From b8d51b0b8b6710da15bcaa119ae1caecf9f49345739852050385163f4bda8803 Mon Sep 17 00:00:00 2001
From: Johannes Weberhofer <jweberhofer@weberhofer.at>
Date: Mon, 5 Dec 2022 12:21:03 +0000
Subject: [PATCH] Accepting request 1040008 from home:stroeder:network

update to 4.6.1

seems to work for me on Tumbleweed x64-64

OBS-URL: https://build.opensuse.org/request/show/1040008
OBS-URL: https://build.opensuse.org/package/show/network:telephony/coturn?expand=0&rev=24
---
 coturn-4.5.2.tar.gz |   3 --
 coturn-4.6.1.tar.gz |   3 ++
 coturn.changes      | 102 ++++++++++++++++++++++++++++++++++++++++++++
 coturn.service      |   7 ++-
 coturn.spec         |   2 +-
 5 files changed, 109 insertions(+), 8 deletions(-)
 delete mode 100644 coturn-4.5.2.tar.gz
 create mode 100644 coturn-4.6.1.tar.gz

diff --git a/coturn-4.5.2.tar.gz b/coturn-4.5.2.tar.gz
deleted file mode 100644
index 36c90b4..0000000
--- a/coturn-4.5.2.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:462f1aa5c2455f28c1c8df09510d9e88ab14a1159b5e33ea5be5095262e83745
-size 442745
diff --git a/coturn-4.6.1.tar.gz b/coturn-4.6.1.tar.gz
new file mode 100644
index 0000000..2e6f5c8
--- /dev/null
+++ b/coturn-4.6.1.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:8fba86e593ed74adc46e002e925cccff2819745371814f42465fbe717483f1d8
+size 474757
diff --git a/coturn.changes b/coturn.changes
index f2b5a29..e3e906a 100644
--- a/coturn.changes
+++ b/coturn.changes
@@ -1,3 +1,105 @@
+-------------------------------------------------------------------
+Sun Dec  4 12:27:54 UTC 2022 - Michael Ströder <michael@stroeder.com>
+
+- Version 4.6.1
+  - Fix memory corruption on socket close (#1113)
+- Version 4.6.0
+  - merge PR #967 (eakraly)
+    * fix small issues reported by cppcheck
+  - merge PR #974 (eakraly)
+    * fix long log line printing
+  - merge PR #973 (eakraly)
+    * Print turnserver version with --version
+  - merge PR #972 (eakraly)
+    * do not write outside of a buffer in admin interface
+  - merge PR #970 (eakraly)
+    * fix uclient certificate loading bug
+  - merge PR #971 (eakraly)
+    * fix duplicate TCP flag in run_tests.sh script
+    - merge PR #962 (huhaipeng)
+    * fix turn session leak
+    - merge PR #963 (eakraly)
+    * Document dependency of new-log-timestamp-format on new-log-timestamp
+    - merge PR #951 (steffen-moser)
+    * Enable compilation of coturn on Solaris 11.4
+    - merge PR #949 (eakraly)
+    * First step to re-enable compilation with OpenSSL 1.0.x
+    - merge PR #949 (eakraly)
+    * Fix cmake build on macOS
+    - merge PR #942 (eakraly)
+    * Disable SSL renegotiation
+    - merge PR #792 (yfaker)
+    * Fix user quota release #786
+    - merge PR #829 (fancycode)
+    * add more info to redis allocation status
+    - merge PR #938 (eakraly)
+    * update turnserver.conf comment
+    - merge PR #773 (haseebq)
+    * fix performance regression
+    - merge PR #773 (korayvt)
+    * add syslog facility config
+    - merge PR #897 (unicode-it)
+    * add support for dual-stack prom listener
+    - merge PR #984 (rozhuk-im)
+    * fix build with libressl 3.4.0+
+    - merge PR #926 (ggarber)
+    * add ci tests workflow
+    - merge PR #934 (neocat)
+    * show error on invalid config
+    - merge PR #787 (dsmeytis)
+    * add new prom allocations metric
+    - merge PR #869 (micmac1)
+    * don't link in libintl
+    - merge PR #895 (alexnedo)
+    * fix access to freed memory
+    - merge PR #919 (sysvinit)
+    * configurable prom username labels
+    - merge PR #840 (sysvinit)
+    * configurable prometheus listener port
+    - merge PR #870 (micmac1)
+    * fix build mariadb connector
+    - merge PR #851 (freedomben)
+    * fix README typo
+    - merge PR #877 (davel)
+    * correct doc typo
+  - merge PR #755(moznuy) and #825(by argggh)
+    * fix sqlite3_shutdown and sqlite3_config race
+  - merge PR #826 (by giavac)
+    * prom server better
+  - merge PR #684 (by brevilo)
+    * Define OPENSSL_VERSION_1_1_1 on systems where it doesn't (yet) exist
+    * Regression in 4.5.2 that cause issues in openssl version < 1.1.1.
+  - typo fix in prometheus (by fcecagno)
+  - merge PR #687 (by Wuelber Castillo)
+    * Add hash algorithm for hmackey value to redis userdb schema docs
+  - replace keep-address-family with allocation-default-address-family (keep-address-family deprecated and will be removed!!)
+  - merge PR #703 (by j4zzc4t)
+    * Restore no_stdout_log behavior
+  - merge PR #727 (by JoKoT3)
+    * Support older mysql client version in configure
+  - merge PR #721 (by KangLin)
+    * Add to support cmake
+  - merge PR #717 (by marcoschum)
+    * Fix typo in turnserver.conf
+  - merge PR #704 (by hills)
+    * Packaging scripts can miss out on these errors (exit code)
+  - merge PR #679 (by rubo77)
+    * Readme.turnserver: how to run server as a daemon
+  - merge PR #739 (by hills)
+    * SSL reload has hidden bugs which cause crashes
+  - Fix regression in PR #739
+  - Try to mitigate STUN amplification attatck
+    * Add new option --no-rfc5780 to force disable RFC8750
+    * Add new option --no-stun-backward-compatibility
+      Disable handling old STUN Binding requests and disable
+      MAPPED-ADDRESS attribute in binding response (use only the
+      XOR-MAPPED-ADDRESS)
+    * Add new option --response-origin-only-with-rfc5780
+      Add RESPONSE_ORIGIN attribute only if rfc5780 is enabled
+    * Don't send SOFTWARE attribute if --no-software-attribute set on (BREAKING CHANGE)
+  - merge PR #767 (by ggalperi)
+      * fix for log_binding (regression)
+
 -------------------------------------------------------------------
 Fri Aug 19 19:25:35 UTC 2022 - Georg Pfuetzenreuter <georg.pfuetzenreuter@suse.com>
 
