head	1.1;
access;
symbols
	pkgsrc-2026Q1:1.1.0.10
	pkgsrc-2026Q1-base:1.1
	pkgsrc-2025Q4:1.1.0.8
	pkgsrc-2025Q4-base:1.1
	pkgsrc-2025Q3:1.1.0.6
	pkgsrc-2025Q3-base:1.1
	pkgsrc-2025Q2:1.1.0.4
	pkgsrc-2025Q2-base:1.1
	pkgsrc-2025Q1:1.1.0.2
	pkgsrc-2025Q1-base:1.1;
locks; strict;
comment	@# @;


1.1
date	2025.02.26.11.43.05;	author nia;	state Exp;
branches;
next	;
commitid	h2aw36yul0ScmYKF;


desc
@@


1.1
log
@avahi: Patch various security issues.

CVE-2023-38469
CVE-2023-38470
CVE-2023-38472
CVE-2023-38473
CVE-2021-3468
CVE-2021-3502

Verified to build on macos, linux, netbsd, freebsd, openbsd by
drecklypkg ci.
@
text
@$NetBSD$

[PATCH] Ensure each label is at least one byte long

The only allowed exception is single dot, where it should return empty
string.

Fixes #454.

https://github.com/avahi/avahi/commit/94cb6489114636940ac683515417990b55b5d66c.patch

--- avahi-common/domain.c.orig	2015-04-01 04:58:14.145727222 +0000
+++ avahi-common/domain.c
@@@@ -201,7 +201,7 @@@@ char *avahi_normalize_name(const char *s
         }
 
         if (!empty) {
-            if (size < 1)
+            if (size < 2)
                 return NULL;
 
             *(r++) = '.';
@