commit coturn for openSUSE:Leap:15.2
Hello community,
here is the log from the commit of package coturn for openSUSE:Leap:15.2
checked in at 2020-05-07 19:28:27
Comparing /work/SRC/openSUSE:Leap:15.2/coturn (Old)
and /work/SRC/openSUSE:Leap:15.2/.coturn.new.2738 (New)
Package is "coturn"
Thu May 7 19:28:27 2020 rev:3 rq:801108 version:4.5.1.2
Changes:
--- /work/SRC/openSUSE:Leap:15.2/coturn/coturn.changes 2020-04-21
19:08:45.928140618 +0200
+++ /work/SRC/openSUSE:Leap:15.2/.coturn.new.2738/coturn.changes
2020-05-07 19:33:59.122287785 +0200
@@ -1,0 +2,54 @@
+Mon May 4 12:58:39 UTC 2020 - Johannes Weberhofer
+
+- Extended Readme.SUSE with description on how to bind to ports below 1024
+- Fixes and enhancements in service-file
+- /etc/sysconfig/coturn defaults now to not show software's version to the
public
+
+- Version 4.5.1.2:
+ * Do not display empty CLI passwd alert if CLI is not enabled
+ * Removed several functions: gh#coturn/coturn#359
+ * Fix webadmin IP permission and possible SQL-injections:
gh#coturn/coturn#386
+ * Fix Mongo driver crash on invalid connection string: gh#coturn/coturn#390
+ * enhanced fread return length check: gh#coturn/coturn#392
+ * disconnect database gracefully: #367
+ * Using SSL_get_version method for BoringSSL compatibility:
+turn_session_info->tls_method returns real TLS version:
+gh#coturn/coturn#382
+ * Added systemd service example: gh#coturn/coturn#276
+ * Add bandwidth usage reporting packet/bandwidth usage by peers:
+gh#coturn/coturn#284
+ * Modifying configure to enable compile with private libraries:
+gh#coturn/coturn#381
+ * Append to log files rather than overriding them: gh#coturn/coturn#417
+ * Updated incorrect string length check for 'ssh': gh#coturn/coturn#442
+ * Fix Dockerfile for latest Debian: gh#coturn/coturn#449
+ * CVE-2020-6061, CVE-2020-6062: specially crafted HTTP POST request can lead
+to heap overflow which can result in information leak:
+gh#coturn/coturn#489
+ * STUN input validation: gh#coturn/coturn#472
+ * Allow MD5 in FIPS mode: gh#coturn/coturn#398
+ * update travis config ubuntu/mac images
+ * added null check for second char: gh#coturn/coturn#466
+ * compiler warning fixes: gh#coturn/coturn#470
+ * Fix a memory leak when an SHATYPE isn't supported: gh#coturn/coturn#471
+ * fix compiler warning comparison between signed and unsigned integer
expressions
+ * fix compiler warning string truncation
+ * change Diffie Hellman default key length from 1066 to 2066
+ * drop of supplementary group IDs: gh#coturn/coturn#522
+ * Unify spelling of Coturn: gh#coturn/coturn#514
+ * Rename "prod" config option to "no-software-attribute":
gh#coturn/coturn#506
+gh#coturn/coturn#478
+ * change sql data dir in docker-compose-all.yml: gh#coturn/coturn#516
+ * add flags to disable periodic use of dynamic tables: gh#coturn/coturn#525
+
+ * fix typos and grammar: gh#coturn/coturn#463, gh#coturn/coturn#488
+ * Update README.docker: gh#coturn/coturn#475
+ * fix config extension in README.docker: gh#coturn/coturn#519
