Pullup ticket #3448 - requested by schnoebe

textproc/lua-expat: security update chat/prosody: security update Revisions pulled up: - chat/prosody/Makefile 1.3 via patch - chat/prosody/PLIST 1.2 - chat/prosody/distinfo 1.2 - chat/prosody/patches/patch-aa 1.2 - chat/prosody/patches/patch-ab 1.2 - chat/prosody/patches/patch-ac deleted - chat/prosody/patches/patch-ad 1.2 - textproc/lua-expat/Makefile 1.16 - textproc/lua-expat/distinfo 1.5 --- Module Name: pkgsrc Committed By: schnoebe Date: Sat Jun 4 23:13:40 UTC 2011 Modified Files: pkgsrc/textproc/lua-expat: Makefile distinfo Log Message: Update textproc/lua-expat to 1.2.0. Required for updating chat/prosody to 0.8.1, which helps handle the "billion laughs" exploits on XML parsers and XMPP servers. Change log as recorded in the README: Version 1.2.0 [02/Jun/2011] * support for the StartDoctypeDecl handler * add parser:stop() to abort parsing inside a callback --- Module Name: pkgsrc Committed By: schnoebe Date: Mon Jun 6 14:41:48 UTC 2011 Modified Files: pkgsrc/chat/prosody: Makefile PLIST distinfo pkgsrc/chat/prosody/patches: patch-aa patch-ab patch-ad Removed Files: pkgsrc/chat/prosody/patches: patch-ac Log Message: Update to prosody 0.8.1. A security and bug fix release. The security aspect is to mitigate the "billion laughs" denial-of-service attack against XML parsers and XMPP servers. Other changes: - Reject XML DTDs, comments and processing instructions, preventing the "billion laughs" attack - Switch to MEDIUMTEXT in the schema for MySQL to avoid truncating large data (such as large avatars) Prosody automatically upgrades the table in-place if possible, see: http://prosody.im/doc/mysql - Fix for endless loop when parsing certain invalid JSON - Fix PostgreSQL compatibility in prosody-migrator - Fix timestamp parsing for DST (affecting MUC scrollback retrieval) - mod_legacyauth now correctly disabled for unencrypted connections by default - Components properly inherit SSL settings and certificates from their 'parent' hosts - Prevent startup with no VirtualHost entries in the config file
author: tron <tron@pkgsrc.org> 2011-06-06 19:49:00 +0000
committer: tron <tron@pkgsrc.org> 2011-06-06 19:49:00 +0000
commit: 23d33bc1ef1bfc5d28993898078b1ce75b5411b2 (patch)
tree: 7e834604665373d26dc82b850ac1f4cce65b6344 /chat/prosody/distinfo
parent: 827980a62ee96c2ae2e3b08df3f4c4e7b8661278 (diff)
download: pkgsrc-23d33bc1ef1bfc5d28993898078b1ce75b5411b2.tar.gz
1 files changed, 7 insertions, 8 deletions
diff --git a/chat/prosody/distinfo b/chat/prosody/distinfo
index 9f5333240b0..80885d29625 100644
--- a/chat/prosody/distinfo
+++ b/chat/prosody/distinfo
@@ -1,9 +1,8 @@
-$NetBSD: distinfo,v 1.1.1.1 2010/09/21 11:01:22 fhajny Exp $
+$NetBSD: distinfo,v 1.1.1.1.6.1 2011/06/06 19:49:00 tron Exp $
 
-SHA1 (prosody-0.7.0.tar.gz) = 3f3a6c4f262a062a9c027cc843cd6827104fb8ba
-RMD160 (prosody-0.7.0.tar.gz) = 2e40b4f807b6120971c611f52d4df3264a82cbb9
-Size (prosody-0.7.0.tar.gz) = 177412 bytes
-SHA1 (patch-aa) = 5bb7fb62cc367e075b4213b7cc85661fece0cf23
-SHA1 (patch-ab) = 687ee0ad43074c36c0f1a7fa7bb3cd4575fcae54
-SHA1 (patch-ac) = 3463fffe6884326a8f39f22216f9c94f35ad5cd7
-SHA1 (patch-ad) = d0fc4133bc2027c5f5b3a690bfca4c76a70f48fc
+SHA1 (prosody-0.8.1.tar.gz) = 7de714c019eca35346300c61d609ad2ce999b692
+RMD160 (prosody-0.8.1.tar.gz) = d0b357fb0a9e8ba77b0f45f6342172e262ec018b
+Size (prosody-0.8.1.tar.gz) = 211970 bytes
+SHA1 (patch-aa) = 241c01dbd8de2821c0988032db50b01cc61c548c
+SHA1 (patch-ab) = e8816af363cc452d43dd860f161f1735e6d2e301
+SHA1 (patch-ad) = 5cd22cb93895b6f60b4f910d6aab09e6f1f22712
author	tron <tron@pkgsrc.org>	2011-06-06 19:49:00 +0000
committer	tron <tron@pkgsrc.org>	2011-06-06 19:49:00 +0000
commit	23d33bc1ef1bfc5d28993898078b1ce75b5411b2 (patch)
tree	7e834604665373d26dc82b850ac1f4cce65b6344 /chat/prosody/distinfo
parent	827980a62ee96c2ae2e3b08df3f4c4e7b8661278 (diff)
download	pkgsrc-23d33bc1ef1bfc5d28993898078b1ce75b5411b2.tar.gz