Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 507078 - =net-im/prosody-0.9.4 version bump
Summary: =net-im/prosody-0.9.4 version bump
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Rafael Martins (RETIRED)
URL: http://blog.prosody.im/prosody-0-9-4-...
Whiteboard:
Keywords:
Depends on: 507138
Blocks: CVE-2014-2744
  Show dependency tree
 
Reported: 2014-04-07 18:57 UTC by Manuel Rüger (RETIRED)
Modified: 2014-04-17 00:16 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Manuel Rüger (RETIRED) gentoo-dev 2014-04-07 18:57:12 UTC 
2014-04-02 by The Prosody Team

    Compression: Disallow compression on unauthenticated streams
    Core: Limit default read size and maximum stanza size
    Core: Enable SASL EXTERNAL by default for component s2s
    S2S: Warn if s2s_secure_auth and s2s_require_encryption have been set in conflicting ways
    S2S: Warn if no local network addresses were found, preventing successful s2s
    MUC: Fix traceback when a non-occupant tried to change an occupant's role
    MUC: API: Fire an event when temporary rooms are destroyed after the last person leaves
    Telnet: Fixed traceback when listing users
    Telnet: Apply normalization to JIDs in user management commands
    HTTP: Fix directory detection in file server on Windows
    Plugins: Fix paths on Windows
    MOTD: Don't strip blank lines from the message provided in the config
    prosodyctl: Better error reporting when generating certificates
    Makefile: Improve FreeBSD compatibility
    Multiple fixes to our migration tools, and support for importing MUCs from ejabberd
Comment 1 Ronny Boesger 2014-04-08 15:54:54 UTC 
This is the same as Bug ID: 507134

Also, there should be an upgrade of LuaExpat to 1.3.0 or higher.

The following message from prosody 0.9.4 complains about it:


The version of LuaExpat on your system does not support stanza size limits, which may leave servers on untrusted networks (e.g. the internet) vulnerable to denial-of-service attacks. You should upgrade to LuaExpat 1.3.0 or higher as soon as possible. See http://prosody.im/doc/depends#luaexpat for more information.
Comment 2 Jason A. Donenfeld gentoo-dev 2014-04-16 23:29:04 UTC 
+*prosody-0.9.4 (16 Apr 2014)
+
+  16 Apr 2014; Jason A. Donenfeld <zx2c4@gentoo.org> +prosody-0.9.4.ebuild:
+  Version bump.
+
Comment 3 Jason A. Donenfeld gentoo-dev 2014-04-17 00:16:42 UTC 
(In reply to Ronny Boesger from comment #1)
> This is the same as Bug ID: 507134
> 
> Also, there should be an upgrade of LuaExpat to 1.3.0 or higher.
> 
> The following message from prosody 0.9.4 complains about it:
> 
> 
> The version of LuaExpat on your system does not support stanza size limits,
> which may leave servers on untrusted networks (e.g. the internet) vulnerable
> to denial-of-service attacks. You should upgrade to LuaExpat 1.3.0 or higher
> as soon as possible. See http://prosody.im/doc/depends#luaexpat for more
> information.

+*luaexpat-1.3.0 (17 Apr 2014)
+
+  17 Apr 2014; Jason A. Donenfeld <zx2c4@gentoo.org> +luaexpat-1.3.0.ebuild:
+  Version bump for prosody.
+