AArch64 | |
ppc64le | |
s390x | |
x86-64 |
- Drop @privileged SystemCallFilter, can prevent service from starting (status=31/SYS)
- Dropped harden_coturn.service.patch because systemd units are created from own source anyway and are proven to work
- Drop ProtectClock hardening, can cause issues if other device acceess is needed
- Added hardening to systemd service(s). Added patch(es): * harden_coturn.service.patch Modified: * coturn.service * coturn@.service
- Version 4.5.2 * Fix for CVE-2020-26262 (boo#1180764) - Fix ipv6 ::1 loopback check - Not allow allocate peer address 0.0.0.0/8 and ::/128 - For more details see the github security advisory: https://github.com/coturn/coturn/security/advisories/GHSA-6g6j-r9rf-cm7p * fix null pointer dereference in case of out of memory. * Fix: Null pointer dereference on tcp_client_input_handler_rfc6062data function * Fix: use-after-free vulnerability on write_to_peerchannel function * Fix: use-after-free vulnerability on write_client_connection function * add prometheus metrics * Delete trailing whitespace in example configuration files * Add architecture ppc64le to travis build * Fix misleading option in doc (prometheus) * Allow RFC6062 TCP relay data to look like TLS * Add support for proxy protocol V1 * Print full date and time in logs * Add new options: "new-log-timestamp" and "new-log-timestamp-format" * Do not use FIPS and remove hardcode OPENSSL_VERSION_NUMBER with LibreSSL * Add ACME redirect url * support of --acme-redirect <URL> * fix acme security, redundancy, consistency * Add new --log-binding option to enable binding request logging * Fix stale-nonce documentation * Version number is changed to semver 2.0 * pkg-config, and various cleanups in configure file * Add systemd notification for better systemd integration * Fix c++ support * Remove session id/allocation labels * Remove per session metrics. We should later add more counters.
- AppArmor profile has ABI 3.0 and some minor changes - Modified systemd unit: * do not use daemon mode * Type=simple * added security settings - added multi-instance systemd unit
- Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075)
- Version 4.5.1.3: * Remove reference to SSLv3: gh#coturn/coturn#566 * Ignore MD5 for BoringSSL: gh#coturn/coturn#579 * STUN response buffer not initialized properly; he issue found and reported gh#coturn/coturn#583 by Felix Dörre all credits belongs to him. CVE-2020-4067, boo#1173510 - Let coturn allow binding to ports below 1024 per default
- Extended Readme.SUSE with description on how to bind to ports below 1024 - Fixes and enhancements in service-file - /etc/sysconfig/coturn defaults now to not show software's version to the public - Version 4.5.1.2: * Do not display empty CLI passwd alert if CLI is not enabled * Removed several functions: gh#coturn/coturn#359 * Fix webadmin IP permission and possible SQL-injections: gh#coturn/coturn#386 * Fix Mongo driver crash on invalid connection string: gh#coturn/coturn#390 * enhanced fread return length check: gh#coturn/coturn#392 * disconnect database gracefully: #367 * Using SSL_get_version method for BoringSSL compatibility: turn_session_info->tls_method returns real TLS version: gh#coturn/coturn#382 * Added systemd service example: gh#coturn/coturn#276 * Add bandwidth usage reporting packet/bandwidth usage by peers: gh#coturn/coturn#284 * Modifying configure to enable compile with private libraries: gh#coturn/coturn#381 * Append to log files rather than overriding them: gh#coturn/coturn#417 * Updated incorrect string length check for 'ssh': gh#coturn/coturn#442 * Fix Dockerfile for latest Debian: gh#coturn/coturn#449 * CVE-2020-6061, CVE-2020-6062: specially crafted HTTP POST request can lead to heap overflow which can result in information leak: gh#coturn/coturn#489 * STUN input validation: gh#coturn/coturn#472 * Allow MD5 in FIPS mode: gh#coturn/coturn#398 * update travis config ubuntu/mac images * added null check for second char: gh#coturn/coturn#466 * compiler warning fixes: gh#coturn/coturn#470 * Fix a memory leak when an SHATYPE isn't supported: gh#coturn/coturn#471 * fix compiler warning comparison between signed and unsigned integer expressions * fix compiler warning string truncation * change Diffie Hellman default key length from 1066 to 2066 * drop of supplementary group IDs: gh#coturn/coturn#522 * Unify spelling of Coturn: gh#coturn/coturn#514 * Rename "prod" config option to "no-software-attribute": gh#coturn/coturn#506 gh#coturn/coturn#478 * change sql data dir in docker-compose-all.yml: gh#coturn/coturn#516 * add flags to disable periodic use of dynamic tables: gh#coturn/coturn#525 * fix typos and grammar: gh#coturn/coturn#463, gh#coturn/coturn#488 * Update README.docker: gh#coturn/coturn#475 * fix config extension in README.docker: gh#coturn/coturn#519 * Code beautifications: gh#coturn/coturn#327, gh#coturn/coturn#455, gh#coturn/coturn#513 - Removed patches now included in upstream: coturn-4.5.1.0-append-log.patch, coturn-4.5.1.1-cve-2020-6061.patch, coturn-4.5.1.1-cve-2020-6062.patch and coturn-4.5.1.1.missing-call-to-setgroups-before-setuid.patch
- added apparmor profile (coturn-apparmor-usr.bin.turnserver) - fix executable permissions in devel package by using defattr
- Use pkgconfig(systemd) for packaging
- Shorten description by stripping the long list of all RFCs. - Drop %defattr; use %autosetup.
- Initial release of coturn 4.5.1.1