From b25730a54b826043a6989d4a66d3f758e8760bd94b0e8bdc19b0b0015468d8cb Mon Sep 17 00:00:00 2001 From: Dominique Leuenberger Date: Tue, 15 Oct 2024 14:45:45 +0000 Subject: [PATCH] - Drop rcFOO symlinks (PED-266). OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/avahi?expand=0&rev=245 --- .gitattributes | 23 + .gitignore | 1 + ...e-to-avahi-autoipd.action-8-in-avahi.patch | 27 + ...ervice-Drop-Also-avahi-daemon.socket.patch | 25 + 0006-man-add-missing-bshell.1-symlink.patch | 35 + ...ver-1-bssh-1-and-bvnc-1-also-for-GTK.patch | 52 + ...testring-decoding-for-proper-display.patch | 32 + _multibuild | 4 + add-IT_PROG_INTLTOOL.patch | 12 + attributes | 31 + avahi-0.8.tar.gz | 3 + avahi-CVE-2021-3468.patch | 40 + avahi-CVE-2021-3502.patch | 151 ++ avahi-CVE-2023-1981.patch | 56 + avahi-CVE-2023-38469.patch | 46 + avahi-CVE-2023-38470.patch | 52 + avahi-CVE-2023-38471.patch | 71 + avahi-CVE-2023-38472.patch | 45 + avahi-CVE-2023-38473.patch | 107 ++ avahi-add-resolv-conf-to-inotify.patch | 29 + avahi-autoipd.README.SUSE | 77 + avahi-autoipd.sysconfig | 27 + avahi-autoipd.sysusers | 2 + avahi-desktop.patch | 33 + avahi-filter-bogus-services.patch | 159 ++ avahi-gacdir.patch | 80 + avahi-glib-gettext.m4 | 420 ++++ avahi-rpmlintrc | 1 + avahi.changes | 1681 +++++++++++++++++ avahi.spec | 931 +++++++++ avahi.sysconfig | 10 + avahi.sysusers | 2 + baselibs.conf | 13 + build-db | 49 + harden_avahi-daemon.service.patch | 24 + harden_avahi-dnsconfd.service.patch | 24 + update_spec.pl | 106 ++ 37 files changed, 4481 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 0001-man-fix-reference-to-avahi-autoipd.action-8-in-avahi.patch create mode 100644 0005-avahi-dnsconfd.service-Drop-Also-avahi-daemon.socket.patch create mode 100644 0006-man-add-missing-bshell.1-symlink.patch create mode 100644 0007-Ship-avahi-discover-1-bssh-1-and-bvnc-1-also-for-GTK.patch create mode 100644 0009-fix-bytestring-decoding-for-proper-display.patch create mode 100644 _multibuild create mode 100644 add-IT_PROG_INTLTOOL.patch create mode 100644 attributes create mode 100644 avahi-0.8.tar.gz create mode 100644 avahi-CVE-2021-3468.patch create mode 100644 avahi-CVE-2021-3502.patch create mode 100644 avahi-CVE-2023-1981.patch create mode 100644 avahi-CVE-2023-38469.patch create mode 100644 avahi-CVE-2023-38470.patch create mode 100644 avahi-CVE-2023-38471.patch create mode 100644 avahi-CVE-2023-38472.patch create mode 100644 avahi-CVE-2023-38473.patch create mode 100644 avahi-add-resolv-conf-to-inotify.patch create mode 100644 avahi-autoipd.README.SUSE create mode 100644 avahi-autoipd.sysconfig create mode 100644 avahi-autoipd.sysusers create mode 100644 avahi-desktop.patch create mode 100644 avahi-filter-bogus-services.patch create mode 100644 avahi-gacdir.patch create mode 100644 avahi-glib-gettext.m4 create mode 100644 avahi-rpmlintrc create mode 100644 avahi.changes create mode 100644 avahi.spec create mode 100644 avahi.sysconfig create mode 100644 avahi.sysusers create mode 100644 baselibs.conf create mode 100644 build-db create mode 100644 harden_avahi-daemon.service.patch create mode 100644 harden_avahi-dnsconfd.service.patch create mode 100644 update_spec.pl diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/0001-man-fix-reference-to-avahi-autoipd.action-8-in-avahi.patch b/0001-man-fix-reference-to-avahi-autoipd.action-8-in-avahi.patch new file mode 100644 index 0000000..cf4aa91 --- /dev/null +++ b/0001-man-fix-reference-to-avahi-autoipd.action-8-in-avahi.patch @@ -0,0 +1,27 @@ +From 1905a6b878064c6cc9bb96a1fc17ef77c75787c6 Mon Sep 17 00:00:00 2001 +From: Michael Biebl +Date: Sun, 17 Sep 2017 10:57:47 +0200 +Subject: [PATCH 01/10] man: fix reference to avahi-autoipd.action(8) in + avahi-autoipd(8) + +Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840833 +--- + man/avahi-autoipd.8.xml.in | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/man/avahi-autoipd.8.xml.in b/man/avahi-autoipd.8.xml.in +index 7137c30..23764a5 100644 +--- a/man/avahi-autoipd.8.xml.in ++++ b/man/avahi-autoipd.8.xml.in +@@ -150,7 +150,7 @@ + +
+

+- , ++ , +

+ +

http://avahi.org/wiki/AvahiAutoipd documents how avahi-autoipd is best packaged and integrated into distributions.

+-- +2.34.1 + diff --git a/0005-avahi-dnsconfd.service-Drop-Also-avahi-daemon.socket.patch b/0005-avahi-dnsconfd.service-Drop-Also-avahi-daemon.socket.patch new file mode 100644 index 0000000..4f0dd9c --- /dev/null +++ b/0005-avahi-dnsconfd.service-Drop-Also-avahi-daemon.socket.patch @@ -0,0 +1,25 @@ +From 9c3a314856affb288f701d2d3ee23278fc98eaee Mon Sep 17 00:00:00 2001 +From: Steve Langasek +Date: Tue, 18 Feb 2020 15:43:19 +0800 +Subject: [PATCH 05/10] avahi-dnsconfd.service: Drop "Also=avahi-daemon.socket" + +Also=avahi-daemon.socket' means that 'systemctl disable avahi-dnsconfd' +ill also disable avahi-daemon.socket, which is definitely not what we +ant, and it also causes debhelper to throw an error. Just drop this +entry from the configuration. +--- + avahi-dnsconfd/avahi-dnsconfd.service.in | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/avahi-dnsconfd/avahi-dnsconfd.service.in b/avahi-dnsconfd/avahi-dnsconfd.service.in +index 95db79f..7c293da 100644 +--- a/avahi-dnsconfd/avahi-dnsconfd.service.in ++++ b/avahi-dnsconfd/avahi-dnsconfd.service.in +@@ -26,4 +26,3 @@ ExecStart=@sbindir@/avahi-dnsconfd -s + + [Install] + WantedBy=multi-user.target +-Also=avahi-daemon.socket +-- +2.34.1 + diff --git a/0006-man-add-missing-bshell.1-symlink.patch b/0006-man-add-missing-bshell.1-symlink.patch new file mode 100644 index 0000000..7c83a01 --- /dev/null +++ b/0006-man-add-missing-bshell.1-symlink.patch @@ -0,0 +1,35 @@ +From f983df44870b602179b493f9c3d113753b378e27 Mon Sep 17 00:00:00 2001 +From: Michael Biebl +Date: Sun, 17 Sep 2017 12:52:39 +0200 +Subject: [PATCH 06/10] man: add missing bshell.1 symlink + +The bshell binary is missing a symlink to its manual page. It should be +symlinked to the man page for bssh, just like how the bvnc man page is. + +Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=655190 +--- + man/Makefile.am | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/man/Makefile.am b/man/Makefile.am +index d38267c..77a27bd 100644 +--- a/man/Makefile.am ++++ b/man/Makefile.am +@@ -137,12 +137,13 @@ BSSH_LN = + if HAVE_GTK + if HAVE_GLIB + BSSH_LN += $(LN_S) bssh.1 bvnc.1 && ++BSSH_LN += $(LN_S) bssh.1 bshell.1 && + endif + endif + install-exec-local: + mkdir -p $(DESTDIR)/$(mandir)/man1 && \ + cd $(DESTDIR)/$(mandir)/man1 && \ +- rm -f avahi-resolve-host-name.1 avahi-resolve-address.1 avahi-browse-domains.1 avahi-publish-address.1 avahi-publish-service.1 bvnc.1 && \ ++ rm -f avahi-resolve-host-name.1 avahi-resolve-address.1 avahi-browse-domains.1 avahi-publish-address.1 avahi-publish-service.1 bvnc.1 bshell.1 && \ + $(BSSH_LN) \ + $(LN_S) avahi-resolve.1 avahi-resolve-host-name.1 && \ + $(LN_S) avahi-resolve.1 avahi-resolve-address.1 && \ +-- +2.34.1 + diff --git a/0007-Ship-avahi-discover-1-bssh-1-and-bvnc-1-also-for-GTK.patch b/0007-Ship-avahi-discover-1-bssh-1-and-bvnc-1-also-for-GTK.patch new file mode 100644 index 0000000..2cce83b --- /dev/null +++ b/0007-Ship-avahi-discover-1-bssh-1-and-bvnc-1-also-for-GTK.patch @@ -0,0 +1,52 @@ +From 751be804e891aec5701a059144e2f5cbfc981b36 Mon Sep 17 00:00:00 2001 +From: Andreas Henriksson +Date: Thu, 24 Aug 2017 17:52:19 +0200 +Subject: [PATCH 07/10] Ship avahi-discover(1), bssh(1) and bvnc(1) also for + GTK3 + +These manpages went missing when you disabled gtk2 builds.... +--- + man/Makefile.am | 9 +++++---- + 1 file changed, 5 insertions(+), 4 deletions(-) + +diff --git a/man/Makefile.am b/man/Makefile.am +index 77a27bd..289b942 100644 +--- a/man/Makefile.am ++++ b/man/Makefile.am +@@ -56,7 +56,7 @@ man_MANS += \ + avahi-publish.1 \ + avahi-set-host-name.1 + +-if HAVE_GTK ++if HAVE_GTK2OR3 + man_MANS += \ + bssh.1 + endif +@@ -64,12 +64,13 @@ endif + if HAVE_PYTHON + man_MANS += \ + avahi-bookmarks.1 +-if HAVE_GTK ++endif ++ ++if HAVE_PYGOBJECT + man_MANS += \ + avahi-discover.1 + endif + endif +-endif + + if ENABLE_AUTOIPD + if HAVE_LIBDAEMON +@@ -134,7 +135,7 @@ EXTRA_DIST = \ + if HAVE_DBUS + + BSSH_LN = +-if HAVE_GTK ++if HAVE_GTK2OR3 + if HAVE_GLIB + BSSH_LN += $(LN_S) bssh.1 bvnc.1 && + BSSH_LN += $(LN_S) bssh.1 bshell.1 && +-- +2.34.1 + diff --git a/0009-fix-bytestring-decoding-for-proper-display.patch b/0009-fix-bytestring-decoding-for-proper-display.patch new file mode 100644 index 0000000..fd4b875 --- /dev/null +++ b/0009-fix-bytestring-decoding-for-proper-display.patch @@ -0,0 +1,32 @@ +From a94f72081dd1d546a1d95d860311a1242315bb28 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?=C3=89ric=20Araujo?= +Date: Sat, 29 Feb 2020 19:14:04 -0500 +Subject: [PATCH 09/10] fix bytestring decoding for proper display + +--- + avahi-python/avahi-discover/avahi-discover.py | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/avahi-python/avahi-discover/avahi-discover.py b/avahi-python/avahi-discover/avahi-discover.py +index 0db705d..4a2b575 100755 +--- a/avahi-python/avahi-discover/avahi-discover.py ++++ b/avahi-python/avahi-discover/avahi-discover.py +@@ -238,12 +238,15 @@ class Main_window: + txts+="" + _("TXT") + " %s = %s\n" % (k,v) + else: + txts = "" + _("TXT Data:") + " " + _("empty") + "" ++ ++ txts = txts.decode("utf-8") + + infos = "" + _("Service Type:") + " %s\n" + infos += "" + _("Service Name:") + " %s\n" + infos += "" + _("Domain Name:") + " %s\n" + infos += "" + _("Interface:") + " %s %s\n" + infos += "" + _("Address:") + " %s/%s:%i\n%s" ++ infos = infos.decode("utf-8") + infos = infos % (stype, name, domain, self.siocgifname(interface), self.protoname(protocol), host, address, port, txts.strip()) + self.info_label.set_markup(infos) + +-- +2.34.1 + diff --git a/_multibuild b/_multibuild new file mode 100644 index 0000000..fec6513 --- /dev/null +++ b/_multibuild @@ -0,0 +1,4 @@ + + qt5 + glib2 + diff --git a/add-IT_PROG_INTLTOOL.patch b/add-IT_PROG_INTLTOOL.patch new file mode 100644 index 0000000..4102261 --- /dev/null +++ b/add-IT_PROG_INTLTOOL.patch @@ -0,0 +1,12 @@ +Index: avahi-0.8/configure.ac +=================================================================== +--- avahi-0.8.orig/configure.ac ++++ avahi-0.8/configure.ac +@@ -24,6 +24,7 @@ AC_CONFIG_SRCDIR([avahi-core/server.c]) + AC_CONFIG_MACRO_DIR([common]) + AC_CONFIG_HEADERS([config.h]) + AM_INIT_AUTOMAKE([foreign 1.11 -Wall -Wno-portability silent-rules tar-pax]) ++IT_PROG_INTLTOOL([0.50.1]) + + AC_SUBST(PACKAGE_URL, [http://avahi.org/]) + diff --git a/attributes b/attributes new file mode 100644 index 0000000..9b9f4fa --- /dev/null +++ b/attributes @@ -0,0 +1,31 @@ +group.avahi-qt4 System/GUI/KDE +summary.avahi-qt4 Qt4 Bindings for avahi, the D-BUS Service for Zeroconf and Bonjour ++description.avahi-qt4 +Qt4 bindings for avahi. + +Avahi is an Implementation the DNS Service Discovery and Multicast DNS +specifications for Zeroconf Computing. It uses D-BUS for communication +between user applications and a system daemon. The daemon is used to +coordinate application efforts in caching replies, necessary to +minimize the traffic imposed on networks. + +The Avahi mDNS responder is now feature complete implementing all MUSTs +and the majority of the SHOULDs of the mDNS/DNS-SD RFCs. It passes all +tests in the Apple Bonjour conformance test suite. In addition it +supports some nifty things that have never been seen elsewhere like +correct mDNS reflection accross LAN segments. +-description.avahi-qt4 +group.avahi-mono Development/Languages/Mono +summary.avahi-mono Mono Bindings for avahi, the D-BUS Service for Zeroconf and Bonjour ++description.avahi-mono +This package provides Mono bindings for avahi. Avahi is an +implementation of the DNS Service Discovery and MulticastDNS +specifications for Zeroconf Computing. It uses D-BUS for communication +between user applications and a system daemon. The daemon is used to +coordinate application efforts in caching replies, necessary to +minimize the traffic imposed on networks. The Avahi mDNS responder is +now feature complete, implementing all MUSTs and the majority of the +SHOULDs of the mDNS and DNS-SD RFCs. It passes all tests in the Apple +Bonjour conformance test suite. In addition, it supports some nifty +things, like correct mDNS reflection across LAN segments. +-description.avahi-mono diff --git a/avahi-0.8.tar.gz b/avahi-0.8.tar.gz new file mode 100644 index 0000000..e0b3ff7 --- /dev/null +++ b/avahi-0.8.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:060309d7a333d38d951bc27598c677af1796934dbd98e1024e7ad8de798fedda +size 1591458 diff --git a/avahi-CVE-2021-3468.patch b/avahi-CVE-2021-3468.patch new file mode 100644 index 0000000..06e4618 --- /dev/null +++ b/avahi-CVE-2021-3468.patch @@ -0,0 +1,40 @@ +From 447affe29991ee99c6b9732fc5f2c1048a611d3b Mon Sep 17 00:00:00 2001 +From: Riccardo Schirone +Date: Fri, 26 Mar 2021 11:50:24 +0100 +Subject: [PATCH] Avoid infinite-loop in avahi-daemon by handling HUP event in + client_work + +If a client fills the input buffer, client_work() disables the +AVAHI_WATCH_IN event, thus preventing the function from executing the +`read` syscall the next times it is called. However, if the client then +terminates the connection, the socket file descriptor receives a HUP +event, which is not handled, thus the kernel keeps marking the HUP event +as occurring. While iterating over the file descriptors that triggered +an event, the client file descriptor will keep having the HUP event and +the client_work() function is always called with AVAHI_WATCH_HUP but +without nothing being done, thus entering an infinite loop. + +See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984938 +--- + avahi-daemon/simple-protocol.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/avahi-daemon/simple-protocol.c b/avahi-daemon/simple-protocol.c +index 3e0ebb1..6c0274d 100644 +--- a/avahi-daemon/simple-protocol.c ++++ b/avahi-daemon/simple-protocol.c +@@ -424,6 +424,11 @@ static void client_work(AvahiWatch *watch, AVAHI_GCC_UNUSED int fd, AvahiWatchEv + } + } + ++ if (events & AVAHI_WATCH_HUP) { ++ client_free(c); ++ return; ++ } ++ + c->server->poll_api->watch_update( + watch, + (c->outbuf_length > 0 ? AVAHI_WATCH_OUT : 0) | +-- +2.31.1 + diff --git a/avahi-CVE-2021-3502.patch b/avahi-CVE-2021-3502.patch new file mode 100644 index 0000000..27e4e1a --- /dev/null +++ b/avahi-CVE-2021-3502.patch @@ -0,0 +1,151 @@ +From 9d31939e55280a733d930b15ac9e4dda4497680c Mon Sep 17 00:00:00 2001 +From: Tommi Rantala +Date: Mon, 8 Feb 2021 11:04:43 +0200 +Subject: [PATCH] Fix NULL pointer crashes from #175 + +avahi-daemon is crashing when running "ping .local". +The crash is due to failing assertion from NULL pointer. +Add missing NULL pointer checks to fix it. + +Introduced in #175 - merge commit 8f75a045709a780c8cf92a6a21e9d35b593bdecd +--- + avahi-core/browse-dns-server.c | 5 ++++- + avahi-core/browse-domain.c | 5 ++++- + avahi-core/browse-service-type.c | 3 +++ + avahi-core/browse-service.c | 3 +++ + avahi-core/browse.c | 3 +++ + avahi-core/resolve-address.c | 5 ++++- + avahi-core/resolve-host-name.c | 5 ++++- + avahi-core/resolve-service.c | 5 ++++- + 8 files changed, 29 insertions(+), 5 deletions(-) + +diff --git a/avahi-core/browse-dns-server.c b/avahi-core/browse-dns-server.c +index 049752e..c2d914f 100644 +--- a/avahi-core/browse-dns-server.c ++++ b/avahi-core/browse-dns-server.c +@@ -343,7 +343,10 @@ AvahiSDNSServerBrowser *avahi_s_dns_server_browser_new( + AvahiSDNSServerBrowser* b; + + b = avahi_s_dns_server_browser_prepare(server, interface, protocol, domain, type, aprotocol, flags, callback, userdata); ++ if (!b) ++ return NULL; ++ + avahi_s_dns_server_browser_start(b); + + return b; +-} +\ No newline at end of file ++} +diff --git a/avahi-core/browse-domain.c b/avahi-core/browse-domain.c +index f145d56..06fa70c 100644 +--- a/avahi-core/browse-domain.c ++++ b/avahi-core/browse-domain.c +@@ -253,7 +253,10 @@ AvahiSDomainBrowser *avahi_s_domain_browser_new( + AvahiSDomainBrowser *b; + + b = avahi_s_domain_browser_prepare(server, interface, protocol, domain, type, flags, callback, userdata); ++ if (!b) ++ return NULL; ++ + avahi_s_domain_browser_start(b); + + return b; +-} +\ No newline at end of file ++} +diff --git a/avahi-core/browse-service-type.c b/avahi-core/browse-service-type.c +index fdd22dc..b1fc7af 100644 +--- a/avahi-core/browse-service-type.c ++++ b/avahi-core/browse-service-type.c +@@ -171,6 +171,9 @@ AvahiSServiceTypeBrowser *avahi_s_service_type_browser_new( + AvahiSServiceTypeBrowser *b; + + b = avahi_s_service_type_browser_prepare(server, interface, protocol, domain, flags, callback, userdata); ++ if (!b) ++ return NULL; ++ + avahi_s_service_type_browser_start(b); + + return b; +diff --git a/avahi-core/browse-service.c b/avahi-core/browse-service.c +index 5531360..63e0275 100644 +--- a/avahi-core/browse-service.c ++++ b/avahi-core/browse-service.c +@@ -184,6 +184,9 @@ AvahiSServiceBrowser *avahi_s_service_browser_new( + AvahiSServiceBrowser *b; + + b = avahi_s_service_browser_prepare(server, interface, protocol, service_type, domain, flags, callback, userdata); ++ if (!b) ++ return NULL; ++ + avahi_s_service_browser_start(b); + + return b; +diff --git a/avahi-core/browse.c b/avahi-core/browse.c +index 2941e57..e8a915e 100644 +--- a/avahi-core/browse.c ++++ b/avahi-core/browse.c +@@ -634,6 +634,9 @@ AvahiSRecordBrowser *avahi_s_record_browser_new( + AvahiSRecordBrowser *b; + + b = avahi_s_record_browser_prepare(server, interface, protocol, key, flags, callback, userdata); ++ if (!b) ++ return NULL; ++ + avahi_s_record_browser_start_query(b); + + return b; +diff --git a/avahi-core/resolve-address.c b/avahi-core/resolve-address.c +index ac0b29b..e61dd24 100644 +--- a/avahi-core/resolve-address.c ++++ b/avahi-core/resolve-address.c +@@ -286,7 +286,10 @@ AvahiSAddressResolver *avahi_s_address_resolver_new( + AvahiSAddressResolver *b; + + b = avahi_s_address_resolver_prepare(server, interface, protocol, address, flags, callback, userdata); ++ if (!b) ++ return NULL; ++ + avahi_s_address_resolver_start(b); + + return b; +-} +\ No newline at end of file ++} +diff --git a/avahi-core/resolve-host-name.c b/avahi-core/resolve-host-name.c +index 808b0e7..4e8e597 100644 +--- a/avahi-core/resolve-host-name.c ++++ b/avahi-core/resolve-host-name.c +@@ -318,7 +318,10 @@ AvahiSHostNameResolver *avahi_s_host_name_resolver_new( + AvahiSHostNameResolver *b; + + b = avahi_s_host_name_resolver_prepare(server, interface, protocol, host_name, aprotocol, flags, callback, userdata); ++ if (!b) ++ return NULL; ++ + avahi_s_host_name_resolver_start(b); + + return b; +-} +\ No newline at end of file ++} +diff --git a/avahi-core/resolve-service.c b/avahi-core/resolve-service.c +index 66bf3ca..4377176 100644 +--- a/avahi-core/resolve-service.c ++++ b/avahi-core/resolve-service.c +@@ -519,7 +519,10 @@ AvahiSServiceResolver *avahi_s_service_resolver_new( + AvahiSServiceResolver *b; + + b = avahi_s_service_resolver_prepare(server, interface, protocol, name, type, domain, aprotocol, flags, callback, userdata); ++ if (!b) ++ return NULL; ++ + avahi_s_service_resolver_start(b); + + return b; +-} +\ No newline at end of file ++} +-- +2.32.0 + diff --git a/avahi-CVE-2023-1981.patch b/avahi-CVE-2023-1981.patch new file mode 100644 index 0000000..f7eadd9 --- /dev/null +++ b/avahi-CVE-2023-1981.patch @@ -0,0 +1,56 @@ +From a2696da2f2c50ac43b6c4903f72290d5c3fa9f6f Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= +Date: Thu, 17 Nov 2022 01:51:53 +0100 +Subject: [PATCH] Emit error if requested service is not found + +It currently just crashes instead of replying with error. Check return +value and emit error instead of passing NULL pointer to reply. + +Fixes #375 +--- + avahi-daemon/dbus-protocol.c | 20 ++++++++++++++------ + 1 file changed, 14 insertions(+), 6 deletions(-) + +diff --git a/avahi-daemon/dbus-protocol.c b/avahi-daemon/dbus-protocol.c +index 70d7687..406d0b4 100644 +--- a/avahi-daemon/dbus-protocol.c ++++ b/avahi-daemon/dbus-protocol.c +@@ -375,10 +375,14 @@ static DBusHandlerResult dbus_get_alternative_host_name(DBusConnection *c, DBusM + } + + t = avahi_alternative_host_name(n); +- avahi_dbus_respond_string(c, m, t); +- avahi_free(t); ++ if (t) { ++ avahi_dbus_respond_string(c, m, t); ++ avahi_free(t); + +- return DBUS_HANDLER_RESULT_HANDLED; ++ return DBUS_HANDLER_RESULT_HANDLED; ++ } else { ++ return avahi_dbus_respond_error(c, m, AVAHI_ERR_NOT_FOUND, "Hostname not found"); ++ } + } + + static DBusHandlerResult dbus_get_alternative_service_name(DBusConnection *c, DBusMessage *m, DBusError *error) { +@@ -389,10 +393,14 @@ static DBusHandlerResult dbus_get_alternative_service_name(DBusConnection *c, DB + } + + t = avahi_alternative_service_name(n); +- avahi_dbus_respond_string(c, m, t); +- avahi_free(t); ++ if (t) { ++ avahi_dbus_respond_string(c, m, t); ++ avahi_free(t); + +- return DBUS_HANDLER_RESULT_HANDLED; ++ return DBUS_HANDLER_RESULT_HANDLED; ++ } else { ++ return avahi_dbus_respond_error(c, m, AVAHI_ERR_NOT_FOUND, "Service not found"); ++ } + } + + static DBusHandlerResult dbus_create_new_entry_group(DBusConnection *c, DBusMessage *m, DBusError *error) { +-- +2.40.0 + diff --git a/avahi-CVE-2023-38469.patch b/avahi-CVE-2023-38469.patch new file mode 100644 index 0000000..82109c3 --- /dev/null +++ b/avahi-CVE-2023-38469.patch @@ -0,0 +1,46 @@ +From a337a1ba7d15853fb56deef1f464529af6e3a1cf Mon Sep 17 00:00:00 2001 +From: Evgeny Vereshchagin +Date: Mon, 23 Oct 2023 20:29:31 +0000 +Subject: [PATCH] core: reject overly long TXT resource records + +Closes https://github.com/lathiat/avahi/issues/455 + +CVE-2023-38469 +--- + avahi-core/rr.c | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +diff --git a/avahi-core/rr.c b/avahi-core/rr.c +index 2bb8924..9c04ebb 100644 +--- a/avahi-core/rr.c ++++ b/avahi-core/rr.c +@@ -32,6 +32,7 @@ + #include + #include + ++#include "dns.h" + #include "rr.h" + #include "log.h" + #include "util.h" +@@ -689,11 +690,17 @@ int avahi_record_is_valid(AvahiRecord *r) { + case AVAHI_DNS_TYPE_TXT: { + + AvahiStringList *strlst; ++ size_t used = 0; + +- for (strlst = r->data.txt.string_list; strlst; strlst = strlst->next) ++ for (strlst = r->data.txt.string_list; strlst; strlst = strlst->next) { + if (strlst->size > 255 || strlst->size <= 0) + return 0; + ++ used += 1+strlst->size; ++ if (used > AVAHI_DNS_RDATA_MAX) ++ return 0; ++ } ++ + return 1; + } + } +-- +2.44.0 + diff --git a/avahi-CVE-2023-38470.patch b/avahi-CVE-2023-38470.patch new file mode 100644 index 0000000..d14d5d0 --- /dev/null +++ b/avahi-CVE-2023-38470.patch @@ -0,0 +1,52 @@ +From b6cf29f98adce7355e8c51a6af1e338a5f94e16e Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= +Date: Tue, 11 Apr 2023 15:29:59 +0200 +Subject: [PATCH] Ensure each label is at least one byte long + +The only allowed exception is single dot, where it should return empty +string. + +Fixes #454. +--- + avahi-common/domain-test.c | 14 ++++++++++++++ + avahi-common/domain.c | 2 +- + 2 files changed, 15 insertions(+), 1 deletion(-) + +diff --git a/avahi-common/domain-test.c b/avahi-common/domain-test.c +index cf763eca6..3acc1c1e4 100644 +--- a/avahi-common/domain-test.c ++++ b/avahi-common/domain-test.c +@@ -45,6 +45,20 @@ int main(AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char *argv[]) { + printf("%s\n", s = avahi_normalize_name_strdup("fo\\\\o\\..f oo.")); + avahi_free(s); + ++ printf("%s\n", s = avahi_normalize_name_strdup(".")); ++ avahi_free(s); ++ ++ s = avahi_normalize_name_strdup(",.