| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| avahi-dnsconfd.service-Drop-Also-avahi-daemon.socket.patch | avahi-dnsconfd.service: Drop "Also=avahi-daemon.socket" 'Also=avahi-daemon.socket' means that 'systemctl disable avahi-dnsconfd' will also disable avahi-daemon.socket, which is definitely not what we want, and it also causes debhelper to throw an error. Just drop this entry from the configuration. |
Steve Langasek <steve.langasek@ubuntu.com> | no | debian | 2020-02-18 | |
| man-fix-reference-to-avahi-autoipd.action-8-in-avahi-auto.patch | man: fix reference to avahi-autoipd.action(8) in avahi-autoipd(8) | Michael Biebl <biebl@debian.org> | yes | debian | 2017-09-17 | |
| man-add-missing-bshell.1-symlink.patch | man: add missing bshell.1 symlink The bshell binary is missing a symlink to its manual page. It should be symlinked to the man page for bssh, just like how the bvnc man page is. |
Michael Biebl <biebl@debian.org> | yes | debian | 2017-09-17 | |
| Ship-avahi-discover-1-bssh-1-and-bvnc-1-also-for-GTK3.patch | Ship avahi-discover(1), bssh(1) and bvnc(1) also for GTK3 These manpages went missing when you disabled gtk2 builds.... |
Andreas Henriksson <andreas@fatal.se> | yes | 2017-08-24 | ||
| avahi_dns_packet_consume_uint32-fix-potential-undefined-b.patch | avahi_dns_packet_consume_uint32: fix potential undefined behavior avahi_dns_packet_consume_uint32 left shifts uint8_t values by 8, 16 and 24 bits to combine them into a 32-bit value. This produces an undefined behavior warning with gcc -fsanitize when fed input values of 128 or 255 however in testing no actual unexpected behavior occurs in practice and the 32-bit uint32_t is always correctly produced as the final value is immediately stored into a uint32_t and the compiler appears to handle this "correctly". Cast the intermediate values to uint32_t to prevent this warning and ensure the intended result is explicit. |
traffic-millions <60914101+traffic-millions@users.noreply.github.com> | no | upstream, 0.9, commit:b897ca43ac100d326d118e5877da710eb7f836f9 | 2020-03-03 | |
| fix-bytestring-decoding-for-proper-display.patch | fix bytestring decoding for proper display | =?utf-8?q?=C3=89ric_Araujo?= <merwok@netwok.org> | no | https://github.com/avahi/avahi/commit/a94f72081dd1d546a1d95d860311a1242315bb28 | 2020-02-29 | |
| avahi-discover-Don-t-decode-unicode-strings-only-bytestri.patch | avahi-discover: Don't decode unicode strings, only bytestrings Unicode strings (unicode in Python 2, str or unicode in Python 3) don't have a decode method; only bytestrings (str or bytes in Python 2, bytes in Python 3) have that. Decode exactly the strings that need decoding. |
Simon McVittie <smcv@debian.org> | yes | 2020-04-24 | ||
| Fetch-build-db-from-upstream-git.patch | Fetch build-db from upstream git Fetch the build-db file from: https://raw.githubusercontent.com/lathiat/avahi/master/service-type-database/build-db This file is missing dist tarball, likely caused by changes in: https://github.com/lathiat/avahi/pull/134 Carry it as a patch for now. |
Andreas Henriksson <andreas@fatal.se> | no | 2019-10-26 | ||
| build-db-Use-the-same-database-format-that-the-C-code-exp.patch | build-db: Use the same database format that the C code expects Otherwise, Python 2 anydbm will preferentially choose Berkeley DB format (dbhash/bsddb), which is neither GNU gdbm nor traditional Unix (n)dbm. |
Simon McVittie <smcv@debian.org> | no | 2020-05-07 | ||
| avahi-discover-Escape-strings-substituted-into-Pango-mark.patch | avahi-discover: Escape strings substituted into Pango markup Otherwise, a TXT entry containing a URL with '&' will cause an error. |
Simon McVittie <smcv@debian.org> | yes | 2022-01-30 | ||
| Do-not-disable-timeout-cleanup-on-watch-cleanup.patch | Do not disable timeout cleanup on watch cleanup This was causing timeouts to never be removed from the linked list that tracks them, resulting in both memory and CPU usage to grow larger over time. |
