Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
Name: prosody | Distribution: SUSE Linux Enterprise 15 SP5 |
Version: 0.11.13 | Vendor: openSUSE |
Release: bp154.2.1 | Build date: Sat Jul 23 23:24:11 2022 |
Group: Productivity/Networking/Other | Build host: obs-arm-6 |
Size: 1394560 | Source RPM: prosody-0.11.13-bp154.2.1.src.rpm |
Packager: https://bugs.opensuse.org | |
Url: http://prosody.im/ | |
Summary: Communications server for Jabber/XMPP |
Prosody is a communications server for Jabber/XMPP written in Lua. Prosody can link up with other Prosody installations and other XMPP-compatible services to form an open communication network, whilst allowing control over who they connect to, and who they share data with.
MIT
* Fri Jan 28 2022 Michael Vetter <mvetter@suse.com> - Update to 0.11.13: * util.xml: Break reference to help the GC (fixes #1711) * util.xml: Deduplicate handlers for restricted XML * Thu Jan 13 2022 Michael Vetter <mvetter@suse.com> - Update to 0.11.12: * util.xml: Do not allow doctypes, comments or processing instructions (CVE-2022-0217) * Tue Jan 04 2022 Michael Vetter <mvetter@suse.com> - Update to 0.11.11: Fixes and improvements: * net.server_epoll: Prioritize network events over timers to improve performance under heavy load * mod_pep: Add some memory usage limits * mod_pep: Prevent creation of services for non-existent users * mod_pep: Free resources on user deletion (needed a restart previously) Minor changes: * mod_pep: Free resources on reload * mod_c2s: Indicate stream secure state in error text when no stream features to offer * MUC: Fix logic for access to affiliation lists * net.server_epoll: Improvements to shutdown procedure #1670 * net.server_epoll: Fix potential issue with rescheduling of timers * prosodyctl: Fix to ensure LuaFileSystem is loaded when needed * util.startup: Fix handling of unknown command line flags (e.g. -h) * Fix version number reported as ‘unknown’ on *BSD * Wed Oct 20 2021 Johannes Segitz <jsegitz@suse.com> - Added hardening to systemd service(s) (bsc#1181400). Modified: * prosody.service * Mon Aug 16 2021 Michael Vetter <mvetter@suse.com> - Update to 0.11.10: Security: * MUC: Fix logic for access to affiliation lists CVE-2021-37601 https://prosody.im/security/advisory_20210722/ Minor changes: * prosodyctl: Add ‘limits’ to known globals to warn about misplacing it * util.ip: Fix netmask for link-local address range * mod_pep: Remove obsolete node restoration code * util.pubsub: Fix traceback if node data not initialized - Update is related to: bsc#1188976 CVE-2021-37601 * Thu May 13 2021 Carsten Ziepke <kieltux@gmail.com> - Update to 0.11.9: Security: * mod_limits, prosody.cfg.lua: Enable rate limits by default * certmanager: Disable renegotiation by default * mod_proxy65: Restrict access to local c2s connections by default * util.startup: Set more aggressive defaults for GC * mod_c2s, mod_s2s, mod_component, mod_bosh, mod_websockets: Set default stanza size limits * mod_authinternal{plain,hashed}: Use constant-time string comparison for secrets * mod_dialback: Remove dialback-without-dialback feature * mod_dialback: Use constant-time comparison with hmac Minor changes * util.hashes: Add constant-time string comparison (binding to CRYPTO_memcmp) * mod_c2s: Don’t throw errors in async code when connections are gone * mod_c2s: Fix traceback in session close when conn is nil * core.certmanager: Improve detection of LuaSec/OpenSSL capabilities * mod_saslauth: Use a defined SASL error * MUC: Add support for advertising muc#roomconfig_allowinvites in room disco#info * mod_saslauth: Don’t throw errors in async code when connections are gone * mod_pep: Advertise base pubsub feature (fixes #1632: mod_pep missing pubsub feature in disco) * prosodyctl check config: Add ‘gc’ to list of global options * prosodyctl about: Report libexpat version if known * util.xmppstream: Add API to dynamically configure the stanza size limit for a stream * util.set: Add is_set() to test if an object is a set * mod_http: Skip IP resolution in non-proxied case * mod_c2s: Log about missing conn on async state changes * util.xmppstream: Reduce internal default xmppstream limit to 1MB - Relevant: https://prosody.im/security/advisory_20210512 * boo#1186027: Prosody XMPP server advisory 2021-05-12 * CVE-2021-32919 * CVE-2021-32917 * CVE-2021-32917 * CVE-2021-32920 * CVE-2021-32918 * Tue Feb 16 2021 Michael Vetter <mvetter@suse.com> - Update to 0.11.8: Security: * mod_saslauth: Disable ‘tls-unique’ channel binding with TLS 1.3 (#1542) Fixes and improvements: * net.websocket.frames: Improve websocket masking performance by using the new util.strbitop * util.strbitop: Library for efficient bitwise operations on strings Minor changes: * MUC: Correctly advertise