pool/go-sendxmpp
SHA256
17
0
Fork 3
Code Issues Pull Requests 2 Activity

0.15.1: bsc#1251461, CVE-2025-47911 and bsc#1251677, CVE-2025-58190 #2

Open
fstrba wants to merge 17 commits from fstrba/go-sendxmpp:leap-16.1 into leap-16.1
pull from: fstrba/go-sendxmpp:leap-16.1
merge into: pool:leap-16.1
Conversation 3 Commits 17 Files Changed 6 +112 -8
fstrba commented 2026-01-16 07:12:38 +01:00
First-time contributor
Copy Link
No description provided.
fstrba added 17 commits 2026-01-16 07:12:39 +01:00
- Update to 0.11.1: 8a1d636f68 
* Fix Ox encryption in interactive mode (do not add the same
    recipient key to the keyring over and over again).
  * Exit with error code if Ox encryption for one recipient fails.
  * Improved handling of perl sendxmpp config files.

OBS-URL: https://build.opensuse.org/package/show/network:messaging:xmpp/go-sendxmpp?expand=0&rev=35
Accepting request 1186988 from network:messaging:xmpp 6b11deded6 
- Update to 0.11.1:
  * Fix Ox encryption in interactive mode (do not add the same
    recipient key to the keyring over and over again).
  * Exit with error code if Ox encryption for one recipient fails.
  * Improved handling of perl sendxmpp config files.

OBS-URL: https://build.opensuse.org/request/show/1186988
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/go-sendxmpp?expand=0&rev=17
- Update to 0.11.2: 4fd9149ca8 
* Add Gopenpgp and Xmppsrv version to --version output.
  * Improve selection between StartTLS and DirectTLS.

OBS-URL: https://build.opensuse.org/package/show/network:messaging:xmpp/go-sendxmpp?expand=0&rev=37
Accepting request 1201691 from network:messaging:xmpp b6e9572511 
- Update to 0.11.2:
  * Add Gopenpgp and Xmppsrv version to --version output.
  * Improve selection between StartTLS and DirectTLS.

OBS-URL: https://build.opensuse.org/request/show/1201691
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/go-sendxmpp?expand=0&rev=18
- Update to 0.11.4: 667e393afc 
* Fix bug in SCRAM-SHA-256-PLUS (via go-xmpp >= 0.2.4).

- Update to 0.11.3:
  * Add go-xmpp library version to --version output (requires go-xmpp >= 0.2.2).
  * Fix XEP-0474: SASL SCRAM Downgrade Protection hash calculation bug (via go-xmpp >= v0.2.3).
  * [gocritic]: Improve code quality.

OBS-URL: https://build.opensuse.org/package/show/network:messaging:xmpp/go-sendxmpp?expand=0&rev=39
Accepting request 1218605 from network:messaging:xmpp daf9be3c5a 
- Update to 0.11.4:
  * Fix bug in SCRAM-SHA-256-PLUS (via go-xmpp >= 0.2.4).

- Update to 0.11.3:
  * Add go-xmpp library version to --version output (requires go-xmpp >= 0.2.2).
  * Fix XEP-0474: SASL SCRAM Downgrade Protection hash calculation bug (via go-xmpp >= v0.2.3).
  * [gocritic]: Improve code quality.

OBS-URL: https://build.opensuse.org/request/show/1218605
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/go-sendxmpp?expand=0&rev=19
- Update to 0.12.1: 483c33292f 
Changed:
  * Print error instead of quitting if a message of type error is received.
  * Allow upload of multiple files.
  Added:
  * Add flag --suppress-root-warning to suppress the warning when go-sendxmpp is used by the root user.

- Update to 0.12.0:
  Added:
  * Add possibility to look up direct TLS connection endpoint via hostmeta2 (requires xmppsrv >= 0.3.3).
  * Add flag --allow-plain to allow PLAIN authentication (requires go-xmpp >= 0.2.5).
  Changed:
  * Disable PLAIN authentication per default.
  * Disable PLAIN authentication after first use of a SCRAM auth mechanism (overrides --allow-plain) (requires
    go-xmpp >= 0.2.5).

