gnu: avahi: Fix CVE-2018-1000845 and duplicate CVE-2017-6519.
* gnu/packages/avahi.scm (avahi/fixed): New variable. (avahi)[replacement]: Use it. * gnu/packages/patches/avahi-CVE-2018-1000845.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it.master
parent
dff0eedb04
commit
3f4ea9a62b
|
@ -706,6 +706,7 @@ dist_patch_DATA = \
|
|||
%D%/packages/patches/ath9k-htc-firmware-objcopy.patch \
|
||||
%D%/packages/patches/audacity-build-with-system-portaudio.patch \
|
||||
%D%/packages/patches/automake-skip-amhello-tests.patch \
|
||||
%D%/packages/patches/avahi-CVE-2018-1000845.patch \
|
||||
%D%/packages/patches/avahi-localstatedir.patch \
|
||||
%D%/packages/patches/avogadro-boost148.patch \
|
||||
%D%/packages/patches/avogadro-eigen3-update.patch \
|
||||
|
|
|
@ -35,6 +35,7 @@
|
|||
(package
|
||||
(name "avahi")
|
||||
(version "0.7")
|
||||
(replacement avahi/fixed)
|
||||
(home-page "http://avahi.org")
|
||||
(source (origin
|
||||
(method url-fetch)
|
||||
|
@ -74,6 +75,16 @@ network. It is an implementation of the mDNS (for \"Multicast DNS\") and
|
|||
DNS-SD (for \"DNS-Based Service Discovery\") protocols.")
|
||||
(license lgpl2.1+)))
|
||||
|
||||
(define avahi/fixed
|
||||
(package/inherit avahi
|
||||
(source (origin
|
||||
(inherit (package-source avahi))
|
||||
(patches
|
||||
(append (search-patches "avahi-CVE-2018-1000845.patch")
|
||||
(origin-patches (package-source avahi))))))
|
||||
;; Hide a duplicate of the CVE fixed above.
|
||||
(properties `((lint-hidden-cve . ("CVE-2017-6519"))))))
|
||||
|
||||
(define-public nss-mdns
|
||||
(package
|
||||
(name "nss-mdns")
|
||||
|
|
|
@ -0,0 +1,42 @@
|
|||
From e111def44a7df4624a4aa3f85fe98054bffb6b4f Mon Sep 17 00:00:00 2001
|
||||
From: Trent Lloyd <trent@lloyd.id.au>
|
||||
Date: Sat, 22 Dec 2018 09:06:07 +0800
|
||||
Subject: [PATCH] Drop legacy unicast queries from address not on local link
|
||||
|
||||
When handling legacy unicast queries, ensure that the source IP is
|
||||
inside a subnet on the local link, otherwise drop the packet.
|
||||
|
||||
Fixes #145
|
||||
Fixes #203
|
||||
CVE-2017-6519
|
||||
CVE-2018-100084
|
||||
---
|
||||
avahi-core/server.c | 8 ++++++++
|
||||
1 file changed, 8 insertions(+)
|
||||
|
||||
diff --git a/avahi-core/server.c b/avahi-core/server.c
|
||||
index a2cb19a8..a2580e38 100644
|
||||
--- a/avahi-core/server.c
|
||||
+++ b/avahi-core/server.c
|
||||
@@ -930,6 +930,7 @@ static void dispatch_packet(AvahiServer *s, AvahiDnsPacket *p, const AvahiAddres
|
||||
|
||||
if (avahi_dns_packet_is_query(p)) {
|
||||
int legacy_unicast = 0;
|
||||
+ char t[AVAHI_ADDRESS_STR_MAX];
|
||||
|
||||
/* For queries EDNS0 might allow ARCOUNT != 0. We ignore the
|
||||
* AR section completely here, so far. Until the day we add
|
||||
@@ -947,6 +948,13 @@ static void dispatch_packet(AvahiServer *s, AvahiDnsPacket *p, const AvahiAddres
|
||||
legacy_unicast = 1;
|
||||
}
|
||||
|
||||
+ if (!is_mdns_mcast_address(dst_address) &&
|
||||
+ !avahi_interface_address_on_link(i, src_address)) {
|
||||
+
|
||||
+ avahi_log_debug("Received non-local unicast query from host %s on interface '%s.%i'.", avahi_address_snprint(t, sizeof(t), src_address), i->hardware->name, i->protocol);
|
||||
+ return;
|
||||
+ }
|
||||
+
|
||||
if (legacy_unicast)
|
||||
reflect_legacy_unicast_query_packet(s, p, i, src_address, port);
|
||||
|
Reference in New Issue