Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package avahi for openSUSE:Factory checked in at 2021-02-22 14:39:40 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/avahi (Old) and /work/SRC/openSUSE:Factory/.avahi.new.2378 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "avahi" Mon Feb 22 14:39:40 2021 rev:137 rq:873919 version:0.8 Changes: -------- avahi-mono.changes: same change avahi-qt5.changes: same change --- /work/SRC/openSUSE:Factory/avahi/avahi.changes 2021-02-16 22:41:30.674040216 +0100 +++ /work/SRC/openSUSE:Factory/.avahi.new.2378/avahi.changes 2021-02-22 14:39:56.968590321 +0100 @@ -1,0 +2,11 @@ +Tue Feb 16 22:37:35 UTC 2021 - Michael Gorse <mgo...@suse.com> + +- Update avahi-daemon-check-dns.sh from Debian. Our previous + version relied on ifconfig, route, and init.d. +- Rebase avahi-daemon-check-dns-suse.patch, and drop privileges + when invoking avahi-daemon-check-dns.sh (boo#1180827 + CVE-2021-26720). +- Add sudo to requires: used to drop privileges. + + +------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ avahi-glib2.spec ++++++ --- /var/tmp/diff_new_pack.EpV9Rc/_old 2021-02-22 14:39:57.740591177 +0100 +++ /var/tmp/diff_new_pack.EpV9Rc/_new 2021-02-22 14:39:57.744591181 +0100 @@ -50,7 +50,7 @@ Group: System/Daemons URL: http://www.avahi.org/ Source: http://avahi.org/download/%{_name}-%{version}.tar.gz -# From http://packages.debian.org/sid/avahi-daemon http://ftp.debian.org/debian/pool/main/a/avahi/avahi_0.6.31-1.debian.tar.gz +# From http://packages.debian.org/sid/avahi-daemon http://ftp.debian.org/debian/pool/main/a/avahi/avahi_0.8-3.debian.tar.xz Source1: avahi-daemon-check-dns.sh # Copy of glib-2.0.m4 from glib2-devel to not depend on glib2-devel. Source4: avahi-glib-gettext.m4 @@ -103,6 +103,7 @@ BuildRequires: zlib-devel BuildRequires: pkgconfig(systemd) Requires: nss-mdns +Requires: sudo Requires(pre): shadow # # mDNSResponder was used for <= 10.2: ++++++ avahi-mono.spec ++++++ --- /var/tmp/diff_new_pack.EpV9Rc/_old 2021-02-22 14:39:57.760591199 +0100 +++ /var/tmp/diff_new_pack.EpV9Rc/_new 2021-02-22 14:39:57.764591203 +0100 @@ -50,7 +50,7 @@ Group: Development/Languages/Mono URL: http://www.avahi.org/ Source: http://avahi.org/download/%{_name}-%{version}.tar.gz -# From http://packages.debian.org/sid/avahi-daemon http://ftp.debian.org/debian/pool/main/a/avahi/avahi_0.6.31-1.debian.tar.gz +# From http://packages.debian.org/sid/avahi-daemon http://ftp.debian.org/debian/pool/main/a/avahi/avahi_0.8-3.debian.tar.xz Source1: avahi-daemon-check-dns.sh # Copy of glib-2.0.m4 from glib2-devel to not depend on glib2-devel. Source4: avahi-glib-gettext.m4 @@ -103,6 +103,7 @@ BuildRequires: zlib-devel BuildRequires: pkgconfig(systemd) Requires: nss-mdns +Requires: sudo Requires(pre): shadow # # mDNSResponder was used for <= 10.2: ++++++ avahi-qt5.spec ++++++ --- /var/tmp/diff_new_pack.EpV9Rc/_old 2021-02-22 14:39:57.784591226 +0100 +++ /var/tmp/diff_new_pack.EpV9Rc/_new 2021-02-22 14:39:57.788591230 +0100 @@ -50,7 +50,7 @@ Group: System/Daemons URL: http://www.avahi.org/ Source: http://avahi.org/download/%{_name}-%{version}.tar.gz -# From http://packages.debian.org/sid/avahi-daemon http://ftp.debian.org/debian/pool/main/a/avahi/avahi_0.6.31-1.debian.tar.gz +# From http://packages.debian.org/sid/avahi-daemon http://ftp.debian.org/debian/pool/main/a/avahi/avahi_0.8-3.debian.tar.xz Source1: avahi-daemon-check-dns.sh # Copy of glib-2.0.m4 from glib2-devel to not depend on glib2-devel. Source4: avahi-glib-gettext.m4 @@ -103,6 +103,7 @@ BuildRequires: zlib-devel BuildRequires: pkgconfig(systemd) Requires: nss-mdns +Requires: sudo Requires(pre): shadow # # mDNSResponder was used for <= 10.2: ++++++ avahi.spec ++++++ --- /var/tmp/diff_new_pack.EpV9Rc/_old 2021-02-22 14:39:57.804591248 +0100 +++ /var/tmp/diff_new_pack.EpV9Rc/_new 2021-02-22 14:39:57.808591252 +0100 @@ -52,7 +52,7 @@ Group: System/Daemons URL: http://www.avahi.org/ Source: http://avahi.org/download/%{_name}-%{version}.tar.gz -# From http://packages.debian.org/sid/avahi-daemon http://ftp.debian.org/debian/pool/main/a/avahi/avahi_0.6.31-1.debian.tar.gz +# From http://packages.debian.org/sid/avahi-daemon http://ftp.debian.org/debian/pool/main/a/avahi/avahi_0.8-3.debian.tar.xz Source1: avahi-daemon-check-dns.sh # Copy of glib-2.0.m4 from glib2-devel to not depend on glib2-devel. Source4: avahi-glib-gettext.m4 @@ -105,6 +105,7 @@ BuildRequires: zlib-devel BuildRequires: pkgconfig(systemd) Requires: nss-mdns +Requires: sudo Requires(pre): shadow # # mDNSResponder was used for <= 10.2: ++++++ avahi-daemon-check-dns-suse.patch ++++++ --- /var/tmp/diff_new_pack.EpV9Rc/_old 2021-02-22 14:39:57.884591337 +0100 +++ /var/tmp/diff_new_pack.EpV9Rc/_new 2021-02-22 14:39:57.884591337 +0100 @@ -1,5 +1,5 @@ ---- avahi-daemon-check-dns.sh.debian 2012-03-04 05:24:07.000000000 +0100 -+++ avahi-daemon-check-dns.sh 2012-05-23 20:06:27.121923772 +0200 +--- avahi-daemon-check-dns.sh.debian 2021-01-27 15:28:07.832795734 -0600 ++++ avahi-daemon-check-dns.sh 2021-01-27 15:39:35.364471899 -0600 @@ -5,15 +5,15 @@ PATH=/bin:/usr/bin:/sbin:/usr/sbin @@ -13,48 +13,16 @@ +AVAHI_DAEMON_DETECT_LOCAL=yes -test -f /etc/default/avahi-daemon && . /etc/default/avahi-daemon -+test -f /etc/sysconfig/avahi-daemon && . /etc/sysconfig/avahi-daemon ++test -f /etc/sysconfig/avahi && . /etc/sysconfig/avahi -if [ "$AVAHI_DAEMON_DETECT_LOCAL" != "1" ]; then +if [ "$AVAHI_DAEMON_DETECT_LOCAL" != "yes" ]; then exit 0 fi -@@ -96,12 +96,8 @@ - # no unicast .local conflict, so remove the tag and start avahi again - if [ -e ${DISABLE_TAG} ]; then - rm -f ${DISABLE_TAG} -- if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then -- invoke-rc.d avahi-daemon start || true -- else -- if [ -x "/etc/init.d/avahi-daemon" ]; then -- /etc/init.d/avahi-daemon start || true -- fi -+ if [ -x "/etc/init.d/avahi-daemon" ]; then -+ /etc/init.d/avahi-daemon start || true - fi - fi - } -@@ -110,14 +106,8 @@ - [ -e ${DISABLE_TAG} ] && return - - if [ -x /etc/init.d/avahi-daemon ]; then -- if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then -- invoke-rc.d --force avahi-daemon stop || true -- else -- if [ -x "/etc/init.d/avahi-daemon" ]; then -- /etc/init.d/avahi-daemon stop || true -- fi -- fi -- if [ -x /usr/bin/logger ]; then -+ /etc/init.d/avahi-daemon stop || true -+ if [ -x /bin/logger ]; then - logger -p daemon.warning -t avahi <<EOF - Avahi detected that your currently configured local DNS server serves - a domain .local. This is inherently incompatible with Avahi and thus ---- avahi-daemon.if-up.debian 2012-03-04 05:24:07.000000000 +0100 -+++ avahi-daemon.if-up 2012-05-24 19:38:04.347420848 +0200 -@@ -3,7 +3,7 @@ +--- avahi-daemon.if-up.debian 2021-01-27 16:09:50.922179542 -0600 ++++ avahi-daemon.if-up 2021-01-27 16:11:54.942842665 -0600 +@@ -3,10 +3,10 @@ # Don't run the avahi-daemon unicast local check while bringing up # the loopback device; it's not necessary until we bring up a real network # device @@ -63,3 +31,7 @@ # If we have an unicast .local domain, we immediately disable avahi to avoid # conflicts with the multicast IP4LL .local domain + if [ -x /usr/lib/avahi/avahi-daemon-check-dns.sh ] ; then +- exec /usr/lib/avahi/avahi-daemon-check-dns.sh ++ sudo -u avahi -g avahi /usr/lib/avahi/avahi-daemon-check-dns.sh + fi ++++++ avahi-daemon-check-dns.sh ++++++ --- /var/tmp/diff_new_pack.EpV9Rc/_old 