Browse Source

prosody: upgrade to 0.9.9

  fixes:
    * path traversal vulnerability in mod_http_files (CVE-2016-1231)
    * use of weak PRNG in generation of dialback secrets (CVE-2016-1232)

Signed-off-by: heil <heil@terminal-consulting.de>
heil 9 years ago
parent
commit
39bc4992a1
2 changed files with 2 additions and 14 deletions
  1. 2
    2
      net/prosody/Makefile
  2. 0
    12
      net/prosody/patches/010-fix-randomseed.patch

+ 2
- 2
net/prosody/Makefile View File

@@ -8,12 +8,12 @@
8 8
 include $(TOPDIR)/rules.mk
9 9
 
10 10
 PKG_NAME:=prosody
11
-PKG_VERSION:=0.9.8
11
+PKG_VERSION:=0.9.9
12 12
 PKG_RELEASE:=1
13 13
 
14 14
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
15 15
 PKG_SOURCE_URL:=http://prosody.im/downloads/source
16
-PKG_MD5SUM:=5144cd832a1860443e21e336dc560ee7
16
+PKG_MD5SUM:=8f7c529b072e78ab9e82ecbedfee7145
17 17
 PKG_MAINTAINER:=Thomas Heil <heil@terminal-consulting.de>
18 18
 PKG_LICENSE:=MIT/X11
19 19
 

+ 0
- 12
net/prosody/patches/010-fix-randomseed.patch View File

@@ -1,12 +0,0 @@
1
-diff -u --recursive prosody-0.9.7-vanilla/net/dns.lua prosody-0.9.7/net/dns.lua
2
---- prosody-0.9.7-vanilla/net/dns.lua	2015-01-02 00:26:19.981433830 -0500
3
-+++ prosody-0.9.7/net/dns.lua	2015-01-02 00:33:10.467077715 -0500
4
-@@ -225,7 +225,7 @@
5
- 
6
- 
7
- function dns.random(...)    -- - - - - - - - - - - - - - - - - - -  dns.random
8
--	math.randomseed(math.floor(10000*socket.gettime()) % 0x100000000);
9
-+	math.randomseed(math.floor(10000*socket.gettime()) % 0x80000000);
10
- 	dns.random = math.random;
11
- 	return dns.random(...);
12
- end