[Buildroot] [PATCH 1/1] package/avahi: security bump to version 0.9-rc1

* [Buildroot] [PATCH 1/1] package/avahi: security bump to version 0.9-rc1
@ 2024-07-27 13:52 Fabrice Fontaine
  2024-07-27 14:15 ` Thomas Petazzoni via buildroot
  2024-08-02  6:37 ` Thomas Petazzoni via buildroot
  0 siblings, 2 replies; 4+ messages in thread
From: Fabrice Fontaine @ 2024-07-27 13:52 UTC (permalink / raw)
  To: buildroot; +Cc: Fabrice Fontaine

- Drop patch (already in version)
- Fix CVE-2021-3468 and CVE-2023-38469 to CVE-2023-38473
- --{en,dis}able-libsystemd must be passed since
  https://github.com/avahi/avahi/commit/bc116c05b15f1f478a40e47fe9fc68011cef1e50

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
 .checkpackageignore                           |   1 -
 ...01-Fix-NULL-pointer-crashes-from-175.patch | 152 ------------------
 package/avahi/avahi.hash                      |   2 +-
 package/avahi/avahi.mk                        |  26 +--
 4 files changed, 17 insertions(+), 164 deletions(-)
 delete mode 100644 package/avahi/0001-Fix-NULL-pointer-crashes-from-175.patch

