Revision bump, security bug #355583.

Package-Manager: portage-2.2.0_alpha25/cvs/Linux x86_64
author: Sven Wegener <swegener@gentoo.org> 2011-02-27 01:24:33 +0000
committer: Sven Wegener <swegener@gentoo.org> 2011-02-27 01:24:33 +0000
commit: fbc08ae5c740874cd73a9d24dd0e9ed503315dab (patch)
tree: 2c24300f5399f774f117ab26adb8836a16a62c15 /net-dns/avahi
parent: ~amd64 keyword as per bug #356417. Thanks Agostino and Attila Jecs (diff)
download: historical-fbc08ae5c740874cd73a9d24dd0e9ed503315dab.tar.gz
historical-fbc08ae5c740874cd73a9d24dd0e9ed503315dab.tar.bz2
historical-fbc08ae5c740874cd73a9d24dd0e9ed503315dab.zip
4 files changed, 279 insertions, 12 deletions
diff --git a/net-dns/avahi/ChangeLog b/net-dns/avahi/ChangeLog
index c278e92fb952..ecc404b1c04b 100644
--- a/net-dns/avahi/ChangeLog
+++ b/net-dns/avahi/ChangeLog
@@ -1,6 +1,12 @@
 # ChangeLog for net-dns/avahi
 # Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-dns/avahi/ChangeLog,v 1.192 2011/01/23 20:24:45 swegener Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-dns/avahi/ChangeLog,v 1.193 2011/02/27 01:24:33 swegener Exp $
+
+*avahi-0.6.28-r1 (27 Feb 2011)
+
+  27 Feb 2011; Sven Wegener <swegener@gentoo.org> +avahi-0.6.28-r1.ebuild,
+  +files/avahi-0.6.28-CVE-2011-1002.patch:
+  Revision bump, security bug #355583.
 
   23 Jan 2011; Sven Wegener <swegener@gentoo.org> avahi-0.6.28.ebuild,
   +files/netlink-request-all-matches-when-requesting-interface.patch:
diff --git a/net-dns/avahi/Manifest b/net-dns/avahi/Manifest
index 6220be259fce..042dc65b0fc3 100644
--- a/net-dns/avahi/Manifest
+++ b/net-dns/avahi/Manifest
@@ -1,11 +1,9 @@
------BEGIN PGP SIGNED MESSAGE-----
-Hash: SHA1
-
 AUX autoipd-openrc.sh 700 RMD160 00e259967279dc52ee99476dfb4d6c9672b77ee3 SHA1 1d9858b99f23688f6a0f4a6726400bbbe41df976 SHA256 9f9e8d751bc640491397c8a06cbb6f3dcbf9cdf1a083e274f4d802c9c925c6c0
 AUX autoipd.sh 1271 RMD160 85ac3d69aff64867baa0ba6c58e9f224ba0e2e57 SHA1 95a6145f00ccd511e3b067d4669148861f56c2a4 SHA256 9582a49d0674fac714f448976065fd4e1f0423c08f645685160ed682a121f8c9
 AUX avahi-0.6.24-cmsg_space.patch 449 RMD160 9593ee893daf908e35f36a7396ae5d52a7618022 SHA1 49fd79c1d0e0302747e84bdf611cfb0bf310b4c3 SHA256 f3b6bf6f522aea93627df8afda317782ed760493ffad9108697b50a310bc92d7
 AUX avahi-0.6.24-libintl.patch 542 RMD160 918aa11cdbce6f38d9a9446c798db2bc43a957b5 SHA1 c9f8ef5d0047b591e6e88153731ae380d64a2431 SHA256 fb8e37d6071a990184a7ad3c20a7709554103fb2c4f02450c338b9fbcf358215
 AUX avahi-0.6.27-no-auto-activated.patch 1677 RMD160 c5abd8cab9872c22b57de2158c3cb3117722b206 SHA1 2158ca2c25aa8f81dbb6d376ff00a3ed26932e4b SHA256 907ccacfaf118e88a750ff3699e53b4efed7661bb3d09722f04fc389fe46f12b
+AUX avahi-0.6.28-CVE-2011-1002.patch 2076 RMD160 0b561a78e75099a14e7a3da5290cd1ffa6a75533 SHA1 6d298861d7c7b432cd350f3df277e43ed59b378b SHA256 bf8422b278c0c66eca063672c4836346a4d85cb16014882ca3003b0a79ba9f97
 AUX netlink-request-all-matches-when-requesting-interface.patch 1642 RMD160 b8c1987c35e2d7fde63ee3971bb6e5cafe37ae43 SHA1 44fe78fda6a2cdfbb92654164fa421450aaec68a SHA256 9b91094b8316d8125a2dc2b118c406e2ae8e5f7760089a041bbf539ff44dc12f
 DIST avahi-0.6.25.tar.gz 1103653 RMD160 3025f774360a8ea3b9de87e2df0b00387569aaf2 SHA1 7ce8ed5a494d72401dd81f64594fda59d2ec91fd SHA256 9220d974f5515b8ccfa3900cd72cedcac0fa4cc87ca3c64405f7c55346cbba59
 DIST avahi-0.6.27.tar.gz 1217974 RMD160 36e6a242f0c926351e31871d8a4f8a52a501fdc3 SHA1 e763bbeba92fd5b3ba3e2af5fc85aaf99b406c8b SHA256 c22df5e0b0d695bfe3cc52545bf0affc1c52060818a5a65d70055e320bc45e84
@@ -13,13 +11,7 @@ DIST avahi-0.6.28.tar.gz 1238660 RMD160 d61b370baa3f25d57efba43f2c34b54cab7e7e9e
 EBUILD avahi-0.6.25-r1.ebuild 4969 RMD160 93b0bb1c0f87637f7485081fa6647ecaa0ce15dd SHA1 a4ee3e21b81e432b2a1c6f4d26471a0a445f1b7a SHA256 d72e398f421fd87996dfd0d8ebe55190427fb9ec1083b2a499de1e964d3f7a6b
 EBUILD avahi-0.6.27-r1.ebuild 4871 RMD160 053b02c70371f9b197e983c70b7e5265f8f988eb SHA1 ffcc35d3e3532f20585934808e868dd4ba8db15e SHA256 913f4cf3becf8345e6c9a9888163d6fbe33aea49a06313e4e6a3a4c15e699542
 EBUILD avahi-0.6.27.ebuild 4618 RMD160 097694af948068f26992569ee32ed475b051ba50 SHA1 f3e5906e4f5f4ef03683172056254de37a5d0041 SHA256 4461291256d37728553ae17766437422b55cd1bcf340d32ce3bbf076fc7b5acf
+EBUILD avahi-0.6.28-r1.ebuild 4884 RMD160 7fcd0a1928032c6634cd4ad848856ea6385b3977 SHA1 a06225651e8adad9079382b40c148df288bb7b2a SHA256 9b080ae0e43c41e6804d70bf6732b808177e63465ceca200626cff4a15807e61
 EBUILD avahi-0.6.28.ebuild 4834 RMD160 661b6823f941606bf4b9e798c4b41ae9a684076f SHA1 af6026f849905b6b16c3e4910b671ab7c793dd7f SHA256 81eb492644ab25e0026e0ec399c12765011f586364343c8e5294c12b1f6c6366
-MISC ChangeLog 28677 RMD160 38ef51e905cb309cb02cc841c4a6b25eb406ce99 SHA1 f3e6573a727ac7cfa4479b0a3a2652163235e6b1 SHA256 514f03e6017aec0b49ea201bdd14bb0f1faa4172c2a9038aa859e93fab81415c
