Skip to content
Jan 12, 2021
coturn Debian release 4.5.2-1
Format: 1.8
Date: Mon, 11 Jan 2021 20:05:38 +0100
Source: coturn
Architecture: source
Version: 4.5.2-1
Distribution: unstable
Urgency: high
Maintainer: Debian VoIP Team <pkg-voip-maintainers@alioth-lists.debian.net>
Changed-By: Mészáros Mihály <misi@majd.eu>
Closes: 904415 930097 934513 954379 964009
Changes:
 coturn (4.5.2-1) unstable; urgency=high
 .
   * [49df393] New upstream release (4.5.2)
     - fix null pointer dereference in case of out of memory.(by Thomas Moeller)
     - merge PR #517 (by wolmi)
       add prometheus metrics
     - merge PR #637 (by David Florness)
       Delete trailing whitespace in example configuration files
     - merge PR #631 (by Debabrata Deka)
       Add architecture ppc64le to travis build
     - merge PR #627 (by Samuel)
       Fix misleading option in doc (prometheus)
     - merge PR #643 (by tupelo-schneck)
       Allow RFC6062 TCP relay data to look like TLS
     - merge PR #655 (by plinss)
       Add support for proxy protocol V1
     - merge PR #618 (by Paul Wayper)
       Print full date and time in logs
       Add new options:
       "new-log-timestamp" and "new-log-timestamp-format"
     - merge PR #599 (by Cédric Krier)
       Do not use FIPS and remove hardcode OPENSSL_VERSION_NUMBER with LibreSSL
     - update Docker mongoDB and fix with workaround the missing systemctl
     - merge PR #660 (by Camden Narzt)
       fix compilation on macOS Big Sur
     - merge PR #546 #551 #672 (by jelmd)
       Add support of --acme-redirect <URL>
       fix acme security, redundancy, consistency
     - Disable binding request logging to avoid DoS attacks.(Breaking change!)
       Add new --log-binding option to enable binding request logging
     - Fix stale-nonce documentation. Resolves #604
     - Version numbering is changed to semver 2.0
     - Merge PR #288 (by Hristo Venev)
       pkg-config, and various cleanups in configure file
     - Add systemd notification for better systemd integration
     - Fix Issue #621 (by ycaibb)
       Null pointer dereference on tcp_client_input_handler_rfc6062data function
     - Fix Issue #600 (by ycaibb)
       use-after-free vulnerability on write_to_peerchannel function
     - Fix Issue #601 (by ycaibb)
       use-after-free vulnerability on write_client_connection function
     - Little refactoring prometheus
       Fix c++ support
       Simplify (as agreed in Issue #666)
       Remove session id/allocation labels
       Remove per session metrics. We should later add more counters.
     - Fix CVE-2020-26262 (credits: Enable-Security)
       Fix ipv6 ::1 loopback check
       Not allow allocate peer address 0.0.0.0/8 and ::/128
       For more details see the github security advisory:
       GHSA-6g6j-r9rf-cm7p
   * [f0c1753] Change coturn service type to systemd notify (Closes: #934513)
   * [f9b9547] Add libsystemd-dev to build dependency
   * [5a811b1] Update watch version to 4
   * [c0a645e] Update Debian Standards to 4.5.1
   * [e429100] Patch not-needed to forwarded to upstream
   * [bc56267] Add pkg-config to build dependency
   * [bd98206] Postrm remove dir /var/lib/turn
   * [8c58afe] Change sqlite db permissions.
     Change owner to turnserver:turnserver and mode 660 (Closes: #930097)
   * [b9a4a8b] Change config file permissions.
     Change owner to root:turnserver and mode 640 (Closes: #954379)
   * [3e85092] init.d script drop root privileges (Closes: 904415)
   * [24eb87a] Add info about binding privileged ports (Closes: #964009)
   * [136a8a2] Disable pid file creation
Checksums-Sha1:
 8f5890ba73bdd97bc9a7bea9f5f20e93c31aa7bc 2195 coturn_4.5.2-1.dsc
 ba9f6eabe786be74d9ef11568792db3596643bff 444865 coturn_4.5.2.orig.tar.gz
 6676a474fac977099a30dff9b314b724be76088f 13600 coturn_4.5.2-1.debian.tar.xz
 702385bfb94a58196aa06203c81e5c6b5f63c364 7394 coturn_4.5.2-1_amd64.buildinfo
Checksums-Sha256:
 e6db8f33ec5576eb4912166681613324178e576b1265963d47647ec90e77d2d2 2195 coturn_4.5.2-1.dsc
 1cbef88cd4ab0de0d4d7011f4e7eaf39a344b485e9a272f3055eb53dd303b6e1 444865 coturn_4.5.2.orig.tar.gz
 ce96f97cea9ca7ae05b46480c1a0f63b2e8bd7d6a3e7341d7832828ea3f5ba28 13600 coturn_4.5.2-1.debian.tar.xz
 5c2fe746c86741595c46b47842c0aa87bb849e4fd79250023602601e24b57ea6 7394 coturn_4.5.2-1_amd64.buildinfo
Files:
 72cbd8b7e092ab365e4c30a3657eaf17 2195 net optional coturn_4.5.2-1.dsc
 d1091dccdae057ab790715bdc8c4bc9c 444865 net optional coturn_4.5.2.orig.tar.gz
 ea6a87f5e311aefb69d86fa1117ca289 13600 net optional coturn_4.5.2-1.debian.tar.xz
 2b093f9da04ea613dc6634a9eef87453 7394 net optional coturn_4.5.2-1_amd64.buildinfo

@misi misi released this Jan 11, 2021 · 8 commits to master since this release

Changelog for CVE-2020-26262
Assets 2