summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat (limited to 'net-dns')
-rw-r--r--net-dns/avahi/ChangeLog22
-rw-r--r--net-dns/avahi/Manifest4
-rw-r--r--net-dns/avahi/avahi-0.6.28-r1.ebuild202
-rw-r--r--net-dns/avahi/files/avahi-0.6.28-CVE-2011-1002.patch68
4 files changed, 294 insertions, 2 deletions
diff --git a/net-dns/avahi/ChangeLog b/net-dns/avahi/ChangeLog
index c278e92f..b27e1237 100644
--- a/net-dns/avahi/ChangeLog
+++ b/net-dns/avahi/ChangeLog
@@ -1,6 +1,26 @@
# ChangeLog for net-dns/avahi
# Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-dns/avahi/ChangeLog,v 1.192 2011/01/23 20:24:45 swegener Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-dns/avahi/ChangeLog,v 1.197 2011/03/02 08:46:47 tomka Exp $
+
+ 02 Mar 2011; Thomas Kahle <tomka@gentoo.org> avahi-0.6.28-r1.ebuild:
+ x86 stable per bug 355583
+
+ 01 Mar 2011; Kacper Kowalik <xarthisius@gentoo.org>
+ avahi-0.6.28-r1.ebuild:
+ ppc/ppc64 stable wrt #355583
+
+ 01 Mar 2011; Arfrever Frehtes Taifersar Arahesis <arfrever@gentoo.org>
+ avahi-0.6.28-r1.ebuild:
+ Byte-compile avahi_discover only with USE="dbus gtk python" (bug #339933).
+
+ 28 Feb 2011; Markos Chandras <hwoarang@gentoo.org> avahi-0.6.28-r1.ebuild:
+ Stable on amd64 wrt bug #355583
+
+*avahi-0.6.28-r1 (27 Feb 2011)
+
+ 27 Feb 2011; Sven Wegener <swegener@gentoo.org> +avahi-0.6.28-r1.ebuild,
+ +files/avahi-0.6.28-CVE-2011-1002.patch:
+ Revision bump, security bug #355583.
23 Jan 2011; Sven Wegener <swegener@gentoo.org> avahi-0.6.28.ebuild,
+files/netlink-request-all-matches-when-requesting-interface.patch:
diff --git a/net-dns/avahi/Manifest b/net-dns/avahi/Manifest
index add6bf1d..b2986cdf 100644
--- a/net-dns/avahi/Manifest
+++ b/net-dns/avahi/Manifest
@@ -3,6 +3,7 @@ AUX autoipd.sh 1271 RMD160 85ac3d69aff64867baa0ba6c58e9f224ba0e2e57 SHA1 95a6145
AUX avahi-0.6.24-cmsg_space.patch 449 RMD160 9593ee893daf908e35f36a7396ae5d52a7618022 SHA1 49fd79c1d0e0302747e84bdf611cfb0bf310b4c3 SHA256 f3b6bf6f522aea93627df8afda317782ed760493ffad9108697b50a310bc92d7
AUX avahi-0.6.24-libintl.patch 542 RMD160 918aa11cdbce6f38d9a9446c798db2bc43a957b5 SHA1 c9f8ef5d0047b591e6e88153731ae380d64a2431 SHA256 fb8e37d6071a990184a7ad3c20a7709554103fb2c4f02450c338b9fbcf358215
AUX avahi-0.6.27-no-auto-activated.patch 1677 RMD160 c5abd8cab9872c22b57de2158c3cb3117722b206 SHA1 2158ca2c25aa8f81dbb6d376ff00a3ed26932e4b SHA256 907ccacfaf118e88a750ff3699e53b4efed7661bb3d09722f04fc389fe46f12b
+AUX avahi-0.6.28-CVE-2011-1002.patch 2076 RMD160 0b561a78e75099a14e7a3da5290cd1ffa6a75533 SHA1 6d298861d7c7b432cd350f3df277e43ed59b378b SHA256 bf8422b278c0c66eca063672c4836346a4d85cb16014882ca3003b0a79ba9f97
AUX netlink-request-all-matches-when-requesting-interface.patch 1642 RMD160 b8c1987c35e2d7fde63ee3971bb6e5cafe37ae43 SHA1 44fe78fda6a2cdfbb92654164fa421450aaec68a SHA256 9b91094b8316d8125a2dc2b118c406e2ae8e5f7760089a041bbf539ff44dc12f
DIST avahi-0.6.25.tar.gz 1103653 RMD160 3025f774360a8ea3b9de87e2df0b00387569aaf2 SHA1 7ce8ed5a494d72401dd81f64594fda59d2ec91fd SHA256 9220d974f5515b8ccfa3900cd72cedcac0fa4cc87ca3c64405f7c55346cbba59
DIST avahi-0.6.27.tar.gz 1217974 RMD160 36e6a242f0c926351e31871d8a4f8a52a501fdc3 SHA1 e763bbeba92fd5b3ba3e2af5fc85aaf99b406c8b SHA256 c22df5e0b0d695bfe3cc52545bf0affc1c52060818a5a65d70055e320bc45e84
