Merge ~mateus-morais/ubuntu/+source/avahi:merge-0.8-14-plucky into ubuntu/+source/avahi:debian/sid

Proposed by Mateus Rodrigues de Morais
Status: Merged
Merge reported by: Mateus Rodrigues de Morais
Merged at revision: cbf593134c0ac8bb998bea7bac9d5fd4a3b1a679
Proposed branch: ~mateus-morais/ubuntu/+source/avahi:merge-0.8-14-plucky
Merge into: ubuntu/+source/avahi:debian/sid
Diff against target: 1022 lines (+807/-3)
8 files modified
debian/changelog (+655/-1)
debian/control (+2/-1)
debian/patches/CVE-2023-38470-2.patch (+48/-0)
debian/patches/CVE-2023-38471-2.patch (+47/-0)
debian/patches/avahi-client-fix-resource-leak.patch (+24/-0)
debian/patches/avahi-daemon-chroot-fix-bogus-assignments-in-assertions.patch (+26/-0)
debian/patches/series (+4/-0)
debian/rules (+1/-1)
Reviewer Review Type Date Requested Status
Nick Rosbrook (community) Approve
git-ubuntu import Pending
Review via email: mp+477746@code.launchpad.net
To post a comment you must log in.
Revision history for this message
Nick Rosbrook (enr0n) wrote :

Praise: thanks for carefully considering the security patches, and figuring out which ones we needed to keep, and for detailing everything nicely in the changelog.

LGTM, and sponsored.

review: Approve
Revision history for this message
Mateus Rodrigues de Morais (mateus-morais) wrote :

Thank you!

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/debian/changelog b/debian/changelog
2index bd897d8..8b9d2b7 100644
3--- a/debian/changelog
4+++ b/debian/changelog
5@@ -1,3 +1,52 @@
6+avahi (0.8-14ubuntu1) plucky; urgency=medium
7+
8+ * Merge with Debian unstable (LP: #2090963). Remaining changes:
9+ - Disable lto, see https://bugzilla.redhat.com/show_bug.cgi?id=1907727
10+ - avahi-daemon-chroot-fix-bogus-assignments-in-assertions.patch,
11+ avahi-client-fix-resource-leak.patch: Issues discovered by static
12+ analysis (Upstream pull request #202)
13+ - SECURITY UPDATE: Reachable assertions exist in domain functions in
14+ avahi-common
15+ + debian/patches/CVE-2023-38470-2.patch: bail out when escaped
16+ labels can't fit into ret
17+ + CVE-2023-38470
18+ - SECURITY UPDATE: Reachable assertions exist in server functions in
19+ avahi-core
20+ + debian/patches/CVE-2023-38471-2.patch: core: return errors from
21+ avahi_server_set_host_name properly
22+ + CVE-2023-38471
23+ * Dropped changes, included in Debian:
24+ - SECURITY UPDATE: Reachable assertions exist in server functions of
25+ avahi-core
26+ + debian/patches/CVE-2023-38469-1.patch: reject overly long TXT
27+ resource records
28+ + debian/patches/CVE-2023-38469-2.patch: tests: pass overly long TXT
29+ resource records
30+ + CVE-2023-38469
31+ - SECURITY UPDATE: Reachable assertions exist in domain functions in
32+ avahi-common
33+ + debian/patches/CVE-2023-38470-1.patch: Ensure each label is at least
34+ one byte long
35+ - SECURITY UPDATE: Reachable assertions exist in server functions in
36+ avahi-core
37+ + debian/patches/CVE-2023-38471-1.patch: core: extract host name using
38+ avahi_unescape_label()
39+ - SECURITY UPDATE: Reachable assertions exist in dbus functions in
40+ avahi-daemon
41+ + debian/patches/CVE-2023-38472.patch: core: make sure there is rdata
42+ to process before parsing it
43+ + CVE-2023-38472
44+ - SECURITY UPDATE: Reachable assertions exist in alternative functions
45+ in avahi-common
46+ + debian/patches/CVE-2023-38473.patch: common: derive alternative host
47+ name from its unescaped version
48+ + CVE-2023-38473
49+ * Dropped changes, no longer needed:
50+ - avahi-autoipd: Demote isc-dhcp-client from Recommends to Suggests.
51+ Debian dropped isc-dhcp-client from Recommends altogether.
52+
53+ -- Mateus Rodrigues de Morais <mateus.morais@canonical.com> Tue, 03 Dec 2024 17:57:06 -0300
54+
55 avahi (0.8-14) unstable; urgency=medium
56
57 [ Simon McVittie ]
58@@ -48,6 +97,81 @@ avahi (0.8-14) unstable; urgency=medium
59
60 -- Michael Biebl <biebl@debian.org> Sat, 30 Nov 2024 22:54:34 +0100
61
62+avahi (0.8-13ubuntu6) noble; urgency=medium
63+
64+ * avahi-autoipd: Demote isc-dhcp-client from Recommends to Suggests
65+ (LP: #2058242)
66+
67+ -- Benjamin Drung <bdrung@ubuntu.com> Fri, 05 Apr 2024 12:57:26 +0200
68+
69+avahi (0.8-13ubuntu5) noble; urgency=medium
70+
71+ * No-change rebuild for CVE-2024-3094
72+
73+ -- Steve Langasek <steve.langasek@ubuntu.com> Sun, 31 Mar 2024 07:28:17 +0000
74+
75+avahi (0.8-13ubuntu4) noble; urgency=medium
76+
77+ * No-change rebuild against libglib2.0-0t64
78+
79+ -- Steve Langasek <steve.langasek@ubuntu.com> Mon, 11 Mar 2024 22:03:07 +0000
80+
81+avahi (0.8-13ubuntu3) noble; urgency=medium
82+
83+ * No-change rebuild against libglib2.0-0t64
84+
85+ -- Steve Langasek <steve.langasek@ubuntu.com> Fri, 08 Mar 2024 03:51:49 +0000
86+
87+avahi (0.8-13ubuntu2) noble; urgency=medium
88+
89+ * SECURITY UPDATE: Reachable assertions exist in server functions of
90+ avahi-core
91+ - debian/patches/CVE-2023-38469-1.patch: reject overly long TXT
92+ resource records
93+ - debian/patches/CVE-2023-38469-2.patch: tests: pass overly long TXT
94+ resource records
95+ - CVE-2023-38469
96+
97+ * SECURITY UPDATE: Reachable assertions exist in domain functions in
98+ avahi-common
99+ - debian/patches/CVE-2023-38470-1.patch: Ensure each label is at least
100+ one byte long
101+ - debian/patches/CVE-2023-38470-2.patch: bail out when escaped labels
102+ can't fit into ret
103+ - CVE-2023-38470
104+
