SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for libavahi-core7-0.8-7.1.i586.rpm :

* Thu Nov 30 2023 Alynx Zhou - Add avahi-CVE-2023-38472.patch: Fix reachable assertion in avahi_rdata_parse (bsc#1216853, CVE-2023-38472).
* Mon Nov 27 2023 Dominique Leuenberger - Reformat avahi-gacdir.patch to apply as patch -p1.- Use %autopatch instead of deprecated %patchN format.
* Thu Nov 23 2023 Dominique Leuenberger - avahi-autoipd: drop the post script part migrating the user owning files in /var/lib/avahi-autoipd: the code was aiding migrations from SLE<=11/openSUSE<=12.3, which are no longer in scope for upgrades nowadays.
* Wed Nov 22 2023 Dominique Leuenberger - avahi-autoipd: guard %post chown with -h, to not follow symlinks (boo#1217398).
* Mon Nov 13 2023 Dominique Leuenberger - avahi-autoipd: only migrate files owned by avahi user if said user exists: if the user does not exist (fresh installs), then there is no chance any file is owned by the user (boo#1216730).
* Wed Nov 01 2023 Alynx Zhou - Add avahi-CVE-2023-38470.patch: Ensure each label is at least one byte long (bsc#1215947, CVE-2023-38470).
* Thu Oct 26 2023 Xiaoguang Wang - Add avahi-CVE-2023-38473.patch: derive alternative host name from its unescaped version (bsc#1216419 CVE-2023-38473).
* Wed Sep 20 2023 Ludwig Nussel - Don\'t require sudo. There is no indication it\'s actually used for anything.
* Tue Apr 11 2023 Bjørn Lie - Use ldconfig_scriptlets macro.
* Tue Apr 11 2023 Michael Gorse - Add avahi-CVE-2023-1981.patch: emit error if requested service is not found (boo#1210328 CVE-2023-1981).
* Mon Dec 19 2022 Dominique Leuenberger - Drop %{_sysconfdir}/sysconfig/network/if-{up,down}.d scripts: they are not used, or supported, in a while already.
* Thu Dec 08 2022 Thorsten Kukuk - Remove avahi-daemon-check-dns.sh, avahi-daemon-check-dns-suse.patch and avahi-daemon.if-up Doesn\'t work since about 9 years and will not be executed on a fresh default installation anymore
* Mon Dec 05 2022 Johannes Segitz - Added hardening to systemd service(s) (bsc#1181400). Added patch(es):
* harden_avahi-daemon.service.patch
* harden_avahi-dnsconfd.service.patch
* Sun Sep 04 2022 Andreas Stieger - avahi-daemon-check-dns.sh: convert obsolete egrep call to grep -E (boo#1203092)
* Sat Jul 09 2022 Callum Farmer - Move the dbus-1 system.d file to /usr (bsc#1201345)
* Fri Apr 15 2022 Jan Engelhardt - Stop requiring \"avahi\" from \"libavahi-devel\". The devel package ought to facilitate building programs with avahi, not run the whole deamon.
* Wed Feb 23 2022 Dirk Müller - switch to use _multibuild- delete _avahi_spec-prepare.sh, pre_checkin.sh: obsolete- use https urls
* Thu Feb 17 2022 Dirk Müller - remove avahi-mono
* subspecfiles, they are no longer required by anything. this makes the spec file slightly more readable.
* Wed Feb 16 2022 Michael Gorse - Replace avahi-0.6.31-systemd-order.patch with avahi-add-resolv-conf-to-inotify.patch: re-read configuration when resolv.conf changes, per discussion on the bug (boo#1194561).
