![[BACK]](/icons/back.gif){kind=icon}
Up to [cvs.NetBSD.org] / pkgsrc / chat / prosody
Request diff between arbitrary revisions
Keyword substitution: kv
Default branch: MAIN
prosody: updated to 0.12.5 0.12.5 Fixes and improvements mod_blocklist: Drop blocked messages without error, option to restore compliant behavior Minor changes core.certmanager: Validate that ‘tls_profile’ is one of the valid values net.http: Throw error if missing TLS context for HTTPS request net.http.parser: Reject overlarge header section earlier net.http.files: Validate argument to setup function MUC: optimizations for broadcast of visitor presence (thanks Jitsi team) net.server_event: Add ‘wrapserver’ API scansion: Enable blocklist compat during tests to fix CI prosodyctl check: Warn about invalid domain names in the config file util.prosodyctl.check: Correct modern replacement for ‘disallow_s2s’ util.prosodyctl.cert: Ensure old cert is moved out of the way util.prosodyctl.check: Improve error handling of UDP socket setup mod_smacks: Destroy timed out session in async context (fixes 1884: ASYNC-01 in mod_smacks hibernation timeout) mod_invites: Fix traceback when token_info isn’t set mod_admin_shell: Allow matching on host or bare JID in c2s:show mod_admin_adhoc: Fix log messages for reloading modules. core.moduleapi: Default labels to empty list to fix error if omitted mod_muc_mam: Improve wording of enable setting mod_bookmarks: Suppress error publishing empty legacy bookmarks w/ no PEP node mod_bookmarks: Clarify log messages on failure to sync to modern PEP bookmarks mod_invites_adhoc: Fix result form type (thanks betarays) mod_disco: Advertise disco#info and #items on bare JIDs to fix 1664: mod_disco on account doesn’t return disco#info feature util.xtemplate: Fix error on applying each() to zero stanzas
*: recursive bump for icu 76 shlib major version bump
*: revbump for icu downgrade
*: recursive bump for icu 76.1 shlib bump
revbump after icu and protobuf updates
prosody: update to 0.12.4 Summary ======= We’re relieved to announce this overdue maintenance release containing a number of bug fixes and also some improvements from the last few months. Especially the prosodyctl check tool which gained some new diagnostic checks as well as handling of configuration option types the same way Prosody itself does. Minor changes ------------- - core.certmanager: Update Mozilla TLS config to version 5.7 - util.error: Fix error on conversion of invalid error stanza #1805 - util.array: Fix new() library function - util.array: Expose new() on module table - prosodyctl: Fix output of error messages containing ‘%’ - util.prosodyctl.check: Correct suggested replacement for ‘disallow_s2s’ - util.prosodyctl.check: Allow same config syntax variants as in Prosody for some options #896 - util.prosodyctl.check: Fix error where hostname can’t be turned into A label - util.prosodyctl.check: Hint about the ‘external_addresses’ config option - util.prosodyctl.check: Suggest ‘http_cors_override’ instead of older CORS settings - util.prosodyctl.check: Validate format of module list options - mod_websocket: Add a ‘pre-session-close’ event #1800 - mod_smacks: Fix stray watchdog closing sessions - mod_csi_simple: Disable revert-to-inactive timer when going to active mode - mod_csi_simple: Clear delayed active mode timer on disable - mod_admin_shell: Fix display of remote cert status when expired etc - mod_smacks: Replace existing watchdog when starting hibernation - mod_http: Fix error if ‘access_control_allow_origins’ is set - mod_pubsub: Send correct ‘jid’ attribute in disco#items - mod_http: Unhook CORS handlers only if active to fix an error #1801 - mod_s2s: Add event where resolver for s2sout can be tweaked
*: recursive bump for icu 74.1
*: bump for openssl 3
revbump after textproc/icu update