=.}.=.?-.}.=.?.?.}.}.?.?.?.z.?.?.}.}." ++ "}.?.?.?.r.=.=.}.=.?.}}.}.?.?.?.zM.=.=.?.?.}.}.?.?.}.}.}" ++ ".?.?.?.r.=.=.}.=.?.}}.}.?.?.?.zM.=.=.?.?.}.}.?.?.?.zM.?`" ++ "?.}.}.}.?.?.?.r.=.?.}.=.?.?.}.?.?.?.}.=.?.?.}??.}.}.?.?." ++ "?.z.?.?.}.}.}.?.?.?.r.=.=.}.=.?.}}.}.?.?.?.zM.?`?.}.}.}." ++ "??.?.zM.?`?.}.}.}.?.?.?.r.=.?.}.=.?.?.}.?.?.?.}.=.?.?.}?" ++ "?.}.}.?.?.?.z.?.?.}.}.}.?.?.?.r.=.=.}.=.?.}}.}.?.?.?.zM." ++ "?`?.}.}.}.?.?.?.r.=.=.?.?`.?.?}.}.}.?.?.?.r.=.?.}.=.?.?." ++ "}.?.?.?.}.=.?.?.}"); ++ assert(s == NULL); ++ + printf("%i\n", avahi_domain_equal("\\065aa bbb\\.\\046cc.cc\\\\.dee.fff.", "Aaa BBB\\.\\.cc.cc\\\\.dee.fff")); + printf("%i\n", avahi_domain_equal("A", "a")); + +diff --git a/avahi-common/domain.c b/avahi-common/domain.c +index 3b1ab6834..e66d2416c 100644 +--- a/avahi-common/domain.c ++++ b/avahi-common/domain.c +@@ -201,7 +201,7 @@ char *avahi_normalize_name(const char *s, char *ret_s, size_t size) { + } + + if (!empty) { +- if (size < 1) ++ if (size < 2) + return NULL; + + *(r++) = '.'; diff --git a/avahi-CVE-2023-38471.patch b/avahi-CVE-2023-38471.patch new file mode 100644 index 0000000..8b8cf8a --- /dev/null +++ b/avahi-CVE-2023-38471.patch @@ -0,0 +1,71 @@ +From 894f085f402e023a98cbb6f5a3d117bd88d93b09 Mon Sep 17 00:00:00 2001 +From: Michal Sekletar +Date: Mon, 23 Oct 2023 13:38:35 +0200 +Subject: [PATCH] core: extract host name using avahi_unescape_label() + +Previously we could create invalid escape sequence when we split the +string on dot. For example, from valid host name "foo\\.bar" we have +created invalid name "foo\\" and tried to set that as the host name +which crashed the daemon. + +Fixes #453 + +CVE-2023-38471 +--- + avahi-core/server.c | 27 +++++++++++++++++++++------ + 1 file changed, 21 insertions(+), 6 deletions(-) + +diff --git a/avahi-core/server.c b/avahi-core/server.c +index c32637a..f6a21bb 100644 +--- a/avahi-core/server.c ++++ b/avahi-core/server.c +@@ -1295,7 +1295,11 @@ static void update_fqdn(AvahiServer *s) { + } + + int avahi_server_set_host_name(AvahiServer *s, const char *host_name) { +- char *hn = NULL; ++ char label_escaped[AVAHI_LABEL_MAX*4+1]; ++ char label[AVAHI_LABEL_MAX]; ++ char *hn = NULL, *h; ++ size_t len; ++ + assert(s); + + AVAHI_CHECK_VALIDITY(s, !host_name || avahi_is_valid_host_name(host_name), AVAHI_ERR_INVALID_HOST_NAME); +@@ -1305,17 +1309,28 @@ int avahi_server_set_host_name(AvahiServer *s, const char *host_name) { + else + hn = avahi_normalize_name_strdup(host_name); + +- hn[strcspn(hn, ".")] = 0; ++ h = hn; ++ if (!avahi_unescape_label((const char **)&hn, label, sizeof(label))) { ++ avahi_free(h); ++ return AVAHI_ERR_INVALID_HOST_NAME; ++ } ++ ++ avahi_free(h); ++ ++ h = label_escaped; ++ len = sizeof(label_escaped); ++ if (!avahi_escape_label(label, strlen(label), &h, &len)) ++ return AVAHI_ERR_INVALID_HOST_NAME; + +- if (avahi_domain_equal(s->host_name, hn) && s->state != AVAHI_SERVER_COLLISION) { +- avahi_free(hn); ++ if (avahi_domain_equal(s->host_name, label_escaped) && s->state != AVAHI_SERVER_COLLISION) + return avahi_server_set_errno(s, AVAHI_ERR_NO_CHANGE); +- } + + withdraw_host_rrs(s); + + avahi_free(s->host_name); +- s->host_name = hn; ++ s->host_name = avahi_strdup(label_escaped); ++ if (!s->host_name) ++ return AVAHI_ERR_NO_MEMORY; + + update_fqdn(s); + +-- +2.44.0 + diff --git a/avahi-CVE-2023-38472.patch b/avahi-CVE-2023-38472.patch new file mode 100644 index 0000000..51ea7bc --- /dev/null +++ b/avahi-CVE-2023-38472.patch @@ -0,0 +1,45 @@ +diff --unified --recursive --text --new-file --color avahi-0.8.old/avahi-client/client-test.c avahi-0.8.new/avahi-client/client-test.c +--- avahi-0.8.old/avahi-client/client-test.c 2015-04-01 12:58:14.145727222 +0800 ++++ avahi-0.8.new/avahi-client/client-test.c 2023-11-30 13:20:12.640085338 +0800 +@@ -258,6 +258,9 @@ + printf("%s\n", avahi_strerror(avahi_entry_group_add_service (group, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, 0, "Lathiat's Site", "_http._tcp", NULL, NULL, 80, "foo=bar", NULL))); + printf("add_record: %d\n", avahi_entry_group_add_record (group, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, 0, "TestX", 0x01, 0x10, 120, "\5booya", 6)); + ++ error = avahi_entry_group_add_record (group, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, 0, "TestX", 0x01, 0x10, 120, "", 0); ++ assert(error != AVAHI_OK); ++ + avahi_entry_group_commit (group); + + domain = avahi_domain_browser_new (avahi, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, NULL, AVAHI_DOMAIN_BROWSER_BROWSE, 0, avahi_domain_browser_callback, (char*) "omghai3u"); +diff --unified --recursive --text --new-file --color avahi-0.8.old/avahi-core/rr.c avahi-0.8.new/avahi-core/rr.c +--- avahi-0.8.old/avahi-core/rr.c 2015-04-01 12:58:14.149727123 +0800 ++++ avahi-0.8.new/avahi-core/rr.c 2023-11-30 13:20:57.120063792 +0800 +@@ -426,6 +426,7 @@ + copy->ref = 1; + copy->key = avahi_key_ref(r->key); + copy->ttl = r->ttl; ++ memset(©->data, 0, sizeof(copy->data)); + + switch (r->key->type) { + case AVAHI_DNS_TYPE_PTR: +@@ -466,7 +467,7 @@ + break; + + default: +- if (!(copy->data.generic.data = avahi_memdup(r->data.generic.data, r->data.generic.size))) ++ if (r->data.generic.size && !(copy->data.generic.data = avahi_memdup(r->data.generic.data, r->data.generic.size))) + goto fail; + copy->data.generic.size = r->data.generic.size; + break; +diff --unified --recursive --text --new-file --color avahi-0.8.old/avahi-daemon/dbus-entry-group.c avahi-0.8.new/avahi-daemon/dbus-entry-group.c +--- avahi-0.8.old/avahi-daemon/dbus-entry-group.c 2015-04-01 12:58:14.153727024 +0800 ++++ avahi-0.8.new/avahi-daemon/dbus-entry-group.c 2023-11-30 13:20:12.640085338 +0800 +@@ -340,7 +340,7 @@ + if (!(r = avahi_record_new_full (name, clazz, type, ttl))) + return avahi_dbus_respond_error(c, m, AVAHI_ERR_NO_MEMORY, NULL); + +- if (avahi_rdata_parse (r, rdata, size) < 0) { ++ if (!rdata || avahi_rdata_parse (r, rdata, size) < 0) { + avahi_record_unref (r); + return avahi_dbus_respond_error(c, m, AVAHI_ERR_INVALID_RDATA, NULL); + } diff --git a/avahi-CVE-2023-38473.patch b/avahi-CVE-2023-38473.patch new file mode 100644 index 0000000..2f41f38 --- /dev/null +++ b/avahi-CVE-2023-38473.patch @@ -0,0 +1,107 @@ +From b448c9f771bada14ae8de175695a9729f8646797 Mon Sep 17 00:00:00 2001 +From: Michal Sekletar +Date: Wed, 11 Oct 2023 17:45:44 +0200 +Subject: [PATCH] common: derive alternative host name from its unescaped + version + +Normalization of input makes sure we don't have to deal with special +cases like unescaped dot at the end of label. + +Fixes #451 #487 +CVE-2023-38473 +--- + avahi-common/alternative-test.c | 3 +++ + avahi-common/alternative.c | 27 +++++++++++++++++++-------- + 2 files changed, 22 insertions(+), 8 deletions(-) + +diff --git a/avahi-common/alternative-test.c b/avahi-common/alternative-test.c +index 9255435..681fc15 100644 +--- a/avahi-common/alternative-test.c ++++ b/avahi-common/alternative-test.c +@@ -31,6 +31,9 @@ int main(AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char *argv[]) { + const char* const test_strings[] = { + "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", + "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXüüüüüüü", ++ ").", ++ "\\.", ++ "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\\\\", + "gurke", + "-", + " #", +diff --git a/avahi-common/alternative.c b/avahi-common/alternative.c +index b3d39f0..a094e6d 100644 +--- a/avahi-common/alternative.c ++++ b/avahi-common/alternative.c +@@ -49,15 +49,20 @@ static void drop_incomplete_utf8(char *c) { + } + + char *avahi_alternative_host_name(const char *s) { ++ char label[AVAHI_LABEL_MAX], alternative[AVAHI_LABEL_MAX*4+1]; ++ char *alt, *r, *ret; + const char *e; +- char *r; ++ size_t len; + + assert(s); + + if (!avahi_is_valid_host_name(s)) + return NULL; + +- if ((e = strrchr(s, '-'))) { ++ if (!avahi_unescape_label(&s, label, sizeof(label))) ++ return NULL; ++ ++ if ((e = strrchr(label, '-'))) { + const char *p; + + e++; +@@ -74,19 +79,18 @@ char *avahi_alternative_host_name(const char *s) { + + if (e) { + char *c, *m; +- size_t l; + int n; + + n = atoi(e)+1; + if (!(m = avahi_strdup_printf("%i", n))) + return NULL; + +- l = e-s-1; ++ len = e-label-1; + +- if (l >= AVAHI_LABEL_MAX-1-strlen(m)-1) +- l = AVAHI_LABEL_MAX-1-strlen(m)-1; ++ if (len >= AVAHI_LABEL_MAX-1-strlen(m)-1) ++ len = AVAHI_LABEL_MAX-1-strlen(m)-1; + +- if (!(c = avahi_strndup(s, l))) { ++ if (!(c = avahi_strndup(label, len))) { + avahi_free(m); + return NULL; + } +@@ -100,7 +104,7 @@ char *avahi_alternative_host_name(const char *s) { + } else { + char *c; + +- if (!(c = avahi_strndup(s, AVAHI_LABEL_MAX-1-2))) ++ if (!(c = avahi_strndup(label, AVAHI_LABEL_MAX-1-2))) + return NULL; + + drop_incomplete_utf8(c); +@@ -109,6 +113,13 @@ char *avahi_alternative_host_name(const char *s) { + avahi_free(c); + } + ++ alt = alternative; ++ len = sizeof(alternative); ++ ret = avahi_escape_label(r, strlen(r), &alt, &len); ++ ++ avahi_free(r); ++ r = avahi_strdup(ret); ++ + assert(avahi_is_valid_host_name(r)); + + return r; +-- +2.42.0 + diff --git a/avahi-add-resolv-conf-to-inotify.patch b/avahi-add-resolv-conf-to-inotify.patch new file mode 100644 index 0000000..625fbf4 --- /dev/null +++ b/avahi-add-resolv-conf-to-inotify.patch @@ -0,0 +1,29 @@ +From a2f1db71e6870ad70dd58bb081741946a59dd5cd Mon Sep 17 00:00:00 2001 +From: Mike Gorse +Date: Tue, 15 Feb 2022 15:37:47 -0600 +Subject: [PATCH] Add an inotify watch for /etc/resolv.conf + +This will ensure that avahi is reconfigured when resolv.conf changes. +Related to https://github.com/lathiat/avahi/issues/118, but this +patch is insufficient to solve the issue upstream, since it doesn't handle +a chrooted environment. Currently, SUSE isn't building avahi with chroot +support, so this doesn't matter here. +--- + avahi-daemon/main.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/avahi-daemon/main.c b/avahi-daemon/main.c +index 346338f..2edac30 100644 +--- a/avahi-daemon/main.c ++++ b/avahi-daemon/main.c +@@ -944,6 +944,7 @@ static void add_inotify_watches(void) { + |IN_ONLYDIR + #endif + ); ++ inotify_add_watch(inotify_fd, "/etc/resolv.conf", IN_CLOSE_WRITE|IN_DELETE|IN_DELETE_SELF|IN_MOVED_FROM|IN_MOVED_TO|IN_MOVE_SELF); + } + + #endif +-- +2.35.1 + diff --git a/avahi-autoipd.README.SUSE b/avahi-autoipd.README.SUSE new file mode 100644 index 0000000..79f0c56 --- /dev/null +++ b/avahi-autoipd.README.SUSE @@ -0,0 +1,77 @@ +IPv4LL in SUSE Linux +==================== + +IPv4LL provides support of peer to peer address assignment from a +special link local IP range. + +SUSE Linux contains two implementations of IPv4LL autoip protocol: + + +avahi-autoipd from avahi-autoipd package from avahi project +=========================================================== + +This is a daemon, that runs and assign IPv4LL address, either as a +fallback or at any time, depending on System/Zeroconf +AVAHI_AUTOIPD_FORCE_BIND sysconfig key (disabled by default). + +The daemon runs permanently for each device, monitors the network +status, and assigns IPv4LL address when requested. + +See http://avahi.org/wiki/AvahiAutoipd#ModesofOperation for more. + + +Activate avahi-autoipd implementation +------------------------------------- + +- Install avahi-autoip package and check that System/Zeroconf + AVAHI_AUTOIPD_FORCE_BIND sysconfig key is "yes" (the default). + +- Set the address settings in the YaST network configuration either to + None (to have IPv4LL address only) or DHCP (if you want DHCP together + with IPv4LL). + +- Note that NetworkManager uses avahi-autoipd by default. + + +For AVAHI_AUTOIPD_FORCE_BIND=false: +----------------------------------- + +In this mode the daemon assigns IPv4LL address only of DHCP fails. + +Advantage: +- All programs work with this setup. + +Disadvantage: +- When DHCP assigns address, all existing IPv4LL connections are lost. + + +For AVAHI_AUTOIPD_FORCE_BIND=true: +---------------------------------- + +In this mode the deamon forces binding address from IPv4LL address, even if +standard IPv4 address exists. + +Advantage: +- You can depend on IPv4LL address always assigned. + +Disadvantage: +- Some programs don't work well with labeled IP addresses or interface + aliases. + + + +IPv4LL assigned by dhcpcd +========================= + +If dhcpcd fails to obtain a lease, it will probe for a valid IPv4LL +address. Once obtained it will probe every 10 seconds for a DHCP server. + + +Activate dhcpcd implementation +------------------------------ + +This implementation is not supported in SUSE yet. Enabling this +implementation would require several manual changes in the +/sbin/ifup-dhcp script (removal of -L argument, and skipping of calls to +${SCRIPTNAME}-autoip in /sbin/ifup (e. g. by not setting Zeroconf in the +YaST network configuration). diff --git a/avahi-autoipd.sysconfig b/avahi-autoipd.sysconfig new file mode 100644 index 0000000..38e6422 --- /dev/null +++ b/avahi-autoipd.sysconfig @@ -0,0 +1,27 @@ +## Path: System/Zeroconf +## Description: Zeroconf (Bonjour, Rendezvous) options + +## Type: yesno +## Default: no +# +# Enable or disable avahi implementation of IPv4LL. If you select +# "yes", then it ignores AUTOIP keyword in the YaST network +# configuration. You should disable autoip implementation by disabling +# AUTOIP in the YaST network configuration of all devices. +# +# Note, that enabling it causes to start unconditionally on any +# interface and will break bridges,vlan,bond, ... +# For more see @docdir@/avahi-autoipd/README.SUSE. +# +AVAHI_AUTOIPD_ENABLE="no" + +## Type: yesno +## Default: no +# +# Force binding address from IPv4LL (link local) address, even if +# standard IPv4 address exists. If you select "yes", alias interface +# will be created. It may break some naive programs. If you select +# "no", IPv4LL will be usable only if no routable address is configured. +# See http://avahi.org/wiki/AvahiAutoipd#ModesofOperation for more. +# +AVAHI_AUTOIPD_FORCE_BIND="no" diff --git a/avahi-autoipd.sysusers b/avahi-autoipd.sysusers new file mode 100644 index 0000000..9872a1e --- /dev/null +++ b/avahi-autoipd.sysusers @@ -0,0 +1,2 @@ +#Type Name ID GECOS Home directory Shell +u avahi-autoipd - "User for Avahi IPv4LL" /var/lib/avahi-autoipd - diff --git a/avahi-desktop.patch b/avahi-desktop.patch new file mode 100644 index 0000000..a2c2eb8 --- /dev/null +++ b/avahi-desktop.patch @@ -0,0 +1,33 @@ +Index: avahi-0.6.31/avahi-ui/bssh.desktop.in.in +=================================================================== +--- avahi-0.6.31.orig/avahi-ui/bssh.desktop.in.in ++++ avahi-0.6.31/avahi-ui/bssh.desktop.in.in +@@ -6,5 +6,5 @@ Exec=@bindir@/bssh + Terminal=false + Type=Application + Icon=network-wired +-Categories=GNOME;Network; ++Categories=GTK;Network;RemoteAccess; + StartupNotify=false +Index: avahi-0.6.31/avahi-ui/bvnc.desktop.in.in +=================================================================== +--- avahi-0.6.31.orig/avahi-ui/bvnc.desktop.in.in ++++ avahi-0.6.31/avahi-ui/bvnc.desktop.in.in +@@ -6,5 +6,5 @@ Exec=@bindir@/bvnc + Terminal=false + Type=Application + Icon=network-wired +-Categories=GNOME;Network; ++Categories=GTK;Network;RemoteAccess; + StartupNotify=false +Index: avahi-0.6.31/avahi-python/avahi-discover/avahi-discover.desktop.in.in +=================================================================== +--- avahi-0.6.31.orig/avahi-python/avahi-discover/avahi-discover.desktop.in.in ++++ avahi-0.6.31/avahi-python/avahi-discover/avahi-discover.desktop.in.in +@@ -6,5 +6,5 @@ Exec=@bindir@/avahi-discover + Terminal=false + Type=Application + Icon=network-wired +-Categories=GNOME;System; ++Categories=GTK;Network;Monitor; + StartupNotify=false diff --git a/avahi-filter-bogus-services.patch b/avahi-filter-bogus-services.patch new file mode 100644 index 0000000..c37044a --- /dev/null +++ b/avahi-filter-bogus-services.patch @@ -0,0 +1,159 @@ +From 93b14365c1c1e04efd1a890e8caa01a2a514bfd8 Mon Sep 17 00:00:00 2001 +From: Evgeny Vereshchagin +Date: Sun, 12 Nov 2023 01:16:58 +0000 +Subject: [PATCH] core: no longer supply bogus services to callbacks + +It was technically a DOS allowing packets with service names like +"bogus.service.local" to bring down `avahi-browse -a`. In practice +it was usually triggered by misconfigured smart devices but it isn't +that hard to forge packets like that and send them deliberately. + +The tests are added to make sure invalid service names are rejected and +valid service names keep working. The fuzz target is updated to make +sure that avahi_service_name_split always supplies valid arguments to +avahi_service_name_join. avahi now logs what exactly it fails to split +``` +avahi-daemon[176]: Failed to split service name '0.1.9.1.8.8.e.f.f.f.f.a.a.1.4.7.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa' +avahi-daemon[176]: Failed to split service name 'bogus\032.\032\209\129\208\181\209\128\208\178\208\184\209\129.local' +avahi-daemon[176]: Failed to split service name '255.20.254.169.in-addr.arpa' +avahi-daemon[176]: Failed to split service name 'bogus\032.