105+ * SECURITY UPDATE: Reachable assertions exist in server functions in
106+ avahi-core
107+ - debian/patches/CVE-2023-38471-1.patch: core: extract host name using
108+ avahi_unescape_label()
109+ - debian/patches/CVE-2023-38471-2.patch: core: return errors from
110+ avahi_server_set_host_name properly
111+ - CVE-2023-38471
112+
113+ * SECURITY UPDATE: Reachable assertions exist in dbus functions in
114+ avahi-daemon
115+ - debian/patches/CVE-2023-38472.patch: core: make sure there is rdata
116+ to process before parsing it
117+ - CVE-2023-38472
118+
119+ * SECURITY UPDATE: Reachable assertions exist in alternative functions
120+ in avahi-common
121+ - debian/patches/CVE-2023-38473.patch: common: derive alternative host
122+ name from its unescaped version
123+ - CVE-2023-38473
124+
125+ -- Nick Galanis <nick.galanis@canonical.com> Mon, 20 Nov 2023 13:51:34 +0200
126+
127+avahi (0.8-13ubuntu1) noble; urgency=medium
128+
129+ * Merge with Debian unstable. Remaining changes:
130+ - Disable lto, see https://bugzilla.redhat.com/show_bug.cgi?id=1907727
131+ - avahi-daemon-chroot-fix-bogus-assignments-in-assertions.patch,
132+ avahi-client-fix-resource-leak.patch: Issues discovered by static analysis
133+ (Upstream pull request #202)
134+
135+ -- Nick Rosbrook <enr0n@ubuntu.com> Thu, 16 Nov 2023 15:20:09 -0500
136+
137 avahi (0.8-13) unstable; urgency=medium
138
139 * Team upload
140@@ -129,6 +253,25 @@ avahi (0.8-11) unstable; urgency=medium
141
142 -- Michael Biebl <biebl@debian.org> Thu, 07 Sep 2023 21:43:48 +0200
143
144+avahi (0.8-10ubuntu1) mantic; urgency=medium
145+
146+ * Merge with Debian unstable (LP: #2020383). Remaining changes:
147+ + Disable lto, see https://bugzilla.redhat.com/show_bug.cgi?id=1907727
148+ + avahi-daemon-chroot-fix-bogus-assignments-in-assertions.patch,
149+ avahi-client-fix-resource-leak.patch: Issues discovered by static analysis
150+ (Upstream pull request #202)
151+ * Dropped changes, included in Debian:
152+ + avoid-infinite-loop-in-avahi-daemon-by-handling-hup-event-in-client-work.patch:
153+ Avoid infinite-loop in avahi-daemon by handling HUP event in client_work()
154+ (Upstream pull request #330)
155+ * Dropped changes, no longer needed:
156+ + debian/avahi-daemon.postinst: remove the deprecated conffiles
157+ if-up/down entries on upgrade, use a simple logic and no
158+ dpkg-maintscript-helper since there is no configuration worth saving
159+ (All releases from which upgrades are supported have a new enough version)
160+
161+ -- Nick Rosbrook <nick.rosbrook@canonical.com> Tue, 23 May 2023 10:02:00 -0400
162+
163 avahi (0.8-10) unstable; urgency=medium
164
165 [ Felix Geyer ]
166@@ -190,6 +333,24 @@ avahi (0.8-7) unstable; urgency=medium
167
168 -- Michael Biebl <biebl@debian.org> Tue, 10 Jan 2023 09:33:02 +0100
169
170+avahi (0.8-6ubuntu1) kinetic; urgency=medium
171+
172+ * Merge from Debian unstable, remaining changes:
173+ + debian/avahi-daemon.postinst: remove the deprecated conffiles
174+ if-up/down entries on upgrade, use a simple logic and no
175+ dpkg-maintscript-helper since there is no configuration worth saving
176+ + Disable lto, see https://bugzilla.redhat.com/show_bug.cgi?id=1907727
177+ + avahi-daemon-chroot-fix-bogus-assignments-in-assertions.patch,
178+ avahi-client-fix-resource-leak.patch: Issues discovered by static analysis
179+ (Upstream pull request #202)
180+ + avoid-infinite-loop-in-avahi-daemon-by-handling-hup-event-in-client-work.patch:
181+ Avoid infinite-loop in avahi-daemon by handling HUP event in client_work()
182+ (Upstream pull request #330)
183+ * Dropped changes, included in Debian:
184+ + SECURITY UPDATE: DoS in avahi_s_host_name_resolver_start
185+
186+ -- Graham Inggs <ginggs@ubuntu.com> Mon, 22 Aug 2022 12:33:46 +0000
187+
188 avahi (0.8-6) unstable; urgency=medium
189
190 [ Luca Boccassi ]
191@@ -216,6 +377,50 @@ avahi (0.8-6) unstable; urgency=medium
192
193 -- Michael Biebl <biebl@debian.org> Sun, 05 Jun 2022 18:33:10 +0200
194
195+avahi (0.8-5ubuntu5) jammy; urgency=medium
196+
197+ * No-change rebuild for ppc64el baseline bump.
198+
199+ -- Łukasz 'sil2100' Zemczak <lukasz.zemczak@ubuntu.com> Wed, 23 Mar 2022 10:42:05 +0100
200+
201+avahi (0.8-5ubuntu4) impish; urgency=medium
202+
203+ * SECURITY UPDATE: DoS in avahi_s_host_name_resolver_start
204+ - debian/patches/CVE-2021-3502.patch: fix multiple null pointer crashes
205+ in avahi-core/browse-dns-server.c, avahi-core/browse-domain.c,
206+ avahi-core/browse-service-type.c, avahi-core/browse-service.c,
207+ avahi-core/browse.c, avahi-core/resolve-address.c,
208+ avahi-core/resolve-host-name.c, avahi-core/resolve-service.c.
209+ - CVE-2021-3502
210+
211+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 06 Jul 2021 10:13:47 -0400
212+
213+avahi (0.8-5ubuntu3) hirsute; urgency=medium
214+
215+ * avahi-daemon-chroot-fix-bogus-assignments-in-assertions.patch,
216+ avahi-client-fix-resource-leak.patch: Issues discovered by static analysis
217+ (Upstream pull request #202).
218+ * avoid-infinite-loop-in-avahi-daemon-by-handling-hup-event-in-client-work.patch:
219+ Avoid infinite-loop in avahi-daemon by handling HUP event in client_work()
220+ (Upstream pull request #330).
221+
222+ -- Till Kamppeter <till.kamppeter@gmail.com> Thu, 8 Apr 2021 15:24:07 +0200
223+
224+avahi (0.8-5ubuntu2) hirsute; urgency=medium
225+
226+ * Disable lto. See https://bugzilla.redhat.com/show_bug.cgi?id=1907727.
