| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| 0001-Emit-error-if-requested-service-is-not-found.patch | Emit error if requested service is not found It currently just crashes instead of replying with error. Check return value and emit error instead of passing NULL pointer to reply. Fixes #375 |
=?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com> | no | 2022-11-17 | ||
| 0002-core-reject-overly-long-TXT-resource-records.patch | core: reject overly long TXT resource records Closes https://github.com/lathiat/avahi/issues/455 CVE-2023-38469 |
Evgeny Vereshchagin <evvers@ya.ru> | no | 2023-10-23 | ||
| 0003-Ensure-each-label-is-at-least-one-byte-long.patch | Ensure each label is at least one byte long The only allowed exception is single dot, where it should return empty string. Fixes #454. |
=?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com> | no | 2023-04-11 | ||
| 0004-core-extract-host-name-using-avahi_unescape_label.patch | core: extract host name using avahi_unescape_label() Previously we could create invalid escape sequence when we split the string on dot. For example, from valid host name "foo\\.bar" we have created invalid name "foo\\" and tried to set that as the host name which crashed the daemon. Fixes #453 CVE-2023-38471 |
Michal Sekletar <msekleta@redhat.com> | no | 2023-10-23 | ||
| 0005-core-make-sure-there-is-rdata-to-process-before-pars.patch | core: make sure there is rdata to process before parsing it Fixes #452 CVE-2023-38472 |
Michal Sekletar <msekleta@redhat.com> | no | 2023-10-19 | ||
| 0006-common-derive-alternative-host-name-from-its-unescap.patch | common: derive alternative host name from its unescaped version Normalization of input makes sure we don't have to deal with special cases like unescaped dot at the end of label. Fixes #451 #487 CVE-2023-38473 |
Michal Sekletar <msekleta@redhat.com> | no | 2023-10-11 | ||
| avahi-dnsconfd.service-Drop-Also-avahi-daemon.socket.patch | avahi-dnsconfd.service: Drop "Also=avahi-daemon.socket" 'Also=avahi-daemon.socket' means that 'systemctl disable avahi-dnsconfd' will also disable avahi-daemon.socket, which is definitely not what we want, and it also causes debhelper to throw an error. Just drop this entry from the configuration. |
Steve Langasek <steve.langasek@ubuntu.com> | no | debian | 2020-02-18 | |
| man-fix-reference-to-avahi-autoipd.action-8-in-avahi-auto.patch | man: fix reference to avahi-autoipd.action(8) in avahi-autoipd(8) | Michael Biebl <biebl@debian.org> | yes | debian | 2017-09-17 | |
| man-add-missing-bshell.1-symlink.patch | man: add missing bshell.1 symlink The bshell binary is missing a symlink to its manual page. It should be symlinked to the man page for bssh, just like how the bvnc man page is. |
Michael Biebl <biebl@debian.org> | yes | debian | 2017-09-17 | |
| Ship-avahi-discover-1-bssh-1-and-bvnc-1-also-for-GTK3.patch | Ship avahi-discover(1), bssh(1) and bvnc(1) also for GTK3 These manpages went missing when you disabled gtk2 builds.... |
Andreas Henriksson <andreas@fatal.se> | yes | 2017-08-24 | ||
| avahi_dns_packet_consume_uint32-fix-potential-undefined-b.patch | avahi_dns_packet_consume_uint32: fix potential undefined behavior avahi_dns_packet_consume_uint32 left shifts uint8_t values by 8, 16 and 24 bits to combine them into a 32-bit value. This produces an undefined behavior warning with gcc -fsanitize when fed input values of 128 or 255 however in testing no actual unexpected behavior occurs in practice and the 32-bit uint32_t is always correctly produced as the final value is immediately stored into a uint32_t and the compiler appears to handle this "correctly". Cast the intermediate values to uint32_t to prevent this warning and ensure the intended result is explicit. |
traffic-millions <60914101+traffic-millions@users.noreply.github.com> | no | upstream, 0.9, commit:b897ca43ac100d326d118e5877da710eb7f836f9 | 2020-03-03 | |
| fix-bytestring-decoding-for-proper-display.patch | fix bytestring decoding for proper display | =?utf-8?q?=C3=89ric_Araujo?= <merwok@netwok.org> | no | 2020-02-29 | ||
| avahi-discover-Don-t-decode-unicode-strings-only-bytestri.patch | avahi-discover: Don't decode unicode strings, only bytestrings Unicode strings (unicode in Python 2, str or unicode in Python 3) don't have a decode method; only bytestrings (str or bytes in Python 2, bytes in Python 3) have that. Decode exactly the strings that need decoding. |
Simon McVittie <smcv@debian.org> | yes | 2020-04-24 | ||
| Fetch-build-db-from-upstream-git.patch | Fetch build-db from upstream git Fetch the build-db file from: https://raw.githubusercontent.com/lathiat/avahi/master/service-type-database/build-db This file is missing dist tarball, likely caused by changes in: https://github.com/lathiat/avahi/pull/134 Carry it as a patch for now. |
Andreas Henriksson <andreas@fatal.se> | no | 2019-10-26 | ||
| build-db-Use-the-same-database-format-that-the-C-code-exp.patch | build-db: Use the same database format that the C code expects Otherwise, Python 2 anydbm will preferentially choose Berkeley DB format (dbhash/bsddb), which is neither GNU gdbm nor traditional Unix (n)dbm. |
Simon McVittie <smcv@debian.org> | no | 2020-05-07 | ||
| avahi-discover-Escape-strings-substituted-into-Pango-mark.patch | avahi-discover: Escape strings substituted into Pango markup Otherwise, a TXT entry containing a URL with '&' will cause an error. |
Simon McVittie <smcv@debian.org> | yes | 2022-01-30 | ||
| Do-not-disable-timeout-cleanup-on-watch-cleanup.patch | Do not disable timeout cleanup on watch cleanup This was causing timeouts to never be removed from the linked list that tracks them, resulting in both memory and CPU usage to grow larger over time. |
Gustavo Noronha Silva <gustavo@noronha.dev.br> | no | 2022-01-02 | ||
| Fix-NULL-pointer-crashes-from-175.patch | Fix NULL pointer crashes from #175 avahi-daemon is crashing when running "ping .local". The crash is due to failing assertion from NULL pointer. Add missing NULL pointer checks to fix it. Introduced in #175 - merge commit 8f75a045709a780c8cf92a6a21e9d35b593bdecd (cherry picked from commit 9d31939e55280a733d930b15ac9e4dda4497680c) |
Tommi Rantala <tommi.t.rantala@nokia.com> | no | 2021-02-08 | ||
| Avoid-infinite-loop-in-avahi-daemon-by-handling-HUP-event.patch | Avoid infinite-loop in avahi-daemon by handling HUP event in client_work If a client fills the input buffer, client_work() disables the AVAHI_WATCH_IN event, thus preventing the function from executing the `read` syscall the next times it is called. However, if the client then terminates the connection, the socket file descriptor receives a HUP event, which is not handled, thus the kernel keeps marking the HUP event as occurring. While iterating over the file descriptors that triggered an event, the client file descriptor will keep having the HUP event and the client_work() function is always called with AVAHI_WATCH_HUP but without nothing being done, thus entering an infinite loop. See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984938 (cherry picked from commit 447affe29991ee99c6b9732fc5f2c1048a611d3b) |
Riccardo Schirone <sirmy15@gmail.com> | no | 2021-03-26 |