From ab957dfa089d91ab69b58e2c2645094712e73a727e822c84e90196ae78fc58e6 Mon Sep 17 00:00:00 2001 From: Johannes Weberhofer Date: Tue, 30 Jun 2020 08:03:55 +0000 Subject: [PATCH] Accepting request 817809 from home:weberho:branches:network:telephony MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Version 4.5.1.3: * Remove reference to SSLv3: gh#coturn/coturn#566 * Ignore MD5 for BoringSSL: gh#coturn/coturn#579 * STUN response buffer not initialized properly; he issue found and reported gh#coturn/coturn#583 by Felix Dörre all credits belongs to him. CVE-2020-4067 - Let coturn allow binding to ports below 1024 per default OBS-URL: https://build.opensuse.org/request/show/817809 OBS-URL: https://build.opensuse.org/package/show/network:telephony/coturn?expand=0&rev=10 --- README.SUSE | 5 ----- coturn-4.5.1.2.tar.gz | 3 --- coturn-4.5.1.3.tar.gz | 3 +++ coturn.changes | 12 ++++++++++++ coturn.service | 4 ++-- coturn.spec | 2 +- 6 files changed, 18 insertions(+), 11 deletions(-) delete mode 100644 coturn-4.5.1.2.tar.gz create mode 100644 coturn-4.5.1.3.tar.gz diff --git a/README.SUSE b/README.SUSE index fca660c..a3d0e15 100644 --- a/README.SUSE +++ b/README.SUSE @@ -10,8 +10,3 @@ firewall-cmd --zone=public --add-service=coturn [--permanent] * /etc/syconfig/coturn has the option '--no-software-attribute' enabled to hide the software version for production issue. -* The trunserveer can only be bound to a port belo 1024 if you add the - AmbientCapabilities=CAP_NET_BIND_SERVICE section to the service file. - - - diff --git a/coturn-4.5.1.2.tar.gz b/coturn-4.5.1.2.tar.gz deleted file mode 100644 index 07cdc5b..0000000 --- a/coturn-4.5.1.2.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:a1ab5fb6a97c1fdd509f6301c5e706f422475a7086657c0c56e2b27cbe01932c -size 436487 diff --git a/coturn-4.5.1.3.tar.gz b/coturn-4.5.1.3.tar.gz new file mode 100644 index 0000000..c1d1406 --- /dev/null +++ b/coturn-4.5.1.3.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:4ff1f8c041ac71445018d81321d4b66e5dce4f171ef73a348d858dc9a0cc1cce +size 437084 diff --git a/coturn.changes b/coturn.changes index 1bd8b05..b244b49 100644 --- a/coturn.changes +++ b/coturn.changes @@ -1,3 +1,15 @@ +------------------------------------------------------------------- +Tue Jun 30 07:54:01 UTC 2020 - Johannes Weberhofer + +- Version 4.5.1.3: + * Remove reference to SSLv3: gh#coturn/coturn#566 + * Ignore MD5 for BoringSSL: gh#coturn/coturn#579 + * STUN response buffer not initialized properly; he issue found and + reported gh#coturn/coturn#583 by Felix Dörre all credits belongs to + him. CVE-2020-4067 + +- Let coturn allow binding to ports below 1024 per default + ------------------------------------------------------------------- Mon May 4 12:58:39 UTC 2020 - Johannes Weberhofer diff --git a/coturn.service b/coturn.service index 100f2c0..981c371 100644 --- a/coturn.service +++ b/coturn.service @@ -13,8 +13,8 @@ ExecStart=/usr/bin/turnserver -o -c /etc/coturn/turnserver.conf --pidfile /run/c Restart=on-abort ExecReload=/bin/kill -HUP $MAINPID -# enable next line to make coturn able to bind to a port below 1024 -#AmbientCapabilities=CAP_NET_BIND_SERVICE +# next line allows coturn to bind to a port below 1024 +AmbientCapabilities=CAP_NET_BIND_SERVICE LimitCORE=infinity LimitNOFILE=999999 diff --git a/coturn.spec b/coturn.spec index d45efad..a828b9f 100644 --- a/coturn.spec +++ b/coturn.spec @@ -24,7 +24,7 @@ %endif %bcond_without apparmor Name: coturn -Version: 4.5.1.2 +Version: 4.5.1.3 Release: 0 Summary: TURN and STUN server for VoIP License: BSD-3-Clause