+MISC ChangeLog 28867 RMD160 5ec1d3845c26b5fd4f22ac1ffd5d7a7de479e3e4 SHA1 5e6153cbe3d50afffe7a51f55088b93ead485605 SHA256 37dc41293c612c77d0028775ebc3c77df4eb02af53fce519026a3b2fc9b728d8
 MISC metadata.xml 609 RMD160 fa4efaaf9b8ac6d75251c9bd1f0721ea175acda9 SHA1 4532738c9ff6d9d2a2aef226b827919ac31be2de SHA256 365224bb3c21c159a89fa03ea08c534eb27cc2df62012a69e03ad81779607faa
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v2.0.17 (GNU/Linux)
-
-iEYEARECAAYFAk08jpIACgkQI1lqEGTUzyTF9wCgzcoXHebf87trUyTRO7xoaTNG
-FCkAoJP39O+kHApHnOgJxBXGWbsC0ACz
-=DSCl
------END PGP SIGNATURE-----
diff --git a/net-dns/avahi/avahi-0.6.28-r1.ebuild b/net-dns/avahi/avahi-0.6.28-r1.ebuild
new file mode 100644
index 000000000000..6d8ec3b4e6f5
--- /dev/null
+++ b/net-dns/avahi/avahi-0.6.28-r1.ebuild
@@ -0,0 +1,201 @@
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-dns/avahi/avahi-0.6.28-r1.ebuild,v 1.1 2011/02/27 01:24:33 swegener Exp $
+
+EAPI="3"
+
+PYTHON_DEPEND="python? 2"
+PYTHON_USE_WITH="gdbm"
+PYTHON_USE_WITH_OPT="python"
+
+inherit eutils mono python multilib flag-o-matic
+
+DESCRIPTION="System which facilitates service discovery on a local network"
+HOMEPAGE="http://avahi.org/"
+SRC_URI="http://avahi.org/download/${P}.tar.gz"
+
+LICENSE="LGPL-2.1"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x86-fbsd"
+IUSE="autoipd bookmarks dbus doc gdbm gtk howl-compat ipv6 kernel_linux mdnsresponder-compat mono python qt4 test "
+
+DBUS_DEPEND=">=sys-apps/dbus-0.30"
+RDEPEND=">=dev-libs/libdaemon-0.14
+	dev-libs/expat
+	>=dev-libs/glib-2
+	gdbm? ( sys-libs/gdbm )
+	qt4? ( x11-libs/qt-core:4 )
+	gtk? (
+		>=x11-libs/gtk+-2.14.0:2
+	)
+	dbus? (
+		${DBUS_DEPEND}
+		python? ( dev-python/dbus-python )
+	)
+	mono? (
+		>=dev-lang/mono-1.1.10
+		gtk? ( >=dev-dotnet/gtk-sharp-2 )
+	)
+	howl-compat? (
+		!net-misc/howl
+		${DBUS_DEPEND}
+	)
+	mdnsresponder-compat? (
+		!net-misc/mDNSResponder
+		${DBUS_DEPEND}
+	)
+	python? (
+		gtk? ( >=dev-python/pygtk-2 )
+	)
+	bookmarks? (
+		dev-python/twisted
+		dev-python/twisted-web
+	)
+	kernel_linux? ( sys-libs/libcap )"
+DEPEND="${RDEPEND}
+	>=dev-util/intltool-0.40.5
+	>=dev-util/pkgconfig-0.9.0
+	doc? (
+		app-doc/doxygen
+		mono? ( >=virtual/monodoc-1.1.8 )
+	)"
+
+pkg_setup() {
+	if use python; then
+		python_set_active_version 2
+		python_pkg_setup
+	fi
+
+	if use python && ! use dbus && ! use gtk; then
+		ewarn "For proper python support you should also enable the dbus and gtk USE flags!"
