diff --git a/syncthing-0.14.13-go-1.6-compat.patch b/syncthing-0.14.13-go-1.6-compat.patch deleted file mode 100644 index 7158352..0000000 --- a/syncthing-0.14.13-go-1.6-compat.patch +++ /dev/null @@ -1,15 +0,0 @@ ---- a/cmd/strelaysrv/main.go -+++ b/cmd/strelaysrv/main.go -@@ -129,10 +129,10 @@ func main() { - laddr.Port = 0 - transport, ok := http.DefaultTransport.(*http.Transport) - if ok { -- transport.DialContext = (&net.Dialer{ -+ transport.Dial = (&net.Dialer{ - Timeout: 30 * time.Second, - LocalAddr: laddr, -- }).DialContext -+ }).Dial - } - } - diff --git a/syncthing-source-v0.14.13.tar.gz b/syncthing-source-v0.14.13.tar.gz deleted file mode 100644 index 586e33c..0000000 --- a/syncthing-source-v0.14.13.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:f1190173f2ba2f341920faf7aa1a05af775bac6cd4cff0f003c4b0831022c67d -size 7418996 diff --git a/syncthing-source-v0.14.13.tar.gz.asc b/syncthing-source-v0.14.13.tar.gz.asc deleted file mode 100644 index 65b6514..0000000 --- a/syncthing-source-v0.14.13.tar.gz.asc +++ /dev/null @@ -1,11 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1 - -iQEcBAABCAAGBQJYPWkJAAoJENJubtAAZUo+GCkH/2A19wgQagu/KS1TWsbmRbOU -9epnP6gjvBAABUxWHtrXoAsjhBrK7QPdAFHKEaUFumYoCHzfT1ZbNjc+Rwd5rv3O -Ind4yLYbTXj4wn2bwwLOasr9nhk27ZCFlvaic1a5ZqT2msisVh0RpNuI64doN+8X -Wol3svGOEKupL5ffISdbNn1ovGoUiCO89RJR2Ha1drIxrCe0nUlQ4JZkgub/YNEe -yCTKJlI326cIZiPNqTUNYn59iZ4PBz87dsFfdgJ0BD58wF5qPOL2owFH6gERR9me -mzKx792vemH/qn0p4KleQ4t0YLEhVxKVmAapc4qrq4/2XkhSfCU6ckSp3dY4ksI= -=8wbB ------END PGP SIGNATURE----- diff --git a/syncthing-source-v0.14.15.tar.gz b/syncthing-source-v0.14.15.tar.gz new file mode 100644 index 0000000..b43d22b --- /dev/null +++ b/syncthing-source-v0.14.15.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:f4464433666e0fa82d536111b2921f726b2b064606696ec1305eb568345b5e9a +size 6907683 diff --git a/syncthing-source-v0.14.15.tar.gz.asc b/syncthing-source-v0.14.15.tar.gz.asc new file mode 100644 index 0000000..3904c4f --- /dev/null +++ b/syncthing-source-v0.14.15.tar.gz.asc @@ -0,0 +1,11 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1 + +iQEcBAABCAAGBQJYVSZAAAoJENJubtAAZUo+S9EH/1CFzxw1LZAX7OIgrSyng6RF +zSH4YoRf9AHN22/As2rfMq80V5/VxgWXqAJze+mqm9YqDfrpm8WlVjYwTT+iSL+9 +D4drqC/E0OGs3HDTTOse9ZNpyTs8g9HTq4mgRlE4iGv+C7/XHnDLxCmGMsAQzdQq +DSz3MgTlrWQFWecRPqc7NJ0JP7AqKX5rMVEtqzgBnQ30rAk5zOik26ShlnGy0cMh +BeFvgUgFzVge8kg6DApm17+M7XJ53wEfYhJZoNjIx7DaaHhlbfn10uh4tF8tnsrm +LGNJrtm+qTP3NGfhj1RaUV+mBUrD+W2mHKM+/YeaGrL6i+bw5KkjsAUbBND8PTE= +=6C7H +-----END PGP SIGNATURE----- diff --git a/syncthing.changes b/syncthing.changes index 580d3f6..72d40ea 100644 --- a/syncthing.changes +++ b/syncthing.changes @@ -1,3 +1,22 @@ +------------------------------------------------------------------- +Sat Dec 17 12:36:37 UTC 2016 - sor.alexei@meowr.ru + +- Update to version 0.14.15 (changes since 0.14.13): + * Fix a security issue resulted in Syncthing accepting index + entries for files like '../../foo', thus resulting in a path + above the configured directory. + * Fix a security issue resulted in symlinks be used to trick + Syncthing and escape constraints of the configured directory by + creating a symlink 'foo -> ../../' and then requesting the + contents of 'foo/something' (boo#1016161). + Syncing symlinks between v0.14.14+ and previous versions will + not work. + * The build no longer requires Go 1.7 + (gh#syncthing/syncthing#3753). + * The wording in the GUI around "last file received" is now + clearer (gh#syncthing/syncthing#3769). +- Remove syncthing-0.14.13-go-1.6-compat.patch: fixed upstream. + ------------------------------------------------------------------- Wed Dec 7 12:13:25 UTC 2016 - sor.alexei@meowr.ru diff --git a/syncthing.spec b/syncthing.spec index 78b3b6c..3b4753d 100644 --- a/syncthing.spec +++ b/syncthing.spec @@ -17,7 +17,7 @@ Name: syncthing -Version: 0.14.13 +Version: 0.14.15 Release: 0 Summary: FOSS Continuous File Synchronisation License: MPL-2.0 @@ -27,8 +27,6 @@ Source: https://github.com/%{name}/%{name}/releases/download/v%{version} Source1: https://github.com/%{name}/%{name}/releases/download/v%{version}/%{name}-source-v%{version}.tar.gz.asc Source2: %{name}.keyring Source3: %{name}.firewall -# PATCH-FIX-UPSTREAM syncthing-0.14.13-go-1.6-compat.patch -- Fix Go 1.6 and older compatibility (commit 0dcf2f1). -Patch0: %{name}-0.14.13-go-1.6-compat.patch BuildRequires: go >= 1.3 BuildRequires: systemd BuildRequires: systemd-rpm-macros @@ -42,7 +40,6 @@ Internet. %prep %setup -q -n %{name} -%patch0 -p1 cp -f %{SOURCE3} %{name}.firewall %if !(0%{?suse_version} > 1320 || 0%{?sle_version} >= 120200) # Remove entries which only exist since systemd 215.