Re: net/prosody 0.9.10 (security)

2016-01-28 Thread Henrik Friedrichsen
Hey, Thanks for the patch. Can't look into it now, but another change in the pre-configure was committed with the security fix, maybe that'll fix the tests. In either case, I'll look into it tomorrow at latest. On Thu, Jan 28, 2016 at 08:00:49AM +0100, Mark Patruck wrote: > Also, the /dev/urando

net/prosody 0.9.10 (security)

2016-01-27 Thread Mark Patruck
Update net/prosody to 0.9.10. This fixes a security issue: - mod_dialback: Adopt key generation algorithm from XEP-0185, to prevent impersonation attacks (CVE-2016-0756) Also, the /dev/urandom read-only patch is not needed anymore, as fixed upstream. Builds and runs fine, though tests fail. L