-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sat, 30 Nov 2024 22:54:34 +0100 Source: avahi Architecture: source Version: 0.8-14 Distribution: unstable Urgency: medium Maintainer: Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org> Changed-By: Michael Biebl <biebl@debian.org> Closes: 849454 1051442 1054876 1054877 1054878 1054879 1054880 1059615 1064500 1085347 Changes: avahi (0.8-14) unstable; urgency=medium . [ Simon McVittie ] * d/upstream/metadata: Add * d/watch: Use Github releases API (Closes: #1059615) * d/watch.devel: Add a secondary watch file that downloads release candidates. This is not used by default by infrastructure (we don't necessarily want to package every prerelease), but can be used via `uscan --watchfile debian/watch.devel`. Thanks to Marc Leeman * d/gbp.conf: Update packaging branch to debian/latest as per DEP-14 * d/salsa-ci.yml: Add. Disable the cross-build test for now, this will need some more thought (perhaps building with nogir and/or nopython). . [ Michael Biebl ] * Remove obsolete maintscript code from pre oldstable * Cleanup runtime / state directories more thoroughly on package purge. Those directories do not contain any valuable data that should be preserved beyond a package purge. So simplify the cleanup and do it more thoroughly by just removing all runtime and state files. While at it, correct an old changelog entry which referenced a wrong path. (Closes: #849454, #1051442) * Bump Standards-Version to 4.7.0 * Drop isc-dhcp-client Recommends from avahi-autoipd. ISC DHCP client is no longer actively maintained, so stop recommending it. Still ship the integration hooks though for the time being. (Closes: #1064500) * avahi-discover: Fix invalid escape sequences. Patch cherry-picked from upstream Git. (Closes: #1085347) * core: make sure there is rdata to process before parsing it. Patch cherry-picked from upstream Git. (CVE-2023-38472, Closes: #1054879) * core: reject overly long TXT resource records. Patches cherry-picked from upstream Git. (CVE-2023-38469, Closes: #1054876) * Ensure each label is at least one byte long. Patch cherry-picked from upstream Git. (CVE-2023-38470, Closes: #1054877) * core: extract host name using avahi_unescape_label() Patch cherry-picked from upstream Git. (CVE-2023-38471, Closes: #1054878) * common: derive alternative host name from its unescaped version. Patch cherry-picked from upstream Git. (CVE-2023-38473, Closes: #1054880) Checksums-Sha1: aa76a4f769456c9e2b49b7c0f9c7bfe3d2958a7b 4043 avahi_0.8-14.dsc 6789ecff838381a040f77d4562925ce6917443dd 44780 avahi_0.8-14.debian.tar.xz 49ea7d779f8bc4e945b7570f0bacf355d503a2f3 6614 avahi_0.8-14_source.buildinfo Checksums-Sha256: 1a46cccb81c4a49b7dc4dcc5da15445d2e9c38c1c2a22dbdbef24c2177e73fa9 4043 avahi_0.8-14.dsc 4de9a34862c9559939c8545ad38921816b5a76050dc60ecbdd6a6d13c3525960 44780 avahi_0.8-14.debian.tar.xz e983f9a23a256231d0a9470edc940b39f06d14f1beb3785dab4302167df62958 6614 avahi_0.8-14_source.buildinfo Files: 1184bc81b83285a9e8e6a7f7bfff53eb 4043 net optional avahi_0.8-14.dsc c3fd5dc6ea8fb548823105bdc872b5c3 44780 net optional avahi_0.8-14.debian.tar.xz d100d566e01ed0f45dd0b30d484dfdd0 6614 net optional avahi_0.8-14_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEECbOsLssWnJBDRcxUauHfDWCPItwFAmdLkCEACgkQauHfDWCP ItzgUA/+JvWmsZpUs04MpeTwz0Brgc63y6cbwFmpgPA+lRWyhJRQIEopAptm4RAX 0wEBlZX9rm1Fa8+RqIHS/SruO00Uq0XSEoTZQAP9G8Rl+qmVLU3LwLhqROUU8Iaa 5wiFyVgfgHcL6B3YdB/Spt4g8vNWNrMdlwgQ8JRt7Jo+FS8aoBwmqfHsggT747kU NpDilXwYnORcddA2OQtFxKBXEa6pG9okTAsjBRe+YZ7RlbQ4sbkP7XYxt1kmK6zT qwS2V9pHqllfYH/Sz0Veq89gkx+6SXWwjw0WaaV+MIWIP8uVbsI/QJx6wK2yisgb IWyuvi9SCSAkaXks8ZzYcXlXo15rdy8bC/Rfk1a8zYe5NEIE+6PsZAvjUYzyV+wD 3LBsg4vfNXPjYp1M9HX06kKwEDYAAo5/Qlr1sK2O5qTP4/hNw2IJ0wFVE21leL7w TymoWEgjU8NRlKvBpgDD0tR64y/8YYwgxQjohFd4evxtJXz47gi4genl5X4BAOP0 u3ljrTeEPhid5gxso2uiKbt+DE2Yw/y1zHNERPohtWgCNrsDHtE3ouZkgwPkJDXe s7unpi4KFGZI0uTGj28kZfr1YBfAVTbwY8fDOo0Ii5p4xjyCNLCWIKCDTS1W7xFe uRkotRMmOVehKkySoZi1QigHIcsgdZmrF35e4V7ZiJja2xjmWFw= =kDP3 -----END PGP SIGNATURE-----