prosody: update to 0.12.2 This is a regularly delayed release containing a number of fixes for issues that we have come across since the last release of the 0.12 series. Summary of all changes in this release: Fixes and improvements: * util.stanza: Allow U+7F when constructing stazas * net.unbound: Preserve built-in defaults and Prosodys settings for luaunbound (fixes #1763: luaunbound not reading resolv.conf) (thanks rgd) * mod_smacks: Disable not implemented resumption behavior on s2s * mod_http: Allow disabling CORS in the http_cors_override option and by default Minor changes: * util.json: Accept empty arrays with whitespace (fixes #1782: util.json fails to parse empty array with whitespace) * util.stanza: Adjust number of return values to handle change in dependency of test suite (fix test with luassert >=1.9) * util.startup: Ensure import() is available in prosodyctl (thanks keyzer) * mod_storage_sql: Fix initialization when called from prosodyctl * mod_storage_sql: Fix the summary API with Postgres (#1766) * mod_admin_shell: Fixes for showing data related to disconnected sessions (fixes #1777) * core.s2smanager: Don’t remove unrelated session on close of bidi session * mod_smacks: Don’t send redundant requests for acknowledgement (#1761) * mod_admin_shell: Rename commands user:roles() to user:setroles() and user:showroles() to user:roles() * mod_smacks: Bounce unhandled stanzas from local origin (fix #1759) * mod_bookmarks: Reduce log level of message about not having any bookmarks * mod_s2s: Fix firing buffer drain events * mod_http_files: Log warning about legacy modules using mod_http_files * util.startup: Wait for last shutdown steps * util.datamapper: Improve handling of schemas with non-obvious “type” * util.jsonschema: Fix validation to not assume presence of “type” field * util.jsonschema: Use same integer/float logic on Lua 5.2 and 5.3
massive revision bump after textproc/icu update
prosody: support Lua 5.4 and improve security The changes here are: * prosody can be built with Lua 5.4 (as recommended since the 0.12 series), also thanks to lua-unbound being available for Lua 5.4 * the prosody user's home directory is back to the default /nonexistent (prosody finds its own data directory nonetheless, as it is a compile-time option) * the corresponding directories created (data directory, PID directory, logging) do not seem to actually require write access (or not anymore) These last two changes together get rid of the security report "user prosody home directory is group writable" from the daily insecurity checks on NetBSD. Tested on NetBSD/amd64.
prosody: update to 0.12.1
Summary of changes in this release:
Fixes and improvements
* mod_http (and dependent modules): Make CORS opt-in by default (#1731)
* mod_http: Reintroduce support for disabling or limiting CORS (#1730)
* net.unbound: Disable use of hosts file by default (fixes #1737)
* MUC: Allow kicking users with the same affiliation as the kicker (fixes #1724 and improves Jitsi Meet compatibility)
* mod_tombstones: Add caching to improve performance on busy servers (fixes #1728: mod_tombstone: inefficient I/O with internal storage)
Minor changes
* prosodyctl check config: Report paths of loaded configuration files (#1729)
* prosodyctl about: Report version of lua-readline
* prosodyctl: check config: Skip bare JID components in orphan check
* prosodyctl: check turn: Fail with error if our own address is supplied for the ping test
* prosodyctl: check turn: warn about external port mismatches behind NAT
* mod_turn_external: Update status and friendlier handling of missing secret option (#1727)
* prosodyctl: Pass server when listing (outdated) plugins (fix #1738: prosodyctl list --outdated does not handle multiple versions of a module)
* util.prosodyctl: check turn: ensure a result is always returned from a check (thanks eTaurus)
* util.prosodyctl: check turn: Report lack of TURN services as a problem #1749
* util.random: Ensure that native random number generator works before using it, falling back to /dev/urandom (#1734)
