diff options
author | Giel van Schijndel <giel@mortis.eu> | 2024-03-25 11:16:04 +0100 |
---|---|---|
committer | Giel van Schijndel <giel@mortis.eu> | 2024-03-25 11:39:39 +0100 |
commit | a4e8e2477ac5d068d40ca43d5723906fa4cc3ce5 (patch) | |
tree | a294b8ea3ce0a7b8788086d4f9f3f289199bf12a | |
parent | 88d2a029e986e236cb53fcdaa846cedc3024cbc1 (diff) |
avahi: patches to handle malformed content from the network
Specifically these where recommended by an upstream maintainer in
[this comment]:
* https://github.com/avahi/avahi/pull/480
* https://github.com/avahi/avahi/pull/515
* https://github.com/avahi/avahi/pull/519
[this comment]: https://github.com/NixOS/nixpkgs/pull/269599#issuecomment-1839059467
-rw-r--r-- | pkgs/development/libraries/avahi/default.nix | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/pkgs/development/libraries/avahi/default.nix b/pkgs/development/libraries/avahi/default.nix index 95c42e78c8d0..ac3db3650e76 100644 --- a/pkgs/development/libraries/avahi/default.nix +++ b/pkgs/development/libraries/avahi/default.nix @@ -57,6 +57,12 @@ stdenv.mkDerivation rec { url = "https://github.com/lathiat/avahi/commit/94cb6489114636940ac683515417990b55b5d66c.patch"; sha256 = "sha256-Fanh9bvz+uknr5pAmltqijuUAZIG39JR2Lyq5zGKJ58="; }) + # https://github.com/avahi/avahi/pull/480 merged Sept 19 + (fetchpatch { + name = "bail-out-unless-escaped-labels-fit.patch"; + url = "https://github.com/avahi/avahi/commit/20dec84b2480821704258bc908e7b2bd2e883b24.patch"; + sha256 = "sha256-p/dOuQ/GInIcUwuFhQR3mGc5YBL5J8ho+1gvzcqEN0c="; + }) # CVE-2023-38473 # https://github.com/lathiat/avahi/pull/486 merged Oct 18 (fetchpatch { @@ -92,6 +98,19 @@ stdenv.mkDerivation rec { sha256 = "sha256-qR7scfQqhRGxg2n4HQsxVxCLkXbwZi+PlYxrOSEPsL0="; excludes = [ ".github/workflows/smoke-tests.sh" ]; }) + # https://github.com/avahi/avahi/pull/515 merged Nov 3 + (fetchpatch { + name = "fix-compare-rrs-with-zero-length-rdata.patch"; + url = "https://github.com/avahi/avahi/commit/177d75e8c43be45a8383d794ce4084dd5d600a9e.patch"; + sha256 = "sha256-uwIyruAWgiWt0yakRrvMdYjjhEhUk5cIGKt6twyXbHw="; + }) + # https://github.com/avahi/avahi/pull/519 merged Nov 8 + (fetchpatch { + name = "reject-non-utf-8-service-names.patch"; + url = "https://github.com/avahi/avahi/commit/2b6d3e99579e3b6e9619708fad8ad8e07ada8218.patch"; + sha256 = "sha256-lwSA3eEQgH0g51r0i9/HJMJPRXrhQnTIEDxcYqUuLdI="; + excludes = [ "fuzz/fuzz-domain.c" ]; + }) # https://github.com/avahi/avahi/pull/523 merged Nov 12 (fetchpatch { name = "core-no-longer-supply-bogus-services-to-callbacks.patch"; |