commit atheme for openSUSE:Factory
Hello community,
here is the log from the commit of package atheme for openSUSE:Factory checked in at 2017-03-31 15:10:14
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/atheme (Old)
and /work/SRC/openSUSE:Factory/.atheme.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "atheme"
Fri Mar 31 15:10:14 2017 rev:21 rq:483748 version:7.2.9
Changes:
--------
--- /work/SRC/openSUSE:Factory/atheme/atheme.changes 2016-12-02 16:41:02.000000000 +0100
+++ /work/SRC/openSUSE:Factory/.atheme.new/atheme.changes 2017-03-31 15:10:26.172336771 +0200
@@ -1,0 +2,12 @@
+Thu Mar 30 07:15:51 UTC 2017 - jengelh@inai.de
+
+- Update to new upstream release 7.2.8
+ * Close a memory leak that could be exploited by attackers to
+ potentially cause a denial of service.
+ [CVE-2017-6384, boo#1027614]
+- Update to new upstream release 7.2.9
+ * Fixing use after free that could potentially be used by an
+ attacker already having the privilege to use SASL impersonation
+ to cause a denial of service.
+
+-------------------------------------------------------------------
Old:
----
atheme-7.2.7.tar.bz2
New:
----
atheme-7.2.9.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ atheme.spec ++++++
--- /var/tmp/diff_new_pack.XorBuO/_old 2017-03-31 15:10:26.880236687 +0200
+++ /var/tmp/diff_new_pack.XorBuO/_new 2017-03-31 15:10:26.884236121 +0200
@@ -1,7 +1,7 @@
#
# spec file for package atheme
#
-# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -18,7 +18,7 @@
Name: atheme
%define lname libathemecore1
-Version: 7.2.7
+Version: 7.2.9
Release: 0
Url: http://atheme.net/
Summary: Extensible IRC services
++++++ atheme-7.2.7.tar.bz2 -> atheme-7.2.9.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/atheme-7.2.7/NEWS.md new/atheme-7.2.9/NEWS.md
--- old/atheme-7.2.7/NEWS.md 2016-10-08 16:58:00.000000000 +0200
+++ new/atheme-7.2.9/NEWS.md 2017-02-12 15:58:54.000000000 +0100
@@ -1,3 +1,18 @@
+Atheme Services 7.2.9 Release Notes
+===================================
+
+This is a security release fixing use after free that could potentially be abused
+by an attacker already having the privilege to use SASL impersonation to cause a
+denial of service. Users of 7.2.8 should update to version 7.2.9; older releases
+are not affected.
+
+Atheme Services 7.2.8 Release Notes
+===================================
+
+This is a security release fixing a memory leak that could potentially be abused
+by attackers to cause a denial of service. Users of Atheme 7.2.7 should update to
+version 7.2.8; older releases are not affected.
+
Atheme Services 7.2.7 Release Notes
===================================
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/atheme-7.2.7/configure new/atheme-7.2.9/configure
--- old/atheme-7.2.7/configure 2016-10-08 18:58:57.000000000 +0200
+++ new/atheme-7.2.9/configure 2017-02-12 16:02:49.000000000 +0100
@@ -1,8 +1,8 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for atheme 7.2.7.
+# Generated by GNU Autoconf 2.69 for atheme 7.2.9.
#
-# Report bugs to https://github.com/atheme/atheme/issues.
+# Report bugs to https://github.com/atheme/atheme/issues/.
#
#
# Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc.
@@ -267,7 +267,7 @@
$as_echo "$0: be upgraded to zsh 4.3.4 or later."
else
$as_echo "$0: Please tell bug-autoconf@gnu.org and
-$0: https://github.com/atheme/atheme/issues about your
+$0: https://github.com/atheme/atheme/issues/ about your
$0: system, including any error possibly output before this
$0: message. Then install a modern shell, or manually run
$0: the script under such a shell if you do have one."
@@ -580,9 +580,9 @@
# Identity of this package.
PACKAGE_NAME='atheme'
PACKAGE_TARNAME='atheme'
-PACKAGE_VERSION='7.2.7'
-PACKAGE_STRING='atheme 7.2.7'
-PACKAGE_BUGREPORT='https://github.com/atheme/atheme/issues'
+PACKAGE_VERSION='7.2.9'
+PACKAGE_STRING='atheme 7.2.9'
+PACKAGE_BUGREPORT='https://github.com/atheme/atheme/issues/'
PACKAGE_URL=''
ac_default_prefix=~/atheme
@@ -1341,7 +1341,7 @@
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures atheme 7.2.7 to adapt to many kinds of systems.
+\`configure' configures atheme 7.2.9 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1406,7 +1406,7 @@
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of atheme 7.2.7:";;
+ short | recursive ) echo "Configuration of atheme 7.2.9:";;
esac
cat <<\_ACEOF
@@ -1466,7 +1466,7 @@
Use these variables to override the choices made by `configure' or to help
it to find libraries and programs with nonstandard names/locations.
