Accepting request 714173 from home:vitezslav_cizek:branches:devel:libraries:c_c++

- New upstream version 4.3.2:
  * CVE-2019-13132: a remote, unauthenticated client connecting to a
    libzmq application, running with a socket listening with CURVE
    encryption/authentication enabled, may cause a stack overflow and
    overwrite the stack with arbitrary data, due to a buffer overflow in
    the library. Users running public servers with the above configuration
    are highly encouraged to upgrade as soon as possible, as there are no
    known mitigations. (bsc#1140255)
  * New DRAFT (see NEWS for 4.2.0) zmq_socket_monitor_versioned API that supports
    a versioned monitoring events protocol as a parameter. Passing 1 results in
    the same behaviour as zmq_socket_monitor.
  * New DRAFT (see NEWS for 4.2.0) zmq_socket_monitor_pipes_stats that triggers
    a new ZMQ_EVENT_PIPES_STATS to be delivered via zmq_socket_monitor_versioned
    v2 API, which contains the current status of all the queues owned by the
    monitored socket. See doc/zmq_socket_monitor_versioned.txt for details.
  * New DRAFT (see NEWS for 4.2.0) zmq_poller_fd that returns the FD of a thread
    safe socket.
  * New DRAFT (see NEWS for 4.2.0) socket options:
        ZMQ_XPUB_MANUAL_LAST_VALUE is similar to ZMQ_XPUB_MANUAL but allows to avoid
        duplicates when using last value caching.
        ZMQ_SOCKS_USERNAME and ZMQ_SOCKS_PASSWORD that implement SOCKS5 proxy
        authentication.
- For complete set of changes, see
  https://github.com/zeromq/libzmq/releases/tag/v4.3.2

OBS-URL: https://build.opensuse.org/request/show/714173
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/zeromq?expand=0&rev=72

zeromq-4.3.1.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:bcbabe1e2c7d0eec4ed612e10b94b112dd5f06fcefa994a0c79a45d835cd21eb
-size 1490122

zeromq-4.3.2.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:ebd7b5c830d6428956b67a0454a7f8cbed1de74b3b01e5c33c5378e22740f763
+size 1697442

zeromq.changes

@@ -1,3 +1,31 @@
+-------------------------------------------------------------------
+Tue Jul  9 07:35:29 UTC 2019 - Vítězslav Čížek <vcizek@suse.com>
+
+- New upstream version 4.3.2:
+  * CVE-2019-13132: a remote, unauthenticated client connecting to a
+    libzmq application, running with a socket listening with CURVE
+    encryption/authentication enabled, may cause a stack overflow and
+    overwrite the stack with arbitrary data, due to a buffer overflow in
+    the library. Users running public servers with the above configuration
+    are highly encouraged to upgrade as soon as possible, as there are no
+    known mitigations. (bsc#1140255)
+  * New DRAFT (see NEWS for 4.2.0) zmq_socket_monitor_versioned API that supports
+    a versioned monitoring events protocol as a parameter. Passing 1 results in
+    the same behaviour as zmq_socket_monitor.
+  * New DRAFT (see NEWS for 4.2.0) zmq_socket_monitor_pipes_stats that triggers
+    a new ZMQ_EVENT_PIPES_STATS to be delivered via zmq_socket_monitor_versioned
+    v2 API, which contains the current status of all the queues owned by the
+    monitored socket. See doc/zmq_socket_monitor_versioned.txt for details.
+  * New DRAFT (see NEWS for 4.2.0) zmq_poller_fd that returns the FD of a thread
+    safe socket.
+  * New DRAFT (see NEWS for 4.2.0) socket options:
+        ZMQ_XPUB_MANUAL_LAST_VALUE is similar to ZMQ_XPUB_MANUAL but allows to avoid
+        duplicates when using last value caching.
+        ZMQ_SOCKS_USERNAME and ZMQ_SOCKS_PASSWORD that implement SOCKS5 proxy
+        authentication.
+- For complete set of changes, see
+  https://github.com/zeromq/libzmq/releases/tag/v4.3.2
+
 -------------------------------------------------------------------
 Mon Jan 14 10:11:47 UTC 2019 - adam.majer@suse.de
 

zeromq.spec

@@ -12,7 +12,7 @@
 # license that conforms to the Open Source Definition (Version 1.9)
 # published by the Open Source Initiative.
 
-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
 #
 
 
@@ -23,7 +23,7 @@
 %bcond_with pgm
 %endif
 Name:           zeromq
-Version:        4.3.1
+Version:        4.3.2
 Release:        0
 Summary:        Lightweight messaging kernel
 License:        LGPL-3.0-or-later