diff --git a/.checkpackageignore b/.checkpackageignore
index df46ba4ab6..6172b8358d 100644
--- a/.checkpackageignore
+++ b/.checkpackageignore
@@ -337,7 +337,6 @@ package/aufs-util/0003-no-strip-lib.patch lib_patch.Upstream
 package/aumix/0001-fix-incorrect-makefile-am.patch lib_patch.Upstream
 package/autoconf/0001-dont-add-dirty-to-version.patch lib_patch.Upstream
 package/automake/0001-noman.patch lib_patch.Upstream
-package/avahi/0001-Fix-NULL-pointer-crashes-from-175.patch lib_patch.Upstream
 package/avahi/S05avahi-setup.sh lib_sysv.Indent lib_sysv.Variables
 package/avahi/S50avahi-daemon lib_sysv.Indent lib_sysv.Variables
 package/babeld/S50babeld Shellcheck lib_sysv.Indent lib_sysv.Variables
diff --git a/package/avahi/0001-Fix-NULL-pointer-crashes-from-175.patch b/package/avahi/0001-Fix-NULL-pointer-crashes-from-175.patch
deleted file mode 100644
index 7e191e8da7..0000000000
--- a/package/avahi/0001-Fix-NULL-pointer-crashes-from-175.patch
+++ /dev/null
@@ -1,152 +0,0 @@
-From 9d31939e55280a733d930b15ac9e4dda4497680c Mon Sep 17 00:00:00 2001
-From: Tommi Rantala <tommi.t.rantala@nokia.com>
-Date: Mon, 8 Feb 2021 11:04:43 +0200
-Subject: [PATCH] Fix NULL pointer crashes from #175
-
-avahi-daemon is crashing when running "ping .local".
-The crash is due to failing assertion from NULL pointer.
-Add missing NULL pointer checks to fix it.
-
-Introduced in #175 - merge commit 8f75a045709a780c8cf92a6a21e9d35b593bdecd
-
-[Retrieved from:
-https://github.com/lathiat/avahi/commit/9d31939e55280a733d930b15ac9e4dda4497680c]
-Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
----
- avahi-core/browse-dns-server.c   | 5 ++++-
- avahi-core/browse-domain.c       | 5 ++++-
- avahi-core/browse-service-type.c | 3 +++
- avahi-core/browse-service.c      | 3 +++
- avahi-core/browse.c              | 3 +++
- avahi-core/resolve-address.c     | 5 ++++-
- avahi-core/resolve-host-name.c   | 5 ++++-
- avahi-core/resolve-service.c     | 5 ++++-
- 8 files changed, 29 insertions(+), 5 deletions(-)
-
-diff --git a/avahi-core/browse-dns-server.c b/avahi-core/browse-dns-server.c
-index 049752e9..c2d914fa 100644
---- a/avahi-core/browse-dns-server.c
-+++ b/avahi-core/browse-dns-server.c
-@@ -343,7 +343,10 @@ AvahiSDNSServerBrowser *avahi_s_dns_server_browser_new(
-         AvahiSDNSServerBrowser* b;
- 
-         b = avahi_s_dns_server_browser_prepare(server, interface, protocol, domain, type, aprotocol, flags, callback, userdata);
-+        if (!b)
-+            return NULL;
-+
-         avahi_s_dns_server_browser_start(b);
- 
-         return b;
--}
-\ No newline at end of file
-+}
-diff --git a/avahi-core/browse-domain.c b/avahi-core/browse-domain.c
-index f145d56a..06fa70c0 100644
---- a/avahi-core/browse-domain.c
-+++ b/avahi-core/browse-domain.c
-@@ -253,7 +253,10 @@ AvahiSDomainBrowser *avahi_s_domain_browser_new(
-         AvahiSDomainBrowser *b;
- 
-         b = avahi_s_domain_browser_prepare(server, interface, protocol, domain, type, flags, callback, userdata);
-+        if (!b)
-+            return NULL;
-+
-         avahi_s_domain_browser_start(b);
- 
-         return b;
--}
-\ No newline at end of file
-+}
-diff --git a/avahi-core/browse-service-type.c b/avahi-core/browse-service-type.c
-index fdd22dcd..b1fc7af8 100644
---- a/avahi-core/browse-service-type.c
-+++ b/avahi-core/browse-service-type.c
-@@ -171,6 +171,9 @@ AvahiSServiceTypeBrowser *avahi_s_service_type_browser_new(
-         AvahiSServiceTypeBrowser *b;
- 
-         b = avahi_s_service_type_browser_prepare(server, interface, protocol, domain, flags, callback, userdata);
-+        if (!b)
-+            return NULL;
-+
-         avahi_s_service_type_browser_start(b);
- 
-         return b;
-diff --git a/avahi-core/browse-service.c b/avahi-core/browse-service.c
-index 5531360c..63e0275a 100644
---- a/avahi-core/browse-service.c
-+++ b/avahi-core/browse-service.c
-@@ -184,6 +184,9 @@ AvahiSServiceBrowser *avahi_s_service_browser_new(
-         AvahiSServiceBrowser *b;
- 
-         b = avahi_s_service_browser_prepare(server, interface, protocol, service_type, domain, flags, callback, userdata);
-+        if (!b)
-+            return NULL;
-+
-         avahi_s_service_browser_start(b);
- 
-         return b;
-diff --git a/avahi-core/browse.c b/avahi-core/browse.c
-index 2941e579..e8a915e9 100644
---- a/avahi-core/browse.c
-+++ b/avahi-core/browse.c
-@@ -634,6 +634,9 @@ AvahiSRecordBrowser *avahi_s_record_browser_new(
-         AvahiSRecordBrowser *b;
- 
-         b = avahi_s_record_browser_prepare(server, interface, protocol, key, flags, callback, userdata);
-+        if (!b)
-+            return NULL;
-+
-         avahi_s_record_browser_start_query(b);
- 
-         return b;
-diff --git a/avahi-core/resolve-address.c b/avahi-core/resolve-address.c
-index ac0b29b1..e61dd242 100644
---- a/avahi-core/resolve-address.c
-+++ b/avahi-core/resolve-address.c
-@@ -286,7 +286,10 @@ AvahiSAddressResolver *avahi_s_address_resolver_new(
-         AvahiSAddressResolver *b;
- 
-         b = avahi_s_address_resolver_prepare(server, interface, protocol, address, flags, callback, userdata);
-+        if (!b)
-+            return NULL;
-+
-         avahi_s_address_resolver_start(b);
- 
-         return b;
--}
-\ No newline at end of file
-+}
-diff --git a/avahi-core/resolve-host-name.c b/avahi-core/resolve-host-name.c
-index 808b0e72..4e8e5973 100644
---- a/avahi-core/resolve-host-name.c
-+++ b/avahi-core/resolve-host-name.c
-@@ -318,7 +318,10 @@ AvahiSHostNameResolver *avahi_s_host_name_resolver_new(
-         AvahiSHostNameResolver *b;
- 
-         b = avahi_s_host_name_resolver_prepare(server, interface, protocol, host_name, aprotocol, flags, callback, userdata);
-+        if (!b)
-+            return NULL;
-+
-         avahi_s_host_name_resolver_start(b);
- 
-         return b;
--}
-\ No newline at end of file
-+}
-diff --git a/avahi-core/resolve-service.c b/avahi-core/resolve-service.c
-index 66bf3cae..43771763 100644
---- a/avahi-core/resolve-service.c
-+++ b/avahi-core/resolve-service.c
-@@ -519,7 +519,10 @@ AvahiSServiceResolver *avahi_s_service_resolver_new(
-         AvahiSServiceResolver *b;
- 
-         b = avahi_s_service_resolver_prepare(server, interface, protocol, name, type, domain, aprotocol, flags, callback, userdata);
-+        if (!b)
-+            return NULL;
-+
-         avahi_s_service_resolver_start(b);
- 
-         return b;
--}
-\ No newline at end of file
-+}
diff --git a/package/avahi/avahi.hash b/package/avahi/avahi.hash
index 3bf22f831d..3961f9fd6d 100644
--- a/package/avahi/avahi.hash
+++ b/package/avahi/avahi.hash
@@ -1,3 +1,3 @@
 # Locally calculated
-sha256  060309d7a333d38d951bc27598c677af1796934dbd98e1024e7ad8de798fedda  avahi-0.8.tar.gz
+sha256  f6c333a7e54918eaa72add70616fe34ef7f93ccbc5644e4626290e098b7a59c2  avahi-0.9-rc1.tar.gz
 sha256  a9bdde5616ecdd1e980b44f360600ee8783b1f99b8cc83a2beb163a0a390e861  LICENSE
diff --git a/package/avahi/avahi.mk b/package/avahi/avahi.mk
index 1992669a92..8283f633f9 100644
--- a/package/avahi/avahi.mk
+++ b/package/avahi/avahi.mk
@@ -4,20 +4,22 @@
 #
 ################################################################################
 
