avahi: patches to handle malformed content from the network

Specifically these where recommended by an upstream maintainer in [this comment]: * https://github.com/avahi/avahi/pull/480 * https://github.com/avahi/avahi/pull/515 * https://github.com/avahi/avahi/pull/519 [this comment]: https://github.com/NixOS/nixpkgs/pull/269599#issuecomment-1839059467
author: Giel van Schijndel <giel@mortis.eu> 2024-03-25 11:16:04 +0100
committer: Giel van Schijndel <giel@mortis.eu> 2024-03-25 11:39:39 +0100
commit: a4e8e2477ac5d068d40ca43d5723906fa4cc3ce5 (patch)
tree: a294b8ea3ce0a7b8788086d4f9f3f289199bf12a
parent: 88d2a029e986e236cb53fcdaa846cedc3024cbc1 (diff)
1 files changed, 19 insertions, 0 deletions
diff --git a/pkgs/development/libraries/avahi/default.nix b/pkgs/development/libraries/avahi/default.nix
index 95c42e78c8d0..ac3db3650e76 100644
--- a/pkgs/development/libraries/avahi/default.nix
+++ b/pkgs/development/libraries/avahi/default.nix
@@ -57,6 +57,12 @@ stdenv.mkDerivation rec {
       url = "https://github.com/lathiat/avahi/commit/94cb6489114636940ac683515417990b55b5d66c.patch";
       sha256 = "sha256-Fanh9bvz+uknr5pAmltqijuUAZIG39JR2Lyq5zGKJ58=";
     })
+    # https://github.com/avahi/avahi/pull/480 merged Sept 19
+    (fetchpatch {
+      name = "bail-out-unless-escaped-labels-fit.patch";
+      url = "https://github.com/avahi/avahi/commit/20dec84b2480821704258bc908e7b2bd2e883b24.patch";
+      sha256 = "sha256-p/dOuQ/GInIcUwuFhQR3mGc5YBL5J8ho+1gvzcqEN0c=";
+    })
     # CVE-2023-38473
     # https://github.com/lathiat/avahi/pull/486 merged Oct 18
     (fetchpatch {
@@ -92,6 +98,19 @@ stdenv.mkDerivation rec {
       sha256 = "sha256-qR7scfQqhRGxg2n4HQsxVxCLkXbwZi+PlYxrOSEPsL0=";
       excludes = [ ".github/workflows/smoke-tests.sh" ];
     })
+    # https://github.com/avahi/avahi/pull/515 merged Nov 3
+    (fetchpatch {
+      name = "fix-compare-rrs-with-zero-length-rdata.patch";
+      url = "https://github.com/avahi/avahi/commit/177d75e8c43be45a8383d794ce4084dd5d600a9e.patch";
+      sha256 = "sha256-uwIyruAWgiWt0yakRrvMdYjjhEhUk5cIGKt6twyXbHw=";
+    })
+    # https://github.com/avahi/avahi/pull/519 merged Nov 8
+    (fetchpatch {
+      name = "reject-non-utf-8-service-names.patch";
+      url = "https://github.com/avahi/avahi/commit/2b6d3e99579e3b6e9619708fad8ad8e07ada8218.patch";
+      sha256 = "sha256-lwSA3eEQgH0g51r0i9/HJMJPRXrhQnTIEDxcYqUuLdI=";
+      excludes = [ "fuzz/fuzz-domain.c" ];
+    })
     # https://github.com/avahi/avahi/pull/523 merged Nov 12
     (fetchpatch {
       name = "core-no-longer-supply-bogus-services-to-callbacks.patch";
author	Giel van Schijndel <giel@mortis.eu>	2024-03-25 11:16:04 +0100
committer	Giel van Schijndel <giel@mortis.eu>	2024-03-25 11:39:39 +0100
commit	a4e8e2477ac5d068d40ca43d5723906fa4cc3ce5 (patch)
tree	a294b8ea3ce0a7b8788086d4f9f3f289199bf12a
parent	88d2a029e986e236cb53fcdaa846cedc3024cbc1 (diff)