[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1016837: marked as done (bullseye-pu: package avahi/0.8-5+deb11u1)

Your message dated Sat, 10 Sep 2022 13:36:19 +0100
with message-id <92fe43e7805e82e43100a6471ccbf91cd9a12944.camel@adam-barratt.org.uk>
and subject line Closing requests for updates in 11.5
has caused the Debian Bug report #1016837,
regarding bullseye-pu: package avahi/0.8-5+deb11u1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1016837: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016837
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian.org@packages.debian.org
Usertags: pu
X-Debbugs-Cc: pkg-utopia-maintainers@lists.alioth.debian.org

Hi,

I'd like to make a stable upload for avahi.
The changelog reads:

avahi (0.8-5+deb11u1) bullseye; urgency=medium

  [ Simon McVittie ]
  * Add patch to fix display of URLs containing '&' in avahi-discover.
    Otherwise, a TXT entry containing a URL with '&' will cause an error.

  [ Michael Biebl ]
  * Do not disable timeout cleanup on watch cleanup.
    This was causing timeouts to never be removed from the linked list that
    tracks them, resulting in both memory and CPU usage to grow larger over
    time. Thanks to Gustavo Noronha Silva. (Closes: #993051)
  * Fix NULL pointer crashes when trying to resolve badly-formatted hostnames.
    Fixes a local DoS in avahi-daemon that can be triggered by trying to
    resolve badly-formatted hostnames on the /run/avahi-daemon/socket
    interface. (CVE-2021-3502, Closes: #986018)


Those are 3 cherry-picks from changes that are already part of 0.8-6
from unstable/testing.
I consider the regression potential low, as those fixes have been in
unstable/testing for a long time.

Regards,
Michael

diff --git a/debian/changelog b/debian/changelog
index 9ec4b413..88166628 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,21 @@
+avahi (0.8-5+deb11u1) bullseye; urgency=medium
+
+  [ Simon McVittie ]
+  * Add patch to fix display of URLs containing '&' in avahi-discover.
+    Otherwise, a TXT entry containing a URL with '&' will cause an error.
+
+  [ Michael Biebl ]
+  * Do not disable timeout cleanup on watch cleanup.
+    This was causing timeouts to never be removed from the linked list that
+    tracks them, resulting in both memory and CPU usage to grow larger over
+    time. Thanks to Gustavo Noronha Silva. (Closes: #993051)
+  * Fix NULL pointer crashes when trying to resolve badly-formatted hostnames.
+    Fixes a local DoS in avahi-daemon that can be triggered by trying to
+    resolve badly-formatted hostnames on the /run/avahi-daemon/socket
+    interface. (CVE-2021-3502, Closes: #986018)
+
+ -- Michael Biebl <biebl@debian.org>  Mon, 08 Aug 2022 11:27:46 +0200
+
 avahi (0.8-5) unstable; urgency=medium
 
