diff options
Diffstat (limited to 'net-dns')
-rw-r--r-- | net-dns/avahi/ChangeLog | 22 | ||||
-rw-r--r-- | net-dns/avahi/Manifest | 4 | ||||
-rw-r--r-- | net-dns/avahi/avahi-0.6.28-r1.ebuild | 202 | ||||
-rw-r--r-- | net-dns/avahi/files/avahi-0.6.28-CVE-2011-1002.patch | 68 |
4 files changed, 294 insertions, 2 deletions
diff --git a/net-dns/avahi/ChangeLog b/net-dns/avahi/ChangeLog index c278e92f..b27e1237 100644 --- a/net-dns/avahi/ChangeLog +++ b/net-dns/avahi/ChangeLog @@ -1,6 +1,26 @@ # ChangeLog for net-dns/avahi # Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-dns/avahi/ChangeLog,v 1.192 2011/01/23 20:24:45 swegener Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-dns/avahi/ChangeLog,v 1.197 2011/03/02 08:46:47 tomka Exp $ + + 02 Mar 2011; Thomas Kahle <tomka@gentoo.org> avahi-0.6.28-r1.ebuild: + x86 stable per bug 355583 + + 01 Mar 2011; Kacper Kowalik <xarthisius@gentoo.org> + avahi-0.6.28-r1.ebuild: + ppc/ppc64 stable wrt #355583 + + 01 Mar 2011; Arfrever Frehtes Taifersar Arahesis <arfrever@gentoo.org> + avahi-0.6.28-r1.ebuild: + Byte-compile avahi_discover only with USE="dbus gtk python" (bug #339933). + + 28 Feb 2011; Markos Chandras <hwoarang@gentoo.org> avahi-0.6.28-r1.ebuild: + Stable on amd64 wrt bug #355583 + +*avahi-0.6.28-r1 (27 Feb 2011) + + 27 Feb 2011; Sven Wegener <swegener@gentoo.org> +avahi-0.6.28-r1.ebuild, + +files/avahi-0.6.28-CVE-2011-1002.patch: + Revision bump, security bug #355583. 23 Jan 2011; Sven Wegener <swegener@gentoo.org> avahi-0.6.28.ebuild, +files/netlink-request-all-matches-when-requesting-interface.patch: diff --git a/net-dns/avahi/Manifest b/net-dns/avahi/Manifest index add6bf1d..b2986cdf 100644 --- a/net-dns/avahi/Manifest +++ b/net-dns/avahi/Manifest @@ -3,6 +3,7 @@ AUX autoipd.sh 1271 RMD160 85ac3d69aff64867baa0ba6c58e9f224ba0e2e57 SHA1 95a6145 AUX avahi-0.6.24-cmsg_space.patch 449 RMD160 9593ee893daf908e35f36a7396ae5d52a7618022 SHA1 49fd79c1d0e0302747e84bdf611cfb0bf310b4c3 SHA256 f3b6bf6f522aea93627df8afda317782ed760493ffad9108697b50a310bc92d7 AUX avahi-0.6.24-libintl.patch 542 RMD160 918aa11cdbce6f38d9a9446c798db2bc43a957b5 SHA1 c9f8ef5d0047b591e6e88153731ae380d64a2431 SHA256 fb8e37d6071a990184a7ad3c20a7709554103fb2c4f02450c338b9fbcf358215 AUX avahi-0.6.27-no-auto-activated.patch 1677 RMD160 c5abd8cab9872c22b57de2158c3cb3117722b206 SHA1 2158ca2c25aa8f81dbb6d376ff00a3ed26932e4b SHA256 907ccacfaf118e88a750ff3699e53b4efed7661bb3d09722f04fc389fe46f12b +AUX avahi-0.6.28-CVE-2011-1002.patch 2076 RMD160 0b561a78e75099a14e7a3da5290cd1ffa6a75533 SHA1 6d298861d7c7b432cd350f3df277e43ed59b378b SHA256 bf8422b278c0c66eca063672c4836346a4d85cb16014882ca3003b0a79ba9f97 AUX netlink-request-all-matches-when-requesting-interface.patch 1642 RMD160 b8c1987c35e2d7fde63ee3971bb6e5cafe37ae43 SHA1 44fe78fda6a2cdfbb92654164fa421450aaec68a SHA256 9b91094b8316d8125a2dc2b118c406e2ae8e5f7760089a041bbf539ff44dc12f DIST avahi-0.6.25.tar.gz 1103653 RMD160 3025f774360a8ea3b9de87e2df0b00387569aaf2 SHA1 7ce8ed5a494d72401dd81f64594fda59d2ec91fd SHA256 9220d974f5515b8ccfa3900cd72cedcac0fa4cc87ca3c64405f7c55346cbba59 DIST