From patchwork Mon Oct 27 06:09:14 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peng Zhang X-Patchwork-Id: 73056 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6839ECCF9E0 for ; Mon, 27 Oct 2025 06:09:41 +0000 (UTC) Received: from mx0b-0064b401.pphosted.com (mx0b-0064b401.pphosted.com [205.220.178.238]) by mx.groups.io with SMTP id smtpd.web11.25786.1761545372551407733 for ; Sun, 26 Oct 2025 23:09:32 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@windriver.com header.s=PPS06212021 header.b=rI0hcisc; spf=permerror, err=parse error for token &{10 18 %{ir}.%{v}.%{d}.spf.has.pphosted.com}: invalid domain name (domain: windriver.com, ip: 205.220.178.238, mailfrom: prvs=23958346cd=peng.zhang1.cn@windriver.com) Received: from pps.filterd (m0250812.ppops.net [127.0.0.1]) by mx0a-0064b401.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 59R4ZNmd1337097 for ; Mon, 27 Oct 2025 06:09:31 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=windriver.com; h=content-transfer-encoding:content-type:date:from:message-id :mime-version:subject:to; s=PPS06212021; bh=BeTmPO5Eo3lTh1frAh7/ 7SeMJfZ5iG7iHEvot2BrH0g=; b=rI0hcisck5eTu5X6wQNFR29WImMPVrhQ83fu OlWo5Zun9FH6Bm2cHENvc/491qq8TCoNpboO8mYBDWvpCeSuV27FRbe0CP13hRK3 OYCOcGvX+Q/xMSqU1dAEe8Sq8/TnFAdedyqGXJ3+yjHoZKmGpvOKT98fma8u56Sc fKs0z8sNqYvPynocawqqKAgzsdUJBE4g2fYD9FMfkxH/OGEpiY2f+MkdJRVT4TN0 F2ATOqcP2efAlxEtrBD/IfDZUwP+LqYWiR5Q1W1vjKb/x+tPA8bUIjeZxJ6b0ZnY hCNjYujZP6yuv0gDK6+EFRWBjcQ5qJ3b/9mBcnN90ujf1uMaAA== Received: from bn1pr04cu002.outbound.protection.outlook.com (mail-eastus2azon11010046.outbound.protection.outlook.com [52.101.56.46]) by mx0a-0064b401.pphosted.com (PPS) with ESMTPS id 4a0nh5sew8-1 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NOT) for ; Mon, 27 Oct 2025 06:09:30 +0000 (GMT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=DiSgipjNlRi5E5ixdL2bezyTBLPq7MtnGDjJFRGt6k8vD24QUXdWYgossQ0mqeUr8p35VSy+mneoy2p3ep8KzYli/poSkGA9GpP5RD1JKjbHPeNGdvWemDOJMSt8qNFHMXT5x6ZUTmO1b2dikALXGLgQxOlk3G/GlyWwRc3kcmXcI1a41cysk8Wce8zN/yJOqQWg7WAISm5E+EPEYoQZpw+cA8OLos5U4MMjKtiQYnT59eAUkMwiizkGGCGmkj0UYjFp5tXNGqoTjSRl6sTMCE2xRKEkNIk9W98iXuBHDfflGkEg6763YCCkreNceRh/l5lBNdKC+FZC+hNdSXKDSQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=BeTmPO5Eo3lTh1frAh7/7SeMJfZ5iG7iHEvot2BrH0g=; b=YLUueP7a2COM0rFBkHXBJFCaDXALIzPgb0VxxIjkZF+EDN2JZj4MhSycg8lkbkKl+u4axyYTT7VBMSg5XeNVREG7X9T9910jW0MYyYXAd4FmbTwtDn50MiWioCKVfKBOKNIt0+5JCpEV+ylKBUoyYOfa30qP8eK6cXxcIqSku4kamlrP7tRDGsL/zgGZpPkG3pJkfUnFp9jKqov3E7wZb7jJl6opNHZr6aiTNY9U1Zt1dvp7NOknzGXDIX+5ydP3tXzXmRQgkekYBInuSA7lrQbGBftQLgRCLQdXuOe1uy/L0k9O5LFaogZdGAbs1eN0Fi3KtG7jD9XtAT7Q9RoBqQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=windriver.com; dmarc=pass action=none header.from=windriver.com; dkim=pass header.d=windriver.com; arc=none Received: from CH3PR11MB8562.namprd11.prod.outlook.com (2603:10b6:610:1b8::13) by PH7PR11MB5820.namprd11.prod.outlook.com (2603:10b6:510:133::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9253.17; Mon, 27 Oct 2025 06:09:29 +0000 Received: from CH3PR11MB8562.namprd11.prod.outlook.com ([fe80::24c6:f8fc:1afe:179f]) by CH3PR11MB8562.namprd11.prod.outlook.com ([fe80::24c6:f8fc:1afe:179f%6]) with mapi id 15.20.9253.017; Mon, 27 Oct 2025 06:09:29 +0000 From: peng.zhang1.cn@windriver.com To: openembedded-core@lists.openembedded.org Subject: [OE-core][master][PATCH 1/2] avahi: fix CVE-2024-52616 Date: Mon, 27 Oct 2025 14:09:14 +0800 Message-ID: <20251027060915.930984-1-peng.zhang1.cn@windriver.com> X-Mailer: git-send-email 2.50.0 X-ClientProxiedBy: TYCPR01CA0063.jpnprd01.prod.outlook.com (2603:1096:405:2::27) To PH7PR11MB8570.namprd11.prod.outlook.com (2603:10b6:510:2ff::7) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CH3PR11MB8562:EE_|PH7PR11MB5820:EE_ X-MS-Office365-Filtering-Correlation-Id: e1878701-f7f8-4c21-c63d-08de151f6279 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|52116014|376014|1800799024|366016|13003099007|38350700014; X-Microsoft-Antispam-Message-Info: 