pkgsrc-Changes archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

CVS commit: [pkgsrc-2011Q1] pkgsrc

Module Name:    pkgsrc
Committed By:   tron
Date:           Mon Jun  6 19:49:00 UTC 2011

Modified Files:
        pkgsrc/chat/prosody [pkgsrc-2011Q1]: Makefile PLIST distinfo
        pkgsrc/chat/prosody/patches [pkgsrc-2011Q1]: patch-aa patch-ab patch-ad
        pkgsrc/textproc/lua-expat [pkgsrc-2011Q1]: Makefile distinfo
Removed Files:
        pkgsrc/chat/prosody/patches [pkgsrc-2011Q1]: patch-ac

Log Message:
Pullup ticket #3448 - requested by schnoebe
textproc/lua-expat: security update
chat/prosody: security update

Revisions pulled up:
- chat/prosody/Makefile                                         1.3 via patch
- chat/prosody/PLIST                                            1.2
- chat/prosody/distinfo                                         1.2
- chat/prosody/patches/patch-aa                                 1.2
- chat/prosody/patches/patch-ab                                 1.2
- chat/prosody/patches/patch-ac                                 deleted
- chat/prosody/patches/patch-ad                                 1.2
- textproc/lua-expat/Makefile                                   1.16
- textproc/lua-expat/distinfo                                   1.5

   Module Name: pkgsrc
   Committed By:        schnoebe
   Date:                Sat Jun  4 23:13:40 UTC 2011

   Modified Files:
        pkgsrc/textproc/lua-expat: Makefile distinfo

   Log Message:
   Update textproc/lua-expat to 1.2.0.

   Required for updating chat/prosody to 0.8.1, which helps handle the
   "billion laughs" exploits on XML parsers and XMPP servers.

   Change log as recorded in the README:

   Version 1.2.0 [02/Jun/2011]

           * support for the StartDoctypeDecl handler
        * add parser:stop() to abort parsing inside a callback

   Module Name: pkgsrc
   Committed By:        schnoebe
   Date:                Mon Jun  6 14:41:48 UTC 2011

   Modified Files:
        pkgsrc/chat/prosody: Makefile PLIST distinfo
        pkgsrc/chat/prosody/patches: patch-aa patch-ab patch-ad
   Removed Files:
        pkgsrc/chat/prosody/patches: patch-ac

   Log Message:
   Update to prosody 0.8.1.

   A security and bug fix release.  The security aspect is to mitigate the
   "billion laughs" denial-of-service attack against XML parsers and XMPP

   Other changes:

   - Reject XML DTDs, comments and processing instructions, preventing
     the "billion laughs" attack
   - Switch to MEDIUMTEXT in the schema for MySQL to avoid truncating
     large data (such as large avatars)
     Prosody automatically upgrades the table in-place if possible, see:
   - Fix for endless loop when parsing certain invalid JSON
   - Fix PostgreSQL compatibility in prosody-migrator
   - Fix timestamp parsing for DST (affecting MUC scrollback retrieval)
   - mod_legacyauth now correctly disabled for unencrypted connections by 
   - Components properly inherit SSL settings and certificates from their
     'parent' hosts
   - Prevent startup with no VirtualHost entries in the config file

To generate a diff of this commit:
cvs rdiff -u -r1.1.1.1 -r1. pkgsrc/chat/prosody/Makefile \
    pkgsrc/chat/prosody/PLIST pkgsrc/chat/prosody/distinfo
cvs rdiff -u -r1.1.1.1 -r1. pkgsrc/chat/prosody/patches/patch-aa \
    pkgsrc/chat/prosody/patches/patch-ab pkgsrc/chat/prosody/patches/patch-ad
cvs rdiff -u -r1.1.1.1 -r0 pkgsrc/chat/prosody/patches/patch-ac
cvs rdiff -u -r1.15 -r1.15.6.1 pkgsrc/textproc/lua-expat/Makefile
cvs rdiff -u -r1.4 -r1.4.12.1 pkgsrc/textproc/lua-expat/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Home | Main Index | Thread Index | Old Index