commit 53d114e8090f02c56e1242411120a29bcdb76c8e Author: overweight <5324761+overweight@user.noreply.gitee.com> Date: Mon Sep 30 10:32:04 2019 -0400 Package init diff --git a/CVE-2017-6519-Drop-legacy-unicast-queries-from-address-not-on-loca.patch b/CVE-2017-6519-Drop-legacy-unicast-queries-from-address-not-on-loca.patch new file mode 100644 index 0000000..a0674ea --- /dev/null +++ b/CVE-2017-6519-Drop-legacy-unicast-queries-from-address-not-on-loca.patch @@ -0,0 +1,46 @@ +From e111def44a7df4624a4aa3f85fe98054bffb6b4f Mon Sep 17 00:00:00 2001 +From: Trent Lloyd +Date: Sat, 22 Dec 2018 09:06:07 +0800 +Subject: [PATCH] Drop legacy unicast queries from address not on local link + +When handling legacy unicast queries, ensure that the source IP is +inside a subnet on the local link, otherwise drop the packet. + +Fixes #145 +Fixes #203 +CVE-2017-6519 +CVE-2018-100084 + +--- + avahi-core/server.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/avahi-core/server.c b/avahi-core/server.c +index a2cb19a..a2580e3 100644 +--- a/avahi-core/server.c ++++ b/avahi-core/server.c +@@ -930,6 +930,7 @@ static void dispatch_packet(AvahiServer *s, AvahiDnsPacket *p, const AvahiAddres + + if (avahi_dns_packet_is_query(p)) { + int legacy_unicast = 0; ++ char t[AVAHI_ADDRESS_STR_MAX]; + + /* For queries EDNS0 might allow ARCOUNT != 0. We ignore the + * AR section completely here, so far. Until the day we add +@@ -947,6 +948,13 @@ static void dispatch_packet(AvahiServer *s, AvahiDnsPacket *p, const AvahiAddres + legacy_unicast = 1; + } + ++ if (!is_mdns_mcast_address(dst_address) && ++ !avahi_interface_address_on_link(i, src_address)) { ++ ++ avahi_log_debug("Received non-local unicast query from host %s on interface '%s.%i'.", avahi_address_snprint(t, sizeof(t), src_address), i->hardware->name, i->protocol); ++ return; ++ } ++ + if (legacy_unicast) + reflect_legacy_unicast_query_packet(s, p, i, src_address, port); + +-- +2.19.1 + diff --git a/avahi-0.6.30-mono-libdir.patch b/avahi-0.6.30-mono-libdir.patch new file mode 100644 index 0000000..692b3b3 --- /dev/null +++ b/avahi-0.6.30-mono-libdir.patch @@ -0,0 +1,50 @@ +diff -uNr avahi-0.6.30.old/avahi-sharp/Makefile.am avahi-0.6.30/avahi-sharp/Makefile.am +--- avahi-0.6.30.old/avahi-sharp/Makefile.am 2010-06-29 05:30:35.000000000 +0200 ++++ avahi-0.6.30/avahi-sharp/Makefile.am 2011-11-27 17:03:04.933192204 +0100 +@@ -73,10 +73,10 @@ + endif + + install-data-hook: $(ASSEMBLY) +- $(AM_V_GEN)MONO_SHARED_DIR=. $(GACUTIL) /i $(ASSEMBLY) /package avahi-sharp /gacdir $(libdir) /root $(DESTDIR)$(libdir) ++ $(AM_V_GEN)MONO_SHARED_DIR=. $(GACUTIL) /i $(ASSEMBLY) /package avahi-sharp /gacdir $(prefix)/lib /root $(DESTDIR)$(prefix)/lib + + uninstall-hook: $(ASSEMBLY) +- $(AM_V_GEN)MONO_SHARED_DIR=. $(GACUTIL) /u avahi-sharp /package avahi-sharp /gacdir $(libdir) /root $(DESTDIR)$(libdir) ++ $(AM_V_GEN)MONO_SHARED_DIR=. $(GACUTIL) /u avahi-sharp /package avahi-sharp /gacdir $(prefix)/lib /root $(DESTDIR)$(prefix)/lib + + endif + endif +diff -uNr avahi-0.6.30.old/avahi-sharp.pc.in avahi-0.6.30/avahi-sharp.pc.in +--- avahi-0.6.30.old/avahi-sharp.pc.in 2010-06-25 02:54:22.000000000 +0200 ++++ avahi-0.6.30/avahi-sharp.pc.in 2011-11-27 17:00:05.482192846 +0100 +@@ -5,4 +5,4 @@ + Name: avahi-sharp + Description: Mono bindings for the Avahi mDNS/DNS-SD stack + Version: @PACKAGE_VERSION@ +-Libs: -r:${libdir}/mono/avahi-sharp/avahi-sharp.dll ++Libs: -r:${prefix}/lib/mono/avahi-sharp/avahi-sharp.dll +diff -uNr avahi-0.6.30.old/avahi-ui-sharp/Makefile.am avahi-0.6.30/avahi-ui-sharp/Makefile.am +--- avahi-0.6.30.old/avahi-ui-sharp/Makefile.am 2010-06-29 05:30:35.000000000 +0200 ++++ avahi-0.6.30/avahi-ui-sharp/Makefile.am 2011-11-27 17:04:59.812193067 +0100 +@@ -60,10 +60,10 @@ + endif + + install-data-hook: $(ASSEMBLY) +- $(GACUTIL) /i $(ASSEMBLY) /package avahi-ui-sharp /gacdir $(libdir) /root $(DESTDIR)$(libdir) ++ $(GACUTIL) /i $(ASSEMBLY) /package avahi-ui-sharp /gacdir $(prefix)/lib /root $(DESTDIR)$(prefix)/lib + + uninstall-hook: $(ASSEMBLY) +- $(GACUTIL) /u avahi-ui-sharp /package avahi-ui-sharp /gacdir $(libdir) /root $(DESTDIR)$(libdir) ++ $(GACUTIL) /u avahi-ui-sharp /package avahi-ui-sharp /gacdir $(prefix)/lib /root $(DESTDIR)$(prefix)/lib + + endif + endif +diff -uNr avahi-0.6.30.old/avahi-ui-sharp.pc.in avahi-0.6.30/avahi-ui-sharp.pc.in +--- avahi-0.6.30.old/avahi-ui-sharp.pc.in 2010-06-25 02:54:22.000000000 +0200 ++++ avahi-0.6.30/avahi-ui-sharp.pc.in 2011-11-27 17:04:05.077192737 +0100 +@@ -6,4 +6,4 @@ + Description: Mono bindings for the Avahi mDNS/DNS-SD stack + Version: @PACKAGE_VERSION@ + Requires: gtk-sharp-2.0 +-Libs: -r:${libdir}/mono/avahi-ui-sharp/avahi-ui-sharp.dll ++Libs: -r:${prefix}/lib/mono/avahi-ui-sharp/avahi-ui-sharp.dll diff --git a/avahi-0.7.tar.gz b/avahi-0.7.tar.gz new file mode 100644 index 0000000..b893f70 Binary files /dev/null and b/avahi-0.7.tar.gz differ diff --git a/avahi.spec b/avahi.spec new file mode 100644 index 0000000..37038dc --- /dev/null +++ b/avahi.spec @@ -0,0 +1,446 @@ +Name: avahi +Version: 0.7 +Release: 17 +Summary: Avahi is a local network service discovery +License: LGPLv2+ +URL: http://avahi.org +Source0: http://avahi.org/download/%{name}-%{version}.tar.gz + +Patch1: avahi-0.6.30-mono-libdir.patch + +Patch6000: CVE-2017-6519-Drop-legacy-unicast-queries-from-address-not-on-loca.patch + + +BuildRequires: gcc automake libtool python2-dbus python2-libxml2 desktop-file-utils gtk2-devel glib2-devel +BuildRequires: libcap-devel expat-devel python2-devel python3-devel gdbm-devel pygobject3-devel pygtk2 +BuildRequires: intltool perl-XML-Parser xmltoman systemd +BuildRequires: dbus-devel >= 0.90 dbus-glib-devel >= 0.70 gtk3-devel >= 2.99.0 libdaemon-devel >= 0.11 + +Requires: dbus expat libdaemon >= 0.11 %{name}-libs = %{version}-%{release} +Requires(pre): shadow-utils coreutils +Requires(post): dbus systemd +Requires(preun): systemd +Requires(postun): systemd + + +Provides: avahi-autoipd = %{version}-%{release} +Obsoletes: avahi-autoipd < %{version}-%{release} + + +%description +Avahi is a system which facilitates service discovery on a local network +via the mDNS/DNS-SD protocol suite. This enables you to plug your laptop +or computer into a network and instantly be able to view other people who +you can chat with, find printers to print to or find files being shared. + + +%package tools +Summary: CMD tools for mDNS browsing and publishing +Requires: %{name}-libs = %{version}-%{release} +%description tools +CMD tools for mDNS services. + + + + +%package ui-tools +Summary: ui-tools for mDNS +Requires: %{name}-libs = %{version}-%{release} python2-avahi = %{version}-%{release} +Requires: tigervnc openssh-clients pygtk2 pygtk2-libglade gdbm python2-dbus pygobject3-base + +%description ui-tools +Avahi Graphical user interface tools for mDNS services. + + +%package ui +Summary: Gtk library for Avahi (Gtk2) +Requires: %{name}-libs = %{version}-%{release} gtk2 + +%description ui +This package contains a Gtk 2.x widget for browsing services. + + + +%package dnsconfd +Summary: This is useful for configuring unicast DNS servers in a DHCP-like fashion with mDNS +Requires: %{name}-libs = %{version}-%{release} + +%description dnsconfd +This is useful for configuring unicast DNS servers in a DHCP-like fashion with mDNS. + + +%package compat-howl +Summary: Libraries for compat-howl +Requires: %{name}-libs = %{version}-%{release} +Obsoletes: howl-libs +Provides: howl-libs + +%description compat-howl +Libraries for compat-howl. + + +%package compat-howl-devel +Summary: Header files and libs for howl compatibility libraries +Requires: %{name}-compat-howl = %{version}-%{release} +Requires: %{name}-devel = %{version}-%{release} +Obsoletes: howl-devel +Provides: howl-devel + +%description compat-howl-devel +Header files and libs for howl compatibility libraries + +%package compat-libdns_sd +Summary: Libraries for compat-libdns_sd +Requires: %{name}-libs = %{version}-%{release} + +%description compat-libdns_sd +Libraries for compat-libdns_sd. + +%package compat-libdns_sd-devel +Summary: Header files and libs for compat-libdns_sd-devel +Requires: %{name}-compat-libdns_sd = %{version}-%{release} +Requires: %{name}-devel = %{version}-%{release} + +%description compat-libdns_sd-devel +Header files and libs for compat-libdns_sd-devel + + +%package devel +Summary: Libraries and header files for avahi development +Requires: %{name}-libs = %{version}-%{release} %{name}-ui = %{version}-%{release} +Requires: glib2-devel +Provides: %{name}-glib-devel = %{version}-%{release} %{name}-gobject-devel = %{version}-%{release} %{name}-ui-devel = %{version}-%{release} +Obsoletes: %{name}-glib-devel = %{version}-%{release} %{name}-gobject-devel = %{version}-%{release} %{name}-ui-devel = %{version}-%{release} + +%description devel +Header files for using