Request 1227296 (superseded)

This request is superseded by request 1227528 (Show diff)

Overview

Request 1227296 superseded

Add avahi-CVE-2024-52616.patch: Backporting 1dade81c from upstream: Properly randomize query id of DNS packets. (CVE-2024-52616, bsc#1233420)

Created by qzhao 2 days ago
In state superseded
Supersedes 1227262
Superseded by 1227528
Open review for gnome-maintainers

Submit avahi

Comments for request 1227296 7
Comments for request 1227262 3

Bjørn Lie (iznogood) - 2 days ago

reviewer

FTBFS

[  155s] RPM build errors:
[  155s]     Installed (but unpackaged) file(s) found:
[  155s]    /usr/bin/avahi-bookmarks
[  155s]    /usr/share/man/man1/avahi-bookmarks.1.gz

Dominique Leuenberger (dimstar) - 2 days ago

reviewer target maintainer

btw: with stripping the alternatives: how do you handle the different pythonXXX packages not conflicting?

Dominique Leuenberger (dimstar) - 2 days ago

reviewer target maintainer

[   95s] found conflict of python310-avahi-0.8-328.1.x86_64 with python311-avahi-0.8-328.1.x86_64:
[   95s]   - /usr/bin/avahi-bookmarks
[   95s]   - /usr/share/man/man1/avahi-bookmarks.1.gz
[   95s] found conflict of python310-avahi-0.8-328.1.x86_64 with python312-avahi-0.8-328.1.x86_64:
[   95s]   - /usr/bin/avahi-bookmarks
[   95s]   - /usr/share/man/man1/avahi-bookmarks.1.gz
[   95s] found conflict of python310-avahi-0.8-328.1.x86_64 with python313-avahi-0.8-328.1.x86_64:
[   95s]   - /usr/bin/avahi-bookmarks
[   95s]   - /usr/share/man/man1/avahi-bookmarks.1.gz
[   95s] found conflict of python311-avahi-0.8-328.1.x86_64 with python312-avahi-0.8-328.1.x86_64:
[   95s]   - /usr/bin/avahi-bookmarks
[   95s]   - /usr/share/man/man1/avahi-bookmarks.1.gz
[   95s] found conflict of python311-avahi-0.8-328.1.x86_64 with python313-avahi-0.8-328.1.x86_64:
[   95s]   - /usr/bin/avahi-bookmarks
[   95s]   - /usr/share/man/man1/avahi-bookmarks.1.gz
[   95s] found conflict of python312-avahi-0.8-328.1.x86_64 with python313-avahi-0.8-328.1.x86_64:
[   95s]   - /usr/bin/avahi-bookmarks
[   95s]   - /usr/share/man/man1/avahi-bookmarks.1.gz

Somewhat as expected

Bjørn Lie (iznogood) - 2 days ago

reviewer

Do we need the different variants? Should we perhaps switch the package to only build for the "Current standard" python at buildtime?

Dominique Leuenberger (dimstar) - 2 days ago

reviewer target maintainer

It's python library/module, they should be fine for all tw supported pythons.

We could move the binaries out and only install them as primary

Bjørn Lie (iznogood) - 2 days ago

reviewer

oh I do not doubt that they are fine, what I'm asking is if it makes sense that we build it for all pythons, would it not suffice with the "main" one. Does any use case exist where one would need/use a non default python module?

Cliff Zhao (qzhao) - 1 day ago

author source maintainer

Hi:

I have updated in 1227528. Current openSUSE env could compile it successfully without the change of python alternatives. I think this way is correct.

Thank you for review again.

Dominique Leuenberger (dimstar) - 2 days ago

reviewer target maintainer

I do appreciate the step away from update-alternatives here, which seems indeed useless - BUT doing so without any word of mention in the changelog, masking under a CVE fix, does not sound right

Cliff Zhao (qzhao) - 2 days ago

author source maintainer

OK. no problem, thank you. will update.

I remember the original requirement that tiny changes should not detailed record all into the log.

Dominique Leuenberger (dimstar) - 2 days ago

reviewer target maintainer

eliminating usage of update-alternatives is not 'tiny' :)