openSUSE-SU-2026:20058-1

Описание

This update for go-sendxmpp fixes the following issues:

Changes in go-sendxmpp:

• Update to 0.15.1: Added

  • Add XEP-0359 Origin-ID to messages (requires go-xmpp >= v0.2.18). Changed
  • HTTP upload: Ignore timeouts on disco IQs as some components do not reply.

• Upgrades the embedded golang.org/x/net to 0.46.0

  • Fixes: bsc#1251461, CVE-2025-47911: various algorithms with quadratic complexity when parsing HTML documents
  • Fixes: bsc#1251677, CVE-2025-58190: excessive memory consumption by 'html.ParseFragment' when processing specially crafted input

• Update to 0.15.0: Added:

  • Add flag --verbose to show debug information.
  • Add flag --recipients to specify recipients by file.
  • Add flag --retry-connect to try after a waiting time if the connection fails.
  • Add flag --retry-connect-max to specify the amount of retry attempts.
  • Add flag --legacy-pgp for using XEP-0027 PGP encryption with Ox keys.
  • Add support for punycode domains. Changed:
  • Update gopenpgp library to v3.
  • Improve error detection for MUC joins.
  • Don't try to connect to other SRV record targets if error contains 'auth-failure'.
  • Remove support for old SSDP version (via go-xmpp v0.2.15).
  • Http-upload: Stop checking other disco items after finding upload component.
  • Increase default TLS version to 1.3.

• bsc#1241814 (CVE-2025-22872): This update includes golang.org/x/net/html 0.43.0

• Update to 0.14.1:

  • Use prettier date format for error messages.
  • Update XEP-0474 to version 0.4.0 (requires go-xmpp >= 0.2.10).

• Update to 0.14.0: Added:

  • Add --fast-invalidate to allow invalidating the FAST token. Changed:
  • Don't create legacy Ox private key directory in ~/.local/share/go-sendxmpp/oxprivkeys.
  • Delete legacy Ox private key directory if it's empty.
  • Show proper error if saved FAST mechanism isn't usable with current TLS version (requires go-xmpp >= 0.2.9).
  • Print debug output to stdout, not stderr (requires go-xmpp >= 0.2.9).
  • Show RECV: and SEND: prefix for debug output (requires go-xmpp >= 0.2.9).
  • Delete stored fast token if --fast-invalidate and --fast-off are set.
  • Show error when FAST creds are stored but non-FAST mechanism is requested.

• Update to 0.13.0: Added:

  • Add --anonymous to support anonymous authentication (requires go-xmpp >= 0.2.8).
  • Add XEP-0480: SASL Upgrade Tasks support (requires go-xmpp >= 0.2.8).
  • Add support for see-other-host stream error (requires go-xmpp >= 0.2.8). Changed:
  • Don't automatically try other auth mechanisms if FAST authentication fails.

• Update to 0.12.1: Changed:

  • Print error instead of quitting if a message of type error is received.
  • Allow upload of multiple files. Added:
  • Add flag --suppress-root-warning to suppress the warning when go-sendxmpp is used by the root user.

• Update to 0.12.0: Added:

  • Add possibility to look up direct TLS connection endpoint via hostmeta2 (requires xmppsrv >= 0.3.3).
  • Add flag --allow-plain to allow PLAIN authentication (requires go-xmpp >= 0.2.5). Changed:
  • Disable PLAIN authentication per default.
  • Disable PLAIN authentication after first use of a SCRAM auth mechanism (overrides --allow-plain) (requires go-xmpp >= 0.2.5).

• Update to 0.11.4:

  • Fix bug in SCRAM-SHA-256-PLUS (via go-xmpp >= 0.2.4).

• Update to 0.11.3:

  • Add go-xmpp library version to --version output (requires go-xmpp >= 0.2.2).
  • Fix XEP-0474: SASL SCRAM Downgrade Protection hash calculation bug (via go-xmpp >= v0.2.3).
  • [gocritic]: Improve code quality.