* Fri Jan 21 2022 Callum Farmer - Change to systemd-sysusers
* Mon Jan 17 2022 Michael Gorse - Reinstate avahi-0.6.31-systemd-order.patch (boo#1194561). This can probably go away if/when gh#lathiat/avahi#118 is fixed.- Drop avahi-0.6.32-suppress-resolv-conf-warning.patch: we should no longer need this given the above patch.- Add several patches from git: 0001-man-fix-reference-to-avahi-autoipd.action-8-in-avahi.patch 0005-avahi-dnsconfd.service-Drop-Also-avahi-daemon.socket.patch 0006-man-add-missing-bshell.1-symlink.patch 0007-Ship-avahi-discover-1-bssh-1-and-bvnc-1-also-for-GTK.patch 0009-fix-bytestring-decoding-for-proper-display.patch 0010-avahi_dns_packet_consume_uint32-fix-potential-undefi.patch- Build manpages with xmltoman. Currently needed for bssh.- Minor spec file clean-up.- Require python-rpm-macros for all builds (boo#1194744 boo#1194745).
* Wed Jan 12 2022 Michael Gorse - Move sftp-ssh and ssh services to the doc directory. They allow a host\'s up/down status to be easily discovered and should not be enabled by default (boo#1179060).
* Mon Oct 25 2021 Yifan Jiang - Change %python38_version_nodots to %suse_version which is compatible with Leap and SLE. See also: https://github.com/openSUSE/python-rpm-macros/issues/107
* Tue Oct 19 2021 Dominique Leuenberger - Add rpmlintrc: Filter shlib-policy-name-error for libdns_sd (boo#1191750).
* Thu Sep 16 2021 Stanislav Brabec - Remove obsolete translation-update-upstream support (jsc#SLE-21105).
* Mon Aug 02 2021 Yifan Jiang - Obsolete the same version of mDNSResponder-lib and mDNSResponder in baselib.conf and spec.
* Fri Jul 02 2021 Michael Gorse - Add avahi-CVE-2021-3502.patch: fix NULL pointer crashes (boo#1184846 CVE-2021-3502).
* Wed Jun 02 2021 Christophe Giboudeaux - Fix libavahi-devel requirements. The devel package installs libavahi-libevent.so but didn\'t require the library it\'s pointing to.
* Tue Apr 20 2021 Michael Gorse - Add avahi-CVE-2021-3468.patch: avoid infinite loop by handling HUP event in client_work (boo#1184521 CVE-2021-3468). https://github.com/lathiat/avahi/pull/330
* Tue Feb 16 2021 Michael Gorse - Update avahi-daemon-check-dns.sh from Debian. Our previous version relied on ifconfig, route, and init.d.- Rebase avahi-daemon-check-dns-suse.patch, and drop privileges when invoking avahi-daemon-check-dns.sh (boo#1180827 CVE-2021-26720).- Add sudo to requires: used to drop privileges.
* Wed Feb 10 2021 Jan Engelhardt - Drop configure --libexecdir variable as it does not appear to be used by the source archive.
* Sun Jan 31 2021 Ben Greiner - Build python bindings subpackages for all flavors
* use the python-rpm-macros singlespec system: The macro %python_subpackages together with %python_subpackage_only creates the pythonXY-avahi bindings package for all python flavors on Tumbleweed (currently python36, python38)
* Put the avahi-bookmarks command under updates-alternatives control to avoid package conflicts between flavors
* outside of build_core, the build continues to use but not install everything in the primary python3 flavor.
* For distros without multiple python3 flavors and/or older python-rpm-macros, the status quo is unchanged.
