Opened 19 months ago
Closed 19 months ago
Last modified 15 months ago
New point version.
Fixed avahi version
The Avahi 0.8 release brings a number of new features and bug fix changes
including a backward-compatible addition to the D-Bus API and the avahi-core
The existing API is still fully supported however clients using the new
API will not work with older Avahi releases. The avahi-client library is not
affected. See the "API Changes" section for further details.
New options for filtering reflected queries between networks (reflect-filter)
New mainloop integration for Qt5 and libevent
docs/THREADS: Information for multi-threaded avahi-client apps
Listen on loopback interfaces by default, allowing local-only services to be
consumed by the local machine
New D-Bus V2 API and additions to the avahi-core API for splitting "New"
calls into "Prepare" and "Start". See "API Changes" for more details.
avahi-autoipd: Initial IP selection based on MAC previously ignored first
octet - this will cause all hosts to select a different link-local IP than
previous versions based on the same MAC address
avahi-daemon: Delay sending results on an object for 10ms in an attempt to
give clients enough time to subscribe to signals from the new object after
receiving it's path in response so the New call. See "API Changes" for more
avahi-python: Various Python 3 enhancements including encoding unicode
strings as UTF-8
avahi-common: avahi_string_list_to_string will now escape embedded quotes,
backslashes and control characters.
avahi-daemon: Fix a crash when txt records have an empty value in .xml
avahi-daemon: reflector: do not incorrectly cache responses on outgoing
interfaces. Previously we would incorrectly cache responses reflected from
one interface on the outgoing interface. These responses were later sent to
clients on that network even if the original client had disappeared and could
cause those clients to have a hostname conflict with themselves on restart.
We no longer incorrectly cache such traffic.
Drop legacy unicast queries from address not on local link which can lead to
UDP traffic amplification attacks (CVE-2017-6519)
API Changes: The avahi-core API and D-Bus API have implemented a new API where
a call to the "New" method can now be split into a "Prepare" and then "Start"
method for some objects. The previous "New" API is still fully supported and
there is no intention to deprecate it.
This change affects the the following objects: AsyncAddressResolver,
AsyncHostNameResolver, AsyncServiceResolver, DomainBrowser, RecordBrowser,
This is because the D-Bus implementation in some languages would only bind to
signals of an object after it was created and had received the new object's
path. This led to such languages missing the initial results sent between the
time the object was created and it had setup a filter to receive it's signals.
This primarily occured in languages that create dynamic bindings for D-Bus
objects using introspection such as Python. The avahi-client C api was not
affected as it globally binds to all avahi signals without specifying
individual object paths and still makes use of the V1 API.
The v2 Prepare/Start API is available under the new
org.freedesktop.Avahi.Server2 D-Bus interface and also has corresponding
avahi_s_* calls for users of the embedded avahi-core library.
The old org.freedesktop.Avahi.Server interface is still supported and there is
no intention to remove this API. Additionally this problem has also been solved
for old clients by adding a very small 10ms delay before we start sending
results to give the client time to bind to the signals which should silently
fix the issue in most cases without introducing a noticable or impactful delay.
Clients implementing the new org.freedesktop.Avahi.Server2 D-Bus interface will
not work with older Avahi daemons. It is suggested that clients may wish to
either check for and fallback to the older API version, or continue to use the
OLD API and rely on the 10ms timer to resolve the issue.
Big thank-you to everyone contributing to the project through issues & pull
requests, including the the following people who contributed changes to this
release: Daniel S, David Kerr, Eric Bischoff, James Rudd, Jan Alexander
Steffens (heftig), Karl Cronburg, Krzesimir Nowak, Mario Blättermann, Martin
Blanchard, Michal Sekletar, msk-nightingale, Philip Prindeville, Piotr Drąg,
Rafael Fontenelle, scootergrisen, Simon Lauser, Simon McVittie, Thomas Jollans,
Till Kamppeter, Tony Garnock-Jones, Trent Lloyd, wisd0me, Yclept Nemo, Zlopez,
This release is backwards compatible with Avahi 0.6.x and 0.7.
Marking high because of CVE-2017-6519.
Fixed at r22780
Powered by Trac 1.5.3.dev0
By Edgewall Software
© 1998-2021 Gerard Beekmans.