whether the subject can be changed (#1155) * MUC: Preserve disco ‘node’ attribute (or lack thereof) in responses (#1595) * MUC: Fix logic bug causing unnecessary presence to be sent (#1615) * mod_bosh: Fix error if client tries to connect to component (#425) * mod_bosh: Pick out the ‘wait’ before checking it instead of earlier * mod_pep: Advertise base PubSub feature (#1632) * mod_pubsub: Fix notification stanza type setting (#1605) * mod_s2s: Prevent keepalives before client has established a stream * net.adns: Fix bug that sent empty DNS packets (#1619) * net.http.server: Don’t send Content-Length on 1xx/204 responses (#1596) * net.websocket.frames: Fix length calculation bug (#1598) * util.dbuffer: Make length API in line with Lua strings * util.dbuffer: Optimize substring operations * util.debug: Fix locals being reported under wrong stack frame in some cases * util.dependencies: Fix check for Lua bitwise operations library (#1594) * util.interpolation: Fix combination of filters and fallback values #1623 * util.promise: Preserve tracebacks * util.stanza: Reject ASCII control characters (#1606) * timers: Ensure timers can’t block other processing (#1620) * Fri Oct 02 2020 Michael Vetter <mvetter@suse.com> - Update to 0.11.7: Security: * mod_websocket: Enforce size limits on received frames (fixes #1593) Fixes and improvements: * mod_c2s, mod_s2s: Make stanza size limits configurable * Add configuration options to control Lua garbage collection parameters * net.http: Backport SNI support for outgoing HTTP requests (#409) * mod_websocket: Process all data in the buffer on close frame and connection errors (fixes #1474, #1234) * util.indexedbheap: Fix heap data structure corruption, causing some timers to fail after a reschedule (fixes #1572) * Fri Sep 11 2020 Michael Vetter <mvetter@suse.com> - Update to 0.11.6: Fixes and improvements: * mod_storage_internal: Fix error in time limited queries on items without ‘when’ field, fixes #1557 * mod_carbons: Fix handling of incoming MUC PMs #1540 * mod_csi_simple: Consider XEP-0353: Jingle Message Initiation important * mod_http_files: Avoid using inode in etag, fixes #1498: Fail to download file on FreeBSD * mod_admin_telnet: Create a DNS resolver per console session (fixes #1492: Telnet console DNS commands reduced usefulness) * core.certmanager: Move EECDH ciphers before EDH in default cipherstring (fixes #1513) * mod_s2s: Escape invalid XML in loggin (same way as mod_c2s) (fixes #1574: Invalid XML input on s2s connection is logged unescaped) * mod_muc: Allow control over the server-admins-are-room-owners feature (see #1174) * mod_muc_mam: Remove spoofed archive IDs before archiving (fixes #1552: MUC MAM may strip its own archive id) * mod_muc_mam: Fix stanza id filter event name, fixes #1546: mod_muc_mam does not strip spoofed stanza ids * mod_muc_mam: Fix missing advertising of XEP-0359, fixes #1547: mod_muc_mam does not advertise stanza-id Minor changes: * net.http API: Add request:cancel() method * net.http API: Fix traceback on invalid URL passed to request() * MUC: Persist affiliation_data in new MUC format * mod_websocket: Fire event on session creation (thanks Aaron van Meerten) * MUC: Always include ‘affiliation’/‘role’ attributes, defaulting to ‘none’ if nil * mod_tls: Log when certificates are (re)loaded * mod_vcard4: Report correct error condition (fixes #1521: mod_vcard4 reports wrong error) * net.http: Re-expose destroy_request() function (fixes unintentional API breakage) * net.http.server: Strip port from Host header in IPv6 friendly way (fix #1302) * util.prosodyctl: Tell prosody do daemonize via command line flag (fixes #1514) * SASL: Apply saslprep where necessary, fixes #1560: Login fails if password contains special chars * net.http.server: Fix reporting of missing Host header * util.datamanager API: Fix iterating over “users” (thanks marc0s) * net.resolvers.basic: Default conn_type to ‘tcp’ consistently if unspecified (thanks marc0s) * mod_storage_sql: Fix check for deletion limits (fixes #1494) * mod_admin_telnet: Handle unavailable cipher info (fixes #1510: mod_admin_telnet backtrace) * Log warning when using prosodyctl start/stop/restart * core.certmanager: Look for privkey.pem to go with fullchain.pem (fixes #1526) * mod_storage_sql: Add index covering sort_id to improve performance (fixes #1505) * mod_mam,mod_muc_mam: Allow other work to be performed during archive cleanup (fixes #1504) * mod_muc_mam: Don’t strip MUC tags, fix #1567: MUC tags stripped by mod_muc_mam * mod_pubsub, mod_pep: Ensure correct number of children of (fixes #1496) * mod_register_ibr: Add FORM_TYPE as required by XEP-0077 (fixes #1511) * mod_muc_mam: Fix traceback saving message from non-occupant (fixes #1497) * util.startup: Remove