\032\209\129\208\181\209\128\208\178\208\184\209\129.local' +avahi-daemon[176]: Failed to split service name '33.93.168.192.in-addr.arpa' +``` +when --debug is passed to it (which makes that part consistent with the +other places where weird packets are rejected). + +Closes https://github.com/lathiat/avahi/issues/212 +--- + .github/workflows/smoke-tests.sh | 2 ++ + avahi-common/domain-test.c | 36 ++++++++++++++++++++++++++++++++ + avahi-common/domain.c | 14 +++++++++++++ + avahi-core/browse-service-type.c | 2 +- + avahi-core/browse-service.c | 2 +- + fuzz/fuzz-packet.c | 18 ++++++++-------- + 6 files changed, 63 insertions(+), 11 deletions(-) + +diff --git a/avahi-common/domain-test.c b/avahi-common/domain-test.c +index 7a662da..9679e98 100644 +--- a/avahi-common/domain-test.c ++++ b/avahi-common/domain-test.c +@@ -26,6 +26,7 @@ + #include + + #include "domain.h" ++#include "error.h" + #include "malloc.h" + + int main(AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char *argv[]) { +@@ -34,6 +35,7 @@ int main(AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char *argv[]) { + const char *p; + size_t size; + char name[64], type[AVAHI_DOMAIN_NAME_MAX], domain[AVAHI_DOMAIN_NAME_MAX]; ++ int res; + + printf("%s\n", s = avahi_normalize_name_strdup("foo.foo\\046.")); + avahi_free(s); +@@ -132,5 +134,39 @@ int main(AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char *argv[]) { + assert(!avahi_is_valid_fqdn("::1")); + assert(!avahi_is_valid_fqdn(".192.168.50.1.")); + ++ res = avahi_service_name_split("test._ssh._tcp.local", name, sizeof(name), type, sizeof(type), domain, sizeof(domain)); ++ assert(res >= 0); ++ assert(strcmp(name, "test") == 0); ++ assert(strcmp(type, "_ssh._tcp") == 0); ++ assert(strcmp(domain, "local") == 0); ++ ++ res = avahi_service_name_split("test._hop._sub._ssh._tcp.local", name, sizeof(name), type, sizeof(type), domain, sizeof(domain)); ++ assert(res >= 0); ++ assert(strcmp(name, "test") == 0); ++ assert(strcmp(type, "_hop._sub._ssh._tcp") == 0); ++ assert(strcmp(domain, "local") == 0); ++ ++ res = avahi_service_name_split("_qotd._udp.hey.local", NULL, 0, type, sizeof(type), domain, sizeof(domain)); ++ assert(res >= 0); ++ assert(strcmp(type, "_qotd._udp") == 0); ++ assert(strcmp(domain, "hey.local") == 0); ++ ++ res = avahi_service_name_split("_wat._sub._qotd._udp.hey.local", NULL, 0, type, sizeof(type), domain, sizeof(domain)); ++ assert(res >= 0); ++ assert(strcmp(type, "_wat._sub._qotd._udp") == 0); ++ assert(strcmp(domain, "hey.local") == 0); ++ ++ res = avahi_service_name_split("wat.bogus.service.local", name, sizeof(name), type, sizeof(type), domain, sizeof(domain)); ++ assert(res == AVAHI_ERR_INVALID_SERVICE_TYPE); ++ ++ res = avahi_service_name_split("bogus.service.local", NULL, 0, type, sizeof(type), domain, sizeof(domain)); ++ assert(res == AVAHI_ERR_INVALID_SERVICE_TYPE); ++ ++ res = avahi_service_name_split("", name, sizeof(name), type, sizeof(type), domain, sizeof(domain)); ++ assert(res == AVAHI_ERR_INVALID_SERVICE_NAME); ++ ++ res = avahi_service_name_split("", NULL, 0, type, sizeof(type), domain, sizeof(domain)); ++ assert(res == AVAHI_ERR_INVALID_SERVICE_TYPE); ++ + return 0; + } +diff --git a/avahi-common/domain.c b/avahi-common/domain.c +index c7af116..9e93018 100644 +--- a/avahi-common/domain.c ++++ b/avahi-common/domain.c +@@ -501,6 +501,7 @@ int avahi_service_name_split(const char *p, char *name, size_t name_size, char * + DOMAIN + } state; + int type_empty = 1, domain_empty = 1; ++ char *oname, *otype, *odomain; + + assert(p); + assert(type); +@@ -508,6 +509,10 @@ int avahi_service_name_split(const char *p, char *name, size_t name_size, char * + assert(domain); + assert(domain_size > 0); + ++ oname = name; ++ otype = type; ++ odomain = domain; ++ + if (name) { + assert(name_size > 0); + *name = 0; +@@ -570,6 +575,15 @@ int avahi_service_name_split(const char *p, char *name, size_t name_size, char * + } + } + ++ if ((oname && !avahi_is_valid_service_name(oname))) ++ return AVAHI_ERR_INVALID_SERVICE_NAME; ++ ++ if (!avahi_is_valid_service_type_generic(otype)) ++ return AVAHI_ERR_INVALID_SERVICE_TYPE; ++ ++ if (!avahi_is_valid_domain_name(odomain)) ++ return AVAHI_ERR_INVALID_DOMAIN_NAME; ++ + return 0; + } + +diff --git a/avahi-core/browse-service-type.c b/avahi-core/browse-service-type.c +index b1fc7af..f0d6938 100644 +--- a/avahi-core/browse-service-type.c ++++ b/avahi-core/browse-service-type.c +@@ -65,7 +65,7 @@ static void record_browser_callback( + assert(record->key->type == AVAHI_DNS_TYPE_PTR); + + if (avahi_service_name_split(record->data.ptr.name, NULL, 0, type, sizeof(type), domain, sizeof(domain)) < 0) { +- avahi_log_warn("Invalid service type '%s'", record->key->name); ++ avahi_log_debug("Failed to split service name '%s'", record->data.ptr.name); + return; + } + +diff --git a/avahi-core/browse-service.c b/avahi-core/browse-service.c +index 63e0275..e924bae 100644 +--- a/avahi-core/browse-service.c ++++ b/avahi-core/browse-service.c +@@ -69,7 +69,7 @@ static void record_browser_callback( + flags |= AVAHI_LOOKUP_RESULT_LOCAL; + + if (avahi_service_name_split(record->data.ptr.name, service, sizeof(service), type, sizeof(type), domain, sizeof(domain)) < 0) { +- avahi_log_warn("Failed to split '%s'", record->key->name); ++ avahi_log_debug("Failed to split service name '%s'", record->data.ptr.name); + return; + } + diff --git a/avahi-gacdir.patch b/avahi-gacdir.patch new file mode 100644 index 0000000..96ece9b --- /dev/null +++ b/avahi-gacdir.patch @@ -0,0 +1,80 @@ +Index: avahi-sharp.pc.in +=================================================================== +--- a/avahi-sharp.pc.in.orig ++++ b/avahi-sharp.pc.in +@@ -1,6 +1,6 @@ + prefix=@prefix@ + exec_prefix=@prefix@ +-libdir=@libdir@ ++libdir=@prefix@/lib + + Name: avahi-sharp + Description: Mono bindings for the Avahi mDNS/DNS-SD stack +Index: avahi-sharp/Makefile.am +=================================================================== +--- a/avahi-sharp/Makefile.am.orig ++++ b/avahi-sharp/Makefile.am +@@ -73,10 +73,10 @@ monodoc_DATA = avahi-sharp-docs.zip avah + endif + + install-data-hook: $(ASSEMBLY) +- $(AM_V_GEN)MONO_SHARED_DIR=. $(GACUTIL) /i $(ASSEMBLY) /package avahi-sharp /gacdir $(libdir) /root $(DESTDIR)$(libdir) ++ $(AM_V_GEN)MONO_SHARED_DIR=. $(GACUTIL) /i $(ASSEMBLY) /package avahi-sharp /gacdir $(prefix)/lib /root $(DESTDIR)$(prefix)/lib + + uninstall-hook: $(ASSEMBLY) +- $(AM_V_GEN)MONO_SHARED_DIR=. $(GACUTIL) /u avahi-sharp /package avahi-sharp /gacdir $(libdir) /root $(DESTDIR)$(libdir) ++ $(AM_V_GEN)MONO_SHARED_DIR=. $(GACUTIL) /u avahi-sharp /package avahi-sharp /gacdir $(prefix)/lib /root $(DESTDIR)$(prefix)/lib + + endif + endif +Index: avahi-sharp/Makefile.in +=================================================================== +--- a/avahi-sharp/Makefile.in.orig ++++ b/avahi-sharp/Makefile.in +@@ -611,10 +611,10 @@ $(ASSEMBLY).config: $(ASSEMBLY).config.i + @HAVE_DBUS_TRUE@@HAVE_MONODOC_TRUE@@HAVE_MONO_TRUE@ $(AM_V_GEN)$(MDASSEMBLER) --out avahi-sharp-docs --ecma $(srcdir)/en + + @HAVE_DBUS_TRUE@@HAVE_MONO_TRUE@install-data-hook: $(ASSEMBLY) +-@HAVE_DBUS_TRUE@@HAVE_MONO_TRUE@ $(AM_V_GEN)MONO_SHARED_DIR=. $(GACUTIL) /i $(ASSEMBLY) /package avahi-sharp /gacdir $(libdir) /root $(DESTDIR)$(libdir) ++@HAVE_DBUS_TRUE@@HAVE_MONO_TRUE@ $(AM_V_GEN)MONO_SHARED_DIR=. $(GACUTIL) /i $(ASSEMBLY) /package avahi-sharp /gacdir $(prefix)/lib /root $(DESTDIR)$(prefix)/lib + + @HAVE_DBUS_TRUE@@HAVE_MONO_TRUE@uninstall-hook: $(ASSEMBLY) +-@HAVE_DBUS_TRUE@@HAVE_MONO_TRUE@ $(AM_V_GEN)MONO_SHARED_DIR=. $(GACUTIL) /u avahi-sharp /package avahi-sharp /gacdir $(libdir) /root $(DESTDIR)$(libdir) ++@HAVE_DBUS_TRUE@@HAVE_MONO_TRUE@ $(AM_V_GEN)MONO_SHARED_DIR=. $(GACUTIL) /u avahi-sharp /package avahi-sharp /gacdir $(prefix)/lib /root $(DESTDIR)$(prefix)/lib + + # Tell versions [3.59,3.63) of GNU make to not export all variables. + # Otherwise a system limit (for SysV at least) may be exceeded. +Index: avahi-ui-sharp/Makefile.am +=================================================================== +--- a/avahi-ui-sharp/Makefile.am.orig ++++ b/avahi-ui-sharp/Makefile.am +@@ -60,10 +60,10 @@ monodoc_DATA = avahi-ui-sharp-docs.zip a + endif + + install-data-hook: $(ASSEMBLY) +- $(GACUTIL) /i $(ASSEMBLY) /package avahi-ui-sharp /gacdir $(libdir) /root $(DESTDIR)$(libdir) ++ $(GACUTIL) /i $(ASSEMBLY) /package avahi-ui-sharp /gacdir $(prefix)/lib /root $(DESTDIR)$(prefix)/lib + + uninstall-hook: $(ASSEMBLY) +- $(GACUTIL) /u avahi-ui-sharp /package avahi-ui-sharp /gacdir $(libdir) /root $(DESTDIR)$(libdir) ++ $(GACUTIL) /u avahi-ui-sharp /package avahi-ui-sharp /gacdir $(prefix)/lib /root $(DESTDIR)$(prefix)/lib + + endif + endif +Index: avahi-ui-sharp/Makefile.in +=================================================================== +--- a/avahi-ui-sharp/Makefile.in.orig ++++ b/avahi-ui-sharp/Makefile.in +@@ -600,10 +600,10 @@ bssh.exe: $(srcdir)/bssh.cs $(ASSEMBLY) + @HAVE_DBUS_TRUE@@HAVE_GTK_TRUE@@HAVE_MONODOC_TRUE@@HAVE_MONO_TRUE@ $(AM_V_GEN)$(MDASSEMBLER) --out avahi-ui-sharp-docs --ecma $(srcdir)/en + + @HAVE_DBUS_TRUE@@HAVE_GTK_TRUE@@HAVE_MONO_TRUE@install-data-hook: $(ASSEMBLY) +-@HAVE_DBUS_TRUE@@HAVE_GTK_TRUE@@HAVE_MONO_TRUE@ $(GACUTIL) /i $(ASSEMBLY) /package avahi-ui-sharp /gacdir $(libdir) /root $(DESTDIR)$(libdir) ++@HAVE_DBUS_TRUE@@HAVE_GTK_TRUE@@HAVE_MONO_TRUE@ $(GACUTIL) /i $(ASSEMBLY) /package avahi-ui-sharp /gacdir $(prefix)/lib /root $(DESTDIR)$(prefix)/lib + + @HAVE_DBUS_TRUE@@HAVE_GTK_TRUE@@HAVE_MONO_TRUE@uninstall-hook: $(ASSEMBLY) +-@HAVE_DBUS_TRUE@@HAVE_GTK_TRUE@@HAVE_MONO_TRUE@ $(GACUTIL) /u avahi-ui-sharp /package avahi-ui-sharp /gacdir $(libdir) /root $(DESTDIR)$(libdir) ++@HAVE_DBUS_TRUE@@HAVE_GTK_TRUE@@HAVE_MONO_TRUE@ $(GACUTIL) /u avahi-ui-sharp /package avahi-ui-sharp /gacdir $(prefix)/lib /root $(DESTDIR)$(prefix)/lib + + # Tell versions [3.59,3.63) of GNU make to not export all variables. + # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/avahi-glib-gettext.m4 b/avahi-glib-gettext.m4 new file mode 100644 index 0000000..5ad035e --- /dev/null +++ b/avahi-glib-gettext.m4 @@ -0,0 +1,420 @@ +# Copyright (C) 1995-2002 Free Software Foundation, Inc. +# Copyright (C) 2001-2003,2004 Red Hat, Inc. +# +# This file is free software, distributed under the terms of the GNU +# General Public License. As a special exception to the GNU General +# Public License, this file may be distributed as part of a program +# that contains a configuration script generated by Autoconf, under +# the same distribution terms as the rest of that program. +# +# This file can be copied and used freely without restrictions. It can +# be used in projects which are not available under the GNU Public License +# but which still want to provide support for the GNU gettext functionality. +# +# Macro to add for using GNU gettext. +# Ulrich Drepper , 1995, 1996 +# +# Modified to never use included libintl. +# Owen Taylor , 12/15/1998 +# +# Major rework to remove unused code +# Owen Taylor , 12/11/2002 +# +# Added better handling of ALL_LINGUAS from GNU gettext version +# written by Bruno Haible, Owen Taylor 5/30/3002 +# +# Modified to require ngettext +# Matthias Clasen 08/06/2004 +# +# We need this here as well, since someone might use autoconf-2.5x +# to configure GLib then an older version to configure a package +# using AM_GLIB_GNU_GETTEXT +AC_PREREQ(2.53) + +dnl +dnl We go to great lengths to make sure that aclocal won't +dnl try to pull in the installed version of these macros +dnl when running aclocal in the glib directory. +dnl +m4_copy([AC_DEFUN],[glib_DEFUN]) +m4_copy([AC_REQUIRE],[glib_REQUIRE]) +dnl +dnl At the end, if we're not within glib, we'll define the public +dnl definitions in terms of our private definitions. +dnl + +# GLIB_LC_MESSAGES +#-------------------- +glib_DEFUN([GLIB_LC_MESSAGES], + [AC_CHECK_HEADERS([locale.h]) + if test $ac_cv_header_locale_h = yes; then + AC_CACHE_CHECK([for LC_MESSAGES], am_cv_val_LC_MESSAGES, + [AC_TRY_LINK([#include ], [return LC_MESSAGES], + am_cv_val_LC_MESSAGES=yes, am_cv_val_LC_MESSAGES=no)]) + if test $am_cv_val_LC_MESSAGES = yes; then + AC_DEFINE(HAVE_LC_MESSAGES, 1, + [Define if your file defines LC_MESSAGES.]) + fi + fi]) + +# GLIB_PATH_PROG_WITH_TEST +#---------------------------- +dnl GLIB_PATH_PROG_WITH_TEST(VARIABLE, PROG-TO-CHECK-FOR, +dnl TEST-PERFORMED-ON-FOUND_PROGRAM [, VALUE-IF-NOT-FOUND [, PATH]]) +glib_DEFUN([GLIB_PATH_PROG_WITH_TEST], +[# Extract the first word of "$2", so it can be a program name with args. +set dummy $2; ac_word=[$]2 +AC_MSG_CHECKING([for $ac_word]) +AC_CACHE_VAL(ac_cv_path_$1, +[case "[$]$1" in + /*) + ac_cv_path_$1="[$]$1" # Let the user override the test with a path. + ;; + *) + IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:" + for ac_dir in ifelse([$5], , $PATH, [$5]); do + test -z "$ac_dir" && ac_dir=. + if test -f $ac_dir/$ac_word; then + if [$3]; then + ac_cv_path_$1="$ac_dir/$ac_word" + break + fi + fi + done + IFS="$ac_save_ifs" +dnl If no 4th arg is given, leave the cache variable unset, +dnl so AC_PATH_PROGS will keep looking. +ifelse([$4], , , [ test -z "[$]ac_cv_path_$1" && ac_cv_path_$1="$4" +])dnl + ;; +esac])dnl +$1="$ac_cv_path_$1" +if test ifelse([$4], , [-n "[$]$1"], ["[$]$1" != "$4"]); then + AC_MSG_RESULT([$]$1) +else + AC_MSG_RESULT(no) +fi +AC_SUBST($1)dnl +]) + +# GLIB_WITH_NLS +#----------------- +glib_DEFUN([GLIB_WITH_NLS], + dnl NLS is obligatory + [USE_NLS=yes + AC_SUBST(USE_NLS) + + gt_cv_have_gettext=no + + CATOBJEXT=NONE + XGETTEXT=: + INTLLIBS= + + AC_CHECK_HEADER(libintl.h, + [gt_cv_func_dgettext_libintl="no" + libintl_extra_libs="" + + # + # First check in libc + # + AC_CACHE_CHECK([for ngettext in libc], gt_cv_func_ngettext_libc, + [AC_TRY_LINK([ +#include +], + [return !ngettext ("","", 1)], + gt_cv_func_ngettext_libc=yes, + gt_cv_func_ngettext_libc=no) + ]) + + if test "$gt_cv_func_ngettext_libc" = "yes" ; then + AC_CACHE_CHECK([for dgettext in libc], gt_cv_func_dgettext_libc, + [AC_TRY_LINK([ +#include +], + [return !dgettext ("","")], + gt_cv_func_dgettext_libc=yes, + gt_cv_func_dgettext_libc=no) + ]) + fi + + if test "$gt_cv_func_ngettext_libc" = "yes" ; then + AC_CHECK_FUNCS(bind_textdomain_codeset) + fi + + # + # If we don't have everything we want, check in libintl + # + if test "$gt_cv_func_dgettext_libc" != "yes" \ + || test "$gt_cv_func_ngettext_libc" != "yes" \ + || test "$ac_cv_func_bind_textdomain_codeset" != "yes" ; then + + AC_CHECK_LIB(intl, bindtextdomain, + [AC_CHECK_LIB(intl, ngettext, + [AC_CHECK_LIB(intl, dgettext, + gt_cv_func_dgettext_libintl=yes)])]) + + if test "$gt_cv_func_dgettext_libintl" != "yes" ; then + AC_MSG_CHECKING([if -liconv is needed to use gettext]) + AC_MSG_RESULT([]) + AC_CHECK_LIB(intl, ngettext, + [AC_CHECK_LIB(intl, dcgettext, + [gt_cv_func_dgettext_libintl=yes + libintl_extra_libs=-liconv], + :,-liconv)], + :,-liconv) + fi + + # + # If we found libintl, then check in it for bind_textdomain_codeset(); + # we'll prefer libc if neither have bind_textdomain_codeset(), + # and both have dgettext and ngettext + # + if test "$gt_cv_func_dgettext_libintl" = "yes" ; then + glib_save_LIBS="$LIBS" + LIBS="$LIBS -lintl $libintl_extra_libs" + unset ac_cv_func_bind_textdomain_codeset + AC_CHECK_FUNCS(bind_textdomain_codeset) + LIBS="$glib_save_LIBS" + + if test "$ac_cv_func_bind_textdomain_codeset" = "yes" ; then + gt_cv_func_dgettext_libc=no + else + if test "$gt_cv_func_dgettext_libc" = "yes" \ + && test "$gt_cv_func_ngettext_libc" = "yes"; then + gt_cv_func_dgettext_libintl=no + fi + fi + fi + fi + + if test "$gt_cv_func_dgettext_libc" = "yes" \ + || test "$gt_cv_func_dgettext_libintl" = "yes"; then + gt_cv_have_gettext=yes + fi + + if test "$gt_cv_func_dgettext_libintl" = "yes"; then + INTLLIBS="-lintl $libintl_extra_libs" + fi + + if test "$gt_cv_have_gettext" = "yes"; then + AC_DEFINE(HAVE_GETTEXT,1, + [Define if the GNU gettext() function is already present or preinstalled.]) + GLIB_PATH_PROG_WITH_TEST(MSGFMT, msgfmt, + [test -z "`$ac_dir/$ac_word -h 2>&1 | grep 'dv '`"], no)dnl + if test "$MSGFMT" != "no"; then + glib_save_LIBS="$LIBS" + LIBS="$LIBS $INTLLIBS" + AC_CHECK_FUNCS(dcgettext) + MSGFMT_OPTS= + AC_MSG_CHECKING([if msgfmt accepts -c]) + GLIB_RUN_PROG([$MSGFMT -c -o /dev/null],[ +msgid "" +msgstr "" +"Content-Type: text/plain; charset=UTF-8\n" +"Project-Id-Version: test 1.0\n" +"PO-Revision-Date: 2007-02-15 12:01+0100\n" +"Last-Translator: test \n" +"Language-Team: C \n" +"MIME-Version: 1.0\n" +"Content-Transfer-Encoding: 8bit\n" +], [MSGFMT_OPTS=-c; AC_MSG_RESULT([yes])], [AC_MSG_RESULT([no])]) + AC_SUBST(MSGFMT_OPTS) + AC_PATH_PROG(GMSGFMT, gmsgfmt, $MSGFMT) + GLIB_PATH_PROG_WITH_TEST(XGETTEXT, xgettext, + [test -z "`$ac_dir/$ac_word -h 2>&1 | grep '(HELP)'`"], :) + AC_TRY_LINK(, [extern int _nl_msg_cat_cntr; + return _nl_msg_cat_cntr], + [CATOBJEXT=.gmo + DATADIRNAME=share], + [case $host in + *-*-solaris*) + dnl On Solaris, if bind_textdomain_codeset is in libc, + dnl GNU format message catalog is always supported, + dnl since both are added to the libc all together. + dnl Hence, we'd like to go with DATADIRNAME=share and + dnl and CATOBJEXT=.gmo in this case. + AC_CHECK_FUNC(bind_textdomain_codeset, + [CATOBJEXT=.gmo + DATADIRNAME=share], + [CATOBJEXT=.mo + DATADIRNAME=lib]) + ;; + *) + CATOBJEXT=.mo + DATADIRNAME=lib + ;; + esac]) + LIBS="$glib_save_LIBS" + INSTOBJEXT=.mo + else + gt_cv_have_gettext=no + fi + fi + ]) + + if test "$gt_cv_have_gettext" = "yes" ; then + AC_DEFINE(ENABLE_NLS, 1, + [always defined to indicate that i18n is enabled]) + fi + + dnl Test whether we really found GNU xgettext. + if test "$XGETTEXT" != ":"; then + dnl If it is not GNU xgettext we define it as : so that the + dnl Makefiles still can work. + if $XGETTEXT --omit-header /dev/null 2> /dev/null; then + : ; + else + AC_MSG_RESULT( + [found xgettext program is not GNU xgettext; ignore it]) + XGETTEXT=":" + fi + fi + + # We need to process the po/ directory. + POSUB=po + + AC_OUTPUT_COMMANDS( + [case "$CONFIG_FILES" in *po/Makefile.in*) + sed -e "/POTFILES =/r po/POTFILES" po/Makefile.in > po/Makefile + esac]) + + dnl These rules are solely for the distribution goal. While doing this + dnl we only have to keep exactly one list of the available catalogs + dnl in configure.in. + for lang in $ALL_LINGUAS; do + GMOFILES="$GMOFILES $lang.gmo" + POFILES="$POFILES $lang.po" + done + + dnl Make all variables we use known to autoconf. + AC_SUBST(CATALOGS) + AC_SUBST(CATOBJEXT) + AC_SUBST(DATADIRNAME) + AC_SUBST(GMOFILES) + AC_SUBST(INSTOBJEXT) + AC_SUBST(INTLLIBS) + AC_SUBST(PO_IN_DATADIR_TRUE) + AC_SUBST(PO_IN_DATADIR_FALSE) + AC_SUBST(POFILES) + AC_SUBST(POSUB) + ]) + +# AM_GLIB_GNU_GETTEXT +# ------------------- +# Do checks necessary for use of gettext. If a suitable implementation +# of gettext is found in either in libintl or in the C library, +# it will set INTLLIBS to the libraries needed for use of gettext +# and AC_DEFINE() HAVE_GETTEXT and ENABLE_NLS. (The shell variable +# gt_cv_have_gettext will be set to "yes".) It will also call AC_SUBST() +# on various variables needed by the Makefile.in.in installed by +# glib-gettextize. +dnl +glib_DEFUN([GLIB_GNU_GETTEXT], + [AC_REQUIRE([AC_PROG_CC])dnl + AC_REQUIRE([AC_HEADER_STDC])dnl + + GLIB_LC_MESSAGES + GLIB_WITH_NLS + + if test "$gt_cv_have_gettext" = "yes"; then + if test "x$ALL_LINGUAS" = "x"; then + LINGUAS= + else + AC_MSG_CHECKING(for catalogs to be installed) + NEW_LINGUAS= + for presentlang in $ALL_LINGUAS; do + useit=no + if test "%UNSET%" != "${LINGUAS-%UNSET%}"; then + desiredlanguages="$LINGUAS" + else + desiredlanguages="$ALL_LINGUAS" + fi + for desiredlang in $desiredlanguages; do + # Use the presentlang catalog if desiredlang is + # a. equal to presentlang, or + # b. a variant of presentlang (because in this case, + # presentlang can be used as a fallback for messages + # which are not translated in the desiredlang catalog). + case "$desiredlang" in + "$presentlang"*) useit=yes;; + esac + done + if test $useit = yes; then + NEW_LINGUAS="$NEW_LINGUAS $presentlang" + fi + done + LINGUAS=$NEW_LINGUAS + AC_MSG_RESULT($LINGUAS) + fi + + dnl Construct list of names of catalog files to be constructed. + if test -n "$LINGUAS"; then + for lang in $LINGUAS; do CATALOGS="$CATALOGS $lang$CATOBJEXT"; done + fi + fi + + dnl Generate list of files to be processed by xgettext which will + dnl be included in po/Makefile. + test -d po || mkdir po + if test "x$srcdir" != "x."; then + if test "x`echo $srcdir | sed 's@/.*@@'`" = "x"; then + posrcprefix="$srcdir/" + else + posrcprefix="../$srcdir/" + fi + else + posrcprefix="../" + fi + rm -f po/POTFILES + sed -e "/^#/d" -e "/^\$/d" -e "s,.*, $posrcprefix& \\\\," -e "\$s/\(.