227+
228+ -- Matthias Klose <doko@ubuntu.com> Mon, 22 Mar 2021 20:47:51 +0100
229+
230+avahi (0.8-5ubuntu1) hirsute; urgency=low
231+
232+ * Merge from Debian unstable. Remaining changes:
233+ - debian/avahi-daemon.postinst: remove the deprecated conffiles
234+ if-up/down entries on upgrade, use a simple logic and no
235+ dpkg-maintscript-helper since there is no configuration worth saving
236+
237+ -- Till Kamppeter <till.kamppeter@gmail.com> Wed, 24 Feb 2021 23:53:07 +0100
238+
239 avahi (0.8-5) unstable; urgency=medium
240
241 * d/avahi-daemon.maintscript: Drop removal of symlink, they're not normal
242@@ -237,6 +442,25 @@ avahi (0.8-4) unstable; urgency=medium
243
244 -- Sjoerd Simons <sjoerd@debian.org> Fri, 05 Feb 2021 09:21:16 +0100
245
246+avahi (0.8-3ubuntu2) hirsute; urgency=medium
247+
248+ * debian/avahi-daemon.links:
249+ - remove buggy symlink, the target doesn't exist anymore (lp: #1901090)
250+ * debian/avahi-daemon.postinst:
251+ - remove the deprecated conffiles if-up/down entries on upgrade,
252+ use a simple logic and no dpkg-maintscript-helper since there is no
253+ configuration worth saving
254+
255+ -- Sebastien Bacher <seb128@ubuntu.com> Tue, 10 Nov 2020 15:03:56 +0100
256+
257+avahi (0.8-3ubuntu1) groovy; urgency=low
258+
259+ * Merge from Debian unstable. Remaining changes:
260+ - Remove avahi-daemon-check-dns.sh hack, the feature is provided by
261+ libnss-mdns now
262+
263+ -- Steve Langasek <steve.langasek@ubuntu.com> Tue, 09 Jun 2020 13:47:56 -0700
264+
265 avahi (0.8-3) unstable; urgency=medium
266
267 * Team upload
268@@ -279,6 +503,25 @@ avahi (0.8-2) experimental; urgency=medium
269
270 -- Simon McVittie <smcv@debian.org> Sun, 24 May 2020 11:20:46 +0100
271
272+avahi (0.8-1ubuntu1) groovy; urgency=low
273+
274+ * Merge from Debian unstable. Remaining changes:
275+ - Remove avahi-daemon-check-dns.sh hack, the feature is provided by
276+ libnss-mdns now
277+ * Dropped changes, included upstream:
278+ - debian/patches/CVE-2017-6519-and-CVE-2018-1000845.patch:
279+ fix in avahi-core/server.c.
280+ - debian/patches/local-only-services-support.patch:
281+ replaced by the upstream commited version, part of the code which
282+ was there to workaround a ippusbxd issue has been removed since
283+ the problem has been resolved in cups now
284+ - local-only-services-support.patch: Added support for advertising
285+ * Dropped changes:
286+ - Add udebs corresponding to libavahi-common3 and libavahi-core7, for
287+ maas-enlist-udeb: dropped, d-i no longer used for installing maas.
288+
289+ -- Steve Langasek <steve.langasek@ubuntu.com> Wed, 20 May 2020 15:00:00 -0700
290+
291 avahi (0.8-1) unstable; urgency=medium
292
293 * Team upload
294@@ -360,6 +603,63 @@ avahi (0.7-5) unstable; urgency=medium
295
296 -- Simon McVittie <smcv@debian.org> Fri, 13 Dec 2019 16:00:32 +0000
297
298+avahi (0.7-4ubuntu7) focal; urgency=medium
299+
300+ * Remove avahi-daemon-check-dns.sh hack, the feature is provided by
301+ libnss-mdns now (lp: #1870824)
302+ * debian/patches/local-only-services-support.patch:
303+ - replaced by the upstream commited version, part of the code which
304+ was there to workaround a ippusbxd issue has been removed since
305+ the problem has been resolved in cups now
306+
307+ -- Sebastien Bacher <seb128@ubuntu.com> Wed, 08 Apr 2020 13:43:27 +0200
308+
309+avahi (0.7-4ubuntu6) focal; urgency=medium
310+
311+ * No-change rebuild to generate dependencies on python2.
312+
313+ -- Matthias Klose <doko@ubuntu.com> Tue, 17 Dec 2019 12:30:55 +0000
314+
315+avahi (0.7-4ubuntu5) disco; urgency=medium
316+
317+ * SECURITY UPDATE: Denial of service
318+ - debian/patches/CVE-2017-6519-and-CVE-2018-1000845.patch:
319+ fix in avahi-core/server.c.
320+ - CVE-2017-6519
321+ - CVE-2018-1000845
322+
323+ -- Leonidas S. Barbosa <leo.barbosa@canonical.com> Wed, 30 Jan 2019 12:33:23 -0300
324+
325+avahi (0.7-4ubuntu4) disco; urgency=medium
326+
327+ * No-change rebuild against latest binid9
328+
329+ -- Jeremy Bicha <jbicha@ubuntu.com> Fri, 14 Dec 2018 17:25:36 -0500
330+
331+avahi (0.7-4ubuntu3) disco; urgency=medium
332+
333+ * Rebuild against new libgdbm6.
334+
335+ -- Gianfranco Costamagna <locutusofborg@debian.org> Sat, 03 Nov 2018 15:15:41 +0100
336+
337+avahi (0.7-4ubuntu2) cosmic; urgency=medium
338+
339+ * debian/avahi-daemon-check-dns.sh: On some hardware, the 'host'
340+ command gets stuck and does not timeout as it should leaving this script
341+ and boot-up hanging indefinitely. Launch host with 'timeout' to kill it
342+ after 5 seconds in these cases as a workaround. (LP #1752411)
343+
344+ -- Trent Lloyd <trent.lloyd@canonical.com> Tue, 21 Aug 2018 14:56:18 +0800
345+
346+avahi (0.7-4ubuntu1) cosmic; urgency=low
347+
348+ * Merge from Debian unstable. Remaining changes:
349+ - Add udebs corresponding to libavahi-common3 and libavahi-core7, for
350+ maas-enlist-udeb.
351+ - local-only-services-support.patch: Added support for advertising
352+
353+ -- Gianfranco Costamagna <locutusofborg@debian.org> Fri, 04 May 2018 09:53:20 +0200
354+
355 avahi (0.7-4) unstable; urgency=medium
356
357 * Team upload
358@@ -380,6 +680,15 @@ avahi (0.7-4) unstable; urgency=medium
359
360 -- Simon McVittie <smcv@debian.org> Fri, 27 Apr 2018 11:59:11 +0100
361
362+avahi (0.7-3.1ubuntu1) bionic; urgency=medium
363+
364+ * Merge from Debian unstable. Remaining changes:
365+ - Add udebs corresponding to libavahi-common3 and libavahi-core7, for
366+ maas-enlist-udeb.
367+ - local-only-services-support.patch: Added support for advertising
368+
369+ -- Gianfranco Costamagna <locutusofborg@debian.org> Fri, 02 Feb 2018 15:56:06 +0100
370+
371 avahi (0.7-3.1) unstable; urgency=medium
372
373 * Non-maintainer upload.
374@@ -389,6 +698,25 @@ avahi (0.7-3.1) unstable; urgency=medium
375
376 -- Gianfranco Costamagna <locutusofborg@debian.org> Fri, 02 Feb 2018 15:51:42 +0100
377
378+avahi (0.7-3ubuntu2) bionic; urgency=low
379+
380+ * local-only-services-support.patch: Added support for advertising
381+ local-only services on the loopback ("lo", "localhost") device. This
382+ is especially needed for making CUPS and cups-browsed auto-discover
383+ IPP-over-USB printers using ippusbxd (LP: #1736757, Upstream issue #125).
