mirror of
https://github.com/openwrt/packages.git
synced 2026-05-31 06:51:51 +08:00
Alexandru Ardelean
24c3026f94
Fixes https://github.com/openwrt/packages/issues/27952 Update avahi from 0.8 to 0.9-rc4. The 0.9 development line accumulates four years of bug and security fixes since the 0.8 release (2020-02-18). Notable improvements in 0.9-rc4 over 0.8: Security (all CVEs previously backported as patches, now removed): - CVE-2023-38469: reject TXT records whose total rdata exceeds AVAHI_DNS_RDATA_MAX, preventing heap-buffer reads under crafted mDNS - CVE-2023-38470: ensure each DNS label is at least one byte, preventing an infinite loop on malformed packets - CVE-2023-38471: extract host name via avahi_unescape_label() before generating an alternative to avoid operating on a raw escaped string - CVE-2023-38472: check that rdata pointer is non-NULL before passing to avahi_rdata_parse() from dbus-entry-group - CVE-2023-38473: derive alternative host name from its unescaped form, fixing incorrect hostname collision resolution with escaped labels Bug fixes (previously backported): - Fix NULL-pointer crashes in avahi_s_*_browser_new() (#175) - Avoid infinite loop in avahi-daemon simple-protocol by handling AVAHI_WATCH_HUP event in client_work - Fix potential undefined behaviour in avahi_dns_packet_consume_uint32: cast uint8_t operands to uint32_t before shifting - Fix memory/CPU leak in the simple event loop: cleanup_watches() was zeroing timeout_req_cleanup instead of watch_req_cleanup, so completed watches were never removed from the linked list - Emit D-Bus error reply when avahi-daemon cannot resolve a hostname or service, rather than crashing with a NULL dereference - Increase ini-file-parser line buffer from 256 to 1024 bytes to handle longer configuration values without silent truncation Other changes: - P2P tunnel support: IFF_MULTICAST is no longer required for point-to-point interfaces when allow-point-to-point=yes - Runtime directory: configure.ac now derives the socket path from ${runstatedir} (defaults to ${localstatedir}/run), so the explicit patch reverting the /run hardcoding is no longer needed - Patch 010-pkgconfig.patch (pkgconfig prefix alignment) is retained as it has not been merged upstream Dropped patches (all merged upstream): 020-revert-runtime-dir-systemd-change.patch 100-p2p-no-iff_multicast-required.patch 200-Fix-NULL-pointer-crashes-from-175.patch 201-Avoid-infinite-loop-in-avahi-daemon-by-handling-HUP-event.patch 202-avahi_dns_packet_consume_uint32-fix-potential-undefined-b.patch 203-Do-not-disable-timeout-cleanup-on-watch-cleanup.patch 204-Emit-error-if-requested-service-is-not-found.patch 205-conf-file-line-lengths.patch 300-CVE-2023-38469.patch through 304-CVE-2023-38473.patch Library SONAMES unchanged: libavahi-common.so.3, libavahi-core.so.7, libavahi-client.so.3 — no reverse dependency rebuilds required. Disable libsystemd (not available on OpenWrt) avahi 0.9-rc4 added --enable-libsystemd which defaults to enabled and fails configure when libsystemd is not found via pkg-config. OpenWrt does not provide libsystemd; disable it explicitly. Also pass --with-systemdsystemunitdir=no to suppress the pkg-config lookup for the systemd unit directory. Drop po/ subdir from build The 0.9-rc4 tarball is a raw git archive; po/Makefile.in.in is not pre-generated as it was in the 0.8 release tarball. autopoint (from gettext) is needed to install it, but is not available in the OpenWrt SDK. Since OpenWrt does not use NLS translations, remove po/ from SUBDIRS in Makefile.am to avoid the missing po/Makefile.in.in error during configure. In 0.9-rc4 the D-Bus system.d directory changed from $(sysconfdir)/dbus-1/system.d to $(datadir)/dbus-1/system.d, so avahi-dbus.conf is now installed under usr/share/dbus-1/system.d. Update the install rule source path accordingly; keep the on-device destination at /etc/dbus-1/system.d for compatibility. Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>