Hello community, here is the log from the commit of package zeromq for openSUSE:Factory checked in at 2019-07-16 08:38:31 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/zeromq (Old) and /work/SRC/openSUSE:Factory/.zeromq.new.1887 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "zeromq" Tue Jul 16 08:38:31 2019 rev:37 rq:714767 version:4.3.2 Changes: -------- --- /work/SRC/openSUSE:Factory/zeromq/zeromq.changes 2019-01-25 22:41:25.611371475 +0100 +++ /work/SRC/openSUSE:Factory/.zeromq.new.1887/zeromq.changes 2019-07-16 08:38:32.831079320 +0200 @@ -1,0 +2,28 @@ +Tue Jul 9 07:35:29 UTC 2019 - Vítězslav Čížek <vci...@suse.com> + +- New upstream version 4.3.2: + * CVE-2019-13132: a remote, unauthenticated client connecting to a + libzmq application, running with a socket listening with CURVE + encryption/authentication enabled, may cause a stack overflow and + overwrite the stack with arbitrary data, due to a buffer overflow in + the library. Users running public servers with the above configuration + are highly encouraged to upgrade as soon as possible, as there are no + known mitigations. (bsc#1140255) + * New DRAFT (see NEWS for 4.2.0) zmq_socket_monitor_versioned API that supports + a versioned monitoring events protocol as a parameter. Passing 1 results in + the same behaviour as zmq_socket_monitor. + * New DRAFT (see NEWS for 4.2.0) zmq_socket_monitor_pipes_stats that triggers + a new ZMQ_EVENT_PIPES_STATS to be delivered via zmq_socket_monitor_versioned + v2 API, which contains the current status of all the queues owned by the + monitored socket. See doc/zmq_socket_monitor_versioned.txt for details. + * New DRAFT (see NEWS for 4.2.0) zmq_poller_fd that returns the FD of a thread + safe socket. + * New DRAFT (see NEWS for 4.2.0) socket options: + ZMQ_XPUB_MANUAL_LAST_VALUE is similar to ZMQ_XPUB_MANUAL but allows to avoid + duplicates when using last value caching. + ZMQ_SOCKS_USERNAME and ZMQ_SOCKS_PASSWORD that implement SOCKS5 proxy + authentication. +- For complete set of changes, see + https://github.com/zeromq/libzmq/releases/tag/v4.3.2 + +------------------------------------------------------------------- Old: ---- zeromq-4.3.1.tar.gz New: ---- zeromq-4.3.2.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ zeromq.spec ++++++ --- /var/tmp/diff_new_pack.F7bkb9/_old 2019-07-16 08:38:33.391079039 +0200 +++ /var/tmp/diff_new_pack.F7bkb9/_new 2019-07-16 08:38:33.395079036 +0200 @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # @@ -23,7 +23,7 @@ %bcond_with pgm %endif Name: zeromq -Version: 4.3.1 +Version: 4.3.2 Release: 0 Summary: Lightweight messaging kernel License: LGPL-3.0-or-later ++++++ zeromq-4.3.1.tar.gz -> zeromq-4.3.2.tar.gz ++++++ ++++ 55237 lines of diff (skipped)