[ubuntu/kinetic-proposed] avahi 0.8-6ubuntu1 (Accepted)

Graham Inggs ginggs at ubuntu.com
Mon Aug 22 12:42:20 UTC 2022 

avahi (0.8-6ubuntu1) kinetic; urgency=medium

  * Merge from Debian unstable, remaining changes:
    + debian/avahi-daemon.postinst: remove the deprecated conffiles
      if-up/down entries on upgrade, use a simple logic and no
      dpkg-maintscript-helper since there is no configuration worth saving
    + Disable lto, see https://bugzilla.redhat.com/show_bug.cgi?id=1907727
    + avahi-daemon-chroot-fix-bogus-assignments-in-assertions.patch,
      avahi-client-fix-resource-leak.patch: Issues discovered by static analysis
      (Upstream pull request #202)
    + avoid-infinite-loop-in-avahi-daemon-by-handling-hup-event-in-client-work.patch:
      Avoid infinite-loop in avahi-daemon by handling HUP event in client_work()
      (Upstream pull request #330)
  * Dropped changes, included in Debian:
    + SECURITY UPDATE: DoS in avahi_s_host_name_resolver_start

avahi (0.8-6) unstable; urgency=medium

  [ Luca Boccassi ]
  * avahi-daemon: depend on default-dbus-system-bus | dbus-system-bus.
    This allows the reference implementation to be removed if using a
    different system bus implementation such as dbus-broker.
    [smcv: Adjust commit message]

  [ Simon McVittie ]
  * Add patch to fix display of URLs containing '&' in avahi-discover
  * Standards-Version: 4.6.0 (no changes required)
  * Use recommended debhelper compat level 13

  [ Michael Biebl ]
  * Do not disable timeout cleanup on watch cleanup.
    This was causing timeouts to never be removed from the linked list that
    tracks them, resulting in both memory and CPU usage to grow larger over
    time. Thanks to Gustavo Noronha Silva (Closes: #993051)
  * Drop obsolete lsb-base Depends
  * Fix NULL pointer crashes when trying to resolve badly-formatted hostnames.
    Fixes a local DoS in avahi-daemon that can be triggered by trying to
    resolve badly-formatted hostnames on the /run/avahi-daemon/socket
    interface. (CVE-2021-3502, Closes: #986018)

Date: Mon, 22 Aug 2022 12:33:46 +0000
Changed-By: Graham Inggs <ginggs at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/avahi/0.8-6ubuntu1
-------------- next part --------------
Format: 1.8
Date: Mon, 22 Aug 2022 12:33:46 +0000
Source: avahi
Built-For-Profiles: noudeb
Architecture: source
Version: 0.8-6ubuntu1
Distribution: kinetic
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Graham Inggs <ginggs at ubuntu.com>
Closes: 986018 993051
Changes:
 avahi (0.8-6ubuntu1) kinetic; urgency=medium
 .
   * Merge from Debian unstable, remaining changes:
     + debian/avahi-daemon.postinst: remove the deprecated conffiles
       if-up/down entries on upgrade, use a simple logic and no
       dpkg-maintscript-helper since there is no configuration worth saving
     + Disable lto, see https://bugzilla.redhat.com/show_bug.cgi?id=1907727
     + avahi-daemon-chroot-fix-bogus-assignments-in-assertions.patch,
       avahi-client-fix-resource-leak.patch: Issues discovered by static analysis
       (Upstream pull request #202)
     + avoid-infinite-loop-in-avahi-daemon-by-handling-hup-event-in-client-work.patch:
       Avoid infinite-loop in avahi-daemon by handling HUP event in client_work()
       (Upstream pull request #330)
   * Dropped changes, included in Debian:
     + SECURITY UPDATE: DoS in avahi_s_host_name_resolver_start
 .
 avahi (0.8-6) unstable; urgency=medium
 .
   [ Luca Boccassi ]
   * avahi-daemon: depend on default-dbus-system-bus | dbus-system-bus.
     This allows the reference implementation to be removed if using a
     different system bus implementation such as dbus-broker.
     [smcv: Adjust commit message]
 .
   [ Simon McVittie ]
   * Add patch to fix display of URLs containing '&' in avahi-discover
   * Standards-Version: 4.6.0 (no changes required)
   * Use recommended debhelper compat level 13
 .
   [ Michael Biebl ]
   * Do not disable timeout cleanup on watch cleanup.
     This was causing timeouts to never be removed from the linked list that
     tracks them, resulting in both memory and CPU usage to grow larger over
     time. Thanks to Gustavo Noronha Silva (Closes: #993051)
   * Drop obsolete lsb-base Depends
   * Fix NULL pointer crashes when trying to resolve badly-formatted hostnames.
     Fixes a local DoS in avahi-daemon that can be triggered by trying to
     resolve badly-formatted hostnames on the /run/avahi-daemon/socket
     interface. (CVE-2021-3502, Closes: #986018)
Checksums-Sha1:
 9bb23a061ee98e88ab64d7642aa7f3df932164c0 4056 avahi_0.8-6ubuntu1.dsc
 d7eb5e25bf9519fa9bb246b97261ff5f84de6783 41556 avahi_0.8-6ubuntu1.debian.tar.xz
 f0402bbad2d10f373fda2ea9dbfb18329545ab10 16569 avahi_0.8-6ubuntu1_source.buildinfo
Checksums-Sha256:
 94934fda081a2123e50f5901be5393934c3d6bd5190d71dee8f2f2a1b9b2b07e 4056 avahi_0.8-6ubuntu1.dsc
 ebf1dfe5e853b6bc6843e3bd784cb6af632041f305abd0e5415114f80c1dcea4 41556 avahi_0.8-6ubuntu1.debian.tar.xz
 d73d254fe46150cdf6f087913f46ad6604e0364945aa5e2dc32279ca002bca80 16569 avahi_0.8-6ubuntu1_source.buildinfo
Files:
 805b3e7d5f40e08c64a5208742dc8597 4056 net optional avahi_0.8-6ubuntu1.dsc
 fd1719fef6243386ec2deb0d839efcea 41556 net optional avahi_0.8-6ubuntu1.debian.tar.xz
 92b00ed79050c6244fa88aaf6466ec86 16569 net optional avahi_0.8-6ubuntu1_source.buildinfo
Original-Maintainer: Utopia Maintenance Team <pkg-utopia-maintainers at lists.alioth.debian.org>

More information about the kinetic-changes mailing list