-Report bugs to https://github.com/atheme/atheme/issues.
+Report bugs to https://github.com/atheme/atheme/issues/.
_ACEOF
ac_status=$?
fi
@@ -1529,7 +1529,7 @@
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-atheme configure 7.2.7
+atheme configure 7.2.9
generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc.
@@ -1688,9 +1688,9 @@
$as_echo "$as_me: WARNING: $2: section \"Present But Cannot Be Compiled\"" >&2;}
{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: proceeding with the compiler's result" >&5
$as_echo "$as_me: WARNING: $2: proceeding with the compiler's result" >&2;}
-( $as_echo "## ------------------------------------------------------ ##
-## Report this to https://github.com/atheme/atheme/issues ##
-## ------------------------------------------------------ ##"
+( $as_echo "## ------------------------------------------------------- ##
+## Report this to https://github.com/atheme/atheme/issues/ ##
+## ------------------------------------------------------- ##"
) | sed "s/^/$as_me: WARNING: /" >&2
;;
esac
@@ -2038,7 +2038,7 @@
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by atheme $as_me 7.2.7, which was
+It was created by atheme $as_me 7.2.9, which was
generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@
@@ -4831,7 +4831,7 @@
PACKAGE=atheme
-VERSION=7.2.7
+VERSION=7.2.9
@@ -10462,7 +10462,7 @@
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by atheme $as_me 7.2.7, which was
+This file was extended by atheme $as_me 7.2.9, which was
generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -10522,13 +10522,13 @@
Configuration commands:
$config_commands
-Report bugs to https://github.com/atheme/atheme/issues."
+Report bugs to https://github.com/atheme/atheme/issues/."
_ACEOF
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
-atheme config.status 7.2.7
+atheme config.status 7.2.9
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/atheme-7.2.7/configure.ac new/atheme-7.2.9/configure.ac
--- old/atheme-7.2.7/configure.ac 2016-10-08 16:58:00.000000000 +0200
+++ new/atheme-7.2.9/configure.ac 2017-02-12 15:58:54.000000000 +0100
@@ -7,7 +7,7 @@
AC_PREREQ(2.59)
-AC_INIT(atheme, 7.2.7, [https://github.com/atheme/atheme/issues])
+AC_INIT(atheme, 7.2.9, [https://github.com/atheme/atheme/issues/])
AC_CONFIG_AUX_DIR(autoconf)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/atheme-7.2.7/dist/atheme.conf.example new/atheme-7.2.9/dist/atheme.conf.example
--- old/atheme-7.2.7/dist/atheme.conf.example 2016-10-08 16:58:00.000000000 +0200
+++ new/atheme-7.2.9/dist/atheme.conf.example 2017-02-12 15:58:54.000000000 +0100
@@ -107,8 +107,8 @@
*
* The following crypto modules are available:
*
- * PBKDF2 cryptography (new) modules/crypto/pbkdf2v2
- * PBKDF2 cryptography (old) modules/crypto/pbkdf2
+ * PBKDF2 cryptography (new, recommended) modules/crypto/pbkdf2v2
+ * PBKDF2 cryptography (old, compatibility) modules/crypto/pbkdf2
* POSIX-style crypt(3) modules/crypto/posix
* IRCServices (also Anope etc) compatibility modules/crypto/ircservices
* Raw MD5 (Anope compatibility) modules/crypto/rawmd5
@@ -126,6 +126,7 @@
*
* The rawsha1 and pbkdf2/pbkdf2v2 modules require OpenSSL.
*/
+#loadmodule "modules/crypto/pbkdf2v2";
loadmodule "modules/crypto/posix";
/* Authentication module.
@@ -803,6 +804,27 @@
* SERVICES RUNTIME CONFIGURATION SECTION. *
******************************************************************************/
+/*
+ * If you are using the crypto/pbkdf2v2 module, you may wish to edit this block
+ *
+ * It is recommended to either leave the values at the defaults, or experiment
+ * with them so that it takes approximately 1 second for users to identify.
+ */
+pbkdf2v2 {
+
+ /* digest
+ * Valid values are "SHA256" and "SHA512"
+ * The default is "SHA512"
+ */
+ #digest = "SHA512";
+
+ /* rounds
+ * Valid values are 10000 to 5000000 (inclusive)
+ * The default is 64000
+ */
+ #rounds = 64000;
+};
+
/* The serverinfo{} block defines how we appear on the IRC network. */
serverinfo {
/* name
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/atheme-7.2.7/email/default/register new/atheme-7.2.9/email/default/register
--- old/atheme-7.2.7/email/default/register 2016-10-08 16:58:00.000000000 +0200
+++ new/atheme-7.2.9/email/default/register 2017-02-12 15:58:54.000000000 +0100
@@ -9,7 +9,7 @@
In order to complete your account registration, you must type the following
command on IRC:
- /msg &nicksvs& VERIFY REGISTER &accountname& ¶m&
+/msg &nicksvs& VERIFY REGISTER &accountname& ¶m&
Thank you for registering your account on the &netname& IRC network!