* mod_storage_xep0227: Fix mapping of nodes without explicit configuration
* mod_admin_shell: Fix error in ‘module:info()’ when statistics is not enabled (#1754)
* mod_admin_socket: Compat for luasocket prior to unix datagram support
* mod_admin_socket: Improve error reporting when socket can’t be created (#1719)
* mod_cron: Record last time a task runs to ensure correct intervals (#1751)
* core.moduleapi, core.modulemanager: Fix internal flag affecting logging in in some global modules, like mod_http (#1736, #1748)
* core.certmanager: Expand debug messages about cert lookups in index
* configmanager: Clearer errors when providing unexpected values after VirtualHost (#1735)
* mod_storage_xep0227: Support basic listing of PEP nodes in absence of pubsub#admin data
* mod_storage_xep0227: Handle missing {pubsub#owner}pubsub element (fixes #1740: mod_storage_xep0227 tracebacks reading non-existent PEP store)
* mod_storage_xep0227: Fix conversion of SCRAM into internal format (#1741)
* mod_external_services: Move error message to correct place (fix #1725: mod_external_services: Misplaced textual error message)
* mod_smacks: Fix handling of unhandled stanzas on disconnect (#1759)
* mod_smacks: Fix counting of handled stanzas
* mod_smacks: Fix bounce of stanzas directed to full JID on unclean disconnect
* mod_pubsub: Don’t attempt to use server actor as publisher (#1723)
* mod_s2s: Improve robustness of outgoing s2s certificate verification
* mod_invites_adhoc: Fall back to generic allow_user_invites for role-less users
* mod_invites_register: Push invitee contact entry to inviter
* util.startup: Show error for unrecognized command-line arguments passed to ‘prosody’ (#1722)
* util.jsonpointer: Add tests, compat improvements and minor fixes
* util.jsonschema: Lua version compat improvements
Pullup ticket #6649 - requested by khorben
chat/prosody: integration fix
Revisions pulled up:
- chat/prosody/Makefile 1.38-1.40
- chat/prosody/files/prosody.sh 1.3-1.5
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: khorben
Date: Thu Jul 7 01:53:00 UTC 2022
Modified Files:
pkgsrc/chat/prosody: Makefile
pkgsrc/chat/prosody/files: prosody.sh
Log Message:
prosody: fix the path to the PID file in the RC script
PROSODY_RUN is set to eg /var/run/prosody/prosody.pid instead of just
/var/run/prosody.pid, which is a good thing (tm) since prosody's user
needs the access rights to write to the corresponding directory.
Unfortunately, the directory is not automatically created nor the right
permissions set yet, but this is progress.
While there, appease pkglint(1).
Bumps PKGREVISION.
Tested on NetBSD/amd64.
XXX pull-up to pkgsrc-2022Q2 once the complete solution is in place
To generate a diff of this commit:
cvs rdiff -u -r1.37 -r1.38 pkgsrc/chat/prosody/Makefile
cvs rdiff -u -r1.2 -r1.3 pkgsrc/chat/prosody/files/prosody.sh
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: khorben
Date: Thu Jul 7 02:31:46 UTC 2022
Modified Files:
pkgsrc/chat/prosody: Makefile
pkgsrc/chat/prosody/files: prosody.sh
Log Message:
prosody: make sure pidfile always matches PROSODY_RUN in the RC script
This concludes my investigation on the correct path for the PID file.
No changes to the final binary if PROSODY_RUN is set to its default
value.
Tested on NetBSD/amd64.
XXX pull-up to pkgsrc-2022Q2
To generate a diff of this commit:
cvs rdiff -u -r1.38 -r1.39 pkgsrc/chat/prosody/Makefile
cvs rdiff -u -r1.3 -r1.4 pkgsrc/chat/prosody/files/prosody.sh
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: khorben
Date: Mon Jul 25 04:47:07 UTC 2022
Modified Files:
pkgsrc/chat/prosody: Makefile
pkgsrc/chat/prosody/files: prosody.sh
Log Message:
chat/prosody: always create the directory for the PID file
The RC script for prosody now always creates the corresponding
sub-directory for prosody's PID file. This is inspired by the RC script
for mdnsd in NetBSD, and for dbus in pkgsrc; thanks spz@ for the
suggestion!
Bumps PKGREVISION.
Tested on NetBSD/amd64.