*\) \\\\/\1/" \ + < $srcdir/po/POTFILES.in > po/POTFILES + ]) + +# AM_GLIB_DEFINE_LOCALEDIR(VARIABLE) +# ------------------------------- +# Define VARIABLE to the location where catalog files will +# be installed by po/Makefile. +glib_DEFUN([GLIB_DEFINE_LOCALEDIR], +[glib_REQUIRE([GLIB_GNU_GETTEXT])dnl +glib_save_prefix="$prefix" +glib_save_exec_prefix="$exec_prefix" +glib_save_datarootdir="$datarootdir" +test "x$prefix" = xNONE && prefix=$ac_default_prefix +test "x$exec_prefix" = xNONE && exec_prefix=$prefix +datarootdir=`eval echo "${datarootdir}"` +if test "x$CATOBJEXT" = "x.mo" ; then + localedir=`eval echo "${libdir}/locale"` +else + localedir=`eval echo "${datadir}/locale"` +fi +prefix="$glib_save_prefix" +exec_prefix="$glib_save_exec_prefix" +datarootdir="$glib_save_datarootdir" +AC_DEFINE_UNQUOTED($1, "$localedir", + [Define the location where the catalogs will be installed]) +]) + +dnl +dnl Now the definitions that aclocal will find +dnl +ifdef(glib_configure_in,[],[ +AC_DEFUN([AM_GLIB_GNU_GETTEXT],[GLIB_GNU_GETTEXT($@)]) +AC_DEFUN([AM_GLIB_DEFINE_LOCALEDIR],[GLIB_DEFINE_LOCALEDIR($@)]) +])dnl + +# GLIB_RUN_PROG(PROGRAM, TEST-FILE, [ACTION-IF-PASS], [ACTION-IF-FAIL]) +# +# Create a temporary file with TEST-FILE as its contents and pass the +# file name to PROGRAM. Perform ACTION-IF-PASS if PROGRAM exits with +# 0 and perform ACTION-IF-FAIL for any other exit status. +AC_DEFUN([GLIB_RUN_PROG], +[cat >conftest.foo <<_ACEOF +$2 +_ACEOF +if AC_RUN_LOG([$1 conftest.foo]); then + m4_ifval([$3], [$3], [:]) +m4_ifvaln([$4], [else $4])dnl +echo "$as_me: failed input was:" >&AS_MESSAGE_LOG_FD +sed 's/^/| /' conftest.foo >&AS_MESSAGE_LOG_FD +fi]) + diff --git a/avahi-rpmlintrc b/avahi-rpmlintrc new file mode 100644 index 0000000..1e94fa3 --- /dev/null +++ b/avahi-rpmlintrc @@ -0,0 +1 @@ +addFilter("shlib-policy-name-error SONAME: libdns_sd.so.1"); diff --git a/avahi.changes b/avahi.changes new file mode 100644 index 0000000..5ba9959 --- /dev/null +++ b/avahi.changes @@ -0,0 +1,1681 @@ +------------------------------------------------------------------- +Tue Oct 15 11:56:48 UTC 2024 - Dominique Leuenberger + +- Drop rcFOO symlinks (PED-266). + +------------------------------------------------------------------- +Thu Jun 20 16:01:22 UTC 2024 - Michael Gorse + +- Add avahi-filter-bogus-services.patch: no longer supply bogus + services to callbacks (bsc#1226586). + +------------------------------------------------------------------- +Thu Apr 4 13:44:36 UTC 2024 - Dominique Leuenberger + +- Tag hardening patches as PATCH-FEATURE-OPENSUSE + +------------------------------------------------------------------- +Tue Mar 26 02:28:37 UTC 2024 - Xiaoguang Wang + +- Add avahi-CVE-2023-38471.patch: Extract host name using + avahi_unescape_label (bsc#1216594, CVE-2023-38471). +- Add avahi-CVE-2023-38469.patch: Reject overly long TXT resource + records (bsc#1216598, CVE-2023-38469). + +------------------------------------------------------------------- +Tue Mar 12 14:42:24 UTC 2024 - pgajdos@suse.com + +- remove dependency on /usr/bin/python3 using + %python3_fix_shebang macro, [bsc#1212476] + +------------------------------------------------------------------- +Thu Nov 30 05:23:33 UTC 2023 - Alynx Zhou + +- Add avahi-CVE-2023-38472.patch: Fix reachable assertion in + avahi_rdata_parse (bsc#1216853, CVE-2023-38472). + +------------------------------------------------------------------- +Mon Nov 27 14:20:42 UTC 2023 - Dominique Leuenberger + +- Reformat avahi-gacdir.patch to apply as patch -p1. +- Use %autopatch instead of deprecated %patchN format. + +------------------------------------------------------------------- +Thu Nov 23 07:48:14 UTC 2023 - Dominique Leuenberger + +- avahi-autoipd: drop the post script part migrating the user + owning files in /var/lib/avahi-autoipd: the code was aiding + migrations from SLE<=11/openSUSE<=12.3, which are no longer in + scope for upgrades nowadays. + +------------------------------------------------------------------- +Wed Nov 22 12:55:06 UTC 2023 - Dominique Leuenberger + +- avahi-autoipd: guard %post chown with -h, to not follow symlinks + (boo#1217398). + +------------------------------------------------------------------- +Mon Nov 13 10:15:01 UTC 2023 - Dominique Leuenberger + +- avahi-autoipd: only migrate files owned by avahi user if said + user exists: if the user does not exist (fresh installs), then + there is no chance any file is owned by the user (boo#1216730). + +------------------------------------------------------------------- +Wed Nov 1 06:19:44 UTC 2023 - Alynx Zhou + +- Add avahi-CVE-2023-38470.patch: Ensure each label is at least one + byte long (bsc#1215947, CVE-2023-38470). + +------------------------------------------------------------------- +Thu Oct 26 08:33:36 UTC 2023 - Xiaoguang Wang + +- Add avahi-CVE-2023-38473.patch: derive alternative host name from + its unescaped version (bsc#1216419 CVE-2023-38473). + +------------------------------------------------------------------- +Wed Sep 20 08:51:09 UTC 2023 - Ludwig Nussel + +- Don't require sudo. There is no indication it's actually used for + anything. + +------------------------------------------------------------------- +Tue Apr 11 21:33:48 UTC 2023 - Bjørn Lie + +- Use ldconfig_scriptlets macro. + +------------------------------------------------------------------- +Tue Apr 11 21:00:12 UTC 2023 - Michael Gorse + +- Add avahi-CVE-2023-1981.patch: emit error if requested service + is not found (boo#1210328 CVE-2023-1981). + +------------------------------------------------------------------- +Mon Dec 19 12:16:12 UTC 2022 - Dominique Leuenberger + +- Drop %{_sysconfdir}/sysconfig/network/if-{up,down}.d scripts: + they are not used, or supported, in a while already. + +------------------------------------------------------------------- +Thu Dec 8 15:23:06 UTC 2022 - Thorsten Kukuk + +- Remove avahi-daemon-check-dns.sh, avahi-daemon-check-dns-suse.patch + and avahi-daemon.if-up + Doesn't work since about 9 years and will not be executed on a + fresh default installation anymore + +------------------------------------------------------------------- +Mon Dec 5 12:35:55 UTC 2022 - Johannes Segitz + +- Added hardening to systemd service(s) (bsc#1181400). Added patch(es): + * harden_avahi-daemon.service.patch + * harden_avahi-dnsconfd.service.patch + +------------------------------------------------------------------- +Sun Sep 4 12:19:08 UTC 2022 - Andreas Stieger + +- avahi-daemon-check-dns.sh: convert obsolete egrep call to grep -E + (boo#1203092) + +------------------------------------------------------------------- +Sat Jul 9 12:30:21 UTC 2022 - Callum Farmer + +- Move the dbus-1 system.d file to /usr (bsc#1201345) + +------------------------------------------------------------------- +Fri Apr 15 08:34:35 UTC 2022 - Jan Engelhardt + +- Stop requiring "avahi" from "libavahi-devel". The devel package + ought to facilitate building programs with avahi, not run the + whole deamon. + +------------------------------------------------------------------- +Wed Feb 23 11:13:07 UTC 2022 - Dirk Müller + +- switch to use _multibuild +- delete _avahi_spec-prepare.sh, pre_checkin.sh: obsolete +- use https urls + +------------------------------------------------------------------- +Thu Feb 17 00:03:22 UTC 2022 - Dirk Müller + +- remove avahi-mono* subspecfiles, they are no longer required + by anything. this makes the spec file slightly more readable. + +------------------------------------------------------------------- +Wed Feb 16 18:26:01 UTC 2022 - Michael Gorse + +- Replace avahi-0.6.31-systemd-order.patch with + avahi-add-resolv-conf-to-inotify.patch: re-read configuration + when resolv.conf changes, per discussion on the bug + (boo#1194561). + +------------------------------------------------------------------- +Fri Jan 21 13:05:58 UTC 2022 - Callum Farmer + +- Change to systemd-sysusers + +------------------------------------------------------------------- +Mon Jan 17 17:12:07 UTC 2022 - Michael Gorse + +- Reinstate avahi-0.6.31-systemd-order.patch (boo#1194561). + This can probably go away if/when gh#lathiat/avahi#118 is fixed. +- Drop avahi-0.6.32-suppress-resolv-conf-warning.patch: we should + no longer need this given the above patch. +- Add several patches from git: + 0001-man-fix-reference-to-avahi-autoipd.action-8-in-avahi.patch + 0005-avahi-dnsconfd.service-Drop-Also-avahi-daemon.socket.patch + 0006-man-add-missing-bshell.1-symlink.patch + 0007-Ship-avahi-discover-1-bssh-1-and-bvnc-1-also-for-GTK.patch + 0009-fix-bytestring-decoding-for-proper-display.patch 0010-avahi_dns_packet_consume_uint32-fix-potential-undefi.patch +- Build manpages with xmltoman. Currently needed for bssh. +- Minor spec file clean-up. +- Require python-rpm-macros for all builds (boo#1194744 boo#1194745). + +------------------------------------------------------------------- +Wed Jan 12 14:33:21 UTC 2022 - Michael Gorse + +- Move sftp-ssh and ssh services to the doc directory. They allow + a host's up/down status to be easily discovered and should not + be enabled by default (boo#1179060). + +------------------------------------------------------------------- +Mon Oct 25 13:20:49 UTC 2021 - Yifan Jiang + +- Change %python38_version_nodots to %suse_version which is + compatible with Leap and SLE. See also: + + https://github.com/openSUSE/python-rpm-macros/issues/107 + +------------------------------------------------------------------- +Tue Oct 19 07:32:49 UTC 2021 - Dominique Leuenberger + +- Add rpmlintrc: Filter shlib-policy-name-error for libdns_sd + (boo#1191750). + +------------------------------------------------------------------- +Thu Sep 16 01:21:50 UTC 2021 - Stanislav Brabec + +- Remove obsolete translation-update-upstream support + (jsc#SLE-21105). + +------------------------------------------------------------------- +Mon Aug 2 08:32:59 UTC 2021 - Yifan Jiang + +- Obsolete the same version of mDNSResponder-lib and mDNSResponder + in baselib.conf and spec. + +------------------------------------------------------------------- +Fri Jul 2 17:40:20 UTC 2021 - Michael Gorse + +- Add avahi-CVE-2021-3502.patch: fix NULL pointer crashes + (boo#1184846 CVE-2021-3502). + +------------------------------------------------------------------- +Wed Jun 2 09:37:12 UTC 2021 - Christophe Giboudeaux + +- Fix libavahi-devel requirements. The devel package installs + libavahi-libevent.so but didn't require the library it's + pointing to. + +------------------------------------------------------------------- +Tue Apr 20 16:17:54 UTC 2021 - Michael Gorse + +- Add avahi-CVE-2021-3468.patch: avoid infinite loop by handling + HUP event in client_work (boo#1184521 CVE-2021-3468). + https://github.com/lathiat/avahi/pull/330 + +------------------------------------------------------------------- +Tue Feb 16 22:37:35 UTC 2021 - Michael Gorse + +- Update avahi-daemon-check-dns.sh from Debian. Our previous + version relied on ifconfig, route, and init.d. +- Rebase avahi-daemon-check-dns-suse.patch, and drop privileges + when invoking avahi-daemon-check-dns.sh (boo#1180827 + CVE-2021-26720). +- Add sudo to requires: used to drop privileges. + + +------------------------------------------------------------------- +Wed Feb 10 20:09:43 UTC 2021 - Jan Engelhardt + +- Drop configure --libexecdir variable as it does not appear + to be used by the source archive. + +------------------------------------------------------------------- +Sun Jan 31 23:54:15 UTC 2021 - Ben Greiner + +- Build python bindings subpackages for all flavors + * use the python-rpm-macros singlespec system: The macro + %python_subpackages together with %python_subpackage_only + creates the pythonXY-avahi bindings package for all python + flavors on Tumbleweed (currently python36, python38) + * Put the avahi-bookmarks command under updates-alternatives + control to avoid package conflicts between flavors + * outside of build_core, the build continues to use but not + install everything in the primary python3 flavor. + * For distros without multiple python3 flavors and/or older + python-rpm-macros, the status quo is unchanged. + +------------------------------------------------------------------- +Wed Sep 2 10:11:46 UTC 2020 - Antonio Larrosa + +- Use sover variables all over the spec file + +------------------------------------------------------------------- +Mon Aug 31 10:21:27 UTC 2020 - Antonio Larrosa + +- Update to version 0.8: + + The Avahi 0.8 release brings a number of new features and bug + fix changes including a backward-compatible addition to the + D-Bus API and the avahi-core API. + + The existing API is still fully supported however clients + using the new API will not work with older Avahi releases. + The avahi-client library is not affected. See the "API Changes" + section for further details. + + New Features: + - New options for filtering reflected queries between networks + (reflect-filter) + - New mainloop integration for Qt5 and libevent + - docs/THREADS: Information for multi-threaded avahi-client + apps + - Listen on loopback interfaces by default, allowing local-only + services to be consumed by the local machine + - New D-Bus V2 API and additions to the avahi-core API for + splitting "New" calls into "Prepare" and "Start". See "API + Changes" for more details. + + Notable Changes: + - avahi-autoipd: Initial IP selection based on MAC previously + ignored first octet - this will cause all hosts to select a + different link-local IP than previous versions based on the + same MAC address + - avahi-daemon: Delay sending results on an object for 10ms in + an attempt to give clients enough time to subscribe to + signals from the new object after receiving it's path in + response so the New call. See "API Changes" for more info + + Bug Fixes: + - avahi-python: Various Python 3 enhancements including + encoding unicode strings as UTF-8 + - avahi-common: avahi_string_list_to_string will now escape + embedded quotes, backslashes and control characters. + - avahi-daemon: Fix a crash when txt records have an empty + value in .xml service files + - avahi-daemon: reflector: do not incorrectly cache responses + on outgoing interfaces. Previously we would incorrectly cache + responses reflected from one interface on the outgoing + interface. These responses were later sent to clients on that + network even if the original client had disappeared and could + cause those clients to have a hostname conflict with + themselves on restart. We no longer incorrectly cache such + traffic. + + Security Fixes: + - Drop legacy unicast queries from address not on local link + which can lead to UDP traffic amplification attacks + (CVE-2017-6519) + + API Changes: The avahi-core API and D-Bus API have implemented + a new API where a call to the "New" method can now be split + into a "Prepare" and then "Start" method for some objects. The + previous "New" API is still fully supported and there is no + intention to deprecate it. + This change affects the the following objects: + AsyncAddressResolver, AsyncHostNameResolver, + AsyncServiceResolver, DomainBrowser, RecordBrowser, + ServiceBrowser, ServiceTypeBrowser + This is because the D-Bus implementation in some languages + would only bind to signals of an object after it was created + and had received the new object's path. This led to such + languages missing the initial results sent between the time the + object was created and it had setup a filter to receive it's + signals. + This primarily occured in languages that create dynamic + bindings for D-Bus objects using introspection such as Python. + The avahi-client C api was not affected as it globally binds to + all avahi signals without specifying individual object paths + and still makes use of the V1 API. + The v2 Prepare/Start API is available under the new + org.freedesktop.Avahi.Server2 D-Bus interface and also has + corresponding avahi_s_* calls for users of the embedded + avahi-core library. + The old org.freedesktop.Avahi.Server interface is still + supported and there is no intention to remove this API. + Additionally this problem has also been solved for old clients + by adding a very small 10ms delay before we start sending + results to give the client time to bind to the signals which + should silently fix the issue in most cases without introducing + a noticable or impactful delay. + Clients implementing the new org.freedesktop.Avahi.Server2 + D-Bus interface will not work with older Avahi daemons. It is + suggested that clients may wish to either check for and + fallback to the older API version, or continue to use the OLD + API and rely on the 10ms timer to resolve the issue. + - This release is backwards compatible with Avahi 0.6.x and 0.7. +- Add qt5 bindings in a separate package +- Add patch to add IT_PROG_INTLTOOL to configure.ac so intltoolize + can be used: + * add-IT_PROG_INTLTOOL.patch +- Add file missing from the tarball: + * build-db +- Rebase patch: + * avahi-desktop.patch +- Drop patches already included by upstream: + * avahi-0.7-dbm.patch + * avahi-0.7-encode-strings-as-utf8.patch + * avahi-0.7-python3-bookmarks.patch + * CVE-2018-1000845.patch + +------------------------------------------------------------------- +Thu Aug 6 07:59:00 UTC 2020 - Jan Engelhardt + +- Skip the xargs dance and just use find directly. + +------------------------------------------------------------------- +Fri Jul 31 16:22:16 UTC 2020 - Michael Gorse + +- Pass -print0 to find, to match -r0 being passed to xargs. + +------------------------------------------------------------------- +Thu Jul 30 10:06:28 UTC 2020 - Dominique Leuenberger + +- Call xargs -r0 instead of just xargs -r: guard against file names + with whitespaces. + +------------------------------------------------------------------- +Tue Jul 21 21:39:05 UTC 2020 - Michael Gorse + +- When changing ownership of /var/lib/autoipd, only change + ownership of files owned by avahi, to mitigate against + possible exploits (bsc#1154063). + +------------------------------------------------------------------- +Wed Apr 8 11:51:58 UTC 2020 - Tomáš Chvátal + +- Do not pull in dbus-1-python which is py2 variant but properly + pull in the python3 package + +------------------------------------------------------------------- +Sun Feb 2 08:22:41 UTC 2020 - Thorsten Kukuk + +- Require shadow instead of pwdutils: pwdutils has been absorbed + and replaced by shadow long ago. + +------------------------------------------------------------------- +Sat Jan 25 14:11:21 UTC 2020 - Dominique Leuenberger + +- No longer recommend -lang: supplements are in use. + +------------------------------------------------------------------- +Wed Jan 8 10:17:28 UTC 2020 - Martin Liška + +- Use %make_build. + +------------------------------------------------------------------- +Thu Aug 22 20:40:18 UTC 2019 - Jan Engelhardt + +- Trim descriptions of secondary packages. + +------------------------------------------------------------------- +Mon Aug 12 17:29:45 UTC 2019 - Bjørn Lie + +- Drop gtk2-devel and python-gtk-devel BuildRequires: No longer + build gtk2 support. Following this, pass --disable-gtk to + configure. Drop sub-package libavahi-ui0, no longer built. +- Drop long disabled sub-packages libavahi-qt4-1 and + libavahi-qt4-devel. + +------------------------------------------------------------------- +Fri Jul 5 12:22:21 UTC 2019 - matthias.gerstner@suse.com + +- removal of SuSEfirewall2 service, since SuSEfirewall2 has been replaced by + firewalld, see [1]. + + [1]: https://lists.opensuse.org/opensuse-factory/2019-01/msg00490.html + +------------------------------------------------------------------- +Wed Apr 17 12:36:40 UTC 2019 - Dominique Leuenberger + +- Drop -Qt4 variant: Qt4 is EOL. + +------------------------------------------------------------------- +Sun Mar 17 09:47:52 UTC 2019 - Jan Engelhardt + +- Remove %if..%endif guards that do not affect the build result. +- Write "D-BUS" per its own name, "D-Bus". +- Replace FIXME PreReq with proper requires as needed. +- Update boilerplate summaries, and remove em dash grammar. + +------------------------------------------------------------------- +Fri Jan 4 00:40:38 UTC 2019 - mgorse@suse.com + +- Replace avahi-0.7-python3.patch with avahi-0.7-dbm.patch: use + what is upstream (boo#1110668). +- Add avahi-0.7-encode-strings-as-utf8.patch: encode strings as + UTF-8 (boo#1110668). +- Add avahi-0.7-python3-bookmarks.patch: make bookmarks python 3 + compatible (boo#1110668). +- Add CVE-2018-1000845.patch: drop legacy unicast queries from + address not on local link (boo#1120281 CVE-2018-1000845). +- Drop avahi-0.6.31-invalid-packet.patch: fixed upstream. + +------------------------------------------------------------------- +Thu Mar 22 12:50:43 UTC 2018 - tchvatal@suse.com + +- Drop the qt3 parts + +------------------------------------------------------------------- +Wed Mar 14 02:09:53 UTC 2018 - mgorse@suse.com + +- Add avahi-0.7-python3.patch: Port to python 3 (bsc#1076402). +- Build python bindings against python 3, rather than python 2; +- Python-avahi is now python3-avahi, and python-avahi-gtk is now + python3-avahi-gtk +- Obsolete the python 2 packages +- Replace python_sitelib with python3_sitelib in %files, and add + __pycache__. + +------------------------------------------------------------------- +Sat Mar 10 08:39:00 UTC 2018 - jengelh@inai.de + +- Rename %*soname to %*sover to better reflect its use. + +------------------------------------------------------------------- +Tue Mar 6 16:57:37 UTC 2018 - dimstar@opensuse.org + +- Modernize spec file by calling spec-cleaner + +------------------------------------------------------------------- +Mon Feb 19 15:19:41 UTC 2018 - dimstar@opensuse.org + +- Use SPDX3.0 license tags and package COPYING as %license. + +------------------------------------------------------------------- +Wed Nov 29 15:44:31 UTC 2017 - zaitor@opensuse.org + +- Update to version 0.7: + + The Avahi 0.7 release brings two new features, binary TXT + records in XML service files and the ability to start the + gobject client in a custom context. + + New Features: + - Add support for binary values in TXT records in XML service + files by specifying + value-format="text|binary-hex|binary-base64". If not + specified, defaults to the normal value of "text" (thus + backwards compatible). + - avahi-gobject: Allow starting the client in a custom + GMainContext by passing context to ga_client_start_in_context + instead of ga_client_start (avahi-gobject minor version has + been incremented). + + Notable Changes: + - avahi-daemon: Remove all default rlimits from + avahi-daemon.conf, as two main problems happened with firstly + rlimit-nproc causing avahi to fail when started in a + container without user namespaces and secondly because memory + rlimits were causing avahi to crash in some cases. Leave it + up to the init system to impose any modified limits instead. + It is recommend to ship this change in distribution default + config files. + - avahi-common: Fix watch cleanup issue in watch_free + - avahi-discover (python): Updated for Python3 & GTK3 + - avahi-autoipd: + . Clear previously set address before binding a new one. + . Fix dhclient hooks to check for avahi-autoipd before + running. + - build: Move default rundir from /var/run to /run as per + modern system setups. + + Other Changes: + - build: + . Fix the printed value of "Building libavahi-client" in + ./configure. + . autogen.sh improved to work when called from another + directory. + . Fix warnings when compiling against musl libc. + - avahi-compat-libdns_sd: Fix incorrect URL in warnings. + - service-type-database: Add new service Types: _ipps._tcp, + _xpra._tcp. + - avahi-dnsconfd: Update manpage with the correct action script + name. + - avahi-gobject: + . Use the correct shared library name in AvahiCore-0.6.gir + . Fix build failing under some locales. + - avahi-common/dbus-watch-glue.c: remove Unneeded semicolon. + - Update gentoo init scripts for newer openrc version. + + Updated translations. +- Drop avahi-empty-share-dir.patch, avahi-gir-fixup.patch, + avahi-move-everything-to-run.patch and avahi-outdated-URL.patch: + Fixed upstream. +- Drop systemd_requires macro: on a machine managed by systemd, we + don't have to require it. If the machine/container is not managed + by systemd, we don't want to require it. +- Add pkgconfig(pygobject-3.0) BuildRequires: New dependency. + +------------------------------------------------------------------- +Thu Nov 23 13:37:18 UTC 2017 - rbrown@suse.com + +- Replace references to /var/adm/fillup-templates with new + %_fillupdir macro (boo#1069468) + +------------------------------------------------------------------- +Thu Jun 1 08:37:54 UTC 2017 - jengelh@inai.de + +- Do not suppress errors from avahi-autoipd user creation, but do + suppress getent output. +- Replace $RPM_* shell vars by macros. + +------------------------------------------------------------------- +Tue May 30 13:22:45 UTC 2017 - dimstar@opensuse.org + +- Modify user generation (boo#1010384): + + Use getent to check for existing users/groups, only creating + them if not found. + + Do not hide output of groupadd/useradd. + + Do not mask failures: if a user can't be added, we have a + problem. + +------------------------------------------------------------------- +Wed Feb 15 17:58:46 UTC 2017 - dimstar@opensuse.org + +- Drop %insserv_cleanup scriptlets: it's been a while that avahi + did not install any sysV init scripts anymore. +- Simplify avahi_spec-prepare.sh: OBS is well able to handle macros + in package names by now. +- Drop conditions to only handle systemd services on openSUSE > + 12.1; it's been long that we did not ship the sysv scripts + anymore and openSUSE 12.1 is long EOL. + +------------------------------------------------------------------- +Mon Jul 11 18:31:35 UTC 2016 - mgorse@suse.com + +- Replace avahi-0.6.31-systemd-order.patch with + avahi-0.6.32-suppress-resolv-conf-warning.patch: only warn + on missing resolv.conf if the options that use it are enabled. + https://github.com/lathiat/avahi/pull/63 + +------------------------------------------------------------------- +Thu Jun 23 18:45:13 UTC 2016 - dimstar@opensuse.org + +- Update to version 0.6.32: + + Don't log warnings about invalid packets, commonly triggered by + Windows 10 systems. + + Fix issue with bad packet size estimation, causing probes to + continuously be sent when hosting large numbers of services. + + Fix build on Solaris/SmartOS (filio.h issue). + + Fix build on FreeBSD (PCAP_D_IN issue). + + Fix debug output with libdaemon >= 0.14. + + avahi_server_set_browse_domains now correctly uses the provided + list, instead of re-using the list from the configuration file. + + Set nl_pid to 0, this will automatically assign the value and + prevent conflicts per netlink(7). (Bug #334). + + Check for netlink pid=0 (kernel) instead of uid=0, which works + correctly with network & user namespaces. + + Fix reversed IFA_LOCAL and IFA_ADDRESS checks (Avahi#355). + + Don't fail the build on deprecated GTK/GLIB usage. + + Gracefully fail if SO_REUSEPORT is not available. + + Minor Python 3 update for the python ServiceTypeDatabase test + usage of print, should be backwards compatible. + + avahi-autoipd: Fix incorrect usage of IFLA_RTA instead of + IFA_RTA which could crash on ARM (Closes: gh#lathiat/avahi#42). +- Drop upstream fixed patches: + + avahi-unicastdomains.patch + + avahi-gtk_box_new.patch + + avahi-fix-mkdir.diff + + avahi-enable-ipv6.patch + + avahi-reserve-space-for-record-data-when-size-e.patch +- Rebase avahi-0.6.31-invalid-packet.patch. + +------------------------------------------------------------------- +Thu Jun 23 18:45:12 UTC 2016 - mgorse@suse.com + +- Add avahi-0.6.31-systemd-order.patch: start after NM/wicked, to + ensure resolv.conf is present (bsc#982317, gh#lathiat/avahi#59). + +------------------------------------------------------------------- +Fri May 20 10:07:48 UTC 2016 - alarrosa@suse.com + +- Update to GNOME 3.20.2 (Fate#318572) +- Added License field in spec file. + +------------------------------------------------------------------- +Thu Apr 14 13:23:21 UTC 2016 - mgorse@suse.com + +- Update to GNOME 3.20 Fate#318572 + +------------------------------------------------------------------- +Mon Jan 25 13:58:10 UTC 2016 - dimstar@opensuse.org + +- No longer install sysv services: the systemd services have been + installed for a long time already and are masking the sysv + scripts; those scripts existance only add confusion (boo#959908). + +------------------------------------------------------------------- +Mon Oct 19 09:24:58 UTC 2015 - zaitor@opensuse.org + +- Temp disable 2 old Conflicts that are breaking staging. These can + back in once there is a new release of avahi. + +------------------------------------------------------------------- +Thu Oct 8 14:42:24 UTC 2015 - mgorse@suse.com + +- Add avahi-0.6.31-invalid-packet.patch: do not spam logs for + invalid packets (boo#947140 bsc#948277). + +------------------------------------------------------------------- +Wed Aug 19 13:59:10 UTC 2015 - dimstar@opensuse.org + +- Sync up the multiple .spec files. + +------------------------------------------------------------------- +Thu Jan 22 15:51:33 UTC 2015 - dimstar@opensuse.org + +- Add avahi-outdated-URL.patch: Do not redirect users to + , which no + longer exists, but bring them to the more generic blog entry + http://0pointer.de/blog/projects/avahi-compat.html (boo#914298). + +------------------------------------------------------------------- +Sat Apr 26 20:06:15 UTC 2014 - dmueller@suse.com + +- Do not depend on gnome-icon-theme: + + the network-wired icon is meanwhile available in faenza, gnome, + mate, nimbus oxygen and tango icon theme. + + the dependency causes avahi depending on gtk3, which causes a + build loop with gtk2. + + the avahi-desktop.patch causes these desktop files to be only + shown in GTK based desktops, which have any of those icon + themes available. + +------------------------------------------------------------------- +Tue Apr 15 15:55:46 UTC 2014 - aj@suse.com + +- We've moved everything to /run, adjust file list as well. + +------------------------------------------------------------------- +Thu Feb 27 18:12:43 UTC 2014 - mt@suse.com + +- Do not start unconditionally / by default under sysconfig as + it breaks vlan,bridge,bonding setups (bnc#853845, bnc#851953). + +------------------------------------------------------------------- +Wed Sep 25 17:26:26 UTC 2013 - dimstar@opensuse.org + +- Sanitize scrtiplet requirements (bnc#839520): + + Add shadow Requires(pre) for useradd and groupadd. + + Add coreutils Requires(post) for chown. + +------------------------------------------------------------------- +Sat Sep 21 14:30:30 UTC 2013 - dimstar@opensuse.org + +- Change RPM Group of shared library package to System/Libraries. +- Run pre_checkin.sh to sync .spec files. + +------------------------------------------------------------------- +Wed Aug 21 21:53:19 UTC 2013 - mgorse@suse.com + +- Fix hang when registering with large numbers of service files + (bnc#835984, avahi-reserve-space-for-record-data-when-size-e.patch). + +------------------------------------------------------------------- +Mon Feb 4 16:59:54 CET 2013 - sbrabec@suse.cz + +- Automatically disable avahi on networks with unicast .local + domain (bnc#431704, avahi-daemon-check-dns-suse.sh, + avahi-daemon-check-dns-suse.patch). +- Split avahi-autoipd into a separate package (bnc#431704#c6, + avahi-autoipd.if-up, avahi-autoipd.if-down, + avahi-autoipd.README.SUSE). +- Use dedicated UID and GID for avahi-autoipd. +- Added sysconfig to fine tune behavior. +- Remove no more needed gnome-nettool2.png. +- Fix paths in man pages (sed script). +- Update avahi-discover.desktop to fit Desktop Menu Specification + better (avahi#365, fdo#49699, avahi-desktop.patch). +- Move service-types.db to the main package. It is requires by + python-avahi and avahi-utils. + +------------------------------------------------------------------- +Mon Jan 28 10:01:28 UTC 2013 - rmilasan@suse.com + +- Add avahi-move-everything-to-run.patch: move everything + (socket and pid files) to /run. + +------------------------------------------------------------------- +Wed Nov 14 09:05:25 UTC 2012 - dimstar@opensuse.org + +- Fix useradd invocation: -o is useless without -u and newer + versions of pwdutils/shadowutils fail on this now. + +------------------------------------------------------------------- +Tue Oct 16 11:37:56 UTC 2012 - coolo@suse.com + +- Replace systemd-devel BuildRequires with pkgconfig(systemd) + to prefer the -mini package, avoiding build cycles. + +------------------------------------------------------------------- +Wed Oct 3 15:20:32 UTC 2012 - schwab@linux-m68k.org + +- Mark /etc/avahi/hosts as %config(noreplace) + +------------------------------------------------------------------- +Wed Jul 11 14:40:22 CEST 2012 - vuntz@opensuse.org + +- Add avahi-enable-ipv6.patch: enable IPv6 by default. Fix + bnc#710230. + +------------------------------------------------------------------- +Sun Jul 1 20:38:09 UTC 2012 - coolo@suse.com + +- Add avahi-fix-mkdir.diff: fix build with automake 1.12.1, which + removed AM_PROG_MKDIR_P, which is deprecated for a long time. + +------------------------------------------------------------------- +Mon Feb 27 13:34:33 UTC 2012 - vuntz@opensuse.org + +- Stop passing --with-systemdsystemunitdir to configure: we'll just + use the right default value, which should be %{_unitdir}. +- Change systemd BuildRequires to systemd-devel since this is + needed to get that default value in configure. + +------------------------------------------------------------------- +Wed Feb 15 09:15:34 UTC 2012 - vuntz@opensuse.org + +- Update to version 0.6.31: + + Add Mumble to service type database + + systemd: syslog.target is not longer useful + + Compatibility with newer automake +- Rebase avahi-empty-share-dir.patch. +- Move dbus xml interface files from devel subpackage to main + subpackage: those files are needed at runtime. + +------------------------------------------------------------------- +Thu Dec 8 17:16:31 UTC 2011 - dimstar@opensuse.org + +- Add avahi-gir-fixup.patch: Change the gir/typelib dependency to + be correctly libavahi-core.so.7 instead of avahi-core. + +------------------------------------------------------------------- +Wed Dec 7 10:52:27 UTC 2011 - dimstar@opensuse.org + +- Split the typelib files in typelib-1_0-Avahi-0_6 subpackage. +- Add typelib-1_0-Avahi-0_6 Requires to libavahi-glib-devel + subpackage. + +------------------------------------------------------------------- +Sun Dec 4 13:40:54 UTC 2011 - dimstar@opensuse.org + +- Change libtool BuildRequires to be unconditional: it is needed to + build all submodules as well. +- Change License tag to spdx identifier (LGPL-2.1+) and remove + duplicate mentions of the License tag. + +------------------------------------------------------------------- +Mon Oct 10 08:44:41 UTC 2011 - fcrozat@suse.com + +- Use systemd macros for 12.1 + +------------------------------------------------------------------- +Fri Sep 30 20:07:44 UTC 2011 - coolo@suse.com + +- add libtool as buildrequire to make the spec file more reliable + +------------------------------------------------------------------- +Sat Sep 17 13:52:05 UTC 2011 - jengelh@medozas.de + +- Remove redundant tags/sections from specfile +- Use %_smp_mflags for parallel build + +------------------------------------------------------------------- +Sat Jul 2 12:18:24 UTC 2011 - dimstar@opensuse.org + +- Add avahi-gtk_box_new.patch: do not used deprecated + gtk_[hv]box_new function anymore; this fixes build of + avahi-glib2. + +------------------------------------------------------------------- +Wed May 18 20:37:41 CEST 2011 - dimstar@opensuse.org + +- Update to version 0.6.30: + + Make IPv6 work again + + Minor other updates + + Updated translations +- Changes from version 0.6.29: + + Updates regarding systemd integration + + Compatibility with newer gtk3 and gobject introspection + + Fix CVE-2011-1002, fixing the fix for CVE-2010-2244 + + Minor other updates + + Updated translations +- Drop patches fixed upstream: + + avahi-init-lsb.patch + + avahi-init-dnsconfd-fix-status.patch + + avahi-fix-howl.pc.patch + + avahi-null-packet-infinite-loop.patch + +------------------------------------------------------------------- +Fri Feb 25 09:56:01 UTC 2011 - fcrozat@novell.com + +- Enable gtk3 support: + + Add gtk3-devel BuildRequires for avahi-glib2. + + Add libavahi-ui-gtk3-0 subpackage. + + Pass --enable-gtk3 instead of --disable-gtk3 to configure in + avahi-glib2. +- Remove explicit Requires of glib2-devel and gtk2-devel in + libavahi-glib-devel: they will automatically be added the + pkgconfig() way. +- Use sysconfig PreReq instead of sysvinit(network) on 11.3 and + earlier. + +------------------------------------------------------------------- +Thu Feb 17 15:38:40 CET 2011 - vuntz@opensuse.org + +- Add avahi-null-packet-infinite-loop.patch: fix an infinite loop + eating CPU when receiving corrupted/null packets. Fix bnc#671797. + +------------------------------------------------------------------- +Sun Feb 13 13:48:53 CET 2011 - vuntz@opensuse.org + +- Call relevant macros in %post/%postun: + + %desktop_database_post/postun because the package ships at + least one desktop file. +- Pass %{?no_lang_C} to %find_lang so that english documentation + can be packaged with the program, and not in the lang subpackage. + +------------------------------------------------------------------- +Tue Dec 7 21:18:09 UTC 2010 - coolo@novell.com + +- prereq init script network + +------------------------------------------------------------------- +Wed Oct 13 16:43:18 CEST 2010 - vuntz@opensuse.org + +- Add avahi-init-dnsconfd-fix-status.patch to make avahi-dnsconfd + init script report unused instead of dead in status when it's + unused. + +------------------------------------------------------------------- +Tue Oct 5 10:52:15 CEST 2010 - vuntz@opensuse.org + +- Update to version 0.6.28: + + Updates regarding systemd integration + + Properly avoid bus activation on non-systemd systems + + Compatibility with newer gtk3 and gobject introspection + + i18n updates + + Minor other updates +- Drop avahi-gobject-introspection-1.2.patch: fixed upstream. + +------------------------------------------------------------------- +Wed Sep 29 02:11:18 UTC 2010 - aj@suse.de + +- Change lang package Requires to Recommends since it is not + mandatory at runtime. + +------------------------------------------------------------------- +Sat Sep 18 17:29:54 CEST 2010 - vuntz@opensuse.org + +- Rename avahi-gobject-introspection-1.1.patch to + avahi-gobject-introspection-1.2.patch and update it to the 1.2 + format. + +------------------------------------------------------------------- +Wed Sep 1 13:23:37 CEST 2010 - vuntz@opensuse.org + +- Update to version 0.6.27: + + Various systemd fixes. + + Daemon: + - make sure we never choke on SIGPIPE + - return successful error code when we ran successfully + - reset signals on initialization + - unblock all signals by default + + Update libavahi-client so that it can deal with auto-activated + avahi daemons + + Bump soname + + Build fix when gtk3 is not installed. + + i18n updates +- Changes from version 0.6.26: + + Fix CVE-2010-2244 + + Support for Gtk+ 3 and Gtk+ Introspection + + Native systemd socket activation support + + Add systemd service files + + Add various resource control options, for traffic rate limiting + as well as cache size and D-Bus client object limits. + + i18n updates + + Minor other updates +- Rename libavahi-core6 to libavahi-core7, to follow library soname + bump. +- Rebase avahi-gacdir.patch. +- Add avahi-gobject-introspection-1.1.patch to set format of gir + file to 1.1. +- Add avahi-fix-howl.pc.patch to fix generation of howl.pc. +- Drop avahi-0.6.25-fixcrash.patch: fixed upstream. +- Drop avahi-init_unused-not-dead.patch: fixed upstream. +- Add gobject-introspection-devel BuildRequires for the glib2 + build, to get introspection support. +- Remove libglade2-devel BuildRequires. +- Remove avahi-utils-gtk <= 0.6.22 Conflicts, since the file for + which we added the Conflicts doesn't exist anymore. +- Pass --disable-gtk3 to configure since we don't want gtk3 support + right now. +- Pass --with-systemdsystemunitdir=/lib/systemd/system to + configure. Thanks Kay! + +------------------------------------------------------------------- +Mon Jun 21 12:04:15 UTC 2010 - lnussel@suse.de + +- also check ipv6 case in avahi-0.6.25-fixcrash.patch + +------------------------------------------------------------------- +Wed Jun 16 11:19:57 UTC 2010 - lnussel@suse.de + +- Add avahi-0.6.25-fixcrash.patch: avoid crash due to assertion + when receiving corrupt packets. + +------------------------------------------------------------------- +Sat May 1 01:54:24 UTC 2010 - aj@suse.de + +- Handle /var/run on tmpfs. +- Avoid self-obsoletes. + +------------------------------------------------------------------- +Mon Mar 15 17:10:10 CET 2010 - sbrabec@suse.cz + +- Do not force start avahi daemon on update (bnc#588367). +- Added support for translation-update-upstream (FATE#301344). + +------------------------------------------------------------------- +Tue Dec 15 22:09:00 CET 2009 - jengelh@medozas.de + +- Add baselibs.conf as a source + +------------------------------------------------------------------- +Tue Nov 3 19:11:57 UTC 2009 - coolo@novell.com + +- updated patches to apply with fuzz=0 + +------------------------------------------------------------------- +Wed Oct 7 21:36:26 CEST 2009 - dimstar@opensuse.org + +- Add avahi-init_unused-not-dead.patch, init scripts report + service dead instead of unused after a stop (bnc#329708). + +------------------------------------------------------------------- +Thu Aug 13 19:11:24 CEST 2009 - vuntz@novell.com + +- Tweak the use of new python macros. + +------------------------------------------------------------------- +Mon Aug 10 13:16:55 CEST 2009 - coolo@novell.com + +- fix generation of sub-spec files by using update_spec.pl + +------------------------------------------------------------------- +Sun Aug 9 12:29:11 CEST 2009 - coolo@novell.com + +- use new python macros + +------------------------------------------------------------------- +Thu May 28 18:45:06 CEST 2009 - vuntz@novell.com + +- Remove perl-XML-Parser BuildRequires. + +------------------------------------------------------------------- +Thu Apr 16 23:20:25 CEST 2009 - vuntz@novell.com + +- Update to version 0.6.25: + + Use send_destination for DBus rule + + Make .desktop files pass desktop-file-validate + + CVE-2009-0758: Reflector creates packet storm on legacy unicast + traffic + + Build system fixes. + + Updated translations. +- Respin avahi-desktop.patch. +- Drop bnc_459007.patch: fixed upstream. + +------------------------------------------------------------------- +Mon Feb 2 01:26:26 CET 2009 - vuntz@novell.com + +- Call %suse_update_desktop_file on bssh and