@@ -36,6 +36,7 @@ SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/avahi-${PV}.tar.gz \
file://CVE-2023-38472.patch \
file://CVE-2023-38473.patch \
file://CVE-2024-52616.patch \
+ file://CVE-2024-52615.patch \
"
GITHUB_BASE_URI = "https://github.com/avahi/avahi/releases/"
new file mode 100644
@@ -0,0 +1,228 @@
+From 4e2e1ea0908d7e6ad7f38ae04fdcdf2411f8b942 Mon Sep 17 00:00:00 2001
+From: Michal Sekletar <msekleta@redhat.com>
+Date: Wed, 27 Nov 2024 18:07:32 +0100
+Subject: [PATCH] core/wide-area: fix for CVE-2024-52615
+
+CVE: CVE-2024-52615
+Upstream-Status: Backport [https://github.com/avahi/avahi/commit/4e2e1ea0908d7e6ad7f38ae04fdcdf2411f8b942]
+
+Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
+---
+ avahi-core/wide-area.c | 128 ++++++++++++++++++++++-------------------
+ 1 file changed, 69 insertions(+), 59 deletions(-)
+
+diff --git a/avahi-core/wide-area.c b/avahi-core/wide-area.c
+index 00a15056e..06df7afc6 100644
+--- a/avahi-core/wide-area.c
++++ b/avahi-core/wide-area.c
+@@ -81,6 +81,10 @@ struct AvahiWideAreaLookup {
+
+ AvahiAddress dns_server_used;
+
++ int fd;
++ AvahiWatch *watch;
++ AvahiProtocol proto;
++
+ AVAHI_LLIST_FIELDS(AvahiWideAreaLookup, lookups);
+ AVAHI_LLIST_FIELDS(AvahiWideAreaLookup, by_key);
+ };
+@@ -88,9 +92,6 @@ struct AvahiWideAreaLookup {
+ struct AvahiWideAreaLookupEngine {
+ AvahiServer *server;
+
+- int fd_ipv4, fd_ipv6;
+- AvahiWatch *watch_ipv4, *watch_ipv6;
+-
+ /* Cache */
+ AVAHI_LLIST_HEAD(AvahiWideAreaCacheEntry, cache);
+ AvahiHashmap *cache_by_key;
+@@ -125,35 +126,67 @@ static AvahiWideAreaLookup* find_lookup(AvahiWideAreaLookupEngine *e, uint16_t i
+ return l;
+ }
+
++static void socket_event(AVAHI_GCC_UNUSED AvahiWatch *w, int fd, AVAHI_GCC_UNUSED AvahiWatchEvent events, void *userdata);
++
+ static int send_to_dns_server(AvahiWideAreaLookup *l, AvahiDnsPacket *p) {
++ AvahiWideAreaLookupEngine *e;
+ AvahiAddress *a;
++ AvahiServer *s;
++ AvahiWatch *w;
++ int r;
+
+ assert(l);
+ assert(p);
+
+- if (l->engine->n_dns_servers <= 0)
++ e = l->engine;
++ assert(e);
++
++ s = e->server;
++ assert(s);
++
++ if (e->n_dns_servers <= 0)
+ return -1;
+
+- assert(l->engine->current_dns_server < l->engine->n_dns_servers);
++ assert(e->current_dns_server < e->n_dns_servers);
+
+- a = &l->engine->dns_servers[l->engine->current_dns_server];
++ a = &e->dns_servers[e->current_dns_server];
+ l->dns_server_used = *a;
+
+- if (a->proto == AVAHI_PROTO_INET) {
++ if (l->fd >= 0) {
++ /* We are reusing lookup object and sending packet to another server so let's cleanup before we establish connection to new server. */
++ s->poll_api->watch_free(l->watch);
++ l->watch = NULL;
+
+- if (l->engine->fd_ipv4 < 0)
+- return -1;
++ close(l->fd);
++ l->fd = -EBADF;
++ }
+
+- return avahi_send_dns_packet_ipv4(l->engine->fd_ipv4, AVAHI_IF_UNSPEC, p, NULL, &a->data.ipv4, AVAHI_DNS_PORT);
++ assert(a->proto == AVAHI_PROTO_INET || a->proto == AVAHI_PROTO_INET6);
+
+- } else {
+- assert(a->proto == AVAHI_PROTO_INET6);
++ if (a->proto == AVAHI_PROTO_INET)
++ r = s->config.use_ipv4 ? avahi_open_unicast_socket_ipv4() : -1;
++ else
++ r = s->config.use_ipv6 ? avahi_open_unicast_socket_ipv6() : -1;
+
+- if (l->engine->fd_ipv6 < 0)
+- return -1;
++ if (r < 0) {
++ avahi_log_error(__FILE__ ": Failed to create socket for wide area lookup");
++ return -1;
++ }
+
+- return avahi_send_dns_packet_ipv6(l->engine->fd_ipv6, AVAHI_IF_UNSPEC, p, NULL, &a->data.ipv6, AVAHI_DNS_PORT);
++ w = s->poll_api->watch_new(s->poll_api, r, AVAHI_WATCH_IN, socket_event, l);
++ if (!w) {
++ close(r);
++ avahi_log_error(__FILE__ ": Failed to create socket watch for wide area lookup");
++ return -1;
+ }
++
++ l->fd = r;
++ l->watch = w;
++ l->proto = a->proto;
++
++ return a->proto == AVAHI_PROTO_INET ?
