Avahi is an implementation of the DNS Service Discovery and Multicast
DNS specifications for Zeroconf Computing.
Provides
Requires
License
LGPL-2.1-or-later
Changelog
* Tue Jan 13 2026 Cliff Zhao <qzhao@suse.com>
- Add avahi-CVE-2025-68276.patch:
Backport 0c013e2 from upstream, refuse to create wide-area record
browsers when wide-area is off.
(CVE-2025-68276, bsc#1256498)
* Tue Jan 13 2026 Cliff Zhao <qzhao@suse.com>
- Add avahi-CVE-2025-68471.patch:
Backport 9c6eb53 from upstream, fix DoS bug by changing assert to
return.
(CVE-2025-68471, bsc#1256500)
* Tue Jan 13 2026 Cliff Zhao <qzhao@suse.com>
- Add avahi-CVE-2025-68468.patch:
Backport f66be13 from upstream, fix DoS bug by removing incorrect
assertion.
(CVE-2025-68468, bsc#1256499)
* Mon Sep 15 2025 Cliff Zhao <qzhao@suse.com>
- Add avahi-CVE-2024-52615.patch:
Backport 4e2e1ea from upstream, Resolve fixed source ports for
wide-area DNS queries cause DNS responses be injected.
(CVE-2024-52615, bsc#1233421)
* Fri May 30 2025 Antonio Larrosa <alarrosa@suse.com>
- Add patch submitted to upstream at
to enable building with Qt6 and add that flavor:
0001-Enable-building-with-Qt6.patch
- Disable building the Qt5 flavor in SLE16.
* Fri May 23 2025 Bjørn Lie <bjorn.lie@gmail.com>
- Drop obsolete update-desktop-files BuildRequires and macro.
Replace with desktop-file-utils BuildRequires.
- Drop unneeded update_spec.pl source, not needed since change to
proper multibuild.
* Wed Nov 20 2024 Cliff Zhao <qzhao@suse.com>
- Add avahi-CVE-2024-52616.patch:
Backporting 1dade81c from upstream: Properly randomize query id
of DNS packets.
(CVE-2024-52616, bsc#1233420)
* Tue Oct 15 2024 Dominique Leuenberger <dimstar@opensuse.org>
- Drop rcFOO symlinks (PED-266).
* Thu Jun 20 2024 Michael Gorse <mgorse@suse.com>
- Add avahi-filter-bogus-services.patch: no longer supply bogus
services to callbacks (bsc#1226586).
* Thu Apr 04 2024 Dominique Leuenberger <dimstar@opensuse.org>
- Tag hardening patches as PATCH-FEATURE-OPENSUSE
* Tue Mar 26 2024 Xiaoguang Wang <xiaoguang.wang@suse.com>
- Add avahi-CVE-2023-38471.patch: Extract host name using
avahi_unescape_label (bsc#1216594, CVE-2023-38471).
- Add avahi-CVE-2023-38469.patch: Reject overly long TXT resource
records (bsc#1216598, CVE-2023-38469).
* Tue Mar 12 2024 pgajdos@suse.com
- remove dependency on /usr/bin/python3 using
%python3_fix_shebang macro, [bsc#1212476]
* Thu Nov 30 2023 Alynx Zhou <alynx.zhou@suse.com>
- Add avahi-CVE-2023-38472.patch: Fix reachable assertion in
avahi_rdata_parse (bsc#1216853, CVE-2023-38472).
* Mon Nov 27 2023 Dominique Leuenberger <dimstar@opensuse.org>
- Reformat avahi-gacdir.patch to apply as patch -p1.
- Use %autopatch instead of deprecated %patchN format.
* Thu Nov 23 2023 Dominique Leuenberger <dimstar@opensuse.org>
- avahi-autoipd: drop the post script part migrating the user
owning files in /var/lib/avahi-autoipd: the code was aiding
migrations from SLE<=11/openSUSE<=12.3, which are no longer in
scope for upgrades nowadays.
* Wed Nov 22 2023 Dominique Leuenberger <dimstar@opensuse.org>
- avahi-autoipd: guard %post chown with -h, to not follow symlinks
(boo#1217398).
* Mon Nov 13 2023 Dominique Leuenberger <dimstar@opensuse.org>
- avahi-autoipd: only migrate files owned by avahi user if said
user exists: if the user does not exist (fresh installs), then
there is no chance any file is owned by the user (boo#1216730).
* Wed Nov 01 2023 Alynx Zhou <alynx.zhou@suse.com>
- Add avahi-CVE-2023-38470.patch: Ensure each label is at least one
byte long (bsc#1215947, CVE-2023-38470).
* Thu Oct 26 2023 Xiaoguang Wang <xiaoguang.wang@suse.com>
- Add avahi-CVE-2023-38473.patch: derive alternative host name from
its unescaped version (bsc#1216419 CVE-2023-38473).
* Wed Sep 20 2023 Ludwig Nussel <lnussel@suse.com>
- Don't require sudo. There is no indication it's actually used for
anything.
* Tue Apr 11 2023 Bjørn Lie <bjorn.lie@gmail.com>
- Use l