XXX pull-up to pkgsrc-2022Q2 (completes request 6649)
To generate a diff of this commit:
cvs rdiff -u -r1.39 -r1.40 pkgsrc/chat/prosody/Makefile
cvs rdiff -u -r1.4 -r1.5 pkgsrc/chat/prosody/files/prosody.sh
chat/prosody: always create the directory for the PID file The RC script for prosody now always creates the corresponding sub-directory for prosody's PID file. This is inspired by the RC script for mdnsd in NetBSD, and for dbus in pkgsrc; thanks spz@ for the suggestion! Bumps PKGREVISION. Tested on NetBSD/amd64. XXX pull-up to pkgsrc-2022Q2 (completes request 6649)
prosody: make sure pidfile always matches PROSODY_RUN in the RC script This concludes my investigation on the correct path for the PID file. No changes to the final binary if PROSODY_RUN is set to its default value. Tested on NetBSD/amd64. XXX pull-up to pkgsrc-2022Q2
prosody: fix the path to the PID file in the RC script PROSODY_RUN is set to eg /var/run/prosody/prosody.pid instead of just /var/run/prosody.pid, which is a good thing (tm) since prosody's user needs the access rights to write to the corresponding directory. Unfortunately, the directory is not automatically created nor the right permissions set yet, but this is progress. While there, appease pkglint(1). Bumps PKGREVISION. Tested on NetBSD/amd64. XXX pull-up to pkgsrc-2022Q2 once the complete solution is in place
prosody: update to 0.12.0 New in this release: Modules * mod_mimicking: Prevent address spoofing * mod_s2s_bidi: Bi-directional server-to-server connections (XEP-0288) * mod_external_services: Generic XEP-0215 support * mod_turn_external: Easy setup of XEP-0215 for STUN/TURN for audio/video calls * mod_http_file_share: File sharing via HTTP (XEP-0363) * mod_http_openmetrics: Expose metrics to Prometheus and compatible monitoring systems * mod_smacks: Stream management and resumption (XEP-0198) * mod_auth_ldap: LDAP authentication * mod_cron: One module to rule all the periodic tasks * mod_admin_shell: New home of the Console admin interface * mod_admin_socket: Enable secure connections to the Console * mod_tombstones: Prevent re-registration of deleted accounts * mod_invites: Create and manage invites * mod_invites_register: Allow registering accounts using invites * mod_invites_adhoc: Create invites via ad-hoc command * mod_bookmarks: Synchronise open rooms between clients Security and authentication * Unencrypted HTTP port (5280) restricted to loopback by default * require_encryption options default to true if unspecified * Authentication module defaults to internal_hashed if unspecified * SNI support (including automatic certificate selection) * ALPN support in mod_net_multiplex * DANE support in low-level network layer * Direct TLS support (c2s and s2s) * SCRAM-SHA-256 * Direct TLS (including https) certificates are now updated on reload * Pluggable authorization providers (mod_authz_*) * Easy use of Mozilla TLS recommendations presets HTTP * CORS handling now provided by mod_http * Built-in HTTP server now handles HEAD requests * Uploads can be handled incrementally API * Module statuses (API change) * util.error for encapsulating errors * Promise based API for sending queries * API for adding periodic tasks * More APIs supporting ES6 Promises * Async can be used during shutdown Other * Plugin installer * MUC presence broadcast controls * MUC: support for XEP-0421 occupant identifiers * prosodyctl check connectivity via observe.jabber.network * STUN/TURN server tests in prosodyctl check * libunbound for DNS queries * The POSIX poll() API used by server_epoll on *nix other than Linux Changed in this release * Improved rules for mobile optimizations in mod_csi_simple * Improved rules for what messages should be archived in mod_mam * mod_limits: Support for exempt JIDs * mod_server_contact_info now loaded on components if enabled * Statistics now based on OpenMetrics * Statistics scheduling can be done by plugin * Offline messages aren't sent to MAM clients * Archive quotas (maximum limit on items in an archive store) * Rewritten migrator with archive support * Improved automatic certificate locating and selecting * Logging to syslog no longer missing startup messages * Graceful shutdown sequence that closes ports first and waits for connections to close Removed in this release * daemonize option deprecated * SASL DIGEST-MD5 removed * mod_auth_cyrus (older LDAP support) * Network backend server_select deprecated (not actually removed yet)
prosody: update to 0.11.13 From the release notes: This is a(nother!) release for our stable branch to fix a memory leak caused by the security fix. Deployments using websockets, SQL storage and possibly other configurations may have noticed increasing memory usage after upgrading to 0.11.12. This is resolved by this new release. Minor changes: * util.xml: Break reference to help the GC (fixes #1711) * util.xml: Deduplicate handlers for restricted XML
prosody: update to 0.11.12. 0.11.12 This is a security release that addresses a denial-of-service vulnerability in Prosody’s mod_websocket. 0.11.11 This release contains some fixes to PEP to control memory usage, along with a small batch of fixes for issues discovered since the last release. 0.11.10 This release primarily fixes CVE-2021-37601, a remote information disclosure vulnerability. See the previously released advisory for details. We recommend that all deployments upgrade if they have not yet applied the mitigation described in the advisory. A handful fixes for issues discovered since 0.11.9 are also included. 0.11.9 This release addresses a number of important security issues that affect most deployments of Prosody. Full details are available in a separate security advisory. We recommend that all deployments upgrade or apply the mitigations described in the advisory. 0.11.8 A new release appears! This time it includes bug fixes and performance improvements! 0.11.7 This is a security release for the 0.11.x stable branch. It is strongly recommended that all users upgrade to this release, especially those whose deployments have enabled mod_websocket. 0.11.6 This release brings a collection of fixes and improvements added since the 0.11.5 release improving security, performance, usability and interoperability. 0.11.5 This release mostly adds command line flags to force foreground or background operation, which replaces and deprecates the ‘daemonize’ option in the config file.
prosody: let the RC script work unprivileged This takes advantage of the introduction of the SYSCONFBASE variable. Tested on NetBSD/amd64. Bumps PKGREVISION.
