From 36f26e008a785f0720e64b44d7bf6d69ad26084d0a70454a5f94758bcf80b829 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michael=20Str=C3=B6der?= <michael@stroeder.com>
Date: Mon, 11 Jan 2021 10:58:27 +0000
Subject: [PATCH] Accepting request 862256 from
 home:weberho:branches:network:telephony

- Version 4.5.2
  * Fix for CVE-2020-26262 (boo#1180764)
    - Fix ipv6 ::1 loopback check
    - Not allow allocate peer address 0.0.0.0/8 and ::/128
    - For more details see the github security advisory:
      https://github.com/coturn/coturn/security/advisories/GHSA-6g6j-r9rf-cm7p
  * fix null pointer dereference in case of out of memory.
  * Fix: Null pointer dereference on tcp_client_input_handler_rfc6062data function
  * Fix: use-after-free vulnerability on write_to_peerchannel function
  * Fix: use-after-free vulnerability on write_client_connection function
  * add prometheus metrics
  * Delete trailing whitespace in example configuration files
  * Add architecture ppc64le to travis build
  * Fix misleading option in doc (prometheus)
  * Allow RFC6062 TCP relay data to look like TLS
  * Add support for proxy protocol V1
  * Print full date and time in logs
  * Add new options: "new-log-timestamp" and "new-log-timestamp-format"
  * Do not use FIPS and remove hardcode OPENSSL_VERSION_NUMBER with LibreSSL
  * Add ACME redirect url
  * support of --acme-redirect <URL>
  * fix acme security, redundancy, consistency
  * Add new --log-binding option to enable binding request logging
  * Fix stale-nonce documentation
  * Version number is changed to semver 2.0
  * pkg-config, and various cleanups in configure file
  * Add systemd notification for better systemd integration
  * Fix c++ support
  * Remove session id/allocation labels
  * Remove per session metrics. We should later add more counters.

OBS-URL: https://build.opensuse.org/request/show/862256
OBS-URL: https://build.opensuse.org/package/show/network:telephony/coturn?expand=0&rev=17
---
 coturn-4.5.1.3.tar.gz |  3 ---
 coturn-4.5.2.tar.gz   |  3 +++
 coturn.changes        | 36 ++++++++++++++++++++++++++++++++++++
 coturn.spec           |  4 ++--
 4 files changed, 41 insertions(+), 5 deletions(-)
 delete mode 100644 coturn-4.5.1.3.tar.gz
 create mode 100644 coturn-4.5.2.tar.gz

diff --git a/coturn-4.5.1.3.tar.gz b/coturn-4.5.1.3.tar.gz
deleted file mode 100644
index c1d1406..0000000
--- a/coturn-4.5.1.3.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:4ff1f8c041ac71445018d81321d4b66e5dce4f171ef73a348d858dc9a0cc1cce
-size 437084
diff --git a/coturn-4.5.2.tar.gz b/coturn-4.5.2.tar.gz
new file mode 100644
index 0000000..36c90b4
--- /dev/null
+++ b/coturn-4.5.2.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:462f1aa5c2455f28c1c8df09510d9e88ab14a1159b5e33ea5be5095262e83745
+size 442745
diff --git a/coturn.changes b/coturn.changes
index 2ca16d9..3acf16d 100644
--- a/coturn.changes
+++ b/coturn.changes
@@ -1,3 +1,39 @@
+-------------------------------------------------------------------
+Mon Jan 11 10:27:20 UTC 2021 - Johannes Weberhofer <jweberhofer@weberhofer.at>
+
+- Version 4.5.2
+  * Fix for CVE-2020-26262 (boo#1180764)
+    - Fix ipv6 ::1 loopback check
+    - Not allow allocate peer address 0.0.0.0/8 and ::/128
+    - For more details see the github security advisory:
+      https://github.com/coturn/coturn/security/advisories/GHSA-6g6j-r9rf-cm7p
+
+  * fix null pointer dereference in case of out of memory.
+  * Fix: Null pointer dereference on tcp_client_input_handler_rfc6062data function
+  * Fix: use-after-free vulnerability on write_to_peerchannel function
+  * Fix: use-after-free vulnerability on write_client_connection function
+
+  * add prometheus metrics
+  * Delete trailing whitespace in example configuration files
+  * Add architecture ppc64le to travis build
+  * Fix misleading option in doc (prometheus)
+  * Allow RFC6062 TCP relay data to look like TLS
+  * Add support for proxy protocol V1
+  * Print full date and time in logs
+  * Add new options: "new-log-timestamp" and "new-log-timestamp-format"
+  * Do not use FIPS and remove hardcode OPENSSL_VERSION_NUMBER with LibreSSL
+  * Add ACME redirect url
+  * support of --acme-redirect <URL>
+  * fix acme security, redundancy, consistency
+  * Add new --log-binding option to enable binding request logging
+  * Fix stale-nonce documentation
+  * Version number is changed to semver 2.0
+  * pkg-config, and various cleanups in configure file
+  * Add systemd notification for better systemd integration
+  * Fix c++ support
+  * Remove session id/allocation labels
+  * Remove per session metrics. We should later add more counters.
+
 -------------------------------------------------------------------
 Sun Dec 27 15:42:09 UTC 2020 - Michael Ströder <michael@stroeder.com>
 
diff --git a/coturn.spec b/coturn.spec
index 7d19c8f..cdee087 100644
--- a/coturn.spec
+++ b/coturn.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package coturn
 #
-# Copyright (c) 2020 SUSE LLC
+# Copyright (c) 2021 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -24,7 +24,7 @@
 %endif
 %bcond_without  apparmor
 Name:           coturn
-Version:        4.5.1.3
+Version:        4.5.2
 Release:        0
 Summary:        TURN and STUN server for VoIP
 License:        BSD-3-Clause