Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian....@packages.debian.org
Usertags: pu
X-Debbugs-Cc: pkg-utopia-maintain...@lists.alioth.debian.org
Hi,
I'd like to make a stable upload for avahi.
The changelog reads:
avahi (0.8-5+deb11u1) bullseye; urgency=medium
[ Simon McVittie ]
* Add patch to fix display of URLs containing '&' in avahi-discover.
Otherwise, a TXT entry containing a URL with '&' will cause an error.
[ Michael Biebl ]
* Do not disable timeout cleanup on watch cleanup.
This was causing timeouts to never be removed from the linked list that
tracks them, resulting in both memory and CPU usage to grow larger over
time. Thanks to Gustavo Noronha Silva. (Closes: #993051)
* Fix NULL pointer crashes when trying to resolve badly-formatted hostnames.
Fixes a local DoS in avahi-daemon that can be triggered by trying to
resolve badly-formatted hostnames on the /run/avahi-daemon/socket
interface. (CVE-2021-3502, Closes: #986018)
Those are 3 cherry-picks from changes that are already part of 0.8-6
from unstable/testing.
I consider the regression potential low, as those fixes have been in
unstable/testing for a long time.
Regards,
Michael
diff --git a/debian/changelog b/debian/changelog
index 9ec4b413..88166628 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,21 @@
+avahi (0.8-5+deb11u1) bullseye; urgency=medium
+
+ [ Simon McVittie ]
+ * Add patch to fix display of URLs containing '&' in avahi-discover.
+ Otherwise, a TXT entry containing a URL with '&' will cause an error.
+
+ [ Michael Biebl ]
+ * Do not disable timeout cleanup on watch cleanup.
+ This was causing timeouts to never be removed from the linked list that
+ tracks them, resulting in both memory and CPU usage to grow larger over
+ time. Thanks to Gustavo Noronha Silva. (Closes: #993051)
+ * Fix NULL pointer crashes when trying to resolve badly-formatted hostnames.
+ Fixes a local DoS in avahi-daemon that can be triggered by trying to
+ resolve badly-formatted hostnames on the /run/avahi-daemon/socket
+ interface. (CVE-2021-3502, Closes: #986018)
+
+ -- Michael Biebl <bi...@debian.org> Mon, 08 Aug 2022 11:27:46 +0200
+
avahi (0.8-5) unstable; urgency=medium
* d/avahi-daemon.maintscript: Drop removal of symlink, they're not normal
diff --git a/debian/gbp.conf b/debian/gbp.conf
index 76a4dd12..c220725b 100644
--- a/debian/gbp.conf
+++ b/debian/gbp.conf
@@ -1,5 +1,5 @@
[DEFAULT]
pristine-tar = True
-debian-branch = debian/master
+debian-branch = debian/bullseye
upstream-branch = upstream/latest
patch-numbers = False
diff --git
a/debian/patches/Do-not-disable-timeout-cleanup-on-watch-cleanup.patch
b/debian/patches/Do-not-disable-timeout-cleanup-on-watch-cleanup.patch
new file mode 100644
index 00000000..91d6acc5
--- /dev/null
+++ b/debian/patches/Do-not-disable-timeout-cleanup-on-watch-cleanup.patch
@@ -0,0 +1,24 @@
+From: Gustavo Noronha Silva <gust...@noronha.dev.br>
+Date: Sun, 2 Jan 2022 22:29:04 -0300
+Subject: Do not disable timeout cleanup on watch cleanup
+
+This was causing timeouts to never be removed from the linked list that
+tracks them, resulting in both memory and CPU usage to grow larger over
+time.
+---
+ avahi-common/simple-watch.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/avahi-common/simple-watch.c b/avahi-common/simple-watch.c
+index 08d8090..2a4a989 100644
+--- a/avahi-common/simple-watch.c
++++ b/avahi-common/simple-watch.c
+@@ -238,7 +238,7 @@ static void cleanup_watches(AvahiSimplePoll *s, int all) {
+ destroy_watch(w);
+ }
+
+- s->timeout_req_cleanup = 0;
++ s->watch_req_cleanup = 0;
+ }
+
+ static AvahiTimeout* timeout_new(const AvahiPoll *api, const struct timeval
*tv, AvahiTimeoutCallback callback, void *userdata) {
diff --git a/debian/patches/Fix-NULL-pointer-crashes-from-175.patch
b/debian/patches/Fix-NULL-pointer-crashes-from-175.patch
new file mode 100644
index 00000000..1dc98d74
--- /dev/null
+++ b/debian/patches/Fix-NULL-pointer-crashes-from-175.patch
@@ -0,0 +1,149 @@
+From: Tommi Rantala <tommi.t.rant...@nokia.com>
+Date: Mon, 8 Feb 2021 11:04:43 +0200
+Subject: Fix NULL pointer crashes from #175
+
+avahi-daemon is crashing when running "ping .local".
+The crash is due to failing assertion from NULL pointer.
