Hello community, here is the log from the commit of package coturn for openSUSE:Leap:15.2 checked in at 2020-05-07 19:28:27 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Leap:15.2/coturn (Old) and /work/SRC/openSUSE:Leap:15.2/.coturn.new.2738 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "coturn" Thu May 7 19:28:27 2020 rev:3 rq:801108 version:4.5.1.2 Changes: -------- --- /work/SRC/openSUSE:Leap:15.2/coturn/coturn.changes 2020-04-21 19:08:45.928140618 +0200 +++ /work/SRC/openSUSE:Leap:15.2/.coturn.new.2738/coturn.changes 2020-05-07 19:33:59.122287785 +0200 @@ -1,0 +2,54 @@ +Mon May 4 12:58:39 UTC 2020 - Johannes Weberhofer <jweberho...@weberhofer.at> + +- Extended Readme.SUSE with description on how to bind to ports below 1024 +- Fixes and enhancements in service-file +- /etc/sysconfig/coturn defaults now to not show software's version to the public + +- Version 4.5.1.2: + * Do not display empty CLI passwd alert if CLI is not enabled + * Removed several functions: gh#coturn/coturn#359 + * Fix webadmin IP permission and possible SQL-injections: gh#coturn/coturn#386 + * Fix Mongo driver crash on invalid connection string: gh#coturn/coturn#390 + * enhanced fread return length check: gh#coturn/coturn#392 + * disconnect database gracefully: #367 + * Using SSL_get_version method for BoringSSL compatibility: + turn_session_info->tls_method returns real TLS version: + gh#coturn/coturn#382 + * Added systemd service example: gh#coturn/coturn#276 + * Add bandwidth usage reporting packet/bandwidth usage by peers: + gh#coturn/coturn#284 + * Modifying configure to enable compile with private libraries: + gh#coturn/coturn#381 + * Append to log files rather than overriding them: gh#coturn/coturn#417 + * Updated incorrect string length check for 'ssh': gh#coturn/coturn#442 + * Fix Dockerfile for latest Debian: gh#coturn/coturn#449 + * CVE-2020-6061, CVE-2020-6062: specially crafted HTTP POST request can lead + to heap overflow which can result in information leak: + gh#coturn/coturn#489 + * STUN input validation: gh#coturn/coturn#472 + * Allow MD5 in FIPS mode: gh#coturn/coturn#398 + * update travis config ubuntu/mac images + * added null check for second char: gh#coturn/coturn#466 + * compiler warning fixes: gh#coturn/coturn#470 + * Fix a memory leak when an SHATYPE isn't supported: gh#coturn/coturn#471 + * fix compiler warning comparison between signed and unsigned integer expressions + * fix compiler warning string truncation + * change Diffie Hellman default key length from 1066 to 2066 + * drop of supplementary group IDs: gh#coturn/coturn#522 + * Unify spelling of Coturn: gh#coturn/coturn#514 + * Rename "prod" config option to "no-software-attribute": gh#coturn/coturn#506 + gh#coturn/coturn#478 + * change sql data dir in docker-compose-all.yml: gh#coturn/coturn#516 + * add flags to disable periodic use of dynamic tables: gh#coturn/coturn#525 + + * fix typos and grammar: gh#coturn/coturn#463, gh#coturn/coturn#488 + * Update README.docker: gh#coturn/coturn#475 + * fix config extension in README.docker: gh#coturn/coturn#519 + * Code beautifications: gh#coturn/coturn#327, gh#coturn/coturn#455, + gh#coturn/coturn#513 + +- Removed patches now included in upstream: coturn-4.5.1.0-append-log.patch, + coturn-4.5.1.1-cve-2020-6061.patch, coturn-4.5.1.1-cve-2020-6062.patch and + coturn-4.5.1.1.missing-call-to-setgroups-before-setuid.patch + +------------------------------------------------------------------- Old: ---- coturn-4.5.1.0-append-log.patch coturn-4.5.1.1-cve-2020-6061.patch coturn-4.5.1.1-cve-2020-6062.patch coturn-4.5.1.1.missing-call-to-setgroups-before-setuid.patch coturn-4.5.1.1.tar.gz New: ---- coturn-4.5.1.2.