Red Hat Bugzilla – Bug 483160
update to 5.3 installs and enables avahi
Last modified: 2015-01-14 10:20:25 EST
Description of problem:
Updating from RHEL-5.2 to 5.3 installed and enabled avahi (because of cups update - cups depends on avahi-compat-libdns_sd which depends on avahi)
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1."yum update" on RHEL-5.2 system that does not have avahi installed.
avahi is installed and running after reboot to new kernel
avahi should not be required by the compat libary rpm, avahi-compat-libdns_sd, and should not be installed because of dependency chains on systems where it is not installed
Automatic installation of daemons that open network ports and initiate broadcast traffic is a security significant event, and is unacceptable on enterprise servers. I don't believe there's any reason avahi-compat-libdns_sd should require avahi, or if there is, avahi should not be configured to run by default.
The reason why avahi-compat-libdns_sd requires avahi is because it links against the avahi libraries that are part of the avahi package.
The proper fix would be to split the avahi libraries off into a seperate package. That would be a non-trivial packaging change however, not sure if that is suitable for fastrack.
Splitting off the libraries is already being requested in bug 530087.
*** Bug 513559 has been marked as a duplicate of this bug. ***
Closing this as we do not want to change component behaviour in 5.8.