duplicated initialization of logging (fix #1527: startup: Logging initialized twice) * Thu Mar 26 2020 Michael Vetter <mvetter@suse.com> - Update to 0.11.5: Fixes and improvements: * prosody / mod_posix: Support for command-line flags to override ‘daemonize’ config option Minor changes: * mod_websocket: Clear mask bit when reflecting ping frames (fixes #1484: Websocket masks pong answer) * Mon Jan 20 2020 Michael Vetter <mvetter@suse.com> - Update to 0.11.4: Fixes and improvements: * core.rostermanager: Improve performance by caching rosters of offline #1233 * mod_pep: Handling subscriptions more efficiently #1372 Minor changes: * util.interpolation: Support unescaped variables with more modifiers #1452 * MUC: Mark source of historic messages correctly #1416 * mod_auth_internal_hashed: Pass on errors #1477 * mod_mam, mod_muc_mam: Improve logging of failures #1478, #1480, #1481 * mod_muc, mod_muc_mam: Reschedule message expiry in case of failure * mod_mam: Add flag to session when it performs a MAM query * prosodyctl check: Warn about conflict between mod_pep and mod_pep_simple * prosodyctl check: Warn about conflict between mod_vcard and mod_vcard_legacy #1469 * core.modulemanager: Disable mod_vcard if mod_vcard_legacy is enabled to prevent conflict #1469 * MUC: Strip tags with MUC-related namespaces from private messages #1427 * MUC: Don’t advertise registration feature on host #1451 * mod_vcard_legacy: Fix handling of empty photo elements #1432 * mod_vcard_legacy: Advertise lack of avatar correctly #1431 * prosodyctl: Handle if the setting proxy65_address has the wrong type * prosodyctl: Print a blank line to improve spacing and readability * MUC: Fix role loss in Nickname change #1466 * util.pposix: Fix reporting of memory usage in 2-4GB range #1445 * util.startup: Fix a regression concerning directory paths #1430 * mod_websocket: Don’t mask WebSocket pong answers #1484 * net.resolvers: Apply IDNA conversion to ascii for DNS lookups (affects only HTTP queries) #1426 * net.resolvers.basic: Fix resolution of IPv6 literals (in brackets) #1459 * Mon Oct 07 2019 mvetter@suse.com - Update to 0.11.3: * MUC: Advertise XEP-0410 support * mod_muc_mam: Import cleanup mechanism from mod_mam (fixes #672: mod_muc_mam: Archive expiry) * mod_bosh: Handle missing wait attribute (fixes #1288: BOSH: Traceback on missing ‘wait’ attribute) * mod_storage_sql: Handle SQLite DELETE with LIMIT being optional (fixes #1359: Sqlite3 archive_store:delete error in prepared statement) * mod_c2s: Fixed #1313: attempt to call a field ‘data’ (a nil value)) * net.server_epoll: Restore wantread flag after pause (fixes #1354: server_epoll: Race in chunked reads) * util.encodings: Allow unassigned code points in ICU mode to match libidn behavior (fixes #1348: Different treatment of unassigned code points between libidn and ICU ) * util.ip: Add missing netmask for 192.168⁄16 range (fixes #1343) * util.hashes: Use HMAC function provided by OpenSSL (fixes #1345: util.hashes: HMAC-SHA-512 implementation broken) * net.dns: Close resolv.conf handle when done (fixes #1342) * mod_websocket: Clone stanza before mutating (fixes #1398: mod_websocket leaks explicit xmlns attr) * mod_announce: Check for admin on current virtualhost instead of global (fixes #1365: “host admins” should be able to use mod_announce as well as “global admins”) (thanks yc) * mod_blocklist: Trigger resend of presence when unblocking a contact (fixes #1380: Prosody does not send presence when unblocking (XEP-0191)) * mod_vcard_legacy: Multiple improvements (fixes #1289: mod_vcard_legacy upgrade experience): - mod_vcard_legacy: Don’t overwrite existing PEP data - mod_vcard_legacy: Handle partial migration - mod_vcard_legacy: Allow disabling vcard conversion - mod_vcard_legacy: Adapt node defaults to number of avatars * mod_muc_mam: Strip the stanza ‘to’ attribute (fixes #1259: [muc_mam] forwarded stanza has a “to” attribute while spec says it MUST NOT) * util.pubsub: Validate node configuration on node creation (fixes #1328: Pubsub: Node configuration not validated on node creation) * mod_pep/mod_pubsub: Simplify configuration for storage of node data (fixes #1320) * MUC: Fix delay@from to be room JID (fixes #1416: MUC: Wrong delay@from on historic messages) * mod_mam/mod_muc_mam: Cache last date that archive owner has messages to reduce writes (fixes #1368: Archive cleanup doubles number of storage access) * mod_mam: Perform message expiry based on building an index by date (backport of 39ee70fbb009 from trunk) - For details see: https://blog.prosody.im/prosody-0.11.3-released/ - Remove prosody-0.11-upstream-fixes.patch * Tue Jul 16 2019 mvetter@suse.com - bsc#1141599: Add upstream fixes on 0.11 branch since 0.11.2 * Add prosody-0.11-upstream-fixes.patch: Up