384+
385+ -- Till Kamppeter <till.kamppeter@gmail.com> Tue, 9 Jan 2017 21:35:51 -0200
386+
387+avahi (0.7-3ubuntu1) bionic; urgency=low
388+
389+ * Merge from Debian unstable (LP: #1735960). Remaining changes:
390+ - Add udebs corresponding to libavahi-common3 and libavahi-core7, for
391+ maas-enlist-udeb.
392+ * debian/patches/no-systemd-also.patch: Don't use 'Also=' in dnsconfd
393+ systemd unit. Closes: #878911.
394+
395+ -- Steve Langasek <steve.langasek@ubuntu.com> Tue, 02 Jan 2018 17:27:56 -0800
396+
397 avahi (0.7-3) unstable; urgency=medium
398
399 * Brown paper bag release.
400@@ -457,6 +785,14 @@ avahi (0.6.32-2) unstable; urgency=medium
401
402 -- Michael Biebl <biebl@debian.org> Mon, 23 Jan 2017 09:41:58 +0100
403
404+avahi (0.6.32-1ubuntu1) yakkety; urgency=medium
405+
406+ * Merge from Debian unstable, remaining changes:
407+ - Add udebs corresponding to libavahi-common3 and libavahi-core7, for
408+ maas-enlist-udeb.
409+
410+ -- Martin Pitt <martin.pitt@ubuntu.com> Mon, 04 Jul 2016 15:27:54 +0200
411+
412 avahi (0.6.32-1) unstable; urgency=medium
413
414 [ Michael Biebl ]
415@@ -480,6 +816,34 @@ avahi (0.6.32-1) unstable; urgency=medium
416
417 -- Michael Biebl <biebl@debian.org> Mon, 27 Jun 2016 22:54:00 +0200
418
419+avahi (0.6.32~rc+dfsg-1ubuntu2) xenial; urgency=medium
420+
421+ * Put back libavahi-common3-udeb and libavahi-core7-udeb, they are being
422+ used by maas-enlist-udeb.
423+
424+ -- Martin Pitt <martin.pitt@ubuntu.com> Tue, 24 Nov 2015 11:32:59 +0100
425+
426+avahi (0.6.32~rc+dfsg-1ubuntu1) xenial; urgency=medium
427+
428+ * Merge from Debian unstable, remaining changes:
429+ - Add debian/avahi-daemon.upstart, debian/avahi-dnsconfd.upstart,
430+ debian/avahi-cups-reload.upstart
431+ * Dropped Ubuntu changes:
432+ - debian/control: Add versioned dependency on the dbus that satisfies our
433+ upstart job dependency. This happened before precise already.
434+ - Add udebs corresponding to libavahi-common3 and libavahi-core7, so
435+ that we can use them for Eucalyptus integration in the installer.
436+ Eucalyptus is long gone, and these udebs haven't been used in a long
437+ time.
438+ - d/p/skip-nproc-in-container.patch: Detect whether we are running in a
439+ container, and do not set rlimit_nproc if so. Current LXC does not
440+ create /run/container_type any more so the patch is a no-op. It's also
441+ not necessary any more as avahi does not fail if it cannot set the
442+ rlimit.
443+ * Drop obsolete dh_installinit --upstart-only option. (LP: #1519228)
444+
445+ -- Martin Pitt <martin.pitt@ubuntu.com> Tue, 24 Nov 2015 09:17:30 +0100
446+
447 avahi (0.6.32~rc+dfsg-1) unstable; urgency=medium
448
449 * Team upload.
450@@ -515,6 +879,48 @@ avahi (0.6.31-5) unstable; urgency=medium
451
452 -- Michael Biebl <biebl@debian.org> Mon, 13 Apr 2015 21:51:24 +0200
453
454+avahi (0.6.31-4ubuntu4) vivid; urgency=medium
455+
456+ * No change rebuild to get debug symbols on all architectures.
457+
458+ -- Brian Murray <brian@ubuntu.com> Mon, 17 Nov 2014 09:22:40 -0800
459+
460+avahi (0.6.31-4ubuntu3) utopic; urgency=medium
461+
462+ * Drop upstart dependency. We ship init scripts for sysv, upstart, and
463+ systemd now. (LP: #1351306)
464+
465+ -- Martin Pitt <martin.pitt@ubuntu.com> Fri, 01 Aug 2014 15:16:40 +0200
466+
467+avahi (0.6.31-4ubuntu2) utopic; urgency=high
468+
469+ * No change rebuild against new dh_installinit, to call update-rc.d at
470+ postinst.
471+
472+ -- Dimitri John Ledkov <xnox@ubuntu.com> Wed, 28 May 2014 10:39:06 +0100
473+
474+avahi (0.6.31-4ubuntu1) trusty; urgency=medium
475+
476+ * Merge from Debian unstable, remaining changes:
477+ - debian/control: Add versioned dependency on the dbus that satisfies our
478+ upstart job dependency.
479+ - Add udebs corresponding to libavahi-common3 and libavahi-core7, so
480+ that we can use them for Eucalyptus integration in the installer.
481+ - Add debian/avahi-daemon.upstart, debian/avahi-dnsconfd.upstart,
482+ debian/avahi-cups-reload.upstart
483+ - d/p/skip-nproc-in-container.patch: Detect whether we are running in a
484+ container, and do not set rlimit_nproc if so.
485+ * Dropped changes, included in Debian:
486+ - d/p/so_reuseport-may-not-exist-in-running-kernel.patch: If
487+ SO_REUSEPORT returns ENOPROTOOPT, continue as if we did not have the
488+ call at all.
489+ - d/p/avahi-core-reserve-space-for-record-data-when-size-estimate.patch:
490+ fix a bug where avahi will use 100% CPU after cups is restarted.
491+ - Add two new symbols to libavahi-core7.symbols file.
492+ - d/p/suse-patch-gtk-box.patch: Use gtk_box API.
493+
494+ -- Steve Langasek <steve.langasek@ubuntu.com> Tue, 31 Dec 2013 00:04:39 -0800
495+
496 avahi (0.6.31-4) unstable; urgency=medium
497
498 * Team upload.
499@@ -533,6 +939,31 @@ avahi (0.6.31-4) unstable; urgency=medium
500
501 -- Laurent Bigonville <bigon@debian.org> Thu, 26 Dec 2013 18:24:41 +0100
502
503+avahi (0.6.31-3ubuntu1) trusty; urgency=medium
504+
505+ * Merge from Debian unstable, remaining changes:
506+ - debian/control: Add versioned dependency on the dbus that satisfies our
507+ upstart job dependency.
508+ - Add udebs corresponding to libavahi-common3 and libavahi-core7, so
509+ that we can use them for Eucalyptus integration in the installer.
510+ - Add debian/avahi-daemon.upstart, debian/avahi-dnsconfd.upstart,
511+ debian/avahi-cups-reload.upstart
512+ - d/p/avahi-core-reserve-space-for-record-data-when-size-estimate.patch:
513+ fix a bug where avahi will use 100% CPU after cups is restarted.
514+ - d/p/suse-patch-gtk-box.patch: Use gtk_box API.
515+ - Add two new symbols to libavahi-core7.symbols file.