   * d/avahi-daemon.maintscript: Drop removal of symlink, they're not normal
diff --git a/debian/gbp.conf b/debian/gbp.conf
index 76a4dd12..c220725b 100644
--- a/debian/gbp.conf
+++ b/debian/gbp.conf
@@ -1,5 +1,5 @@
 [DEFAULT]
 pristine-tar = True
-debian-branch = debian/master
+debian-branch = debian/bullseye
 upstream-branch = upstream/latest
 patch-numbers = False
diff --git a/debian/patches/Do-not-disable-timeout-cleanup-on-watch-cleanup.patch b/debian/patches/Do-not-disable-timeout-cleanup-on-watch-cleanup.patch
new file mode 100644
index 00000000..91d6acc5
--- /dev/null
+++ b/debian/patches/Do-not-disable-timeout-cleanup-on-watch-cleanup.patch
@@ -0,0 +1,24 @@
+From: Gustavo Noronha Silva <gustavo@noronha.dev.br>
+Date: Sun, 2 Jan 2022 22:29:04 -0300
+Subject: Do not disable timeout cleanup on watch cleanup
+
+This was causing timeouts to never be removed from the linked list that
+tracks them, resulting in both memory and CPU usage to grow larger over
+time.
+---
+ avahi-common/simple-watch.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/avahi-common/simple-watch.c b/avahi-common/simple-watch.c
+index 08d8090..2a4a989 100644
+--- a/avahi-common/simple-watch.c
++++ b/avahi-common/simple-watch.c
+@@ -238,7 +238,7 @@ static void cleanup_watches(AvahiSimplePoll *s, int all) {
+             destroy_watch(w);
+     }
+ 
+-    s->timeout_req_cleanup = 0;
++    s->watch_req_cleanup = 0;
+ }
+ 
+ static AvahiTimeout* timeout_new(const AvahiPoll *api, const struct timeval *tv, AvahiTimeoutCallback callback, void *userdata) {
diff --git a/debian/patches/Fix-NULL-pointer-crashes-from-175.patch b/debian/patches/Fix-NULL-pointer-crashes-from-175.patch
new file mode 100644
index 00000000..1dc98d74
--- /dev/null
+++ b/debian/patches/Fix-NULL-pointer-crashes-from-175.patch
@@ -0,0 +1,149 @@
+From: Tommi Rantala <tommi.t.rantala@nokia.com>
+Date: Mon, 8 Feb 2021 11:04:43 +0200
+Subject: Fix NULL pointer crashes from #175
+
+avahi-daemon is crashing when running "ping .local".
+The crash is due to failing assertion from NULL pointer.
+Add missing NULL pointer checks to fix it.
+
+Introduced in #175 - merge commit 8f75a045709a780c8cf92a6a21e9d35b593bdecd
+
+(cherry picked from commit 9d31939e55280a733d930b15ac9e4dda4497680c)
+---
+ avahi-core/browse-dns-server.c   | 5 ++++-
+ avahi-core/browse-domain.c       | 5 ++++-
+ avahi-core/browse-service-type.c | 3 +++
+ avahi-core/browse-service.c      | 3 +++
+ avahi-core/browse.c              | 3 +++
+ avahi-core/resolve-address.c     | 5 ++++-
+ avahi-core/resolve-host-name.c   | 5 ++++-
+ avahi-core/resolve-service.c     | 5 ++++-
+ 8 files changed, 29 insertions(+), 5 deletions(-)
+
+diff --git a/avahi-core/browse-dns-server.c b/avahi-core/browse-dns-server.c
+index 049752e..c2d914f 100644
+--- a/avahi-core/browse-dns-server.c
++++ b/avahi-core/browse-dns-server.c
+@@ -343,7 +343,10 @@ AvahiSDNSServerBrowser *avahi_s_dns_server_browser_new(
+         AvahiSDNSServerBrowser* b;
+ 
+         b = avahi_s_dns_server_browser_prepare(server, interface, protocol, domain, type, aprotocol, flags, callback, userdata);
++        if (!b)
++            return NULL;
++
+         avahi_s_dns_server_browser_start(b);
+ 
+         return b;
+-}
+\ No newline at end of file
++}
+diff --git a/avahi-core/browse-domain.c b/avahi-core/browse-domain.c
+index f145d56..06fa70c 100644
+--- a/avahi-core/browse-domain.c
++++ b/avahi-core/browse-domain.c
+@@ -253,7 +253,10 @@ AvahiSDomainBrowser *avahi_s_domain_browser_new(
+         AvahiSDomainBrowser *b;
+ 
