diff --git a/avahi-daemon-check-dns-suse.patch b/avahi-daemon-check-dns-suse.patch
index d94bc04..2ba2641 100644
--- a/avahi-daemon-check-dns-suse.patch
+++ b/avahi-daemon-check-dns-suse.patch
@@ -1,5 +1,5 @@
---- avahi-daemon-check-dns.sh.debian	2012-03-04 05:24:07.000000000 +0100
-+++ avahi-daemon-check-dns.sh	2012-05-23 20:06:27.121923772 +0200
+--- avahi-daemon-check-dns.sh.debian	2021-01-27 15:28:07.832795734 -0600
++++ avahi-daemon-check-dns.sh	2021-01-27 15:39:35.364471899 -0600
 @@ -5,15 +5,15 @@
  
  PATH=/bin:/usr/bin:/sbin:/usr/sbin
@@ -13,48 +13,16 @@
 +AVAHI_DAEMON_DETECT_LOCAL=yes
  
 -test -f /etc/default/avahi-daemon && . /etc/default/avahi-daemon
-+test -f /etc/sysconfig/avahi-daemon && . /etc/sysconfig/avahi-daemon
++test -f /etc/sysconfig/avahi && . /etc/sysconfig/avahi
  
 -if [ "$AVAHI_DAEMON_DETECT_LOCAL" != "1" ]; then
 +if [ "$AVAHI_DAEMON_DETECT_LOCAL" != "yes" ]; then
    exit 0
  fi
  
-@@ -96,12 +96,8 @@
-   # no unicast .local conflict, so remove the tag and start avahi again
-   if [ -e ${DISABLE_TAG} ]; then
-     rm -f ${DISABLE_TAG}
--    if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then
--      invoke-rc.d avahi-daemon start || true
--    else
--      if [ -x "/etc/init.d/avahi-daemon" ]; then
--        /etc/init.d/avahi-daemon start || true
--      fi
-+    if [ -x "/etc/init.d/avahi-daemon" ]; then
-+      /etc/init.d/avahi-daemon start || true
-     fi
-   fi
- }
-@@ -110,14 +106,8 @@
-   [ -e ${DISABLE_TAG} ] && return
- 
-   if [ -x /etc/init.d/avahi-daemon ]; then
--    if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then
--      invoke-rc.d --force avahi-daemon stop || true
--    else
--      if [ -x "/etc/init.d/avahi-daemon" ]; then
--        /etc/init.d/avahi-daemon stop || true
--      fi
--    fi
--    if [ -x /usr/bin/logger ]; then
-+    /etc/init.d/avahi-daemon stop || true
-+    if [ -x /bin/logger ]; then
-       logger -p daemon.warning -t avahi <<EOF
- Avahi detected that your currently configured local DNS server serves
- a domain .local. This is inherently incompatible with Avahi and thus
---- avahi-daemon.if-up.debian	2012-03-04 05:24:07.000000000 +0100
-+++ avahi-daemon.if-up	2012-05-24 19:38:04.347420848 +0200
-@@ -3,7 +3,7 @@
+--- avahi-daemon.if-up.debian	2021-01-27 16:09:50.922179542 -0600
++++ avahi-daemon.if-up	2021-01-27 16:11:54.942842665 -0600
+@@ -3,10 +3,10 @@
  # Don't run the avahi-daemon unicast local check while bringing up
  # the loopback device; it's not necessary until we bring up a real network
  # device
@@ -63,3 +31,7 @@
  
  # If we have an unicast .local domain, we immediately disable avahi to avoid
  # conflicts with the multicast IP4LL .local domain
+ if [ -x /usr/lib/avahi/avahi-daemon-check-dns.sh ] ; then
+-  exec /usr/lib/avahi/avahi-daemon-check-dns.sh
++  sudo -u avahi -g avahi /usr/lib/avahi/avahi-daemon-check-dns.sh
+ fi
diff --git a/avahi-daemon-check-dns.sh b/avahi-daemon-check-dns.sh
index ea7301b..bdd5816 100644
--- a/avahi-daemon-check-dns.sh
+++ b/avahi-daemon-check-dns.sh
@@ -21,7 +21,20 @@ ensure_rundir() {
   if [ ! -d ${RUNDIR} ] ; then 
     mkdir -m 0755 -p ${RUNDIR}
     chown avahi:avahi ${RUNDIR}
-  fi 
+  fi
+}
+
+log_disable_warning() {
+  if [ -x /usr/bin/logger ]; then
+    logger -p daemon.warning -t avahi <<EOF
+Avahi detected that your currently configured local DNS server serves
+a domain .local. This is inherently incompatible with Avahi and thus
+Avahi stopped itself. If you want to use Avahi in this network, please
+contact your administrator and convince him to use a different DNS domain,
+since .local should be used exclusively for Zeroconf technology.
+For more information, see http://avahi.org/wiki/AvahiAndUnicastDotLocal
+EOF
+  fi
 }
 
 dns_reachable() {
@@ -31,12 +44,17 @@ dns_reachable() {
   # If there is no local nameserver and no we have no global ip addresses
   # then we can't reach any nameservers
   if ! $(egrep -q "nameserver 127.0.0.1|::1" /etc/resolv.conf); then 
-    # Get addresses of all running interfaces
-    ADDRS=$(LC_ALL=C ifconfig | grep ' addr:')
-    # Filter out all local addresses
-    ADDRS=$(echo "${ADDRS}" | egrep -v ':127|Scope:Host|Scope:Link')
-    # Check we have a default route
-    ROUTES=$(route -n | grep '^0.0.0.0 ')
+    if [ -x "$(which ip)" ]; then
+      ADDRS=$(ip addr show scope global | grep inet)
+      ROUTES=$(ip route show 0.0.0.0/0)
+    elif [ -x "$(which ifconfig)" -a -x "$(which route)" ]; then
+      # Get addresses of all running interfaces
+      ADDRS=$(LC_ALL=C ifconfig | grep ' addr:')
+      # Filter out all local addresses
+      ADDRS=$(echo "${ADDRS}" | egrep -v ':127|Scope:Host|Scope:Link')
+      # Check we have a default route
+      ROUTES=$(route -n | grep '^0.0.0.0 ')
+    fi
     if [ -z "${ADDRS}" -o -z "${ROUTES}" ] ; then
       return 1;
     fi
@@ -55,7 +73,8 @@ dns_has_local() {
     fi
   fi
 
-  OUT=`LC_ALL=C host -t soa local. 2>&1`
+  # Use timeout when calling host as workaround for LP: #1752411
+  OUT=`LC_ALL=C timeout 5 host -t soa local. 2>&1`
   if [ $? -eq 0 ] ; then
     if echo "$OUT" | egrep -vq 'has no|not found'; then
       return 0
@@ -96,12 +115,10 @@ enable_avahi () {
   # no unicast .local conflict, so remove the tag and start avahi again
   if [ -e ${DISABLE_TAG} ]; then
     rm -f ${DISABLE_TAG}
-    if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then
-      invoke-rc.d avahi-daemon start || true
-    else
-      if [ -x "/etc/init.d/avahi-daemon" ]; then
-        /etc/init.d/avahi-daemon start || true
-      fi
+    if [ -d /run/systemd/system ]; then
+      systemctl start avahi-daemon.socket avahi-daemon.service || true
+    elif [ -x "/etc/init.d/avahi-daemon" ]; then
+      /etc/init.d/avahi-daemon start || true
     fi
   fi
 }
@@ -109,24 +126,12 @@ enable_avahi () {
 disable_avahi () {
   [ -e ${DISABLE_TAG} ] && return
 
