From bb23089e84f2cc6030fbf21ed3fb667d31bb3a7b Mon Sep 17 00:00:00 2001 From: heil Date: Mon, 25 Jan 2016 13:29:55 +0100 Subject: [PATCH] prosody: upgrade to 0.9.9 fixes: * path traversal vulnerability in mod_http_files (CVE-2016-1231) * use of weak PRNG in generation of dialback secrets (CVE-2016-1232) Signed-off-by: heil --- net/prosody/Makefile | 4 ++-- net/prosody/patches/010-fix-randomseed.patch | 12 ------------ 2 files changed, 2 insertions(+), 14 deletions(-) delete mode 100644 net/prosody/patches/010-fix-randomseed.patch diff --git a/net/prosody/Makefile b/net/prosody/Makefile index 4ff6d38adf..eff3e2efb8 100644 --- a/net/prosody/Makefile +++ b/net/prosody/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=prosody -PKG_VERSION:=0.9.8 +PKG_VERSION:=0.9.9 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=http://prosody.im/downloads/source -PKG_MD5SUM:=5144cd832a1860443e21e336dc560ee7 +PKG_MD5SUM:=8f7c529b072e78ab9e82ecbedfee7145 PKG_MAINTAINER:=Thomas Heil PKG_LICENSE:=MIT/X11 diff --git a/net/prosody/patches/010-fix-randomseed.patch b/net/prosody/patches/010-fix-randomseed.patch deleted file mode 100644 index 05bdffa678..0000000000 --- a/net/prosody/patches/010-fix-randomseed.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -u --recursive prosody-0.9.7-vanilla/net/dns.lua prosody-0.9.7/net/dns.lua ---- prosody-0.9.7-vanilla/net/dns.lua 2015-01-02 00:26:19.981433830 -0500 -+++ prosody-0.9.7/net/dns.lua 2015-01-02 00:33:10.467077715 -0500 -@@ -225,7 +225,7 @@ - - - function dns.random(...) -- - - - - - - - - - - - - - - - - - - dns.random -- math.randomseed(math.floor(10000*socket.gettime()) % 0x100000000); -+ math.randomseed(math.floor(10000*socket.gettime()) % 0x80000000); - dns.random = math.random; - return dns.random(...); - end -- 2.30.2