Dominique Leuenberger
bdcdeadf85
- Update avahi-daemon-check-dns.sh from Debian. Our previous version relied on ifconfig, route, and init.d. - Rebase avahi-daemon-check-dns-suse.patch, and drop privileges when invoking avahi-daemon-check-dns.sh (boo#1180827 CVE-2021-26720). - Add sudo to requires: used to drop privileges. OBS-URL: https://build.opensuse.org/request/show/872987 OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/avahi?expand=0&rev=182
38 lines
1.3 KiB
Diff
38 lines
1.3 KiB
Diff
--- avahi-daemon-check-dns.sh.debian 2021-01-27 15:28:07.832795734 -0600
|
|
+++ avahi-daemon-check-dns.sh 2021-01-27 15:39:35.364471899 -0600
|
|
@@ -5,15 +5,15 @@
|
|
|
|
PATH=/bin:/usr/bin:/sbin:/usr/sbin
|
|
|
|
-RUNDIR="/var/run/avahi-daemon/"
|
|
+RUNDIR="/var/run/avahi-daemon"
|
|
DISABLE_TAG="$RUNDIR/disabled-for-unicast-local"
|
|
NS_CACHE="$RUNDIR/checked_nameservers"
|
|
|
|
-AVAHI_DAEMON_DETECT_LOCAL=1
|
|
+AVAHI_DAEMON_DETECT_LOCAL=yes
|
|
|
|
-test -f /etc/default/avahi-daemon && . /etc/default/avahi-daemon
|
|
+test -f /etc/sysconfig/avahi && . /etc/sysconfig/avahi
|
|
|
|
-if [ "$AVAHI_DAEMON_DETECT_LOCAL" != "1" ]; then
|
|
+if [ "$AVAHI_DAEMON_DETECT_LOCAL" != "yes" ]; then
|
|
exit 0
|
|
fi
|
|
|
|
--- avahi-daemon.if-up.debian 2021-01-27 16:09:50.922179542 -0600
|
|
+++ avahi-daemon.if-up 2021-01-27 16:11:54.942842665 -0600
|
|
@@ -3,10 +3,10 @@
|
|
# Don't run the avahi-daemon unicast local check while bringing up
|
|
# the loopback device; it's not necessary until we bring up a real network
|
|
# device
|
|
-[ "$IFACE" != "lo" ] || exit 0
|
|
+[ "$2" != "lo" ] || exit 0
|
|
|
|
# If we have an unicast .local domain, we immediately disable avahi to avoid
|
|
# conflicts with the multicast IP4LL .local domain
|
|
if [ -x /usr/lib/avahi/avahi-daemon-check-dns.sh ] ; then
|
|
- exec /usr/lib/avahi/avahi-daemon-check-dns.sh
|
|
+ sudo -u avahi -g avahi /usr/lib/avahi/avahi-daemon-check-dns.sh
|
|
fi
|