bvnc. + +------------------------------------------------------------------- +Sun Feb 1 23:36:41 CET 2009 - vuntz@novell.com + +- Update avahi-desktop.patch to not add X-SuSE-translate=true in + .desktop files. + +------------------------------------------------------------------- +Fri Jan 16 12:01:12 CET 2009 - ro@suse.de + +- readd libavahi-common.la, breaks > 100 packages if done this way + +------------------------------------------------------------------- +Wed Jan 14 14:17:05 CET 2009 - sbrabec@suse.cz + +- avahi-glib2-utils-gtk renamed back to its correct name + avahi-utils-gtk (bnc#456418). +- Removed pointless libtool .la file. + +------------------------------------------------------------------- +Tue Jan 13 12:34:56 CET 2009 - olh@suse.de + +- obsolete old -XXbit packages (bnc#437293) + +------------------------------------------------------------------- +Tue Jan 6 12:57:35 EST 2009 - mboman@suse.de + +- Update to version 0.6.24: + + A huge number of bug fixes, including a security relavant one + (low risk) + + Add two new configuration directives "allow-interfaces" and + "deny-interfaces" which can be used to make Avahi ignore certain + network interfaces or only use certain network interfaces + + Translation updates +- Remove avahi-man-selection.patch. Fixed upstream +- Remove avahi-no-gtk-no-interfaces.patch. Fixed upstream. +- Remove avahi-bookmarks-no-pygtk.patch. Fixed upstream +- Remove avahi-no-gtk-python.patch. Fixed upstream +- Remove avahi-allocsize.patch. Fixed upstream +- Remove avahi-dnsconfd-netconfig.patch. Fixed upstream + +------------------------------------------------------------------- +Wed Dec 17 09:10:32 CET 2008 - mauro@suse.de + +- Added bnc_459007.patch to fix bnc#459007 + + Fixes CVE-2008-5081 + +------------------------------------------------------------------- +Mon Dec 15 18:21:42 CET 2008 - sbrabec@suse.cz + +- avahi-discover.glade is required by avahi-utils-gtk and + python-avahi-gtk => move to avahi (bnc#456418). +- Upgrade protection for avahi-utils-gtk built as + avahi-glib2-utils-gtk (bnc#456418). + +------------------------------------------------------------------- +Mon Nov 24 15:22:14 CET 2008 - sbrabec@suse.cz + +- Removed dependency libavahi-common3 -> avahi (bnc#447101). + +------------------------------------------------------------------- +Thu Oct 23 11:36:59 CDT 2008 - maw@suse.de + +- Make debug packages require a specific %{version}-%{release}. + +------------------------------------------------------------------- +Fri Oct 17 15:28:25 CEST 2008 - lnussel@suse.de + +- use netconfig for avahi-dnsconfd (bnc#431240) +- disable avahi-dnsconfd by default (bnc#431240) +- remove 0pointer.de and zeroconf.org from default config (bnc#433359) +- fix indenting in init script (bnc#435506) + +------------------------------------------------------------------- +Fri Sep 12 10:09:45 CEST 2008 - aj@suse.de + +- Remove languages directory ownership, it's now part of filesystem. + +------------------------------------------------------------------- +Fri Sep 5 00:58:19 CEST 2008 - ro@suse.de + +- add Required-Stop to initscripts + +------------------------------------------------------------------- +Mon Sep 1 10:22:46 CEST 2008 - meissner@suse.de + +- Added GCC attribute alloc_size markup for allocator functions + +------------------------------------------------------------------- +Fri Jul 18 17:18:20 CEST 2008 - sbrabec@suse.cz + +- Build glib2, gobject and python stuff separately to break build + loop cups -> gtk2 -> avahi -> cups. +- Split avahi-python-gtk from avahi-python. +- Updated to version 0.6.23: + * A lot of translation updates + * Beef up bnvc quite a bit, including passing a domain to browse + in + * Increase numer of open files resource limit to 300 so that we + can deal with more clients simultaneously. + * Rework 'poof' algorithm a bit to reduce traffic load on noisy + links. + * Build fixes + * Minor other updates + * Backwards compatible with Avahi 0.6.x with x < 23. + +------------------------------------------------------------------- +Wed Jul 16 13:30:43 CEST 2008 - coolo@suse.de + +- don't build cycle between avahi and cups + +------------------------------------------------------------------- +Tue May 27 18:04:25 CEST 2008 - coolo@suse.de + +- fix baselibs config one more time + +------------------------------------------------------------------- +Sat May 17 20:12:20 CEST 2008 - coolo@suse.de + +- 10.2 had even more xxbit packages to be renamed + +------------------------------------------------------------------- +Sun May 11 11:49:29 CEST 2008 - coolo@suse.de + +- fix rename of xxbit packages + +------------------------------------------------------------------- +Tue Apr 29 17:01:55 CEST 2008 - cthiel@suse.de + +- obsolete avahi-, avahi-compat-mDNSResponder- and + avahi-glib- via baselibs.conf + +------------------------------------------------------------------- +Thu Apr 10 12:54:45 CEST 2008 - ro@suse.de + +- added baselibs.conf file to build xxbit packages + for multilib support + +------------------------------------------------------------------- +Tue Mar 11 16:18:47 CET 2008 - sbrabec@suse.cz + +- Fix build failure of avahi-mono. + +------------------------------------------------------------------- +Wed Mar 5 16:13:04 CET 2008 - sbrabec@suse.cz + +- Build Qt bindings in separate packages to shorten build path and + unneeded triggering for rebuild. +- Spec file rewritten to allow simple and fast build per partes. + +------------------------------------------------------------------- +Wed Jan 30 17:13:23 CET 2008 - sbrabec@suse.cz + +- Fixed init scripts (bnc#332964). + +------------------------------------------------------------------- +Mon Jan 21 15:08:05 CET 2008 - ro@suse.de + +- same for libavahi-glib1 and libavahi-ui0 + +------------------------------------------------------------------- +Sun Jan 20 19:14:33 CET 2008 - ro@suse.de + +- avahi-mono: buildreq libavahi-client3 (for mono-find-requires) + +------------------------------------------------------------------- +Wed Dec 19 16:33:02 CET 2007 - jpr@suse.de + +- Update to 0.6.22 + * i18n support + * Documentation and example code updates + * Support for registering the Avahi documentation in devhelp + (needs manual setup) + * Added a new component libavahi-gobject, which is a + GObjectified version of the Avahi API + * Major BSD compatibility improvements + * avahi-ui: Allow overwriting of pretty service name by the + application + * Service type database updates + * Add new option --parsable to avahi-browse + * Make avahi-autoipd actually produce correct ARP packets + * Add FreeBSD kqueue support for watching /etc/avahi/services + * Use search domain from /etc/resolv.conf as additional browse + domains. + * No longer return a conflict error when two local applications + register identical RRs. + * Properly find alternative service/host names for very long names + * DNS name compression fix (Sjoerd Simons) + * Fedora init script order fix + * Several fixes to make gcc produces less warnings + * Minor other updates +- Package avahi-discover-standalone in gtk-utils with its glade files + +------------------------------------------------------------------- +Sun Oct 21 14:20:02 CEST 2007 - coolo@suse.de + +- fix provides, obsoleting something another package provides creates + a conflict between them + +------------------------------------------------------------------- +Tue Oct 9 19:07:37 CEST 2007 - sbrabec@suse.cz + +- Rename packages according to shared library naming policy. +- Make devel packages binding specific to deliver correct + dependencies (#193817). +- Rename python package according to python package naming policy. +- Prepend library devel packages names by "lib". +- libavahi-ui moved to libavahi-glib to prevent depending of avahi + core on libglade2. +- Split commands line utilities and GTK+ UI utilities to separate + packages to not force them for daemon or Qt binding users. + +------------------------------------------------------------------- +Wed Sep 5 23:22:37 CEST 2007 - maw@suse.de + +- Move %{_datadir}/pixmaps/gnome-nettool2.png from the python + subpackage to the base package (#299566). + +------------------------------------------------------------------- +Wed Sep 5 12:44:12 CEST 2007 - sbrabec@suse.cz + +- Start avahi by default (#298872). +- Handle avahi-bookmarks daemon in scriptlets. + +------------------------------------------------------------------- +Tue Aug 7 18:31:53 CEST 2007 - maw@suse.de + +- But that macro is deprecated (http://en.opensuse.org/Packaging/SUSE_Package_Conventions/RPM_Macros#3.28._.25run_ldconfig_.28deprecated.29) + so replace it with /sbin/ldconfig. + +------------------------------------------------------------------- +Mon Aug 6 17:03:54 CEST 2007 - bk@suse.de + +- replace -p /usr/sbin/ldconfig with %{run_ldconfig} + +------------------------------------------------------------------- +Mon Jul 30 08:54:42 CEST 2007 - aj@suse.de + +- Add gcc-c++ to BuildRequires. + +------------------------------------------------------------------- +Tue Jul 24 08:40:29 CEST 2007 - aj@suse.de + +- Resort spec file so that mDNSResponder is provided again. + +------------------------------------------------------------------- +Mon Jul 16 11:44:59 CEST 2007 - aj@suse.de + +- Fix spec file. + +------------------------------------------------------------------- +Mon Jul 16 09:14:58 CEST 2007 - aj@suse.de + +- Use extra spec file for avahi-mono to avoid build cycle + avahi->gnome->mono->avahi. + +------------------------------------------------------------------- +Thu Jul 5 22:08:28 CEST 2007 - maw@suse.de + +- Build require gtk2-devel. + +------------------------------------------------------------------- +Thu Jul 5 17:38:41 CEST 2007 - maw@suse.de + +- Don't remove libavahi-common.la, because many things depend on it +- Make avahi-mono require gtk-sharp2. +- Update avahi-gacdir.patch, fixing the build on biarch platforms. + +------------------------------------------------------------------- +Thu Jul 5 02:19:19 CEST 2007 - maw@suse.de + +- Remove some extraneous comments in the .spec file. + +------------------------------------------------------------------- +Tue Jul 3 12:17:48 CDT 2007 - maw@suse.de + +- Update to version 0.6.20: + + Various bug fixes and portability fixes + + New features, including a new libavahi-ui library and tools + to exploit it + + A fix for a local DoS vulnerability (b.n.c #287123 and + CVE-2007-3372) +- Remove upstreamed patches: avahi-python-compile.patch and + avahi-compat-libdns_sd-fixes.patch; rename + avahi-discover-icon.patch to avahi-desktop.patch, and fix more + .desktop files therein +- Buildrequire gtk-sharp2. + +------------------------------------------------------------------- +Wed Jun 6 14:09:40 CEST 2007 - sbrabec@suse.cz + +- Removed invalid desktop Category "Application" (#254654). + +------------------------------------------------------------------- +Thu May 24 01:29:15 CEST 2007 - ro@suse.de + +- fix some rpmlint errors (call ldconfig in post scripts) + +------------------------------------------------------------------- +Tue Mar 27 17:25:07 CEST 2007 - crivera@suse.de + +- Improve libdns_sd compat support. This helps fix 214887. + +------------------------------------------------------------------- +Mon Mar 26 12:23:04 CEST 2007 - rguenther@suse.de + +- Add gdbm-devel and zlib-devel BuildRequires. + +------------------------------------------------------------------- +Tue Mar 13 19:37:35 CET 2007 - crivera@suse.de + +- Rework the sub package split. There is a new package, avahi-python, + that contains all of the Python utilities. This removes all Python + dependencies from the base avahi package. This fixes 245390. + +------------------------------------------------------------------- +Fri Mar 9 23:10:02 CET 2007 - crivera@suse.de + +- Install avahi.firewill in /etc/sysconfig/SuSEfirewall2.d/services + instead of /usr/share/SuSEfirewall2/services. This allows avahi + to build again. This also depends on the latest dbus-1-python + submission being approved. + +------------------------------------------------------------------- +Tue Feb 27 17:45:31 CET 2007 - crivera@suse.de + +- Remove netdev patch in favor of using the configure parameter + instead. This also fixes a similar issue with the autoipd group + and user. This fixes 237145. + +------------------------------------------------------------------- +Mon Feb 26 18:27:52 CET 2007 - crivera@suse.de + +- Replace the non-existent "netdev" group with the "avahi" group in + avahi-dbus.conf. This fixes 237145. +- Remove Application, Utility, Network, and Settings categories from + the .desktop file. This fixes 244464. + +------------------------------------------------------------------- +Wed Feb 21 17:20:41 CET 2007 - sbrabec@suse.cz + +- Updated to a bugfix release 0.6.17: + * Don't accept "localhost" as a local mDNS host name + * Allow running avahi-bookmarks as CGI script + * Improve libdns_sd compatibility + * Stability: libdns_sd mutex locking order fix + * Publish IPv6 addresses via IPv4 and vice versa + * IA64 fixes + * A lot of minor cleanups and fixes +- Fixed python dependencies (#244457). +- Fixed howl compatibility links (#244486). +- Fixed python byte-compilation (#244458). +- Added avahi-bookmarks init script. +- Added SuSEfirewall2 rule. + +------------------------------------------------------------------- +Tue Feb 13 11:50:50 CET 2007 - sbrabec@suse.cz + +- Do not build unusable static libraries (#238552#c17). + +------------------------------------------------------------------- +Wed Jan 31 23:20:35 CET 2007 - ro@suse.de + +- removed gnome-nettool from BuildRequires (and Recommends) + (causes a build-cycle) and use local copy of the icon + +------------------------------------------------------------------- +Fri Jan 26 01:35:53 CET 2007 - ro@suse.de + +- add mono-devel to build requires to make mono-reqprov work + +------------------------------------------------------------------- +Wed Jan 24 15:33:20 CET 2007 - sbrabec@suse.cz + +- Updated to version 0.6.16 (CVE-2006-5461, CVE-2006-6870): + * Revert previous patch to check nlmsg_pid as it is bogus and + breaks in many cases, notably when using NetworkManager. + * Replace with new SO_PASSCRED-based check of the sending UID + which seems to work better. + * Handle some errors in libdns_sd more gracefully the way the real + libdns_sd does + * Apply fix for Linux 2.6.19+ where IFA_RTA / IFLA_RTA is no + longer defined + * Fix doxygen comments for avahi watch + * Make d-bus version detection work for >= 1.0 + * Dont dbus_connection_close on shared dbus connections + * Fix potential endless loop in dns label unpacking code + * Fix bogus assertion in client-publish-service.c example + * Mild fix to some doxygen docs for avahi-common/address.h + * Fix passing in custom priviledged group (previously ignored + setting) + * Check that netlink messages actually originate from the kernel + and not another process. + * Fix dbus_service_browser not setting + AVAHI_LOOKUP_RESULT_OUR_OWN. + +------------------------------------------------------------------- +Sun Jan 21 19:12:18 CET 2007 - dmueller@suse.de + +-compat-mDNSResponder-devel should require avahi-devel + +------------------------------------------------------------------- +Sat Jan 20 18:40:18 CET 2007 - aj@suse.de + +- Fix avahi-sharp.pc file to use correct gcac location. +- Add obsoletes and provides for mDNSResponder. + +------------------------------------------------------------------- +Thu Dec 14 10:53:09 CET 2006 - sbrabec@suse.cz + +- Created init script symlinks in /usr/sbin (#228203). + +------------------------------------------------------------------- +Sun Nov 12 21:53:11 CET 2006 - thoenig@suse.de + +- Update patch avahi-dbus-request-name-flags-fix-thoenig-02.patch: + Be precise with regard to the minor version of D-Bus + +------------------------------------------------------------------- +Sun Nov 12 15:57:26 CET 2006 - thoenig@suse.de + +- Add patch avahi-dbus-request-name-flags-fix-thoenig-01.patch: + Fix flawed logic for flags passed to dbus_bus_request_name() + +------------------------------------------------------------------- +Mon Oct 30 13:51:56 CET 2006 - sbrabec@suse.cz + +- Check the sender ID of netlink packets before using them + (#216219). + +------------------------------------------------------------------- +Sun Oct 15 21:36:55 CEST 2006 - danw@suse.de + +- Remove dead patches + +------------------------------------------------------------------- +Mon Oct 9 11:57:13 CEST 2006 - sbrabec@suse.cz + +- Build in older products. +- Enabled parallel build. + +------------------------------------------------------------------- +Fri Sep 22 08:24:24 CEST 2006 - aj@suse.de + +- Fix filelist for python upgrade. +- Build everything with RPM_OPT_FLAGS. + +------------------------------------------------------------------- +Mon Sep 18 22:50:04 CEST 2006 - jhargadon@suse.de + +- update to version 0.6.14 +- Add new daemon "avahi-autoipd" which is an implementation of + IPv4LL as defined in RFC3927, a technology for assigning link-local IP + addresses without DHCP server. The same functionality has been available on + Windows under the name APIPA. While it is not the first implemenatation of + this technology for Free operating systems it is clearly the most powerful + and hopefully even the most secure. (Because it chroot()s and drops + priviliges and suchlike) +- Fix a segfault in the code handling static host name registrations +- Add a few new entries to the service type database +- s/D-?BUS/D-Bus/g +- Documentation updates +- Fix service type database building on Solaris +- Make use of newer D-Bus APIs +- Fix random seed initialization +- Install SFTP static service file by default +- Other minor code cleanups +- removed upstreamed patches + +------------------------------------------------------------------- +Sun Sep 3 11:34:13 CEST 2006 - aj@suse.de + +- Follow package rename qt->libqt4. + +------------------------------------------------------------------- +Thu Aug 24 12:22:42 CEST 2006 - cthiel@suse.de + +- fix build + +------------------------------------------------------------------- +Wed Aug 16 11:55:15 CEST 2006 - cthiel@suse.de + +- buildrequire python-gtk-devel instead of python-gtk + +------------------------------------------------------------------- +Mon Aug 14 11:47:41 CEST 2006 - thoenig@suse.de + +- Add patch avahi-dbus-api-fix-thoenig-01.patch: Use + dbus_connection_close, not dbus_connection_disconnect + +------------------------------------------------------------------- +Fri Aug 11 21:02:19 CEST 2006 - cthiel@suse.de + +- remove avahi-0.6.10-pygtk-hack.patch, since python-gtk has been fixed in + the meantime + +------------------------------------------------------------------- +Sun Aug 6 13:16:20 CEST 2006 - cthiel@suse.de + +- fixed build by adding avahi-0.6.10-pygtk-hack.patch to hack around an + unfavorable configure check + +------------------------------------------------------------------- +Mon Jul 3 17:37:35 CEST 2006 - schwab@suse.de + +- Fix quoting in configure script. +- Fix invalid redefinition of docdir. + +------------------------------------------------------------------- +Mon May 15 20:23:10 CEST 2006 - sbrabec@suse.cz + +- Updated to version 0.6.10 (#137781). + * Fix a buffer overflow in avahi-core + * Refuse to process invalid UTF8 data + * Automatically reconnect to the DBUS if we're kicked. (Works only if + chroot() is disabled) + * Don't hit an assert() in the client libs when the Avahi daemon is + terminated + * Enumerate all service types in the database in the Service + Discovery Applet for Gnome + * Improve the Bonjour compatibility layer to make it survive + GnomeMeeting's broken usage + * Deal properly with local non-ASCII hostnames + * AMD64 and FreeBSD portability fixes + * Filter double DNS server entries in avahi-dnsconfd + * Fix a locking bug in avahi-sharp's EntryGroup.AddService() + * Ported to Solaris (incomplete) + * Add _airport._tcp to our service type database + +------------------------------------------------------------------- +Tue May 9 13:47:16 CEST 2006 - sbrabec@suse.cz + +- Fixed buffer overflow in avahi_record_to_string() (#137781#c7). + +------------------------------------------------------------------- +Mon Apr 24 15:14:45 CEST 2006 - sbrabec@suse.cz + +- Replaced Obsoletes by Conflicts for mDNSResponder* (#149676). + +------------------------------------------------------------------- +Wed Apr 19 16:11:02 CEST 2006 - jpr@suse.de + +- Fix compat layer ABI inconsistencies with mDNSResponder (part of +#149676) + +------------------------------------------------------------------- +Wed Apr 5 19:45:50 CEST 2006 - sbrabec@suse.cz + +- Wait for daemon initialization in the init script (#150902). + +------------------------------------------------------------------- +Tue Apr 