Monday, June 04, 2018

[MAINTAINER] security update net/prosody to 0.10.2

Index: Makefile
===================================================================
RCS file: /cvs/ports/net/prosody/Makefile,v
retrieving revision 1.48
diff -u -p -r1.48 Makefile
--- Makefile 18 Jan 2018 03:22:34 -0000 1.48
+++ Makefile 4 Jun 2018 18:33:43 -0000
@@ -1,8 +1,7 @@
# $OpenBSD: Makefile,v 1.48 2018/01/18 03:22:34 danj Exp $

COMMENT= communications server for Jabber/XMPP written in Lua
-DISTNAME= prosody-0.10.0
-REVISION= 2
+DISTNAME= prosody-0.10.2
CATEGORIES= net
MASTER_SITES= http://prosody.im/downloads/source/

Index: distinfo
===================================================================
RCS file: /cvs/ports/net/prosody/distinfo,v
retrieving revision 1.14
diff -u -p -r1.14 distinfo
--- distinfo 5 Nov 2017 16:52:07 -0000 1.14
+++ distinfo 4 Jun 2018 18:33:43 -0000
@@ -1,2 +1,2 @@
-SHA256 (prosody-0.10.0.tar.gz) = dBTkRyVsYLJkVXjEpZExE810tBnKWgMrVNuQ2YqXhJg=
-SIZE (prosody-0.10.0.tar.gz) = 330461
+SHA256 (prosody-0.10.2.tar.gz) = dbXwNeenTV8gju6vhBm5SoXQm0AlLURM/4Az/ePJdo4=
+SIZE (prosody-0.10.2.tar.gz) = 331874
Index: patches/patch-core_certmanager_lua
===================================================================
RCS file: patches/patch-core_certmanager_lua
diff -N patches/patch-core_certmanager_lua
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-core_certmanager_lua 4 Jun 2018 18:33:43 -0000
@@ -0,0 +1,14 @@
+$OpenBSD$
+
+Index: core/certmanager.lua
+--- core/certmanager.lua.orig
++++ core/certmanager.lua
+@@ -102,7 +102,7 @@ end
+
+ -- Built-in defaults
+ local core_defaults = {
+- capath = "/etc/ssl/certs";
++ cafile = "/etc/ssl/cert.pem";
+ depth = 9;
+ protocol = "tlsv1+";
+ verify = (ssl_x509 and { "peer", "client_once", }) or "none";
Index: pkg/PLIST
===================================================================
RCS file: /cvs/ports/net/prosody/pkg/PLIST,v
retrieving revision 1.11
diff -u -p -r1.11 PLIST
--- pkg/PLIST 5 Nov 2017 16:52:07 -0000 1.11
+++ pkg/PLIST 4 Jun 2018 18:33:43 -0000
@@ -1,6 +1,7 @@
@comment $OpenBSD: PLIST,v 1.11 2017/11/05 16:52:07 landry Exp $
@newgroup _prosody:638
@newuser _prosody:638:_prosody:daemon:prosody user:/nonexistent:/sbin/nologin
+@rcscript ${RCDIR}/prosody
lib/prosody/
lib/prosody/core/
lib/prosody/core/certmanager.lua
@@ -72,6 +73,7 @@ lib/prosody/modules/mod_s2s/s2sout.lib.l
lib/prosody/modules/mod_s2s_auth_certs.lua
lib/prosody/modules/mod_saslauth.lua
lib/prosody/modules/mod_server_contact_info.lua
+lib/prosody/modules/mod_stanza_debug.lua
lib/prosody/modules/mod_storage_internal.lua
lib/prosody/modules/mod_storage_none.lua
lib/prosody/modules/mod_storage_sql.lua
@@ -208,11 +210,8 @@ share/examples/prosody/prosody.cfg.lua
@mode 770
@owner _prosody
@group _prosody
-@sample /var/prosody/
share/examples/prosody/prosody.log
@mode 660
@sample /var/prosody/prosody.log
-@owner
-@group
-@mode
-@rcscript ${RCDIR}/prosody
+@mode 770
+@sample /var/prosody/
Hi,

attached diff updates prosody to 0.10.2 which fixes CVE-2018-10847[1].

Also included in 0.10.2 and 0.10.1 (which was omitted) are several
other bugfixes [2][3].

[1]: https://prosody.im/security/advisory_20180531/
[2]: https://blog.prosody.im/prosody-0-10-1-released/
[3]: https://blog.prosody.im/prosody-0-10-2-security-release/

No comments:

Post a Comment