+	fi
+}
+
+pkg_preinst() {
+	enewgroup netdev
+	enewgroup avahi
+	enewuser avahi -1 -1 -1 avahi
+
+	if use autoipd; then
+		enewgroup avahi-autoipd
+		enewuser avahi-autoipd -1 -1 -1 avahi-autoipd
+	fi
+}
+
+src_prepare() {
+	if use ipv6; then
+		sed -i \
+			-e s/use-ipv6=no/use-ipv6=yes/ \
+			avahi-daemon/avahi-daemon.conf || die
+	fi
+
+	sed -i\
+		-e "s:\\.\\./\\.\\./\\.\\./doc/avahi-docs/html/:../../../doc/${PF}/html/:" \
+		doxygen_to_devhelp.xsl || die
+
+	epatch "${FILESDIR}"/netlink-request-all-matches-when-requesting-interface.patch
+	epatch "${FILESDIR}"/${P}-CVE-2011-1002.patch
+}
+
+src_configure() {
+	use sh && replace-flags -O? -O0
+
+	local myconf=""
+
+	if use python; then
+		myconf+="
+			$(use_enable dbus python-dbus)
+			$(use_enable gtk pygtk)
+		"
+	fi
+
+	if use mono; then
+		myconf+=" $(use_enable doc monodoc)"
+	fi
+
+	# these require dbus enabled
+	if use mdnsresponder-compat || use howl-compat || use mono; then
+		myconf+=" --enable-dbus"
+	fi
+
+	# We need to unset DISPLAY, else the configure script might have problems detecting the pygtk module
+	unset DISPLAY
+
+	# Upstream ships a gir file (AvahiCore.gir) which does not work with
+	# >=gobject-introspection-0.9, so we disable introspection for now.
+	# http://avahi.org/ticket/318
+	econf \
+		--localstatedir=/var \
+		--with-distro=gentoo \
+		--disable-python-dbus \
+		--disable-pygtk \
+		--disable-xmltoman \
+		--disable-monodoc \
+		--disable-introspection \
+		--enable-glib \
+		$(use_enable test tests) \
+		$(use_enable autoipd) \
+		$(use_enable mdnsresponder-compat compat-libdns_sd) \
+		$(use_enable howl-compat compat-howl) \
+		$(use_enable doc doxygen-doc) \
+		$(use_enable mono) \
+		$(use_enable dbus) \
+		$(use_enable python) \
+		--disable-gtk3 \
+		$(use_enable gtk) \
+		--disable-qt3 \
+		$(use_enable qt4) \
+		$(use_enable gdbm) \
+		${myconf}
+}
+
+src_compile() {
+	emake || die "emake failed"
+
+	use doc && { emake avahi.devhelp || die ; }
+}
+
+src_install() {
+	emake install py_compile=true DESTDIR="${D}" || die "make install failed"
+	use bookmarks && use python && use dbus && use gtk || \
+		rm -f "${D}"/usr/bin/avahi-bookmarks
+
+	use howl-compat && ln -s avahi-compat-howl.pc "${D}"/usr/$(get_libdir)/pkgconfig/howl.pc
+	use mdnsresponder-compat && ln -s avahi-compat-libdns_sd/dns_sd.h "${D}"/usr/include/dns_sd.h
+
+	if use autoipd; then
+		insinto /$(get_libdir)/rcscripts/net
+		doins "${FILESDIR}"/autoipd.sh || die
+
+		insinto /$(get_libdir)/rc/net
+		newins "${FILESDIR}"/autoipd-openrc.sh autoipd.sh || die
+	fi
+
+	dodoc docs/{AUTHORS,NEWS,README,TODO} || die
+
+	if use doc; then
+		dohtml -r doxygen/html/. || die
+		insinto /usr/share/devhelp/books/avahi
+		doins avahi.devhelp || die
+	fi
+}
+
+pkg_postrm() {
+	use python && python_mod_cleanup avahi avahi_discover
+}
+
+pkg_postinst() {
+	use python && python_mod_optimize avahi avahi_discover
+
+	if use autoipd; then
+		echo
+		elog "To use avahi-autoipd to configure your interfaces with IPv4LL (RFC3927)"
+		elog "addresses, just set config_<interface>=( autoipd ) in /etc/conf.d/net!"
+	fi
+
+	if use dbus; then
+		echo
+		elog "If this is your first install of avahi please reload your dbus config"
+		elog "with /etc/init.d/dbus reload before starting avahi-daemon!"
+	fi
+}
diff --git a/net-dns/avahi/files/avahi-0.6.28-CVE-2011-1002.patch b/net-dns/avahi/files/avahi-0.6.28-CVE-2011-1002.patch
new file mode 100644
index 000000000000..9d80477c2af1
--- /dev/null
+++ b/net-dns/avahi/files/avahi-0.6.28-CVE-2011-1002.patch
@@ -0,0 +1,68 @@
+From: Vincent Untz <vuntz@opensuse.org>
+Date: Fri, 18 Feb 2011 22:37:00 +0000 (+0100)
+Subject: socket: Still read corrupt packets from the sockets
+X-Git-Url: http://git.0pointer.de/?p=avahi.git;a=commitdiff_plain;h=46109dfec75534fe270c0ab902576f685d5ab3a6
+
+socket: Still read corrupt packets from the sockets
+
+Else, we end up with an infinite loop with 100% CPU.
+
+http://www.avahi.org/ticket/325
+https://bugzilla.redhat.com/show_bug.cgi?id=667187
+---
+
+diff --git a/avahi-core/socket.c b/avahi-core/socket.c
+index be62105..e69ec7d 100644
+--- a/avahi-core/socket.c
++++ b/avahi-core/socket.c
+@@ -653,10 +653,6 @@ AvahiDnsPacket *avahi_recv_dns_packet_ipv4(
+         goto fail;
+     }
+ 
+-    /* For corrupt packets FIONREAD returns zero size (See rhbz #607297) */
+-    if (!ms)
+-        goto fail;
+-
+     p = avahi_dns_packet_new(ms + AVAHI_DNS_PACKET_EXTRA_SIZE);
+ 
+     io.iov_base = AVAHI_DNS_PACKET_DATA(p);
+@@ -683,10 +679,14 @@ AvahiDnsPacket *avahi_recv_dns_packet_ipv4(
+         goto fail;
+     }
+ 
+-    if (sa.sin_addr.s_addr == INADDR_ANY) {
++    /* For corrupt packets FIONREAD returns zero size (See rhbz #607297). So
++     * fail after having read them. */
++    if (!ms)
++        goto fail;
++
++    if (sa.sin_addr.s_addr == INADDR_ANY)
+         /* Linux 2.4 behaves very strangely sometimes! */
+         goto fail;
+-    }
+ 
+     assert(!(msg.msg_flags & MSG_CTRUNC));
+     assert(!(msg.msg_flags & MSG_TRUNC));
+@@ -810,10 +810,6 @@ AvahiDnsPacket *avahi_recv_dns_packet_ipv6(
+         goto fail;
+     }
+ 
+-    /* For corrupt packets FIONREAD returns zero size (See rhbz #607297) */
+-    if (!ms)
+-        goto fail;
+-
+     p = avahi_dns_packet_new(ms + AVAHI_DNS_PACKET_EXTRA_SIZE);
+ 
+     io.iov_base = AVAHI_DNS_PACKET_DATA(p);
+@@ -841,6 +837,11 @@ AvahiDnsPacket *avahi_recv_dns_packet_ipv6(
+         goto fail;
+     }
+ 
++    /* For corrupt packets FIONREAD returns zero size (See rhbz #607297). So
++     * fail after having read them. */
++    if (!ms)
++        goto fail;
++
+     assert(!(msg.msg_flags & MSG_CTRUNC));
+     assert(!(msg.msg_flags & MSG_TRUNC));
+
author	Sven Wegener <swegener@gentoo.org>	2011-02-27 01:24:33 +0000
committer	Sven Wegener <swegener@gentoo.org>	2011-02-27 01:24:33 +0000
commit	fbc08ae5c740874cd73a9d24dd0e9ed503315dab (patch)
tree	2c24300f5399f774f117ab26adb8836a16a62c15 /net-dns/avahi
parent	~amd64 keyword as per bug #356417. Thanks Agostino and Attila Jecs (diff)
download	historical-fbc08ae5c740874cd73a9d24dd0e9ed503315dab.tar.gz historical-fbc08ae5c740874cd73a9d24dd0e9ed503315dab.tar.bz2 historical-fbc08ae5c740874cd73a9d24dd0e9ed503315dab.zip