1 -b .0001-Include-host-in-invalid-packet-messages
# nuke rpath, TODO: double-check if still required on new releases
autoreconf
@@ -563,6 +573,11 @@
%endif
%changelog
+* Sun Dec 14 2008 Lennart Poettering <lpoetter at redhat.com> - 0.6.22-12
+- Fix a couple of issues, rhbz #475394, avahi bts #209, rhbz #438013, avahi bts
+ #251, avahi bts #231. This includes low risk security issue CVE-2008-5081.
+ All backported from upstream 0.6.24
+
* Wed Jun 04 2008 Rex Dieter <rdieter at fedoraproject.org> - 0.6.22-11
- qt4 bindings (#446904)
- devel: BR: pkgconfig
- Previous message (by thread): rpms/wfmath/F-10 sources,1.5,1.6 wfmath.spec,1.10,1.11
- Next message (by thread): rpms/telepathy-gabble/devel .cvsignore, 1.35, 1.36 sources, 1.35, 1.36 telepathy-gabble.spec, 1.44, 1.45
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list