-AVAHI_VERSION = 0.8
-AVAHI_SITE = https://github.com/lathiat/avahi/releases/download/v$(AVAHI_VERSION)
+AVAHI_VERSION = 0.9-rc1
+AVAHI_SITE = $(call github,avahi,avahi,v$(AVAHI_VERSION))
 AVAHI_LICENSE = LGPL-2.1+
 AVAHI_LICENSE_FILES = LICENSE
 AVAHI_CPE_ID_VENDOR = avahi
 AVAHI_SELINUX_MODULES = avahi
 AVAHI_INSTALL_STAGING = YES
+# From git
+AVAHI_AUTORECONF = YES
+AVAHI_AUTOPOINT = YES
 
-# CVE-2021-26720 is an issue in avahi-daemon-check-dns.sh, which is
-# part of the Debian packaging and not part of upstream avahi
-AVAHI_IGNORE_CVES += CVE-2021-26720
-
-# 0001-Fix-NULL-pointer-crashes-from-175.patch
-AVAHI_IGNORE_CVES += CVE-2021-36217
+# fix missing config.rpath (needed for autoreconf) in the codebase
+define AVAHI_TOUCH_CONFIG_RPATH
+	touch $(@D)/config.rpath
+endef
+AVAHI_PRE_CONFIGURE_HOOKS += AVAHI_TOUCH_CONFIG_RPATH
 
 AVAHI_CONF_ENV = \
 	avahi_cv_sys_cxx_works=yes \
@@ -57,9 +59,13 @@ AVAHI_DEPENDENCIES = host-pkgconf $(TARGET_NLS_DEPENDENCIES)
 AVAHI_CFLAGS = $(TARGET_CFLAGS)
 
 ifeq ($(BR2_PACKAGE_SYSTEMD),y)
-AVAHI_CONF_OPTS += --with-systemdsystemunitdir=/usr/lib/systemd/system
+AVAHI_CONF_OPTS += \
+	--enable-libsystemd \
+	--with-systemdsystemunitdir=/usr/lib/systemd/system
 else
-AVAHI_CONF_OPTS += --with-systemdsystemunitdir=no
+AVAHI_CONF_OPTS += \
+	--disable-libsystemd \
+	--with-systemdsystemunitdir=no
 AVAHI_CFLAGS += -DDISABLE_SYSTEMD
 endif
 
-- 
2.43.0

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply related	[flat|nested] 4+ messages in thread