OBS-URL: https://build.opensuse.org/package/show/network:messaging:xmpp/go-sendxmpp?expand=0&rev=41
Accepting request 1226437 from network:messaging:xmpp 261e556ad6 
- Update to 0.12.1:
  Changed:
  * Print error instead of quitting if a message of type error is received.
  * Allow upload of multiple files.
  Added:
  * Add flag --suppress-root-warning to suppress the warning when go-sendxmpp is used by the root user.

- Update to 0.12.0:
  Added:
  * Add possibility to look up direct TLS connection endpoint via hostmeta2 (requires xmppsrv >= 0.3.3).
  * Add flag --allow-plain to allow PLAIN authentication (requires go-xmpp >= 0.2.5).
  Changed:
  * Disable PLAIN authentication per default.
  * Disable PLAIN authentication after first use of a SCRAM auth mechanism (overrides --allow-plain) (requires
    go-xmpp >= 0.2.5).

OBS-URL: https://build.opensuse.org/request/show/1226437
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/go-sendxmpp?expand=0&rev=20
- Update to 0.13.0: 4eb6e76ff4 
Added:
  * Add --anonymous to support anonymous authentication (requires go-xmpp >= 0.2.8).
  * Add XEP-0480: SASL Upgrade Tasks support (requires go-xmpp >= 0.2.8).
  * Add support for see-other-host stream error (requires go-xmpp >= 0.2.8).
  Changed:
  * Don't automatically try other auth mechanisms if FAST authentication fails.

OBS-URL: https://build.opensuse.org/package/show/network:messaging:xmpp/go-sendxmpp?expand=0&rev=43
Accepting request 1231375 from network:messaging:xmpp 4bff9c00eb 
- Update to 0.13.0:
  Added:
  * Add --anonymous to support anonymous authentication (requires go-xmpp >= 0.2.8).
  * Add XEP-0480: SASL Upgrade Tasks support (requires go-xmpp >= 0.2.8).
  * Add support for see-other-host stream error (requires go-xmpp >= 0.2.8).
  Changed:
  * Don't automatically try other auth mechanisms if FAST authentication fails.

OBS-URL: https://build.opensuse.org/request/show/1231375
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/go-sendxmpp?expand=0&rev=21
- Update to 0.14.0: 40ed08a54f 
Added:
  * Add --fast-invalidate to allow invalidating the FAST token.
  Changed:
  * Don't create legacy Ox private key directory in ~/.local/share/go-sendxmpp/oxprivkeys.
  * Delete legacy Ox private key directory if it's empty.
  * Show proper error if saved FAST mechanism isn't usable with current TLS version (requires go-xmpp >= 0.2.9).
  * Print debug output to stdout, not stderr (requires go-xmpp >= 0.2.9).
  * Show RECV: and SEND: prefix for debug output (requires go-xmpp >= 0.2.9).
  * Delete stored fast token if --fast-invalidate and --fast-off are set.
  * Show error when FAST creds are stored but non-FAST mechanism is requested.

OBS-URL: https://build.opensuse.org/package/show/network:messaging:xmpp/go-sendxmpp?expand=0&rev=45
Accepting request 1233909 from network:messaging:xmpp dc83f2441e 
- Update to 0.14.0:
  Added:
  * Add --fast-invalidate to allow invalidating the FAST token.
  Changed:
  * Don't create legacy Ox private key directory in ~/.local/share/go-sendxmpp/oxprivkeys.
  * Delete legacy Ox private key directory if it's empty.
  * Show proper error if saved FAST mechanism isn't usable with current TLS version (requires go-xmpp >= 0.2.9).
  * Print debug output to stdout, not stderr (requires go-xmpp >= 0.2.9).
  * Show RECV: and SEND: prefix for debug output (requires go-xmpp >= 0.2.9).
  * Delete stored fast token if --fast-invalidate and --fast-off are set.
  * Show error when FAST creds are stored but non-FAST mechanism is requested.

OBS-URL: https://build.opensuse.org/request/show/1233909
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/go-sendxmpp?expand=0&rev=22
- Update to 0.14.1: 8fc82d72b5 
* Use prettier date format for error messages.
  * Update XEP-0474 to version 0.4.0 (requires go-xmpp >= 0.2.10).