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/atheme-7.2.7/email/default/setemail new/atheme-7.2.9/email/default/setemail
--- old/atheme-7.2.7/email/default/setemail 2016-10-08 16:58:00.000000000 +0200
+++ new/atheme-7.2.9/email/default/setemail 2017-02-12 15:58:54.000000000 +0100
@@ -9,7 +9,7 @@
In order to complete the e-mail address change, you must verify your new
e-mail address by issuing the following command on IRC:
- /msg &nicksvs& VERIFY EMAILCHG &accountname& ¶m&
+/msg &nicksvs& VERIFY EMAILCHG &accountname& ¶m&
Thank you for updating your e-mail address on file with the &netname&
IRC network!
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/atheme-7.2.7/email/default/setpass new/atheme-7.2.9/email/default/setpass
--- old/atheme-7.2.7/email/default/setpass 2016-10-08 16:58:00.000000000 +0200
+++ new/atheme-7.2.9/email/default/setpass 2017-02-12 15:58:54.000000000 +0100
@@ -14,7 +14,7 @@
In order to set a new password, you must send the following command
on IRC, where <password> is the new password you wish to set.
- /msg &nicksvs& SETPASS &accountname& ¶m& <password>
+/msg &nicksvs& SETPASS &accountname& ¶m& <password>
--
If this message is unsolicited, please contact &replyto&
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/atheme-7.2.7/include/serno.h new/atheme-7.2.9/include/serno.h
--- old/atheme-7.2.7/include/serno.h 2016-10-08 18:58:57.000000000 +0200
+++ new/atheme-7.2.9/include/serno.h 2017-02-12 16:02:49.000000000 +0100
@@ -1,2 +1,2 @@
/* Generated automatically by makepackage. Any changes made here will be lost. */
-#define SERNO "ddc1fd73ee114b0f6d7a714db22c51c23c719b6e"
+#define SERNO "4db7745cc39e835c6bd00ad9fac6a8c9b71fabaa"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/atheme-7.2.7/include/sysconf.h.in~ new/atheme-7.2.9/include/sysconf.h.in~
--- old/atheme-7.2.7/include/sysconf.h.in~ 2016-10-08 16:58:00.000000000 +0200
+++ new/atheme-7.2.9/include/sysconf.h.in~ 1970-01-01 01:00:00.000000000 +0100
@@ -1,290 +0,0 @@
-/* include/sysconf.h.in. Generated from configure.ac by autoheader. */
-
-/* Define if building universal (internal helper macro) */
-#undef AC_APPLE_UNIVERSAL_BUILD
-
-/* Define to 1 if translation of program messages to the user's native
- language is requested. */
-#undef ENABLE_NLS
-
-/* Define to 1 if you have the `arc4random' function. */
-#undef HAVE_ARC4RANDOM
-
-/* Define to 1 if you have the `arc4random_buf' function. */
-#undef HAVE_ARC4RANDOM_BUF
-
-/* Define to 1 if you have the `arc4random_uniform' function. */
-#undef HAVE_ARC4RANDOM_UNIFORM
-
-/* Define to 1 if you have the `asprintf' function. */
-#undef HAVE_ASPRINTF
-
-/* Define if crypt() is available */
-#undef HAVE_CRYPT
-
-/* Define if the GNU dcgettext() function is already present or preinstalled.
- */
-#undef HAVE_DCGETTEXT
-
-/* Define to 1 if you have the `execve' function. */
-#undef HAVE_EXECVE
-
-/* Define to 1 if you have the `explicit_bzero' function. */
-#undef HAVE_EXPLICIT_BZERO
-
-/* Define to 1 if you have the `fork' function. */
-#undef HAVE_FORK
-
-/* Define to 1 if you have the `getpid' function. */
-#undef HAVE_GETPID
-
-/* Define to 1 if you have the `getrlimit' function. */
-#undef HAVE_GETRLIMIT
-
-/* Define if the GNU gettext() function is already present or preinstalled. */
-#undef HAVE_GETTEXT
-
-/* Define to 1 if you have the `gettimeofday' function. */
-#undef HAVE_GETTIMEOFDAY
-
-/* Define if you have the iconv() function. */
-#undef HAVE_ICONV
-
-/* Define to 1 if you have the `inet_ntop' function. */
-#undef HAVE_INET_NTOP
-
-/* Define to 1 if you have the `inet_pton' function. */
-#undef HAVE_INET_PTON
-
-/* Define to 1 if the system has the type `intmax_t'. */
-#undef HAVE_INTMAX_T
-
-/* Define to 1 if you have the
participants (1)
-
root@hilbert.suse.de