516+ - d/p/so_reuseport-may-not-exist-in-running-kernel.patch: If
517+ SO_REUSEPORT returns ENOPROTOOPT, continue as if we did not have the
518+ call at all.
519+ - d/p/skip-nproc-in-container.patch: Detect whether we are running in a
520+ container, and do not set rlimit_nproc if so.
521+ * Dropped changes, included in Debian:
522+ - Build-depend on and use dh_autotools-dev to fix FTBFS on new arches.
523+ - debian/avahi-{daemon,dnsconfd}.links: Remove systemd configuration
524+ symlinks. Superseded by dh-systemd.
525+
526+ -- Steve Langasek <steve.langasek@ubuntu.com> Fri, 13 Dec 2013 15:56:07 -0800
527+
528 avahi (0.6.31-3) unstable; urgency=low
529
530 * Team upload.
531@@ -561,6 +992,55 @@ avahi (0.6.31-3) unstable; urgency=low
532
533 -- Laurent Bigonville <bigon@debian.org> Sat, 07 Dec 2013 16:24:13 +0100
534
535+avahi (0.6.31-2ubuntu5) trusty; urgency=low
536+
537+ * d/p/skip-nproc-in-container.patch: Detect whether we are running in a
538+ container, and do not set rlimit_nproc if so (LP: #1251257)
539+
540+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 18 Nov 2013 20:44:14 +0000
541+
542+avahi (0.6.31-2ubuntu4) saucy; urgency=low
543+
544+ * When userspace defines SO_REUSEPORT we will attempt to enable socket
545+ port number reuse. However if the running kernel does not support
546+ this call it will fail preventing daemon startup. If this call is
547+ present but fails ENOPROTOOPT then we know that actually the kernel
548+ does not support it and we should continue as if we did not have the
549+ call at all. (LP: #1228204)
550+
551+ -- Andy Whitcroft <apw@canonical.com> Fri, 20 Sep 2013 16:07:36 +0100
552+
553+avahi (0.6.31-2ubuntu3) saucy; urgency=low
554+
555+ * Build-depend on and use dh_autotools-dev to fix FTBFS on new arches.
556+
557+ -- Adam Conrad <adconrad@ubuntu.com> Fri, 13 Sep 2013 20:27:08 -0400
558+
559+avahi (0.6.31-2ubuntu2) saucy; urgency=low
560+
561+ * Use gkt_box API, using patch from SUSE. Thus fixing assignments that
562+ make pointers from integers without a cast.
563+ * Add two new symbols to libavahi-core7.symbols file.
564+
565+ -- Dmitrijs Ledkovs <dmitrij.ledkov@ubuntu.com> Thu, 30 May 2013 17:03:51 +0100
566+
567+avahi (0.6.31-2ubuntu1) saucy; urgency=low
568+
569+ * Merge with Debian unstable. Remaining changes:
570+ - debian/control: Add versioned dependency on the dbus that satisfies our
571+ upstart job dependency.
572+ - Add udebs corresponding to libavahi-common3 and libavahi-core7, so
573+ that we can use them for Eucalyptus integration in the installer.
574+ - Add debian/avahi-daemon.upstart, debian/avahi-dnsconfd.upstart
575+ - debian/avahi-{daemon,dnsconfd}.links: Remove systemd configuration
576+ symlinks.
577+ - Apply a patch
578+ avahi-core-reserve-space-for-record-data-when-size-estimate.patch to
579+ fix http://pad.lv/1059286 .
580+ - Add avahi-cups-reload.upstart job, to refresh remote queues.
581+
582+ -- Dmitrijs Ledkovs <dmitrij.ledkov@ubuntu.com> Thu, 30 May 2013 15:46:06 +0100
583+
584 avahi (0.6.31-2) unstable; urgency=low
585
586 * Use recommended maintscript versioning scheme.
587@@ -572,6 +1052,46 @@ avahi (0.6.31-2) unstable; urgency=low
588
589 -- Michael Biebl <biebl@debian.org> Wed, 06 Mar 2013 22:58:55 +0100
590
591+avahi (0.6.31-1ubuntu3) raring; urgency=low
592+
593+ * Reload cups to refresh remote queues, when avahi-daemon starts. (LP:
594+ #1158686). Until cups learns to reconnect to avahi by itself
595+ https://www.cups.org/str.php?L4300 .
596+
597+ -- Dmitrijs Ledkovs <dmitrij.ledkov@ubuntu.com> Fri, 22 Mar 2013 10:49:47 +0000
598+
599+avahi (0.6.31-1ubuntu2) quantal-proposed; urgency=low
600+
601+ * debian/patches/avahi-core-reserve-space-for-record-data-when-size-estimate.patch:
602+ avahi-core: reserve space for record data when size estimate. This
603+ prevents avahi-daemon from falling into an invalid loop when many CUPS/IPP
604+ printer shares get registered (LP: #1059286,
605+ http://lists.freedesktop.org/archives/avahi/2012-September/002188.html).
606+
607+ -- Till Kamppeter <till.kamppeter@gmail.com> Mon, 8 Oct 2012 22:23:00 +0200
608+
609+avahi (0.6.31-1ubuntu1) quantal; urgency=low
610+
611+ * Merge with Debian unstable. Remaining changes:
612+ - debian/control: Add versioned dependency on the dbus that satisfies our
613+ upstart job dependency.
614+ - Add udebs corresponding to libavahi-common3 and libavahi-core7, so
615+ that we can use them for Eucalyptus integration in the installer.
616+ - Add debian/avahi-daemon.upstart, debian/avahi-dnsconfd.upstart
617+ - debian/avahi-{daemon,dnsconfd}.links: Remove systemd configuration
618+ symlinks.
619+ * Dropped changes
620+ - debian/avahi-autoipd.{pre,post}inst: Adjust package versions for conffile
621+ migration for the version when Ubuntu did the DHCP4 migration. We're now
622+ one LTS cycle since this, so there's no need to keep code paths for this
623+ upgrade.
624+ - Build with CFLAGS=-UGTK_DISABLE_DEPRECATED due to deprecation of
625+ gtk_vbox_new. No longer necessary.
626+ - Pass CFLAGS from the environment through to configure. Seems to be no
627+ longer necessary with the move to compat 9.
628+
629+ -- Iain Lane <iain.lane@canonical.com> Tue, 22 May 2012 22:21:27 +0100
630+
631 avahi (0.6.31-1) unstable; urgency=low
632
633 * New upstream release.
634@@ -593,6 +1113,33 @@ avahi (0.6.30-6) unstable; urgency=low
635
636 -- Michael Biebl <biebl@debian.org> Tue, 10 Jan 2012 00:59:49 +0100
637
638+avahi (0.6.30-5ubuntu2) precise; urgency=low
639+
640+ * Build using dh_python2.
641+
642+ -- Matthias Klose <doko@ubuntu.com> Sat, 17 Dec 2011 12:06:42 +0100
643+
644+avahi (0.6.30-5ubuntu1) precise; urgency=low
645+
646+ * Merge from Debian testing. Remaining changes:
647+ - Build with CFLAGS=-UGTK_DISABLE_DEPRECATED due to deprecation of
648+ gtk_vbox_new.