*: reset MAINTAINER for fhajny on his request
prosody: remove requirement for gmake to build While there, install two modules which were missing in the patched Makefile; bumps PKGREVISION. No other changes intended.
chat/prosody: Update to 0.11.4
Update prepared in wip by Tiago Seco.
Changes in 0.11.4
=================
Fixes and improvements
core.rostermanager: Improve performance by caching rosters of offline #1233
mod_pep: Handling subscriptions more efficiently #1372
Minor changes
util.interpolation: Support unescaped variables with more modifiers #1452
MUC: Mark source of historic messages correctly #1416
mod_auth_internal_hashed: Pass on errors #1477
mod_mam, mod_muc_mam: Improve logging of failures #1478, #1480, #1481
mod_muc, mod_muc_mam: Reschedule message expiry in case of failure
mod_mam: Add flag to session when it performs a MAM query
prosodyctl check: Warn about conflict between mod_pep and mod_pep_simple
prosodyctl check: Warn about conflict between mod_vcard and mod_vcard_legacy #1469
core.modulemanager: Disable mod_vcard if mod_vcard_legacy is enabled to prevent conflict #1469
MUC: Strip tags with MUC-related namespaces from private messages #1427
MUC: Don't advertise registration feature on host #1451
mod_vcard_legacy: Fix handling of empty photo elements #1432
mod_vcard_legacy: Advertise lack of avatar correctly #1431
prosodyctl: Handle if the setting proxy65_address has the wrong type
prosodyctl: Print a blank line to improve spacing and readability
MUC: Fix role loss in Nickname change #1466
util.pposix: Fix reporting of memory usage in 2-4GB range #1445
util.startup: Fix a regression concerning directory paths #1430
mod_websocket: Don't mask WebSocket pong answers #1484
net.resolvers: Apply IDNA conversion to ascii for DNS lookups (affects only HTTP queries) #1426
net.resolvers.basic: Fix resolution of IPv6 literals (in brackets) #1459
*: Recursive revision bump for openssl 1.1.1.
*: update email for fhajny
Update chat/prosody to 0.10.0 - Rewritten SQL storage module with archive support - SCRAM-SHA-1-PLUS - prosodyctl check - Statistics - Improved TLS configuration - Lua 5.2 support - mod_blocklist (XEP-0191) - mod_carbons (XEP-0280) - Pluggable connection timeout handling - mod_websocket (RFC 7395) - mod_mam (XEP-0313) See release notes on upgrading: https://prosody.im/doc/release/0.10.0#upgrade_notes
Update chat/prosody to 0.9.12. 0.9.12 - Dependencies: Fix certificate verification failures when using LuaSec 0.6 - mod_s2s: Lower log message to 'warn' level, standard for remotely-triggered protocol issues - certs/Makefile: Remove -c flag from chmod call (a GNU extension) - Networking: Prevent writes after a handler is closed 0.9.11 - HTTP parser: Improve buffering of incoming HTTP data and add size limits - sessionmanager: Fix for an issue which caused people to be kicked from conferences if mod_smacks was enabled - Dependencies: Workaround for compatibility with LuaSec 0.6 - MUC: Accept missing form as "instant room" request - C2S: Fix issues with destroying disconnected connections - mod_privacy: Fix selection of the top resource(s) - mod_presence: Make sure both users get each others presence after adding each other - mod_http_files: Fix traceback when serving a non-wildcard path - mod_http_files: Preserve a trailing slash in paths - util.datamanager: Fix error handling - net.server_event: Fix internal socket API to allow writing from socket.ondrain callback - net.server_event: Fix timeout - net.server_event: Fix traceback due to write during TLS handshake - net.server_event: Fix buffer length check
Bump PKGREVISION for security/openssl ABI bump.
Skip example certs build, simplifies and fixes unprivileged installation. Bump PKGREVISION.