+         b = avahi_s_domain_browser_prepare(server, interface, protocol, domain, type, flags, callback, userdata);
++        if (!b)
++            return NULL;
++
+         avahi_s_domain_browser_start(b);
+ 
+         return b;
+-}
+\ No newline at end of file
++}
+diff --git a/avahi-core/browse-service-type.c b/avahi-core/browse-service-type.c
+index fdd22dc..b1fc7af 100644
+--- a/avahi-core/browse-service-type.c
++++ b/avahi-core/browse-service-type.c
+@@ -171,6 +171,9 @@ AvahiSServiceTypeBrowser *avahi_s_service_type_browser_new(
+         AvahiSServiceTypeBrowser *b;
+ 
+         b = avahi_s_service_type_browser_prepare(server, interface, protocol, domain, flags, callback, userdata);
++        if (!b)
++            return NULL;
++
+         avahi_s_service_type_browser_start(b);
+ 
+         return b;
+diff --git a/avahi-core/browse-service.c b/avahi-core/browse-service.c
+index 5531360..63e0275 100644
+--- a/avahi-core/browse-service.c
++++ b/avahi-core/browse-service.c
+@@ -184,6 +184,9 @@ AvahiSServiceBrowser *avahi_s_service_browser_new(
+         AvahiSServiceBrowser *b;
+ 
+         b = avahi_s_service_browser_prepare(server, interface, protocol, service_type, domain, flags, callback, userdata);
++        if (!b)
++            return NULL;
++
+         avahi_s_service_browser_start(b);
+ 
+         return b;
+diff --git a/avahi-core/browse.c b/avahi-core/browse.c
+index 2941e57..e8a915e 100644
+--- a/avahi-core/browse.c
++++ b/avahi-core/browse.c
+@@ -634,6 +634,9 @@ AvahiSRecordBrowser *avahi_s_record_browser_new(
+         AvahiSRecordBrowser *b;
+ 
+         b = avahi_s_record_browser_prepare(server, interface, protocol, key, flags, callback, userdata);
++        if (!b)
++            return NULL;
++
+         avahi_s_record_browser_start_query(b);
+ 
+         return b;
+diff --git a/avahi-core/resolve-address.c b/avahi-core/resolve-address.c
+index ac0b29b..e61dd24 100644
+--- a/avahi-core/resolve-address.c
++++ b/avahi-core/resolve-address.c
+@@ -286,7 +286,10 @@ AvahiSAddressResolver *avahi_s_address_resolver_new(
+         AvahiSAddressResolver *b;
+ 
+         b = avahi_s_address_resolver_prepare(server, interface, protocol, address, flags, callback, userdata);
++        if (!b)
++            return NULL;
++
+         avahi_s_address_resolver_start(b);
+ 
+         return b;
+-}
+\ No newline at end of file
++}
+diff --git a/avahi-core/resolve-host-name.c b/avahi-core/resolve-host-name.c
+index 808b0e7..4e8e597 100644
+--- a/avahi-core/resolve-host-name.c
++++ b/avahi-core/resolve-host-name.c
+@@ -318,7 +318,10 @@ AvahiSHostNameResolver *avahi_s_host_name_resolver_new(
+         AvahiSHostNameResolver *b;
+ 
+         b = avahi_s_host_name_resolver_prepare(server, interface, protocol, host_name, aprotocol, flags, callback, userdata);
++        if (!b)
++            return NULL;
++
+         avahi_s_host_name_resolver_start(b);
+ 
+         return b;
+-}
+\ No newline at end of file
++}
+diff --git a/avahi-core/resolve-service.c b/avahi-core/resolve-service.c
+index 66bf3ca..4377176 100644
+--- a/avahi-core/resolve-service.c
++++ b/avahi-core/resolve-service.c
+@@ -519,7 +519,10 @@ AvahiSServiceResolver *avahi_s_service_resolver_new(
+         AvahiSServiceResolver *b;
+ 
+         b = avahi_s_service_resolver_prepare(server, interface, protocol, name, type, domain, aprotocol, flags, callback, userdata);
++        if (!b)
++            return NULL;
++
+         avahi_s_service_resolver_start(b);
+ 
+         return b;
+-}
+\ No newline at end of file
++}
