From c7dad1e9b61a79164e5d1a1de19906b8ef685886459567b8575a1d28612e0dd5 Mon Sep 17 00:00:00 2001 From: Marius Kittler Date: Wed, 7 Apr 2021 11:57:51 +0000 Subject: [PATCH] Accepting request 883586 from home:mkittler:branches:network - Update to 1.15.0/1.15.1 * This release fixes a vulnerability where Syncthing and the relay server can crash due to malformed relay protocol messages (CVE-2021-21404); see GHSA-x462-89pf-6r5h. * This release updates the CLI to use subcommands and adds the subcommands cli (previously standalone stcli utility) and decrypt (for offline verifying and decrypting encrypted folders). * With this release we invite everyone to test the "untrusted (encrypted) devices" feature. You should not use it yet on important production data. Thus UI controls are hidden behind a feature flag. For more information, visit: https://forum.syncthing.net/t/testing-untrusted-encrypted-devices/16470 OBS-URL: https://build.opensuse.org/request/show/883586 OBS-URL: https://build.opensuse.org/package/show/network/syncthing?expand=0&rev=209 --- syncthing-source-v1.14.0.tar.gz | 3 --- syncthing-source-v1.14.0.tar.gz.asc | 11 ----------- syncthing-source-v1.15.1.tar.gz | 3 +++ syncthing-source-v1.15.1.tar.gz.asc | 11 +++++++++++ syncthing.changes | 18 ++++++++++++++++++ syncthing.spec | 6 +----- 6 files changed, 33 insertions(+), 19 deletions(-) delete mode 100644 syncthing-source-v1.14.0.tar.gz delete mode 100644 syncthing-source-v1.14.0.tar.gz.asc create mode 100644 syncthing-source-v1.15.1.tar.gz create mode 100644 syncthing-source-v1.15.1.tar.gz.asc diff --git a/syncthing-source-v1.14.0.tar.gz b/syncthing-source-v1.14.0.tar.gz deleted file mode 100644 index a1acc6d..0000000 --- a/syncthing-source-v1.14.0.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:55a6fb08a9dbc1a31a6b429a16abb3a76d8c24b491a86a52170ddaadea33f683 -size 11729886 diff --git a/syncthing-source-v1.14.0.tar.gz.asc b/syncthing-source-v1.14.0.tar.gz.asc deleted file mode 100644 index a883c81..0000000 --- a/syncthing-source-v1.14.0.tar.gz.asc +++ /dev/null @@ -1,11 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQEzBAABCgAdFiEEN8hFVOfgomHk924e0m5u0ABlSj4FAmA+MtYACgkQ0m5u0ABl -Sj4a8Qf/dMfOwHknaAUpYVU7B/OqthoTWxCFLZSRACnzaPyo4lpUfT+JtLAoxU49 -XesUmkiLLEdhVA8SAs1TTL0l02Tk+I7P5YCpi2c4Yf6liPDxfJ3tyQxrl40XS7xM -9ELp9Idq8wtQGansY6U+fRamERV4dMATkOPXd4gCLhuRdCYaLWqkDB28Co4NywW1 -644wotMvfIaTS41hLtYMDoi8JC5CMt00+BK80Sy2hm2ebF1oKq95Kh4zHEEP6cwh -NN0qqqzR+DRTFo9lwKn56BaskRo9KmQ+7ZOyYcKZKm7sbmxsh98EMBd/NXqzRVvP -oYCQ1XrOSmrXc7otyefcXeKBQ9hBew== -=MO8y ------END PGP SIGNATURE----- diff --git a/syncthing-source-v1.15.1.tar.gz b/syncthing-source-v1.15.1.tar.gz new file mode 100644 index 0000000..e487e62 --- /dev/null +++ b/syncthing-source-v1.15.1.