summary refs log tree commit diff
diff options
context:
space:
mode:
-rw-r--r--gnu/local.mk1
-rw-r--r--gnu/packages/avahi.scm36
-rw-r--r--gnu/packages/patches/avahi-CVE-2018-1000845.patch42
3 files changed, 23 insertions, 56 deletions
diff --git a/gnu/local.mk b/gnu/local.mk
index 21a149c469..1d3d6ff4e7 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -743,7 +743,6 @@ dist_patch_DATA =						\
   %D%/packages/patches/audiofile-hurd.patch \
   %D%/packages/patches/audiofile-signature-of-multiplyCheckOverflow.patch \
   %D%/packages/patches/automake-skip-amhello-tests.patch	\
-  %D%/packages/patches/avahi-CVE-2018-1000845.patch		\
   %D%/packages/patches/avahi-localstatedir.patch		\
   %D%/packages/patches/avogadro-boost148.patch			\
   %D%/packages/patches/avogadro-eigen3-update.patch		\
diff --git a/gnu/packages/avahi.scm b/gnu/packages/avahi.scm
index 4675f3b011..602f9d7997 100644
--- a/gnu/packages/avahi.scm
+++ b/gnu/packages/avahi.scm
@@ -2,6 +2,7 @@
 ;;; Copyright © 2013, 2014, 2015, 2017, 2018 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2014 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr>
+;;; Copyright © 2020 Marius Bakke <mbakke@fastmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -25,16 +26,18 @@
   #:use-module (guix build-system gnu)
   #:use-module (gnu packages)
   #:use-module (gnu packages dbm)
+  #:use-module (gnu packages gettext)
+  #:use-module (gnu packages glib)
   #:use-module (gnu packages libdaemon)
+  #:use-module (gnu packages libevent)
   #:use-module (gnu packages linux)
   #:use-module (gnu packages pkg-config)
-  #:use-module (gnu packages glib)
   #:use-module (gnu packages xml))
 
 (define-public avahi
   (package
     (name "avahi")
-    (version "0.7")
+    (version "0.8")
     (home-page "https://avahi.org")
     (source (origin
              (method url-fetch)
@@ -42,11 +45,17 @@
                                  version ".tar.gz"))
              (sha256
               (base32
-               "0128n7jlshw4bpx0vg8lwj8qwdisjxi7mvniwfafgnkzzrfrpaap"))
-             (patches (search-patches "avahi-localstatedir.patch"
-                                      "avahi-CVE-2018-1000845.patch"))))
-    ;; Hide a duplicate of the CVE fixed above.
-    (properties `((lint-hidden-cve . ("CVE-2017-6519"))))
+               "1npdixwxxn3s9q1f365x9n9rc5xgfz39hxf23faqvlrklgbhj0q6"))
+             (patches (search-patches "avahi-localstatedir.patch"))
+             (modules '((guix build utils)))
+             (snippet
+              '(begin
+                 ;; Fix version constraint in the avahi-libevent pkg-config file.
+                 ;; This can be removed for Avahi versions > 0.8.
+                 (substitute* "avahi-libevent.pc.in"
+                   (("libevent-2\\.1\\.5")
+                    "libevent >= 2.1.5"))
+                 #t))))
     (build-system gnu-build-system)
     (arguments
      '(#:configure-flags '("--with-distro=none"
@@ -57,18 +66,19 @@
                            "--disable-doxygen-doc"
                            "--disable-xmltoman"
                            "--enable-tests"
-                           "--disable-qt3" "--disable-qt4"
+                           "--disable-qt4" "--disable-qt5"
                            "--disable-gtk" "--disable-gtk3"
                            "--enable-compat-libdns_sd")))
     (inputs
-     `(("expat" ,expat)
-       ("glib" ,glib)
-       ("dbus" ,dbus)
+     `(("dbus" ,dbus)
+       ("expat" ,expat)
        ("gdbm" ,gdbm)
+       ("glib" ,glib)
        ("libcap" ,libcap)            ;to enable chroot support in avahi-daemon
-       ("libdaemon" ,libdaemon)))
+       ("libdaemon" ,libdaemon)
+       ("libevent" ,libevent)))
     (native-inputs
-     `(("intltool" ,intltool)
+     `(("gettext" ,gettext-minimal)
        ("glib" ,glib "bin")
        ("pkg-config" ,pkg-config)))
     (synopsis "Implementation of mDNS/DNS-SD protocols")
diff --git a/gnu/packages/patches/avahi-CVE-2018-1000845.patch b/gnu/packages/patches/avahi-CVE-2018-1000845.patch
deleted file mode 100644
index e5b13e0bee..0000000000
--- a/gnu/packages/patches/avahi-CVE-2018-1000845.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-From e111def44a7df4624a4aa3f85fe98054bffb6b4f Mon Sep 17 00:00:00 2001
-From: Trent Lloyd <trent@lloyd.id.au>
-Date: Sat, 22 Dec 2018 09:06:07 +0800
-Subject: [PATCH] Drop legacy unicast queries from address not on local link
-
-When handling legacy unicast queries, ensure that the source IP is
-inside a subnet on the local link, otherwise drop the packet.
-
-Fixes #145
-Fixes #203
-CVE-2017-6519
-CVE-2018-100084
----
- avahi-core/server.c | 8 ++++++++
- 1 file changed, 8 insertions(+)
-
-diff --git a/avahi-core/server.c b/avahi-core/server.c
-index a2cb19a8..a2580e38 100644
---- a/avahi-core/server.c
-+++ b/avahi-core/server.c
-@@ -930,6 +930,7 @@ static void dispatch_packet(AvahiServer *s, AvahiDnsPacket *p, const AvahiAddres
- 
-     if (avahi_dns_packet_is_query(p)) {
-         int legacy_unicast = 0;
-+        char t[AVAHI_ADDRESS_STR_MAX];
- 
-         /* For queries EDNS0 might allow ARCOUNT != 0. We ignore the
-          * AR section completely here, so far. Until the day we add
-@@ -947,6 +948,13 @@ static void dispatch_packet(AvahiServer *s, AvahiDnsPacket *p, const AvahiAddres
-             legacy_unicast = 1;
-         }
- 
-+        if (!is_mdns_mcast_address(dst_address) &&
-+            !avahi_interface_address_on_link(i, src_address)) {
-+
-+            avahi_log_debug("Received non-local unicast query from host %s on interface '%s.%i'.", avahi_address_snprint(t, sizeof(t), src_address), i->hardware->name, i->protocol);
-+            return;
-+        }
-+
-         if (legacy_unicast)
-             reflect_legacy_unicast_query_packet(s, p, i, src_address, port);
-