+ * Code beautifications: gh#coturn/coturn#327, gh#coturn/coturn#455,
+gh#coturn/coturn#513
+
+- Removed patches now included in upstream: coturn-4.5.1.0-append-log.patch,
+ coturn-4.5.1.1-cve-2020-6061.patch, coturn-4.5.1.1-cve-2020-6062.patch and
+ coturn-4.5.1.1.missing-call-to-setgroups-before-setuid.patch
+
+---
Old:
coturn-4.5.1.0-append-log.patch
coturn-4.5.1.1-cve-2020-6061.patch
coturn-4.5.1.1-cve-2020-6062.patch
coturn-4.5.1.1.missing-call-to-setgroups-before-setuid.patch
coturn-4.5.1.1.tar.gz
New:
coturn-4.5.1.2.tar.gz
Other differences:
--
++ coturn.spec ++
--- /var/tmp/diff_new_pack.P6Ewh6/_old 2020-05-07 19:33:59.738289018 +0200
+++ /var/tmp/diff_new_pack.P6Ewh6/_new 2020-05-07 19:33:59.742289026 +0200
@@ -17,14 +17,14 @@
%global _lto_cflags %{?_lto_cflags} -ffat-lto-objects
-%bcond_without apparmor
%if 0%{?suse_version} > 1320
%bcond_without apparmor_reload
%else
%bcond_with apparmor_reload
%endif
+%bcond_without apparmor
Name: coturn
-Version:4.5.1.1
+Version:4.5.1.2
Release:0
Summary:TURN and STUN server for VoIP
License:BSD-3-Clause
@@ -39,14 +39,6 @@
Source6:%{name}.firewalld
Source7:README.SUSE
Source8:%{name}-apparmor-usr.bin.turnserver
-# PATCH-FIX-UPSTREAM coturn-4.5.1.0-append-log.patch Append only to log files
rather to override them
-Patch0: coturn-4.5.1.0-append-log.patch
-# PATCH-FIX-UPSTREAM coturn-4.5.1.1-cve-2020-6061.patch CVE-2020-6061
-Patch1: coturn-4.5.1.1-cve-2020-6061.patch
-# PATCH-FIX-UPSTREAM
commit coturn for openSUSE:Leap:15.2
Hello community,
here is the log from the commit of package coturn for openSUSE:Leap:15.2
checked in at 2020-04-21 19:07:24
Comparing /work/SRC/openSUSE:Leap:15.2/coturn (Old)
and /work/SRC/openSUSE:Leap:15.2/.coturn.new.2738 (New)
Package is "coturn"
Tue Apr 21 19:07:24 2020 rev:2 rq:796053 version:4.5.1.1
Changes:
--- /work/SRC/openSUSE:Leap:15.2/coturn/coturn.changes 2020-04-14
14:24:18.973423842 +0200
+++ /work/SRC/openSUSE:Leap:15.2/.coturn.new.2738/coturn.changes
2020-04-21 19:08:45.928140618 +0200
@@ -1,0 +2,6 @@
+Tue Apr 14 18:38:59 UTC 2020 - l...@linux-schulserver.de
+
+- added apparmor profile (coturn-apparmor-usr.bin.turnserver)
+- fix executable permissions in devel package by using defattr
+
+---
New:
coturn-apparmor-usr.bin.turnserver
Other differences:
--
++ coturn.spec ++
--- /var/tmp/diff_new_pack.xjs9yf/_old 2020-04-21 19:08:46.400141579 +0200
+++ /var/tmp/diff_new_pack.xjs9yf/_new 2020-04-21 19:08:46.404141588 +0200
@@ -17,6 +17,12 @@
%global _lto_cflags %{?_lto_cflags} -ffat-lto-objects
+%bcond_without apparmor
+%if 0%{?suse_version} > 1320
+%bcond_without apparmor_reload
+%else
+%bcond_with apparmor_reload
+%endif
Name: coturn
Version:4.5.1.1
Release:0
@@ -32,6 +38,7 @@
Source5:%{name}.sysconfig
Source6:%{name}.firewalld
Source7:README.SUSE
+Source8:%{name}-apparmor-usr.bin.turnserver
# PATCH-FIX-UPSTREAM coturn-4.5.1.0-append-log.patch Append only to log files
rather to override them
Patch0: coturn-4.5.1.0-append-log.patch