@@ -10,6 +11,7 @@ DIST avahi-0.6.28.tar.gz 1238660 RMD160 d61b370baa3f25d57efba43f2c34b54cab7e7e9e
EBUILD avahi-0.6.25-r1.ebuild 5001 RMD160 a3630d681a75bbb9bb12c2ef86d213750eec6a4a SHA1 3553b0e5b285db42dd303da6459924d2974206e2 SHA256 58cfcd047f3afb58134f851215ebe7e789c2e164874396b65173d9970b7f960a
EBUILD avahi-0.6.27-r1.ebuild 4903 RMD160 00dafea3f3a4ae4281e573a23f7f4ec9bb130eef SHA1 dd637d5b1207bdf455064009647697775752bba7 SHA256 64e24c62269015042226b6bc801852c4576eda04cde4c2b7e59421291d0358ba
EBUILD avahi-0.6.27.ebuild 4650 RMD160 93703638ec59e9da63b6ba2bd058b94964ac69e4 SHA1 40c43baf69299bad27812f2ab6859da444d8e7d7 SHA256 cc53a733743c9274e846aa6c255bd085c5b612405ae4f73dea147df7380279b7
+EBUILD avahi-0.6.28-r1.ebuild 4971 RMD160 a991e269c764baa22eddba22a6242496d00c4691 SHA1 1b2050fbf2a7918187292bea3a8ee529c6815ab2 SHA256 fa282f31a3b863543a32687f0dd32486c0d252459c8e7bc1f5e6a444de246540
EBUILD avahi-0.6.28.ebuild 4866 RMD160 d448c65be1b093d24a5124983dc6cfafd8a83013 SHA1 25199f847c683619d32c989b9b51f985c187928e SHA256 55280d5880a8938f7080c4e2363aedb9f217eb10387719d6c17b35d605652ec8
-MISC ChangeLog 28677 RMD160 38ef51e905cb309cb02cc841c4a6b25eb406ce99 SHA1 f3e6573a727ac7cfa4479b0a3a2652163235e6b1 SHA256 514f03e6017aec0b49ea201bdd14bb0f1faa4172c2a9038aa859e93fab81415c
+MISC ChangeLog 29365 RMD160 b720dbe81ba1452e358f87a56f41a2d1be575a2a SHA1 8dbe487e14c8e2842b2cff8e7a486e8edc058abf SHA256 9f00b4860a063a270d1fcff62eebfd933f2810858ad107e5ce6aab044de1b11d
MISC metadata.xml 609 RMD160 fa4efaaf9b8ac6d75251c9bd1f0721ea175acda9 SHA1 4532738c9ff6d9d2a2aef226b827919ac31be2de SHA256 365224bb3c21c159a89fa03ea08c534eb27cc2df62012a69e03ad81779607faa
diff --git a/net-dns/avahi/avahi-0.6.28-r1.ebuild b/net-dns/avahi/avahi-0.6.28-r1.ebuild
new file mode 100644
index 00000000..a6feb6c4
--- /dev/null
+++ b/net-dns/avahi/avahi-0.6.28-r1.ebuild
@@ -0,0 +1,202 @@
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-dns/avahi/avahi-0.6.28-r1.ebuild,v 1.5 2011/03/02 08:46:47 tomka Exp $
+
+EAPI="3"
+
+PYTHON_DEPEND="python? 2"
+PYTHON_USE_WITH="gdbm"
+PYTHON_USE_WITH_OPT="python"
+
+inherit eutils mono python multilib flag-o-matic
+
+DESCRIPTION="System which facilitates service discovery on a local network"
+HOMEPAGE="http://avahi.org/"
+SRC_URI="http://avahi.org/download/${P}.tar.gz"
+
+LICENSE="LGPL-2.1"
+SLOT="0"
+KEYWORDS="~alpha amd64 ~arm ~hppa ~ia64 ~mips ppc ppc64 ~s390 ~sh ~sparc x86 ~x86-fbsd"
+IUSE="autoipd bookmarks dbus doc gdbm gtk howl-compat ipv6 kernel_linux mdnsresponder-compat mono python qt3 qt4 test "
+
+DBUS_DEPEND=">=sys-apps/dbus-0.30"
+RDEPEND=">=dev-libs/libdaemon-0.14
+ dev-libs/expat
+ >=dev-libs/glib-2
+ gdbm? ( sys-libs/gdbm )
+ qt3? ( x11-libs/qt:3 )
+ qt4? ( x11-libs/qt-core:4 )
+ gtk? (
+ >=x11-libs/gtk+-2.14.0:2
+ )
+ dbus? (
+ ${DBUS_DEPEND}
+ python? ( dev-python/dbus-python )
+ )
+ mono? (
+ >=dev-lang/mono-1.1.10
+ gtk? ( >=dev-dotnet/gtk-sharp-2 )
+ )
+ howl-compat? (
+ !net-misc/howl
+ ${DBUS_DEPEND}
+ )
+ mdnsresponder-compat? (
+ !net-misc/mDNSResponder
+ ${DBUS_DEPEND}
+ )
+ python? (
+ gtk? ( >=dev-python/pygtk-2 )
+ )
+ bookmarks? (
+ dev-python/twisted
+ dev-python/twisted-web
+ )
+ kernel_linux? ( sys-libs/libcap )"
+DEPEND="${RDEPEND}
+ >=dev-util/intltool-0.40.5
+ >=dev-util/pkgconfig-0.9.0
+ doc? (
+ app-doc/doxygen
+ mono? ( >=virtual/monodoc-1.1.8 )
+ )"
+
+pkg_setup() {