649+ - debian/control: Add versioned dependency on the dbus that satisfies our
650+ upstart job dependency.
651+ - Add udebs corresponding to libavahi-common3 and libavahi-core7, so
652+ that we can use them for Eucalyptus integration in the installer.
653+ - Add debian/avahi-daemon.upstart, debian/avahi-dnsconfd.upstart
654+ - debian/avahi-autoipd.{pre,post}inst: Adjust package versions for conffile
655+ migration for the version when Ubuntu did the DHCP4 migration. This needs
656+ to be kept until after the next LTS.
657+ - debian/avahi-{daemon,dnsconfd}.links: Remove systemd configuration
658+ symlinks.
659+ * Pass CFLAGS from the environment through to configure. This by default
660+ will turn on optimisations and debug symbol generation, both of which
661+ are currently disabled.
662+
663+ -- Christopher James Halse Rogers <raof@ubuntu.com> Tue, 18 Oct 2011 14:46:25 +1100
664+
665 avahi (0.6.30-5) unstable; urgency=low
666
667 * debian/control: Make python-avahi Architecture: any so the path to
668@@ -601,12 +1148,50 @@ avahi (0.6.30-5) unstable; urgency=low
669
670 -- Michael Biebl <biebl@debian.org> Sat, 02 Jul 2011 10:37:15 +0200
671
672+avahi (0.6.30-4ubuntu1) oneiric; urgency=low
673+
674+ * Merge from Debian unstable. Remaining changes:
675+ - Build with CFLAGS=-UGTK_DISABLE_DEPRECATED due to deprecation of
676+ gtk_vbox_new.
677+ - debian/control: Add versioned dependency on the dbus that satisfies our
678+ upstart job dependency.
679+ - Add udebs corresponding to libavahi-common3 and libavahi-core7, so
680+ that we can use them for Eucalyptus integration in the installer.
681+ - Add debian/avahi-daemon.upstart, debian/avahi-dnsconfd.upstart
682+ - debian/avahi-autoipd.{pre,post}inst: Adjust package versions for conffile
683+ migration for the version when Ubuntu did the DHCP4 migration. This needs
684+ to be kept until after the next LTS.
685+ - debian/avahi-{daemon,dnsconfd}.links: Remove systemd configuration
686+ symlinks.
687+
688+ -- Steve Langasek <steve.langasek@ubuntu.com> Fri, 01 Jul 2011 13:29:42 +0000
689+
690 avahi (0.6.30-4) unstable; urgency=low
691
692 * Add multiarch support. Patch courtesy of Steve Langasek. (Closes: #631836)
693
694 -- Michael Biebl <biebl@debian.org> Fri, 01 Jul 2011 02:28:05 +0200
695
696+avahi (0.6.30-3ubuntu3) oneiric; urgency=low
697+
698+ * Build with CFLAGS=-UGTK_DISABLE_DEPRECATED due to deprecation of
699+ gtk_vbox_new.
700+
701+ -- Steve Langasek <steve.langasek@ubuntu.com> Mon, 27 Jun 2011 10:41:14 +0000
702+
703+avahi (0.6.30-3ubuntu2) oneiric; urgency=low
704+
705+ * No-change rebuild to get consistent changelog files for multiarch.
706+
707+ -- Steve Langasek <steve.langasek@ubuntu.com> Mon, 27 Jun 2011 09:21:11 +0100
708+
709+avahi (0.6.30-3ubuntu1) oneiric; urgency=low
710+
711+ * Merge with Debian to get GTK 3 support. See 0.6.30-2ubuntu1 for remaining
712+ Ubuntu changes.
713+
714+ -- Martin Pitt <martin.pitt@ubuntu.com> Mon, 16 May 2011 21:46:44 +0200
715+
716 avahi (0.6.30-3) unstable; urgency=low
717
718 * Enable GTK3 support. (Closes: #610772)
719@@ -618,6 +1203,28 @@ avahi (0.6.30-3) unstable; urgency=low
720
721 -- Michael Biebl <biebl@debian.org> Fri, 29 Apr 2011 16:50:38 +0200
722
723+avahi (0.6.30-2ubuntu1) oneiric; urgency=low
724+
725+ * Merge with Debian unstable; remaining Ubuntu changes:
726+ - debian/control: Add versioned dependency on the dbus that satisfies our
727+ upstart job dependency.
728+ - Add udebs corresponding to libavahi-common3 and libavahi-core7, so
729+ that we can use them for Eucalyptus integration in the installer.
730+ - Add debian/avahi-daemon.upstart, debian/avahi-dnsconfd.upstart
731+ - debian/avahi-autoipd.{pre,post}inst: Adjust package versions for conffile
732+ migration for the version when Ubuntu did the DHCP4 migration. This needs
733+ to be kept until after the next LTS.
734+ - debian/avahi-{daemon,dnsconfd}.links: Remove systemd configuration
735+ symlinks.
736+ - Multiarch support:
737+ + debian/compat: Move to dh compat 9.
738+ + debian/control: Add Multi-Arch: tags, bump debhelper build
739+ dependency to debhelper which supports Multiarch, and add
740+ ${misc:Pre-Depends} fields.
741+ + debian/*.install: Update path to libraries, pkg-config files, etc.
742+
743+ -- Martin Pitt <martin.pitt@ubuntu.com> Thu, 28 Apr 2011 22:03:23 +0200
744+
745 avahi (0.6.30-2) unstable; urgency=low
746
747 * Remove Qt3 integration library. With KDE3 gone, there is no more package
748@@ -665,6 +1272,53 @@ avahi (0.6.28-5) unstable; urgency=low
749
750 -- Michael Biebl <biebl@debian.org> Mon, 07 Mar 2011 10:35:51 +0100
751
752+avahi (0.6.30-0ubuntu2) natty; urgency=low
753+
754+ * Reapply multiarch patches, on the wrong branch again Make python-avahi
755+ * Architecture: any, since the substituted path to the arch-specific .db
756+ file will be arch-specific. LP: #743438.
757+
758+ -- Steve Langasek <steve.langasek@ubuntu.com> Wed, 06 Apr 2011 16:13:36 -0700
759+
760+avahi (0.6.30-0ubuntu1) natty; urgency=low
761+
762+ * New upstream version, fixes `iface > 0' assertion errors (lp: #743031)
763+ * debian/patches/02_avahi-discover.patch:
764+ - the patch is in the new version
765+
766+ -- Sebastien Bacher <seb128@ubuntu.com> Tue, 05 Apr 2011 16:12:15 +0200
767+
768+avahi (0.6.29-0ubuntu2) natty; urgency=low
769+
770+ * FFe LP: #733501: build for multiarch.
771+
772+ -- Steve Langasek <steve.langasek@ubuntu.com> Thu, 24 Mar 2011 21:27:33 -0700
773+
774+avahi (0.6.29-0ubuntu1) natty; urgency=low
775+
776+ * New upstream release
777+ * debian/patches/02_avahi-discover.patch:
778+ - Fix avahi-discover
779+ * debian/patches/03_read_null_udp_packets.patch:
780+ - Applied upstream
781+
782+ -- Robert Ancell <robert.ancell@canonical.com> Wed, 09 Mar 2011 12:29:14 +1100
783+
784+avahi (0.6.28-4ubuntu1) natty; urgency=low
785+
786+ * Resynchronise with Debian. Remaining Ubuntu changes:
787+ - debian/control:
788+ + Add versioned dependency on the dbus that satisfies our upstart job
789+ dependency.
