<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux/poky.git/meta/recipes-connectivity/avahi, branch yocto-4.0.29</title>
<subtitle>Mirror of git.yoctoproject.org/poky</subtitle>
<id>https://git.enea.com/cgit/linux/poky.git/atom?h=yocto-4.0.29</id>
<link rel='self' href='https://git.enea.com/cgit/linux/poky.git/atom?h=yocto-4.0.29'/>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/'/>
<updated>2025-08-08T13:30:55+00:00</updated>
<entry>
<title>avahi: fix CVE-2024-52615</title>
<updated>2025-08-08T13:30:55+00:00</updated>
<author>
<name>Zhang Peng</name>
<email>peng.zhang1.cn@windriver.com</email>
</author>
<published>2025-07-31T06:06:42+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=9e416e05f6af7a97d0a589dbc687f743180e2bb0'/>
<id>urn:sha1:9e416e05f6af7a97d0a589dbc687f743180e2bb0</id>
<content type='text'>
CVE-2024-52615:
A flaw was found in Avahi-daemon, which relies on fixed source ports for wide-area
DNS queries. This issue simplifies attacks where malicious DNS responses are injected.

Reference:
[https://nvd.nist.gov/vuln/detail/CVE-2024-52615]
[https://github.com/avahi/avahi/security/advisories/GHSA-x6vp-f33h-h32g]

Upstream patches:
[https://github.com/avahi/avahi/commit/4e2e1ea0908d7e6ad7f38ae04fdcdf2411f8b942]

(From OE-Core rev: 7bd9fee6d654326ea921b51113de99f793e11545)

Signed-off-by: Zhang Peng &lt;peng.zhang1.cn@windriver.com&gt;
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
</content>
</entry>
<entry>
<title>avahi: fix CVE-2024-52616</title>
<updated>2025-01-24T15:49:28+00:00</updated>
<author>
<name>Zhang Peng</name>
<email>peng.zhang1.cn@windriver.com</email>
</author>
<published>2025-01-16T07:26:47+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=744e331d5be1d13d203f3056b2e628e61f665bb0'/>
<id>urn:sha1:744e331d5be1d13d203f3056b2e628e61f665bb0</id>
<content type='text'>
CVE-2024-52616:
A flaw was found in the Avahi-daemon, where it initializes DNS transaction IDs
randomly only once at startup, incrementing them sequentially after that. This
predictable behavior facilitates DNS spoofing attacks, allowing attackers to
guess transaction IDs.

Reference:
[https://nvd.nist.gov/vuln/detail/CVE-2024-52616]
[https://github.com/avahi/avahi/security/advisories/GHSA-r9j3-vjjh-p8vm]

Upstream patches:
[https://github.com/avahi/avahi/commit/f8710bdc8b29ee1176fe3bfaeabebbda1b7a79f7]

(From OE-Core rev: 7708d0c346b23ab3e687e2a2ca464d77d55cebd7)

Signed-off-by: Zhang Peng &lt;peng.zhang1.cn@windriver.com&gt;
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
</content>
</entry>
<entry>
<title>avahi: backport CVE-2023-1981 &amp; CVE's follow-up patches</title>
<updated>2023-12-15T14:00:33+00:00</updated>
<author>
<name>Vijay Anusuri</name>
<email>vanusuri@mvista.com</email>
</author>
<published>2023-12-08T05:31:33+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=3562768af7ef7f0e9ac2c07a852319604e72342c'/>
<id>urn:sha1:3562768af7ef7f0e9ac2c07a852319604e72342c</id>
<content type='text'>
import patches from ubuntu to fix
 CVE-2023-1981
 CVE-2023-38469-2
 CVE-2023-38470-2
 CVE-2023-38471-2

Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/avahi/tree/debian/patches?h=ubuntu/jammy-security
Upstream commit
https://github.com/lathiat/avahi/commit/a2696da2f2c50ac43b6c4903f72290d5c3fa9f6f
&amp;
https://github.com/lathiat/avahi/commit/c6cab87df290448a63323c8ca759baa516166237
&amp;
https://github.com/lathiat/avahi/commit/94cb6489114636940ac683515417990b55b5d66c
&amp;
https://github.com/lathiat/avahi/commit/b675f70739f404342f7f78635d6e2dcd85a13460]

Ref: https://git.openembedded.org/openembedded-core-contrib/commit/?h=stable/nanbield-nut&amp;id=a9203c46cd64c3ec5e5b00e381bbac85733f85df

(From OE-Core rev: 32c0a3dc4d65065639260e77783dc427d4b1cfe3)

Signed-off-by: Vijay Anusuri &lt;vanusuri@mvista.com&gt;
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
</content>
</entry>
<entry>
<title>avahi: fix CVE-2023-38473</title>
<updated>2023-11-28T15:00:32+00:00</updated>
<author>
<name>Meenali Gupta</name>
<email>meenali.gupta@windriver.com</email>
</author>
<published>2023-11-16T10:39:57+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=2629c5fe89229901db08f52e579b1b1caede9b5b'/>
<id>urn:sha1:2629c5fe89229901db08f52e579b1b1caede9b5b</id>
<content type='text'>
A vulnerability was found in Avahi. A reachable assertion
exists in the avahi_alternative_host_name() function.