2qkluuUEOG1OJOP4vjSfMMrCoobVO67T/dEkHbLQrNQVQnz+BmC2EsR8FhspppzsUtki5Q3jQE6dAdM1EHF5ESs+IiUdGf90RfEkunosH0kuVB2n9tfBCyUbOxV/wwgNSXohOBMbfFs/hfJz6oRDsxk/PuCa4Db4gxMLjy6vE7LveEADCyvbPC2BSEclktVtehjY6RWlnZyDbFLWhI0o60JcVe2blRgtKtAy33VnI6E5Q9gSgBDMtYzQvsyp3ZASrfzJ9rwTLzmmlDz8OlKRLpXsC+JdQdqlRHgBeKbd5hKJh4+diQLpKg1Yen/k6g5Jhub5v4TyRtuX3MJPANYqSWT4JALL4vhR/SXK2+NyM9nG9uVwfYK+t1LltpHJlkvQkfOPHSEs0iJGv+/vovCxi1asro0nOvNWnwax0BDZhyh3o+5V29mvyl2s7MSqrw7CMcZY4sq2JnSX6U3I1W/DCLx8KggfCbBZAw8sxF1jGSGtDlAxqSlMPI06+L2mC8QLw7EUUJ3DmswR2bAmcQ/ochRpK+NkKoMHt88tq+g6KXqxp8E8gQMk4YvwC13/pIhM+e8mfKVHxDDNJghgvSkBYCPfJIcL9PCuTjJGkzhsjo2H0iVLuCNdjDOLaj65rRKoqyDz6z5N2IWcKgWrgO61JJqK7zzfhJy1xIbIdqaEUXHYPZt/Hzj126LmpCW4ZvV8Mf9LMNF8f7+FHrVN6YrnbFB6H8PcHkCUygO8uWjoOre1sYXV6Ra1yXxFOtE7/Gat8MZW8py0N84kVc7figG/6BYhXlYj14inOPF7jU/LjuKOboTU8pSckkvP7kEC3sI+On6ToYrDCD94vpp0ynMKbs/9+owoFbBEe7b0VX8sj2RPXKQ4yF5Q6iaNai8/bhSOU+hDn6rLN+RQru/YqzyRYmYjamn/j5VMV1F+34gbMA/XkgCcpqZPeA7Jv4TvU60A1XKNKf9GOQihrQIIkv35+FyL+lbxDCf8UJOPtxLfCXRrk6NEFDDbMn9EQs7PPBC30SBZOGRoEFMsAg3+PPFizp/7l1AymUsltCIVweTiPSxuazW2Chg2i+ZHMyOpTtrfntNjW1eC9ZLanYlmGn7GWhJpvyilQpZ3b0luMYF7Sfx1+csKMFMt/9h71oof510oy+imwdnCoB+FJzF4ZFT4ph4qCMftown3wiKz3a+a/q5Ab9kWPAbIcC0k7Pt5JhrOLva+QYRK2oIOSSh/Qkz2vteG2X2Y3epJmN/jInj9npkTc/YjfDtWYjOzMwjwSJEkXbamR8s0X//USQEd5ikWo0Y2B5wWHuy46+Bzlh0tOS+KnwaLZaNycKcXd5BQblh0V3/Z9lgPAPCW5bDI4d+JpmK8HBBMRV1GKKb3XPD9BfDvw1dz4Ra6ww1FW59cvGi0M0rrGv5EzdqYHuHkg1pjg51YnHDMQk0d4rRjDqE3i5+nIt/mp1zfFebW+9g1E7ctcNuZkhITuHF8Zk/UF8kq8Qx9hOnq6n+daeRq6yh/dR/jLA9q5fYNj63BJRcZWlNNWsAK8qFS2tmhGdyTIP8h1A== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CH3PR11MB8562.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(52116014)(376014)(1800799024)(366016)(13003099007)(38350700014);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: XD6xY8ATs0yXggEa26Kie63L3f2A1UFHZqNaR1rHgkUYtiGNNo2GTqX21NRdIKSg2qFtM0XcsyQ0bw6z1p7KCobNxryt6CvgYWNX4tdY9GLIpPMtp1XC2kJ061Ya9tGB7OAbPHNszMA8CPWQKAM4P5z0qP6Gh/wxX7JtFXyddq9N2rlpNGV+sorUW2AIDC7UWkCr6uEItPkJ3YcRxRxEcaZqfxVLMR89CAdQ1OPghopCd+e0FmGx3NnFPKehaIDy7VF30y9r5ZGaSv0gtnlrWyBARbcpVAFZ82V/1JLUKseXv4CuZ8svNPnm+oqIPSTNxi8mzC1sNdPNAFND1V8GjYuTXjlqtQxhksI5OKAReIKB5p18uuEYSHdaPtQc+kq0WStZ0qef2ym3UxPfCT7y6c9QedM9BtekmUWY42hXrWqJ8NWTMAdsWb66l5P5AW8CyuOUN6AiW/7z5y7jaZJyNFZyvC7Xl35HGgDm2u76WYuXk77oQ6O7/R92n260KmEOAXlp+UaIKe6KUdqi+3g5qdsnuQVJ6Q1RIagwF9ghdYka+Ck+bOH+WTvvlaVU7uwMPZ4ukRNAYU83vGiWKAjJ9hN5y/4rizCNHIDCWWubiYuADwxyPeQN4TwEm5pDfQeE8SobpVu5s2JyPCrIc7F+r9Px6FOpXbKWe1sXLXVN0B/yVfyCORwg7sQCc1r/jZUv+q1CQ8l3HmmUts/CCBm60EZOTneCrh1YVR4qSShcD1tGNJMeTEHmAFkQApHbbUnUq0IKrnkPZsMS6m0WwynlmBfgHw1f4er+A42C0AR6BFndtn+NQExpu0UQJUtTeUuiPYZybxHuk54Z1iYn1ntLXd7WVcwPniO2EhkQFsp/wBfA9gUX8jOMiMaDZ6ns1fv/ie5I42NENnEtH+U+0FNcDh/fpI1JvbkvbFvCTfNux5boDjLLOKW2rJsDRbhq5qkEjSfeKq3Y4ZTKerPeq3gn7FwWTqqS0EXC+3RGm8oDvSURNia9+RsW5jegpidZRjwqXQMXVWrW//tImVLEhZ9Ztvdwsymz8WMLL925/c0skc8RPhUEAQtaxYcjpUpSEgfv8N+HldK6213LxeNd2+sNnjleBtzWIGF79unzfgQzS/mB47iYP/lj+o2V6WNDCebc1Z7YyH5rYnD7EH4vcN6Ti0j/ujKbt479cYmzhcN91Tp1wPQHdzTOD3xW9grOfQOrRtIeyF0HWjf8creQPWlOP6WRmil2TsdLWIoW16MPhKhurD9RAJD5y06vluSHORDSqoN0GgXyZcXHLWG7PSX7aJXoA1wBDcu1Q4RL/dpK7i9b1q1MQoHY2XCbcXrVq5I73fas2pRu5sixboznz0pHMGyb3m4T4dlTUMsEgfVoBmvwRbUrXFWAc6fffpfrc9hFEp0SaBkYqGgMeHMh33gRjq2VPf2MxjAH0/bmAIvDKpVxIcDFIp8D5yWtSQa9lDjqujccBxJp0hAvexJdVSMioKnGKzJgQR+IaUo6knLlUEKCiIbD4xFceKDmnMLsGmzN9smgAPSgBTdV5RzB1XIDzVJ1dHj8WcThSdNvLAIVv5hi4A909dX3qDX8x1WW198alT4RSuXFU1LkTIAfR8BBCA== X-OriginatorOrg: windriver.com X-MS-Exchange-CrossTenant-Network-Message-Id: e1878701-f7f8-4c21-c63d-08de151f6279 X-MS-Exchange-CrossTenant-AuthSource: PH7PR11MB8570.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 27 Oct 2025 06:09:28.9142 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 8ddb2873-a1ad-4a18-ae4e-4644631433be X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: RCqYaFVOwfKAdkJpqf/NzfdBlmVs/qmIHNhIg29VrPJ4DEWNNSz4E6MfsOc4ine/LZZi/1Ux3yZ71hf9Iy2dpbDSGxP0OUoQ+HGXwkpBgDo= X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH7PR11MB5820 X-Proofpoint-GUID: CgRo-PFpUsgrUHqNoDx2ZYlwuZ57njwH X-Proofpoint-Spam-Details-Enc: AW1haW4tMjUxMDI3MDA1NSBTYWx0ZWRfX3eR/V9PeGeT/ vFd1QOc0wyk9vTzRkAVbrSDPHmv+8PERH2iTM2h8KEyzmbCNyMdAMjA6m9eDSLLOSWhfLZKWecP +tdKJ+JWmucw12L8E3j2VTQuetnmnPKYV44IOCfSM7BqMZFTiaS9I+qPsTv9l2XHuWxfjNk7Myt KawPAYkzx9TCKRxSrbvnI3c3pvBfv2eI2OlWmJQv9sKTI32qaVYE/8Q4KoGp9PBDuHGebyo5XlS