* Wed Sep 02 2020 Antonio Larrosa - Use sover variables all over the spec file
* Mon Aug 31 2020 Antonio Larrosa - Update to version 0.8: + The Avahi 0.8 release brings a number of new features and bug fix changes including a backward-compatible addition to the D-Bus API and the avahi-core API. + The existing API is still fully supported however clients using the new API will not work with older Avahi releases. The avahi-client library is not affected. See the \"API Changes\" section for further details. + New Features: - New options for filtering reflected queries between networks (reflect-filter) - New mainloop integration for Qt5 and libevent - docs/THREADS: Information for multi-threaded avahi-client apps - Listen on loopback interfaces by default, allowing local-only services to be consumed by the local machine - New D-Bus V2 API and additions to the avahi-core API for splitting \"New\" calls into \"Prepare\" and \"Start\". See \"API Changes\" for more details. + Notable Changes: - avahi-autoipd: Initial IP selection based on MAC previously ignored first octet - this will cause all hosts to select a different link-local IP than previous versions based on the same MAC address - avahi-daemon: Delay sending results on an object for 10ms in an attempt to give clients enough time to subscribe to signals from the new object after receiving it\'s path in response so the New call. See \"API Changes\" for more info + Bug Fixes: - avahi-python: Various Python 3 enhancements including encoding unicode strings as UTF-8 - avahi-common: avahi_string_list_to_string will now escape embedded quotes, backslashes and control characters. - avahi-daemon: Fix a crash when txt records have an empty value in .xml service files - avahi-daemon: reflector: do not incorrectly cache responses on outgoing interfaces. Previously we would incorrectly cache responses reflected from one interface on the outgoing interface. These responses were later sent to clients on that network even if the original client had disappeared and could cause those clients to have a hostname conflict with themselves on restart. We no longer incorrectly cache such traffic. + Security Fixes: - Drop legacy unicast queries from address not on local link which can lead to UDP traffic amplification attacks (CVE-2017-6519) + API Changes: The avahi-core API and D-Bus API have implemented a new API where a call to the \"New\" method can now be split into a \"Prepare\" and then \"Start\" method for some objects. The previous \"New\" API is still fully supported and there is no intention to deprecate it. This change affects the the following objects: AsyncAddressResolver, AsyncHostNameResolver, AsyncServiceResolver, DomainBrowser, RecordBrowser, ServiceBrowser, ServiceTypeBrowser This is because the D-Bus implementation in some languages would only bind to signals of an object after it was created and had received the new object\'s path. This led to such languages missing the initial results sent between the time the object was created and it had setup a filter to receive it\'s signals. This primarily occured in languages that create dynamic bindings for D-Bus objects using introspection such as Python. The avahi-client C api was not affected as it globally binds to all avahi signals without specifying individual object paths and still makes use of the V1 API. The v2 Prepare/Start API is available under the new org.freedesktop.Avahi.Server2 D-Bus interface and also has corresponding avahi_s_
* calls for users of the embedded avahi-core library. The old org.freedesktop.Avahi.Server interface is still supported and there is no intention to remove this API. Additionally this problem has also been solved for old clients by adding a very small 10ms delay before we start sending results to give the client time to bind to the signals which should silently fix the issue in most cases without introducing a noticable or impactful delay. Clients implementing the new org.freedesktop.Avahi.Server2 D-Bus interface will not work with older Avahi daemons. It is suggested that clients may wish to either check for and fallback to the older API version, or continue to use the OLD API and rely on the 10ms timer to resolve the issue. - This release is backwards compatible with Avahi 0.6.x and 0.7.- Add qt5 bindings in a separate package- Add patch to add IT_PROG_INTLTOOL to configure.ac so intltoolize can be used:
* add-IT_PROG_INTLTOOL.patch- Add file missing from the tarball:
* build-db- Rebase patch:
* avahi-desktop.patch- Drop patches already included by upstream:
* avahi-0.7-dbm.patch
* avahi-0.7-encode-strings-as-utf8.patch
* avahi-0.7-python3-bookmarks.patch
* CVE-2018-1000845.patch
* Thu Aug 06 2020 Jan Engelhardt - Skip the xargs dance and just use find directly.
* Fri Jul 31 2020 Michael Gorse - Pass -print0 to find, to match -r0 being passed to xargs.
* Thu Jul 30 2020 Dominique Leuenberger - Call xargs -r0 instead of just xargs -r: guard against file names with whitespaces.
* Tue Jul 21 2020 Michael Gorse - When changing ownership of /var/lib/autoipd, only change ownership of files owned by avahi, to mitigate against possible exploits (bsc#1154063).
* Wed Apr 08 2020 Tomáš Chvátal - Do not pull in dbus-1-python which is py2 variant but properly pull in the python3 package
* Sun Feb 02 2020 Thorsten Kukuk - Require shadow instead of pwdutils: pwdutils has been absorbed and replaced by shadow long ago.
* Sat Jan 25 2020 Dominique Leuenberger - No longer recommend -lang: supplements are in use.
* Wed Jan 08 2020 Martin Liška - Use %make_build.
  
ICM