790+ + Add udebs corresponding to libavahi-common3 and libavahi-core6, so
791+ that we can use them for Eucalyptus integration in the installer.
792+ - Add debian/avahi-daemon.upstart, debian/avahi-dnsconfd.upstart
793+ - debian/avahi-autoipd.{pre,post}inst: Adjust package versions for conffile
794+ migration for the version when Ubuntu did the DHCP4 migration. This needs
795+ to be kept until after the next LTS.
796+
797+ -- Martin Pitt <martin.pitt@ubuntu.com> Thu, 24 Feb 2011 18:57:28 +0100
798+
799 avahi (0.6.28-4) unstable; urgency=high
800
801 * Bump debhelper compatibility level to 8 and update build dependency
802@@ -1583,7 +2237,6 @@ avahi (0.6.13-3) unstable; urgency=low
803
804 -- Sjoerd Simons <sjoerd@debian.org> Sun, 3 Sep 2006 19:27:13 +0200
805
806-
807 avahi (0.6.13-2) unstable; urgency=low
808
809 * debian/patches/02_static-hosts.patch:
810@@ -1950,3 +2603,4 @@ avahi (0.1-1) breezy; urgency=low
811 * Thanks to Trent Lloyd for reviewing the packages.
812
813 -- Ross Burton <ross@debian.org> Tue, 23 Aug 2005 09:29:46 +0100
814+
815diff --git a/debian/control b/debian/control
816index 6eea719..427b2e2 100644
817--- a/debian/control
818+++ b/debian/control
819@@ -1,7 +1,8 @@
820 Source: avahi
821 Section: net
822 Priority: optional
823-Maintainer: Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org>
824+Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
825+XSBC-Original-Maintainer: Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org>
826 Uploaders: Sjoerd Simons <sjoerd@debian.org>,
827 Sebastian Dröge <slomo@debian.org>,
828 Loic Minier <lool@dooz.org>,
829diff --git a/debian/patches/CVE-2023-38470-2.patch b/debian/patches/CVE-2023-38470-2.patch
830new file mode 100644
831index 0000000..c3596e3
832--- /dev/null
833+++ b/debian/patches/CVE-2023-38470-2.patch
834@@ -0,0 +1,48 @@
835+From 20dec84b2480821704258bc908e7b2bd2e883b24 Mon Sep 17 00:00:00 2001
836+From: Evgeny Vereshchagin <evvers@ya.ru>
837+Date: Tue, 19 Sep 2023 03:21:25 +0000
838+Subject: [PATCH] [common] bail out when escaped labels can't fit into ret
839+
840+Fixes:
841+```
842+==93410==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7f9e76f14c16 at pc 0x00000047208d bp 0x7ffee90a6a00 sp 0x7ffee90a61c8
843+READ of size 1110 at 0x7f9e76f14c16 thread T0
844+ #0 0x47208c in __interceptor_strlen (out/fuzz-domain+0x47208c) (BuildId: 731b20c1eef22c2104e75a6496a399b10cfc7cba)
845+ #1 0x534eb0 in avahi_strdup avahi/avahi-common/malloc.c:167:12
846+ #2 0x53862c in avahi_normalize_name_strdup avahi/avahi-common/domain.c:226:12
847+```
848+and
849+```
850+fuzz-domain: fuzz/fuzz-domain.c:38: int LLVMFuzzerTestOneInput(const uint8_t *, size_t): Assertion `avahi_domain_equal(s, t)' failed.
851+==101571== ERROR: libFuzzer: deadly signal
852+ #0 0x501175 in __sanitizer_print_stack_trace (/home/vagrant/avahi/out/fuzz-domain+0x501175) (BuildId: 682bf6400aff9d41b64b6e2cc3ef5ad600216ea8)
853+ #1 0x45ad2c in fuzzer::PrintStackTrace() (/home/vagrant/avahi/out/fuzz-domain+0x45ad2c) (BuildId: 682bf6400aff9d41b64b6e2cc3ef5ad600216ea8)
854+ #2 0x43fc07 in fuzzer::Fuzzer::CrashCallback() (/home/vagrant/avahi/out/fuzz-domain+0x43fc07) (BuildId: 682bf6400aff9d41b64b6e2cc3ef5ad600216ea8)
855+ #3 0x7f1581d7ebaf (/lib64/libc.so.6+0x3dbaf) (BuildId: c9f62793b9e886eb1b95077d4f26fe2b4aa1ac25)
856+ #4 0x7f1581dcf883 in __pthread_kill_implementation (/lib64/libc.so.6+0x8e883) (BuildId: c9f62793b9e886eb1b95077d4f26fe2b4aa1ac25)
857+ #5 0x7f1581d7eafd in gsignal (/lib64/libc.so.6+0x3dafd) (BuildId: c9f62793b9e886eb1b95077d4f26fe2b4aa1ac25)
858+ #6 0x7f1581d6787e in abort (/lib64/libc.so.6+0x2687e) (BuildId: c9f62793b9e886eb1b95077d4f26fe2b4aa1ac25)
859+ #7 0x7f1581d6779a in __assert_fail_base.cold (/lib64/libc.so.6+0x2679a) (BuildId: c9f62793b9e886eb1b95077d4f26fe2b4aa1ac25)
860+ #8 0x7f1581d77186 in __assert_fail (/lib64/libc.so.6+0x36186) (BuildId: c9f62793b9e886eb1b95077d4f26fe2b4aa1ac25)
861+ #9 0x5344a4 in LLVMFuzzerTestOneInput /home/vagrant/avahi/fuzz/fuzz-domain.c:38:9
862+```
863+
864+It's a follow-up to 94cb6489114636940ac683515417990b55b5d66c
865+---
866+ avahi-common/domain.c | 3 ++-
867+ 1 file changed, 2 insertions(+), 1 deletion(-)
868+
869+Index: avahi-0.8/avahi-common/domain.c
870+===================================================================
871+--- avahi-0.8.orig/avahi-common/domain.c
872++++ avahi-0.8/avahi-common/domain.c
873+@@ -210,7 +210,8 @@ char *avahi_normalize_name(const char *s
874+ } else
875+ empty = 0;
876+
877+- avahi_escape_label(label, strlen(label), &r, &size);
878++ if (!(avahi_escape_label(label, strlen(label), &r, &size)))
879++ return NULL;
880+ }
881+
882+ return ret_s;
883diff --git a/debian/patches/CVE-2023-38471-2.patch b/debian/patches/CVE-2023-38471-2.patch
884new file mode 100644
885index 0000000..fc487e7
886--- /dev/null
887+++ b/debian/patches/CVE-2023-38471-2.patch
888@@ -0,0 +1,47 @@
889+From b675f70739f404342f7f78635d6e2dcd85a13460 Mon Sep 17 00:00:00 2001
890+From: Evgeny Vereshchagin <evvers@ya.ru>
891+Date: Tue, 24 Oct 2023 22:04:51 +0000
892+Subject: [PATCH] core: return errors from avahi_server_set_host_name properly