Z2Co0LYFK+GLJ87Xtfi3vXqMMpXX6lpIQVxPtwMlKWQ2zuhw7R8eEjej6VhVFUGVDu3hbUTDVML ZBZJHPEoDj1DdQHIqMrElXPxfwMGwD6Fr5jtoS7j+6ScS5l+J3quDsWiTsR/nIAnLbuGU8Y6/Y9 i0aaYzkrbyln9bKmSt8hOdNvulkhiw== X-Authority-Analysis: v=2.4 cv=FOoWBuos c=1 sm=1 tr=0 ts=68ff0c9b cx=c_pps a=miuBlqXM8bFb40OTON37XA==:117 a=6eWqkTHjU83fiwn7nKZWdM+Sl24=:19 a=z/mQ4Ysz8XfWz/Q5cLBRGdckG28=:19 a=lCpzRmAYbLLaTzLvsPZ7Mbvzbb8=:19 a=xqWC_Br6kY4A:10 a=x6icFKpwvdMA:10 a=VkNPw1HP01LnGYTKEx00:22 a=PYnjg3YJAAAA:8 a=NEAV23lmAAAA:8 a=t7CeM3EgAAAA:8 a=_enOPnqeAAAA:8 a=20KFwNOVAAAA:8 a=z2BOVTbumQ4ULxXF9BsA:9 a=FdTzh2GWekK77mhwV6Dw:22 a=XAbD3I9PDrnSMThV5XoS:22 X-Proofpoint-ORIG-GUID: CgRo-PFpUsgrUHqNoDx2ZYlwuZ57njwH X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1121,Hydra:6.1.9,FMLib:17.12.80.40 definitions=2025-10-27_03,2025-10-22_01,2025-03-28_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 impostorscore=0 adultscore=0 suspectscore=0 lowpriorityscore=0 phishscore=0 malwarescore=0 clxscore=1015 spamscore=0 priorityscore=1501 bulkscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2510020000 definitions=main-2510270055 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 27 Oct 2025 06:09:41 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/225321 From: Zhang Peng CVE-2024-52616: A flaw was found in the Avahi-daemon, where it initializes DNS transaction IDs randomly only once at startup, incrementing them sequentially after that. This predictable behavior facilitates DNS spoofing attacks, allowing attackers to guess transaction IDs. Reference: [https://nvd.nist.gov/vuln/detail/CVE-2024-52616] [https://github.com/avahi/avahi/security/advisories/GHSA-r9j3-vjjh-p8vm] Upstream patches: [https://github.com/avahi/avahi/commit/f8710bdc8b29ee1176fe3bfaeabebbda1b7a79f7] Signed-off-by: Zhang Peng Signed-off-by: Steve Sakoman (Cherry pick from commit 28de3f131b17dc4165df927060ee51f0de3ada90) Signed-off-by: Zhang Peng --- meta/recipes-connectivity/avahi/avahi_0.8.bb | 1 + .../avahi/files/CVE-2024-52616.patch | 104 ++++++++++++++++++ 2 files changed, 105 insertions(+) create mode 100644 meta/recipes-connectivity/avahi/files/CVE-2024-52616.patch diff --git a/meta/recipes-connectivity/avahi/avahi_0.8.bb b/meta/recipes-connectivity/avahi/avahi_0.8.bb index 220160a7e1..734a73541f 100644 --- a/meta/recipes-connectivity/avahi/avahi_0.8.bb +++ b/meta/recipes-connectivity/avahi/avahi_0.8.bb @@ -35,6 +35,7 @@ SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/avahi-${PV}.tar.gz \ file://CVE-2023-38471-2.patch \ file://CVE-2023-38472.patch \ file://CVE-2023-38473.patch \ + file://CVE-2024-52616.patch \ " GITHUB_BASE_URI = "https://github.com/avahi/avahi/releases/" diff --git a/meta/recipes-connectivity/avahi/files/CVE-2024-52616.patch b/meta/recipes-connectivity/avahi/files/CVE-2024-52616.patch new file mode 100644 index 0000000000..a156f98728 --- /dev/null +++ b/meta/recipes-connectivity/avahi/files/CVE-2024-52616.patch @@ -0,0 +1,104 @@ +From f8710bdc8b29ee1176fe3bfaeabebbda1b7a79f7 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= +Date: Mon, 11 Nov 2024 00:56:09 +0100 +Subject: [PATCH] Properly randomize query id of DNS packets + +CVE: CVE-2024-52616 +Upstream-Status: Backport [https://github.com/avahi/avahi/commit/f8710bdc8b29ee1176fe3bfaeabebbda1b7a79f7] + +Signed-off-by: Zhang Peng +--- + avahi-core/wide-area.c | 36 ++++++++++++++++++++++++++++-------- + configure.ac | 3 ++- + 2 files changed, 30 insertions(+), 9 deletions(-) + +diff --git a/avahi-core/wide-area.c b/avahi-core/wide-area.c +index 971f5e714..00a15056e 100644 +--- a/avahi-core/wide-area.c ++++ b/avahi-core/wide-area.c +@@ -40,6 +40,13 @@ + #include "addr-util.h" + #include "rr-util.h" + ++#ifdef HAVE_SYS_RANDOM_H ++#include ++#endif ++#ifndef HAVE_GETRANDOM ++# define getrandom(d, len, flags) (-1) ++#endif ++ + #define CACHE_ENTRIES_MAX 500 + + typedef struct AvahiWideAreaCacheEntry AvahiWideAreaCacheEntry; +@@ -84,8 +91,6 @@ struct AvahiWideAreaLookupEngine { + int fd_ipv4, fd_ipv6; + AvahiWatch *watch_ipv4, *watch_ipv6; + +- uint16_t next_id; +- + /* Cache */ + AVAHI_LLIST_HEAD(AvahiWideAreaCacheEntry, cache); + AvahiHashmap *cache_by_key; +@@ -201,6 +206,26 @@ static void sender_timeout_callback(AvahiTimeEvent *e, void *userdata) { + avahi_time_event_update(e, avahi_elapse_time(&tv, 1000, 0)); + } + ++static uint16_t get_random_uint16(void) { ++ uint16_t next_id; ++ ++ if (getrandom(&next_id, sizeof(next_id), 0) == -1) ++ next_id = (uint16_t) rand(); ++ return next_id; ++} ++ ++static uint16_t avahi_wide_area_next_id(AvahiWideAreaLookupEngine *e) { ++ uint16_t next_id; ++ ++ next_id = get_random_uint16(); ++ while (find_lookup(e, next_id)) { ++ /* This ID is already used, get new. */ ++ next_id = get_random_uint16(); ++ } ++ return next_id; ++} ++ ++ + AvahiWideAreaLookup *avahi_wide_area_lookup_new( + AvahiWideAreaLookupEngine *e, + AvahiKey *key, +@@ -227,11 +252,7 @@ AvahiWideAreaLookup *avahi_wide_area_lookup_new( + /* If more than 65K wide area quries are issued simultaneously, + * this will break. This should be limited by some higher level */ + +- for (;; e->next_id++) +- if (!find_lookup(e, e->next_id)) +- break; /* This ID is not yet used. */ +- +- l->id = e->next_id++; ++ l->id = avahi_wide_area_next_id(e); + + /* We keep the packet around in case we need to repeat our query */ + l->packet = avahi_dns_packet_new(0); +@@ -604,7 +625,6 @@ AvahiWideAreaLookupEngine *avahi_wide_area_engine_new(AvahiServer *s) { + e->watch_ipv6 = s->poll_api->watch_new(e->server->poll_api, e->fd_ipv6, AVAHI_WATCH_IN, socket_event, e); + + e->n_dns_servers = e->current_dns_server = 0; +- e->next_id = (uint16_t) rand(); + + /* Initialize cache */ + AVAHI_LLIST_HEAD_INIT(AvahiWideAreaCacheEntry, e->cache); +diff --git a/configure.ac b/configure.ac +index a3211b80e..31bce3d76 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -367,7 +367,8 @@ AC_FUNC_SELECT_ARGTYPES + # whether libc's malloc does too. (Same for realloc.) + #AC_FUNC_MALLOC + #AC_FUNC_REALLOC +-AC_CHECK_FUNCS([gethostname memchr memmove memset mkdir select socket strchr strcspn strdup strerror strrchr strspn strstr uname setresuid setreuid setresgid setregid strcasecmp gettimeofday putenv strncasecmp strlcpy gethostbyname seteuid setegid setproctitle getprogname]) ++AC_CHECK_FUNCS([gethostname memchr memmove memset mkdir select socket strchr strcspn strdup strerror strrchr strspn strstr uname setresuid setreuid setresgid setregid strcasecmp gettimeofday putenv strncasecmp strlcpy gethostbyname seteuid setegid setproctitle getprogname getrandom]) ++AC_CHECK_HEADERS([sys/random.h]) + + AC_FUNC_CHOWN + AC_FUNC_STAT + From patchwork Mon Oct 27 06:09:15 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peng Zhang X-Patchwork-Id: 73057 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6E4B6CCD1A5 for ; Mon, 27 Oct 2025 06:09:41 +0000 (UTC) Received: from mx0b-0064b401.pphosted.com (mx0b-0064b401.pphosted.com [205.220.178.238]) by mx.groups.io with SMTP id smtpd.web11.25787.1761545374289940035 for ; Sun, 26 Oct 2025 23:09:34 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@windriver.com header.s=PPS06212021 header.b=qGNIoOST; spf=permerror, err=parse error for token &{10 18 %{ir}.%{v}.%{d}.spf.has.pphosted.com}: invalid domain name (domain: windriver.com, ip: 205.220.178.238, mailfrom: prvs=23958346cd=peng.zhang1.cn@windriver.com) Received: from pps.filterd (m0250811.ppops.net [127.0.0.1]) by mx0a-0064b401.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 59R5coMc2351312 for ; Mon, 27 Oct 2025 06:09:33 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=windriver.com; h=content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to; s=PPS06212021; bh=CZsy0bXrc/xkAa7VGJjUd9ozWMY5EHmXCHLe29DdxZ0=; b=qGNIoOSTGxst +EeaXCNr+p9aGRJ3/HZOh8uA3QQqsnITkeHZUrJbXOC8iXFBpyD2XY1MAlNz36JJ lLvkHLgqApRU8iTCaT9cnWMRuic1c64EoKDtImkWr9m+YjG5kl5RVbwf/3tB773t RHEIWYBRj+TvAt9y+GcRiKmgYkT7gdrVm/S+DnitNusYDVgwGI1+DHCRdYTBF49m baMcrLjxXtnt/Rvb0Ipzfyclv0lqXPC9hQ5HnhKQrHayblYNLSU+35gqkRoq1HQ/ hzrQ79c9iSHvLrTvQY4OD3fPM+ZdUf8NdPagGMcf67ltFAuG3eTqgbrp+bMFq9OW fTpo75IK5g== Received: from bn1pr04cu002.outbound.protection.outlook.com (mail-eastus2azon11010064.outbound.protection.outlook.com [52.101.56.64]) by mx0a-0064b401.pphosted.com (PPS) with ESMTPS id 4a0ks01h5e-1 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NOT) for ; Mon, 27 Oct 2025 06:09:33 +0000 (GMT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=vhitTMg1u8VUx4Iux+NTU4lqzjFVrTFjebHeqbp3NDTgSyy7Rk/d3D/R2znxLVIJ0uTcGYpk9VPMTqHZ5byKxuPLZl4U9y31a6WGhSaGZTiOGqaA4pU+1N3OQ67IO7XsfiS2tDeiNLs/l4ecyUCnJMWMBx8RsPFOwjkzyo0U6ABnreKpc2mpZk+9HmjGXpkqArcn0KgzBbovbFEO8pMx7ZcAnU5iYjwKAgtf4F1DLvvZclN0AnWWjXyNUFkC5gfCCzm0BT7LLnKfGxq61L5biri0OJZz3efzSPJ1CBi9eqj3tw2r7v8ZQr/b0rB7EPA0Gfv67UkGSLiuIkVxK+Y4TQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=CZsy0bXrc/xkAa7VGJjUd9ozWMY5EHmXCHLe29DdxZ0=; b=WOI55nUoHRvEU1PBxZuSzFfNpq2+8VJzB+i6BCiRWy9bTx7rpS17iVa4OesfP2WXyDbctXuBDP8vE2QjG4XNKq6U0QlO7Daa4el9bc3tx96nZRdBswtOs/xRW7K90Cf+SbJzyUtH03bO7x9/eYvllJGAAzq+I3PjCDpBQBcFmRyj8VrHwe6wSKnRbbDLe45cfz32SH8a1IAp1nP8o3Tk1x0P/UyCMt1lq91kjBsDwfUZFzebuCQ2O9fQ4gGYeZ2TDYWMQ0/vWUaR8Q0mALYbZrAGTndF+P88v+z/44iv+6ciGqJsH+2JLwS+AovCNXh/BQIjX04dvxgMcagMfwZBDg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=windriver.com; dmarc=pass action=none header.from=windriver.com; dkim=pass header.d=windriver.com; arc=none Received: from CH3PR11MB8562.namprd11.prod.outlook.com (2603:10b6:610:1b8::13) by PH7PR11MB5820.namprd11.prod.outlook.com (2603:10b6:510:133::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9253.17; Mon, 27 Oct 2025 06:09:31 +0000 Received: from CH3PR11MB8562.namprd11.prod.outlook.com ([fe80::24c6:f8fc:1afe:179f]) by CH3PR11MB8562.namprd11.prod.outlook.com ([fe80::24c6:f8fc:1afe:179f%6]) with mapi id 15.20.9253.017; Mon, 27 Oct 2025 06:09:31 +0000 From: peng.zhang1.cn@windriver.com To: openembedded-core@lists.openembedded.org Subject: [OE-core][master][PATCH 2/2] avahi: fix CVE-2024-52615 Date: Mon, 27 Oct 2025 14:09:15 +0800 Message-ID: <20251027060915.930984-2-peng.zhang1.cn@windriver.com> X-Mailer: git-send-email 2.50.0 In-Reply-To: <20251027060915.930984-1-peng.zhang1.cn@windriver.com> References: <20251027060915.930984-1-peng.zhang1.cn@windriver.com> X-ClientProxiedBy: TYCPR01CA0063.jpnprd01.prod.outlook.com (2603:1096:405:2::27) To PH7PR11MB8570.namprd11.prod.outlook.com (2603:10b6:510:2ff::7) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CH3PR11MB8562:EE_|PH7PR11MB5820:EE_ X-MS-Office365-Filtering-Correlation-Id: 99801ed3-8a0e-4caf-e55b-08de151f6485 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|52116014|376014|1800799024|366016|13003099007|38350700014; X-Microsoft-Antispam-Message-Info: N3LWm+G7F3rioWiFtx3uTmEH8hoZcoizpzRo4Moo4pGaNYnwBYr3KSMpSoLoFhGnSnOMs4aYDAq7jn1d7jkTvUNmYeQSN7oarlLrU0sOlMKMzMwILGOEjkzLMDWiGzpo2uGrxGTTYrFXkWwog9IGEy0xNkepBKHMVs6anNYlaqLmVvxYgIxqbv8tXj+MqBthiXf+BhGnQcraqzu0Fv9e5mwF7nqBr2dnGLMuDjRLsyqBjQZiV6DnMYH+lLsJrfnaNDk/IW5BLKZ0PND6Z7cl0lKFfVdl31v34cDbpWwupB2yWWTkYTWnS22A/0+rag9+Fui8RjJpuD+7GUdDTUMEAn7zAuIZBvPpT07tZfTxjEYDCH3an14vIbISjUl+wZqCA2WF0FpebhqtAXDjQ5SBDjzE/deXCQL1GBl7fLU9Z6DHIzjZRaCEAJ1zJaxCewN5gVAubgBgUxpVqgklU54fSY2YA51/flcunJGTLJlg+CFsPfhzbwg3xlowBToofvE9I+kQH7egdjSRFkdaVmLDU4N+iC/HRV7onlZjRGE2aCQ+NyXVpFxznykqsP5/K4oBHj/94LTt+RLiHjBDT/GbYjF/a1bziQISvGYAOcjsQgK2hnzqH1sBRJokg93BZAHXID+VZI1mqF+o+NNSx4Fpddt6II4lvGEF81HszQMINJ1ivp2uEa4WaqhUNL/bsKpeh+oVUhPDipH0Quko7Aw1GkUp7fcK7ZcMxwQ4hrVvW81acAOhTLAXv7A/mgctAiXp7O+TTDrjZYktrOogfmVaClGnTOWbd86ScPeSBeoFt0R2Q0BMpYVVLgptG+4wOhpbncUFyVLMBrDQQn9sSU2m1jjR9Tpu68w1XVScH+llu1akRDOO0ai97InpyD3nqLr04MM/KPCFV07HTms5iyLfOipYjVxJjnMw04T5Kz0laHlB3h2ivE7/3s3p504Ct5Gxi0gtud4VYAEIswyetm6EuBNPkS/OTuVhctN5cVuXGZmDbZ/gVGMR7i1wqI9cZPLIx0XyXx7pAd8QurG0uttUJy/7ZQWxa8oCK/lrmbqnhfsYbseueJLHCPi/ja00N+bwOoEC1wmvWXmuXQ53j0GmKDJSKhoDLXbr6TCPz9DoQIWa65QQz5m3LigPJ1AHWHUI1wcEzUfcc1rMiWI3VGVJUlSXBLYKaqojbRShkE8rfn9We7j0UXiWhHwmGx/QokQLVcpMyC4Iy+DECELrJ33DCdN/5YkAH36swPFjOHqNCrhJtcoRBjqjxjGeIHQUltA5r65Io13D/u4joYnF9oC0mtpAAAGm2byM3Er9l4aK1U/ACj3tvJ3AlwVXrn0rZ4OddM5nSBdN5UzQpf6TXs1xiZjEDJpHAM3BxQmxP958+YFjIAtOZQsW0RB/TE/Ywd5RiT1LZw2MfHEePQeHydHDs7aMM0Azb2fENk0IY21LT6xxQ6d3wDt1nLex+wXy9pQurDDVciH7lg8ZPKNcMGt5YiXp0K15QcOhqfRWa+q1nYbc1xaB6YUFvHYExcmhtFHGso4/a4koBJh7d6LIYDhaeQ== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CH3PR11MB8562.