# PATCH-FIX-UPSTREAM coturn-4.5.1.1-cve-2020-6061.patch CVE-2020-6061
@@ -52,6 +59,18 @@
BuildRequires: pkgconfig(libssl) >= 1.0.2
BuildRequires: pkgconfig(sqlite3)
BuildRequires: pkgconfig(systemd)
+%if %{with apparmor}
+%if 0%{?suse_version} <= 1315
+BuildRequires: apparmor-profiles
+Recommends: apparmor-profiles
+%else
+BuildRequires: apparmor-abstractions
+Recommends: apparmor-abstractions
+%endif
+%if %{with apparmor_reload}
+BuildRequires: apparmor-rpm-macros
+%endif
+%endif
Requires(pre): %fillup_prereq
Requires(pre): shadow
Recommends: logrotate
@@ -102,7 +121,7 @@
%install
%make_install
-mkdir -p
%{buildroot}{%{_sysconfdir}/pki/coturn/{public,private},{%{_rundir},%{_localstatedir}/{lib,log}}/%{name},%{_unitdir},%{_sysusersdir},%{_sbindir}}
+mkdir -p
%{buildroot}{%{_sysconfdir}/pki/coturn/{public,private},{%{_rundir},%{_localstatedir}/{lib,log}}/%{name},%{_unitdir},%{_sysusersdir},%{_sbindir},%{_sysconfdir}/apparmor.d/local}
install -Dpm 0644 %{SOURCE1} %{buildroot}%{_unitdir}/
install -Dpm 0644 %{SOURCE2} %{buildroot}%{_tmpfilesdir}/%{name}.conf
install -Dpm 0644 %{SOURCE3} %{buildroot}%{_sysconfdir}/logrotate.d/%{name}
@@ -110,6 +129,13 @@
install -Dpm 0644 %{SOURCE5} %{buildroot}%{_fillupdir}/sysconfig.%{name}
install -Dpm 0644 %{SOURCE6}
%{buildroot}%{_libexecdir}/firewalld/services/%{name}.xml
install -Dpm 0644 %{SOURCE7} %{buildroot}%{_docdir}/%{name}/
+%if %{with apparmor}
+install -Dpm 0644 %{SOURCE8}
%{buildroot}%{_sysconfdir}/apparmor.d/usr.bin.turnserver
+cat > %{buildroot}%{_sysconfdir}/apparmor.d/local/usr.bin.turnserver << EOF
+# Site-specific additions and overrides for usr.bin.turnserver
+# See /etc/apparmor.d/local/README for details.
+EOF
+%endif
sed -i \
-e "s|^syslog$|#syslog|g" \
@@ -148,6 +174,9 @@
systemd-tmpfiles --create %{_prefix}/lib/tmpfiles.d/%{name}.conf
%{fillup_only -n %{name}}
%firewalld_reload
+%if %{with apparmor} && %{with apparmor_reload}
+%apparmor_reload %{_sysconfdir}/apparmor.d/usr.bin.turnserver
+%endif
%preun
%service_del_preun %{name}.service
@@ -203,6 +232,13 @@
%dir %attr(0750,%{name},%{name}) %{_localstatedir}/log/%{name}
%config(noreplace) %{_sysconfdir}/logrotate.d/%{name}
+%if %{with apparmor}
+%dir %{_sysconfdir}/apparmor.d
+%dir %{_sysconfdir}/apparmor.d/local
+%config %{_sysconfdir}/apparmor.d/usr.bin.turnserver
+%config(noreplace) %{_sysconfdir}/apparmor.d/local/usr.bin.turnserver
+%endif
+
%files utils
%license LICENSE
%{_bindir}/turnutils_peer
@@ -215,6 +251,7 @@
%{_mandir}/man1/turnutils_*.1%{?ext_man}
%files devel
+%defattr(0644,root,root)
%license LICENSE
%{_includedir}/turn
%{_libdir}/libturnclient.a
++ coturn-apparmor-usr.bin.turnserver ++
#include
/usr/bin/turnserver {
#include
#include
#include
/etc/coturn/*.conf r,
/etc/pki/coturn/** r,
/usr/bin/turnserver mr,
owner /run/coturn/* w,
owner /var/lib/coturn/* rwk,
owner /var/log/coturn/*.log rw,
owner /var/log/turn*.log w,
# Site-specific additions and overrides. See local/README for details.
#include
}
