net/prosody 0.9.10 (security)

Wed, 27 Jan 2016 23:03:13 -0800 

Update net/prosody to 0.9.10. 

This fixes a security issue:

- mod_dialback: Adopt key generation algorithm from XEP-0185,
  to prevent impersonation attacks (CVE-2016-0756)

Also, the /dev/urandom read-only patch is not needed anymore,
as fixed upstream. Builds and runs fine, though tests fail. Last
working version is 0.9.8. Will look into this...


Index: Makefile
===================================================================
RCS file: /cvs/ports/net/prosody/Makefile,v
retrieving revision 1.38
diff -u -p -r1.38 Makefile
--- Makefile    27 Jan 2016 21:10:19 -0000      1.38
+++ Makefile    28 Jan 2016 06:51:43 -0000
@@ -3,7 +3,7 @@
 SHARED_ONLY=   Yes
 
 COMMENT=       communications server for Jabber/XMPP written in Lua
-DISTNAME=      prosody-0.9.9
+DISTNAME=      prosody-0.9.10
 CATEGORIES=    net
 MASTER_SITES=  http://prosody.im/downloads/source/
 
Index: distinfo
===================================================================
RCS file: /cvs/ports/net/prosody/distinfo,v
retrieving revision 1.11
diff -u -p -r1.11 distinfo
--- distinfo    11 Jan 2016 12:11:36 -0000      1.11
+++ distinfo    28 Jan 2016 06:51:43 -0000
@@ -1,2 +1,2 @@
-SHA256 (prosody-0.9.9.tar.gz) = ViT9gNEDDE0eI5Fy96DVh2GhT/rShxMkDo8xZdXKzy4=
-SIZE (prosody-0.9.9.tar.gz) = 269415
+SHA256 (prosody-0.9.10.tar.gz) = SDbu/tTZu7Yyy6JKxb2Om8fAKaedBghLAP/HCFjRZi8=
+SIZE (prosody-0.9.10.tar.gz) = 267380
Index: patches/patch-util_uuid_lua
===================================================================
RCS file: patches/patch-util_uuid_lua
diff -N patches/patch-util_uuid_lua
--- patches/patch-util_uuid_lua 11 Jan 2016 12:11:36 -0000      1.1
+++ /dev/null   1 Jan 1970 00:00:00 -0000
@@ -1,21 +0,0 @@
-$OpenBSD: patch-util_uuid_lua,v 1.1 2016/01/11 12:11:36 sthen Exp $
---- util/uuid.lua.orig Mon Jan 11 12:15:03 2016
-+++ util/uuid.lua      Mon Jan 11 12:15:13 2016
-@@ -8,7 +8,7 @@
- 
- local error = error;
- local round_up = math.ceil;
--local urandom, urandom_err = io.open("/dev/urandom", "r+");
-+local urandom, urandom_err = io.open("/dev/urandom", "r");
- 
- module "uuid"
- 
-@@ -31,8 +31,6 @@ function generate()
- end
- 
- function seed(x)
--      urandom:write(x);
--      urandom:flush();
- end
- 
- return _M;


-- 
Mark Patruck ( mark at wrapped.cx )
GPG key 0xF2865E51 / 187F F6D3 EE04 1DCE 1C74  F644 0D3C F66F F286 5E51

http://www.wrapped.cx

Reply via email to