diff options
author | tron <tron@pkgsrc.org> | 2011-06-06 19:49:00 +0000 |
---|---|---|
committer | tron <tron@pkgsrc.org> | 2011-06-06 19:49:00 +0000 |
commit | 23d33bc1ef1bfc5d28993898078b1ce75b5411b2 (patch) | |
tree | 7e834604665373d26dc82b850ac1f4cce65b6344 /meta-pkgs/suse100 | |
parent | 827980a62ee96c2ae2e3b08df3f4c4e7b8661278 (diff) | |
download | pkgsrc-23d33bc1ef1bfc5d28993898078b1ce75b5411b2.tar.gz |
Pullup ticket #3448 - requested by schnoebe
textproc/lua-expat: security update
chat/prosody: security update
Revisions pulled up:
- chat/prosody/Makefile 1.3 via patch
- chat/prosody/PLIST 1.2
- chat/prosody/distinfo 1.2
- chat/prosody/patches/patch-aa 1.2
- chat/prosody/patches/patch-ab 1.2
- chat/prosody/patches/patch-ac deleted
- chat/prosody/patches/patch-ad 1.2
- textproc/lua-expat/Makefile 1.16
- textproc/lua-expat/distinfo 1.5
---
Module Name: pkgsrc
Committed By: schnoebe
Date: Sat Jun 4 23:13:40 UTC 2011
Modified Files:
pkgsrc/textproc/lua-expat: Makefile distinfo
Log Message:
Update textproc/lua-expat to 1.2.0.
Required for updating chat/prosody to 0.8.1, which helps handle the
"billion laughs" exploits on XML parsers and XMPP servers.
Change log as recorded in the README:
Version 1.2.0 [02/Jun/2011]
* support for the StartDoctypeDecl handler
* add parser:stop() to abort parsing inside a callback
---
Module Name: pkgsrc
Committed By: schnoebe
Date: Mon Jun 6 14:41:48 UTC 2011
Modified Files:
pkgsrc/chat/prosody: Makefile PLIST distinfo
pkgsrc/chat/prosody/patches: patch-aa patch-ab patch-ad
Removed Files:
pkgsrc/chat/prosody/patches: patch-ac
Log Message:
Update to prosody 0.8.1.
A security and bug fix release. The security aspect is to mitigate the
"billion laughs" denial-of-service attack against XML parsers and XMPP
servers.
Other changes:
- Reject XML DTDs, comments and processing instructions, preventing
the "billion laughs" attack
- Switch to MEDIUMTEXT in the schema for MySQL to avoid truncating
large data (such as large avatars)
Prosody automatically upgrades the table in-place if possible, see:
http://prosody.im/doc/mysql
- Fix for endless loop when parsing certain invalid JSON
- Fix PostgreSQL compatibility in prosody-migrator
- Fix timestamp parsing for DST (affecting MUC scrollback retrieval)
- mod_legacyauth now correctly disabled for unencrypted connections by default
- Components properly inherit SSL settings and certificates from their
'parent' hosts
- Prevent startup with no VirtualHost entries in the config file
Diffstat (limited to 'meta-pkgs/suse100')
0 files changed, 0 insertions, 0 deletions