4 16:11:18 CEST 2006 - sbrabec@suse.cz + +- Use Provides and Obsoletes instead of Conflicts to allow seamless + replacement. + +------------------------------------------------------------------- +Mon Mar 20 15:38:41 CET 2006 - sbrabec@suse.cz + +- Call %insserv_cleanup in %postun. + +------------------------------------------------------------------- +Thu Feb 9 20:00:47 CET 2006 - sbrabec@suse.cz + +- Provide libdns_sd.so RPM symbol, as mDNSResponder does. +- Reduced BuildRequires. + +------------------------------------------------------------------- +Thu Feb 9 13:22:57 CET 2006 - sbrabec@suse.cz + +- Fixed circular dependency between avahi and avahi-glib + (avahi-discover moved to avahi-glib). + +------------------------------------------------------------------- +Wed Jan 25 21:34:32 CET 2006 - mls@suse.de + +- converted neededforbuild to BuildRequires + +------------------------------------------------------------------- +Mon Jan 23 15:47:18 CET 2006 - sbrabec@suse.cz + +- Updated to version 0.6.5. +- Enable howl compatibility layer as separate packages. + +------------------------------------------------------------------- +Mon Jan 16 17:22:36 CET 2006 - sbrabec@suse.cz + +- Updated to version 0.6.4. + +------------------------------------------------------------------- +Tue Dec 20 15:36:49 CET 2005 - ro@suse.de + +- fix build with dbus-1 0.60 +- added libxml2-python to nfb + +------------------------------------------------------------------- +Fri Dec 16 19:22:21 CET 2005 - rml@suse.de + +- Move libdns_sd.so to avahi-compat-mDNSResponder from + avahi-compat-mDNSResponder-devel (fix up requires/provides) + +------------------------------------------------------------------- +Fri Dec 2 16:35:32 CET 2005 - sbrabec@suse.cz + +- Provide dns_sd.h compatibility symlink. + +------------------------------------------------------------------- +Fri Dec 2 15:51:50 CET 2005 - sbrabec@suse.cz + +- Enable mDNSResponder compatibility layer as separate packages. + +------------------------------------------------------------------- +Fri Dec 2 12:40:40 CET 2005 - sbrabec@suse.cz + +- Call aclocal to compile in PLUS. +- Enabled qt4 bindings. +- Fixed file ownership. +- Disabled parallel build - mono fails often. + +------------------------------------------------------------------- +Thu Dec 1 18:43:53 CET 2005 - sbrabec@suse.cz + +- Bi-arch fix. +- Build as user. +- Enabled parallel build. + +------------------------------------------------------------------- +Wed Nov 30 18:05:00 CET 2005 - sbrabec@suse.cz + +- Updated to version 0.6.1. +- Moved all devel files and Requires to devel subpackage. + +------------------------------------------------------------------- +Wed Oct 12 18:40:49 CEST 2005 - ro@suse.de + +- use gnome2-devel-packages in nfb and cleanup nfb +- fix build of sharp part on x86_64 + +------------------------------------------------------------------- +Mon Oct 10 18:31:12 CEST 2005 - ro@suse.de + +- removed restart_on_update in postinstall + (only needed in postuninstall) + +------------------------------------------------------------------- +Thu Oct 6 15:19:48 CEST 2005 - jpr@suse.de + +- Initial check in + diff --git a/avahi.spec b/avahi.spec new file mode 100644 index 0000000..7b49993 --- /dev/null +++ b/avahi.spec @@ -0,0 +1,931 @@ +# +# spec file for package avahi +# +# Copyright (c) 2024 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +%define _name avahi +%global flavor @BUILD_FLAVOR@%{nil} + +%if "%{flavor}" == "qt5" +%global psuffix -qt5 +%global build_qt5 1 +%global build_glib2 0 +%global build_core 0 +%else +%if "%{flavor}" == "glib2" +%global psuffix -glib2 +# NOTE: build_glib2 also controls build of gobject, gtk3 and pygobject code. +%global build_qt5 0 +%global build_glib2 1 +%global build_core 0 +%else +%global psuffix %{nil} +%global build_qt5 0 +%global build_glib2 0 +%global build_core 1 +%endif +%endif +%define avahi_client_sover 3 +%define avahi_common_sover 3 +%define avahi_core_sover 7 +%define avahi_libevent_sover 1 +%define avahi_libhowl_sover 0 +%define avahi_ui_sover 0 +%define avahi_glib_sover 1 +%define avahi_gobject_sover 0 +%define avahi_gtk3_sover 0 +%define avahi_qt5_sover 1 +%if %{build_glib2} +%define debug_package_requires libavahi-ui%{avahi_ui_sover} = %{version}-%{release} +%endif +%{?!python_module:%define python_module() python3-%{**}} +%define skip_python2 1 +%define oldpython python +Name: avahi%{psuffix} +Version: 0.8 +Release: 0 +Summary: D-Bus Service for Zeroconf and Bonjour +License: LGPL-2.1-or-later +Group: System/Daemons +URL: https://www.avahi.org/ +Source: https://avahi.org/download/%{_name}-%{version}.tar.gz +# Copy of glib-2.0.m4 from glib2-devel to not depend on glib2-devel. +Source4: avahi-glib-gettext.m4 +Source5: avahi.sysconfig +Source6: avahi-autoipd.sysconfig +Source9: avahi-autoipd.README.SUSE +Source13: avahi.sysusers +Source14: avahi-autoipd.sysusers +# File missing from 0.8 tarball +Source12: https://raw.githubusercontent.com/lathiat/avahi/master/service-type-database/build-db +Source100: attributes +Source101: update_spec.pl +Source102: baselibs.conf +Source103: avahi-rpmlintrc +# PATCH-FIX-OPENSUSE avahi-gacdir.patch -- Mono libs are in $prefix/lib on suse +Patch0: avahi-gacdir.patch +# PATCH-FIX-UPSTREAM avahi-desktop.patch bnc254654 Avahi#365 -- sbrabec@suse.cz +Patch1: avahi-desktop.patch +# PATCH-FIX-OPENSUSE avahi-add-resolv-conf-to-inotify.patch bsc#982317 boo#1194561 mgorse@suse.com -- reconfigure when resolv.conf changes. +Patch19: avahi-add-resolv-conf-to-inotify.patch +# PATCH-FIX-UPSTREAM add-IT_PROG_INTLTOOL.patch alarrosa@suse.com -- add IT_PROG_INTLTOOL so intltool works +Patch20: add-IT_PROG_INTLTOOL.patch +# PATCH-FIX-UPSTREAM avahi-CVE-2021-3468.patch boo#1184521 mgorse@suse.com -- avoid infinite loop by handling HUP event in client_work. +Patch21: avahi-CVE-2021-3468.patch +# PATCH-FIX-UPSTREAM avahi-CVE-2021-3502.patch boo#1184846 mgorse@suse.com -- fix NULL pointer crashes. +Patch22: avahi-CVE-2021-3502.patch +# PATCH-FIX-UPSTREAM 0001-man-fix-reference-to-avahi-autoipd.action-8-in-avahi.patch mgorse@suse.com -- fix a manpage reference. +Patch23: 0001-man-fix-reference-to-avahi-autoipd.action-8-in-avahi.patch +# PATCH-FIX-UPSTREAM 0005-avahi-dnsconfd.service-Drop-Also-avahi-daemon.socket.patch mgorse@suse.com -- disabling avahi-dnsconfd should not also disable avahi-daemon.socket. +Patch24: 0005-avahi-dnsconfd.service-Drop-Also-avahi-daemon.socket.patch +# PATCH-FIX-UPSTREAM 0006-man-add-missing-bshell.1-symlink.patch mgorse@suse.com -- add manpage symlink. +Patch25: 0006-man-add-missing-bshell.1-symlink.patch +# PATCH-FIX-UPSTREAM 0007-Ship-avahi-discover-1-bssh-1-and-bvnc-1-also-for-GTK.patch mgorse@suse.com -- ship some manpages that were missing when gtk 2 is disabled. +Patch26: 0007-Ship-avahi-discover-1-bssh-1-and-bvnc-1-also-for-GTK.patch +# PATCH-FIX-UPSTREAM 0009-fix-bytestring-decoding-for-proper-display.patch mgorse@suse.com -- fix bytestring decoding for proper display. +Patch27: 0009-fix-bytestring-decoding-for-proper-display.patch +# PATCH-FEATURE-OPENSUSE +Patch28: harden_avahi-daemon.service.patch +# PATCH-FEATURE-OPENSUSE +Patch29: harden_avahi-dnsconfd.service.patch +# PATCH-FIX-UPSTREAM avahi-CVE-2023-1981.patch boo#1210328 mgorse@suse.com -- emit error if requested service is not found. +Patch30: avahi-CVE-2023-1981.patch +# PATCH-FIX-UPSTREAM avahi-CVE-2023-38473.patch bsc#1216419 xwang@suse.com -- derive alternative host name from its unescaped version +Patch31: avahi-CVE-2023-38473.patch +# PATCH-FIX-UPSTREAM avahi-CVE-2023-38470.patch bsc#1215947 alynx.zhou@suse.com -- Ensure each label is at least one byte long +Patch32: avahi-CVE-2023-38470.patch +# PATCH-FIX-UPSTREAM avahi-CVE-2023-38472.patch bsc#1216853 alynx.zhou@suse.com -- Fix reachable assertion in avahi_rdata_parse +Patch33: avahi-CVE-2023-38472.patch +# PATCH-FIX-UPSTREAM avahi-CVE-2023-38469.patch bsc#1216598 xwang@suse.com -- Reject overly long TXT resource records +Patch34: avahi-CVE-2023-38469.patch +# PATCH-FIX-UPSTREAM avahi-CVE-2023-38471.patch bsc#1216594 xwang@suse.com -- Extract host name using avahi_unescape_label +Patch35: avahi-CVE-2023-38471.patch +# PATCH-FIX-UPSTREAM avahi-filter-bogus-services.patch bsc#1226586 mgorse@suse.com -- no longer supply bogus services to callbacks. +Patch36: avahi-filter-bogus-services.patch +BuildRequires: fdupes +BuildRequires: gcc-c++ +BuildRequires: gdbm-devel +BuildRequires: intltool +BuildRequires: libdaemon-devel +BuildRequires: libexpat-devel +BuildRequires: sysuser-tools +# libtool is needed to build all variants: bootstrap is unconditional in the build section +BuildRequires: libtool +BuildRequires: pkgconfig +BuildRequires: strip-nondeterminism +BuildRequires: xmltoman +%if %{build_core} +BuildRequires: dbus-1-devel +BuildRequires: doxygen +BuildRequires: graphviz +BuildRequires: libevent-devel >= 2.1.5 +BuildRequires: zlib-devel +BuildRequires: pkgconfig(systemd) +Requires: nss-mdns +%sysusers_requires +# +# mDNSResponder was used for <= 10.2: +Provides: mDNSResponder = 107.5 +Obsoletes: mDNSResponder < 107.5 +# Disable this conflict for now, it breaks staging, and it's pretty much obsolete, but can go back in if needed once a new version of avahi is released. +# File conflict for service-types.db openSUSE <= 12.3 SLE <= 11SP2 +#Conflicts: avahi-utils <= 0.6.31-9.2 +%endif +%if %{build_glib2} +BuildRequires: gobject-introspection-devel +BuildRequires: gtk3-devel +BuildRequires: libavahi-devel = %{version} +BuildRequires: update-desktop-files +BuildRequires: pkgconfig(pygobject-3.0) +%endif +%if %{build_qt5} +BuildRequires: dbus-1-devel +BuildRequires: libavahi-devel = %{version} +BuildRequires: pkgconfig(Qt5Core) +Requires: libavahi-client%{avahi_client_sover} >= %{version} +%endif +BuildRequires: python-rpm-macros +%if %{build_core} +BuildRequires: %{python_module dbm} +BuildRequires: %{python_module dbus-python} +%if 0%{?suse_version} >= 1550 +# TW: generate subpackages for every python3 flavor +%define python_subpackage_only 1 +%python_subpackages +%else +# Same defaults for all build targets +%define python_sitelib %python3_sitelib +%define python_files() -n python3-%{**} +%endif +%else +# Even if we don't install the python bindings outside of build_core, we need the default python3 to build the service types database: +%define pythons python3 +BuildRequires: python3-dbm +BuildRequires: python3-dbus-python +# avoid error from unused python_subpackages +%define python_files() -n python3-%{**} +%endif + +%description +Avahi is an implementation of the DNS Service Discovery and Multicast +DNS specifications for Zeroconf Computing. It uses D-Bus for +communication between user applications and a system daemon. The daemon +is used to coordinate application efforts in caching replies, necessary +to minimize the traffic imposed on networks. + +The Avahi mDNS responder is now complete with features, implementing +all MUSTs and the majority of the SHOULDs of the mDNS and DNS-SD RFCs. +It passes all tests in the Apple Bonjour conformance test suite. In +addition, it supports some nifty things, like correct mDNS reflection +across LAN segments. + +%package -n libavahi-client%{avahi_client_sover} +Summary: D-Bus Service for Zeroconf and Bonjour +Group: System/Libraries + +%description -n libavahi-client%{avahi_client_sover} +Avahi is an implementation of the DNS Service Discovery and Multicast +DNS specifications for Zeroconf Computing. + +%package -n libavahi-common%{avahi_common_sover} +Summary: D-Bus Service for Zeroconf and Bonjour +Group: System/Libraries + +%description -n libavahi-common%{avahi_common_sover} +Avahi is an implementation of the DNS Service Discovery and Multicast +DNS specifications for Zeroconf Computing. + +%package -n libavahi-core%{avahi_core_sover} +Summary: D-Bus Service for Zeroconf and Bonjour +Group: System/Libraries + +%description -n libavahi-core%{avahi_core_sover} +Avahi is an implementation of the DNS Service Discovery and Multicast +DNS specifications for Zeroconf Computing. + +%package -n libavahi-libevent%{avahi_libevent_sover} +Summary: D-Bus Service for Zeroconf and Bonjour +Group: System/Libraries + +%description -n libavahi-libevent%{avahi_libevent_sover} +Avahi is an implementation of the DNS Service Discovery and Multicast +DNS specifications for Zeroconf Computing. + +%package -n libdns_sd +Summary: mDNSResponder Compatibility Package for the Zeroconf/Bonjour D-Bus service +# mDNSResponder-lib used unversioned soname. +# Provide full compatibility with mDNSResponder (FIXME: should be fixed in the package): +# +# mDNSResponder-lib was used for <= 10.2: +Group: System/Libraries +Provides: mDNSResponder-lib = 107.5 +Obsoletes: mDNSResponder-lib < 107.5 +# Old name used for <= 10.3: +Provides: avahi-compat-mDNSResponder = %{version} +Obsoletes: avahi-compat-mDNSResponder < %{version} +%ifarch ia64 x86_64 ppc64 s390x +Provides: libdns_sd.so()(64bit) +%else +Provides: libdns_sd.so +%endif + +%description -n libdns_sd +Apple mDNSResponder compatibility layer for Avahi. + +Avahi is an implementation of the DNS Service Discovery and Multicast DNS +specifications for Zeroconf Computing. + +%package -n libhowl%{avahi_libhowl_sover} +Summary: Howl Compatibility Package for the Zeroconf/Bonjour D-Bus service +# Old name used for <= 10.3: +Group: System/Libraries +Provides: avahi-compat-howl = %{version} +Obsoletes: avahi-compat-howl < %{version} + +%description -n libhowl%{avahi_libhowl_sover} +Howl compatibility layer for Avahi. + +Avahi is an implementation of the DNS Service Discovery and Multicast DNS +specifications for Zeroconf Computing. + +%if 0%{?python_subpackage_only} +%package -n python-avahi +Summary: A set of Avahi utilities written in Python +Group: Development/Languages/Python +Requires: %{name} = %{version} +Requires: python-Twisted +Requires: python-dbm +Requires: python-dbus-python +# Old name used for <= 10.3: +%if "%{python_flavor}" == "python3" || "%{python_provides}" == "python3" +Provides: avahi-python = %{version} +Obsoletes: %{oldpython}-avahi < %{version} +Obsoletes: avahi-python < %{version} +%endif + +%description -n python-avahi +Avahi is an implementation of the DNS Service Discovery and Multicast +DNS specifications for Zeroconf Computing. + +%else + +%package -n python3-avahi +Summary: A set of Avahi utilities written in Python +Group: Development/Languages/Python +Requires: %{name} = %{version} +Requires: python3-Twisted +Requires: python3-dbm +Requires: python3-dbus-python +# Old name used for <= 10.3: +Provides: avahi-python = %{version} +Obsoletes: avahi-python < %{version} +Obsoletes: python-avahi < %{version} + +%description -n python3-avahi +Avahi is an implementation of the DNS Service Discovery and Multicast +DNS specifications for Zeroconf Computing. +%endif + +%package autoipd +Summary: IPv4LL Service for Zeroconf and Bonjour +# Split provides for upgrade from openSUSE <= 12.3 and SLE <= 11. +# Disable this conflict for now, it breaks staging, and it's pretty much obsolete, but can go back in if needed once a new version of avahi is released. +# File conflict for avahi-autoipd openSUSE <= 12.3 SLE <= 11 +#Conflicts: avahi <= 0.6.31-9.2 +# coreutils contains /usr/bin/chown +Group: Productivity/Networking/Other +Requires(post): coreutils +%sysusers_requires +Provides: avahi:%{_sbindir}/avahi-autoipd + +%description autoipd +avahi-autoipd is an implementation of Dynamic Configuration of IPv4 +Link-Local Addresses. + +avahi-autoipd doesn't depend on any other Avahi library, hence it makes +sense to install it even if Avahi itself is not installed. + +%package utils +Summary: Command Line Utilities for the Zeroconf/Bonjour D-Bus service +Group: Productivity/Networking/Other +Requires: %{_name} >= %{version} + +%description utils +Avahi is an implementation of the DNS Service Discovery and Multicast +DNS specifications for Zeroconf Computing. + +%package -n libavahi-devel +Summary: Header files for the Zeroconf/Bonjour D-Bus service +Group: Development/Libraries/C and C++ +Requires: dbus-1-devel +Requires: glibc-devel +Requires: libavahi-client%{avahi_client_sover} = %{version} +Requires: libavahi-common%{avahi_common_sover} = %{version} +Requires: libavahi-core%{avahi_core_sover} = %{version} +Requires: libavahi-libevent%{avahi_libevent_sover} = %{version} +# Last appeared in OpenSUSE 10.3: +Provides: avahi-devel = %{version} +Obsoletes: avahi-devel < %{version} + +%description -n libavahi-devel +Avahi is an implementation of the DNS Service Discovery and Multicast DNS +specifications for Zeroconf Computing. + +%package compat-mDNSResponder-devel +Summary: mDNSResponder Compatibility Package for the Zeroconf/Bonjour D-Bus service +Group: Development/Libraries/C and C++ +Requires: libavahi-devel = %{version} +Requires: libdns_sd = %{version} +Provides: mDNSResponder-devel = 107.5 +Obsoletes: mDNSResponder-devel < 107.5 + +%description compat-mDNSResponder-devel +Apple mDNSResponder compatibility layer for Avahi. + +Avahi is an implementation of the DNS Service Discovery and Multicast DNS +specifications for Zeroconf Computing. + +%package compat-howl-devel +Summary: Howl Compatibility Package for the Zeroconf/Bonjour D-Bus service +Group: Development/Libraries/C and C++ +Requires: libavahi-devel = %{version} +Requires: libhowl%{avahi_libhowl_sover} = %{version} + +%description compat-howl-devel +Howl compatibility layer for Avahi. + +Avahi is an implementation of the DNS Service Discovery and Multicast DNS +specifications for Zeroconf Computing. + +%package -n libavahi-ui-gtk3-%{avahi_gtk3_sover} +Summary: D-Bus Service for Zeroconf and Bonjour +Group: System/Libraries + +%description -n libavahi-ui-gtk3-%{avahi_gtk3_sover} +Avahi is an implementation of the DNS Service Discovery and Multicast +DNS specifications for Zeroconf Computing. + +%package -n libavahi-glib%{avahi_glib_sover} +Summary: Glib Bindings for avahi, the D-Bus Service for Zeroconf and Bonjour +# Old name used for <= 10.3: +Group: System/Libraries +Provides: avahi-glib = %{version} +Obsoletes: avahi-glib < %{version} + +%description -n libavahi-glib%{avahi_glib_sover} +GLib support for Avahi. + +Avahi is an implementation of the DNS Service Discovery and Multicast DNS +specifications for Zeroconf Computing. + +%package -n libavahi-gobject%{avahi_gobject_sover} +Summary: D-Bus Service for Zeroconf and Bonjour +Group: System/Libraries + +%description -n libavahi-gobject%{avahi_gobject_sover} +Avahi is an implementation of the DNS Service Discovery and Multicast +DNS specifications for Zeroconf Computing. + +%package -n typelib-1_0-Avahi-0_6 +Summary: Introspection bindings for the Zeroconf/Bonjour D-Bus service +Group: System/Libraries + +%description -n typelib-1_0-Avahi-0_6 +Avahi is an implementation of the DNS Service Discovery and Multicast +DNS specifications for Zeroconf Computing. + +This package provides the GObject Introspection bindings for Avahi. + +%package -n avahi-utils-gtk +Summary: GTK+ Utilities for the Zeroconf/Bonjour D-Bus service +Group: Productivity/Networking/Other +Requires: %{_name} >= %{version} +# Due to a mistake in the spec file build staging, this package had +# name avahi-glib2-utils-gtk in 11.1 and SLE11 and avahi-utils-gtk in +# all other products. +Provides: avahi-glib2-utils-gtk = %{version} +Obsoletes: avahi-glib2-utils-gtk < %{version} + +%description -n avahi-utils-gtk +Avahi is an implementation of the DNS Service Discovery and Multicast +DNS specifications for Zeroconf Computing. + + +# This is the avahi-discover command, only provided for the primary python3 flavor + +%package -n python3-avahi-gtk +Summary: A set of Avahi utilities written in Python Using python-gtk +Group: Development/Languages/Python +Requires: python3-avahi = %{version} +Requires: python3-gobject +Requires(post): coreutils +Requires(postun): coreutils +Provides: %{oldpython}-avahi-gtk = %{version} +Obsoletes: %{oldpython}-avahi-gtk < %{version} +# Provide split-provides for update from <= 11.0: +Provides: %{oldpython}-avahi:%{_bindir}/avahi-discover + +%description -n python3-avahi-gtk +Avahi is an implementation of the DNS Service Discovery and Multicast +DNS specifications for Zeroconf Computing. + +%package -n libavahi-glib-devel +Summary: Header files for Avahi's Glib bindings +Group: Development/Libraries/C and C++ +Requires: libavahi-devel = %{version} +Requires: libavahi-glib%{avahi_glib_sover} = %{version} +Requires: libavahi-ui-gtk3-%{avahi_gtk3_sover} = %{version} +Requires: typelib-1_0-Avahi-0_6 = %{version} +# Last appeared in OpenSUSE 10.3: +Provides: avahi-devel:%{_libdir}/libavahi-glib.so + +%description -n libavahi-glib-devel +GLib support for Avahi. + +Avahi is an implementation of the DNS Service Discovery and Multicast DNS +specifications for Zeroconf Computing. + +%package -n libavahi-gobject-devel +Summary: Header files for Avahi's GObject bindings +Group: System/Daemons +Requires: glib2-devel +Requires: libavahi-devel = %{version} +Requires: libavahi-glib-devel +Requires: libavahi-gobject%{avahi_gobject_sover} = %{version} + +%description -n libavahi-gobject-devel +Avahi is an implementation of the DNS Service Discovery and Multicast +DNS specifications for Zeroconf Computing. + +%if %{build_core} +%lang_package +%endif + +%if %{build_qt5} +%package -n libavahi-qt5-%{avahi_qt5_sover} +Summary: Qt5 Bindings for avahi, the D-Bus Service for Zeroconf and Bonjour +Group: System/Libraries + +%description -n libavahi-qt5-%{avahi_qt5_sover} +Qt5 support for Avahi. + +Avahi is an implementation of the DNS Service Discovery and Multicast DNS +specifications for Zeroconf Computing. + +%package -n libavahi-qt5-devel +Summary: Header files for Avahi's Qt5 bindings +Group: Development/Libraries/C and C++ +Requires: libavahi-devel = %{version} +Requires: libavahi-qt5-%{avahi_qt5_sover} = %{version} + +%description -n libavahi-qt5-devel +Development files for the Qt5 support for Avahi. + +Avahi is an implementation of the DNS Service Discovery and Multicast DNS +specifications for Zeroconf Computing. +%endif + +%prep +%setup -q -n %{_name}-%{version} +cp -a %{SOURCE5} sysconfig.avahi +sed "s:@docdir@:%{_docdir}:g" <%{SOURCE6} >sysconfig.avahi-autoipd +cp -a %{SOURCE9} avahi-autoipd/README.SUSE +sed -ie "s/libevent-[0-9\.]