commit coturn for openSUSE:Leap:15.2
Hello community, here is the log from the commit of package coturn for openSUSE:Leap:15.2 checked in at 2020-05-07 19:28:27 Comparing /work/SRC/openSUSE:Leap:15.2/coturn (Old) and /work/SRC/openSUSE:Leap:15.2/.coturn.new.2738 (New) Package is "coturn" Thu May 7 19:28:27 2020 rev:3 rq:801108 version:4.5.1.2 Changes: --- /work/SRC/openSUSE:Leap:15.2/coturn/coturn.changes 2020-04-21 19:08:45.928140618 +0200 +++ /work/SRC/openSUSE:Leap:15.2/.coturn.new.2738/coturn.changes 2020-05-07 19:33:59.122287785 +0200 @@ -1,0 +2,54 @@ +Mon May 4 12:58:39 UTC 2020 - Johannes Weberhofer + +- Extended Readme.SUSE with description on how to bind to ports below 1024 +- Fixes and enhancements in service-file +- /etc/sysconfig/coturn defaults now to not show software's version to the public + +- Version 4.5.1.2: + * Do not display empty CLI passwd alert if CLI is not enabled + * Removed several functions: gh#coturn/coturn#359 + * Fix webadmin IP permission and possible SQL-injections: gh#coturn/coturn#386 + * Fix Mongo driver crash on invalid connection string: gh#coturn/coturn#390 + * enhanced fread return length check: gh#coturn/coturn#392 + * disconnect database gracefully: #367 + * Using SSL_get_version method for BoringSSL compatibility: +turn_session_info->tls_method returns real TLS version: +gh#coturn/coturn#382 + * Added systemd service example: gh#coturn/coturn#276 + * Add bandwidth usage reporting packet/bandwidth usage by peers: +gh#coturn/coturn#284 + * Modifying configure to enable compile with private libraries: +gh#coturn/coturn#381 + * Append to log files rather than overriding them: gh#coturn/coturn#417 + * Updated incorrect string length check for 'ssh': gh#coturn/coturn#442 + * Fix Dockerfile for latest Debian: gh#coturn/coturn#449 + * CVE-2020-6061, CVE-2020-6062: specially crafted HTTP POST request can lead +to heap overflow which can result in information leak: +gh#coturn/coturn#489 + * STUN input validation: gh#coturn/coturn#472 + * Allow MD5 in FIPS mode: gh#coturn/coturn#398 + * update travis config ubuntu/mac images + * added null check for second char: gh#coturn/coturn#466 + * compiler warning fixes: gh#coturn/coturn#470 + * Fix a memory leak when an SHATYPE isn't supported: gh#coturn/coturn#471 + * fix compiler warning comparison between signed and unsigned integer expressions + * fix compiler warning string truncation + * change Diffie Hellman default key length from 1066 to 2066 + * drop of supplementary group IDs: gh#coturn/coturn#522 + * Unify spelling of Coturn: gh#coturn/coturn#514 + * Rename "prod" config option to "no-software-attribute": gh#coturn/coturn#506 +gh#coturn/coturn#478 + * change sql data dir in docker-compose-all.yml: gh#coturn/coturn#516 + * add flags to disable periodic use of dynamic tables: gh#coturn/coturn#525 + + * fix typos and grammar: gh#coturn/coturn#463, gh#coturn/coturn#488 + * Update README.docker: gh#coturn/coturn#475 + * fix config extension in