Gustavo Noronha Silva <gustavo@noronha.dev.br> | no | https://github.com/avahi/avahi/commit/b3ad387c74f20368f6dcf60f97d20a3bf8ba9782 | 2022-01-02 | |
| Fix-NULL-pointer-crashes-from-175.patch | Fix NULL pointer crashes from #175 avahi-daemon is crashing when running "ping .local". The crash is due to failing assertion from NULL pointer. Add missing NULL pointer checks to fix it. Introduced in #175 - merge commit 8f75a045709a780c8cf92a6a21e9d35b593bdecd (cherry picked from commit 9d31939e55280a733d930b15ac9e4dda4497680c) |
Tommi Rantala <tommi.t.rantala@nokia.com> | no | https://github.com/avahi/avahi/commit/9d31939e55280a733d930b15ac9e4dda4497680c | 2021-02-08 | |
| Fix-encoding-of-avahi-common-domain.h-to-be-UTF-8.patch | Fix encoding of avahi-common/domain.h to be UTF-8 spotted by lintian: N: N: N: N: (cherry picked from commit 7ed99620a748b07e3eb1db2f4b97fcee06a9e4e3) |
Michael Biebl <biebl@debian.org> | no | https://github.com/avahi/avahi/commit/7ed99620a748b07e3eb1db2f4b97fcee06a9e4e3 | 2022-06-05 | |
| Avoid-infinite-loop-in-avahi-daemon-by-handling-HUP-event.patch | Avoid infinite-loop in avahi-daemon by handling HUP event in client_work If a client fills the input buffer, client_work() disables the AVAHI_WATCH_IN event, thus preventing the function from executing the `read` syscall the next times it is called. However, if the client then terminates the connection, the socket file descriptor receives a HUP event, which is not handled, thus the kernel keeps marking the HUP event as occurring. While iterating over the file descriptors that triggered an event, the client file descriptor will keep having the HUP event and the client_work() function is always called with AVAHI_WATCH_HUP but without nothing being done, thus entering an infinite loop. See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984938 (cherry picked from commit 447affe29991ee99c6b9732fc5f2c1048a611d3b) |
Riccardo Schirone <sirmy15@gmail.com> | no | https://github.com/avahi/avahi/commit/447affe29991ee99c6b9732fc5f2c1048a611d3b | 2021-03-26 | |
| dbus-Use-non-deprecated-installation-path.patch | dbus: Use non-deprecated installation path Quoting from D-Bus 1.14.0 release notes: > Third-party software should install default dbus policies for the system > bus into ${datadir}/dbus-1/system.d (this has been supported since dbus > 1.10, released in August 2015). Installing default dbus policies in > ${sysconfdir}/dbus-1/system.d is now considered to be deprecated. https://gitlab.freedesktop.org/dbus/dbus/-/blob/dbus-1.14.0/NEWS#L45-51 |
Jan Tojnar <jtojnar@gmail.com> | no | https://github.com/lathiat/avahi/commit/0ab222c6601535f078f88e9d72b2c70cba03de23 | 2022-05-21 | |
| Emit-error-if-requested-service-is-not-found.patch | Emit error if requested service is not found It currently just crashes instead of replying with error. Check return value and emit error instead of passing NULL pointer to reply. Fixes #375 (cherry picked from commit a2696da2f2c50ac43b6c4903f72290d5c3fa9f6f) |
=?utf-8?b?UGV0ciBNZW7FocOtaw==?= <pemensik@redhat.com> | no | https://github.com/avahi/avahi/commit/a2696da2f2c50ac43b6c4903f72290d5c3fa9f6f | 2022-11-17 | |
| avahi-discover-Fix-invalid-escape-sequences-593.patch | avahi-discover: Fix invalid escape sequences (#593) * avahi-discover: Fix invalid escape sequences Corrects ``` /usr/lib/python3.12/site-packages/avahi/ServiceTypeDatabase.py:98: SyntaxWarning: invalid escape sequence '\.' if not re.search('_[a-zA-Z0-9-]+\._[a-zA-Z0-9-]+', key): /usr/lib/python3.12/site-packages/avahi/ServiceTypeDatabase.py:100: SyntaxWarning: invalid escape sequence '\.' if re.search('_[a-zA-Z0-9-]+\._[a-zA-Z0-9-]+\[.*\]', key): ``` (cherry picked from commit caf03584278b33c5c60aa7182da4d44cc1d322bd) |
Martin <spleefer90@gmail.com> | no | https://github.com/avahi/avahi/commit/caf03584278b33c5c60aa7182da4d44cc1d322bd | 2024-04-30 | |
| core-make-sure-there-is-rdata-to-process-before-parsing-i.patch | core: make sure there is rdata to process before parsing it Fixes #452 CVE-2023-38472 (cherry picked from commit b024ae5749f4aeba03478e6391687c3c9c8dee40) |