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ coturn.spec ++++++ --- /var/tmp/diff_new_pack.P6Ewh6/_old 2020-05-07 19:33:59.738289018 +0200 +++ /var/tmp/diff_new_pack.P6Ewh6/_new 2020-05-07 19:33:59.742289026 +0200 @@ -17,14 +17,14 @@ %global _lto_cflags %{?_lto_cflags} -ffat-lto-objects -%bcond_without apparmor %if 0%{?suse_version} > 1320 %bcond_without apparmor_reload %else %bcond_with apparmor_reload %endif +%bcond_without apparmor Name: coturn -Version: 4.5.1.1 +Version: 4.5.1.2 Release: 0 Summary: TURN and STUN server for VoIP License: BSD-3-Clause @@ -39,14 +39,6 @@ Source6: %{name}.firewalld Source7: README.SUSE Source8: %{name}-apparmor-usr.bin.turnserver -# PATCH-FIX-UPSTREAM coturn-4.5.1.0-append-log.patch Append only to log files rather to override them -Patch0: coturn-4.5.1.0-append-log.patch -# PATCH-FIX-UPSTREAM coturn-4.5.1.1-cve-2020-6061.patch CVE-2020-6061 -Patch1: coturn-4.5.1.1-cve-2020-6061.patch -# PATCH-FIX-UPSTREAM coturn-4.5.1.1-cve-2020-6062.patch CVE-2020-6062 -Patch2: coturn-4.5.1.1-cve-2020-6062.patch -# PATCH-FIX-UPSTREAM coturn-4.5.1.1.missing-call-to-setgroups-before-setuid.patch fix rpmlint error -Patch3: coturn-4.5.1.1.missing-call-to-setgroups-before-setuid.patch BuildRequires: fdupes BuildRequires: firewall-macros BuildRequires: libevent-devel >= 2.0.0 @@ -59,6 +51,10 @@ BuildRequires: pkgconfig(libssl) >= 1.0.2 BuildRequires: pkgconfig(sqlite3) BuildRequires: pkgconfig(systemd) +Requires(pre): %fillup_prereq +Requires(pre): shadow +Recommends: logrotate +%sysusers_requires %if %{with apparmor} %if 0%{?suse_version} <= 1315 BuildRequires: apparmor-profiles @@ -71,10 +67,6 @@ BuildRequires: apparmor-rpm-macros %endif %endif -Requires(pre): %fillup_prereq -Requires(pre): shadow -Recommends: logrotate -%sysusers_requires %description STUN (Session Traversal Utilities for NAT) and TURN (Traversal Using Relays ++++++ README.SUSE ++++++ --- /var/tmp/diff_new_pack.P6Ewh6/_old 2020-05-07 19:33:59.774289090 +0200 +++ /var/tmp/diff_new_pack.P6Ewh6/_new 2020-05-07 19:33:59.778289098 +0200 @@ -6,3 +6,12 @@ ``` firewall-cmd --zone=public --add-service=coturn [--permanent] ``` + +* /etc/syconfig/coturn has the option '--no-software-attribute' enabled to hide + the software version for production issue. + +* The trunserveer can only be bound to a port belo 1024 if you add the + AmbientCapabilities=CAP_NET_BIND_SERVICE section to the service file. + + + ++++++ coturn-4.5.1.1.tar.gz -> coturn-4.5.1.2.tar.gz ++++++ ++++ 19791 lines of diff (skipped) ++++++ coturn.service ++++++ --- /var/tmp/diff_new_pack.P6Ewh6/_old 2020-05-07 19:34:00.062289666 +0200 +++ /var/tmp/diff_new_pack.P6Ewh6/_new 2020-05-07 19:34:00.062289666 +0200 @@ -7,12 +7,15 @@ User=coturn Group=coturn Type=forking -EnvironmentFile=-/etc/sysconfig/turnserver +EnvironmentFile=-/etc/sysconfig/coturn PIDFile=/run/coturn/turnserver.pid ExecStart=/usr/bin/turnserver -o -c /etc/coturn/turnserver.conf --pidfile /run/coturn/turnserver.pid $EXTRA_OPTIONS Restart=on-abort ExecReload=/bin/kill -HUP $MAINPID +# enable next line to make coturn able to bind to a port below 1024 +#AmbientCapabilities=CAP_NET_BIND_SERVICE + LimitCORE=infinity LimitNOFILE=999999 LimitNPROC=60000 ++++++ coturn.sysconfig ++++++ --- /var/tmp/diff_new_pack.P6Ewh6/_old 2020-05-07 19:34:00.082289706 +0200 +++ /var/tmp/diff_new_pack.P6Ewh6/_new 2020-05-07 19:34:00.082289706 +0200 @@ -5,4 +5,4 @@ # # TURN Server startup options # -EXTRA_OPTIONS="" +EXTRA_OPTIONS="--no-software-attribute"