Difuse/packages
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

prosody: upgrade to 0.9.9

Browse source 
fixes:
    * path traversal vulnerability in mod_http_files (CVE-2016-1231)
    * use of weak PRNG in generation of dialback secrets (CVE-2016-1232)

Signed-off-by: heil <heil@terminal-consulting.de>
This commit is contained in:
heil 2016-01-25 13:29:55 +01:00
parent 18d121b854
commit bb23089e84
2 changed files with 2 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
net/prosody/Makefile
View file

@ -8,12 +8,12 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=prosody
PKG_VERSION:=0.9.8
PKG_VERSION:=0.9.9
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=http://prosody.im/downloads/source
PKG_MD5SUM:=5144cd832a1860443e21e336dc560ee7
PKG_MD5SUM:=8f7c529b072e78ab9e82ecbedfee7145
PKG_MAINTAINER:=Thomas Heil <heil@terminal-consulting.de>
PKG_LICENSE:=MIT/X11

12
net/prosody/patches/010-fix-randomseed.patch
View file

@ -1,12 +0,0 @@
diff -u --recursive prosody-0.9.7-vanilla/net/dns.lua prosody-0.9.7/net/dns.lua
--- prosody-0.9.7-vanilla/net/dns.lua 2015-01-02 00:26:19.981433830 -0500
+++ prosody-0.9.7/net/dns.lua 2015-01-02 00:33:10.467077715 -0500
@@ -225,7 +225,7 @@
function dns.random(...) -- - - - - - - - - - - - - - - - - - - dns.random
- math.randomseed(math.floor(10000*socket.gettime()) % 0x100000000);
+ math.randomseed(math.floor(10000*socket.gettime()) % 0x80000000);
dns.random = math.random;
return dns.random(...);
end