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:b867c5056ad073bcb690853558bf9ef6c2356b2038527973cfee501bf9076911 +size 12302597 diff --git a/syncthing-source-v1.15.1.tar.gz.asc b/syncthing-source-v1.15.1.tar.gz.asc new file mode 100644 index 0000000..2f6ba3b --- /dev/null +++ b/syncthing-source-v1.15.1.tar.gz.asc @@ -0,0 +1,11 @@ +-----BEGIN PGP SIGNATURE----- + +iQEzBAABCgAdFiEEN8hFVOfgomHk924e0m5u0ABlSj4FAmBsItYACgkQ0m5u0ABl +Sj6SvQf/Yrmxwxj97W349Dq57BA8TCiYmwcKkquPHltVvFKZz4jnsE7kfHQ6dNJk ++W3RC7blIEbUzaLIvwd2TEi4mRF+FH9MZhzyWaggS3BsDYWBdfegcIz8lmhHSPLQ ++khhjfaNqXQ+FknXewvfn99FDoz7lG24ZZ2uFDhQj7kTuh6/TwEWxvSHjPzPPKBB +Gv8aGjarqYBiz+ffaOE6cFsdBHrUjMQgVbIlrVMIVvSIEO+ZZFuzhItstdJwbaF8 +AIwaQqsDG/8u6AtW3J87OZPfBcTMgomW5YliFuFsFVKSqprX+6e6DwrqIXvQivl9 +0TFFLNhr0PR1Jd8gqmRnOMI3caJ2Mg== +=dIA7 +-----END PGP SIGNATURE----- diff --git a/syncthing.changes b/syncthing.changes index da04f74..5084129 100644 --- a/syncthing.changes +++ b/syncthing.changes @@ -1,3 +1,21 @@ +------------------------------------------------------------------- +Wed Apr 7 10:43:16 UTC 2021 - Marius Kittler + +- Update to 1.15.0/1.15.1 + * This release fixes a vulnerability where Syncthing and the relay server + can crash due to malformed relay protocol messages (CVE-2021-21404); see + GHSA-x462-89pf-6r5h. + + * This release updates the CLI to use subcommands and adds the subcommands + cli (previously standalone stcli utility) and decrypt (for offline + verifying and decrypting encrypted folders). + + * With this release we invite everyone to test the "untrusted (encrypted) + devices" feature. You should not use it yet on important production + data. Thus UI controls are hidden behind a feature flag. For more + information, visit: + https://forum.syncthing.net/t/testing-untrusted-encrypted-devices/16470 + ------------------------------------------------------------------- Wed Mar 3 09:45:30 UTC 2021 - Marius Kittler diff --git a/syncthing.spec b/syncthing.spec index 95476b2..fe70035 100644 --- a/syncthing.spec +++ b/syncthing.spec @@ -17,7 +17,7 @@ Name: syncthing -Version: 1.14.0 +Version: 1.15.1 Release: 0 Summary: Continuous File Synchronisation License: MPL-2.0 @@ -63,8 +63,6 @@ export BUILD_USER=abuild BUILD_HOST=openSUSE export CGO_CPPFLAGS="${CPPFLAGS}" CGO_CFLAGS="${CFLAGS}" CGO_CXXFLAGS="${CXXFLAGS}" CGO_LDFLAGS="${LDFLAGS}" export GOFLAGS="-trimpath -mod=vendor" -# build and install stcli which has no dedicated target and can not be built with -no-upgrade -go run build.go -version v%{version} install all # build and install syncthing without automatic updates go run build.go -no-upgrade -version v%{version} install # build and install strelaysrv without automatic updates @@ -75,7 +73,6 @@ st_dir=$PWD cd ../src/github.com/syncthing/%{name} mv LICENSE AUTHORS CONDUCT.md CONTRIBUTING.md README.md "$st_dir" install -Dpm 0755 bin/%{name} %{buildroot}%{_bindir}/%{name} -install -Dpm 0755 bin/stcli %{buildroot}%{_bindir}/stcli install -Dpm 0755 bin/strelaysrv %{buildroot}%{_bindir}/strelaysrv install -dm 0750 %{buildroot}/%{_localstatedir}/lib/strelaysrv install -Dpm 0644 cmd/strelaysrv/etc/linux-systemd/strelaysrv.service \ @@ -134,7 +131,6 @@ getent passwd strelaysrv >/dev/null || \ %license LICENSE %doc AUTHORS CONDUCT.md CONTRIBUTING.md README.md %{_bindir}/%{name} -%{_bindir}/stcli %{_unitdir}/%{name}@.service %{_unitdir}/%{name}-resume.service %if 0%{?suse_version} >= 1500 || 0%{?sle_version} > 120300