Use OPSYSVARS.
Update chat/prosody to 0.9.10. Security - mod_dialback: Adopt key generation algorithm from XEP-0185, to prevent impersonation attacks (CVE-2016-0756) Fixes and improvements - Startup: Open /dev/urandom read-only, to fix a failure to start on some systems (fixes #585) - Networking: Improve handling of the 'select' network backend running out of file descriptors Minor changes - Networking: Increase default internal read size to prevent connections stalling with LuaEvent (see #583) - DNS: Discard queries that failed to send due to connection errors (fixes #598) - c2s, s2s: Lower priority of shutdown handler, so that modules such as MUC can always send shutdown notifications to (remote) users (fixes #601)
Update chat/prosody to 0.9.9. Security fixes: - Fix path traversal vulnerability in mod_http_files (CVE-2016-1231) - Fix use of weak PRNG in generation of dialback secrets (CVE-2016-1232) Bugs: - Improve handling of CNAME records in DNS - Fix traceback when deleting a user in some configurations - MUC: restrict_room_creation could prevent users from joining rooms - MUC: fix occasional dropping of iq stanzas sent privately between occupants - Fix a potential memory leak in mod_pep Additions: - Add http:list() command to telnet to view active HTTP services - Simplify IPv4/v6 address selection code for outgoing s2s - Add support for importing SCRAM hashes from ejabberd
Update prosody to version 0.9.8.
Changelog:
Changes ordered by priority.
High:
* Ensure only valid UTF-8 is passed to libidn. It was found (CVE-2015-2059)
that libidn can read beyond the boundaries of the provided buffer when an
input string contains invalid UTF-8 sequences.
Systems where Prosody is compiled with libICU are not affected by this issue.
Medium:
* DNS: Fix traceback caused when DNS server IP is unroutable (issue 473)
* HTTP client: More robust handling of chunked encoding across packet
boundaries
* Stanza router: Fix handling of 'error' <iq>'s with multiple children
Low:
* c2s: Fix error reply when clients try to bind multiple resources on the
same stream (issue 484)
* s2s: Ensure to/from attributes are always present on stream headers, even
if empty (issue 468)
* Build scripts: Add --libdir option to ./configure to simplify building on
some platforms
* Fix traceback in datamanager when used outside of Prosody
(e.g. in some migration tools)
* mod_admin_telnet: Fix potential traceback in server:memory()
command (issue 471)
* HTTP server: Improved debug logging
Make sure to pass full LDFLAGS. Fixes build on NetBSD.
Fix missing conditional
Update prosody to 0.9.7. Clean up Makefile for readibility. Add SMF manifest. Changes in 0.9.7: - Fix server-to-server interoperability issue with Isode M-Link (since 0.9.6) - Fix traceback in 'prosodyctl about' command with LuaRocks 2.2.0+ installed Changes in 0.9.6: - certmanager, net.http: Disable SSLv3 by default - net.http.parser: Support status code 101 and allow handling of the received data by plugins - util.filters: Ignore filters being added twice (fixes issues on removal, i.e. when some plugins are reloaded/unloaded) - mod_s2s: Close offending s2s streams missing an 'id' attribute with a stream error instead of throwing an unhandled error - Networking API: Add 'ondetach' callback for listener objects, to prevent leaks when connections have their listener changed - core.stanza_router: Stricter validation of stanzas - mod_admin_adhoc: Mark 'accountjids' field as required in 'end user sessions' command (thanks Lloyd) - mod_admin_adhoc: Add required to field in user deletion form too - net.dns: Avoid duplicate cache entries - util.stanza: Escape newlines and tabs (\r\n\t) when serializing stanzas. - util/dataforms: Make sure we iterate over field tags only - mod_s2s: Capitalize log message - mod_pubsub: Fix error type of 'forbidden' (change from 'cancel' to 'auth') Changes in 0.9.5: - C2S: Fix traceback if a client opens a stream to component, which could cause a crash in combination with some versions of LuaEvent - C2S, S2S: Log received invalid stream headers - S2S: Fix case where stream headers were sometimes sent twice - DNS: Ensure all pending requests get notified of a timeout when looking up a record - DNS: Fix duplicated cache insertions by limiting outstanding queries per name to one - xmppstream: Disable LuaExpat's buffering - xmppstream: Disable CharacterData merging after stream restarts - xmppstream: Pass invalid stream headers to error handling - Privacy lists: Correctly sort privacy list rules by order - prosody: Check dependencies later in the startup sequence - Config: Delay importing LuaFileSystem until needed by an Include line - Config: Normalize VirtualHost and Component names - prosodyctl: Normalize JIDs for adduser/passwd/deluser - POSIX: Fix error reporting from disk space allocation - POSIX: Verify that 'pidfile' is a string, show friendly error otherwise - Dependency checking: Check that prosody is running under Lua 5.1. We don't currently support any other versions. (LuaJIT identifies as 5.1) - Compliance: Reset stream ID when resetting stream - Compression: Log compression setup errors - Console: Fix commands for adding and replacing name servers - Console MUC commands: Fix error when a non-existent host is entered - Filters: Prevent filters from being added twice - Network: Transfer all available data between linked sockets - dataforms: Add support for XEP-0221: Data Forms Media Element
Revbump after lang/lua51 update.