+Add missing NULL pointer checks to fix it.
+
+Introduced in #175 - merge commit 8f75a045709a780c8cf92a6a21e9d35b593bdecd
+
+(cherry picked from commit 9d31939e55280a733d930b15ac9e4dda4497680c)
+---
+ avahi-core/browse-dns-server.c | 5 ++++-
+ avahi-core/browse-domain.c | 5 ++++-
+ avahi-core/browse-service-type.c | 3 +++
+ avahi-core/browse-service.c | 3 +++
+ avahi-core/browse.c | 3 +++
+ avahi-core/resolve-address.c | 5 ++++-
+ avahi-core/resolve-host-name.c | 5 ++++-
+ avahi-core/resolve-service.c | 5 ++++-
+ 8 files changed, 29 insertions(+), 5 deletions(-)
+
+diff --git a/avahi-core/browse-dns-server.c b/avahi-core/browse-dns-server.c
+index 049752e..c2d914f 100644
+--- a/avahi-core/browse-dns-server.c
++++ b/avahi-core/browse-dns-server.c
+@@ -343,7 +343,10 @@ AvahiSDNSServerBrowser *avahi_s_dns_server_browser_new(
+ AvahiSDNSServerBrowser* b;
+
+ b = avahi_s_dns_server_browser_prepare(server, interface, protocol,
domain, type, aprotocol, flags, callback, userdata);
++ if (!b)
++ return NULL;
++
+ avahi_s_dns_server_browser_start(b);
+
+ return b;
+-}
+\ No newline at end of file
++}
+diff --git a/avahi-core/browse-domain.c b/avahi-core/browse-domain.c
+index f145d56..06fa70c 100644
+--- a/avahi-core/browse-domain.c
++++ b/avahi-core/browse-domain.c
+@@ -253,7 +253,10 @@ AvahiSDomainBrowser *avahi_s_domain_browser_new(
+ AvahiSDomainBrowser *b;
+
+ b = avahi_s_domain_browser_prepare(server, interface, protocol,
domain, type, flags, callback, userdata);
++ if (!b)
++ return NULL;
++
+ avahi_s_domain_browser_start(b);
+
+ return b;
+-}
+\ No newline at end of file
++}
+diff --git a/avahi-core/browse-service-type.c
b/avahi-core/browse-service-type.c
+index fdd22dc..b1fc7af 100644
+--- a/avahi-core/browse-service-type.c
++++ b/avahi-core/browse-service-type.c
+@@ -171,6 +171,9 @@ AvahiSServiceTypeBrowser *avahi_s_service_type_browser_new(
+ AvahiSServiceTypeBrowser *b;
+
+ b = avahi_s_service_type_browser_prepare(server, interface, protocol,
domain, flags, callback, userdata);
++ if (!b)
++ return NULL;
++
+ avahi_s_service_type_browser_start(b);
+
+ return b;
+diff --git a/avahi-core/browse-service.c b/avahi-core/browse-service.c
+index 5531360..63e0275 100644
+--- a/avahi-core/browse-service.c
++++ b/avahi-core/browse-service.c
+@@ -184,6 +184,9 @@ AvahiSServiceBrowser *avahi_s_service_browser_new(
+ AvahiSServiceBrowser *b;
+
+ b = avahi_s_service_browser_prepare(server, interface, protocol,
service_type, domain, flags, callback, userdata);
++ if (!b)
++ return NULL;
++
+ avahi_s_service_browser_start(b);
+
+ return b;
+diff --git a/avahi-core/browse.c b/avahi-core/browse.c
+index 2941e57..e8a915e 100644
+--- a/avahi-core/browse.c
++++ b/avahi-core/browse.c
+@@ -634,6 +634,9 @@ AvahiSRecordBrowser *avahi_s_record_browser_new(
+ AvahiSRecordBrowser *b;
+
+ b = avahi_s_record_browser_prepare(server, interface, protocol, key,
flags, callback, userdata);
++ if (!b)
++ return NULL;
++
+ avahi_s_record_browser_start_query(b);
+
+ return b;
+diff --git a/avahi-core/resolve-address.c b/avahi-core/resolve-address.c
+index ac0b29b..e61dd24 100644
+--- a/avahi-core/resolve-address.c
++++ b/avahi-core/resolve-address.c
+@@ -286,7 +286,10 @@ AvahiSAddressResolver *avahi_s_address_resolver_new(
+ AvahiSAddressResolver *b;
+
+ b = avahi_s_address_resolver_prepare(server, interface, protocol,
address, flags, callback, userdata);
++ if (!b)
++ return NULL;
++
+ avahi_s_address_resolver_start(b);
+
+ return b;
+-}
+\ No newline at end of file
++}
+diff --git a/avahi-core/resolve-host-name.c b/avahi-core/resolve-host-name.c
+index 808b0e7..4e8e597 100644
+--- a/avahi-core/resolve-host-name.c
++++ b/avahi-core/resolve-host-name.c
+@@ -318,7 +318,10 @@ AvahiSHostNameResolver *avahi_s_host_name_resolver_new(
+ AvahiSHostNameResolver *b;