diff --git a/debian/patches/avahi-discover-Escape-strings-substituted-into-Pango-mark.patch b/debian/patches/avahi-discover-Escape-strings-substituted-into-Pango-mark.patch
new file mode 100644
index 00000000..27880f5b
--- /dev/null
+++ b/debian/patches/avahi-discover-Escape-strings-substituted-into-Pango-mark.patch
@@ -0,0 +1,56 @@
+From: Simon McVittie <smcv@debian.org>
+Date: Sun, 30 Jan 2022 19:02:44 +0000
+Subject: avahi-discover: Escape strings substituted into Pango markup
+
+Otherwise, a TXT entry containing a URL with '&' will cause an error.
+
+Signed-off-by: Simon McVittie <smcv@debian.org>
+Forwarded: https://github.com/lathiat/avahi/pull/369
+---
+ avahi-python/avahi-discover/avahi-discover.py | 19 ++++++++++++++++---
+ 1 file changed, 16 insertions(+), 3 deletions(-)
+
+diff --git a/avahi-python/avahi-discover/avahi-discover.py b/avahi-python/avahi-discover/avahi-discover.py
+index fddf4a5..9b31d8f 100755
+--- a/avahi-python/avahi-discover/avahi-discover.py
++++ b/avahi-python/avahi-discover/avahi-discover.py
+@@ -27,7 +27,7 @@ try:
+     gettext.textdomain(@GETTEXT_PACKAGE@)
+     import gi
+     gi.require_version('Gtk', '3.0')
+-    from gi.repository import Gtk, GObject
++    from gi.repository import Gtk, GObject, GLib
+     _ = gettext.gettext
+ except ImportError as e:
+     print("Sorry, to use this tool you need to install Avahi, pygtk and python-dbus.\n Error: %s" % e)
+@@ -235,7 +235,10 @@ class Main_window:
+             txts = ""
+             txtd = self.pair_to_dict(txt)
+             for k,v in txtd.items():
+-                txts+="<b>" + _("TXT") + " <i>%s</i></b> = %s\n" % (k,v)
++                txts+="<b>" + _("TXT") + " <i>%s</i></b> = %s\n" % (
++                    GLib.markup_escape_text(k),
++                    GLib.markup_escape_text(v),
++                )
+         else:
+             txts = "<b>" + _("TXT Data:") + "</b> <i>" + _("empty") + "</i>"
+ 
+@@ -249,7 +252,17 @@ class Main_window:
+         infos += "<b>" + _("Address:") + "</b> %s/%s:%i\n%s"
+         if isinstance(infos, bytes):    # Python 2
+             infos = infos.decode("utf-8")
+-        infos = infos % (stype, name, domain, self.siocgifname(interface), self.protoname(protocol), host, address, port, txts.strip())
++        infos = infos % (
++            GLib.markup_escape_text(stype),
++            GLib.markup_escape_text(name),
++            GLib.markup_escape_text(domain),
++            GLib.markup_escape_text(self.siocgifname(interface)),
++            GLib.markup_escape_text(self.protoname(protocol)),
++            GLib.markup_escape_text(host),
++            GLib.markup_escape_text(address),
++            port,
++            txts.strip(),
++        )
+         self.info_label.set_markup(infos)
+ 
+     def insert_row(self, model,parent,
diff --git a/debian/patches/series b/debian/patches/series
index 114d1e6c..7b513a9c 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -7,3 +7,6 @@ fix-bytestring-decoding-for-proper-display.patch
 avahi-discover-Don-t-decode-unicode-strings-only-bytestri.patch
 Fetch-build-db-from-upstream-git.patch
 build-db-Use-the-same-database-format-that-the-C-code-exp.patch
+avahi-discover-Escape-strings-substituted-into-Pango-mark.patch
+Do-not-disable-timeout-cleanup-on-watch-cleanup.patch
+Fix-NULL-pointer-crashes-from-175.patch

--- End Message ---
--- Begin Message --- 
Package: release.debian.org
Version: 11.5

Hi,

The updates referred to in each of these bugs were included in today's
11.5 point release.

Regards,

Adam

--- End Message ---
Reply to: