Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package avahi for openSUSE:Factory checked in at 2026-05-06 19:17:37 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/avahi (Old) and /work/SRC/openSUSE:Factory/.avahi.new.30200 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "avahi" Wed May 6 19:17:37 2026 rev:178 rq:1350966 version:0.8 Changes: -------- --- /work/SRC/openSUSE:Factory/avahi/avahi.changes 2026-05-04 12:48:45.685731332 +0200 +++ /work/SRC/openSUSE:Factory/.avahi.new.30200/avahi.changes 2026-05-06 19:18:18.258091603 +0200 @@ -1,0 +2,6 @@ +Tue May 5 01:48:13 UTC 2026 - Alynx Zhou <[email protected]> + +- Add avahi-CVE-2026-24401.patch: Fix unsolicited mDNS response + containing a recursive CNAME record (bsc#1257235). + +------------------------------------------------------------------- New: ---- avahi-CVE-2026-24401.patch ----------(New B)---------- New: - Add avahi-CVE-2026-24401.patch: Fix unsolicited mDNS response containing a recursive CNAME record (bsc#1257235). ----------(New E)---------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ avahi.spec ++++++ --- /var/tmp/diff_new_pack.LZayZx/_old 2026-05-06 19:18:19.614147484 +0200 +++ /var/tmp/diff_new_pack.LZayZx/_new 2026-05-06 19:18:19.618147649 +0200 @@ -148,6 +148,8 @@ Patch42: avahi-CVE-2025-68276.patch # PATCH-FIX-UPSTREAM avahi-CVE-2026-34933.patch bsc#1261546 [email protected] -- refuse to accept publish flags where both wide_area and multicast are set Patch43: avahi-CVE-2026-34933.patch +# PATCH-FIX-UPSTREAM avahi-CVE-2026-24401.patch bsc#1257235 [email protected] -- detect loop in CNAME record +Patch44: avahi-CVE-2026-24401.patch BuildRequires: fdupes BuildRequires: gcc-c++ BuildRequires: gdbm-devel ++++++ _scmsync.obsinfo ++++++ --- /var/tmp/diff_new_pack.LZayZx/_old 2026-05-06 19:18:19.710151440 +0200 +++ /var/tmp/diff_new_pack.LZayZx/_new 2026-05-06 19:18:19.714151605 +0200 @@ -1,6 +1,6 @@ -mtime: 1777444456 -commit: 00dc43da439a4ecee40a782ed12169acd2bfad8cfd501952e14cd92ff37277db +mtime: 1777971831 +commit: 1ad7fff576de05e40163ce8eea6df97b3941be8e949c925ce93c16ec8c17d364 url: https://src.opensuse.org/GNOME/avahi -revision: 00dc43da439a4ecee40a782ed12169acd2bfad8cfd501952e14cd92ff37277db +revision: 1ad7fff576de05e40163ce8eea6df97b3941be8e949c925ce93c16ec8c17d364 projectscmsync: https://src.opensuse.org/GNOME/_ObsPrj ++++++ avahi-CVE-2026-24401.patch ++++++ >From 78eab31128479f06e30beb8c1cbf99dd921e2524 Mon Sep 17 00:00:00 2001 From: Hugo Muis <[email protected]> Date: Sun, 2 Mar 2025 18:06:24 +0100 Subject: [PATCH] core: fix uncontrolled recursion bug using a simple loop detection algorithm Closes https://github.com/avahi/avahi/issues/501 --- avahi-core/browse.c | 40 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) diff --git a/avahi-core/browse.c b/avahi-core/browse.c index ad08bd65f..e00cbed84 100644 --- a/avahi-core/browse.c +++ b/avahi-core/browse.c @@ -401,6 +401,40 @@ static int lookup_go(AvahiSRBLookup *l) { return n; } +static int lookup_exists_in_path(AvahiSRBLookup* lookup, AvahiSRBLookup* from, AvahiSRBLookup* to) { + AvahiRList* rl; + if (from == to) + return 0; + for (rl = from->cname_lookups; rl; rl = rl->rlist_next) { + int r = lookup_exists_in_path(lookup, rl->data, to); + if (r == 1) { + /* loop detected, propagate result */ + return r; + } else if (r == 0) { + /* is loop detected? */ + return lookup == from; + } else { + /* `to` not found, continue */ + continue; + } + } + /* no path found */ + return -1; +} + +static int cname_would_create_loop(AvahiSRBLookup* l, AvahiSRBLookup* n) { + int ret; + if (l == n) + /* Loop to self */ + return 1; + + ret = lookup_exists_in_path(n, l->record_browser->root_lookup, l); + + /* Path to n always exists */ + assert(ret != -1); + return ret; +} + static void lookup_handle_cname(AvahiSRBLookup *l, AvahiIfIndex interface, AvahiProtocol protocol, AvahiLookupFlags flags, AvahiRecord *r) { AvahiKey *k; AvahiSRBLookup *n; @@ -420,6 +454,12 @@ static void lookup_handle_cname(AvahiSRBLookup *l, AvahiIfIndex interface, Avahi return; } + if (cname_would_create_loop(l, n)) { + /* CNAME loops are not allowed */ + lookup_unref(n); + return; + } + l->cname_lookups = avahi_rlist_prepend(l->cname_lookups, lookup_ref(n)); lookup_go(n); ++++++ build.specials.obscpio ++++++ ++++++ build.specials.obscpio ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/.gitignore new/.gitignore --- old/.gitignore 1970-01-01 01:00:00.000000000 +0100 +++ new/.gitignore 2026-05-05 11:03:51.000000000 +0200 @@ -0,0 +1,4 @@ +*.obscpio +*.osc +_build.* +.pbuild
