Browse Source

prosody: upgrade to 0.9.9

fixes:
    * path traversal vulnerability in mod_http_files (CVE-2016-1231)
    * use of weak PRNG in generation of dialback secrets (CVE-2016-1232)

Signed-off-by: heil <heil@terminal-consulting.de>
lilik-openwrt-22.03
heil 9 years ago
parent
commit
39bc4992a1
2 changed files with 2 additions and 14 deletions
  1. +2
    -2
      net/prosody/Makefile
  2. +0
    -12
      net/prosody/patches/010-fix-randomseed.patch

+ 2
- 2
net/prosody/Makefile View File

@ -8,12 +8,12 @@
include $(TOPDIR)/rules.mk include $(TOPDIR)/rules.mk
PKG_NAME:=prosody PKG_NAME:=prosody
PKG_VERSION:=0.9.8
PKG_VERSION:=0.9.9
PKG_RELEASE:=1 PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=http://prosody.im/downloads/source PKG_SOURCE_URL:=http://prosody.im/downloads/source
PKG_MD5SUM:=5144cd832a1860443e21e336dc560ee7
PKG_MD5SUM:=8f7c529b072e78ab9e82ecbedfee7145
PKG_MAINTAINER:=Thomas Heil <heil@terminal-consulting.de> PKG_MAINTAINER:=Thomas Heil <heil@terminal-consulting.de>
PKG_LICENSE:=MIT/X11 PKG_LICENSE:=MIT/X11


+ 0
- 12
net/prosody/patches/010-fix-randomseed.patch View File

@ -1,12 +0,0 @@
diff -u --recursive prosody-0.9.7-vanilla/net/dns.lua prosody-0.9.7/net/dns.lua
--- prosody-0.9.7-vanilla/net/dns.lua 2015-01-02 00:26:19.981433830 -0500
+++ prosody-0.9.7/net/dns.lua 2015-01-02 00:33:10.467077715 -0500
@@ -225,7 +225,7 @@
function dns.random(...) -- - - - - - - - - - - - - - - - - - - dns.random
- math.randomseed(math.floor(10000*socket.gettime()) % 0x100000000);
+ math.randomseed(math.floor(10000*socket.gettime()) % 0x80000000);
dns.random = math.random;
return dns.random(...);
end

Loading…
Cancel
Save