Support for avahi is added by the services/avahi module in the SELinux
refpolicy.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Avahi 0.8 allows a local denial of service (NULL pointer dereference and
daemon crash) against avahi-daemon via the D-Bus interface or a "ping
.local" command.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
CVE-2021-26720 is an issue in avahi-daemon-check-dns.sh, which is part of
the Debian packaging and not part of upstream avahi - So ignore the CVE.
https://security-tracker.debian.org/tracker/CVE-2021-26720
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fixes:
http://autobuild.buildroot.net/results/b9bf7cea8be9231552a10e8ea828bf24394402ba/
Building with introspection (together with D-Bus) support currently fails.
Fixing it is not trivial, so explicitly disable introspection for now.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Tested-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This bump also includes:
* Drop upstream security patch which is included in the new version
* Unconditionally disable support for Qt5 [1] (same as Qt3 and Qt4)
* Drop dependency on host-inttool, as avahi switched to host-gettext [2]
* Conditionally enable support for libevent [3]
[1] 5dbb32767a
[2] 3d5a0c6805
[3] 998e20cd76
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
All these packages have an upstream-provided service, but buildroot
enabled manually the services in exactly the same way as the [Install]
section.
This is not needed anymore
Signed-off-by: Jérémy Rosen <jeremy.rosen@smile.fr>
[yann.morin.1998@free.fr: fix check-package errors]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fixes CVE-2017-6519: avahi-daemon in Avahi through 0.6.32 and 0.7
inadvertently responds to IPv6 unicast queries with source addresses
that are not on-link, which allows remote attackers to cause a denial
of service (traffic amplification) and may cause information leakage
by obtaining potentially sensitive information from the responding
device via port-5353 UDP packets.
Signed-off-by: Artem Panfilov <panfilov.artyom@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Chris Lesiak <chris.lesiak@licor.com>
Reviewed-by: Samuel Martin <s.martin49@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Since D-Bus 1.9.18, the recommended location for the system and
session busses configuration files is /usr/share instead of /etc. From
the D-Bus NEWS file:
D-Bus 1.9.18 (2015-07-21)
==
The “Pirate Elite” release.
Configuration changes:
• The basic setup for the well-known system and session buses is now done
in read-only files in ${datadir}, moving a step closer to systems
that can operate with an empty /etc directory. In increasing order
of precedence:
· ${datadir}/dbus-1/s*.conf now perform the basic setup such as setting
the default message policies.
· ${sysconfdir}/dbus-1/s*.conf are now optional. By default
dbus still installs a trivial version of each, for documentation
purposes; putting configuration directives in these files is
deprecated.
· ${datadir}/dbus-1/s*.d/ are now available for third-party software
to install "drop-in" configuration snippets (any packages
using those directories should explicitly depend on at least this
version of dbus).
· ${sysconfdir}/dbus-1/s*.d/ are also still available for sysadmins
or third-party software to install "drop-in" configuration snippets
· ${sysconfdir}/dbus-1/s*-local.conf are still available for sysadmins'
overrides
${datadir} is normally /usr/share, ${sysconfdir} is normally /etc,
and "s*" refers to either system or session as appropriate.
Therefore, this commit adjusts the Avahi package to install the D-Bus
related files to /usr/share/dbus-1/system.d.
Signed-off-by: Chris Lesiak <chris.lesiak@licor.com>
Reviewed-by: Samuel Martin <s.martin49@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
There is an obvious typo in avahi_tmpfiles.conf: avahi-autoipd is
badly spelled.
Fixes bug #10641.
Reported-by: Michael Heinemann <posted@heine.so>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This commit switches to use the new gettext logic, which involves:
- using TARGET_NLS_DEPENDENCIES instead of hand-encoded dependencies
on gettext/host-gettext
- using TARGET_NLS_LIBS to force linking against libintl
- dropping BR2_PACKAGE_GETTEXT selection
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
We want to use SPDX identifier for license string as much as possible.
SPDX short identifier for LGPLv2.1/LGPLv2.1+ is LGPL-2.1/LGPL-2.1+.
This change is done using following command.
find . -name "*.mk" | xargs sed -ri '/LICENSE( )?[\+:]?=/s/LGPLv2.1(\+)?/LGPL-2.1\1/g'
Signed-off-by: Rahul Bedarkar <rahulbedarkar89@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
As directed in the buildroot manual, "Optional hooks: keep hook
definition and assignment together in one if block". And also
to be consistent with the rest of avahi.mk.