avahi-0.6.27.tar.gz 1217974 RMD160 36e6a242f0c926351e31871d8a4f8a52a501fdc3 SHA1 e763bbeba92fd5b3ba3e2af5fc85aaf99b406c8b SHA256 c22df5e0b0d695bfe3cc52545bf0affc1c52060818a5a65d70055e320bc45e84 @@ -10,6 +11,7 @@ DIST avahi-0.6.28.tar.gz 1238660 RMD160 d61b370baa3f25d57efba43f2c34b54cab7e7e9e EBUILD avahi-0.6.25-r1.ebuild 5001 RMD160 a3630d681a75bbb9bb12c2ef86d213750eec6a4a SHA1 3553b0e5b285db42dd303da6459924d2974206e2 SHA256 58cfcd047f3afb58134f851215ebe7e789c2e164874396b65173d9970b7f960a EBUILD avahi-0.6.27-r1.ebuild 4903 RMD160 00dafea3f3a4ae4281e573a23f7f4ec9bb130eef SHA1 dd637d5b1207bdf455064009647697775752bba7 SHA256 64e24c62269015042226b6bc801852c4576eda04cde4c2b7e59421291d0358ba EBUILD avahi-0.6.27.ebuild 4650 RMD160 93703638ec59e9da63b6ba2bd058b94964ac69e4 SHA1 40c43baf69299bad27812f2ab6859da444d8e7d7 SHA256 cc53a733743c9274e846aa6c255bd085c5b612405ae4f73dea147df7380279b7 +EBUILD avahi-0.6.28-r1.ebuild 4971 RMD160 a991e269c764baa22eddba22a6242496d00c4691 SHA1 1b2050fbf2a7918187292bea3a8ee529c6815ab2 SHA256 fa282f31a3b863543a32687f0dd32486c0d252459c8e7bc1f5e6a444de246540 EBUILD avahi-0.6.28.ebuild 4866 RMD160 d448c65be1b093d24a5124983dc6cfafd8a83013 SHA1 25199f847c683619d32c989b9b51f985c187928e SHA256 55280d5880a8938f7080c4e2363aedb9f217eb10387719d6c17b35d605652ec8 -MISC ChangeLog 28677 RMD160 38ef51e905cb309cb02cc841c4a6b25eb406ce99 SHA1 f3e6573a727ac7cfa4479b0a3a2652163235e6b1 SHA256 514f03e6017aec0b49ea201bdd14bb0f1faa4172c2a9038aa859e93fab81415c +MISC ChangeLog 29365 RMD160 b720dbe81ba1452e358f87a56f41a2d1be575a2a SHA1 8dbe487e14c8e2842b2cff8e7a486e8edc058abf SHA256 9f00b4860a063a270d1fcff62eebfd933f2810858ad107e5ce6aab044de1b11d MISC metadata.xml 609 RMD160 fa4efaaf9b8ac6d75251c9bd1f0721ea175acda9 SHA1 4532738c9ff6d9d2a2aef226b827919ac31be2de SHA256 365224bb3c21c159a89fa03ea08c534eb27cc2df62012a69e03ad81779607faa diff --git a/net-dns/avahi/avahi-0.6.28-r1.ebuild b/net-dns/avahi/avahi-0.6.28-r1.ebuild new file mode 100644 index 00000000..a6feb6c4 --- /dev/null +++ b/net-dns/avahi/avahi-0.6.28-r1.ebuild @@ -0,0 +1,202 @@ +# Copyright 1999-2011 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-dns/avahi/avahi-0.6.28-r1.ebuild,v 1.5 2011/03/02 08:46:47 tomka Exp $ + +EAPI="3" + +PYTHON_DEPEND="python? 2" +PYTHON_USE_WITH="gdbm" +PYTHON_USE_WITH_OPT="python" + +inherit eutils mono python multilib flag-o-matic + +DESCRIPTION="System which facilitates service discovery on a local network" +HOMEPAGE="http://avahi.org/" +SRC_URI="http://avahi.org/download/${P}.tar.gz" + +LICENSE="LGPL-2.1" +SLOT="0" +KEYWORDS="~alpha amd64 ~arm ~hppa ~ia64 ~mips ppc ppc64 ~s390 ~sh ~sparc x86 ~x86-fbsd" +IUSE="autoipd bookmarks dbus doc gdbm gtk howl-compat ipv6 kernel_linux mdnsresponder-compat mono python qt3 qt4 test " + +DBUS_DEPEND=">=sys-apps/dbus-0.30" +RDEPEND=">=dev-libs/libdaemon-0.14 + dev-libs/expat + >=dev-libs/glib-2 + gdbm? ( sys-libs/gdbm ) + qt3? ( x11-libs/qt:3 ) + qt4? ( x11-libs/qt-core:4 ) + gtk? ( + >=x11-libs/gtk+-2.14.0:2 + ) + dbus? ( + ${DBUS_DEPEND} + python? ( dev-python/dbus-python ) + ) + mono? ( + >=dev-lang/mono-1.1.10 + gtk? ( >=dev-dotnet/gtk-sharp-2 ) + ) + howl-compat? ( + !net-misc/howl + ${DBUS_DEPEND} + ) + mdnsresponder-compat? ( + !net-misc/mDNSResponder + ${DBUS_DEPEND} + ) + python? ( + gtk? ( >=dev-python/pygtk-2 ) + ) + bookmarks? ( + dev-python/twisted + dev-python/twisted-web + ) + kernel_linux? ( sys-libs/libcap )" +DEPEND="${RDEPEND} + >=dev-util/intltool-0.40.5 + >=dev-util/pkgconfig-0.9.0 + doc? ( + app-doc/doxygen + mono? ( >=virtual/monodoc-1.1.8 ) + )" + +pkg_setup() { + if use python; then + python_set_active_version 2 + python_pkg_setup + fi + + if use python && ! use dbus && ! use gtk; then + ewarn "For proper python support you should also enable the dbus and gtk USE flags!" + fi +} + +pkg_preinst() { + enewgroup netdev + enewgroup avahi + enewuser avahi -1 -1 -1 avahi + + if use autoipd; then + enewgroup avahi-autoipd + enewuser avahi-autoipd -1 -1 -1 avahi-autoipd + fi +} + +src_prepare() { + if use ipv6; then + sed -i \ + -e s/use-ipv6=no/use-ipv6=yes/ \ + avahi-daemon/avahi-daemon.conf || die + fi + + sed -i\ + -e "s:\\.\\./\\.\\./\\.\\./doc/avahi-docs/html/:../../../doc/${PF}/html/:" \ + doxygen_to_devhelp.xsl || die + + epatch "${FILESDIR}"/netlink-request-all-matches-when-requesting-interface.patch + epatch "${FILESDIR}"/${P}-CVE-2011-1002.patch +} + +src_configure() { + use sh && replace-flags -O? -O0 + + local myconf="" + + if use python; then + myconf+=" + $(use_enable dbus python-dbus) + $(use_enable gtk pygtk) + " + fi + + if use mono; then + myconf+=" $(use_enable doc monodoc)" + fi + + # these require dbus enabled + if use mdnsresponder-compat || use howl-compat || use mono; then + myconf+=" --enable-dbus" + fi + + # We need to unset DISPLAY, else the configure script might have problems detecting the pygtk module + unset DISPLAY + + # Upstream ships a gir file (AvahiCore.gir) which does not work with + # >=gobject-introspection-0.9, so we disable introspection for now. + # http://avahi.org/ticket/318 + econf \ + --localstatedir=/var \ + --with-distro=gentoo \ + --disable-python-dbus \ + --disable-pygtk \ + --disable-xmltoman \ + --disable-monodoc \ + --disable-introspection \ + --enable-glib \ + $(use_enable test tests) \ + $(use_enable autoipd) \ + $(use_enable mdnsresponder-compat compat-libdns_sd) \ + $(use_enable howl-compat compat-howl) \ + $(use_enable doc doxygen-doc) \ + $(use_enable mono) \ + $(use_enable dbus) \ + $(use_enable python) \ + --disable-gtk3 \ + $(use_enable gtk) \ + $(use_enable qt3) \ + $(use_enable qt4) \ + $(use_enable gdbm) \ + ${myconf} +} + +src_compile() { + emake || die "emake failed" + + use doc && { emake avahi.devhelp || die ; } +} + +src_install() { + emake install py_compile=true DESTDIR="${D}" || die "make install failed" + use bookmarks && use python && use dbus && use gtk || \ + rm -f "${D}"/usr/bin/avahi-bookmarks + + use howl-compat && ln -s avahi-compat-howl.pc "${D}"/usr/$(get_libdir)/pkgconfig/howl.pc + use mdnsresponder-compat && ln -s avahi-compat-libdns_sd/dns_sd.h "${D}"/usr/include/dns_sd.h + + if use autoipd; then + insinto /$(get_libdir)/rcscripts/net + doins "${FILESDIR}"/autoipd.sh || die + + insinto /$(get_libdir)/rc/net + newins "${FILESDIR}"/autoipd-openrc.sh autoipd.sh || die + fi + + dodoc docs/{AUTHORS,NEWS,README,TODO} || die + + if use doc; then + dohtml -r doxygen/html/. || die + insinto /usr/share/devhelp/books/avahi + doins avahi.devhelp || die + fi +} + +pkg_postrm() { + use python && python_mod_cleanup avahi $(use dbus && use gtk && echo avahi_discover) +} + +pkg_postinst() { + use python && python_mod_optimize avahi $(use dbus && use gtk && echo avahi_discover) + + if use autoipd; then + echo + elog "To use avahi-autoipd to configure your interfaces with IPv4LL (RFC3927)" + elog "addresses, just set config_<interface>=( autoipd ) in /etc/conf.d/net!" + fi + + if use dbus; then + echo + elog "If this is your first install of avahi please reload your dbus config" + elog "with /etc/init.d/dbus reload before starting avahi-daemon!" + fi +} diff --git a/net-dns/avahi/files/avahi-0.6.28-CVE-2011-1002.patch b/net-dns/avahi/files/avahi-0.6.28-CVE-2011-1002.patch new file mode 100644 index 00000000..9d80477c --- /dev/null +++ b/net-dns/avahi/files/avahi-0.6.28-CVE-2011-1002.patch @@ -0,0 +1,68 @@ +From: Vincent Untz <vuntz@opensuse.org> +Date: Fri, 18 Feb 2011 22:37:00 +0000 (+0100) +Subject: socket: Still read corrupt packets from the sockets +X-Git-Url: http://git.0pointer.de/?p=avahi.git;a=commitdiff_plain;h=46109dfec75534fe270c0ab902576f685d5ab3a6 + +socket: Still read corrupt packets from the sockets + +Else, we end up with an infinite loop with 100% CPU. + +http://www.avahi.org/ticket/325 +https://bugzilla.redhat.com/show_bug.cgi?id=667187 +--- + +diff --git a/avahi-core/socket.c b/avahi-core/socket.c +index be62105..e69ec7d 100644 +--- a/avahi-core/socket.c ++++ b/avahi-core/socket.c +@@ -653,10 +653,6 @@ AvahiDnsPacket *avahi_recv_dns_packet_ipv4( + goto fail; + } + +- /* For corrupt packets FIONREAD returns zero size (See rhbz #607297) */ +- if (!ms) +- goto fail; +- + p = avahi_dns_packet_new(ms + AVAHI_DNS_PACKET_EXTRA_SIZE); + + io.iov_base = AVAHI_DNS_PACKET_DATA(p); +@@ -683,10 +679,14 @@ AvahiDnsPacket *avahi_recv_dns_packet_ipv4( + goto fail; + } + +- if (sa.sin_addr.s_addr == INADDR_ANY) { ++ /* For corrupt packets FIONREAD returns zero size (See rhbz #607297). So ++ * fail after having read them. */ ++ if (!ms) ++ goto fail; ++ ++ if (sa.sin_addr.s_addr == INADDR_ANY) + /* Linux 2.4 behaves very strangely sometimes! */ + goto fail; +- } + + assert(!(msg.msg_flags & MSG_CTRUNC)); + assert(!(msg.msg_flags & MSG_TRUNC)); +@@ -810,10 +810,6 @@ AvahiDnsPacket *avahi_recv_dns_packet_ipv6( + goto fail; + } + +- /* For corrupt packets FIONREAD returns zero size (See rhbz #607297) */ +- if (!ms) +- goto fail; +- + p = avahi_dns_packet_new(ms + AVAHI_DNS_PACKET_EXTRA_SIZE); + + io.iov_base = AVAHI_DNS_PACKET_DATA(p); +@@ -841,6 +837,11 @@ AvahiDnsPacket *avahi_recv_dns_packet_ipv6( + goto fail; + } + ++ /* For corrupt packets FIONREAD returns zero size (See rhbz #607297). So ++ * fail after having read them. */ ++ if (!ms) ++ goto fail; ++ + assert(!(msg.msg_flags & MSG_CTRUNC)); + assert(!(msg.msg_flags & MSG_TRUNC)); + |