2021-02-22 14:39:57.896591350 +0100 +++ /var/tmp/diff_new_pack.EpV9Rc/_new 2021-02-22 14:39:57.900591354 +0100 @@ -21,7 +21,20 @@ if [ ! -d ${RUNDIR} ] ; then mkdir -m 0755 -p ${RUNDIR} chown avahi:avahi ${RUNDIR} - fi + fi +} + +log_disable_warning() { + if [ -x /usr/bin/logger ]; then + logger -p daemon.warning -t avahi <<EOF +Avahi detected that your currently configured local DNS server serves +a domain .local. This is inherently incompatible with Avahi and thus +Avahi stopped itself. If you want to use Avahi in this network, please +contact your administrator and convince him to use a different DNS domain, +since .local should be used exclusively for Zeroconf technology. +For more information, see http://avahi.org/wiki/AvahiAndUnicastDotLocal +EOF + fi } dns_reachable() { @@ -31,12 +44,17 @@ # If there is no local nameserver and no we have no global ip addresses # then we can't reach any nameservers if ! $(egrep -q "nameserver 127.0.0.1|::1" /etc/resolv.conf); then - # Get addresses of all running interfaces - ADDRS=$(LC_ALL=C ifconfig | grep ' addr:') - # Filter out all local addresses - ADDRS=$(echo "${ADDRS}" | egrep -v ':127|Scope:Host|Scope:Link') - # Check we have a default route - ROUTES=$(route -n | grep '^0.0.0.0 ') + if [ -x "$(which ip)" ]; then + ADDRS=$(ip addr show scope global | grep inet) + ROUTES=$(ip route show 0.0.0.0/0) + elif [ -x "$(which ifconfig)" -a -x "$(which route)" ]; then + # Get addresses of all running interfaces + ADDRS=$(LC_ALL=C ifconfig | grep ' addr:') + # Filter out all local addresses + ADDRS=$(echo "${ADDRS}" | egrep -v ':127|Scope:Host|Scope:Link') + # Check we have a default route + ROUTES=$(route -n | grep '^0.0.0.0 ') + fi if [ -z "${ADDRS}" -o -z "${ROUTES}" ] ; then return 1; fi @@ -55,7 +73,8 @@ fi fi - OUT=`LC_ALL=C host -t soa local. 2>&1` + # Use timeout when calling host as workaround for LP: #1752411 + OUT=`LC_ALL=C timeout 5 host -t soa local. 2>&1` if [ $? -eq 0 ] ; then if echo "$OUT" | egrep -vq 'has no|not found'; then return 0 @@ -96,12 +115,10 @@ # no unicast .local conflict, so remove the tag and start avahi again if [ -e ${DISABLE_TAG} ]; then rm -f ${DISABLE_TAG} - if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then - invoke-rc.d avahi-daemon start || true - else - if [ -x "/etc/init.d/avahi-daemon" ]; then - /etc/init.d/avahi-daemon start || true - fi + if [ -d /run/systemd/system ]; then + systemctl start avahi-daemon.socket avahi-daemon.service || true + elif [ -x "/etc/init.d/avahi-daemon" ]; then + /etc/init.d/avahi-daemon start || true fi fi } @@ -109,24 +126,12 @@ disable_avahi () { [ -e ${DISABLE_TAG} ] && return - if [ -x /etc/init.d/avahi-daemon ]; then - if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then - invoke-rc.d --force avahi-daemon stop || true - else - if [ -x "/etc/init.d/avahi-daemon" ]; then - /etc/init.d/avahi-daemon stop || true - fi - fi - if [ -x /usr/bin/logger ]; then - logger -p daemon.warning -t avahi <<EOF -Avahi detected that your currently configured local DNS server serves -a domain .local. This is inherently incompatible with Avahi and thus -Avahi disabled itself. If you want to use Avahi in this network, please -contact your administrator and convince him to use a different DNS domain, -since .local should be used exclusively for Zeroconf technology. -For more information, see http://avahi.org/wiki/AvahiAndUnicastDotLocal -EOF - fi + if [ -d /run/systemd/system ]; then + systemctl stop avahi-daemon.socket avahi-daemon.service || true + log_disable_warning + elif [ -x "/etc/init.d/avahi-daemon" ]; then + /etc/init.d/avahi-daemon stop || true + log_disable_warning fi ensure_rundir touch ${DISABLE_TAG}
