Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package avahi for openSUSE:Factory checked
in at 2023-11-02 20:20:20
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/avahi (Old)
and /work/SRC/openSUSE:Factory/.avahi.new.17445 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "avahi"
Thu Nov 2 20:20:20 2023 rev:161 rq:1121609 version:0.8
Changes:
--------
--- /work/SRC/openSUSE:Factory/avahi/avahi.changes 2023-10-29
19:39:18.705944385 +0100
+++ /work/SRC/openSUSE:Factory/.avahi.new.17445/avahi.changes 2023-11-02
20:20:25.245519409 +0100
@@ -1,0 +2,6 @@
+Wed Nov 1 06:19:44 UTC 2023 - Alynx Zhou <alynx.z...@suse.com>
+
+- Add avahi-CVE-2023-38470.patch: Ensure each label is at least one
+ byte long (bsc#1215947, CVE-2023-38470).
+
+-------------------------------------------------------------------
New:
----
avahi-CVE-2023-38470.patch
BETA DEBUG BEGIN:
New:
- Add avahi-CVE-2023-38470.patch: Ensure each label is at least one
byte long (bsc#1215947, CVE-2023-38470).
BETA DEBUG END:
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ avahi.spec ++++++
--- /var/tmp/diff_new_pack.8JfPX7/_old 2023-11-02 20:20:26.237555911 +0100
+++ /var/tmp/diff_new_pack.8JfPX7/_new 2023-11-02 20:20:26.237555911 +0100
@@ -1,5 +1,5 @@
#
-# spec file
+# spec file for package avahi
#
# Copyright (c) 2023 SUSE LLC
#
@@ -103,6 +103,8 @@
Patch30: avahi-CVE-2023-1981.patch
# PATCH-FIX-UPSTREAM avahi-CVE-2023-38473.patch bsc#1216419 xw...@suse.com --
derive alternative host name from its unescaped version
Patch31: avahi-CVE-2023-38473.patch
+# PATCH-FIX-UPSTREAM avahi-CVE-2023-38470.patch bsc#1215947
alynx.z...@suse.com -- Ensure each label is at least one byte long
+Patch32: avahi-CVE-2023-38470.patch
BuildRequires: fdupes
BuildRequires: gcc-c++
BuildRequires: gdbm-devel
@@ -507,6 +509,7 @@
%patch29 -p1
%patch30 -p1
%patch31 -p1
+%patch32 -p1
%if !%{build_core}
# Replace all .la references from local .la files to installed versions
++++++ avahi-CVE-2023-38470.patch ++++++
>From b6cf29f98adce7355e8c51a6af1e338a5f94e16e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemen...@redhat.com>
Date: Tue, 11 Apr 2023 15:29:59 +0200
Subject: [PATCH] Ensure each label is at least one byte long
The only allowed exception is single dot, where it should return empty
string.
Fixes #454.
---
avahi-common/domain-test.c | 14 ++++++++++++++
avahi-common/domain.c | 2 +-
2 files changed, 15 insertions(+), 1 deletion(-)
diff --git a/avahi-common/domain-test.c b/avahi-common/domain-test.c
index cf763eca6..3acc1c1e4 100644
--- a/avahi-common/domain-test.c
+++ b/avahi-common/domain-test.c
@@ -45,6 +45,20 @@ int main(AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char
*argv[]) {
printf("%s\n", s = avahi_normalize_name_strdup("fo\\\\o\\..f oo."));
avahi_free(s);
+ printf("%s\n", s = avahi_normalize_name_strdup("."));
+ avahi_free(s);
+
+ s = avahi_normalize_name_strdup(",.=.}.=.?-.}.=.?.?.}.}.?.?.?.z.?.?.}.}."
+ "}.?.?.?.r.=.=.}.=.?.}}.}.?.?.?.zM.=.=.?.?.}.}.?.?.}.}.}"
+ ".?.?.?.r.=.=.}.=.?.}}.}.?.?.?.zM.=.=.?.?.}.}.?.?.?.zM.?`"
+ "?.}.}.}.?.?.?.r.=.?.}.=.?.?.}.?.?.?.}.=.?.?.}??.}.}.?.?."
+ "?.z.?.?.}.}.}.?.?.?.r.=.=.}.=.?.}}.}.?.?.?.zM.?`?.}.}.}."
+ "??.?.zM.?`?.}.}.}.?.?.?.r.=.?.}.=.?.?.}.?.?.?.}.=.?.?.}?"
+ "?.}.}.?.?.?.z.?.?.}.}.}.?.?.?.r.=.=.}.=.?.}}.}.?.?.?.zM."
+ "?`?.}.}.}.?.?.?.r.=.=.?.?`.?.?}.}.}.?.?.?.r.=.?.}.=.?.?."
+ "}.?.?.?.}.=.?.?.}");
+ assert(s == NULL);
+
printf("%i\n", avahi_domain_equal("\\065aa bbb\\.\\046cc.cc\\\\.dee.fff.",
"Aaa BBB\\.\\.cc.cc\\\\.dee.fff"));
printf("%i\n", avahi_domain_equal("A", "a"));
diff --git a/avahi-common/domain.c b/avahi-common/domain.c
index 3b1ab6834..e66d2416c 100644
--- a/avahi-common/domain.c
+++ b/avahi-common/domain.c
@@ -201,7 +201,7 @@ char *avahi_normalize_name(const char *s, char *ret_s,
size_t size) {
}
if (!empty) {
- if (size < 1)
+ if (size < 2)
return NULL;
*(r++) = '.';