-  if [ -x /etc/init.d/avahi-daemon ]; then
-    if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then
-      invoke-rc.d --force avahi-daemon stop || true
-    else
-      if [ -x "/etc/init.d/avahi-daemon" ]; then
-        /etc/init.d/avahi-daemon stop || true
-      fi
-    fi
-    if [ -x /usr/bin/logger ]; then
-      logger -p daemon.warning -t avahi <<EOF
-Avahi detected that your currently configured local DNS server serves
-a domain .local. This is inherently incompatible with Avahi and thus
-Avahi disabled itself. If you want to use Avahi in this network, please
-contact your administrator and convince him to use a different DNS domain,
-since .local should be used exclusively for Zeroconf technology.
-For more information, see http://avahi.org/wiki/AvahiAndUnicastDotLocal
-EOF
-    fi
+  if [ -d /run/systemd/system ]; then
+    systemctl stop avahi-daemon.socket avahi-daemon.service || true
+    log_disable_warning
+  elif [ -x "/etc/init.d/avahi-daemon" ]; then
+    /etc/init.d/avahi-daemon stop || true
+    log_disable_warning
   fi
   ensure_rundir
   touch ${DISABLE_TAG}
diff --git a/avahi-glib2.spec b/avahi-glib2.spec
index f8d4c8a..3857eec 100644
--- a/avahi-glib2.spec
+++ b/avahi-glib2.spec
@@ -50,7 +50,7 @@ License:        LGPL-2.1-or-later
 Group:          System/Daemons
 URL:            http://www.avahi.org/
 Source:         http://avahi.org/download/%{_name}-%{version}.tar.gz
-# From http://packages.debian.org/sid/avahi-daemon http://ftp.debian.org/debian/pool/main/a/avahi/avahi_0.6.31-1.debian.tar.gz
+# From http://packages.debian.org/sid/avahi-daemon http://ftp.debian.org/debian/pool/main/a/avahi/avahi_0.8-3.debian.tar.xz
 Source1:        avahi-daemon-check-dns.sh
 # Copy of glib-2.0.m4 from glib2-devel to not depend on glib2-devel.
 Source4:        avahi-glib-gettext.m4
@@ -103,6 +103,7 @@ BuildRequires:  libevent-devel >= 2.1.5
 BuildRequires:  zlib-devel
 BuildRequires:  pkgconfig(systemd)
 Requires:       nss-mdns
+Requires:       sudo
 Requires(pre):  shadow
 #
 # mDNSResponder was used for <= 10.2:
diff --git a/avahi-mono.spec b/avahi-mono.spec
index 66ecd71..d1e92fd 100644
--- a/avahi-mono.spec
+++ b/avahi-mono.spec
@@ -50,7 +50,7 @@ License:        LGPL-2.1-or-later
 Group:          Development/Languages/Mono
 URL:            http://www.avahi.org/
 Source:         http://avahi.org/download/%{_name}-%{version}.tar.gz
-# From http://packages.debian.org/sid/avahi-daemon http://ftp.debian.org/debian/pool/main/a/avahi/avahi_0.6.31-1.debian.tar.gz
+# From http://packages.debian.org/sid/avahi-daemon http://ftp.debian.org/debian/pool/main/a/avahi/avahi_0.8-3.debian.tar.xz
 Source1:        avahi-daemon-check-dns.sh
 # Copy of glib-2.0.m4 from glib2-devel to not depend on glib2-devel.
 Source4:        avahi-glib-gettext.m4
@@ -103,6 +103,7 @@ BuildRequires:  libevent-devel >= 2.1.5
 BuildRequires:  zlib-devel
 BuildRequires:  pkgconfig(systemd)
 Requires:       nss-mdns
+Requires:       sudo
 Requires(pre):  shadow
 #
 # mDNSResponder was used for <= 10.2:
diff --git a/avahi-qt5.spec b/avahi-qt5.spec
index 1af6afa..a669eca 100644
--- a/avahi-qt5.spec
+++ b/avahi-qt5.spec
@@ -50,7 +50,7 @@ License:        LGPL-2.1-or-later
 Group:          System/Daemons
 URL:            http://www.avahi.org/
 Source:         http://avahi.org/download/%{_name}-%{version}.tar.gz
-# From http://packages.debian.org/sid/avahi-daemon http://ftp.debian.org/debian/pool/main/a/avahi/avahi_0.6.31-1.debian.tar.gz
+# From http://packages.debian.org/sid/avahi-daemon http://ftp.debian.org/debian/pool/main/a/avahi/avahi_0.8-3.debian.tar.xz
 Source1:        avahi-daemon-check-dns.sh
 # Copy of glib-2.0.m4 from glib2-devel to not depend on glib2-devel.
 Source4:        avahi-glib-gettext.m4
@@ -103,6 +103,7 @@ BuildRequires:  libevent-devel >= 2.1.5
 BuildRequires:  zlib-devel
 BuildRequires:  pkgconfig(systemd)
 Requires:       nss-mdns
+Requires:       sudo
 Requires(pre):  shadow
 #
 # mDNSResponder was used for <= 10.2:
diff --git a/avahi.changes b/avahi.changes
index 084cc02..f2b4f5a 100644
--- a/avahi.changes
+++ b/avahi.changes
@@ -1,3 +1,14 @@
+-------------------------------------------------------------------
+Tue Feb 16 22:37:35 UTC 2021 - Michael Gorse <mgorse@suse.com>
+
+- Update avahi-daemon-check-dns.sh from Debian. Our previous
+  version relied on ifconfig, route, and init.d.
+- Rebase avahi-daemon-check-dns-suse.patch, and drop privileges
+  when invoking avahi-daemon-check-dns.sh (boo#1180827
+  CVE-2021-26720).
+- Add sudo to requires: used to drop privileges.
+
+
 -------------------------------------------------------------------
 Wed Feb 10 20:09:43 UTC 2021 - Jan Engelhardt <jengelh@inai.de>
 
diff --git a/avahi.spec b/avahi.spec
index c8cc81a..510011b 100644
--- a/avahi.spec
+++ b/avahi.spec
@@ -52,7 +52,7 @@ License:        LGPL-2.1-or-later
 Group:          System/Daemons
 URL:            http://www.avahi.org/
 Source:         http://avahi.org/download/%{_name}-%{version}.tar.gz
-# From http://packages.debian.org/sid/avahi-daemon http://ftp.debian.org/debian/pool/main/a/avahi/avahi_0.6.31-1.debian.tar.gz
+# From http://packages.debian.org/sid/avahi-daemon http://ftp.debian.org/debian/pool/main/a/avahi/avahi_0.8-3.debian.tar.xz
 Source1:        avahi-daemon-check-dns.sh
 # Copy of glib-2.0.m4 from glib2-devel to not depend on glib2-devel.
 Source4:        avahi-glib-gettext.m4
@@ -105,6 +105,7 @@ BuildRequires:  libevent-devel >= 2.1.5
 BuildRequires:  zlib-devel
 BuildRequires:  pkgconfig(systemd)
 Requires:       nss-mdns
+Requires:       sudo
 Requires(pre):  shadow
 #
 # mDNSResponder was used for <= 10.2: