avahi (0.8-13ubuntu6) noble; urgency=medium
* avahi-autoipd: Demote isc-dhcp-client from Recommends to Suggests
(LP: #2058242)
-- Benjamin Drung <bdrung@ubuntu.com> Fri, 05 Apr 2024 12:57:26 +0200
avahi (0.8-13ubuntu5) noble; urgency=medium
* No-change rebuild for CVE-2024-3094
-- Steve Langasek <steve.langasek@ubuntu.com> Sun, 31 Mar 2024 07:28:17 +0000
avahi (0.8-13ubuntu4) noble; urgency=medium
* No-change rebuild against libglib2.0-0t64
-- Steve Langasek <steve.langasek@ubuntu.com> Mon, 11 Mar 2024 22:03:07 +0000
avahi (0.8-13ubuntu3) noble; urgency=medium
* No-change rebuild against libglib2.0-0t64
-- Steve Langasek <steve.langasek@ubuntu.com> Fri, 08 Mar 2024 03:51:49 +0000
avahi (0.8-13ubuntu2) noble; urgency=medium
* SECURITY UPDATE: Reachable assertions exist in server functions of
avahi-core
- debian/patches/CVE-2023-38469-1.patch: reject overly long TXT
resource records
- debian/patches/CVE-2023-38469-2.patch: tests: pass overly long TXT
resource records
- CVE-2023-38469
* SECURITY UPDATE: Reachable assertions exist in domain functions in
avahi-common
- debian/patches/CVE-2023-38470-1.patch: Ensure each label is at least
one byte long
- debian/patches/CVE-2023-38470-2.patch: bail out when escaped labels
can't fit into ret
- CVE-2023-38470
* SECURITY UPDATE: Reachable assertions exist in server functions in
avahi-core
- debian/patches/CVE-2023-38471-1.patch: core: extract host name using
avahi_unescape_label()
- debian/patches/CVE-2023-38471-2.patch: core: return errors from
avahi_server_set_host_name properly
- CVE-2023-38471
* SECURITY UPDATE: Reachable assertions exist in dbus functions in
avahi-daemon
- debian/patches/CVE-2023-38472.patch: core: make sure there is rdata
to process before parsing it
- CVE-2023-38472
* SECURITY UPDATE: Reachable assertions exist in alternative functions
in avahi-common
- debian/patches/CVE-2023-38473.patch: common: derive alternative host
name from its unescaped version
- CVE-2023-38473
-- Nick Galanis <nick.galanis@canonical.com> Mon, 20 Nov 2023 13:51:34 +0200
avahi (0.8-13ubuntu1) noble; urgency=medium
* Merge with Debian unstable. Remaining changes:
- Disable lto, see https://bugzilla.redhat.com/show_bug.cgi?id=1907727
- avahi-daemon-chroot-fix-bogus-assignments-in-assertions.patch,
avahi-client-fix-resource-leak.patch: Issues discovered by static analysis
(Upstream pull request #202)
-- Nick Rosbrook <enr0n@ubuntu.com> Thu, 16 Nov 2023 15:20:09 -0500
avahi (0.8-13) unstable; urgency=medium
* Team upload
* gir1.2-avahi-0.6: Make the Provides on gir1.2-avahicore-0.6 versioned.
This will allow it to satisfy versioned dependencies on
gir1.2-avahicore-0.6 (>= x).
* libavahi-gobject-dev: Add Provides for the included GIR XML.
To make cross-compiling and bootstrapping easier, the version of the
gobject-introspection mini-policy currently in experimental asks for
GIR XML to either be split into a gir1.2-x-y-dev package or have
Provides on that name, so that dependent packages can add that package
to their Build-Depends.
* gir1.2-avahi-0.6, libavahi-gobject-dev: Add ${gir:Provides}.
When built with the version of gobject-introspection currently in
experimental, this will generate a Provides equivalent to the ones that
are currently hard-coded.
* libavahi-gobject-dev: Add ${gir:Depends}.
Just for completeness: the only dependency is gir1.2-gobject-2.0, which
all GObject-Introspection-based tools are expected to pull in as a
dependency anyway.
* d/control, d/rules: Implement nogir build profile.
This allows src:avahi to be bootstrapped on new architectures before
gobject-introspection has been compiled, breaking a cyclic dependency:
gobject-introspection pulls in cairo, which indirectly Depends on
the non-GObject parts of avahi (via cups and ghostscript).
Disabling the entire libavahi-gobject-dev package is a bigger hammer
than we would normally use, but it avoids a trip through NEW to split
the package between C development files and a new gir1.2-avahi-0.6-dev
binary package. (Closes: #1055437)
-- Simon McVittie <smcv@debian.org> Tue, 07 Nov 2023 10:54:25 +0000
avahi (0.8-12) unstable; urgency=medium
* Team upload
* Install the systemd unit in /usr/lib/systemd/system.
This was allowed by Technical Committee resolution #1053901. avahi
has not usually been backported, so it doesn't seem important to make
backports trivial for this particular package.
Build-depend on debhelper (>= 13.11.6~) so that dh_installsystemd finds
the unit in its new location.
* d/control: Canonicalize order of build-dependencies.
No functional change.
* Build-depend on pkgconf instead of pkg-config
* d/tests: Add superficial autopkgtests for the -dev packages.
Linking a trivial executable to a library is a surprisingly effective
way to detect packaging errors like a missing dependency.
-- Simon McVittie <smcv@debian.org> Fri, 20 Oct 2023 11:07:11 +0100
avahi (0.8-11) unstable; urgency=medium
[ Josh Triplett ]
* Drop /etc/default/avahi-daemon entirely.
The only option in it hasn't been used since avahi-daemon 0.8-4 in 2021,
which removed the avahi-daemon-check-dns mechanism in favor of upstream
logic serving the same function. Nothing else in the package references
this at all.
[ Jeremy Bícha ]
* Build-Depend on dh-sequence-gir & dh-sequence-python3
[ Robert McQueen ]
* Fix browsing when invalid services present.
Import patch from Arch to prevent service browsing from aborting in the
middle if your network contains a device with an invalid service name.
See https://github.com/lathiat/avahi/issues/212 and
https://bugs.archlinux.org/task/71781
[ Michael Biebl ]
* Use default dh_autoreconf instead of calling ./autogen.sh.
Running ./autogen.sh before build causes common/Makefile.am to be
deleted during dh_auto_clean, resulting in a subsequent build failure.
Use the default dh_autoreconf sequence instead which doesn't trigger
this behaviour.
Fixes ftbfs-binary-after-build (Closes: #1049786)
* Clean up avahi-python/avahi/__pycache__/
Fixes ftbfs-source-after-build (Closes: #1044112)
-- Michael Biebl <biebl@debian.org> Thu, 07 Sep 2023 21:43:48 +0200
avahi (0.8-10ubuntu1) mantic; urgency=medium
* Merge with Debian unstable (LP: #2020383). Remaining changes:
+ Disable lto, see https://bugzilla.redhat.com/show_bug.cgi?id=1907727
+ avahi-daemon-chroot-fix-bogus-assignments-in-assertions.patch,
avahi-client-fix-resource-leak.patch: Issues discovered by static analysis
(Upstream pull request #202)
* Dropped changes, included in Debian:
+ avoid-infinite-loop-in-avahi-daemon-by-handling-hup-event-in-client-work.patch:
Avoid infinite-loop in avahi-daemon by handling HUP event in client_work()
(Upstream pull request #330)
* Dropped changes, no longer needed:
+ debian/avahi-daemon.postinst: remove the deprecated conffiles
if-up/down entries on upgrade, use a simple logic and no
dpkg-maintscript-helper since there is no configuration worth saving
(All releases from which upgrades are supported have a new enough version)
-- Nick Rosbrook <nick.rosbrook@canonical.com> Tue, 23 May 2023 10:02:00 -0400
avahi (0.8-10) unstable; urgency=medium
[ Felix Geyer ]
* Remove dependency on bind9-host.
Originally added in #433030, no longer needed as the
avahi-daemon-check-dns.sh script is no longer shipped.
[ Michael Biebl ]
* Emit error if requested service is not found.
Fixes a potential local DoS where the avahi daemon could be crashed by
an unprivileged user via a D-Bus call.
(CVE-2023-1981, Closes: #1034594)
* Update watch file to get tarballs directly from avahi.org again.
The recent changes in GitHub broke the current watch file.
As new releases are again uploaded to avahi.org, get the release
tarballs from there.
-- Michael Biebl <biebl@debian.org> Wed, 19 Apr 2023 13:51:49 +0200
avahi (0.8-9) unstable; urgency=medium
[ Gioele Barabucci ]
* Install dbus policy in /usr instead of /etc (Closes: #1031550)
-- Michael Biebl <biebl@debian.org> Sat, 18 Feb 2023 23:09:58 +0100
avahi (0.8-8) unstable; urgency=medium
* Remove obsolete SysV init scripts
* Demote resolvconf to a Suggests for avahi-dnsconfd
-- Michael Biebl <biebl@debian.org> Sun, 05 Feb 2023 14:21:18 +0100
avahi (0.8-7) unstable; urgency=medium
[ Debian Janitor ]
* Remove constraints unnecessary since buster
* Build-Depends: Drop versioned constraint on intltool, libcap-dev,
libdaemon-dev, libdbus-1-dev and libglib2.0-dev.
* avahi-daemon: Drop versioned constraint on libnss-mdns in Recommends.
* libavahi-client-dev: Drop versioned constraint on libdbus-1-dev in
Depends.
* libavahi-compat-libdnssd1: Drop versioned constraint on libnss-mdns in
Recommends.
* Remove 3 maintscript entries from 2 files.
Changes-By: deb-scrub-obsolete
[ Michael Biebl ]
* Fix encoding of avahi-common/domain.h to be valid UTF-8
* Avoid infinite-loop in avahi-daemon by handling HUP event in client_work.
Fixes a local DoS that could be triggered by writing long lines to
/run/avahi-daemon/socket.
(CVE-2021-3468, Closes: #984938)
* Bump Standards-Version to 4.6.2
* Update homepage URL in debian/{copyright,control} and use https
* Remove obsolete migration code
* Drop obsolete Conflicts against zeroconf from avahi-autoipd
* Use execute_{after,before} instead of override where possible
-- Michael Biebl <biebl@debian.org> Tue, 10 Jan 2023 09:33:02 +0100
avahi (0.8-6ubuntu1) kinetic; urgency=medium
* Merge from Debian unstable, remaining changes:
+ debian/avahi-daemon.postinst: remove the deprecated conffiles
if-up/down entries on upgrade, use a simple logic and no
dpkg-maintscript-helper since there is no configuration worth saving
+ Disable lto, see https://bugzilla.redhat.com/show_bug.cgi?id=1907727
+ avahi-daemon-chroot-fix-bogus-assignments-in-assertions.patch,
avahi-client-fix-resource-leak.patch: Issues discovered by static analysis
(Upstream pull request #202)
+ avoid-infinite-loop-in-avahi-daemon-by-handling-hup-event-in-client-work.patch:
Avoid infinite-loop in avahi-daemon by handling HUP event in client_work()
(Upstream pull request #330)
* Dropped changes, included in Debian:
+ SECURITY UPDATE: DoS in avahi_s_host_name_resolver_start
-- Graham Inggs <ginggs@ubuntu.com> Mon, 22 Aug 2022 12:33:46 +0000
avahi (0.8-6) unstable; urgency=medium
[ Luca Boccassi ]
* avahi-daemon: depend on default-dbus-system-bus | dbus-system-bus.
This allows the reference implementation to be removed if using a
different system bus implementation such as dbus-broker.
[smcv: Adjust commit message]
[ Simon McVittie ]
* Add patch to fix display of URLs containing '&' in avahi-discover
* Standards-Version: 4.6.0 (no changes required)
* Use recommended debhelper compat level 13
[ Michael Biebl ]
* Do not disable timeout cleanup on watch cleanup.
This was causing timeouts to never be removed from the linked list that
tracks them, resulting in both memory and CPU usage to grow larger over
time. Thanks to Gustavo Noronha Silva (Closes: #993051)
* Drop obsolete lsb-base Depends
* Fix NULL pointer crashes when trying to resolve badly-formatted hostnames.
Fixes a local DoS in avahi-daemon that can be triggered by trying to
resolve badly-formatted hostnames on the /run/avahi-daemon/socket
interface. (CVE-2021-3502, Closes: #986018)
-- Michael Biebl <biebl@debian.org> Sun, 05 Jun 2022 18:33:10 +0200
avahi (0.8-5ubuntu5) jammy; urgency=medium
* No-change rebuild for ppc64el baseline bump.
-- Łukasz 'sil2100' Zemczak <lukasz.zemczak@ubuntu.com> Wed, 23 Mar 2022 10:42:05 +0100
avahi (0.8-5ubuntu4) impish; urgency=medium
* SECURITY UPDATE: DoS in avahi_s_host_name_resolver_start
- debian/patches/CVE-2021-3502.patch: fix multiple null pointer crashes
in avahi-core/browse-dns-server.c, avahi-core/browse-domain.c,
avahi-core/browse-service-type.c, avahi-core/browse-service.c,
avahi-core/browse.c, avahi-core/resolve-address.c,
avahi-core/resolve-host-name.c, avahi-core/resolve-service.c.
- CVE-2021-3502
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 06 Jul 2021 10:13:47 -0400
avahi (0.8-5ubuntu3) hirsute; urgency=medium
* avahi-daemon-chroot-fix-bogus-assignments-in-assertions.patch,
avahi-client-fix-resource-leak.patch: Issues discovered by static analysis
(Upstream pull request #202).
* avoid-infinite-loop-in-avahi-daemon-by-handling-hup-event-in-client-work.patch:
Avoid infinite-loop in avahi-daemon by handling HUP event in client_work()
(Upstream pull request #330).
-- Till Kamppeter <till.kamppeter@gmail.com> Thu, 8 Apr 2021 15:24:07 +0200
avahi (0.8-5ubuntu2) hirsute; urgency=medium
* Disable lto. See https://bugzilla.redhat.com/show_bug.cgi?id=1907727.
-- Matthias Klose <doko@ubuntu.com> Mon, 22 Mar 2021 20:47:51 +0100
avahi (0.8-5ubuntu1) hirsute; urgency=low
* Merge from Debian unstable. Remaining changes:
- debian/avahi-daemon.postinst: remove the deprecated conffiles
if-up/down entries on upgrade, use a simple logic and no
dpkg-maintscript-helper since there is no configuration worth saving
-- Till Kamppeter <till.kamppeter@gmail.com> Wed, 24 Feb 2021 23:53:07 +0100
avahi (0.8-5) unstable; urgency=medium
* d/avahi-daemon.maintscript: Drop removal of symlink, they're not normal
config files.
* d/avahi-daemon.postinst: Clean up left-over dpkg-backup symlink from 0.8.3
to 0.8.4 symlink (Closes: #982016)
-- Sjoerd Simons <sjoerd@debian.org> Sat, 06 Feb 2021 16:05:37 +0100
avahi (0.8-4) unstable; urgency=medium
[ Sjoerd Simons ]
* Team upload
[ Simon McVittie ]
* Remove avahi-daemon-check-dns mechanism, no longer needed.