the avahi libraries. + + +%package -n python2-avahi +Summary: Python2 Avahi api +Obsoletes: python-avahi < 0.7 +Provides: python-avahi = %{version}-%{release} +Requires: %{name}-libs = %{version}-%{release} + +%description -n python2-avahi +Python2 Avahi api. + +%package -n python3-avahi +Summary: Python3 Avahi api +Requires: %{name}-libs = %{version}-%{release} + +%description -n python3-avahi +Python3 Avahi api. + +%package glib +Summary: Glib libraries for avahi +Requires: %{name}-libs = %{version}-%{release} + +%description glib +Libraries for easy use of avahi from glib applications. + +%package gobject +Summary: GObject wrapper library for Avahi +Requires: %{name}-libs = %{version}-%{release} +Requires: %{name}-glib = %{version}-%{release} + +%description gobject +This library contains a GObject wrapper for the Avahi API + +%package ui-gtk3 +Summary: Gtk user interface library for Avahi (Gtk+ 3 version) +Requires: %{name}-libs = %{version}-%{release} +Requires: %{name}-glib = %{version}-%{release} +Requires: gtk3 + +%description ui-gtk3 +This library contains a Gtk 3.x widget for browsing services. + +%package libs +Summary: Libraries for avahi run-time use + +%description libs +The avahi-libs package contains the libraries needed +to run programs that use avahi. + + +%package docs +Summary: Documentation files for avahi. + +%description docs +The avahi package contains documentation files. + +%prep +%autosetup -n %{name}-%{version} -p1 + +%build +NOCONFIGURE=1 ./autogen.sh + +%configure --disable-monodoc --with-avahi-user=avahi \ + --with-avahi-group=avahi --with-avahi-priv-access-group=avahi \ + --with-autoipd-user=avahi-autoipd --with-autoipd-group=avahi-autoipd \ + --with-systemdsystemunitdir=%{_unitdir} --enable-introspection=no \ + --enable-shared=yes --enable-static=no --disable-silent-rules \ + --enable-compat-libdns_sd --enable-compat-howl --disable-qt3 \ + --disable-qt4 --disable-mono + +%make_build -k V=1 || make V=1 + +%install +%make_install + +ln -s avahi-compat-howl.pc %{buildroot}/%{_libdir}/pkgconfig/howl.pc +ln -s avahi-compat-libdns_sd.pc %{buildroot}/%{_libdir}/pkgconfig/libdns_sd.pc +ln -s avahi-compat-libdns_sd/dns_sd.h %{buildroot}/%{_includedir}/ + +install -d $RPM_BUILD_ROOT%{_localstatedir}/run/avahi-daemon +install -d $RPM_BUILD_ROOT%{_localstatedir}/lib/avahi-autoipd + +mkdir -p $RPM_BUILD_ROOT/etc/avahi/etc +touch $RPM_BUILD_ROOT/etc/avahi/etc/localtime + +install -d %{buildroot}%{python3_sitelib}/avahi +cp -r $RPM_BUILD_ROOT%{python2_sitelib}/avahi/* $RPM_BUILD_ROOT%{python3_sitelib}/avahi/ +rm -f $RPM_BUILD_ROOT%{python3_sitelib}/avahi/*.py{c,o} +sed -i 's!/usr/bin/python2!