From beba3a3d1d2a022932c5c33ac467b040a58026b5c9b5f09ab5608fed5aa8cdea Mon Sep 17 00:00:00 2001
From: Dirk Mueller <dmueller@suse.com>
Date: Fri, 12 Jul 2019 06:23:33 +0000
Subject: [PATCH] Accepting request 714173 from
 home:vitezslav_cizek:branches:devel:libraries:c_c++

- New upstream version 4.3.2:
  * CVE-2019-13132: a remote, unauthenticated client connecting to a
    libzmq application, running with a socket listening with CURVE
    encryption/authentication enabled, may cause a stack overflow and
    overwrite the stack with arbitrary data, due to a buffer overflow in
    the library. Users running public servers with the above configuration
    are highly encouraged to upgrade as soon as possible, as there are no
    known mitigations. (bsc#1140255)
  * New DRAFT (see NEWS for 4.2.0) zmq_socket_monitor_versioned API that supports
    a versioned monitoring events protocol as a parameter. Passing 1 results in
    the same behaviour as zmq_socket_monitor.
  * New DRAFT (see NEWS for 4.2.0) zmq_socket_monitor_pipes_stats that triggers
    a new ZMQ_EVENT_PIPES_STATS to be delivered via zmq_socket_monitor_versioned
    v2 API, which contains the current status of all the queues owned by the
    monitored socket. See doc/zmq_socket_monitor_versioned.txt for details.
  * New DRAFT (see NEWS for 4.2.0) zmq_poller_fd that returns the FD of a thread
    safe socket.
  * New DRAFT (see NEWS for 4.2.0) socket options:
        ZMQ_XPUB_MANUAL_LAST_VALUE is similar to ZMQ_XPUB_MANUAL but allows to avoid
        duplicates when using last value caching.
        ZMQ_SOCKS_USERNAME and ZMQ_SOCKS_PASSWORD that implement SOCKS5 proxy
        authentication.
- For complete set of changes, see
  https://github.com/zeromq/libzmq/releases/tag/v4.3.2

OBS-URL: https://build.opensuse.org/request/show/714173
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/zeromq?expand=0&rev=72
---
 zeromq-4.3.1.tar.gz |  3 ---
 zeromq-4.3.2.tar.gz |  3 +++
 zeromq.changes      | 28 ++++++++++++++++++++++++++++
 zeromq.spec         |  4 ++--
 4 files changed, 33 insertions(+), 5 deletions(-)
 delete mode 100644 zeromq-4.3.1.tar.gz
 create mode 100644 zeromq-4.3.2.tar.gz

diff --git a/zeromq-4.3.1.tar.gz b/zeromq-4.3.1.tar.gz
deleted file mode 100644
index 257b71e..0000000
--- a/zeromq-4.3.1.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:bcbabe1e2c7d0eec4ed612e10b94b112dd5f06fcefa994a0c79a45d835cd21eb
-size 1490122
diff --git a/zeromq-4.3.2.tar.gz b/zeromq-4.3.2.tar.gz
new file mode 100644
index 0000000..d62820a
--- /dev/null
+++ b/zeromq-4.3.2.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:ebd7b5c830d6428956b67a0454a7f8cbed1de74b3b01e5c33c5378e22740f763
+size 1697442
diff --git a/zeromq.changes b/zeromq.changes
index 6767797..8e902c8 100644
--- a/zeromq.changes
+++ b/zeromq.changes
@@ -1,3 +1,31 @@
+-------------------------------------------------------------------
+Tue Jul  9 07:35:29 UTC 2019 - Vítězslav Čížek <vcizek@suse.com>
+
+- New upstream version 4.3.2:
+  * CVE-2019-13132: a remote, unauthenticated client connecting to a
+    libzmq application, running with a socket listening with CURVE
+    encryption/authentication enabled, may cause a stack overflow and
+    overwrite the stack with arbitrary data, due to a buffer overflow in
+    the library. Users running public servers with the above configuration
+    are highly encouraged to upgrade as soon as possible, as there are no
+    known mitigations. (bsc#1140255)
+  * New DRAFT (see NEWS for 4.2.0) zmq_socket_monitor_versioned API that supports
+    a versioned monitoring events protocol as a parameter. Passing 1 results in
+    the same behaviour as zmq_socket_monitor.
+  * New DRAFT (see NEWS for 4.2.0) zmq_socket_monitor_pipes_stats that triggers
+    a new ZMQ_EVENT_PIPES_STATS to be delivered via zmq_socket_monitor_versioned
+    v2 API, which contains the current status of all the queues owned by the
+    monitored socket. See doc/zmq_socket_monitor_versioned.txt for details.
+  * New DRAFT (see NEWS for 4.2.0) zmq_poller_fd that returns the FD of a thread
+    safe socket.
+  * New DRAFT (see NEWS for 4.2.0) socket options:
+        ZMQ_XPUB_MANUAL_LAST_VALUE is similar to ZMQ_XPUB_MANUAL but allows to avoid
+        duplicates when using last value caching.
+        ZMQ_SOCKS_USERNAME and ZMQ_SOCKS_PASSWORD that implement SOCKS5 proxy
+        authentication.
+- For complete set of changes, see
+  https://github.com/zeromq/libzmq/releases/tag/v4.3.2
+
 -------------------------------------------------------------------
 Mon Jan 14 10:11:47 UTC 2019 - adam.majer@suse.de
 
diff --git a/zeromq.spec b/zeromq.spec
index 1cfe4fc..9628e64 100644
--- a/zeromq.spec
+++ b/zeromq.spec
@@ -12,7 +12,7 @@
 # license that conforms to the Open Source Definition (Version 1.9)
 # published by the Open Source Initiative.
 
-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
 #
 
 
@@ -23,7 +23,7 @@
 %bcond_with pgm
 %endif
 Name:           zeromq
-Version:        4.3.1
+Version:        4.3.2
 Release:        0
 Summary:        Lightweight messaging kernel
 License:        LGPL-3.0-or-later