OBS-URL: https://build.opensuse.org/package/show/network:messaging:xmpp/go-sendxmpp?expand=0&rev=47
Accepting request 1240835 from network:messaging:xmpp 88cbc2ca1f 
- Update to 0.14.1:
  * Use prettier date format for error messages.
  * Update XEP-0474 to version 0.4.0 (requires go-xmpp >= 0.2.10).

OBS-URL: https://build.opensuse.org/request/show/1240835
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/go-sendxmpp?expand=0&rev=23
Added: edd5eb7ea0 
* Add flag --verbose to show debug information.
* Add flag --recipients to specify recipients by file.
* Add flag --retry-connect to try after a waiting time if the connection fails.
* Add flag --retry-connect-max to specify the amount of retry attempts.
* Add flag --legacy-pgp for using XEP-0027 PGP encryption with Ox keys.
* Add support for punycode domains.
Changed:
* Update gopenpgp library to v3.
* Improve error detection for MUC joins.
* Don't try to connect to other SRV record targets if error contains 'auth-failure'.
* Remove support for old SSDP version (via go-xmpp v0.2.15).
* Http-upload: Stop checking other disco items after finding upload component.
* Increase default TLS version to 1.3.
bsc#1241814 (CVE-2025-22872): This update includes golang.org/x/net/html 0.43.0

-----------------------------------------------------------------
0.15.1 19a95658e0
Merge remote-tracking branch 'origin/factory' into leap-16.1 0ee51fba0a
autogits_workflow_pr_bot requested review from legaldb 2026-01-16 07:13:11 +01:00
autogits_workflow_pr_bot requested review from packagehub-review 2026-01-16 07:13:11 +01:00
packagehub-review requested review from bigironman 2026-01-16 07:21:54 +01:00
packagehub-review requested review from lkocman-factory 2026-01-16 07:21:54 +01:00
packagehub-review requested review from maxlin_factory 2026-01-16 07:21:54 +01:00
packagehub-review requested review from smithfarm 2026-01-16 07:21:54 +01:00
packagehub-review commented 2026-01-16 07:21:55 +01:00
Member
Copy Link

Review by packagehub-review represents a group of reviewers: bigironman, lkocman-factory, maxlin_factory, smithfarm .

Do not use standard review interface to review on behalf of the group.
To accept the review on behalf of the group, create the following comment: @packagehub-review: approve.
To request changes on behalf of the group, create the following comment: @packagehub-review: decline followed with lines justifying the decision.
Future edits of the comments are ignored, a new comment is required to change the review state.

Review by packagehub-review represents a group of reviewers: bigironman, lkocman-factory, maxlin_factory, smithfarm . Do **not** use standard review interface to review on behalf of the group. To accept the review on behalf of the group, create the following comment: `@packagehub-review: approve`. To request changes on behalf of the group, create the following comment: `@packagehub-review: decline` followed with lines justifying the decision. Future edits of the comments are ignored, a new comment is required to change the review state.
legaldb commented 2026-01-16 07:31:12 +01:00
Member
Copy Link

Legal reviewed as acceptable_by_lawyer:

Accepted because previously reviewed under the same license (488842)
Legal reviewed as [acceptable_by_lawyer](https://legaldb.suse.de/reviews/details/497982): ``` Accepted because previously reviewed under the same license (488842) ```
report.md
635 B
legaldb approved these changes 2026-01-16 07:31:12 +01:00
This pull request has official review requests.
You are not authorized to merge this pull request.
View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.
git fetch -u leap-16.1:fstrba-leap-16.1
git checkout fstrba-leap-16.1
Sign in to join this conversation.
Reviewers
No Reviewers
packagehub-review
smithfarm
bigironman
lkocman-factory
maxlin_factory
legaldb
Labels
Clear labels
legaldb
Critical Priority
Critical legaldb priority
Archived
legaldb
High Priority
2
High legaldb priority
legaldb
Normal Priority
1
Normal legaldb priority
No Label
Milestone
No items
No Milestone
Assignees
Clear assignees
adamm_super adrianSuSE autobuild-owner autobuild-review autogits_workflow_pr_bot bigironman dirkmueller eroca factory_bot gitea_test legaldb lkocman-factory maxlin_factory opensuse-review packagehub-review smithfarm
No Assignees
3 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: pool/go-sendxmpp#2
Delete Branch "fstrba/go-sendxmpp:leap-16.1"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?