/usr/bin/python3!' $RPM_BUILD_ROOT%{python3_sitelib}/avahi/ServiceTypeDatabase.py + +for i in $RPM_BUILD_ROOT%{_datadir}/applications/*.desktop ; do +if [ -n "$(grep '^GenericName=$' $i)" ]; then + desktop-file-edit --copy-name-to-generic-name $i +fi +done + +%find_lang %{name} +%delete_la_and_a + +%check +for i in $RPM_BUILD_ROOT%{_datadir}/applications/*.desktop ; do +desktop-file-validate $i +done + + +%pre +%define gid_uid 70 +if ! getent group avahi > /dev/null ; then + groupadd -f -g %{gid_uid} -r avahi +fi + +if ! getent passwd avahi > /dev/null ; then + if ! getent passwd %{gid_uid} > /dev/null ; then + useradd -r -l -u %{gid_uid} -g avahi -d %{_localstatedir}/run/avahi-daemon -s /sbin/nologin -c "Avahi mDNS/DNS-SD Stack" avahi + else + useradd -r -l -g avahi -d %{_localstatedir}/run/avahi-daemon -s /sbin/nologin -c "Avahi mDNS/DNS-SD Stack" avahi + fi +fi + + +%define autoipd_gid_pid 170 +if ! getent group avahi-autoipd >/dev/null ; then + groupadd -f -g %{autoipd_gid_pid} -r avahi-autoipd +fi +if ! getent passwd avahi-autoipd > /dev/null ; then + if ! getent passwd %{autoipd_gid_pid} > /dev/null; then + useradd -r -u %{autoipd_gid_pid} -l -g avahi-autoipd -d %{_localstatedir}/lib/avahi-autoipd -s /sbin/nologin -c "Avahi IPv4LL Stack" avahi-autoipd + else + useradd -r -l -g avahi-autoipd -d %{_localstatedir}/lib/avahi-autoipd -s /sbin/nologin -c "Avahi IPv4LL Stack" avahi-autoipd + fi +fi + + +exit 0 + + + + +%preun +%systemd_preun avahi-daemon.socket avahi-daemon.service + +%post +/sbin/ldconfig +/usr/bin/dbus-send --system --type=method_call --dest=org.freedesktop.DBus / org.freedesktop.DBus.ReloadConfig >/dev/null 2>&1 || : +if [ "$1" -eq 1 -a -s /etc/localtime ]; then + /usr/bin/cp -cfp /etc/localtime /etc/avahi/etc/localtime >/dev/null 2>&1 || : +fi +%systemd_post avahi-daemon.socket avahi-daemon.service + + +%postun +/sbin/ldconfig +%systemd_postun_with_restart avahi-daemon.socket avahi-daemon.service + + + +%post dnsconfd +%systemd_post avahi-dnsconfd.service + +%preun dnsconfd +%systemd_preun avahi-dnsconfd.service + +%postun dnsconfd +%systemd_postun_with_restart avahi-dnsconfd.service + + +%post compat-howl -p /sbin/ldconfig + +%postun compat-howl -p /sbin/ldconfig + +%post compat-libdns_sd -p /sbin/ldconfig + +%postun compat-libdns_sd -p /sbin/ldconfig + +%post ui -p /sbin/ldconfig + +%postun ui -p /sbin/ldconfig + +%post libs -p /sbin/ldconfig + +%postun libs -p /sbin/ldconfig + +%post glib -p /sbin/ldconfig + +%postun glib -p /sbin/ldconfig + +%post ui-gtk3 -p /sbin/ldconfig + +%postun ui-gtk3 -p /sbin/ldconfig + +%post gobject -p /sbin/ldconfig + +%postun gobject -p /sbin/ldconfig + +%files -f %{name}.lang +%doc README +%license LICENSE + +%{_sbindir}/avahi-daemon +%{_sbindir}/avahi-autoipd +%dir %{_libdir}/avahi +%{_libdir}/avahi/service-types.db +%{_libdir}/libavahi-core.so.