Description:
This update for go-sendxmpp fixes the following issues:
Changes in go-sendxmpp:
- Update to 0.15.1:
Added
* Add XEP-0359 Origin-ID to messages (requires go-xmpp >= v0.2.18).
Changed
* HTTP upload: Ignore timeouts on disco IQs as some components do
not reply.
- Upgrades the embedded golang.org/x/net to 0.46.0
* Fixes: bsc#1251461, CVE-2025-47911: various algorithms with
quadratic complexity when parsing HTML documents
* Fixes: bsc#1251677, CVE-2025-58190: excessive memory consumption
by 'html.ParseFragment' when processing specially crafted input
- Update to 0.15.0:
Added:
* Add flag --verbose to show debug information.
* Add flag --recipients to specify recipients by file.
* Add flag --retry-connect to try after a waiting time if the connection fails.
* Add flag --retry-connect-max to specify the amount of retry attempts.
* Add flag --legacy-pgp for using XEP-0027 PGP encryption with Ox keys.
* Add support for punycode domains.
Changed:
* Update gopenpgp library to v3.
* Improve error detection for MUC joins.
* Don't try to connect to other SRV record targets if error contains 'auth-failure'.
* Remove support for old SSDP version (via go-xmpp v0.2.15).
* Http-upload: Stop checking other disco items after finding upload component.
* Increase default TLS version to 1.3.
- bsc#1241814 (CVE-2025-22872): This update includes golang.org/x/net/html 0.43.0
- Update to 0.14.1:
* Use prettier date format for error messages.
* Update XEP-0474 to version 0.4.0 (requires go-xmpp >= 0.2.10).
- Update to 0.14.0:
Added:
* Add --fast-invalidate to allow invalidating the FAST token.
Changed:
* Don't create legacy Ox private key directory in ~/.local/share/go-sendxmpp/oxprivkeys.
* Delete legacy Ox private key directory if it's empty.
* Show proper error if saved FAST mechanism isn't usable with current TLS version (requires go-xmpp >= 0.2.9).
* Print debug output to stdout, not stderr (requires go-xmpp >= 0.2.9).
* Show RECV: and SEND: prefix for debug output (requires go-xmpp >= 0.2.9).
* Delete stored fast token if --fast-invalidate and --fast-off are set.
* Show error when FAST creds are stored but non-FAST mechanism is requested.
- Update to 0.13.0:
Added:
* Add --anonymous to support anonymous authentication (requires go-xmpp >= 0.2.8).
* Add XEP-0480: SASL Upgrade Tasks support (requires go-xmpp >= 0.2.8).
* Add support for see-other-host stream error (requires go-xmpp >= 0.2.8).
Changed:
* Don't automatically try other auth mechanisms if FAST authentication fails.
- Update to 0.12.1:
Changed:
* Print error instead of quitting if a message of type error is received.
* Allow upload of multiple files.
Added:
* Add flag --suppress-root-warning to suppress the warning when go-sendxmpp is used by the root user.
- Update to 0.12.0:
Added:
* Add possibility to look up direct TLS connection endpoint via hostmeta2 (requires xmppsrv >= 0.3.3).
* Add flag --allow-plain to allow PLAIN authentication (requires go-xmpp >= 0.2.5).
Changed:
* Disable PLAIN authentication per default.
* Disable PLAIN authentication after first use of a SCRAM auth mechanism (overrides --allow-plain) (requires
go-xmpp >= 0.2.5).
- Update to 0.11.4:
* Fix bug in SCRAM-SHA-256-PLUS (via go-xmpp >= 0.2.4).
- Update to 0.11.3:
* Add go-xmpp library version to --version output (requires go-xmpp >= 0.2.2).
* Fix XEP-0474: SASL SCRAM Downgrade Protection hash calculation bug (via go-xmpp >= v0.2.3).
* [gocritic]: Improve code quality.