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(52116014)(376014)(1800799024)(366016)(13003099007)(38350700014);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: Pzl8B321JBbfC0WgTc/taueeqxUWurh+PR9wRXXczjyO2HkV+jZ8ElgAxWpC48WQgpqJ3V+3m1ZKuF49MDl4+RdUGBNuCiWaifNYntu0gBLSq41fLMd4FQEkxnshZgXtMLe3Itq1suZNntdBKj70Wr/OxJ6vAqbEV4B7ULwyg2XKEPw/DSG7iMs/fpSBvo3/V0C74ydK4CqZFlvlnx6hD/VPRvkWOF9xp3RKh6H2SYcwRwt0nA2x1GephGI1LRIynE7e44RvasjBLaBhP0DJ4SQB7e1FitKWSQHtffnc3aJYwhFkzWeAnf2waS+lfA/Pf/368FOKcnXe6wESa78MCc4WMpTm0hqMX/yjbHbwI4D7PJRRT9Uc6CbvA9JqDPV7GiXmK1nl9I7gVcOwDo9MVLxa8SW0FR4X/at4iba8fZTFRovNksiIRUnxCy7JzhMHRTXx0GUy1BhAEnqHXuM2ceL98DAk16J1H818taur2mItwkNr1JUJ7EaPU2GmROStqkdNtz6TwwUDtfBg4rqCDVFHvB7myqspy3z8uQoJBl72LmnEtRrsTh42gPo80tkiWEoOFoVzEtgz2LfDwXZpmh/sTkcMVgRSDp7468f8r0ZE4kgKhiBlv0d694zk5qdxHwqxa8KBmL3zMHiZam3l7hj5ZNT5FfeNB1Vx9Tb6c/RsqFUAcoN45fhFbaMckWM81HKBnt2mHdxVjUJQMe8Uo0s4istEnFhd/aG4vYjk2+QazgVqNQ+SNmUDzuTjHL736oDgK2O0UdSh+0wJw12WTpQ9fvarc+2KWHunSH/v37fVRQ6xVkhZ2qOEfS9oK2MqDOjqfaKRn4omyqNxjzwiRSJCqkPc5xX8QmddfSbanar7sWuIjrvA0JMkhlQt9ZEUQRkZcIbBay1eG9YzrctxuQfsYqgEP+S/52dSLi5SZGske7C5/o0boz+lB32pN12pNg5ggaDDBndE4xITcVxxCbnqpkCRb63yIDB9By1pSLZOfqUQcF085o3DOYW1DZbbVHauZDNW/YG6aGfE9OWUvAtcyrtYUBxVYdrukOVWvQRi6nZOk2WZbr5bf+1UTtIHjLXVzqawyxLlifnVFMts55SGNMApQ8goj1OZoMZ2W1KjBdEuND1EZdcfPiEc79FLy8aIZvJWamJfXa3OxapJ/x1+Cun/XTls3b2CzZfCqW2+iA+q4F0yh4OirsWcGvJ/Q7i3ZDT0jfytw+hdZt2u/i2H8tpUgiXZ5mAgXz2Orrn722xe1aCy05yjFpbDjnN8CLtiW98gq7+q595q35meTwuBhpSeGjJD5evk9AuFC7qMbUzN9qVDjvhBsmFUjeiNycDuoP6WC6LX/S3Z4ebmSjlc4WML6x2CtinXUT4Xrhx3oIXQzI3TZdixU8OwOyODdoFTEnLfb+ZCeAWGSQiDJI/fnAiphclFObsK0qRXNFmPY2D7HAgXFULC/4oG3TYjHA93lAAaVIUwVzgeUNI14SnWp91O/++RFZp/iwFMQuP4A8kSg9bZm7PhLK8zKpS0L6pGqK445/Q7pnmF/zJkv4NA1Pw+Umga1Ghu0E5RVu0BGnnfGsesJ9PSrRj3ERsGIp7vULYkAbNGacBcV83SLA== X-OriginatorOrg: windriver.com X-MS-Exchange-CrossTenant-Network-Message-Id: 99801ed3-8a0e-4caf-e55b-08de151f6485 X-MS-Exchange-CrossTenant-AuthSource: PH7PR11MB8570.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 27 Oct 2025 06:09:31.7621 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 8ddb2873-a1ad-4a18-ae4e-4644631433be X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 9HJ+GQmddc7Wz+z63gek/Yvocw9GrSJQf956Qxwkr8gUIEBQWnthMrylzvJqoZPPorqYqN7KWG8HtYPmoNTcZaMQtuLC1mhOiTLiVQrGVFY= X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH7PR11MB5820 X-Proofpoint-GUID: DqscdsBSnpK6uf0PXBWRf71KgwdUaBKn X-Proofpoint-Spam-Details-Enc: AW1haW4tMjUxMDI3MDA1NSBTYWx0ZWRfX6P9uE1ngaH7E 0EtmsosVVO5O/GTofJ9fohV9ihojWDgJ/LVlKbqtNIu8QMa+3A3Up0yUxXGirsjMD/lgx0lwJvc MjZ4LNapcNt2hiNE2OGco7uqUPjJHA0/R4fwWephhQu5XmV4m+9LzgPEb6cNIKYsUBa1lsxmehb vx4fi+qDvhGBEQyqKbOATASxzpB1uZixNiR4RgIJ2FEcus4rcjF8uFePOPk1wQhsjpx3kffenKl AZ5JjFip+cihu6WQ8TF6hjVe9Ooh+XXpumF33VCeS1CRNUWwBkJH8DDgy3J6VA8xFDT+r6/PbBE mMP7Z1lQeUnpZZzlFV2eEF3BzmjCcp4Q7domQbzBFOmE5N5Gte/oL7j8FKS2iufiQb59i7vrvd1 UcI4OQkENpoqBzTqsHXUJUsfXkvHsQ== X-Authority-Analysis: v=2.4 cv=CIknnBrD c=1 sm=1 tr=0 ts=68ff0c9d cx=c_pps a=tGbvjRCxuxMasaU8K2d5rg==:117 a=6eWqkTHjU83fiwn7nKZWdM+Sl24=:19 a=z/mQ4Ysz8XfWz/Q5cLBRGdckG28=:19 a=lCpzRmAYbLLaTzLvsPZ7Mbvzbb8=:19 a=xqWC_Br6kY4A:10 a=x6icFKpwvdMA:10 a=VkNPw1HP01LnGYTKEx00:22 a=PYnjg3YJAAAA:8 a=NEAV23lmAAAA:8 a=t7CeM3EgAAAA:8 a=_enOPnqeAAAA:8 a=20KFwNOVAAAA:8 a=A2HaFPfzqYc8LxoZLAkA:9 a=FdTzh2GWekK77mhwV6Dw:22 a=XAbD3I9PDrnSMThV5XoS:22 X-Proofpoint-ORIG-GUID: DqscdsBSnpK6uf0PXBWRf71KgwdUaBKn X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1121,Hydra:6.1.9,FMLib:17.12.80.40 definitions=2025-10-27_03,2025-10-22_01,2025-03-28_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 malwarescore=0 clxscore=1015 priorityscore=1501 impostorscore=0 lowpriorityscore=0 bulkscore=0 suspectscore=0 phishscore=0 adultscore=0 spamscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2510020000 definitions=main-2510270055 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 27 Oct 2025 06:09:41 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/225322 From: Zhang Peng CVE-2024-52615: A flaw was found in Avahi-daemon, which relies on fixed source ports for wide-area DNS queries. This issue simplifies attacks where malicious DNS responses are injected. Reference: [https://nvd.nist.gov/vuln/detail/CVE-2024-52615] [https://github.com/avahi/avahi/security/advisories/GHSA-x6vp-f33h-h32g] Upstream