893+
894+It's a follow-up to 894f085f402e023a98cbb6f5a3d117bd88d93b09
895+---
896+ avahi-core/server.c | 9 ++++++---
897+ 1 file changed, 6 insertions(+), 3 deletions(-)
898+
899+Index: avahi-0.8/avahi-core/server.c
900+===================================================================
901+--- avahi-0.8.orig/avahi-core/server.c
902++++ avahi-0.8/avahi-core/server.c
903+@@ -1309,10 +1309,13 @@ int avahi_server_set_host_name(AvahiServ
904+ else
905+ hn = avahi_normalize_name_strdup(host_name);
906+
907++ if (!hn)
908++ return avahi_server_set_errno(s, AVAHI_ERR_NO_MEMORY);
909++
910+ h = hn;
911+ if (!avahi_unescape_label((const char **)&hn, label, sizeof(label))) {
912+ avahi_free(h);
913+- return AVAHI_ERR_INVALID_HOST_NAME;
914++ return avahi_server_set_errno(s, AVAHI_ERR_INVALID_HOST_NAME);
915+ }
916+
917+ avahi_free(h);
918+@@ -1320,7 +1323,7 @@ int avahi_server_set_host_name(AvahiServ
919+ h = label_escaped;
920+ len = sizeof(label_escaped);
921+ if (!avahi_escape_label(label, strlen(label), &h, &len))
922+- return AVAHI_ERR_INVALID_HOST_NAME;
923++ return avahi_server_set_errno(s, AVAHI_ERR_INVALID_HOST_NAME);
924+
925+ if (avahi_domain_equal(s->host_name, label_escaped) && s->state != AVAHI_SERVER_COLLISION)
926+ return avahi_server_set_errno(s, AVAHI_ERR_NO_CHANGE);
927+@@ -1330,7 +1333,7 @@ int avahi_server_set_host_name(AvahiServ
928+ avahi_free(s->host_name);
929+ s->host_name = avahi_strdup(label_escaped);
930+ if (!s->host_name)
931+- return AVAHI_ERR_NO_MEMORY;
932++ return avahi_server_set_errno(s, AVAHI_ERR_NO_MEMORY);
933+
934+ update_fqdn(s);
935+
936diff --git a/debian/patches/avahi-client-fix-resource-leak.patch b/debian/patches/avahi-client-fix-resource-leak.patch
937new file mode 100644
938index 0000000..1b438fb
939--- /dev/null
940+++ b/debian/patches/avahi-client-fix-resource-leak.patch
941@@ -0,0 +1,24 @@
942+From 374245ec1418e7e1e57120fcaf0a12ec695f5f6d Mon Sep 17 00:00:00 2001
943+From: Michal Sekletar <msekleta@redhat.com>
944+Date: Wed, 24 Oct 2018 15:22:19 +0000
945+Subject: [PATCH] avahi-client: fix resource leak
946+
947+Origin: upstream, https://github.com/lathiat/avahi/commit/374245ec1418e7e1e57120fcaf0a12ec695f5f6d
948+
949+---
950+ avahi-client/browser.c | 2 ++
951+ 1 file changed, 2 insertions(+)
952+
953+diff --git a/avahi-client/browser.c b/avahi-client/browser.c
954+index c978d942..fa4a9a80 100644
955+--- a/avahi-client/browser.c
956++++ b/avahi-client/browser.c
957+@@ -72,6 +72,8 @@ static void parse_domain_file(AvahiDomainBrowser *b) {
958+ if (avahi_normalize_name(buf, domain, sizeof(domain)))
959+ b->static_browse_domains = avahi_string_list_add(b->static_browse_domains, domain);
960+ }
961++
962++ fclose(f);
963+ }
964+
965+ static void domain_browser_ref(AvahiDomainBrowser *db) {
966diff --git a/debian/patches/avahi-daemon-chroot-fix-bogus-assignments-in-assertions.patch b/debian/patches/avahi-daemon-chroot-fix-bogus-assignments-in-assertions.patch
967new file mode 100644
968index 0000000..f815ea3
969--- /dev/null
970+++ b/debian/patches/avahi-daemon-chroot-fix-bogus-assignments-in-assertions.patch
971@@ -0,0 +1,26 @@
972+From 4b48927e8e2c721d103018b4ce39a164b6c2898f Mon Sep 17 00:00:00 2001
973+From: Michal Sekletar <msekleta@redhat.com>
974+Date: Wed, 24 Oct 2018 15:38:48 +0000
975+Subject: [PATCH] chroot: fix bogus assignments in assertions
976+
977+Origin: upstream, https://github.com/lathiat/avahi/commit/4b48927e8e2c721d103018b4ce39a164b6c2898f
978+
979+---
980+ avahi-daemon/chroot.c | 4 ++--
981+ 1 file changed, 2 insertions(+), 2 deletions(-)
982+
983+diff --git a/avahi-daemon/chroot.c b/avahi-daemon/chroot.c
984+index ccd56be0..871b3b34 100644
985+--- a/avahi-daemon/chroot.c
986++++ b/avahi-daemon/chroot.c
987+@@ -188,8 +188,8 @@ static int recv_fd(int fd) {
988+ return -1;
989+ }
990+
991+- assert(h->cmsg_len = CMSG_LEN(sizeof(int)));
992+- assert(h->cmsg_level = SOL_SOCKET);
993++ assert(h->cmsg_len == CMSG_LEN(sizeof(int)));
994++ assert(h->cmsg_level == SOL_SOCKET);
995+ assert(h->cmsg_type == SCM_RIGHTS);
996+
997+ return *((int*)CMSG_DATA(h));
998diff --git a/debian/patches/series b/debian/patches/series
999index 5e99b56..e4585ac 100644
1000--- a/debian/patches/series
1001+++ b/debian/patches/series
1002@@ -22,3 +22,7 @@ tests-pass-overly-long-TXT-resource-records.patch
1003 Ensure-each-label-is-at-least-one-byte-long.patch
1004 core-extract-host-name-using-avahi_unescape_label.patch
1005 common-derive-alternative-host-name-from-its-unescaped-ve.patch
1006+avahi-daemon-chroot-fix-bogus-assignments-in-assertions.patch
1007+avahi-client-fix-resource-leak.patch
1008+CVE-2023-38470-2.patch
1009+CVE-2023-38471-2.patch
1010diff --git a/debian/rules b/debian/rules
1011index d109a89..223074e 100755
1012--- a/debian/rules
1013+++ b/debian/rules
1014@@ -5,7 +5,7 @@ export PYTHON=/usr/bin/python3
1015 %:
1016 dh $@
1017
1018-export DEB_BUILD_MAINT_OPTIONS = hardening=+all
1019+export DEB_BUILD_MAINT_OPTIONS = hardening=+all optimize=-lto
1020 include /usr/share/dpkg/default.mk
1021
1022 ifneq (linux,$(DEB_HOST_ARCH_OS))

Subscribers

People subscribed via source and target branches