to 9712:7a36b7ac309b * Fri Apr 26 2019 mvetter@suse.com - bsc#1130588: Require shadow instead of old pwdutils * Thu Jan 10 2019 mvetter@suse.com - Update to 0.11.2: * mod_csi_simple: Multiple enhancements to built-in ‘importance’ rules (fixes #1250) * mod_vcard_legacy: Limit injection of XEP-0153 to normal presence (fixes #1252) * util.datetime: Make sure timezone difference is calculated correctly (fixes #1262) * MUC: Fix traceback when requesting voice (fixes #1269) (thanks jonas’) * MUC: Adjust priorities of muc-get-default-role handlers (fixes #1272) * MUC: Allow changing data attached to an only owner (fixes #1273) * Multiple fixes and improvements to our experimental epoll (non-libevent) backend * util.stanza: Deserialize stanza without mutating input (fixes #711) * mod_mam: Only accept valid JIDs in and prefs. (fixes #1275) * util.pubsub: Restore subscription index from stored data (fixes #1281) * prosodyctl check: Add statisticsmanager settings to known global options * util.startup: Always reload logging after config (fixes #1284) * mod_posix: Don’t reload log files twice - Run spec-cleaner * Thu Nov 29 2018 ecsos@opensuse.org - Update to 0.11.1: * Fixes and improvements - mod_csi_simple: Don’t set stamps on stanzas (fixes #1248) - mod_csi_simple: Bypass importance event in active mode (fixes #1249) * Minor changes - mod_csi_simple: Use the same event name when firing as when hooking (fixes #1245) - mod_csi: Set session.state to simplify CSI modules - MUC: Fix traceback on muc#admin query with missing child (#1242) - Fix build error for Leap 42.3 * Thu Nov 22 2018 mvetter@suse.com - Update to 0.11.0: * Rewritten more extensible MUC module + Store inactive rooms to disk + Store rooms to disk on shutdown + Voice requests + Tombstones in place of destroyed rooms * PubSub features + Persistence + Affiliations + Access models + "publish-options" * PEP now uses our pubsub code and now shares the above features * Asynchronous operations * Busted for tests * mod\_muc\_mam (XEP-0313 in groupchats) * mod\_vcard\_legacy (XEP-0398) * mod\_vcard4 (XEP-0292) * mod\_csi, mod\_csi\_simple (XEP-0352) * New experimental network backend "epoll" - For more details see: * https://blog.prosody.im/prosody-0-11-0-released/ * https://prosody.im/doc/release/0.11.0#upgrade_notes - Remove prosody-makefile.patch: configure supports --libdir now - Update prosody-configure.patch: no libdir manipulation required - Update prosody-cfg.patch: refresh and remove posix part. It's enabled by default. * Thu May 31 2018 benedikt@g5r.eu - Update to 0.10.2: Security: * mod_c2s: Do not allow the stream ‘to’ to change across stream restarts (fixes #1147) Minor changes: * mod_websocket: Store the request object on the session for use by other modules (fixes #1153) * mod_c2s: Avoid concatenating potential nil value (fixes #753) * core.certmanager: Allow all non-whitespace in service name (fixes #1019) * mod_disco: Skip code specific to disco on user accounts (avoids invoking usermanager, fixes #1150) * mod_bosh: Store the normalized hostname on session (fixes #1151) * MUC: Fix error logged when no persistent rooms present (fixes #1154) - change /usr/bin/env lua5.1 to /usr/bin/lua5.1 to fix the env-script-interpreter rpmlint error * Wed May 16 2018 mvetter@suse.com - Update to 0.10.1: Security: * SQL: Ensure user archives are purged when a user account is deleted (fixes #1009[1]) Fixes and improvements: * Core: More robust signal handling (fixes #1047[2], #1029[3]) * MUC: Ensure that elements which match our from are stripped (fixes #1055[4]) * MUC: More robust handling of storage failures (fixes #1091[5], #1091[5]) * mod_mam: Ensure a user's archiving preferences apply even when they are offline (fixes #1024[6]) * Compatibility improvements with LuaSec 0.7, improving curve support * mod_stanza_debug: New module that logs full stanzas sent and received for debugging purposes * mod_mam: Implement option to enable MAM implicitly when client support is detected (#867[7]) * mod_mam: Add an option for whether to include 'total' counts by default in queries (for performance) * MUC: send muc#stanza_id feature as per XEP-0045 v1.31 (fixes #1097[8]) Minor changes: * SQL: Suppress error log if a transaction failed but was retried ok * core.stanza_router: Verify that xmlns exists for firing stanza/iq/xmlns/name events (fixes #1022[9]) (thanks SamWhited) * mod_carbons: Synthesize a 'to' attribute for carbons of stanzas to "self" (fixes #956[10]) * Core: Re-enable timestamps by default when logging to files (fixes #1004[11]) * HTTP: Report HTML Content-Type on error pages (fixes #1030[12]) * mod_c2s: Set a default value for c2s_timeout (fixes #1036[13]) * prosodyctl: Fix traceback with lfs < 1.6.2 and show warning * Fix incorrect '::' compression of a single 0-group which broke some IPv6 address matching * mod_dialback: Copy function from mod_s2s instead of depending on it, which made it harder to disable s2s (fixes #1050[14]) * mod_storage_sql: Add an index to SQL archive stores to improve performance of some queries * MUC: Don't attempt to reply to errors with more errors (fixes #1122[15]) * Module API: Fix parameter order to http client callbacks * mod_blocklist: Allow mod_presence to handle subscription stanzas before bouncing outgoing presence (fixes #575[16]) * mod_http_files: Fix directory listing cache entries not expiring (fixes #1130[17]) * Fri Dec 15 2017 mvetter@suse.com - Add pid file location to default config Seems this got lost with the update to 0.10.0 - enable mod_posix * Sat Dec 09 2017 sleep_walker@opensuse.org - add lua51-BitOp as dependency for mod_websocket https://prosody.im/doc/packagers#section010 * Tue Oct 03 2017 mvetter@suse.com - Update to 0.10.0: See https://blog.prosody.im/prosody-0-10-0-released/ for details - Remove because contained in new upstream: * prosody-upstream-0.9-branch-fixes-since-0.12-tag.patch * prosody-backport-555.patch * prosody-local-socket.patch - Update: * prosody-configure.patch * prosody-makefile.patch * prosody-cfg.patch * Fri Sep 15 2017 mvetter@suse.com - Update prosody-upstream-0.9-branch-fixes-since-0.12-tag.patch: * mod_c2s: Iterate over child tags instead of child nodes in stream error (fixes traceback from #987) * mod_component, mod_s2s: Iterate over child tags instead of child nodes (can include text) in stream error (same as 176b7f4e4ac9) * Sun Sep 10 2017 benedikt@g5r.eu - Add prosody-backport-555.patch to backport the fix of issue #555: * net.dns: Use new IPv4-specific socket factory if available (fixes dns on libevent with latest development version of luasocket) * Thu Aug 03 2017 mvetter@suse.com - Add prosody-upstream-0.9-branch-fixes-since-0.12-tag.patch to get the following bugfixes: * core.rostermanager: Add method for checking if the user is subscribed to a contact * mod_presence: Send probe once subscribed (fixes #794) * mod_net_multiplex: Enable SSL on the SSL port (fixes #803) * mod_register: Require encryption before registration if c2s_require_encryption is set (fixes #595) * mod_saslauth: Log SASL failure reason * mod_disco: Correctly set the 'node' attr (fixes #449) * mod_bosh: Update session.conn to point to the current connection (fixes #890) * net.dns: Simplify expiry calculation (fixes #919) * mod_watchregistrations: Return the pointer to the root of the stanza, fixes #922. * mod_disco: Add an account/registered identity on subscribed accounts, fixes #826. * mod_welcome: Return the pointer to the root of the stanza, fixes a bug similar to #922. * net.dns: Prevent answers from immediately expiring even if TTL=0 (see #919) * mod_saslauth: Use correct varible name (thanks Roi) * util.dependencies: Add compatibility code for LuaSocket no longer exporting as a global * util.dependencies: Add comment about LuaSec compat * Mon Jul 24 2017 jengelh@inai.de - Replace filler wording in description with content. * Thu Jul 20 2017 tchvatal@suse.com - Add patch to fix crash "attempt to index global 'socket'": * prosody-local-socket.patch * Thu Jul 20 2017 tchvatal@suse.com - Drop the systemd conditional as all systems have systemd now for our purposes. - Switch back to lua5.1 as 0.9 prosody works only with that * Fri Jul 14 2017 tchvatal@suse.com - Build against lua5.3 instead of lua5.1 * Tue Jul 11 2017 tchvatal@suse.com - Fix build with namespaced lua * Wed Jan 11 2017 Mathias.Homann@opensuse.org - added patch: prosody-lua51coexist.patch * makes prosody work on systems that have lua 5.1 and lua 5.2 installed. * Wed Jan 11 2017 mvetter@suse.com - Update to 0.9.12: * Dependencies: Fix certificate verification failures when using LuaSec 0.6 (fixes #781) * mod_s2s: Lower log message to 'warn' level, standard for remotely-triggered protocol issues * certs/Makefile: Remove -c flag from chmod call (a GNU extension) * Networking: Prevent writes after a handler is closed (fixes #783) * Fri Nov 04 2016 mvetter@suse.com - Update to 0.9.11: * HTTP parser: Improve buffering of incoming HTTP data and add size limits (#603) * Sessionmanager: Fix for an issue which caused people to be kicked from conferences if mod_smacks was enabled (#648) * Dependencies: Workaround for compatibility with LuaSec 0.6 (#749) * MUC: Accept missing form as "instant room" request (#377) * C2S: Fix issues with destroying disconnected connections (#590), (#641) * mod_privacy: Fix selection of the top resource(s) #694 * mod_presence: Make sure both users get each others presence after adding each other (#673) * mod_http_files: Fix traceback when serving a non-wildcard path (#611) * mod_http_files: Preserve a trailing slash in paths (#639) * util.datamanager: Fix error handling (#632) * net.server_event: Fix internal socket API to allow writing from socket.ondrain callback (#661) * net.server_event: Fix timeout (commit 1909bde0e79f) * net.server_event: Fix traceback due to write during TLS handshake (commit c774622ad9db) * net.server_event: Fix buffer length check (commit 206f9b0485ad) - Remove prosody-upstream-0.9-branch-fixes.patch: included in update * Tue Oct 11 2016 mvetter@suse.com - Change license to MIT * Thu Sep 15 2016 mvetter@suse.com - Add prosody-upstream-0.9-branch-fixes.patch: Upstream pushes all fixes for a certain release to its own branch. See: https://prosody.im/files/branches_explained.png After some time, mostly when a security bug is found, they do a new minor release. The fixes however are often needed to make prosody run smoothly with its community modules. Thus I monitor them and add the patch set. It's only fixes no new features. * Fri Jun 17 2016 mvetter@suse.com - Remove prosody-rpmlintrc: Not needed since last cleanup * Mon May 23 2016 mvetter@suse.com - Add: * prosody-0.9.10.tar.gz.asc * prosody.keyring containing Matthew and Zashs keys - Enable source verification * Mon May 23 2016 mvetter@suse.com - Move rcprosody into systemd section until we have proper sysvinit support * Fri May 20 2016 mvetter@suse.com - Pass optflags to configure - Install service file and create directories if needed in one run - Dont strip debug symbols - Dont need to verify permissions since we set them - Create systemd tempfile properly - Install config files with file glob - Remove sysvinit stuff - Cleanup systemd conditionals * Tue Apr 26 2016 mvetter@suse.com - Use less rights * Thu Feb 11 2016 mvetter@suse.com - Update to 0.9.10 Security: * mod_dialback: Adopt key generation algorithm from XEP-0185, to prevent impersonation attacks (CVE-2016-0756) Fixes and improvements: * Startup: Open /dev/urandom read-only, to fix a failure to start on some systems * Networking: Improve handling of the 'select' network backend running out of file descriptors Minor changes: * Networking: Increase default internal read size to prevent connections stalling with LuaEvent * DNS: Discard queries that failed to send due to connection errors * c2s, s2s: Lower priority of shutdown handler, so that modules such as MUC can always send shutdown notifications to (remote) users * Thu Feb 11 2016 mvetter@suse.com - Update to 0.9.9 Security fixes: * Fix path traversal vulnerability in mod_http_files (CVE-2016-1231) * Fix use of weak PRNG in generation of dialback secrets (CVE-2016-1232) Bugs: * Improve handling of CNAME records in DNS * Fix traceback when deleting a user in some configurations (issue #496) * MUC: restrict_room_creation could prevent users from joining rooms (issue #458) * MUC: fix occasional dropping of iq stanzas sent privately between occupants * Fix a potential memory leak in mod_pep Additions: * Add http:list() command to telnet to view active HTTP services * IPv4/v6 address selection code for outgoing s2s * Add support for importing SCRAM hashes from ejabberd * Sat May 02 2015 nekolayer@yandex.ru - fix broken prosody-makefile.patch for correct lib path [bnc#926932] * Tue Apr 07 2015 g.bluehut@gmail.com - Clean up spec file - Update to 0.9.8 * Ensure only valid UTF-8 is passed to libidn * Fix traceback caused when DNS server IP is unroutable * HTTP client: More robust handling of chunked encoding across packet boundaries * Stanza router: Fix handling of 'error' <iq>'s with multiple children * c2s: Fix error reply when clients try to bind multiple resources on the same stream * s2s: Ensure to/from attributes are always present on stream headers, even if empty * Build scripts: Add –libdir option to ./configure to simplify building on some platforms * Fix traceback in datamanager when used outside of Prosody * mod_admin_telnet: Fix potential traceback in server:memory() command * util.stanza: Don't XML-escape whitespace * prosodyctl: Fix traceback in 'about' command with LuaRocks 2.2.0 * Mon Oct 20 2014 i@marguerite.su - update version 0.9.6 * certmanager, net.http: Disable SSLv3 by default * net.http.parser: Support status code 101 and allow handling of the received data by plugins * util.filters: Ignore filters being added twice (fixes issues on removal, i.e. when some plugins are reloaded/unloaded) * mod_s2s: Close offending s2s streams missing an 'id' attribute with a stream error instead of throwing an unhandled error * Networking API: Add 'ondetach' callback for listener objects, to prevent leaks when connections have their listener changed * core.stanza_router: Stricter validation of stanzas * mod_admin_adhoc: Mark 'accountjids' field as required in 'end user sessions' command * mod_admin_adhoc: Add required to field in user deletion form too * net.dns: Avoid duplicate cache entries * util.stanza: Escape newlines and tabs (\r\n\t) when serializing stanzas. * util/dataforms: Make sure we iterate over field tags only * mod_s2s: Capitalize log message * mod_pubsub: Fix error type of 'forbidden' (change from 'cancel' to 'auth')
