diff options
author | tron <tron@pkgsrc.org> | 2011-06-06 19:49:00 +0000 |
---|---|---|
committer | tron <tron@pkgsrc.org> | 2011-06-06 19:49:00 +0000 |
commit | 23d33bc1ef1bfc5d28993898078b1ce75b5411b2 (patch) | |
tree | 7e834604665373d26dc82b850ac1f4cce65b6344 /chat/prosody/distinfo | |
parent | 827980a62ee96c2ae2e3b08df3f4c4e7b8661278 (diff) | |
download | pkgsrc-23d33bc1ef1bfc5d28993898078b1ce75b5411b2.tar.gz |
Pullup ticket #3448 - requested by schnoebe
textproc/lua-expat: security update
chat/prosody: security update
Revisions pulled up:
- chat/prosody/Makefile 1.3 via patch
- chat/prosody/PLIST 1.2
- chat/prosody/distinfo 1.2
- chat/prosody/patches/patch-aa 1.2
- chat/prosody/patches/patch-ab 1.2
- chat/prosody/patches/patch-ac deleted
- chat/prosody/patches/patch-ad 1.2
- textproc/lua-expat/Makefile 1.16
- textproc/lua-expat/distinfo 1.5
---
Module Name: pkgsrc
Committed By: schnoebe
Date: Sat Jun 4 23:13:40 UTC 2011
Modified Files:
pkgsrc/textproc/lua-expat: Makefile distinfo
Log Message:
Update textproc/lua-expat to 1.2.0.
Required for updating chat/prosody to 0.8.1, which helps handle the
"billion laughs" exploits on XML parsers and XMPP servers.
Change log as recorded in the README:
Version 1.2.0 [02/Jun/2011]
* support for the StartDoctypeDecl handler
* add parser:stop() to abort parsing inside a callback
---
Module Name: pkgsrc
Committed By: schnoebe
Date: Mon Jun 6 14:41:48 UTC 2011
Modified Files:
pkgsrc/chat/prosody: Makefile PLIST distinfo
pkgsrc/chat/prosody/patches: patch-aa patch-ab patch-ad
Removed Files:
pkgsrc/chat/prosody/patches: patch-ac
Log Message:
Update to prosody 0.8.1.
A security and bug fix release. The security aspect is to mitigate the
"billion laughs" denial-of-service attack against XML parsers and XMPP
servers.
Other changes:
- Reject XML DTDs, comments and processing instructions, preventing
the "billion laughs" attack
- Switch to MEDIUMTEXT in the schema for MySQL to avoid truncating
large data (such as large avatars)
Prosody automatically upgrades the table in-place if possible, see:
http://prosody.im/doc/mysql
- Fix for endless loop when parsing certain invalid JSON
- Fix PostgreSQL compatibility in prosody-migrator
- Fix timestamp parsing for DST (affecting MUC scrollback retrieval)
- mod_legacyauth now correctly disabled for unencrypted connections by default
- Components properly inherit SSL settings and certificates from their
'parent' hosts
- Prevent startup with no VirtualHost entries in the config file
Diffstat (limited to 'chat/prosody/distinfo')
-rw-r--r-- | chat/prosody/distinfo | 15 |
1 files changed, 7 insertions, 8 deletions
diff --git a/chat/prosody/distinfo b/chat/prosody/distinfo index 9f5333240b0..80885d29625 100644 --- a/chat/prosody/distinfo +++ b/chat/prosody/distinfo @@ -1,9 +1,8 @@ -$NetBSD: distinfo,v 1.1.1.1 2010/09/21 11:01:22 fhajny Exp $ +$NetBSD: distinfo,v 1.1.1.1.6.1 2011/06/06 19:49:00 tron Exp $ -SHA1 (prosody-0.7.0.tar.gz) = 3f3a6c4f262a062a9c027cc843cd6827104fb8ba -RMD160 (prosody-0.7.0.tar.gz) = 2e40b4f807b6120971c611f52d4df3264a82cbb9 -Size (prosody-0.7.0.tar.gz) = 177412 bytes -SHA1 (patch-aa) = 5bb7fb62cc367e075b4213b7cc85661fece0cf23 -SHA1 (patch-ab) = 687ee0ad43074c36c0f1a7fa7bb3cd4575fcae54 -SHA1 (patch-ac) = 3463fffe6884326a8f39f22216f9c94f35ad5cd7 -SHA1 (patch-ad) = d0fc4133bc2027c5f5b3a690bfca4c76a70f48fc +SHA1 (prosody-0.8.1.tar.gz) = 7de714c019eca35346300c61d609ad2ce999b692 +RMD160 (prosody-0.8.1.tar.gz) = d0b357fb0a9e8ba77b0f45f6342172e262ec018b +Size (prosody-0.8.1.tar.gz) = 211970 bytes +SHA1 (patch-aa) = 241c01dbd8de2821c0988032db50b01cc61c548c +SHA1 (patch-ab) = e8816af363cc452d43dd860f161f1735e6d2e301 +SHA1 (patch-ad) = 5cd22cb93895b6f60b4f910d6aab09e6f1f22712 |