Signed-off-by: Danomi Manchego <danomimanchego123@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
When libcap was compiled before, avahi daemon will use it as optional
dependency:
$ output/host/usr/bin/x86_64-linux-readelf -a output/target/usr/sbin/avahi-daemon | grep NEEDED | sort
0x0000000000000001 (NEEDED) Shared library: [libavahi-common.so.3]
0x0000000000000001 (NEEDED) Shared library: [libavahi-core.so.7]
0x0000000000000001 (NEEDED) Shared library: [libcap.so.2]
[...]
The build system offers no option to en-/disable libcap support:
http://git.0pointer.net/avahi.git/tree/configure.ac#n382
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
[Thomas: make the test unconditionally, even if libcap is only used by
avahi-daemon for the moment.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Also:
* switch download site to github as the previous download page is not
maintained anymore
* drop 0004-no-gtk-deprecations.patch as it is applied upstream
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
We currently have two circular dependency chains:
avahi -> libglade -> libgtk2 -> cups -> avahi
avahi -> libgtk3 -> cups -> avahi
The cups -> avahi dependency makes sense, as cups would be able to use
Bonjour and mDNS to find printers, so we want to keep that dependency.
The libgtk2 -> cups and libgtk3 -> cups dependencies also make sense, to
be able to offer cups in the print dialogs.
However, the avahi -> libglade and avahi -> libgtk3 dependencies do not
really make sense. As Thomas puts it:
The avahi GUI programs seem really useless to me. On Debian/Ubuntu
distributions, they are not even packaged within the main avahi
packages, but as separate packages, probably indicating that they
are not very commonly used.
So, we drop the avahi -> libglade and avahi -> libgtk3 dependencies, to
break the circular dependency chain.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
[Thomas: add comment in the .mk file.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The reason for the patch is not entirely clear as it dates back to the
original addition of avahi (in 2006), and it contains no description - But
presumably it is to work around a permission issue with the address files,
similar to what is explained here:
https://bugs.launchpad.net/ubuntu/+source/avahi/+bug/83521
That particular issue got fixed by upstream in 2007 using umask(2):
747f753720
So the patch isn't needed any more and can be dropped.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
These are no longer required so remove them.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* Move service files to /usr/lib/systemd/system/
* Only disable systemd support on non-systemd systems
[Thomas: use positive logic for the systemd test.]
Signed-off-by: Mike Williams <mike@mikebwilliams.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Autogenerated from rename-patch.py (http://patchwork.ozlabs.org/patch/403345)
Signed-off-by: Samuel Martin <s.martin49@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since a while, the semantic of BR2_PREFER_STATIC_LIB has been changed
from "prefer static libraries when possible" to "use only static
libraries". The former semantic didn't make much sense, since the user
had absolutely no control/idea of which package would use static
libraries, and which packages would not. Therefore, for quite some
time, we have been starting to enforce that BR2_PREFER_STATIC_LIB
should really build everything with static libraries.
As a consequence, this patch renames BR2_PREFER_STATIC_LIB to
BR2_STATIC_LIBS, and adjust the Config.in option accordingly.
This also helps preparing the addition of other options to select
shared, shared+static or just static.
Note that we have verified that this commit can be reproduced by
simply doing a global rename of BR2_PREFER_STATIC_LIB to
BR2_STATIC_LIBS plus adding BR2_PREFER_STATIC_LIB to Config.in.legacy.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Without this, the python support doesn't do anything.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The AVAHI_INSTALL_AUTOIPD was unconditionally installing
S05avahi-setup.sh to /etc/init.d/, even in systemd
configurations. Therefore, this commit:
* Moves the installation of S05avahi-setup.sh to a separate variable
called AVAHI_INSTALL_AUTOIPD_INIT_SYSV.
* Makes sure to use 'install -D' and a full destination path when
installing S05avahi-setup.sh.
* Moves the definition of AVAHI_INSTALL_AUTOIPD inside the
BR2_PACKAGE_AVAHI_AUTOIPD conditional, so that both the variable
definition and its addition to AVAHI_POST_INSTALL_TARGET_HOOKS are
enclosed in the conditional.