++ avahi_send_dns_packet_ipv4(l->fd, AVAHI_IF_UNSPEC, p, NULL, &a->data.ipv4, AVAHI_DNS_PORT):
++ avahi_send_dns_packet_ipv6(l->fd, AVAHI_IF_UNSPEC, p, NULL, &a->data.ipv6, AVAHI_DNS_PORT);
+ }
+
+ static void next_dns_server(AvahiWideAreaLookupEngine *e) {
+@@ -246,6 +279,9 @@ AvahiWideAreaLookup *avahi_wide_area_lookup_new(
+ l->dead = 0;
+ l->key = avahi_key_ref(key);
+ l->cname_key = avahi_key_new_cname(l->key);
++ l->fd = -EBADF;
++ l->watch = NULL;
++ l->proto = AVAHI_PROTO_UNSPEC;
+ l->callback = callback;
+ l->userdata = userdata;
+
+@@ -314,6 +350,12 @@ static void lookup_destroy(AvahiWideAreaLookup *l) {
+ if (l->cname_key)
+ avahi_key_unref(l->cname_key);
+
++ if (l->watch)
++ l->engine->server->poll_api->watch_free(l->watch);
++
++ if (l->fd >= 0)
++ close(l->fd);
++
+ avahi_free(l);
+ }
+
+@@ -572,14 +614,20 @@ static void handle_packet(AvahiWideAreaLookupEngine *e, AvahiDnsPacket *p) {
+ }
+
+ static void socket_event(AVAHI_GCC_UNUSED AvahiWatch *w, int fd, AVAHI_GCC_UNUSED AvahiWatchEvent events, void *userdata) {
+- AvahiWideAreaLookupEngine *e = userdata;
++ AvahiWideAreaLookup *l = userdata;
++ AvahiWideAreaLookupEngine *e = l->engine;
+ AvahiDnsPacket *p = NULL;
+
+- if (fd == e->fd_ipv4)
+- p = avahi_recv_dns_packet_ipv4(e->fd_ipv4, NULL, NULL, NULL, NULL, NULL);
++ assert(l);
++ assert(e);
++ assert(l->fd == fd);
++
++ if (l->proto == AVAHI_PROTO_INET)
++ p = avahi_recv_dns_packet_ipv4(l->fd, NULL, NULL, NULL, NULL, NULL);
+ else {
+- assert(fd == e->fd_ipv6);
+- p = avahi_recv_dns_packet_ipv6(e->fd_ipv6, NULL, NULL, NULL, NULL, NULL);
++ assert(l->proto == AVAHI_PROTO_INET6);
++
++ p = avahi_recv_dns_packet_ipv6(l->fd, NULL, NULL, NULL, NULL, NULL);
+ }
+
+ if (p) {
+@@ -598,32 +646,6 @@ AvahiWideAreaLookupEngine *avahi_wide_area_engine_new(AvahiServer *s) {
+ e->server = s;
+ e->cleanup_dead = 0;
+
+- /* Create sockets */
+- e->fd_ipv4 = s->config.use_ipv4 ? avahi_open_unicast_socket_ipv4() : -1;
+- e->fd_ipv6 = s->config.use_ipv6 ? avahi_open_unicast_socket_ipv6() : -1;
+-
+- if (e->fd_ipv4 < 0 && e->fd_ipv6 < 0) {
+- avahi_log_error(__FILE__": Failed to create wide area sockets: %s", strerror(errno));
+-
+- if (e->fd_ipv6 >= 0)
+- close(e->fd_ipv6);
+-
+- if (e->fd_ipv4 >= 0)
+- close(e->fd_ipv4);
+-
+- avahi_free(e);
+- return NULL;
+- }
+-
+- /* Create watches */
+-
+- e->watch_ipv4 = e->watch_ipv6 = NULL;
+-
+- if (e->fd_ipv4 >= 0)
+- e->watch_ipv4 = s->poll_api->watch_new(e->server->poll_api, e->fd_ipv4, AVAHI_WATCH_IN, socket_event, e);
+- if (e->fd_ipv6 >= 0)
+- e->watch_ipv6 = s->poll_api->watch_new(e->server->poll_api, e->fd_ipv6, AVAHI_WATCH_IN, socket_event, e);
+-
+ e->n_dns_servers = e->current_dns_server = 0;
+
+ /* Initialize cache */
+@@ -651,18 +673,6 @@ void avahi_wide_area_engine_free(AvahiWideAreaLookupEngine *e) {
+ avahi_hashmap_free(e->lookups_by_id);
+ avahi_hashmap_free(e->lookups_by_key);
+
+- if (e->watch_ipv4)
+- e->server->poll_api->watch_free(e->watch_ipv4);
+-
+- if (e->watch_ipv6)
+- e->server->poll_api->watch_free(e->watch_ipv6);
+-
+- if (e->fd_ipv6 >= 0)
+- close(e->fd_ipv6);
+-
+- if (e->fd_ipv4 >= 0)
+- close(e->fd_ipv4);
+-
+ avahi_free(e);
+ }
+
+@@ -680,7 +690,7 @@ void avahi_wide_area_set_servers(AvahiWideAreaLookupEngine *e, const AvahiAddres
+
+ if (a) {
+ for (e->n_dns_servers = 0; n > 0 && e->n_dns_servers < AVAHI_WIDE_AREA_SERVERS_MAX; a++, n--)
+- if ((a->proto == AVAHI_PROTO_INET && e->fd_ipv4 >= 0) || (a->proto == AVAHI_PROTO_INET6 && e->fd_ipv6 >= 0))
++ if (a->proto == AVAHI_PROTO_INET || a->proto == AVAHI_PROTO_INET6)
+ e->dns_servers[e->n_dns_servers++] = *a;
+ } else {
+ assert(n == 0);