/etc/prosody /etc/prosody/certs /etc/prosody/certs/GNUmakefile /etc/prosody/certs/example.com.crt /etc/prosody/certs/example.com.key /etc/prosody/certs/localhost.cnf /etc/prosody/certs/localhost.crt /etc/prosody/certs/localhost.key /etc/prosody/certs/makefile /etc/prosody/certs/openssl.cnf /etc/prosody/prosody.cfg.lua /run/prosody /usr/bin/prosody /usr/bin/prosodyctl /usr/lib/prosody /usr/lib/prosody/core /usr/lib/prosody/core/certmanager.lua /usr/lib/prosody/core/configmanager.lua /usr/lib/prosody/core/hostmanager.lua /usr/lib/prosody/core/loggingmanager.lua /usr/lib/prosody/core/moduleapi.lua /usr/lib/prosody/core/modulemanager.lua /usr/lib/prosody/core/portmanager.lua /usr/lib/prosody/core/rostermanager.lua /usr/lib/prosody/core/s2smanager.lua /usr/lib/prosody/core/sessionmanager.lua /usr/lib/prosody/core/stanza_router.lua /usr/lib/prosody/core/statsmanager.lua /usr/lib/prosody/core/storagemanager.lua /usr/lib/prosody/core/usermanager.lua /usr/lib/prosody/modules /usr/lib/prosody/modules/adhoc /usr/lib/prosody/modules/adhoc/adhoc.lib.lua /usr/lib/prosody/modules/adhoc/mod_adhoc.lua /usr/lib/prosody/modules/mod_admin_adhoc.lua /usr/lib/prosody/modules/mod_admin_telnet.lua /usr/lib/prosody/modules/mod_announce.lua /usr/lib/prosody/modules/mod_auth_anonymous.lua /usr/lib/prosody/modules/mod_auth_cyrus.lua /usr/lib/prosody/modules/mod_auth_insecure.lua /usr/lib/prosody/modules/mod_auth_internal_hashed.lua /usr/lib/prosody/modules/mod_auth_internal_plain.lua /usr/lib/prosody/modules/mod_blocklist.lua /usr/lib/prosody/modules/mod_bosh.lua /usr/lib/prosody/modules/mod_c2s.lua /usr/lib/prosody/modules/mod_carbons.lua /usr/lib/prosody/modules/mod_component.lua /usr/lib/prosody/modules/mod_csi.lua /usr/lib/prosody/modules/mod_csi_simple.lua /usr/lib/prosody/modules/mod_debug_sql.lua /usr/lib/prosody/modules/mod_dialback.lua /usr/lib/prosody/modules/mod_disco.lua /usr/lib/prosody/modules/mod_groups.lua /usr/lib/prosody/modules/mod_http.lua /usr/lib/prosody/modules/mod_http_errors.lua /usr/lib/prosody/modules/mod_http_files.lua /usr/lib/prosody/modules/mod_iq.lua /usr/lib/prosody/modules/mod_lastactivity.lua /usr/lib/prosody/modules/mod_legacyauth.lua /usr/lib/prosody/modules/mod_limits.lua /usr/lib/prosody/modules/mod_mam /usr/lib/prosody/modules/mod_mam/mamprefs.lib.lua /usr/lib/prosody/modules/mod_mam/mamprefsxml.lib.lua /usr/lib/prosody/modules/mod_mam/mod_mam.lua /usr/lib/prosody/modules/mod_message.lua /usr/lib/prosody/modules/mod_motd.lua /usr/lib/prosody/modules/mod_muc_mam.lua /usr/lib/prosody/modules/mod_muc_unique.lua /usr/lib/prosody/modules/mod_net_multiplex.lua /usr/lib/prosody/modules/mod_offline.lua /usr/lib/prosody/modules/mod_pep.lua /usr/lib/prosody/modules/mod_pep_plus.lua /usr/lib/prosody/modules/mod_pep_simple.lua /usr/lib/prosody/modules/mod_ping.lua /usr/lib/prosody/modules/mod_posix.lua /usr/lib/prosody/modules/mod_presence.lua /usr/lib/prosody/modules/mod_private.lua /usr/lib/prosody/modules/mod_proxy65.lua /usr/lib/prosody/modules/mod_pubsub /usr/lib/prosody/modules/mod_pubsub/mod_pubsub.lua /usr/lib/prosody/modules/mod_pubsub/pubsub.lib.lua /usr/lib/prosody/modules/mod_register.lua /usr/lib/prosody/modules/mod_register_ibr.lua /usr/lib/prosody/modules/mod_register_limits.lua /usr/lib/prosody/modules/mod_roster.lua /usr/lib/prosody/modules/mod_s2s /usr/lib/prosody/modules/mod_s2s/mod_s2s.lua /usr/lib/prosody/modules/mod_s2s/s2sout.lib.lua /usr/lib/prosody/modules/mod_s2s_auth_certs.lua /usr/lib/prosody/modules/mod_saslauth.lua /usr/lib/prosody/modules/mod_scansion_record.lua /usr/lib/prosody/modules/mod_server_contact_info.lua /usr/lib/prosody/modules/mod_stanza_debug.lua /usr/lib/prosody/modules/mod_storage_internal.lua /usr/lib/prosody/modules/mod_storage_memory.lua /usr/lib/prosody/modules/mod_storage_none.lua /usr/lib/prosody/modules/mod_storage_sql.lua /usr/lib/prosody/modules/mod_storage_xep0227.lua /usr/lib/prosody/modules/mod_time.lua /usr/lib/prosody/modules/mod_tls.lua /usr/lib/prosody/modules/mod_unknown.lua /usr/lib/prosody/modules/mod_uptime.lua /usr/lib/prosody/modules/mod_user_account_management.lua /usr/lib/prosody/modules/mod_vcard.lua /usr/lib/prosody/modules/mod_vcard4.lua /usr/lib/prosody/modules/mod_vcard_legacy.lua /usr/lib/prosody/modules/mod_version.lua /usr/lib/prosody/modules/mod_watchregistrations.lua /usr/lib/prosody/modules/mod_websocket.lua /usr/lib/prosody/modules/mod_welcome.lua /usr/lib/prosody/modules/mod_windows.lua /usr/lib/prosody/modules/muc /usr/lib/prosody/modules/muc/config_form_sections.lib.lua /usr/lib/prosody/modules/muc/description.lib.lua /usr/lib/prosody/modules/muc/hidden.lib.lua /usr/lib/prosody/modules/muc/history.lib.lua /usr/lib/prosody/modules/muc/language.lib.lua /usr/lib/prosody/modules/muc/lock.lib.lua /usr/lib/prosody/modules/muc/members_only.lib.lua /usr/lib/prosody/modules/muc/mod_muc.lua /usr/lib/prosody/modules/muc/moderated.lib.lua /usr/lib/prosody/modules/muc/muc.lib.lua /usr/lib/prosody/modules/muc/name.lib.lua /usr/lib/prosody/modules/muc/occupant.lib.lua /usr/lib/prosody/modules/muc/password.lib.lua /usr/lib/prosody/modules/muc/persistent.lib.lua /usr/lib/prosody/modules/muc/register.lib.lua /usr/lib/prosody/modules/muc/request.lib.lua /usr/lib/prosody/modules/muc/subject.lib.lua /usr/lib/prosody/modules/muc/util.lib.lua /usr/lib/prosody/modules/muc/whois.lib.lua /usr/lib/prosody/net /usr/lib/prosody/net/adns.lua /usr/lib/prosody/net/connect.lua /usr/lib/prosody/net/connlisteners.lua /usr/lib/prosody/net/cqueues.lua /usr/lib/prosody/net/dns.lua /usr/lib/prosody/net/http /usr/lib/prosody/net/http.lua /usr/lib/prosody/net/http/codes.lua /usr/lib/prosody/net/http/parser.lua /usr/lib/prosody/net/http/server.lua /usr/lib/prosody/net/httpserver.lua /usr/lib/prosody/net/resolvers /usr/lib/prosody/net/resolvers/basic.lua /usr/lib/prosody/net/resolvers/manual.lua /usr/lib/prosody/net/resolvers/service.lua /usr/lib/prosody/net/server.lua /usr/lib/prosody/net/server_epoll.lua /usr/lib/prosody/net/server_event.lua /usr/lib/prosody/net/server_select.lua /usr/lib/prosody/net/websocket /usr/lib/prosody/net/websocket.lua /usr/lib/prosody/net/websocket/frames.lua /usr/lib/prosody/prosody.version /usr/lib/prosody/util /usr/lib/prosody/util/adhoc.lua /usr/lib/prosody/util/array.lua /usr/lib/prosody/util/async.lua /usr/lib/prosody/util/cache.lua /usr/lib/prosody/util/caps.lua /usr/lib/prosody/util/compat.so /usr/lib/prosody/util/dataforms.lua /usr/lib/prosody/util/datamanager.lua /usr/lib/prosody/util/datetime.lua /usr/lib/prosody/util/dbuffer.lua /usr/lib/prosody/util/debug.lua /usr/lib/prosody/util/dependencies.lua /usr/lib/prosody/util/encodings.so /usr/lib/prosody/util/envload.lua /usr/lib/prosody/util/events.lua /usr/lib/prosody/util/filters.lua /usr/lib/prosody/util/format.lua /usr/lib/prosody/util/gc.lua /usr/lib/prosody/util/hashes.so /usr/lib/prosody/util/helpers.lua /usr/lib/prosody/util/hex.lua /usr/lib/prosody/util/hmac.lua /usr/lib/prosody/util/http.lua /usr/lib/prosody/util/id.lua /usr/lib/prosody/util/import.lua /usr/lib/prosody/util/indexedbheap.lua /usr/lib/prosody/util/interpolation.lua /usr/lib/prosody/util/ip.lua /usr/lib/prosody/util/iterators.lua /usr/lib/prosody/util/jid.lua /usr/lib/prosody/util/json.lua /usr/lib/prosody/util/logger.lua /usr/lib/prosody/util/mercurial.lua /usr/lib/prosody/util/multitable.lua /usr/lib/prosody/util/net.so /usr/lib/prosody/util/openssl.lua /usr/lib/prosody/util/paths.lua /usr/lib/prosody/util/pluginloader.lua /usr/lib/prosody/util/poll.so /usr/lib/prosody/util/pposix.so /usr/lib/prosody/util/presence.lua /usr/lib/prosody/util/promise.lua /usr/lib/prosody/util/prosodyctl.lua /usr/lib/prosody/util/pubsub.lua /usr/lib/prosody/util/queue.lua /usr/lib/prosody/util/random.lua /usr/lib/prosody/util/rfc6724.lua /usr/lib/prosody/util/ringbuffer.so /usr/lib/prosody/util/rsm.lua /usr/lib/prosody/util/sasl /usr/lib/prosody/util/sasl.lua /usr/lib/prosody/util/sasl/anonymous.lua /usr/lib/prosody/util/sasl/digest-md5.lua /usr/lib/prosody/util/sasl/external.lua /usr/lib/prosody/util/sasl/plain.lua /usr/lib/prosody/util/sasl/scram.lua /usr/lib/prosody/util/sasl_cyrus.lua /usr/lib/prosody/util/serialization.lua /usr/lib/prosody/util/session.lua /usr/lib/prosody/util/set.lua /usr/lib/prosody/util/signal.so /usr/lib/prosody/util/sql.lua /usr/lib/prosody/util/sslconfig.lua /usr/lib/prosody/util/stanza.lua /usr/lib/prosody/util/startup.lua /usr/lib/prosody/util/statistics.lua /usr/lib/prosody/util/statsd.lua /usr/lib/prosody/util/strbitop.so /usr/lib/prosody/util/table.so /usr/lib/prosody/util/template.lua /usr/lib/prosody/util/termcolours.lua /usr/lib/prosody/util/throttle.lua /usr/lib/prosody/util/time.so /usr/lib/prosody/util/timer.lua /usr/lib/prosody/util/uuid.lua /usr/lib/prosody/util/vcard.lua /usr/lib/prosody/util/watchdog.lua /usr/lib/prosody/util/x509.lua /usr/lib/prosody/util/xml.lua /usr/lib/prosody/util/xmppstream.lua /usr/lib/prosody/util/xpcall.lua /usr/lib/systemd/system/prosody.service /usr/lib/tmpfiles.d/prosody.conf /usr/sbin/rcprosody /usr/share/man/man1/prosodyctl.1.gz /var/lib/prosody /var/log/prosody
Generated by rpm2html 1.8.1
Fabrice Bellet, Tue Jul 9 18:42:22 2024