Michal Sekletar <msekleta@redhat.com> | no | https://github.com/avahi/avahi/commit/b024ae5749f4aeba03478e6391687c3c9c8dee40 | 2023-10-19 | |
| core-reject-overly-long-TXT-resource-records.patch | core: reject overly long TXT resource records Closes https://github.com/lathiat/avahi/issues/455 CVE-2023-38469 (cherry picked from commit a337a1ba7d15853fb56deef1f464529af6e3a1cf) |
Evgeny Vereshchagin <evvers@ya.ru> | no | https://github.com/avahi/avahi/commit/a337a1ba7d15853fb56deef1f464529af6e3a1cf | 2023-10-23 | |
| tests-pass-overly-long-TXT-resource-records.patch | tests: pass overly long TXT resource records to make sure they don't crash avahi any more. It reproduces https://github.com/lathiat/avahi/issues/455 (cherry picked from commit c6cab87df290448a63323c8ca759baa516166237) |
Evgeny Vereshchagin <evvers@ya.ru> | no | https://github.com/avahi/avahi/commit/c6cab87df290448a63323c8ca759baa516166237 | 2023-10-25 | |
| Ensure-each-label-is-at-least-one-byte-long.patch | Ensure each label is at least one byte long The only allowed exception is single dot, where it should return empty string. Fixes #454. (cherry picked from commit 94cb6489114636940ac683515417990b55b5d66c) |
=?utf-8?b?UGV0ciBNZW7FocOtaw==?= <pemensik@redhat.com> | no | https://github.com/avahi/avahi/commit/94cb6489114636940ac683515417990b55b5d66c | 2023-04-11 | |
| core-extract-host-name-using-avahi_unescape_label.patch | core: extract host name using avahi_unescape_label() Previously we could create invalid escape sequence when we split the string on dot. For example, from valid host name "foo\\.bar" we have created invalid name "foo\\" and tried to set that as the host name which crashed the daemon. Fixes #453 CVE-2023-38471 (cherry picked from commit 894f085f402e023a98cbb6f5a3d117bd88d93b09) |
Michal Sekletar <msekleta@redhat.com> | no | https://github.com/avahi/avahi/commit/894f085f402e023a98cbb6f5a3d117bd88d93b09 | 2023-10-23 | |
| common-derive-alternative-host-name-from-its-unescaped-ve.patch | common: derive alternative host name from its unescaped version Normalization of input makes sure we don't have to deal with special cases like unescaped dot at the end of label. Fixes #451 #487 CVE-2023-38473 (cherry picked from commit b448c9f771bada14ae8de175695a9729f8646797) |
Michal Sekletar <msekleta@redhat.com> | no | https://github.com/avahi/avahi/commit/b448c9f771bada14ae8de175695a9729f8646797 | 2023-10-11 | |
| core-no-longer-supply-bogus-services-to-callbacks.patch | core: no longer supply bogus services to callbacks It was technically a DOS allowing packets with service names like "bogus.service.local" to bring down `avahi-browse -a`. In practice it was usually triggered by misconfigured smart devices but it isn't that hard to forge packets like that and send them deliberately. The tests are added to make sure invalid service names are rejected and valid service names keep working. The fuzz target is updated to make sure that avahi_service_name_split always supplies valid arguments to avahi_service_name_join. avahi now logs what exactly it fails to split ``` avahi-daemon[176]: Failed to split service name '0.1.9.1.8.8.e.f.f.f.f.a.a.1.4.7.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa' avahi-daemon[176]: Failed to split service name 'bogus\032.\032\209\129\208\181\209\128\208\178\208\184\209\129.local' avahi-daemon[176]: Failed to split service name '255.20.254.169.in-addr.arpa' avahi-daemon[176]: Failed to split service name 'bogus\032.\032\209\129\208\181\209\128\208\178\208\184\209\129.local' avahi-daemon[176]: Failed to split service name '33.93.168.192.in-addr.arpa' ``` when --debug is passed to it (which makes that part consistent with the other places where weird packets are rejected). Closes https://github.com/lathiat/avahi/issues/212 (cherry picked from commit 93b14365c1c1e04efd1a890e8caa01a2a514bfd8) |
Evgeny Vereshchagin <evvers@ya.ru> | no | https://github.com/avahi/avahi/commit/93b14365c1c1e04efd1a890e8caa01a2a514bfd8 | 2023-11-12 |