Hey, this patch will update prosody to version 0.9.9 coming with security and other improvements.
Included is a new patch from upstreaming disabling /dev/urandom entropy feeding as the prosody user has no write access to it, therefore crashing prosody when this code is enabled. This was also discussed with upstream developers. More information regarding this: - https://prosody.im/issues/issue/585 - https://hg.prosody.im/0.9/rev/ad9e683b8f0b OK? Henrik
? _patches Index: Makefile =================================================================== RCS file: /cvs/ports/net/prosody/Makefile,v retrieving revision 1.35 diff -u -p -u -p -r1.35 Makefile --- Makefile 23 Aug 2015 11:01:49 -0000 1.35 +++ Makefile 11 Jan 2016 11:41:42 -0000 @@ -3,8 +3,7 @@ SHARED_ONLY= Yes COMMENT= communications server for Jabber/XMPP written in Lua -DISTNAME = prosody-0.9.8 -REVISION = 1 +DISTNAME = prosody-0.9.9 CATEGORIES= net MASTER_SITES= http://prosody.im/downloads/source/ Index: distinfo =================================================================== RCS file: /cvs/ports/net/prosody/distinfo,v retrieving revision 1.10 diff -u -p -u -p -r1.10 distinfo --- distinfo 3 Apr 2015 15:23:57 -0000 1.10 +++ distinfo 11 Jan 2016 11:41:42 -0000 @@ -1,2 +1,2 @@ -SHA256 (prosody-0.9.8.tar.gz) = lHBBXFbguEcIm0X6vUi8H4IRzVJfulaWdAnQZPQleHE= -SIZE (prosody-0.9.8.tar.gz) = 268716 +SHA256 (prosody-0.9.9.tar.gz) = ViT9gNEDDE0eI5Fy96DVh2GhT/rShxMkDo8xZdXKzy4= +SIZE (prosody-0.9.9.tar.gz) = 269415 Index: patches/patch-certs_Makefile =================================================================== RCS file: /cvs/ports/net/prosody/patches/patch-certs_Makefile,v retrieving revision 1.4 diff -u -p -u -p -r1.4 patch-certs_Makefile --- patches/patch-certs_Makefile 15 Jan 2015 11:13:21 -0000 1.4 +++ patches/patch-certs_Makefile 11 Jan 2016 11:41:42 -0000 @@ -1,27 +1,11 @@ $OpenBSD: patch-certs_Makefile,v 1.4 2015/01/15 11:13:21 edd Exp $ ---- certs/Makefile.orig Fri Oct 24 23:30:55 2014 -+++ certs/Makefile Mon Jan 12 23:30:53 2015 -@@ -2,13 +2,13 @@ - keysize=2048 +--- certs/Makefile.orig Fri Jan 8 14:07:07 2016 ++++ certs/Makefile Sun Jan 10 15:59:22 2016 +@@ -27,4 +27,6 @@ keysize=2048 - # How to: --# First, `make yourhost.cnf` which creates a openssl config file. -+# First, `${MAKE_PROGRAM} yourhost.cnf` which creates a openssl config file. - # Then edit this file and fill in the details you want it to have, - # and add or change hosts and components it should cover. --# Then `make yourhost.key` to create your private key, you can -+# Then `${MAKE_PROGRAM} yourhost.key` to create your private key, you can - # include keysize=number to change the size of the key. --# Then you can either `make yourhost.csr` to generate a certificate --# signing request that you can submit to a CA, or `make yourhost.crt` -+# Then you can either `${MAKE_PROGRAM} yourhost.csr` to generate a certificate -+# signing request that you can submit to a CA, or `${MAKE_PROGRAM} yourhost.crt` - # to generate a self signed certificate. - - .PRECIOUS: %.cnf %.key -@@ -28,3 +28,5 @@ keysize=2048 %.key: - openssl genrsa $(keysize) > $@ - @chmod 400 $@ + umask 0077 && openssl genrsa -out $@ $(keysize) +- @chmod 400 $@ -c ++ @chmod 400 $@ + @chown _prosody $@ || \ + echo "***WARNING***: You will need to 'chown _prosody $@'" Index: patches/patch-util_uuid_lua =================================================================== RCS file: patches/patch-util_uuid_lua diff -N patches/patch-util_uuid_lua --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-util_uuid_lua 11 Jan 2016 11:41:42 -0000 @@ -0,0 +1,21 @@ +$OpenBSD$ +--- util/uuid.lua.orig Mon Jan 11 12:15:03 2016 ++++ util/uuid.lua Mon Jan 11 12:15:13 2016 +@@ -8,7 +8,7 @@ + + local error = error; + local round_up = math.ceil; +-local urandom, urandom_err = io.open("/dev/urandom", "r+"); ++local urandom, urandom_err = io.open("/dev/urandom", "r"); + + module "uuid" + +@@ -31,8 +31,6 @@ function generate() + end + + function seed(x) +- urandom:write(x); +- urandom:flush(); + end + + return _M;
