avahi (0.6.10-0ubuntu3.5) dapper-security; urgency=low * SECURITY UPDATE: denial of service via crafted mDNS packet - debian/patches/80_CVE-2008-5081.patch: verify port is > 0 in server.c - CVE-2008-5081 * SECURITY UPDATE: denial of service via empty TXT record over dbus - debian/patches/80_CVE-2007-3372.patch: set k to empty string in avahi_dbus_read_strlst() if k in NULL and also check for size in avahi_string_list_add_arbitrary() assert - CVE-2007-3372 -- Jamie Strandboge Thu, 18 Dec 2008 09:53:50 -0600 avahi (0.6.10-0ubuntu3.4) dapper-security; urgency=low * SECURITY UPDATE: denial of service via malformed DNS reply. * Add 'debian/patches/ubuntu_02_endless-dns-loop.patch' from upstream * References CVE-2006-6870 -- Kees Cook Thu, 4 Jan 2007 15:49:12 -0800 avahi (0.6.10-0ubuntu3.3) dapper-security; urgency=low * debian/patches/ubuntu_01_netlink-ownership.patch: - Previous patch broke operation with network-manager (the kernel sends funny process IDs, and due to the dropped packets avahi's state gets scrambled). - Now verify the packet's user ID instead. - Thanks to Trent Lloyd for the updated patch. - Closes: LP#72728 -- Martin Pitt Thu, 14 Dec 2006 09:24:16 +0000 avahi (0.6.10-0ubuntu3.2) dapper-security; urgency=low * SECURITY UPDATE: all netlink packets were expected to be from the kernel, which could lead to other local users manipulating Avahi, possibly crashing the server or gaining Avahi user privileges. * Add 'debian/patches/ubuntu_01_netlink-ownership.patch' to verify packet owner, as done in upstream CVS. * References CVE-2006-5461 -- Kees Cook Fri, 10 Nov 2006 14:54:28 -0800 avahi (0.6.10-0ubuntu3) dapper; urgency=low * Add kubuntu_03_fix_duplicate_entries_in_menu.patch avahi-discover has two entries in menu, so add this patch fix it . -- Hou ZhengPeng Fri, 26 May 2006 03:35:26 +0000 avahi (0.6.10-0ubuntu2) dapper; urgency=low * debian/patches/02_avahi-sharp_processes_thread.patch: + Patch from upstream SVN: - ensure the event loop is finished before freeing the poll object - set Client.Handle to null immediately after freeing it - fixes a segfault on Client.Dispose() -- Sebastian Dröge Mon, 15 May 2006 20:11:51 +0200 avahi (0.6.10-0ubuntu1) dapper; urgency=low * New upstream release + SECURITY UPDATE: Fixes CVE-2006-2288 and CVE-2006-2289 * 03_cmsg_too_large.patch, 04_initscript_log_end_msg.patch, 05_empty_service_directory.patch, 06_cname_handling.patch, 07_avahi-sharp_missing_lock.patch, 08_avahi-python_regex_fix.patch: - dropped, upstream now * UVF Exception granted by Colin Watson -- Sebastian Dröge Wed, 10 May 2006 10:00:25 +0200 avahi (0.6.9-2ubuntu7) dapper; urgency=low * 08_avahi-python_regex_fix.patch (SVN rev 1189): + Fix the regex in the ServiceTypeDatabase to also match on service types with - in them like _sftp-ssh._tcp -- Sebastian Dröge Sat, 22 Apr 2006 15:07:46 +0200 avahi (0.6.9-2ubuntu6) dapper; urgency=low * debian/patches/07_avahi-sharp_missing_lock.patch (SVN rev 1188): + Add a missing lock around the avahi_entry_group_add_service_strlst() call (Closes: Malone #37647) -- Sebastian Dröge Tue, 18 Apr 2006 15:53:24 +0200 avahi (0.6.9-2ubuntu5) dapper; urgency=low * debian/patches/06_cname_handling.patch: + Fix CNAME handling in avahi (Closes: Malone #36642) -- Sebastian Dröge Sat, 1 Apr 2006 18:02:44 +0200 avahi (0.6.9-2ubuntu4) dapper; urgency=low * debian/patches/05_empty_service_directory.patch: + updated to use upstream's solution for this problem which is cleaner -- Sebastian Dröge Fri, 24 Mar 2006 15:29:05 +0100 avahi (0.6.9-2ubuntu3) dapper; urgency=low Merge in Debian changes from 0.6.9-6 that are important for us: * debian/patches/04_initscript_log_end_msg.patch: + Replace exit statements with return, otherwise log_end_msg might not be called after d_start. Patch by Benjamin Leipold. * debian/patches/05_empty_service_directory.patch: + Change the error message that is printed when running the daemon with an empty or non-existing /etc/avahi/services directory to an informational message as we have no service files installed by default. Also add that this could be caused by an empty service directory. * Also ship docs/NEWS * Don't let libavahi-client3 recommend avahi-daemon. Let the end-user apps decide if they want to recommend avahi-daemon or not. -- Sebastian Dröge Thu, 23 Mar 2006 01:23:58 +0100 avahi (0.6.9-2ubuntu2) dapper; urgency=low * 03_cmsg_too_large.patch: + Doesn't work on 64 bit machines with 32 bit userspace because of too big cmsg data. Patch by Sjoerd Simons . (See http://avahi.org/ticket/19) -- Sebastian Dröge Thu, 16 Mar 2006 14:16:57 +0100 avahi (0.6.9-2ubuntu1) dapper; urgency=low * Merge Debian changes from 0.6.9-1 to 0.6.9-2 (see below) * Enable the howl/libdns-sd compat packages. These are to be demoted to universe and should stay there forever. -- Sebastian Dröge Mon, 6 Mar 2006 16:15:45 +0100 avahi (0.6.9-2) unstable; urgency=low * Update shlibs of libavahi-common -- Sjoerd Simons Sat, 4 Mar 2006 10:36:51 +0100 avahi (0.6.9-1ubuntu1) dapper; urgency=low * Merge with Debian. Changes from 0.6.9-0ubuntu1: + Tighter Conflicts of libavahi-core3 on libavahi-core4 + Me added to Uploaders -- Sebastian Dröge Fri, 3 Mar 2006 17:18:53 +0100 avahi (0.6.9-1) unstable; urgency=low * New upstream release * Added me to Uploaders * Fix the permissions of avahi-sharp.dll -- Sebastian Dröge Thu, 2 Mar 2006 21:21:15 +0100 avahi (0.6.9-0ubuntu1) dapper; urgency=low * New upstream release * UVF exception granted by Matt Zimmerman * Fix permissions on avahi-sharp.dll -- Sebastian Dröge Thu, 2 Mar 2006 22:49:25 +0100 avahi (0.6.8-2) unstable; urgency=low * libavahi-core's soname changed from 3 to 4. As only avahi-daemon depends on -core it's not a big problem luckily. * Change the package to reflect the soname change (Closes: #354771) -- Sjoerd Simons Wed, 1 Mar 2006 10:23:35 +0100 avahi (0.6.8-1ubuntu2) dapper; urgency=low * Rename libavahi-core3 to libavahi-core4 to reflect soname change and change libavahi-core4.shlibs according. libavahi-core4 Conflicts libavahi-core3 (<= 0.6.8-1ubuntu1). (Closes: Debian #354771, Ubuntu #33199) -- Sebastian Dröge Wed, 1 Mar 2006 09:56:36 +0100 avahi (0.6.8-1ubuntu1) dapper; urgency=low * UVF Exception granted by Matt Zimmerman * Sync with Debian: + Move mono Build-Depends to Build-Depends-Indep + Remove the QT4 bindings and their Build-Depends + Remove the howl and libdns-sd compat libraries -- Sebastian Dröge Tue, 28 Feb 2006 18:14:07 +0100 avahi (0.6.8-1) unstable; urgency=low [ Ross Burton ] * Package the avahi.hosts(5) manpage * Package the hosts conffile [ Sjoerd Simons ] * New upstream release * debian/patches/02_avahi-initscripts.patch Applied upstream -- Sjoerd Simons Mon, 27 Feb 2006 23:13:05 +0100 avahi (0.6.7-1) unstable; urgency=low * New upstream release * debian/patches/02_avahi-initscripts.patch + Force the load of the capabilities kernel module before starting the avahi-daemon. (Closes: #352858) + Fix the restart argument of the initscripts -- Sjoerd Simons Wed, 15 Feb 2006 20:37:07 +0100 avahi (0.6.6-2) unstable; urgency=low * Add libcap-dev to the build-depends to enable chroot() support (Closes: #351699) * Update the avahi-dnsconfd description (Closes: 351273) -- Sjoerd Simons Sun, 12 Feb 2006 20:12:23 +0100 avahi (0.6.6-1) unstable; urgency=low * New upstream release * s/Bonyour/Bonjour/ in libdnssd package descriptions (Closes: #349408) * debian/patches/02_stdlib_NULL.patch + Removed. Fixed upstream * debian/patches/03_reduce_qt3lib_depends.patch + Removed. Fixed upstream * debian/patches/04_pthread_flags.patch + Removed Fixed upstream * Don't let avahi-daemon suggets avahi-dnsconfd -- Sjoerd Simons Thu, 2 Feb 2006 21:11:34 +0100 avahi (0.6.4-2) unstable; urgency=low * debian/patches/04_pthread_flags.patch + Added. Check how gcc handles -pthread in combination with -shared. Fixes FTBS on mips{,el}. * Add --disabled-password to adduser options in postinst -- Sjoerd Simons Fri, 20 Jan 2006 10:40:27 +0100 avahi (0.6.4-1) unstable; urgency=low * New upstream release * Make python2.4-avahi depend on python2.4-glade (Closes: #348284) * debian/patches/02_avahi-sharp-mono1.1.13.patch + Removed. Fixed upstream * debian/patches/02_stdlib_NULL.patch + Added. To use NULL on GNU/kFreeBSD needs to be included (Thanks Aurelien Jarno) (Closes: #348405) * debian/patches/03_reduce_qt3lib_depends.patch + Added. Change avahi-qt3.pc to have qt3-mt in Requires.private instead of Requires (Thanks Isaac Clerencia) (Closes: #347710) * Make libavahi-client-dev depend on libdbus-1-dev -- Sjoerd Simons Tue, 17 Jan 2006 11:26:51 +0100 avahi (0.6.3-3) unstable; urgency=low * debian/patches/02_avahi-sharp-mono1.1.13.patch + Added. Compatibility fixes for mono 1.1.13. -- Sjoerd Simons Fri, 13 Jan 2006 14:03:59 +0100 avahi (0.6.3-2) unstable; urgency=low * Add ia64 to the architectures that build-depend on the mono stuff -- Sjoerd Simons Thu, 12 Jan 2006 11:08:42 +0100 avahi (0.6.3-1) unstable; urgency=low * New upstream release (Closes: 347385) * debian/patches/01_dbus060_compatibility.patch + Removed. Fixed upstream * debian/patches/02_avahi-sharp.patch + Removed. Fixed upstream * Don't build mono stuff on archs that don't support it (Closes: 347383) * GNU dbm files aren't arch independent so libavahi-common-data must be an arch: any package * debian/patches/01_avahi-daemon.conf.patch + Added. Don't browse any extra domains by default * Add libavahi-client-dev depend to libavahi-compat-howl-dev and libavahi-compat-libdnssd-dev (Closes: 347247) -- Sjoerd Simons Thu, 12 Jan 2006 00:23:42 +0100 avahi (0.6.1-4) unstable; urgency=low * Upload to unstable -- Sjoerd Simons Thu, 5 Jan 2006 22:13:55 +0100 avahi (0.6.1-2) experimental; urgency=low * Let libavahi-common-data conflict with libavahi-common0 * Switch avahi-utils from Arch all to Arch any (Closes: #344354) * avahi/debian/patches/02_avahi-sharp.patch + Added. Fix avahi-sharp.dll.config.in to use libavahi-glib.so.1 instead of libavahi-glib.so.0 (From avahi upstream svn) * Add ${shlibds:Depends} to the avahi-utils depends. * Add debian/libavahi-client3/usr/lib to dh_shlibdeps includes * Also ship the avahi-browse-domains symlink * Fix the avahi-discover description * Have avahi-daemon depend on dbus (>= 0.60) * Fix libavahi-cil depends * Add libavahi-common-data to python2.4-avahi depends * Update FSF address in copyright -- Sjoerd Simons Thu, 22 Dec 2005 20:02:11 +0100 avahi (0.6.1-1) experimental; urgency=low [ Sjoerd Simons ] * New upstream release (closes: #341685) * Depend on dbus >= 0.50-3 so we can use force-reload to have dbus reload configuration. * Create packages for howl and Apple Bonyour compatibility libraries * Split out common data into libavahi-common-data * Split out avahi-discover into it's own package * Symlink /usr/include/avahi-compat-libdns_sd/dns_sd.h to /usr/include/dns_sd.h for API compatability * debian/patches/01_dbus060_compatibility.patch + Added. Enables build against dbus 0.60 (from upstream svn) * Update debian/copyright * Add myself to Uploaders [ Ross Burton ] * Add debian/watch -- Sjoerd Simons Mon, 19 Dec 2005 16:25:53 +0100 avahi (0.5.2-4) experimental; urgency=low * Add python2.4-gdbm dependency to python2.4-avahi (closes: #336900) * Build monodoc manual (thanks Sebastian Dröge) -- Ross Burton Wed, 2 Nov 2005 08:49:48 +0000 avahi (0.5.2-3) experimental; urgency=low * Move all packages to their correct section (closes: #334565) -- Ross Burton Tue, 18 Oct 2005 19:05:22 +0100 avahi (0.5.2-2) experimental; urgency=low * -daemon depends on dbus-1-utils, and allow dbus-send to fail (Trent Lloyd). * -utils recommends python2.4-glad2, and explain the recommends (TL). -- Ross Burton Mon, 10 Oct 2005 10:20:05 +0100 avahi (0.5.2-1) experimental; urgency=low * New upstream release. * Change mono package to arch all. -- Ross Burton Mon, 3 Oct 2005 20:08:52 +0100 avahi (0.5-1) experimental; urgency=low [ Ross Burton ] * Update for new library versions * Added libavahi-cil mono bindings (thanks Andrew Mitchell) * Build for Debian Experimental (closes: #324990) * Split out python2.4-avahi * Add QT3 and QT4 bindings * Reload D-BUS configuration files and daemons on install * Fix daemon prerm * Add maintainer scripts for dnsconfd * Move the avahi user's home directory * Move .pc files to -dev packages [ Sjoerd Simons ] * New upstream release -- Ross Burton Fri, 30 Sep 2005 12:16:39 +0100 avahi (0.2-0ubuntu1) breezy; urgency=low * New upstream version. * Thanks to Trent Lloyd for the work - Dropped all old patches, now merged upstream. - Added new patch avahi-dnsconfd-crash.patch, fix from upstream. -- Ross Burton Tue, 30 Aug 2005 09:13:46 +0100 avahi (0.1-1) breezy; urgency=low * First upload. * Thanks to Trent Lloyd for reviewing the packages. -- Ross Burton Tue, 23 Aug 2005 09:29:46 +0100