* + +%dir %{_datadir}/avahi +%{_datadir}/avahi/*.dtd +%{_datadir}/dbus-1/interfaces/*.xml +%{_datadir}/dbus-1/system-services/org.freedesktop.Avahi.service + +%dir %{_sysconfdir}/avahi +%dir %{_sysconfdir}/avahi/etc +%ghost %{_sysconfdir}/avahi/etc/localtime +%config(noreplace) %{_sysconfdir}/avahi/hosts +%config(noreplace) %{_sysconfdir}/avahi/avahi-daemon.conf +%config(noreplace) %{_sysconfdir}/dbus-1/system.d/avahi-dbus.conf +%config(noreplace) %{_sysconfdir}/avahi/avahi-autoipd.action + +%dir %{_sysconfdir}/avahi/services +%ghost %dir %{_localstatedir}/run/avahi-daemon +%attr(1770,avahi-autoipd,avahi-autoipd) %dir %{_localstatedir}/lib/avahi-autoipd/ +%{_unitdir}/avahi-daemon.service +%{_unitdir}/avahi-daemon.socket + +%attr(1770,avahi-autoipd,avahi-autoipd) %dir %{_localstatedir}/lib/avahi-autoipd/ + +%exclude %{_sysconfdir}/rc.d/init.d/avahi-daemon +%exclude %{_sysconfdir}/rc.d/init.d/avahi-dnsconfd +%exclude %{_datadir}/%{name}-%{version}/* +%exclude %{_sysconfdir}/avahi/services/ssh.service +%exclude %{_sysconfdir}/avahi/services/sftp-ssh.service + +%files libs +%doc README +%license LICENSE +%{_libdir}/libavahi-common.so.* +%{_libdir}/libavahi-client.so.* + +%files glib +%{_libdir}/libavahi-glib.so.* + +%files gobject +%{_libdir}/libavahi-gobject.so.* + +%files ui-gtk3 +%{_libdir}/libavahi-ui-gtk3.so.* + + +%files devel +%{_libdir}/libavahi-common.so +%{_libdir}/libavahi-core.so +%{_libdir}/libavahi-client.so +%{_libdir}/libavahi-glib.so +%{_libdir}/libavahi-gobject.so +%{_libdir}/libavahi-ui.so +%{_libdir}/libavahi-ui-gtk3.so +%{_libdir}/pkgconfig/avahi-ui.pc +%{_libdir}/pkgconfig/avahi-ui-gtk3.pc +%{_libdir}/pkgconfig/avahi-gobject.pc +%{_libdir}/pkgconfig/avahi-glib.pc +%{_libdir}/pkgconfig/avahi-core.pc +%{_libdir}/pkgconfig/avahi-client.pc +%{_includedir}/* +%exclude %{_includedir}/avahi-compat-howl +%exclude %{_includedir}/avahi-compat-libdns_sd +%exclude %{_includedir}/dns_sd.h + +%files docs +%defattr(644,root,root) +%doc docs/* avahi-daemon/example.service avahi-daemon/sftp-ssh.service avahi-daemon/ssh.service +%{_mandir}/man1/* +%{_mandir}/man5/* +%{_mandir}/man8/* + +%files -n python2-avahi +%{python2_sitelib}/avahi/ + +%files -n python3-avahi +%{python3_sitelib}/avahi/ + + + +%files dnsconfd +%{_sbindir}/avahi-dnsconfd +%{_unitdir}/avahi-dnsconfd.service +%config(noreplace) %{_sysconfdir}/avahi/avahi-dnsconfd.action + + +%files tools +%{_bindir}/* +%exclude %{_bindir}/b* +%exclude %{_bindir}/avahi-discover* +%exclude %{_bindir}/avahi-bookmarks + +%files ui +%{_libdir}/libavahi-ui.so.* + + +%files ui-tools +%{_bindir}/b* +%{_bindir}/avahi-discover +%{_bindir}/avahi-bookmarks +%{_datadir}/applications/b*.desktop +%{_datadir}/applications/avahi-discover.desktop +%{_datadir}/avahi/interfaces/ +%{python2_sitelib}/avahi_discover/ + +%files compat-howl +%{_libdir}/libhowl.so.* + +%files compat-howl-devel +%{_libdir}/libhowl.so +%{_includedir}/avahi-compat-howl +%{_libdir}/pkgconfig/avahi-compat-howl.pc +%{_libdir}/pkgconfig/howl.pc + + +%files compat-libdns_sd +%{_libdir}/libdns_sd.so.* + +%files compat-libdns_sd-devel +%{_libdir}/libdns_sd.so +%{_includedir}/avahi-compat-libdns_sd +%{_includedir}/dns_sd.h +%{_libdir}/pkgconfig/avahi-compat-libdns_sd.pc +%{_libdir}/pkgconfig/libdns_sd.pc + + +%changelog +* Mon Sep 23 2019 hufeng - 0.7-17 +-Create spec