+ if use python; then
+ python_set_active_version 2
+ python_pkg_setup
+ fi
+
+ if use python && ! use dbus && ! use gtk; then
+ ewarn "For proper python support you should also enable the dbus and gtk USE flags!"
+ fi
+}
+
+pkg_preinst() {
+ enewgroup netdev
+ enewgroup avahi
+ enewuser avahi -1 -1 -1 avahi
+
+ if use autoipd; then
+ enewgroup avahi-autoipd
+ enewuser avahi-autoipd -1 -1 -1 avahi-autoipd
+ fi
+}
+
+src_prepare() {
+ if use ipv6; then
+ sed -i \
+ -e s/use-ipv6=no/use-ipv6=yes/ \
+ avahi-daemon/avahi-daemon.conf || die
+ fi
+
+ sed -i\
+ -e "s:\\.\\./\\.\\./\\.\\./doc/avahi-docs/html/:../../../doc/${PF}/html/:" \
+ doxygen_to_devhelp.xsl || die
+
+ epatch "${FILESDIR}"/netlink-request-all-matches-when-requesting-interface.patch
+ epatch "${FILESDIR}"/${P}-CVE-2011-1002.patch
+}
+
+src_configure() {
+ use sh && replace-flags -O? -O0
+
+ local myconf=""
+
+ if use python; then
+ myconf+="
+ $(use_enable dbus python-dbus)
+ $(use_enable gtk pygtk)
+ "
+ fi
+
+ if use mono; then
+ myconf+=" $(use_enable doc monodoc)"
+ fi
+
+ # these require dbus enabled
+ if use mdnsresponder-compat || use howl-compat || use mono; then
+ myconf+=" --enable-dbus"
+ fi
+
+ # We need to unset DISPLAY, else the configure script might have problems detecting the pygtk module
+ unset DISPLAY
+
+ # Upstream ships a gir file (AvahiCore.gir) which does not work with
+ # >=gobject-introspection-0.9, so we disable introspection for now.
+ # http://avahi.org/ticket/318
+ econf \
+ --localstatedir=/var \
+ --with-distro=gentoo \
+ --disable-python-dbus \
+ --disable-pygtk \
+ --disable-xmltoman \
+ --disable-monodoc \
+ --disable-introspection \
+ --enable-glib \
+ $(use_enable test tests) \
+ $(use_enable autoipd) \
+ $(use_enable mdnsresponder-compat compat-libdns_sd) \
+ $(use_enable howl-compat compat-howl) \
+ $(use_enable doc doxygen-doc) \
+ $(use_enable mono) \
+ $(use_enable dbus) \
+ $(use_enable python) \
+ --disable-gtk3 \
+ $(use_enable gtk) \
+ $(use_enable qt3) \
+ $(use_enable qt4) \
+ $(use_enable gdbm) \
+ ${myconf}
+}
+
+src_compile() {
+ emake || die "emake failed"
+
+ use doc && { emake avahi.devhelp || die ; }
+}
+
+src_install() {
+ emake install py_compile=true DESTDIR="${D}" || die "make install failed"
+ use bookmarks && use python && use dbus && use gtk || \
+ rm -f "${D}"/usr/bin/avahi-bookmarks
+
+ use howl-compat && ln -s avahi-compat-howl.pc "${D}"/usr/$(get_libdir)/pkgconfig/howl.pc
+ use mdnsresponder-compat && ln -s avahi-compat-libdns_sd/dns_sd.h "${D}"/usr/include/dns_sd.h
+
+ if use autoipd; then
+ insinto /$(get_libdir)/rcscripts/net
+ doins "${FILESDIR}"/autoipd.sh || die
+
+ insinto /$(get_libdir)/rc/net
+ newins "${FILESDIR}"/autoipd-openrc.sh autoipd.sh || die
+ fi
+
+ dodoc docs/{AUTHORS,NEWS,README,TODO} || die
+
+ if use doc; then
+ dohtml -r doxygen/html/. || die
+ insinto /usr/share/devhelp/books/avahi
+ doins avahi.devhelp || die
+ fi
+}
+
+pkg_postrm() {
+ use python && python_mod_cleanup avahi $(use dbus && use gtk && echo avahi_discover)
+}
+
+pkg_postinst() {
+ use python && python_mod_optimize avahi $(use dbus && use gtk && echo avahi_discover)
+
+ if use autoipd; then
+ echo
+ elog "To use avahi-autoipd to configure your interfaces with IPv4LL (RFC3927)"
+ elog "addresses, just set config_<interface>=( autoipd ) in /etc/conf.d/net!"
