Hello community, here is the log from the commit of package znc for openSUSE:Factory checked in at 2018-07-27 10:55:30 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/znc (Old) and /work/SRC/openSUSE:Factory/.znc.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "znc" Fri Jul 27 10:55:30 2018 rev:15 rq:623567 version:1.7.1 Changes: -------- --- /work/SRC/openSUSE:Factory/znc/znc.changes 2018-06-13 15:37:15.773257997 +0200 +++ /work/SRC/openSUSE:Factory/.znc.new/znc.changes 2018-07-27 10:55:35.909572658 +0200 @@ -1,0 +2,42 @@ +Wed Jul 18 07:22:27 UTC 2018 - [email protected] + +- Update to version 1.7.1: + * Security critical fixes[edit] + + CVE-2018-14055: non-admin user could gain admin privileges and shell access by injecting values into znc.conf. + + CVE-2018-14056: path traversal in HTTP handler via ../ in a web skin name. + * Core + + Fix znc-buildmod to not hardcode the compiler used to build ZNC anymore in CMake build (#1536) + + Fix language selector. Russian and German were both not selectable. + + Fix build without SSL support (#1554) + + Fix several broken strings + + Stop spamming users about debug mode. This feature was added in 1.7.0, now reverted. (#1541) + * New + + Add partial Spanish, Indonesian, and Dutch translations + * Modules + + adminlog: Log the error message again (regression of 1.7.0) (#1557) + + admindebug: New module, which allows admins to turn on/off --debug in runtime (#1556) + + flooddetach: Fix description of commands (#1548) + + modperl: Fix memory leak in NV handling + + modperl: Fix functions which return VCString (#1543) + + modpython: Fix functions which return VCString (#1543) + + webadmin: Fix fancy CTCP replies editor for Firefox. It was showing the plain version even when JS is enabled + * Internal + + Deprecate one of the overloads of CMessage::GetParams(), rename it to CMessage::GetParamsColon() + + Don't throw from destructor in the integration test + + Fix a warning with integration test / gmake / znc-buildmod interaction. +- Drop upstream patches: + * znc-inject2.patch + * znc-inject.patch + * znc-traversal.patch + +------------------------------------------------------------------- +Mon Jul 16 07:58:04 UTC 2018 - [email protected] + +- Fix boo#1101280 CVE-2018-14056 + * znc-traversal.patch +- Fix boo#1101281 CVE-2018-14055 + * znc-inject.patch + * znc-inject2.patch +- Fix building on Leap-42* by using less strict linker flags + +------------------------------------------------------------------- Old: ---- znc-1.7.0.tar.gz znc-1.7.0.tar.gz.sig New: ---- znc-1.7.1.tar.gz znc-1.7.1.tar.gz.sig ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ znc.spec ++++++ --- /var/tmp/diff_new_pack.hEhX46/_old 2018-07-27 10:55:36.333573470 +0200 +++ /var/tmp/diff_new_pack.hEhX46/_new 2018-07-27 10:55:36.337573478 +0200 @@ -17,7 +17,7 @@ Name: znc -Version: 1.7.0 +Version: 1.7.1 Release: 0 Summary: Advanced IRC Bouncer License: Apache-2.0 @@ -29,7 +29,6 @@ BuildRequires: cmake >= 3.1 BuildRequires: fdupes BuildRequires: gcc-c++ -BuildRequires: libboost_locale-devel BuildRequires: perl BuildRequires: pkgconfig BuildRequires: systemd-rpm-macros @@ -43,6 +42,11 @@ Requires(pre): shadow Recommends: %{name}-lang %systemd_requires +%if 0%{?suse_version} > 1325 +BuildRequires: libboost_locale-devel +%else +BuildRequires: boost-devel +%endif %description ZNC is an IRC bouncer with many features like detaching, multiple @@ -114,7 +118,8 @@ -DWANT_PERL=1 \ -DWANT_SYSTEMD=1 \ -DWANT_PYTHON=1 \ - -DWANT_PYTHON_VERSION=python3 + -DWANT_PYTHON_VERSION=python3 \ + -DCMAKE_MODULE_LINKER_FLAGS="-Wl,--as-needed" %make_jobs %install @@ -147,6 +152,7 @@ %{_bindir}/%{name} %dir %{_libdir}/%{name}/ %{_libdir}/%{name}/autoattach.so +%{_libdir}/%{name}/admindebug.so %{_libdir}/%{name}/alias.so %{_libdir}/%{name}/autocycle.so %{_libdir}/%{name}/autoop.so ++++++ znc-1.7.0.tar.gz -> znc-1.7.1.tar.gz ++++++ ++++ 70224 lines of diff (skipped)
