Package: prosody / 0.9.7-2+deb8u4

Metadata

Package Version Patches format
prosody 0.9.7-2+deb8u4 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
0001 conf.patch | (download)

example.com.cfg.lua | 29 29 + 0 - 0 !
localhost.cfg.lua | 5 5 + 0 - 0 !
prosody.cfg.lua.dist | 40 31 + 9 - 0 !
3 files changed, 65 insertions(+), 9 deletions(-)

 
 conf

===================================================================
0002 prosody lua51.patch | (download)

prosody | 2 1 + 1 - 0 !
prosodyctl | 2 1 + 1 - 0 !
tools/migration/prosody-migrator.lua | 2 1 + 1 - 0 !
3 files changed, 3 insertions(+), 3 deletions(-)

 
 prosody-lua51
0003 dpkg buildflags.patch | (download)

configure | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

 
 dpkg-buildflags

===================================================================
0004 fix package.path of ejabberd2prosody.patch | (download)

tools/ejabberd2prosody.lua | 3 2 + 1 - 0 !
1 file changed, 2 insertions(+), 1 deletion(-)

 
 fix package.path of ejabberd2prosody
0005 Validate UTF 8 strings before calling libidn.patch | (download)

util-src/encodings.c | 70 67 + 3 - 0 !
1 file changed, 67 insertions(+), 3 deletions(-)

 
 validate utf-8 strings before calling libidn
0006 CVE 2016 1231 path traversal in http built in server.patch | (download)

plugins/mod_http_files.lua | 34 33 + 1 - 0 !
1 file changed, 33 insertions(+), 1 deletion(-)

 
 cve-2016-1231: path traversal in http built-in server
0007 Fix CNAME DNS lookup.patch | (download)

net/dns.lua | 11 8 + 3 - 0 !
plugins/mod_s2s/s2sout.lib.lua | 12 0 + 12 - 0 !
2 files changed, 8 insertions(+), 15 deletions(-)

 
 0007-fix-cname-dns-lookup
0008 CVE 2016 1232 weak PRNG for dialback on S2S.patch | (download)

util/uuid.lua | 44 16 + 28 - 0 !
1 file changed, 16 insertions(+), 28 deletions(-)

 
 cve-2016-1232: weak prng for dialback on s2s
0009 CVE 2016 0756 insecure dialback key generation.patch | (download)

plugins/mod_dialback.lua | 3 2 + 1 - 0 !
1 file changed, 2 insertions(+), 1 deletion(-)

 
 patch fixes cve-2016-0756. this security vulnerability allows
 an attacker who owns a domain which is a suffix of a target domain (e.g.
 ebian.org for debian.org) to make an s2s connection acting like it was
 made from the target domain.
Last-Modified: Thu, 28 Jan 2016 10:37:13 +0300
0010 Fix regression introduced in 0008.patch | (download)

util/uuid.lua | 6 2 + 4 - 0 !
1 file changed, 2 insertions(+), 4 deletions(-)

 
 patch fixes regression introduced in patch 0008. opening
 /dev/urandom in read-write mode doesn't always work, so this patch
 makes prosody open it for reading only.
Last-Modified: Thu, 28 Jan 2016 10:32:54 +0300
0011 CVE 2018 10847.patch | (download)

plugins/mod_c2s.lua | 11 9 + 2 - 0 !
1 file changed, 9 insertions(+), 2 deletions(-)

 
 mod_c2s: do not allow the stream 'to' to change across stream restarts