* Moves the S50avahi-daemon installation from AVAHI_INSTALL_INIT_SYSV
to AVAHI_INSTALL_DAEMON_INIT_SYSV.
* Uses 'install -D' to install S50avahi-daemon.
* Adds a AVAHI_INSTALL_INIT_SYSV definition which calls both
AVAHI_INSTALL_AUTOIPD_INIT_SYSV and AVAHI_INSTALL_DAEMON_INIT_SYSV.
Note: in a systemd configuration, there is no provision to do what
S05avahi-setup.sh is doing for sysv init configurations. Maybe this is
something that our systemd people should have a look at.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
In AVAHI_INSTALL_INIT_SYSTEMD, since we're using 'install -D' to
install /usr/lib/tmpfiles.d/avahi.conf in $(TARGET_DIR), there's no
need to have a 'mkdir -p' before that, since 'install -D' creates the
directories as needed.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The indentation for commands should be made with tabs, not spaces, so
fix that up in AVAHI_INSTALL_INIT_SYSTEMD.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
When using the buildroot-provided avahi-daemon.service file, bootup never
finishes, because multi-user.target is waiting for avahi-daemon to exit,
which is caused by "Type=oneshot" (in avahi-daemon.service).
Upstream's systemd files get already installed to /lib/systemd.
They're not an exact copy of S50avahi-daemon, but work flawlessly,
so use these units:
* avahi-daemon.service, auto-enabled (ln -fs in AVAHI_INSTALL_INIT_SYSTEMD)
* avahi-daemon.socket,
not auto-enabled, but a dependency of avahi-daemon.service
* avahi-dnsconfd.service, auto-enabled
[Thomas: use simpler absolute paths for the symbolic links instead of
relative paths. Suggested by Maxime Hadjinlian.]
Signed-off-by: André Erdmann <dywi@mailerd.de>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Remove --localstatedir=/var from all autotools packages where it is no longer
needed.
Also remove --localstatedir=/var/lib/dhcp from package dhcp. localstatedir is
used by dhcp to set the default directory for the leases files. This can also
be done by setting --with-*-lease-file=/var/lib/dhcp/*, which is done in
dhcp.mk.
A custom --localstatedir is left in:
* proftpd.mk
* mysql.mk
This is safe to do:
One of the good thing with autoconf is that if you pass:
--localstatedir=/var ... --localstatedir=/var/something
Then /var/something will be used. So, we can set --localstatedir=/var
by default in the infrastructure, and still have certain packages doing
weird things override it. [Thanks to Thomas Petazzoni]
Signed-off-by: Jörg Krause <jkrause@posteo.de>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
To be consistent with the recent change of FOO_MAKE_OPT into FOO_MAKE_OPTS,
make the same change for FOO_CONF_OPT.
Sed command used:
find * -type f | xargs sed -i 's#_CONF_OPT\>#&S#g'
Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
While the autotools infrastructure was using FOO_MAKE_OPT, generic packages
were typically using FOO_MAKE_OPTS. This inconsistency becomes a problem
when a new infrastructure is introduced that wants to make use of
FOO_MAKE_OPT(S), and can live alongside either generic-package or
autotools-package. The new infrastructure will have to choose between either
OPT or OPTS, and thus rule out transparent usage by respectively generic
packages or generic packages. An example of such an infrastructure is
kconfig-package, which provides kconfig-related make targets.
The OPTS variant is more logical, as there are typically multiple options.
This patch renames all occurrences of FOO_MAKE_OPT in FOO_MAKE_OPTS.
Sed command used:
find * -type f | xargs sed -i 's#_MAKE_OPT\>#&S#g'
Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Since the trailing slash is stripped from $($(PKG)_SITE) by pkg-generic.mk:
$(call DOWNLOAD,$($(PKG)_SITE:/=)/$($(PKG)_SOURCE))
so it is redundant.
This patch removes it from $(PKG)_SITE variable for BR consistency.
Signed-off-by: Jerzy Grzegorek <jerzy.grzegorek@trzebnica.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Commit d3ccfa362b (avahi: run as avahi user/group instead of default)
changed avahi-autoipd to run as the avahi user, but forgot to update the
init script/systemd config to match.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Create an avahi specific user/group and use it instead of the global
'default' one, so it can be removed.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>