Update Info

openSUSE-2024-54


Security update for syncthing


Type: security
Severity: moderate
Issued: 2024-02-20
Description:
This update for syncthing fixes the following issues:

Update to 1.27.3

  * Bugfixes:

    #9039: Sync from Linux to Mac with ownership - Local additions after rescan
    #9241: Versions path does not honor tilde (~) shortcut

  * Enhancements:
    #8616: Add CLI completion
    #9151: Add "stay logged in" checkbox to login dialog

  * Other issues:
    #9267: Inconsistent version requirements in lib/build and lib/upgrade
    #9313: Different lengths used for short device IDs in UI

- Make syncthing-relaysrv package resolvable by using systemd users
  to create the required user and group

Update to 1.27.2

  * Bugfixes:

    #9041: cli subcommand does not use STHOMEDIR env var
    #9183: Filesystem watching (kqueue) is enabled … with a lot of files
    #9274: Missing lock in DeviceStatistics ("fatal error: concurrent map read and map write")

  * Enhancements:

    #7406: Add UPnP support for IPv6

  * Other Issues:

    #9247: Embed binary releases signing key as a file instead of hardcoding a string
    #9287: quic-go v0.40.1 (CVE-2023-49295)

Update to 1.27.1

  * Bugfixes:

    #9253: Permission error on folder causes "connection error" dialog when opening folder editor
    #9269: panic: nil pointer dereference in (*indexHandlerRegistry).startLocked

  * Other issues:

    #9274: Missing lock in DeviceStatistics ("fatal error: concurrent map read and map write")

Update to 1.27.0

  * Bugfixes:

    #9179: spurious log file in $XDG_CONFIG_HOME
    #9189: Discovery Returns IP
    #9208: Display error in 1.26 with login screen

  * Enhancements:

    #9178: Default config (state) dir on Unixes should be ~/.local/state/syncthing ($XDG_STATE_HOME/syncthing)
    #9200: Login form: login button should have an id attribute

Update to 1.26.1
  * Bugfixes:
    #9208: Display error in 1.26 with login screen

Update to 1.26.0

  * Bugfixes:

    #9072: Omitting %s from LDAP search filter results in corrupt search filter
    #9106: Posting config with invalid versioner type causes panic
    #9120: Deduplicated files on Windows aren't treated as regular files any more (Go 1.21)
    #9133: Syncthing Docker container fails to start if underlying filesystem doesn't support chown
    #9143: traefik no longer url escape X-Forwarded-Tls-Client-Cert header
    #9149: Favicon is stuck in notify state

  * Enhancements:

    #4137: Use a real login screen + sessions instead of HTTP basic auth

Update to 1.25.0

  * Bugfixes:

    #8274: Usage report transport type is wrong for QUIC
    #8482: Discovery server keeps duplicate entries
    #9019: Web GUI loses config changes when doing multiple modifications (e.g. on slow hardware or remotely)
    #9112: panic: counter cannot decrease in value
    #9123: Hashed passwords via API are hashed again

  * Enhancements:

    #141: Use multiple simultaneous TCP connections
    #5607: Move footer links to header

Update to 1.24.0

  * Bugfixes:

    #8965: v1.23.6 introduces untrusted sharing regression

  * Enhancements:

    #5175: Record more performance metrics
    #7456: Announce IPv6 ULA
    #7973: Restore versions file filter should be case insensitive
    #8767: Check interface for FlagRunning

  * Other issues:

    #9021: panic: bug: ClusterConfig called on closed or nonexistent connection
    #9034: Build with Go 1.21 out of the box

Update to 1.13.7

  * Bugfixes:

    #6597: setLowPriority should not increase process priority when already lower (in Windows)
    #7698: ursrv: unrealistic uptime data, likely due to unset RTC (1970-01-01)
    #8958: Extended attribute filter editor should be enabled when "send extended attributes" is checked
    #8967: Shared With list ends with comma on 1 device
    #9001: relaysrv crash after some weeks of operation

  * Enhancements:

    #8890: Do not autoexpand tilde sign (~) to an absolute home directory path
    #8957: Add environment variables for --home, --conf, and --data
    #8968: Error for Windows invalid file names should indicate the invalid character or name part

  * Other issues:

    #8973: 1.23.6 docker image no longer available for linux/arm/v7
    #8983: Integrate govulncheck

Update to 1.13.6

  * Bugfixes:

    #7638: favicon not working Firefox & derivative browsers
    #8899: Omitting %s from LDAP bind DN sends corrupted bind DN string to LDAP server
    #8920: Untrusted device should be disallowed from being an introducer
    #8960: relaysrv and discosrv docker images haven't been updated for more than year


              

References


Packages


  • syncthing-1.27.3-bp155.2.6.1