Add lang/lua/tool.mk to fix build with lang/lua52.
Adapt to Lua multiversion support.
Update prosody to 0.9.4. Fix for a DoS vulnerability, see https://www.debian.org/security/2014/dsa-2895 Changes in 0.9.4: - Compression: Disallow compression on unauthenticated streams - Core: Limit default read size and maximum stanza size - Core: Enable SASL EXTERNAL by default for component s2s - S2S: Warn if s2s_secure_auth and s2s_require_encryption have been set in conflicting ways - S2S: Warn if no local network addresses were found, preventing successful s2s - MUC: Fix traceback when a non-occupant tried to change an occupant's role - MUC: API: Fire an event when temporary rooms are destroyed after the last person leaves - Telnet: Fixed traceback when listing users - Telnet: Apply normalization to JIDs in user management commands - HTTP: Fix directory detection in file server on Windows - Plugins: Fix paths on Windows - MOTD: Don't strip blank lines from the message provided in the config - prosodyctl: Better error reporting when generating certificates - Makefile: Improve FreeBSD compatibility - Multiple fixes to our migration tools, and support for importing MUCs from ejabberd
Update prosody to 0.9.3. Changes in 0.9.3: - A config file passed as command line argument is no longer forgotten when config is reloaded - MUC: Allow admins to always bypass restrict_room_creation - Strip trailing '.' when normalizing hostnames - HTTP: Prevent silent connection failures - Components: Allow easier overriding of component authentication by plugins - Components: Enable TCP keepalives - Migrator: Better error reporting and improved robustness - S2S: Include IP in log messages, if hostname is unavailable - TLS: Log error when initialization fails Changes in 0.9.2: - Debian/Ubuntu packages fixed to always generate per-system certs - TLS: Improved cipher string, and use Prosody's preferred ciphers - MUC: Fix for Spark clients not displaying room lists
Recursive PKGREVISION bump for OpenSSL API version bump.
Bump PKGREVISION of packages whose Lua depends changed form, but whose own PKGNAME is unchanged.
Update Lua module depends for multiversion environment; use REPLACE_LUA.
Update prosody to 0.9.1 Changes in 0.9.1: * Config: Fix the workaround for LuaSec 0.4.x to apply the ssl 'ciphers' option correctly * Config: Ability to specify the ssl 'dhparam' option simply as a path to a file, instead of a callback function * Windows: Fix s2s issues * Windows: Fix the ability to specify absolute paths to SSL certificates in the config * Build: Fix compilation issue on non-Linux systems that have glibc (such as Debian GNU/kFreeBSD) * API: Fix to our set library, that caused the :include() and :exclude() methods to behave incorrectly Changes in 0.9.0: * IPv6 support for c2s, s2s and all other services (e.g. HTTP) * Server-to-server authentication using certificates (SASL EXTERNAL) * A new HTTP subsystem, supporting virtual hosts, and fully reloadable modules * Client and server connections are now handled by modules: mod_c2s, mod_s2s * mod_pubsub: Basic pubsub service (some features not yet implemented) * prosodyctl about - show information about a Prosody installation * prosodyctl cert - command to generate XMPP certificates and CSRs * Many very nice enhancements to our module API * MUC: Configurable per-room history length * MUC: Plugins can now extend the room configuration form See notes on upgrading from 0.8.x: https://prosody.im/doc/release/0.9.0#upgrading
Revbump after updating lang/lua to 5.2.2.