diff --git a/coturn.service b/coturn.service
index 61e2790..ffe6751 100644
--- a/coturn.service
+++ b/coturn.service
@@ -26,6 +26,9 @@ CPUSchedulingPolicy=other
 UMask=0007
 
 # various hardening options
+ProtectSystem=strict
+ReadWritePaths=/run/coturn /var/lib/coturn /var/log/coturn
+
 LockPersonality=yes
 MemoryDenyWriteExecute=yes
 MountFlags=private
@@ -39,15 +42,11 @@ ProtectHostname=yes
 ProtectKernelLogs=yes
 ProtectKernelModules=yes
 ProtectKernelTunables=yes
-ProtectSystem=full
 RemoveIPC=yes
 RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
 RestrictNamespaces=yes
 RestrictSUIDSGID=yes
-# added automatically, for details please see
-# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
 RestrictRealtime=true
-# end of automatic additions 
 SystemCallArchitectures=native
 SystemCallFilter=~@clock @debug @module @mount @raw-io @reboot @swap @resources @cpu-emulation @obsolete
 
diff --git a/coturn.spec b/coturn.spec
index b0e34ff..7ed3c85 100644
--- a/coturn.spec
+++ b/coturn.spec
@@ -24,7 +24,7 @@
 %endif
 %bcond_without  apparmor
 Name:           coturn
-Version:        4.5.2
+Version:        4.6.1
 Release:        0
 Summary:        TURN and STUN server for VoIP
 License:        BSD-3-Clause