+ fi
+
+ if use dbus; then
+ echo
+ elog "If this is your first install of avahi please reload your dbus config"
+ elog "with /etc/init.d/dbus reload before starting avahi-daemon!"
+ fi
+}
diff --git a/net-dns/avahi/files/avahi-0.6.28-CVE-2011-1002.patch b/net-dns/avahi/files/avahi-0.6.28-CVE-2011-1002.patch
new file mode 100644
index 00000000..9d80477c
--- /dev/null
+++ b/net-dns/avahi/files/avahi-0.6.28-CVE-2011-1002.patch
@@ -0,0 +1,68 @@
+From: Vincent Untz <vuntz@opensuse.org>
+Date: Fri, 18 Feb 2011 22:37:00 +0000 (+0100)
+Subject: socket: Still read corrupt packets from the sockets
+X-Git-Url: http://git.0pointer.de/?p=avahi.git;a=commitdiff_plain;h=46109dfec75534fe270c0ab902576f685d5ab3a6
+
+socket: Still read corrupt packets from the sockets
+
+Else, we end up with an infinite loop with 100% CPU.
+
+http://www.avahi.org/ticket/325
+https://bugzilla.redhat.com/show_bug.cgi?id=667187
+---
+
+diff --git a/avahi-core/socket.c b/avahi-core/socket.c
+index be62105..e69ec7d 100644
+--- a/avahi-core/socket.c
++++ b/avahi-core/socket.c
+@@ -653,10 +653,6 @@ AvahiDnsPacket *avahi_recv_dns_packet_ipv4(
+ goto fail;
+ }
+
+- /* For corrupt packets FIONREAD returns zero size (See rhbz #607297) */
+- if (!ms)
+- goto fail;
+-
+ p = avahi_dns_packet_new(ms + AVAHI_DNS_PACKET_EXTRA_SIZE);
+
+ io.iov_base = AVAHI_DNS_PACKET_DATA(p);
+@@ -683,10 +679,14 @@ AvahiDnsPacket *avahi_recv_dns_packet_ipv4(
+ goto fail;
+ }
+
+- if (sa.sin_addr.s_addr == INADDR_ANY) {
++ /* For corrupt packets FIONREAD returns zero size (See rhbz #607297). So
++ * fail after having read them. */
++ if (!ms)
++ goto fail;
++
++ if (sa.sin_addr.s_addr == INADDR_ANY)
+ /* Linux 2.4 behaves very strangely sometimes! */
+ goto fail;
+- }
+
+ assert(!(msg.msg_flags & MSG_CTRUNC));
+ assert(!(msg.msg_flags & MSG_TRUNC));
+@@ -810,10 +810,6 @@ AvahiDnsPacket *avahi_recv_dns_packet_ipv6(
+ goto fail;
+ }
+
+- /* For corrupt packets FIONREAD returns zero size (See rhbz #607297) */
+- if (!ms)
+- goto fail;
+-
+ p = avahi_dns_packet_new(ms + AVAHI_DNS_PACKET_EXTRA_SIZE);
+
+ io.iov_base = AVAHI_DNS_PACKET_DATA(p);
+@@ -841,6 +837,11 @@ AvahiDnsPacket *avahi_recv_dns_packet_ipv6(
+ goto fail;
+ }
+
++ /* For corrupt packets FIONREAD returns zero size (See rhbz #607297). So
++ * fail after having read them. */
++ if (!ms)
++ goto fail;
++
+ assert(!(msg.msg_flags & MSG_CTRUNC));
+ assert(!(msg.msg_flags & MSG_TRUNC));
+