PKGREVISION bumps for the security/openssl 1.0.1d update.
Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days.
Fix rpath linking & typo in patch file, add a rc.d script (thanks ewdafa) This fixes PR pkg/45357. Bump PKGREVISION.
Update to 0.8.2. From the release announcement: Just a small release for you this time, with a handful of bugfixes. Thanks to '@eoranged' and the other PostgreSQL users who helped with feedback and testing of the SQL fixes (the PostgreSQL server we use for testing is now behaving properly!). A summary of changes in this release: * mod_storage_sql: Fix compatibility with PostgreSQL databases (0.8.1 issue) * mod_bosh: Fix for sessions not timing out after inactivity in some cases * mod_dialback: Fix multiple concurrent dialback requests for the same domain (was sometimes causing s2s failure with certain ejabberds)
Pullup ticket #3448 - requested by schnoebe
textproc/lua-expat: security update
chat/prosody: security update
Revisions pulled up:
- chat/prosody/Makefile 1.3 via patch
- chat/prosody/PLIST 1.2
- chat/prosody/distinfo 1.2
- chat/prosody/patches/patch-aa 1.2
- chat/prosody/patches/patch-ab 1.2
- chat/prosody/patches/patch-ac deleted
- chat/prosody/patches/patch-ad 1.2
- textproc/lua-expat/Makefile 1.16
- textproc/lua-expat/distinfo 1.5
---
Module Name: pkgsrc
Committed By: schnoebe
Date: Sat Jun 4 23:13:40 UTC 2011
Modified Files:
pkgsrc/textproc/lua-expat: Makefile distinfo
Log Message:
Update textproc/lua-expat to 1.2.0.
Required for updating chat/prosody to 0.8.1, which helps handle the
"billion laughs" exploits on XML parsers and XMPP servers.
Change log as recorded in the README:
Version 1.2.0 [02/Jun/2011]
* support for the StartDoctypeDecl handler
* add parser:stop() to abort parsing inside a callback
---
Module Name: pkgsrc
Committed By: schnoebe
Date: Mon Jun 6 14:41:48 UTC 2011
Modified Files:
pkgsrc/chat/prosody: Makefile PLIST distinfo
pkgsrc/chat/prosody/patches: patch-aa patch-ab patch-ad
Removed Files:
pkgsrc/chat/prosody/patches: patch-ac
Log Message:
Update to prosody 0.8.1.
A security and bug fix release. The security aspect is to mitigate the
"billion laughs" denial-of-service attack against XML parsers and XMPP
servers.
Other changes:
- Reject XML DTDs, comments and processing instructions, preventing
the "billion laughs" attack
- Switch to MEDIUMTEXT in the schema for MySQL to avoid truncating
large data (such as large avatars)
Prosody automatically upgrades the table in-place if possible, see:
http://prosody.im/doc/mysql
- Fix for endless loop when parsing certain invalid JSON
- Fix PostgreSQL compatibility in prosody-migrator
- Fix timestamp parsing for DST (affecting MUC scrollback retrieval)
- mod_legacyauth now correctly disabled for unencrypted connections by default
- Components properly inherit SSL settings and certificates from their
'parent' hosts
- Prevent startup with no VirtualHost entries in the config file
Update to prosody 0.8.1. A security and bug fix release. The security aspect is to mitigate the "billion laughs" denial-of-service attack against XML parsers and XMPP servers. Other changes: - Reject XML DTDs, comments and processing instructions, preventing the "billion laughs" attack - Switch to MEDIUMTEXT in the schema for MySQL to avoid truncating large data (such as large avatars) Prosody automatically upgrades the table in-place if possible, see: http://prosody.im/doc/mysql - Fix for endless loop when parsing certain invalid JSON - Fix PostgreSQL compatibility in prosody-migrator - Fix timestamp parsing for DST (affecting MUC scrollback retrieval) - mod_legacyauth now correctly disabled for unencrypted connections by default - Components properly inherit SSL settings and certificates from their 'parent' hosts - Prevent startup with no VirtualHost entries in the config file
recursive bump from gettext-lib shlib bump.
Import prosody-0.7.0 as chat/prosody. Prosody is a flexible communications server for Jabber/XMPP written in Lua. It aims to be easy to use, and light on resources. For developers it aims to be easy to extend and give a flexible system on which to rapidly develop added functionality, or prototype new protocols. (Based on wip/prosody.)
Initial revision