security update to Prosody 0.9.9, from maintainer Henrik Friedrichsen

(plus, compared to Henrik's diff, reinstate some make/MAKE_PROGRAM patches) - mod_http_files could serve requests outside of the configured public root - server-to-server dialback authentication (mod_dialback) weak RNG
2016-01-11 12:11:36 +00:00 · 2016-01-11 12:11:36 +00:00 · 1df77c4ac7
commit 1df77c4ac7
parent faa9a2ac78
4 changed files with 33 additions and 11 deletions
--- a/net/prosody/Makefile
+++ b/net/prosody/Makefile
@ -1,10 +1,9 @@
-# $OpenBSD: Makefile,v 1.35 2015/08/23 11:01:49 jca Exp $
+# $OpenBSD: Makefile,v 1.36 2016/01/11 12:11:36 sthen Exp $

 SHARED_ONLY=	Yes

 COMMENT=	communications server for Jabber/XMPP written in Lua
-DISTNAME =	prosody-0.9.8
-REVISION =	1
+DISTNAME =	prosody-0.9.9
 CATEGORIES=	net
 MASTER_SITES=	http://prosody.im/downloads/source/

--- a/net/prosody/distinfo
+++ b/net/prosody/distinfo
@ -1,2 +1,2 @@
-SHA256 (prosody-0.9.8.tar.gz) = lHBBXFbguEcIm0X6vUi8H4IRzVJfulaWdAnQZPQleHE=
-SIZE (prosody-0.9.8.tar.gz) = 268716
+SHA256 (prosody-0.9.9.tar.gz) = ViT9gNEDDE0eI5Fy96DVh2GhT/rShxMkDo8xZdXKzy4=
+SIZE (prosody-0.9.9.tar.gz) = 269415
--- a/net/prosody/patches/patch-certs_Makefile
+++ b/net/prosody/patches/patch-certs_Makefile
@ -1,6 +1,6 @@
-$OpenBSD: patch-certs_Makefile,v 1.4 2015/01/15 11:13:21 edd Exp $
--- certs/Makefile.orig	Fri Oct 24 23:30:55 2014
-+++ certs/Makefile	Mon Jan 12 23:30:53 2015
+$OpenBSD: patch-certs_Makefile,v 1.5 2016/01/11 12:11:36 sthen Exp $
+--- certs/Makefile.orig	Fri Jan  8 13:07:07 2016
+++ certs/Makefile	Mon Jan 11 12:01:57 2016
@@ -2,13 +2,13 @@
 keysize=2048
 
@ -19,9 +19,11 @@ $OpenBSD: patch-certs_Makefile,v 1.4 2015/01/15 11:13:21 edd Exp $
 # to generate a self signed certificate.
 
 .PRECIOUS: %.cnf %.key
-@@ -28,3 +28,5 @@ keysize=2048
+@@ -27,4 +27,6 @@ keysize=2048
+ 
 %.key:
- 	openssl genrsa $(keysize) > $@
- 	@chmod 400 $@
+ 	umask 0077 && openssl genrsa -out $@ $(keysize)
+-	@chmod 400 $@ -c
+	@chmod 400 $@
 +	@chown _prosody $@ || \
 +		echo "***WARNING***: You will need to 'chown _prosody $@'"
--- a/net/prosody/patches/patch-util_uuid_lua
+++ b/net/prosody/patches/patch-util_uuid_lua
@ -0,0 +1,21 @@
+$OpenBSD: patch-util_uuid_lua,v 1.1 2016/01/11 12:11:36 sthen Exp $
+--- util/uuid.lua.orig	Mon Jan 11 12:15:03 2016
+++ util/uuid.lua	Mon Jan 11 12:15:13 2016
+@@ -8,7 +8,7 @@
+ 
+ local error = error;
+ local round_up = math.ceil;
+-local urandom, urandom_err = io.open("/dev/urandom", "r+");
+local urandom, urandom_err = io.open("/dev/urandom", "r");
+ 
+ module "uuid"
+ 
+@@ -31,8 +31,6 @@ function generate()
+ end
+ 
+ function seed(x)
+-	urandom:write(x);
+-	urandom:flush();
+ end
+ 
+ return _M;