*/libevent/" avahi-libevent.pc.in +cp -a %{SOURCE12} service-type-database/build-db +%autopatch -p1 + +%if !%{build_core} +# Replace all .la references from local .la files to installed versions +# with exception of libavahi-glib.la. +# It allows to build only the binding subpackage. +sed -i 's:libavahi-glib\.la:@@SKIP LIBAVAHI GLIB@@:g +s:\(\.\.\|\$(top_builddir)\)/[^/]*/\(lib[^ ]*\.la\):%{_libdir}/\2:g +s:@@SKIP LIBAVAHI GLIB@@:libavahi-glib.la:g +' */Makefile.am +%endif +if ! test -f %{_datadir}/aclocal/glib-gettext.m4 ; then + cat %{SOURCE4} >>acinclude.m4 +fi + +%build +%sysusers_generate_pre %{SOURCE13} avahi avahi.conf +%sysusers_generate_pre %{SOURCE14} autoipd avahi-autoipd.conf +autoreconf -f -i +intltoolize -f +%{python_expand # configure for every python flavor +export PYTHON=%{_bindir}/$python +%configure\ + --disable-static\ + --with-distro=suse\ + --enable-xmltoman\ + --with-dbus-sys=%{_datadir}/dbus-1/system.d \ +%if %{build_core} + --enable-compat-libdns_sd\ + --enable-compat-howl\ + --enable-libevent\ +%else + --disable-compat-libdns_sd\ + --disable-compat-howl\ + --disable-libevent\ +%endif +%if %{build_glib2} + --enable-glib\ + --enable-gobject\ + --disable-gtk\ + --enable-gtk3\ + --enable-pygobject\ +%else + --disable-glib\ + --disable-gobject\ + --disable-pygobject\ + --disable-gtk\ + --disable-gtk3\ +%endif + --disable-qt3\ + --disable-qt4\ + --disable-mono\ +%if %{build_qt5} + --enable-qt5\ +%else + --disable-qt5\ +%endif +%ifarch ppc64 ppc64le s390x + --disable-monodoc\ +%endif + --with-avahi-priv-access-group=avahi\ + --with-autoipd-user=avahi-autoipd\ + --with-autoipd-group=avahi-autoipd + +cp -r avahi-python avahi-python-%{$python_bin_suffix} +} + +%if %{build_glib2} && !%{build_core} +for DIR in avahi-glib avahi-gobject avahi-ui avahi-discover-standalone avahi-python man ; do +cd $DIR +%make_build +cd .. +done +%endif +%if %{build_core} +%{python_expand # build for every python flavor +cd avahi-python-%{$python_bin_suffix} +%make_build +cd .. +} +%endif +%make_build + +%install +%if %{build_glib2} && !%{build_core} +for DIR in avahi-glib avahi-gobject avahi-ui avahi-discover-standalone avahi-python man ; do +cd $DIR +%make_install +cd .. +done +cd - +%endif +%if %{build_qt5} && !%{build_core} +cd avahi-qt +%endif +%make_install +# do not install sysv init scripts +rm -rf %{buildroot}%{_sysconfdir}/init.d/ +# Do not install ssh and sftp services +rm -rf %{buildroot}%{_sysconfdir}/avahi/services/ssh.service +rm -rf %{buildroot}%{_sysconfdir}/avahi/services/sftp-ssh.service + +%python3_fix_shebang + +%if !%{build_core} +cd .. +%make_build install-pkgconfigDATA DESTDIR=%{buildroot} +%endif +%if %{build_core} +%{python_expand # install for every python flavor +cd avahi-python-%{$python_bin_suffix} +%make_install +cd .. +} +%python_clone -a %{buildroot}%{_bindir}/avahi-bookmarks +%python_clone -a %{buildroot}%{_mandir}/man1/avahi-bookmarks.1 +# do not remove this unless you plan to fix _all_ the references to +# it. all (multiple) previous attempts have failed already +#rm "%{buildroot}/%{_libdir}/libavahi-common.la" +install -d %{buildroot}/%{_localstatedir}/run/avahi-daemon +ln -s avahi-compat-libdns_sd/dns_sd.h %{buildroot}/%{_includedir}/ +ln -s avahi-compat-howl.pc %{buildroot}/%{_libdir}/pkgconfig/howl.pc +install -d %{buildroot}/%{_prefix}/lib/avahi +install -d %{buildroot}/%{_localstatedir}/lib/avahi-autoipd +install -d %{buildroot}/%{_datadir}/pixmaps +install -d %{buildroot}%{_fillupdir} +install -m 644 sysconfig.avahi* %{buildroot}%{_fillupdir}/ +install -Dm0644 %{SOURCE13} %{buildroot}%{_sysusersdir}/avahi.conf +install -Dm0644 %{SOURCE14} %{buildroot}%{_sysusersdir}/avahi-autoipd.conf +%if ! %{build_glib2} +# Note: This file is intentionally installed here. It is needed for avahi-utils-gtk and python3-avahi-gtk: +install -d %{buildroot}/%{_datadir}/avahi/interfaces +install -m 644 avahi-discover-standalone/avahi-discover.ui %{buildroot}/%{_datadir}/avahi/interfaces +%endif +%find_lang %{name} %{?no_lang_C} +%else +# There is no simple way to not install core files. Remove them here. +# The rest is enabled/disabled in configure as needed. +rm %{buildroot}/%{_libdir}/pkgconfig/avahi-client.pc +rm %{buildroot}/%{_libdir}/pkgconfig/avahi-core.pc +%if %{build_glib2} +rm %{buildroot}/%{_bindir}/avahi-bookmarks +rm -r %{buildroot}/%{python3_sitelib}/avahi +rm %{buildroot}/%{_mandir}/man1/avahi-bookmarks.1* +rm %{buildroot}/%{_mandir}/man1/avahi-browse-domains.1* +rm %{buildroot}/%{_mandir}/man1/avahi-browse.1* +rm %{buildroot}/%{_mandir}/man1/avahi-publish-address.1* +rm %{buildroot}/%{_mandir}/man1/avahi-publish-service.1* +rm %{buildroot}/%{_mandir}/man1/avahi-publish.1* +rm %{buildroot}/%{_mandir}/man1/avahi-resolve-address.1* +rm %{buildroot}/%{_mandir}/man1/avahi-resolve-host-name.1* +rm %{buildroot}/%{_mandir}/man1/avahi-resolve.1* +rm %{buildroot}/%{_mandir}/man1/avahi-set-host-name.1* +rm %{buildroot}/%{_mandir}/man5/avahi-daemon.conf.5* +rm %{buildroot}/%{_mandir}/man5/avahi.hosts.5* +rm %{buildroot}/%{_mandir}/man5/avahi.service.5* +rm %{buildroot}/%{_mandir}/man8/avahi-autoipd.8* +rm %{buildroot}/%{_mandir}/man8/avahi-autoipd.action.8* +rm %{buildroot}/%{_mandir}/man8/avahi-daemon.8* +rm %{buildroot}/%{_mandir}/man8/avahi-dnsconfd.8* +rm %{buildroot}/%{_mandir}/man8/avahi-dnsconfd.action.8* +# Note: This file was intentionally moved to avahi. It is needed for avahi-utils-gtk and python3-avahi-gtk: +rm %{buildroot}/%{_datadir}/avahi/interfaces/avahi-discover.ui +rmdir %{buildroot}/%{_datadir}/avahi/interfaces +rmdir %{buildroot}/%{_datadir}/avahi +%endif +%endif +%if %{build_glib2} +%suse_update_desktop_file avahi-discover +%suse_update_desktop_file bvnc +%suse_update_desktop_file bssh +%endif +%fdupes %{buildroot}/%{_libdir} + +%pre -f avahi.pre +%service_add_pre avahi-dnsconfd.service avahi-daemon.service +# bnc#853845,bnc#851953: do not start by default under +# sysconfig as this breaks vlan,bridge,bonding setups +# in pre to revert old default setting from template. +if test -f %{_fillupdir}/sysconfig.avahi-autoipd -a \ + -f etc/sysconfig/avahi ; then + . %{_fillupdir}/sysconfig.avahi-autoipd + if test "X$AVAHI_AUTOIPD_ENABLE" = "Xyes" ; then + sed -i etc/sysconfig/avahi \ + -e 's/^\(AVAHI_AUTOIPD_ENABLE\)=.*/\1="no"/' + fi +fi + +%post +%{fillup_only -n avahi} +%{fillup_only -ns security checksig} +%service_add_post avahi-dnsconfd.service avahi-daemon.service + +%preun +%service_del_preun avahi-dnsconfd.service avahi-daemon.service + +%postun +%service_del_postun avahi-dnsconfd.service avahi-daemon.service + +%pre autoipd -f autoipd.pre + +%post autoipd +%{fillup_only -ns avahi autoipd} + +%ldconfig_scriptlets -n libavahi-client%{avahi_client_sover} +%ldconfig_scriptlets -n libavahi-common%{avahi_common_sover} +%ldconfig_scriptlets -n libavahi-core%{avahi_core_sover} +%ldconfig_scriptlets -n libavahi-libevent%{avahi_libevent_sover} +%ldconfig_scriptlets -n libdns_sd +%ldconfig_scriptlets -n libhowl%{avahi_libhowl_sover} +%ldconfig_scriptlets -n libavahi-ui-gtk3-%{avahi_gtk3_sover} +%ldconfig_scriptlets -n libavahi-gobject%{avahi_gobject_sover} +%ldconfig_scriptlets -n libavahi-glib%{avahi_glib_sover} + +%if %{build_qt5} +%ldconfig_scriptlets -n libavahi-qt5-%{avahi_qt5_sover} +%endif + +%post -n python3-avahi-gtk +%desktop_database_post + +%postun -n python3-avahi-gtk +%desktop_database_post + +%post -n avahi-utils-gtk +%desktop_database_post + +%postun -n avahi-utils-gtk +%desktop_database_post + +%if %{build_core} +%if 0%{?python_subpackage_only} +# this is rewritten by python_subpackages into the appropriate flavor +%post -n python-avahi +%python_install_alternative avahi-bookmarks avahi-bookmarks.1 + +%postun -n python-avahi +%python_uninstall_alternative avahi-bookmarks +%else + +%post -n python3-avahi +%python_install_alternative avahi-bookmarks avahi-bookmarks.1 + +%postun -n python3-avahi +%python_uninstall_alternative avahi-bookmarks +%endif + +%files +%license LICENSE +%doc docs/* avahi-daemon/sftp-ssh.service avahi-daemon/ssh.service +%dir %{_libdir}/avahi/ +# Note: This file is intentionally packaged here. It is needed for python3-avahi and avahi-utils: +%{_libdir}/avahi/service-types.db +# avahi creates the directory itself, we do not package it +# since it might be on tmpfs +%attr(-,avahi,avahi) %ghost /run/avahi-daemon +%{_mandir}/man5/*.5%{ext_man} +%{_mandir}/man8/*.8%{ext_man} +%exclude %{_mandir}/man8/avahi-autoipd.8.* +%{_sbindir}/avahi-* +%exclude %{_sbindir}/avahi-autoipd +%dir %{_sysconfdir}/avahi +%config %{_sysconfdir}/avahi/avahi-daemon.conf +%{_sysconfdir}/avahi/avahi-dnsconfd.action +%dir %{_sysconfdir}/avahi/services +%config(noreplace) %{_sysconfdir}/avahi/hosts +%{_datadir}/dbus-1/system.d/*.conf +%{_datadir}/dbus-1/interfaces/org.freedesktop.Avahi.*.xml +%{_datadir}/dbus-1/system-services/org.freedesktop.Avahi.service +%dir %{_prefix}/lib/avahi +%{_unitdir}/avahi-daemon.service +%{_unitdir}/avahi-daemon.socket +%{_unitdir}/avahi-dnsconfd.service +%{_sysusersdir}/avahi.conf +# Common file for avahi-utils-gtk and python3-avahi-gtk: +%dir %{_datadir}/avahi/ +%{_datadir}/avahi/interfaces +%{_fillupdir}/sysconfig.avahi + +%files lang -f %{name}.lang + +%files -n libavahi-client%{avahi_client_sover} +%{_libdir}/libavahi-client*.so.* + +%files -n libavahi-common%{avahi_common_sover} +%{_libdir}/libavahi-common*.so.* + +%files -n libavahi-core%{avahi_core_sover} +%{_libdir}/libavahi-core*.so.* + +%files -n libavahi-libevent%{avahi_libevent_sover} +%{_libdir}/libavahi-libevent*.so.* + +%files -n libdns_sd +# libdns_sd.so must be in non-devel package to provide mDNSResponder-lib compatibility: +%{_libdir}/libdns_sd.so +%{_libdir}/libdns_sd.so.* + +%files -n libhowl%{avahi_libhowl_sover} +%{_libdir}/libhowl.so.* + +%files %{python_files avahi} +%python_alternative %{_bindir}/avahi-bookmarks +%python_alternative %{_mandir}/man1/avahi-bookmarks.1%{ext_man} +%{python_sitelib}/avahi + +%files autoipd +%doc avahi-autoipd/README.SUSE +%{_mandir}/man8/avahi-autoipd.8%{ext_man} +%attr(-,avahi-autoipd,avahi-autoipd)%{_localstatedir}/lib/avahi-autoipd +%{_sbindir}/avahi-autoipd +%{_sysconfdir}/avahi/avahi-autoipd.action +%{_fillupdir}/sysconfig.avahi-autoipd +%{_sysusersdir}/avahi-autoipd.conf + +%files utils +%{_bindir}/avahi-browse* +%{_bindir}/avahi-publish* +%{_bindir}/avahi-resolve* +%{_bindir}/avahi-set-host-name +%dir %{_datadir}/avahi/ +%{_datadir}/avahi/avahi-service.dtd +%{_mandir}/man1/avahi-browse*.1* +%{_mandir}/man1/avahi-publish*.1* +%{_mandir}/man1/avahi-resolve*.1* +%{_mandir}/man1/avahi-set-host-name.1* + +%files -n libavahi-devel +# FIXME: Maybe split to particular subpackages. +#%doc doc/api/html +#%doc doc/*.html doc/*.txt doc/file-boilerplate.c doc/TODO +%{_includedir}/avahi-client +%{_includedir}/avahi-common +%{_includedir}/avahi-core +%{_includedir}/avahi-libevent +# avahi devel files +%{_libdir}/libavahi-client.*a +%{_libdir}/libavahi-client*.so +%{_libdir}/libavahi-core.*a +%{_libdir}/libavahi-core*.so +%{_libdir}/libavahi-common*.so +# do not remove unless you fix the resulting problems +# reference is in libavahi-client.la +%{_libdir}/libavahi-common*.*a +%{_libdir}/libavahi-libevent.*a +%{_libdir}/libavahi-libevent*.so +%{_libdir}/pkgconfig/avahi-client.pc +%{_libdir}/pkgconfig/avahi-core.pc +%{_libdir}/pkgconfig/avahi-libevent.pc + +%files compat-mDNSResponder-devel +%{_includedir}/avahi-compat-libdns_sd +%{_includedir}/dns_sd.h +%{_libdir}/libdns_sd.*a +%{_libdir}/pkgconfig/avahi-compat-libdns_sd.pc + +%files compat-howl-devel +%{_includedir}/avahi-compat-howl +%{_libdir}/libhowl.so +%{_libdir}/libhowl.*a +%{_libdir}/pkgconfig/avahi-compat-howl.pc +%{_libdir}/pkgconfig/howl.pc +%endif + +%if %{build_glib2} +%files -n libavahi-ui-gtk3-%{avahi_gtk3_sover} +%{_libdir}/libavahi-ui-gtk3.so.%{avahi_gtk3_sover}* + +%files -n libavahi-glib%{avahi_glib_sover} +%{_libdir}/libavahi-glib*.so.* + +%files -n libavahi-gobject%{avahi_gobject_sover} +%{_libdir}/libavahi-gobject*.so.* + +%files -n typelib-1_0-Avahi-0_6 +%{_libdir}/girepository-1.0/Avahi-0.6.typelib +%{_libdir}/girepository-1.0/AvahiCore-0.6.typelib + +%files -n python3-avahi-gtk +%{_bindir}/avahi-discover +%{_datadir}/applications/avahi-discover.desktop +%{_mandir}/man1/avahi-discover.1* + +%files -n avahi-utils-gtk +%{_bindir}/bshell +%{_bindir}/bssh +%{_bindir}/bvnc +%{_bindir}/avahi-discover-standalone +%{_datadir}/applications/bssh.desktop +%{_datadir}/applications/bvnc.desktop +%{_mandir}/man1/bshell.1* +%{_mandir}/man1/bssh.1* +%{_mandir}/man1/bvnc.1* + +%files -n libavahi-glib-devel +%{_includedir}/avahi-glib +%{_includedir}/avahi-ui +%{_libdir}/libavahi-glib*.*a +%{_libdir}/libavahi-glib*.so +%{_libdir}/libavahi-ui*.*a +%{_libdir}/libavahi-ui*.*so +%{_libdir}/pkgconfig/avahi-glib.pc +%{_libdir}/pkgconfig/avahi-ui-gtk3.pc + +%files -n libavahi-gobject-devel +%{_includedir}/avahi-gobject +%{_libdir}/libavahi-gobject*.*a +%{_libdir}/libavahi-gobject*.so +%{_libdir}/pkgconfig/avahi-gobject.pc +%{_datadir}/gir-1.0/*.gir +%endif + +%if %{build_qt5} +%files -n libavahi-qt5-%{avahi_qt5_sover} +%{_libdir}/libavahi-qt5.so.* + +%files -n libavahi-qt5-devel +%{_includedir}/avahi-qt5 +%{_libdir}/libavahi-qt5.*a +%{_libdir}/libavahi-qt5.so +%{_libdir}/pkgconfig/avahi-qt5.pc +%endif + +%changelog diff --git a/avahi.sysconfig b/avahi.sysconfig new file mode 100644 index 0000000..b04231a --- /dev/null +++ b/avahi.sysconfig @@ -0,0 +1,10 @@ +## Path: System/Zeroconf +## Description: Zeroconf (Bonjour, Rendezvous) options + +## Type: yesno +## Default: yes +# +# Detect unicast DNS .local domain and temporarily disable avahi in such case. +# For more read http://avahi.org/wiki/AvahiAndUnicastDotLocal +# +AVAHI_DAEMON_DETECT_LOCAL="yes" diff --git a/avahi.sysusers b/avahi.sysusers new file mode 100644 index 0000000..1ba4037 --- /dev/null +++ b/avahi.sysusers @@ -0,0 +1,2 @@ +#Type Name ID GECOS Home directory Shell +u avahi - "User for Avahi" /run/avahi-daemon - diff --git a/baselibs.conf b/baselibs.conf new file mode 100644 index 0000000..d93df76 --- /dev/null +++ b/baselibs.conf @@ -0,0 +1,13 @@ +avahi +libavahi-client3 +libavahi-common3 + obsoletes "avahi- <= " + provides "avahi- = " +libavahi-glib1 + obsoletes "avahi-glib- <= " + provides "avahi-glib- = " +libdns_sd + obsoletes "avahi-compat-mDNSResponder- <= " + provides "avahi-compat-mDNSResponder- = " + obsoletes "mDNSResponder-lib- <= 107.5" + obsoletes "mDNSResponder- <= 107.5" diff --git a/build-db b/build-db new file mode 100644 index 0000000..153f613 --- /dev/null +++ b/build-db @@ -0,0 +1,49 @@ +#!/usr/bin/env python +# -*-python-*- +# This file is part of avahi. +# +# avahi is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as +# published by the Free Software Foundation; either version 2 of the +# License, or (at your option) any later version. +# +# avahi is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY +# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public +# License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with avahi; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 +# USA. + +try: + import anydbm as dbm +except ImportError: + import dbm + +import sys + +if len(sys.argv) > 1: + infn = sys.argv[1] +else: + infn = "service-types" + +if len(sys.argv) > 2: + outfn = sys.argv[2] +else: + outfn = infn + ".db" + +db = dbm.open(outfn, "n") + +for ln in open(infn, "r"): + ln = ln.strip(" \r\n\t") + + if ln == "" or ln.startswith("#"): + continue + + t, n = ln.split(":", 1) + + db[t.strip()] = n.strip() + +db.close() diff --git a/harden_avahi-daemon.service.patch b/harden_avahi-daemon.service.patch new file mode 100644 index 0000000..6719ed9 --- /dev/null +++ b/harden_avahi-daemon.service.patch @@ -0,0 +1,24 @@ +Index: avahi-0.8/avahi-daemon/avahi-daemon.service.in +=================================================================== +--- avahi-0.8.orig/avahi-daemon/avahi-daemon.service.in ++++ avahi-0.8/avahi-daemon/avahi-daemon.service.in +@@ -20,6 +20,19 @@ Description=Avahi mDNS/DNS-SD Stack + Requires=avahi-daemon.socket + + [Service] ++# added automatically, for details please see ++# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort ++ProtectSystem=full ++ProtectHome=true ++PrivateDevices=true ++ProtectHostname=true ++ProtectClock=true ++ProtectKernelTunables=true ++ProtectKernelModules=true ++ProtectKernelLogs=true ++ProtectControlGroups=true ++RestrictRealtime=true ++# end of automatic additions + Type=dbus + BusName=org.freedesktop.Avahi + ExecStart=@sbindir@/avahi-daemon -s diff --git a/harden_avahi-dnsconfd.service.patch b/harden_avahi-dnsconfd.service.patch new file mode 100644 index 0000000..07a4593 --- /dev/null +++ b/harden_avahi-dnsconfd.service.patch @@ -0,0 +1,24 @@ +Index: avahi-0.8/avahi-dnsconfd/avahi-dnsconfd.service.in +=================================================================== +--- avahi-0.8.orig/avahi-dnsconfd/avahi-dnsconfd.service.in ++++ avahi-0.8/avahi-dnsconfd/avahi-dnsconfd.service.in +@@ -21,6 +21,19 @@ Requires=avahi-daemon.socket avahi-daemo + After=avahi-daemon.socket + + [Service] ++# added automatically, for details please see ++# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort ++ProtectSystem=full ++ProtectHome=true ++PrivateDevices=true ++ProtectHostname=true ++ProtectClock=true ++ProtectKernelTunables=true ++ProtectKernelModules=true ++ProtectKernelLogs=true ++ProtectControlGroups=true ++RestrictRealtime=true ++# end of automatic additions + Type=simple + ExecStart=@sbindir@/avahi-dnsconfd -s + diff --git a/update_spec.pl b/update_spec.pl new file mode 100644 index 0000000..7110b1c --- /dev/null +++ b/update_spec.pl @@ -0,0 +1,106 @@ +#! /usr/bin/perl + +my $name = $ARGV[0]; +$name =~ s,.*/,,; +$name =~ s,\.spec.*,,; + +my %attributes = (); +open(FILE, $ARGV[1]) || die 'no attributes'; +my $pack = undef; +my $text = undef; +while ( ) { + if (/^\+(.*)$/) { $pack = $1; $text = ''; next } + if (/^-(.*)$/) { + if ($pack ne $1) { + die "$pack and $1 do not match"; + } + $text =~ s,^\s*,,; + $text =~ s,\s*$,,; + $attributes{$pack} = $text; + $text = undef; + $pack = undef; + next; + } + if (defined $text) { + $text .= $_; + } elsif (/^(\S*)\s*(.*)$/) { + my $attr = $1; + my $string = $2; + $string =~ s,^\s*,,; + $string =~ s,\s*$,,; + $attributes{$attr} = $string; + } +} +close(FILE); + +open(FILE, $ARGV[0]); + +sub description() +{ + if (/^%description\s*(.*)\s*/) { + my $suffix = $1; + my $pname = $name; + + if ($suffix =~ m/-n\s*(.*)/) { + $pname = $1; + } else { + $pname = "$name-$suffix" if ($suffix); + } + + if (defined $attributes{"description.$pname"}) { + print $_; + my $descr = $attributes{"description.$pname"}; + print "$descr\n"; + $_ = ''; + do { + $_ = ; + } while ( $_ !~ /^%/ && $_ !~ /^@/ ); + print "\n"; + description(); + } + } + +} + +# current subpackage +my $pname = $name; + +while ( ) +{ + if (/^Name:\s*(.*)/) { + $name = $1; + $pname = $1; + } + description(); + + if (/^%package\s*(.*)/) { + my $suffix = $1; + if ($suffix =~ m/-n\s*(.*)/) { + $pname = $1; + } else { + $pname = "$name-$1"; + } + } + + if (/^(Summary:\s*)(.*)$/) { + if (defined $attributes{"summary.$pname"}) { + print $1 . $attributes{"summary.$pname"} ."\n"; + next; + } + } + if (/^(License:\s*)(.*)$/) { + if (defined $attributes{"license.$pname"}) { + print $1 . $attributes{"license.$pname"} ."\n"; + next; + } + } + if (/^(Group:\s*)(.*)$/) { + if (defined $attributes{"group.$pname"}) { + print $1 . $attributes{"group.$pname"} ."\n"; + next; + } + } + print $_; +} + +close(FILE);