Thanks to Trent Lloyd, Sebastien Bacher (LP: #1870824)
(Closes: #433945, #559927, #629509, #747895, #878586, #898038, #929010)
-- Sjoerd Simons <sjoerd@debian.org> Fri, 05 Feb 2021 09:21:16 +0100
avahi (0.8-3ubuntu2) hirsute; urgency=medium
* debian/avahi-daemon.links:
- remove buggy symlink, the target doesn't exist anymore (lp: #1901090)
* debian/avahi-daemon.postinst:
- remove the deprecated conffiles if-up/down entries on upgrade,
use a simple logic and no dpkg-maintscript-helper since there is no
configuration worth saving
-- Sebastien Bacher <seb128@ubuntu.com> Tue, 10 Nov 2020 15:03:56 +0100
avahi (0.8-3ubuntu1) groovy; urgency=low
* Merge from Debian unstable. Remaining changes:
- Remove avahi-daemon-check-dns.sh hack, the feature is provided by
libnss-mdns now
-- Steve Langasek <steve.langasek@ubuntu.com> Tue, 09 Jun 2020 13:47:56 -0700
avahi (0.8-3) unstable; urgency=medium
* Team upload
* Upload python3-avahi to unstable
* d/control: Add comments about why some packages are Arch: any.
At first glance these packages seem like they should be
Architecture: all, but in fact they cannot.
* d/control, d/shlibs.local: Tighten interdependencies within src:avahi.
Co-installation of binary packages built from different versions of the
same source package is error-prone, because parts of the same source
package typically make assumptions about non-public exported symbols,
implementation details or precise behaviour beyond what's in the public
API. Upstream developers are also unlikely to be willing to support such
installations or make promises about their behaviour.
We can make partial upgrades more robust by upgrading everything from
a single source package together.
-- Simon McVittie <smcv@debian.org> Tue, 26 May 2020 11:33:06 +0100
avahi (0.8-2) experimental; urgency=medium
* Team upload
[ Andreas Henriksson, Simon McVittie ]
* Switch from python2 to python3.
This includes renaming the python-avahi package to python3-avahi.
The only remaining package with a hard dependency on python-avahi is
avahi-discover, which is also fixed in this version.
(Closes: #853239, #936173)
[ Simon McVittie ]
* Override Lintian warning for package-name-doesnt-match-sonames libdns-sd1.
The libdns_sd.so.1 SONAME conceptually belongs to a different source
package (Apple Bonjour, which isn't currently in Debian) so it's
deliberate that we are not using its package name.
* gir1.2-avahi-0.6 Provides gir1.2-avahicore-0.6, reflecting its contents.
This matches the naming scheme from the g-i mini-policy, and lets us
stop suppressing some Lintian warnings.
* d/copyright: Add some more copyright holders
-- Simon McVittie <smcv@debian.org> Sun, 24 May 2020 11:20:46 +0100
avahi (0.8-1ubuntu1) groovy; urgency=low
* Merge from Debian unstable. Remaining changes:
- Remove avahi-daemon-check-dns.sh hack, the feature is provided by
libnss-mdns now
* Dropped changes, included upstream:
- debian/patches/CVE-2017-6519-and-CVE-2018-1000845.patch:
fix in avahi-core/server.c.
- debian/patches/local-only-services-support.patch:
replaced by the upstream commited version, part of the code which
was there to workaround a ippusbxd issue has been removed since
the problem has been resolved in cups now
- local-only-services-support.patch: Added support for advertising
* Dropped changes:
- Add udebs corresponding to libavahi-common3 and libavahi-core7, for
maas-enlist-udeb: dropped, d-i no longer used for installing maas.
-- Steve Langasek <steve.langasek@ubuntu.com> Wed, 20 May 2020 15:00:00 -0700
avahi (0.8-1) unstable; urgency=medium
* Team upload
[ Andreas Henriksson ]
* New upstream release (Closes: #951691)
- Support local-only services via the loopback interface
(Closes: #909564)
- Don't crash on keys with an empty value (Closes: #947891)
- Drop patches that are included upstream
- Disable Qt5 main loop binding for now
- Update libavahi-core7.symbols with newly added symbols
* d/p/Fetch-build-db-from-upstream-git.patch:
Patch back in a script that was omitted from the upstream tarball
* libavahi-core-dev: spelling-error-in-description shoudl should
* Drop obsolete X-Python-Version field
[ Simon McVittie ]
* Summarize significant upstream changes above
* Disable libevent main loop binding for now
* Continue to use Python 2 for now, so we can test v0.8 independent of
the switch from Python 2 to Python 3
* d/p/avahi_dns_packet_consume_uint32-fix-potential-undefined-b.patch:
Add patch from upstream git to fix undefined left-shift
* d/p/fix-bytestring-decoding-for-proper-display.patch,
d/p/avahi-discover-Don-t-decode-unicode-strings-only-bytestri.patch:
Make avahi-discover work for both Python 2 and Python 3
(hopefully Closes: #876107)
* Replace stage1 build-profile with nopython and pkg.avahi.nogui
* Set avahi user's home directory to /run/avahi-daemon for new installs.
