[meego-commits] 23881: Changes to MeeGo:1.1:Core:Update/avahi

jieyang no_reply at build.meego.com
Fri Sep 16 02:26:40 UTC 2011 

Hi,
I have made the following changes to avahi in project MeeGo:1.1:Core:Update. Please review and accept ASAP.

Thank You,
jieyang

[This message was auto-generated]

---

Request #23881:

  submit:   MeeGo:1.1:Core:Update:Testing/avahi(r2)(update) -> MeeGo:1.1:Core:Update/avahi


Message:
    forward.

State:   new          2011-09-15T19:16:37 jieyang
Comment: None



changes files:
--------------
--- avahi.changes
+++ avahi.changes
@@ -0,0 +1,3 @@
+* Mon Jun 13 2011 Ye Gang <gang.ye at intel.com> - 0.6.25
+- Add a patch to fix CVE-2011-1002(BMC#13848)
+

new:
----
  avahi-CVE-2011-1002.patch

spec files:
-----------
--- avahi.spec
+++ avahi.spec
@@ -38,6 +38,7 @@
 Patch5:     avahi-poll.patch
 Patch6:	    avahi-fix-rlimit.patch
 Patch7:	    CVE-2010-2244.patch
+Patch8:     avahi-CVE-2011-1002.patch
 
 %description
 Avahi is a system which facilitates service discovery on
@@ -228,6 +229,7 @@
 %patch6 -p1
 %patch7 -p1
 
+%patch8 -p1 -b .CVE-2011-1002
 # nuke rpath, TODO: double-check if still required on new releases
 autoreconf -i
 

other changes:
--------------

++++++ avahi-CVE-2011-1002.patch (new)
--- avahi-CVE-2011-1002.patch
+++ avahi-CVE-2011-1002.patch
+diff -Nur avahi-0.6.25/avahi-core/socket.c new/avahi-core/socket.c
+--- avahi-0.6.25/avahi-core/socket.c	2011-06-13 15:00:34.000000000 +0800
++++ new/avahi-core/socket.c	2011-06-13 15:06:37.000000000 +0800
+@@ -681,11 +681,15 @@
+         goto fail;
+     }
+ 
+-    if (sa.sin_addr.s_addr == INADDR_ANY) {
+-        /* Linux 2.4 behaves very strangely sometimes! */
+-        goto fail;
+-    }
++    /* For corrupt packets FIONREAD returns zero size (See rhbz #607297). So
++     * fail after having read them. */
++    if (!ms)
++	goto fail;
+ 
++    if (sa.sin_addr.s_addr == INADDR_ANY)
++	/* Linux 2.4 behaves very strangely sometimes!*/
++        goto fail;
++    
+     assert(!(msg.msg_flags & MSG_CTRUNC));
+     assert(!(msg.msg_flags & MSG_TRUNC));
+ 
+@@ -837,6 +841,10 @@
+ 
+         goto fail;
+     }
++    /* For corrupt packets FIONREAD returns zero size (See rhbz #607297). So
++     * fail after having read them. */
++    if (!ms)
++	goto fail;
+ 
+     assert(!(msg.msg_flags & MSG_CTRUNC));
+     assert(!(msg.msg_flags & MSG_TRUNC));

More information about the MeeGo-commits mailing list