(From OE-Core rev: 3a9b67f222d6e004a8b56eedca6ff869e9aba710)

Signed-off-by: Meenali Gupta &lt;meenali.gupta@windriver.com&gt;
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
</content>
</entry>
<entry>
<title>avahi: fix CVE-2023-38472</title>
<updated>2023-11-28T15:00:32+00:00</updated>
<author>
<name>Meenali Gupta</name>
<email>meenali.gupta@windriver.com</email>
</author>
<published>2023-11-16T10:39:19+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=517e5132095664efdac617fdffc88f65116026cc'/>
<id>urn:sha1:517e5132095664efdac617fdffc88f65116026cc</id>
<content type='text'>
A vulnerability was found in Avahi. A reachable assertion
exists in the avahi_rdata_parse() function.

(From OE-Core rev: 1b699ac1e8519cd488ee033919b9205283b7b465)

Signed-off-by: Meenali Gupta &lt;meenali.gupta@windriver.com&gt;
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
</content>
</entry>
<entry>
<title>avahi: fix CVE-2023-38469</title>
<updated>2023-11-28T15:00:32+00:00</updated>
<author>
<name>Meenali Gupta</name>
<email>meenali.gupta@windriver.com</email>
</author>
<published>2023-11-16T10:38:42+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=973020ce1202c1273f40aa896c8e58e978aed9fe'/>
<id>urn:sha1:973020ce1202c1273f40aa896c8e58e978aed9fe</id>
<content type='text'>
A vulnerability was found in Avahi, where a reachable assertion
exists in avahi_dns_packet_append_record.

(From OE-Core rev: 8bd1980fd4175be3dd68987f8c5653409b76f544)

Signed-off-by: Meenali Gupta &lt;meenali.gupta@windriver.com&gt;
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
</content>
</entry>
<entry>
<title>avahi: fix CVE-2023-38470</title>
<updated>2023-11-28T15:00:32+00:00</updated>
<author>
<name>Meenali Gupta</name>
<email>meenali.gupta@windriver.com</email>
</author>
<published>2023-11-16T10:38:09+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=f2c0b5cef237065f66456226b2185f34e4c2389a'/>
<id>urn:sha1:f2c0b5cef237065f66456226b2185f34e4c2389a</id>
<content type='text'>
A vulnerability was found in Avahi. A reachable assertion exists
in the avahi_escape_label() function.

(From OE-Core rev: bc211ae0e597d40f938f9a25bfc0fcbb228d90b6)

Signed-off-by: Meenali Gupta &lt;meenali.gupta@windriver.com&gt;
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
</content>
</entry>
<entry>
<title>avahi: fix CVE-2023-38471</title>
<updated>2023-11-28T15:00:32+00:00</updated>
<author>
<name>Meenali Gupta</name>
<email>meenali.gupta@windriver.com</email>
</author>
<published>2023-11-16T10:37:34+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=1867c0de3577f4d45076b44365a3d3af57702385'/>
<id>urn:sha1:1867c0de3577f4d45076b44365a3d3af57702385</id>
<content type='text'>
A vulnerability was found in Avahi. A reachable assertion exists
in the dbus_set_host_name function.

(From OE-Core rev: f4286c3a3070fd50e334a48f1b7c068d34747115)

Signed-off-by: Meenali Gupta &lt;meenali.gupta@windriver.com&gt;
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
</content>
</entry>
<entry>
<title>avahi: fix D-Bus introspection</title>
<updated>2023-05-30T14:11:15+00:00</updated>
<author>
<name>Eero Aaltonen</name>
<email>eero.aaltonen@vaisala.com</email>
</author>
<published>2023-05-22T11:59:57+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=a23ae80a374bb20589daa12f9bd6c2e8cd60c0bf'/>
<id>urn:sha1:a23ae80a374bb20589daa12f9bd6c2e8cd60c0bf</id>
<content type='text'>
Install and package the D-Bus introspection files.

(From OE-Core rev: 45714f9ea8bde1c8047d493667b1a1d808ea7949)

Signed-off-by: Eero Aaltonen &lt;eero.aaltonen@vaisala.com&gt;
Signed-off-by: Alexandre Belloni &lt;alexandre.belloni@bootlin.com&gt;
(cherry picked from commit b8183ad25af3bcf23f04dd649b6ef665569fac8c)
Signed-off-by: Eero Aaltonen &lt;eero.aaltonen@vaisala.com&gt;
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
</content>
</entry>
<entry>
<title>meta, meta-selftest: Replace more non-SPDX license identifiers</title>
<updated>2022-03-01T23:44:59+00:00</updated>
<author>
<name>Peter Kjellerstedt</name>
<email>peter.kjellerstedt@axis.com</email>
</author>
<published>2022-02-27T18:21:36+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=83766c9fffa45cd3a94cf8076f7c8f45aba11a12'/>
<id>urn:sha1:83766c9fffa45cd3a94cf8076f7c8f45aba11a12</id>
<content type='text'>
In commit ceda3238 (meta/meta-selftest/meta-skeleton: Update LICENSE
variable to use SPDX license identifiers) all LICENSE variables were
updated to only use SPDX license identifiers.

This does the same for comments and other variables where it is
appropriate to use the official SPDX license identifiers. There are
still references to, e.g., "GPLv3", but they are then typically in
descriptive text where they refer to the license in a generic sense.

(From OE-Core rev: 165759dced7fbe73b1db2ede67047896071dc6d0)

Signed-off-by: Peter Kjellerstedt &lt;peter.kjellerstedt@axis.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
</feed>