For existing installations, it continues to be the
equivalent-but-deprecated /var/run/avahi-daemon.
* Add Build-Depends-Package to all .symbols files
* Don't explicitly link --as-needed.
This is the default in bullseye toolchains anyway.
* Use dpkg's default.mk
* Enable full compiler hardening
* Remove migration path from obsolete avahi-dbg package.
It was most recently shipped before Debian 9 'stretch', and we don't
support skipping a version when upgrading.
* Build-depend on python2.
We don't actually need Python development files here, just the
interpreter itself.
* d/rules: Make install invocations not require fakeroot.
The default for install(1) is 0755, root:root if running as root, or
0755 without ownership changes if running as an unprivileged user.
Under Rules-Requires-Root: no, we cannot explicitly chown a file,
but having it owned by the build user during build results in it being
owned by root:root in the .deb, which is what we want anyway.
* Set Rules-Requires-Root to no
* Standards-Version: 4.5.0 (no changes required)
* Move to debhelper-compat 12.
* Don't explicitly stop avahi-daemon.service in prerm.
The dh_installsystemd infrastructure handles this now. We do still mask
the service, since dh_installsystemd doesn't prevent D-Bus activation.
* Add ${misc:Pre-Depends} to all packages
* Add a patch to force a specific service type database format.
It was traditionally a gdbm database in Debian, but v0.8's build-db,
when run under Python 2, prefers dbhash (bsddb).
* d/avahi-autoipd.preinst: Remove transitional code from pre-stretch
-- Simon McVittie <smcv@debian.org> Thu, 07 May 2020 19:47:43 +0100
avahi (0.7-5) unstable; urgency=medium
* Team upload
* Build-depend on python-gi in addition to python-gi-dev.
python-gi-dev is likely to lose its python-gi dependency to help
with tracking the removal of Python 2 dependencies.
(Closes: #945034)
* d/p/Drop-legacy-unicast-queries-from-address-not-on-local-lin.patch:
Add patch from upstream to fix traffic amplification attacks
(CVE-2017-6519, CVE-2018-1000845; Closes: #917047)
* d/patches: Annotate with forwarding status
* d/avahi-daemon-check-dns.sh: Wrap host command with timeout(1) to
avoid it stalling indefinitely on some systems.
Mitigates: #559927, #898038, #929010.
Thanks to Trent Lloyd and Ubuntu.
-- Simon McVittie <smcv@debian.org> Fri, 13 Dec 2019 16:00:32 +0000
avahi (0.7-4ubuntu7) focal; urgency=medium
* Remove avahi-daemon-check-dns.sh hack, the feature is provided by
libnss-mdns now (lp: #1870824)
* debian/patches/local-only-services-support.patch:
- replaced by the upstream commited version, part of the code which
was there to workaround a ippusbxd issue has been removed since
the problem has been resolved in cups now
-- Sebastien Bacher <seb128@ubuntu.com> Wed, 08 Apr 2020 13:43:27 +0200
avahi (0.7-4ubuntu6) focal; urgency=medium
* No-change rebuild to generate dependencies on python2.
-- Matthias Klose <doko@ubuntu.com> Tue, 17 Dec 2019 12:30:55 +0000
# Older entries have been removed from this changelog.
# To read the complete changelog use `apt changelog libavahi-common-data`.
Generated by dwww version 1.16 on Sat Dec 13 16:19:27 CET 2025.