+
+ b = avahi_s_host_name_resolver_prepare(server, interface, protocol,
host_name, aprotocol, flags, callback, userdata);
++ if (!b)
++ return NULL;
++
+ avahi_s_host_name_resolver_start(b);
+
+ return b;
+-}
+\ No newline at end of file
++}
+diff --git a/avahi-core/resolve-service.c b/avahi-core/resolve-service.c
+index 66bf3ca..4377176 100644
+--- a/avahi-core/resolve-service.c
++++ b/avahi-core/resolve-service.c
+@@ -519,7 +519,10 @@ AvahiSServiceResolver *avahi_s_service_resolver_new(
+ AvahiSServiceResolver *b;
+
+ b = avahi_s_service_resolver_prepare(server, interface, protocol,
name, type, domain, aprotocol, flags, callback, userdata);
++ if (!b)
++ return NULL;
++
+ avahi_s_service_resolver_start(b);
+
+ return b;
+-}
+\ No newline at end of file
++}
diff --git
a/debian/patches/avahi-discover-Escape-strings-substituted-into-Pango-mark.patch
b/debian/patches/avahi-discover-Escape-strings-substituted-into-Pango-mark.patch
new file mode 100644
index 00000000..27880f5b
--- /dev/null
+++
b/debian/patches/avahi-discover-Escape-strings-substituted-into-Pango-mark.patch
@@ -0,0 +1,56 @@
+From: Simon McVittie <s...@debian.org>
+Date: Sun, 30 Jan 2022 19:02:44 +0000
+Subject: avahi-discover: Escape strings substituted into Pango markup
+
+Otherwise, a TXT entry containing a URL with '&' will cause an error.
+
+Signed-off-by: Simon McVittie <s...@debian.org>
+Forwarded: https://github.com/lathiat/avahi/pull/369
+---
+ avahi-python/avahi-discover/avahi-discover.py | 19 ++++++++++++++++---
+ 1 file changed, 16 insertions(+), 3 deletions(-)
+
+diff --git a/avahi-python/avahi-discover/avahi-discover.py
b/avahi-python/avahi-discover/avahi-discover.py
+index fddf4a5..9b31d8f 100755
+--- a/avahi-python/avahi-discover/avahi-discover.py
++++ b/avahi-python/avahi-discover/avahi-discover.py
+@@ -27,7 +27,7 @@ try:
+ gettext.textdomain(@GETTEXT_PACKAGE@)
+ import gi
+ gi.require_version('Gtk', '3.0')
+- from gi.repository import Gtk, GObject
++ from gi.repository import Gtk, GObject, GLib
+ _ = gettext.gettext
+ except ImportError as e:
+ print("Sorry, to use this tool you need to install Avahi, pygtk and
python-dbus.\n Error: %s" % e)
+@@ -235,7 +235,10 @@ class Main_window:
+ txts = ""
+ txtd = self.pair_to_dict(txt)
+ for k,v in txtd.items():
+- txts+="<b>" + _("TXT") + " <i>%s</i></b> = %s\n" % (k,v)
++ txts+="<b>" + _("TXT") + " <i>%s</i></b> = %s\n" % (
++ GLib.markup_escape_text(k),
++ GLib.markup_escape_text(v),
++ )
+ else:
+ txts = "<b>" + _("TXT Data:") + "</b> <i>" + _("empty") + "</i>"
+
+@@ -249,7 +252,17 @@ class Main_window:
+ infos += "<b>" + _("Address:") + "</b> %s/%s:%i\n%s"
+ if isinstance(infos, bytes): # Python 2
+ infos = infos.decode("utf-8")
+- infos = infos % (stype, name, domain, self.siocgifname(interface),
self.protoname(protocol), host, address, port, txts.strip())
++ infos = infos % (
++ GLib.markup_escape_text(stype),
++ GLib.markup_escape_text(name),
++ GLib.markup_escape_text(domain),
++ GLib.markup_escape_text(self.siocgifname(interface)),
++ GLib.markup_escape_text(self.protoname(protocol)),
++ GLib.markup_escape_text(host),
++ GLib.markup_escape_text(address),
++ port,
++ txts.strip(),
++ )
+ self.info_label.set_markup(infos)
+
+ def insert_row(self, model,parent,
diff --git a/debian/patches/series b/debian/patches/series
index 114d1e6c..7b513a9c 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -7,3 +7,6 @@ fix-bytestring-decoding-for-proper-display.patch
avahi-discover-Don-t-decode-unicode-strings-only-bytestri.patch
Fetch-build-db-from-upstream-git.patch
build-db-Use-the-same-database-format-that-the-C-code-exp.patch
+avahi-discover-Escape-strings-substituted-into-Pango-mark.patch
+Do-not-disable-timeout-cleanup-on-watch-cleanup.patch
+Fix-NULL-pointer-crashes-from-175.patch
