head	1.1;
access;
symbols
	pkgsrc-2026Q1:1.1.0.10
	pkgsrc-2026Q1-base:1.1
	pkgsrc-2025Q4:1.1.0.8
	pkgsrc-2025Q4-base:1.1
	pkgsrc-2025Q3:1.1.0.6
	pkgsrc-2025Q3-base:1.1
	pkgsrc-2025Q2:1.1.0.4
	pkgsrc-2025Q2-base:1.1
	pkgsrc-2025Q1:1.1.0.2
	pkgsrc-2025Q1-base:1.1;
locks; strict;
comment	@# @;


1.1
date	2025.02.26.11.43.05;	author nia;	state Exp;
branches;
next	;
commitid	h2aw36yul0ScmYKF;


desc
@@


1.1
log
@avahi: Patch various security issues.

CVE-2023-38469
CVE-2023-38470
CVE-2023-38472
CVE-2023-38473
CVE-2021-3468
CVE-2021-3502

Verified to build on macos, linux, netbsd, freebsd, openbsd by
drecklypkg ci.
@
text
@$NetBSD$

[PATCH] core: make sure there is rdata to process before parsing it

Fixes #452

CVE-2023-38472

https://github.com/avahi/avahi/commit/b024ae5749f4aeba03478e6391687c3c9c8dee40.patch

--- avahi-daemon/dbus-entry-group.c.orig	2015-04-01 04:58:14.153727024 +0000
+++ avahi-daemon/dbus-entry-group.c
@@@@ -340,7 +340,7 @@@@ DBusHandlerResult avahi_dbus_msg_entry_g
         if (!(r = avahi_record_new_full (name, clazz, type, ttl)))
             return avahi_dbus_respond_error(c, m, AVAHI_ERR_NO_MEMORY, NULL);
 
-        if (avahi_rdata_parse (r, rdata, size) < 0) {
+        if (!rdata || avahi_rdata_parse (r, rdata, size) < 0) {
             avahi_record_unref (r);
             return avahi_dbus_respond_error(c, m, AVAHI_ERR_INVALID_RDATA, NULL);
         }
@