← Back to team overview

debcrafters-packages team mailing list archive

  1. debcrafters-packages team
  2. Mailing list archive
  3. Message #09854

[Bug 2130121] [NEW] Merge avahi from Debian Unstable for resolute

  Thread PreviousDate PreviousThread Next 
Public bug reported:

Scheduled-For: ubuntu-25.11
Ubuntu: 0.8-16ubuntu3
Debian Unstable: 0.8-17

A new release of avahi is available for merging from Debian Unstable.

If it turns out this needs a sync rather than a merge, please change the
tagging from ['dcr-merge'] to ['dcr-sync'], and (optionally) update the
title as desired.

### New Debian Changes ###

avahi (0.8-17) unstable; urgency=medium

  * Team upload

  [ Lukas Märdian ]
  * d/t/local-resolve-service: Add non-superficial DEP-8 test, which
    validates resolving of mDNS .local domains and service discovery

  [ Simon McVittie ]
  * d/control: Build-depend on gobject-introspection, gir1.2-*-dev.
    libgirepository1.0-dev is non-multiarch-friendly and should be phased
    out during the forky cycle.
  * Add patch from upstream 0.9-rc2 to turn off wide-area by default.
    (Mitigates: CVE-2024-52615, CVE-2024-52616, #1088110, #1088111)
  * Standards-Version: 4.7.2 (no changes required)

 -- Simon McVittie <smcv@xxxxxxxxxx>  Tue, 09 Sep 2025 10:24:58 +0100


### Old Ubuntu Delta ###

avahi (0.8-16ubuntu3) questing; urgency=medium

  * Rebuild to include updated RISC-V base ISA RVA23

 -- Heinrich Schuchardt <heinrich.schuchardt@xxxxxxxxxxxxx>  Wed, 03 Sep
2025 15:02:42 +0000

avahi (0.8-16ubuntu2) plucky; urgency=medium

  * d/t/local-resolve-service: Add non-superficial DEP-8 test, which validates
    resolving of mDNS .local domains and service discovery. (LP: #2103699)

 -- Lukas Märdian <slyon@xxxxxxxxxx>  Thu, 20 Mar 2025 10:56:21 +0100

avahi (0.8-16ubuntu1) plucky; urgency=medium

  * Merge with Debian unstable (LP: #2098794). Remaining changes:
    - avahi-daemon-chroot-fix-bogus-assignments-in-assertions.patch,
      avahi-client-fix-resource-leak.patch: Issues discovered by static
      analysis (Upstream pull request #202)
    - SECURITY UPDATE: Reachable assertions exist in domain functions in
      avahi-common
      + debian/patches/CVE-2023-38470-2.patch: bail out when escaped
        labels can't fit into ret
      + CVE-2023-38470
    - SECURITY UPDATE: Reachable assertions exist in server functions in
      avahi-core
      + debian/patches/CVE-2023-38471-2.patch: core: return errors from
        avahi_server_set_host_name properly
      + CVE-2023-38471
  * Dropped changes, no longer needed:
    - Disable lto, see https://bugzilla.redhat.com/show_bug.cgi?id=1907727
      [Fixed in 0.8-16]

 -- Mateus Rodrigues de Morais <mateus.morais@xxxxxxxxxxxxx>  Tue, 18
Feb 2025 16:22:58 -0300

** Affects: avahi (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: dcr-merge

** Changed in: avahi (Ubuntu)
    Milestone: None => ubuntu-25.11

-- 
You received this bug notification because you are a member of
Debcrafters packages, which is subscribed to avahi in Ubuntu.
https://bugs.launchpad.net/bugs/2130121

Title:
  Merge avahi from Debian Unstable for resolute

Status in avahi package in Ubuntu:
  New

Bug description:
  Scheduled-For: ubuntu-25.11
  Ubuntu: 0.8-16ubuntu3
  Debian Unstable: 0.8-17

  A new release of avahi is available for merging from Debian Unstable.

  If it turns out this needs a sync rather than a merge, please change
  the tagging from ['dcr-merge'] to ['dcr-sync'], and (optionally)
  update the title as desired.

  ### New Debian Changes ###

  avahi (0.8-17) unstable; urgency=medium

    * Team upload

    [ Lukas Märdian ]
    * d/t/local-resolve-service: Add non-superficial DEP-8 test, which
      validates resolving of mDNS .local domains and service discovery

    [ Simon McVittie ]
    * d/control: Build-depend on gobject-introspection, gir1.2-*-dev.
      libgirepository1.0-dev is non-multiarch-friendly and should be phased
      out during the forky cycle.
    * Add patch from upstream 0.9-rc2 to turn off wide-area by default.
      (Mitigates: CVE-2024-52615, CVE-2024-52616, #1088110, #1088111)
    * Standards-Version: 4.7.2 (no changes required)

   -- Simon McVittie <smcv@xxxxxxxxxx>  Tue, 09 Sep 2025 10:24:58 +0100


  ### Old Ubuntu Delta ###

  avahi (0.8-16ubuntu3) questing; urgency=medium

    * Rebuild to include updated RISC-V base ISA RVA23

   -- Heinrich Schuchardt <heinrich.schuchardt@xxxxxxxxxxxxx>  Wed, 03
  Sep 2025 15:02:42 +0000

  avahi (0.8-16ubuntu2) plucky; urgency=medium

    * d/t/local-resolve-service: Add non-superficial DEP-8 test, which validates
      resolving of mDNS .local domains and service discovery. (LP: #2103699)

   -- Lukas Märdian <slyon@xxxxxxxxxx>  Thu, 20 Mar 2025 10:56:21 +0100

  avahi (0.8-16ubuntu1) plucky; urgency=medium

    * Merge with Debian unstable (LP: #2098794). Remaining changes:
      - avahi-daemon-chroot-fix-bogus-assignments-in-assertions.patch,
        avahi-client-fix-resource-leak.patch: Issues discovered by static
        analysis (Upstream pull request #202)
      - SECURITY UPDATE: Reachable assertions exist in domain functions in
        avahi-common
        + debian/patches/CVE-2023-38470-2.patch: bail out when escaped
          labels can't fit into ret
        + CVE-2023-38470
      - SECURITY UPDATE: Reachable assertions exist in server functions in
        avahi-core
        + debian/patches/CVE-2023-38471-2.patch: core: return errors from
          avahi_server_set_host_name properly
        + CVE-2023-38471
    * Dropped changes, no longer needed:
      - Disable lto, see https://bugzilla.redhat.com/show_bug.cgi?id=1907727
        [Fixed in 0.8-16]

   -- Mateus Rodrigues de Morais <mateus.morais@xxxxxxxxxxxxx>  Tue, 18
  Feb 2025 16:22:58 -0300

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/avahi/+bug/2130121/+subscriptions
  Thread PreviousDate PreviousThread Next