README.docker: gh#coturn/coturn#519 + * Code beautifications: gh#coturn/coturn#327, gh#coturn/coturn#455, +gh#coturn/coturn#513 + +- Removed patches now included in upstream: coturn-4.5.1.0-append-log.patch, + coturn-4.5.1.1-cve-2020-6061.patch, coturn-4.5.1.1-cve-2020-6062.patch and + coturn-4.5.1.1.missing-call-to-setgroups-before-setuid.patch + +--- Old: coturn-4.5.1.0-append-log.patch coturn-4.5.1.1-cve-2020-6061.patch coturn-4.5.1.1-cve-2020-6062.patch coturn-4.5.1.1.missing-call-to-setgroups-before-setuid.patch coturn-4.5.1.1.tar.gz New: coturn-4.5.1.2.tar.gz Other differences: -- ++ coturn.spec ++ --- /var/tmp/diff_new_pack.P6Ewh6/_old 2020-05-07 19:33:59.738289018 +0200 +++ /var/tmp/diff_new_pack.P6Ewh6/_new 2020-05-07 19:33:59.742289026 +0200 @@ -17,14 +17,14 @@ %global _lto_cflags %{?_lto_cflags} -ffat-lto-objects -%bcond_without apparmor %if 0%{?suse_version} > 1320 %bcond_without apparmor_reload %else %bcond_with apparmor_reload %endif +%bcond_without apparmor Name: coturn -Version:4.5.1.1 +Version:4.5.1.2 Release:0 Summary:TURN and STUN server for VoIP License:BSD-3-Clause @@ -39,14 +39,6 @@ Source6:%{name}.firewalld Source7:README.SUSE Source8:%{name}-apparmor-usr.bin.turnserver -# PATCH-FIX-UPSTREAM coturn-4.5.1.0-append-log.patch Append only to log files rather to override them -Patch0: coturn-4.5.1.0-append-log.patch -# PATCH-FIX-UPSTREAM coturn-4.5.1.1-cve-2020-6061.patch CVE-2020-6061 -Patch1: coturn-4.5.1.1-cve-2020-6061.patch -# PATCH-FIX-UPSTREAM
commit coturn for openSUSE:Leap:15.2
Hello community, here is the log from the commit of package coturn for openSUSE:Leap:15.2 checked in at 2020-04-21 19:07:24 Comparing /work/SRC/openSUSE:Leap:15.2/coturn (Old) and /work/SRC/openSUSE:Leap:15.2/.coturn.new.2738 (New) Package is "coturn" Tue Apr 21 19:07:24 2020 rev:2 rq:796053 version:4.5.1.1 Changes: --- /work/SRC/openSUSE:Leap:15.2/coturn/coturn.changes 2020-04-14 14:24:18.973423842 +0200 +++ /work/SRC/openSUSE:Leap:15.2/.coturn.new.2738/coturn.changes 2020-04-21 19:08:45.928140618 +0200 @@ -1,0 +2,6 @@ +Tue Apr 14 18:38:59 UTC 2020 - l...@linux-schulserver.de + +- added apparmor profile (coturn-apparmor-usr.bin.turnserver) +- fix executable permissions in devel package by using defattr + +--- New: coturn-apparmor-usr.bin.turnserver Other differences: -- ++ coturn.spec ++ --- /var/tmp/diff_new_pack.xjs9yf/_old 2020-04-21 19:08:46.400141579 +0200 +++ /var/tmp/diff_new_pack.xjs9yf/_new 2020-04-21 19:08:46.404141588 +0200 @@ -17,6 +17,12 @@ %global _lto_cflags %{?_lto_cflags} -ffat-lto-objects +%bcond_without apparmor +%if 0%{?suse_version} > 1320 +%bcond_without apparmor_reload +%else +%bcond_with apparmor_reload +%endif Name: coturn Version:4.5.1.1 Release:0 @@ -32,6 +38,7 @@ Source5:%{name}.sysconfig Source6:%{name}.firewalld Source7:README.SUSE +Source8:%{name}-apparmor-usr.bin.turnserver # PATCH-FIX-UPSTREAM coturn-4.5.1.0-append-log.patch Append only to log files rather to override them Patch0: coturn-4.5.1.0-append-log.patch # PATCH-FIX-UPSTREAM coturn-4.5.1.1-cve-2020-6061.patch CVE-2020-6061 @@ -52,6 +59,18 @@ BuildRequires: pkgconfig(libssl) >= 1.0.2 BuildRequires: pkgconfig(sqlite3) BuildRequires: pkgconfig(systemd) +%if %{with apparmor} +%if 0%{?suse_version} <= 1315 +BuildRequires: apparmor-profiles +Recommends: apparmor-profiles +%else +BuildRequires: apparmor-abstractions +Recommends: apparmor-abstractions +%endif +%if %{with apparmor_reload} +BuildRequires: apparmor-rpm-macros +%endif +%endif Requires(pre): %fillup_prereq Requires(pre): shadow Recommends: logrotate @@ -102,7 +121,7 @@ %install %make_install -mkdir -p %{buildroot}{%{_sysconfdir}/pki/coturn/{public,private},{%{_rundir},%{_localstatedir}/{lib,log}}/%{name},%{_unitdir},%{_sysusersdir},%{_sbindir}} +mkdir -p %{buildroot}{%{_sysconfdir}/pki/coturn/{public,private},{%{_rundir},%{_localstatedir}/{lib,log}}/%{name},%{_unitdir},%{_sysusersdir},%{_sbindir},%{_sysconfdir}/apparmor.d/local} install -Dpm 0644 %{SOURCE1} %{buildroot}%{_unitdir}/ install -Dpm 0644 %{SOURCE2} %{buildroot}%{_tmpfilesdir}/%{name}.conf install -Dpm 0644 %{SOURCE3} %{buildroot}%{_sysconfdir}/logrotate.d/%{name} @@ -110,6 +129,13 @@ install -Dpm 0644 %{SOURCE5} %{buildroot}%{_fillupdir}/sysconfig.%{name} install -Dpm 0644 %{SOURCE6} %{buildroot}%{_libexecdir}/firewalld/services/%{name}.xml install -Dpm 0644 %{SOURCE7} %{buildroot}%{_docdir}/%{name}/ +%if %{with apparmor} +install -Dpm 0644 %{SOURCE8} %{buildroot}%{_sysconfdir}/apparmor.d/usr.bin.turnserver +cat > %{buildroot}%{_sysconfdir}/apparmor.d/local/usr.bin.turnserver << EOF +# Site-specific additions and overrides for usr.bin.turnserver +# See /etc/apparmor.d/local/README for details. +EOF +%endif sed -i \ -e "s|^syslog$|#syslog|g" \ @@ -148,6 +174,9 @@ systemd-tmpfiles --create %{_prefix}/lib/tmpfiles.d/%{name}.conf %{fillup_only -n %{name}} %firewalld_reload +%if %{with apparmor} && %{with apparmor_reload} +%apparmor_reload %{_sysconfdir}/apparmor.d/usr.bin.turnserver +%endif %preun %service_del_preun %{name}.service @@ -203,6 +232,13 @@ %dir %attr(0750,%{name},%{name}) %{_localstatedir}/log/%{name} %config(noreplace) %{_sysconfdir}/logrotate.d/%{name} +%if %{with apparmor} +%dir %{_sysconfdir}/apparmor.d +%dir %{_sysconfdir}/apparmor.d/local +%config %{_sysconfdir}/apparmor.d/usr.bin.turnserver +%config(noreplace) %{_sysconfdir}/apparmor.d/local/usr.bin.turnserver +%endif + %files utils %license LICENSE %{_bindir}/turnutils_peer @@ -215,6 +251,7 @@ %{_mandir}/man1/turnutils_*.1%{?ext_man} %files devel +%defattr(0644,root,root) %license LICENSE %{_includedir}/turn %{_libdir}/libturnclient.a ++ coturn-apparmor-usr.bin.turnserver ++ #include /usr/bin/turnserver { #include #include #include /etc/coturn/*.conf r, /etc/pki/coturn/** r, /usr/bin/turnserver mr, owner /run/coturn/* w, owner /var/lib/coturn/* rwk, owner /var/log/coturn/*.log rw, owner /var/log/turn*.log w, # Site-specific additions and overrides. See local/README for details. #include }