patches: [https://github.com/avahi/avahi/commit/4e2e1ea0908d7e6ad7f38ae04fdcdf2411f8b942] Signed-off-by: Zhang Peng Signed-off-by: Steve Sakoman (Cherry pick from commit: ec22ec26b3f40ed5e0d84d60c29d8c315cf72e23) Signed-off-by: Zhang Peng --- meta/recipes-connectivity/avahi/avahi_0.8.bb | 1 + .../avahi/files/CVE-2024-52615.patch | 228 ++++++++++++++++++ 2 files changed, 229 insertions(+) create mode 100644 meta/recipes-connectivity/avahi/files/CVE-2024-52615.patch diff --git a/meta/recipes-connectivity/avahi/avahi_0.8.bb b/meta/recipes-connectivity/avahi/avahi_0.8.bb index 734a73541f..4fe8ba4d28 100644 --- a/meta/recipes-connectivity/avahi/avahi_0.8.bb +++ b/meta/recipes-connectivity/avahi/avahi_0.8.bb @@ -36,6 +36,7 @@ SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/avahi-${PV}.tar.gz \ file://CVE-2023-38472.patch \ file://CVE-2023-38473.patch \ file://CVE-2024-52616.patch \ + file://CVE-2024-52615.patch \ " GITHUB_BASE_URI = "https://github.com/avahi/avahi/releases/" diff --git a/meta/recipes-connectivity/avahi/files/CVE-2024-52615.patch b/meta/recipes-connectivity/avahi/files/CVE-2024-52615.patch new file mode 100644 index 0000000000..9737f52837 --- /dev/null +++ b/meta/recipes-connectivity/avahi/files/CVE-2024-52615.patch @@ -0,0 +1,228 @@ +From 4e2e1ea0908d7e6ad7f38ae04fdcdf2411f8b942 Mon Sep 17 00:00:00 2001 +From: Michal Sekletar +Date: Wed, 27 Nov 2024 18:07:32 +0100 +Subject: [PATCH] core/wide-area: fix for CVE-2024-52615 + +CVE: CVE-2024-52615 +Upstream-Status: Backport [https://github.com/avahi/avahi/commit/4e2e1ea0908d7e6ad7f38ae04fdcdf2411f8b942] + +Signed-off-by: Zhang Peng +--- + avahi-core/wide-area.c | 128 ++++++++++++++++++++++------------------- + 1 file changed, 69 insertions(+), 59 deletions(-) + +diff --git a/avahi-core/wide-area.c b/avahi-core/wide-area.c +index 00a15056e..06df7afc6 100644 +--- a/avahi-core/wide-area.c ++++ b/avahi-core/wide-area.c +@@ -81,6 +81,10 @@ struct AvahiWideAreaLookup { + + AvahiAddress dns_server_used; + ++ int fd; ++ AvahiWatch *watch; ++ AvahiProtocol proto; ++ + AVAHI_LLIST_FIELDS(AvahiWideAreaLookup, lookups); + AVAHI_LLIST_FIELDS(AvahiWideAreaLookup, by_key); + }; +@@ -88,9 +92,6 @@ struct AvahiWideAreaLookup { + struct AvahiWideAreaLookupEngine { + AvahiServer *server; + +- int fd_ipv4, fd_ipv6; +- AvahiWatch *watch_ipv4, *watch_ipv6; +- + /* Cache */ + AVAHI_LLIST_HEAD(AvahiWideAreaCacheEntry, cache); + AvahiHashmap *cache_by_key; +@@ -125,35 +126,67 @@ static AvahiWideAreaLookup* find_lookup(AvahiWideAreaLookupEngine *e, uint16_t i + return l; + } + ++static void socket_event(AVAHI_GCC_UNUSED AvahiWatch *w, int fd, AVAHI_GCC_UNUSED AvahiWatchEvent events, void *userdata); ++ + static int send_to_dns_server(AvahiWideAreaLookup *l, AvahiDnsPacket *p) { ++ AvahiWideAreaLookupEngine *e; + AvahiAddress *a; ++ AvahiServer *s; ++ AvahiWatch *w; ++ int r; + + assert(l); + assert(p); + +- if (l->engine->n_dns_servers <= 0) ++ e = l->engine; ++ assert(e); ++ ++ s = e->server; ++ assert(s); ++ ++ if (e->n_dns_servers <= 0) + return -1; + +- assert(l->engine->current_dns_server < l->engine->n_dns_servers); ++ assert(e->current_dns_server < e->n_dns_servers); + +- a = &l->engine->dns_servers[l->engine->current_dns_server]; ++ a = &e->dns_servers[e->current_dns_server]; + l->dns_server_used = *a; + +- if (a->proto == AVAHI_PROTO_INET) { ++ if (l->fd >= 0) { ++ /* We are reusing lookup object and sending packet to another server so let's cleanup before we establish connection to new server. */ ++ s->poll_api->watch_free(l->watch); ++ l->watch = NULL; + +- if (l->engine->fd_ipv4 < 0) +- return -1; ++ close(l->fd); ++ l->fd = -EBADF; ++ } + +- return avahi_send_dns_packet_ipv4(l->engine->fd_ipv4, AVAHI_IF_UNSPEC, p, NULL, &a->data.ipv4, AVAHI_DNS_PORT); ++ assert(a->proto == AVAHI_PROTO_INET || a->proto == AVAHI_PROTO_INET6); + +- } else { +- assert(a->proto == AVAHI_PROTO_INET6); ++ if (a->proto == AVAHI_PROTO_INET) ++ r = s->config.use_ipv4 ? avahi_open_unicast_socket_ipv4() : -1; ++ else ++ r = s->config.use_ipv6 ? avahi_open_unicast_socket_ipv6() : -1; + +- if (l->engine->fd_ipv6 < 0) +- return -1; ++ if (r < 0) { ++ avahi_log_error(__FILE__ ": Failed to create socket for wide area lookup"); ++ return -1; ++ } + +- return avahi_send_dns_packet_ipv6(l->engine->fd_ipv6, AVAHI_IF_UNSPEC, p, NULL, &a->data.ipv6, AVAHI_DNS_PORT); ++ w = s->poll_api->watch_new(s->poll_api, r, AVAHI_WATCH_IN, socket_event, l); ++ if (!w) { ++ close(r); ++ avahi_log_error(__FILE__ ": Failed to create socket watch for wide area lookup"); ++ return -1; + } ++ ++ l->fd = r; ++ l->watch = w; ++ l->proto = a->proto; ++ ++ return a->proto == AVAHI_PROTO_INET ? ++ avahi_send_dns_packet_ipv4(l->fd, AVAHI_IF_UNSPEC, p, NULL, &a->data.ipv4, AVAHI_DNS_PORT): ++ avahi_send_dns_packet_ipv6(l->fd, AVAHI_IF_UNSPEC, p, NULL, &a->data.ipv6, AVAHI_DNS_PORT); + } + + static void next_dns_server(AvahiWideAreaLookupEngine *e) { +@@ -246,6 +279,9 @@ AvahiWideAreaLookup *avahi_wide_area_lookup_new( + l->dead = 0; + l->key = avahi_key_ref(key); + l->cname_key = avahi_key_new_cname(l->key); ++ l->fd = -EBADF; ++ l->watch = NULL; ++ l->proto = AVAHI_PROTO_UNSPEC; + l->callback = callback; + l->userdata = userdata; + +@@ -314,6 +350,12 @@ static void lookup_destroy(AvahiWideAreaLookup *l) { + if (l->cname_key) + avahi_key_unref(l->cname_key); + ++ if (l->watch) ++ l->engine->server->poll_api->watch_free(l->watch); ++ ++ if (l->fd >= 0) ++ close(l->fd); ++ + avahi_free(l); + } + +@@ -572,14 +614,20 @@ static void handle_packet(AvahiWideAreaLookupEngine *e, AvahiDnsPacket *p) { + } + + static void socket_event(AVAHI_GCC_UNUSED AvahiWatch *w, int fd, AVAHI_GCC_UNUSED AvahiWatchEvent events, void *userdata) { +- AvahiWideAreaLookupEngine *e = userdata; ++ AvahiWideAreaLookup *l = userdata; ++ AvahiWideAreaLookupEngine *e = l->engine; + AvahiDnsPacket *p = NULL; + +- if (fd == e->fd_ipv4) +- p = avahi_recv_dns_packet_ipv4(e->fd_ipv4, NULL, NULL, NULL, NULL, NULL); ++ assert(l); ++ assert(e); ++ assert(l->fd == fd); ++ ++ if (l->proto == AVAHI_PROTO_INET) ++ p = avahi_recv_dns_packet_ipv4(l->fd, NULL, NULL, NULL, NULL, NULL); + else { +- assert(fd == e->fd_ipv6); +- p = avahi_recv_dns_packet_ipv6(e->fd_ipv6, NULL, NULL, NULL, NULL, NULL); ++ assert(l->proto == AVAHI_PROTO_INET6); ++ ++ p = avahi_recv_dns_packet_ipv6(l->fd, NULL, NULL, NULL, NULL, NULL); + } + + if (p) { +@@ -598,32 +646,6 @@ AvahiWideAreaLookupEngine *avahi_wide_area_engine_new(AvahiServer *s) { + e->server = s; + e->cleanup_dead = 0; + +- /* Create sockets */ +- e->fd_ipv4 = s->config.use_ipv4 ? avahi_open_unicast_socket_ipv4() : -1; +- e->fd_ipv6 = s->config.use_ipv6 ? avahi_open_unicast_socket_ipv6() : -1; +- +- if (e->fd_ipv4 < 0 && e->fd_ipv6 < 0) { +- avahi_log_error(__FILE__": Failed to create wide area sockets: %s", strerror(errno)); +- +- if (e->fd_ipv6 >= 0) +- close(e->fd_ipv6); +- +- if (e->fd_ipv4 >= 0) +- close(e->fd_ipv4); +- +- avahi_free(e); +- return NULL; +- } +- +- /* Create watches */ +- +- e->watch_ipv4 = e->watch_ipv6 = NULL; +- +- if (e->fd_ipv4 >= 0) +- e->watch_ipv4 = s->poll_api->watch_new(e->server->poll_api, e->fd_ipv4, AVAHI_WATCH_IN, socket_event, e); +- if (e->fd_ipv6 >= 0) +- e->watch_ipv6 = s->poll_api->watch_new(e->server->poll_api, e->fd_ipv6, AVAHI_WATCH_IN, socket_event, e); +- + e->n_dns_servers = e->current_dns_server = 0; + + /* Initialize cache */ +@@ -651,18 +673,6 @@ void avahi_wide_area_engine_free(AvahiWideAreaLookupEngine *e) { + avahi_hashmap_free(e->lookups_by_id); + avahi_hashmap_free(e->lookups_by_key); + +- if (e->watch_ipv4) +- e->server->poll_api->watch_free(e->watch_ipv4); +- +- if (e->watch_ipv6) +- e->server->poll_api->watch_free(e->watch_ipv6); +- +- if (e->fd_ipv6 >= 0) +- close(e->fd_ipv6); +- +- if (e->fd_ipv4 >= 0) +- close(e->fd_ipv4); +- + avahi_free(e); + } + +@@ -680,7 +690,7 @@ void avahi_wide_area_set_servers(AvahiWideAreaLookupEngine *e, const AvahiAddres + + if (a) { + for (e->n_dns_servers = 0; n > 0 && e->n_dns_servers < AVAHI_WIDE_AREA_SERVERS_MAX; a++, n--) +- if ((a->proto == AVAHI_PROTO_INET && e->fd_ipv4 >= 0) || (a->proto == AVAHI_PROTO_INET6 && e->fd_ipv6 >= 0)) ++ if (a->proto == AVAHI_PROTO_INET || a->proto == AVAHI_PROTO_INET6) + e->dns_servers[e->n_dns_servers++] = *a; + } else { + assert(n == 0);