| blob | 3e9be1f5fc71d071783da58a74c8bd292d6e5a30 |
1 { fetchurl
2 , fetchpatch
3 , lib
4 , config
5 , stdenv
6 , pkg-config
7 , libdaemon
8 , dbus
9 , libpcap
10 , expat
11 , gettext
12 , glib
13 , libiconv
14 , libevent
15 , nixosTests
16 , gtk3Support ? false
17 , gtk3
18 , qt5
19 , qt5Support ? false
20 , withLibdnssdCompat ? false
21 , python ? null
22 , withPython ? false
23 }:
25 # Added 2024-09-03. Drop this assertion after 24.11 is released.
26 assert lib.assertMsg (config.avahi or {} == {}) "config.avahi has been removed; please use an overlay or services.avahi.package to configure the avahi package.";
28 stdenv.mkDerivation rec {
29 pname = "avahi${lib.optionalString withLibdnssdCompat "-compat"}";
30 version = "0.8";
32 src = fetchurl {
33 url = "https://github.com/lathiat/avahi/releases/download/v${version}/avahi-${version}.tar.gz";
34 sha256 = "1npdixwxxn3s9q1f365x9n9rc5xgfz39hxf23faqvlrklgbhj0q6";
35 };
37 outputs = [ "out" "dev" "man" ];
39 patches = [
40 # CVE-2021-36217 / CVE-2021-3502
41 (fetchpatch {
42 name = "CVE-2021-3502.patch";
43 url = "https://github.com/lathiat/avahi/commit/9d31939e55280a733d930b15ac9e4dda4497680c.patch";
44 sha256 = "sha256-BXWmrLWUvDxKPoIPRFBpMS3T4gijRw0J+rndp6iDybU=";
45 })
46 # CVE-2021-3468
47 (fetchpatch {
48 name = "CVE-2021-3468.patch";
49 url = "https://github.com/lathiat/avahi/commit/447affe29991ee99c6b9732fc5f2c1048a611d3b.patch";
50 sha256 = "sha256-qWaCU1ZkCg2PmijNto7t8E3pYRN/36/9FrG8okd6Gu8=";
51 })
52 (fetchpatch {
53 name = "CVE-2023-1981.patch";
54 url = "https://github.com/lathiat/avahi/commit/a2696da2f2c50ac43b6c4903f72290d5c3fa9f6f.patch";
55 sha256 = "sha256-BEYFGCnQngp+OpiKIY/oaKygX7isAnxJpUPCUvg+efc=";
56 })
57 # CVE-2023-38470
58 # https://github.com/lathiat/avahi/pull/457 merged Sep 19
59 (fetchpatch {
60 name = "CVE-2023-38470.patch";
61 url = "https://github.com/lathiat/avahi/commit/94cb6489114636940ac683515417990b55b5d66c.patch";
62 sha256 = "sha256-Fanh9bvz+uknr5pAmltqijuUAZIG39JR2Lyq5zGKJ58=";
63 })
64 # https://github.com/avahi/avahi/pull/480 merged Sept 19
65 (fetchpatch {
66 name = "bail-out-unless-escaped-labels-fit.patch";
67 url = "https://github.com/avahi/avahi/commit/20dec84b2480821704258bc908e7b2bd2e883b24.patch";
68 sha256 = "sha256-p/dOuQ/GInIcUwuFhQR3mGc5YBL5J8ho+1gvzcqEN0c=";
69 })
70 # CVE-2023-38473
71 # https://github.com/lathiat/avahi/pull/486 merged Oct 18
72 (fetchpatch {
73 name = "CVE-2023-38473.patch";
74 url = "https://github.com/lathiat/avahi/commit/b448c9f771bada14ae8de175695a9729f8646797.patch";
75 sha256 = "sha256-/ZVhsBkf70vjDWWG5KXxvGXIpLOZUXdRkn3413iSlnI=";
76 })
77 # CVE-2023-38472
78 # https://github.com/lathiat/avahi/pull/490 merged Oct 19
79 (fetchpatch {
80 name = "CVE-2023-38472.patch";
81 url = "https://github.com/lathiat/avahi/commit/b024ae5749f4aeba03478e6391687c3c9c8dee40.patch";
82 sha256 = "sha256-FjR8fmhevgdxR9JQ5iBLFXK0ILp2OZQ8Oo9IKjefCqk=";
83 })
84 # CVE-2023-38471
85 # https://github.com/lathiat/avahi/pull/494 merged Oct 24
86 (fetchpatch {
87 name = "CVE-2023-38471.patch";
88 url = "https://github.com/lathiat/avahi/commit/894f085f402e023a98cbb6f5a3d117bd88d93b09.patch";
89 sha256 = "sha256-4dG+5ZHDa+A4/CszYS8uXWlpmA89m7/jhbZ7rheMs7U=";
90 })
91 # https://github.com/lathiat/avahi/pull/499 merged Oct 25
92 (fetchpatch {
93 name = "CVE-2023-38471-2.patch";
94 url = "https://github.com/avahi/avahi/commit/b675f70739f404342f7f78635d6e2dcd85a13460.patch";
95 sha256 = "sha256-uDtMPWuz1lsu7n0Co/Gpyh369miQ6GWGyC0UPQB/yI8=";
96 })
97 # CVE-2023-38469
98 # https://github.com/lathiat/avahi/pull/500 merged Oct 25
99 (fetchpatch {
100 name = "CVE-2023-38469.patch";
101 url = "https://github.com/avahi/avahi/commit/61b9874ff91dd20a12483db07df29fe7f35db77f.patch";
102 sha256 = "sha256-qR7scfQqhRGxg2n4HQsxVxCLkXbwZi+PlYxrOSEPsL0=";
103 excludes = [ ".github/workflows/smoke-tests.sh" ];
104 })
105 # https://github.com/avahi/avahi/pull/515 merged Nov 3
106 (fetchpatch {
107 name = "fix-compare-rrs-with-zero-length-rdata.patch";
108 url = "https://github.com/avahi/avahi/commit/177d75e8c43be45a8383d794ce4084dd5d600a9e.patch";
109 sha256 = "sha256-uwIyruAWgiWt0yakRrvMdYjjhEhUk5cIGKt6twyXbHw=";
110 })
111 # https://github.com/avahi/avahi/pull/519 merged Nov 8
112 (fetchpatch {
113 name = "reject-non-utf-8-service-names.patch";
114 url = "https://github.com/avahi/avahi/commit/2b6d3e99579e3b6e9619708fad8ad8e07ada8218.patch";
115 sha256 = "sha256-lwSA3eEQgH0g51r0i9/HJMJPRXrhQnTIEDxcYqUuLdI=";
116 excludes = [ "fuzz/fuzz-domain.c" ];
117 })
118 # https://github.com/avahi/avahi/pull/523 merged Nov 12
119 (fetchpatch {
120 name = "core-no-longer-supply-bogus-services-to-callbacks.patch";
121 url = "https://github.com/avahi/avahi/commit/93b14365c1c1e04efd1a890e8caa01a2a514bfd8.patch";
122 sha256 = "sha256-VBm8vsBZkTbbWAK8FI71SL89lZuYd1yFNoB5o+FvlEU=";
123 excludes = [ ".github/workflows/smoke-tests.sh" "fuzz/fuzz-packet.c" ];
124 })
125 ];
127 depsBuildBuild = [
128 pkg-config
129 ];
131 nativeBuildInputs = [
132 pkg-config
133 gettext
134 glib
135 ];
137 buildInputs = [
138 libdaemon
139 dbus
140 glib
141 expat
142 libiconv
143 libevent
144 ] ++ lib.optionals stdenv.hostPlatform.isFreeBSD [
145 libpcap
146 ] ++ lib.optionals gtk3Support [
147 gtk3
148 ] ++ lib.optionals qt5Support [
149 qt5
150 ];
152 propagatedBuildInputs = lib.optionals withPython (with python.pkgs; [
153 python
154 pygobject3
155 dbus-python
156 ]);
158 configureFlags = [
159 "--disable-gdbm"
160 "--disable-mono"
161 # Use non-deprecated path https://github.com/lathiat/avahi/pull/376
162 "--with-dbus-sys=${placeholder "out"}/share/dbus-1/system.d"
163 (lib.enableFeature gtk3Support "gtk3")
164 (lib.enableFeature qt5Support "qt5")
165 (lib.enableFeature withPython "python")
166 "--localstatedir=/var"
167 "--runstatedir=/run"
168 "--sysconfdir=/etc"
169 "--with-distro=${with stdenv.hostPlatform; if isBSD then parsed.kernel.name else "none"}"
170 # A systemd unit is provided by the avahi-daemon NixOS module
171 "--with-systemdsystemunitdir=no"
172 ] ++ lib.optionals withLibdnssdCompat [
173 "--enable-compat-libdns_sd"
174 ] ++ lib.optionals stdenv.hostPlatform.isDarwin [
175 # autoipd won't build on darwin
176 "--disable-autoipd"
177 ];
179 installFlags = [
180 # Override directories to install into the package.
181 # Replace with runstatedir once is merged https://github.com/lathiat/avahi/pull/377
182 "avahi_runtime_dir=${placeholder "out"}/run"
183 "sysconfdir=${placeholder "out"}/etc"
184 ];
186 preBuild = lib.optionalString stdenv.hostPlatform.isDarwin ''
187 sed -i '20 i\
188 #define __APPLE_USE_RFC_2292' \
189 avahi-core/socket.c
190 '';
192 postInstall =
193 # Maintain compat for mdnsresponder
194 lib.optionalString withLibdnssdCompat ''
195 ln -s avahi-compat-libdns_sd/dns_sd.h "$dev/include/dns_sd.h"
196 '';
198 passthru.tests = {
199 smoke-test = nixosTests.avahi;
200 smoke-test-resolved = nixosTests.avahi-with-resolved;
201 };
203 meta = with lib; {
204 description = "mDNS/DNS-SD implementation";
205 homepage = "http://avahi.org";
206 license = licenses.lgpl2Plus;
207 platforms = platforms.unix;
208 maintainers = with maintainers; [ lovek323 globin ];
210 longDescription = ''
211 Avahi is a system which facilitates service discovery on a local
212 network. It is an implementation of the mDNS (for "Multicast
213 DNS") and DNS-SD (for "DNS-Based Service Discovery")
214 protocols.
215 '';
216 };
217 }