Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package prosody.16284 for
openSUSE:Leap:15.2:Update checked in at 2021-05-14 23:16:59
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Leap:15.2:Update/prosody.16284 (Old)
and /work/SRC/openSUSE:Leap:15.2:Update/.prosody.16284.new.2988 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "prosody.16284"
Fri May 14 23:16:59 2021 rev:1 rq:893075 version:0.11.9
Changes:
--------
New Changes file:
--- /dev/null 2021-04-29 10:03:23.520854754 +0200
+++ /work/SRC/openSUSE:Leap:15.2:Update/.prosody.16284.new.2988/prosody.changes
2021-05-14 23:17:00.225201828 +0200
@@ -0,0 +1,704 @@
+-------------------------------------------------------------------
+Thu May 13 18:16:14 UTC 2021 - Carsten Ziepke <kiel...@gmail.com>
+
+- Update to 0.11.9:
+ Security:
+ * mod_limits, prosody.cfg.lua: Enable rate limits by default
+ * certmanager: Disable renegotiation by default
+ * mod_proxy65: Restrict access to local c2s connections by default
+ * util.startup: Set more aggressive defaults for GC
+ * mod_c2s, mod_s2s, mod_component, mod_bosh, mod_websockets: Set default
stanza size limits
+ * mod_authinternal{plain,hashed}: Use constant-time string comparison for
secrets
+ * mod_dialback: Remove dialback-without-dialback feature
+ * mod_dialback: Use constant-time comparison with hmac
+ Minor changes
+ * util.hashes: Add constant-time string comparison (binding to CRYPTO_memcmp)
+ * mod_c2s: Don???t throw errors in async code when connections are gone
+ * mod_c2s: Fix traceback in session close when conn is nil
+ * core.certmanager: Improve detection of LuaSec/OpenSSL capabilities
+ * mod_saslauth: Use a defined SASL error
+ * MUC: Add support for advertising muc#roomconfig_allowinvites in room
disco#info
+ * mod_saslauth: Don???t throw errors in async code when connections are gone
+ * mod_pep: Advertise base pubsub feature (fixes #1632: mod_pep missing
pubsub feature in disco)
+ * prosodyctl check config: Add ???gc??? to list of global options
+ * prosodyctl about: Report libexpat version if known
+ * util.xmppstream: Add API to dynamically configure the stanza size limit
for a stream
+ * util.set: Add is_set() to test if an object is a set
+ * mod_http: Skip IP resolution in non-proxied case
+ * mod_c2s: Log about missing conn on async state changes
+ * util.xmppstream: Reduce internal default xmppstream limit to 1MB
+- Relevant: https://prosody.im/security/advisory_20210512
+ * boo#1186027: Prosody XMPP server advisory 2021-05-12
+ * CVE-2021-32919
+ * CVE-2021-32917
+ * CVE-2021-32917
+ * CVE-2021-32920
+ * CVE-2021-32918
+
+-------------------------------------------------------------------
+Tue Feb 16 11:06:40 UTC 2021 - Michael Vetter <mvet...@suse.com>
+
+- Update to 0.11.8:
+ Security:
+ * mod_saslauth: Disable ???tls-unique??? channel binding with TLS 1.3 (#1542)
+ Fixes and improvements:
+ * net.websocket.frames: Improve websocket masking performance by using the
new util.strbitop
+ * util.strbitop: Library for efficient bitwise operations on strings
+ Minor changes:
+ * MUC: Correctly advertise whether the subject can be changed (#1155)
+ * MUC: Preserve disco ???node??? attribute (or lack thereof) in responses
(#1595)
+ * MUC: Fix logic bug causing unnecessary presence to be sent (#1615)
+ * mod_bosh: Fix error if client tries to connect to component (#425)
+ * mod_bosh: Pick out the ???wait??? before checking it instead of earlier
+ * mod_pep: Advertise base PubSub feature (#1632)
+ * mod_pubsub: Fix notification stanza type setting (#1605)
+ * mod_s2s: Prevent keepalives before client has established a stream
+ * net.adns: Fix bug that sent empty DNS packets (#1619)
+ * net.http.server: Don???t send Content-Length on 1xx/204 responses (#1596)
+ * net.websocket.frames: Fix length calculation bug (#1598)
+ * util.dbuffer: Make length API in line with Lua strings
+ * util.dbuffer: Optimize substring operations
+ * util.debug: Fix locals being reported under wrong stack frame in some cases
+ * util.dependencies: Fix check for Lua bitwise operations library (#1594)
+ * util.interpolation: Fix combination of filters and fallback values #1623
+ * util.promise: Preserve tracebacks
+ * util.stanza: Reject ASCII control characters (#1606)
+ * timers: Ensure timers can???t block other processing (#1620)
+
+-------------------------------------------------------------------
+Fri Oct 2 08:00:55 UTC 2020 - Michael Vetter <mvet...@suse.com>
+
+- Update to 0.11.7:
+ Security:
+ * mod_websocket: Enforce size limits on received frames (fixes #1593)
+ Fixes and improvements:
+ * mod_c2s, mod_s2s: Make stanza size limits configurable
+ * Add configuration options to control Lua garbage collection parameters
+ * net.http: Backport SNI support for outgoing HTTP requests (#409)
+ * mod_websocket: Process all data in the buffer on close frame and
connection errors (fixes #1474, #1234)
+ * util.indexedbheap: Fix heap data structure corruption, causing some timers
to fail after a reschedule (fixes #1572)
+
+-------------------------------------------------------------------
+Fri Sep 11 08:48:41 UTC 2020 - Michael Vetter <mvet...@suse.com>
+
+- Update to 0.11.6:
+ Fixes and improvements:
+ * mod_storage_internal: Fix error in time limited queries on items without
???when??? field, fixes #1557
+ * mod_carbons: Fix handling of incoming MUC PMs #1540
+ * mod_csi_simple: Consider XEP-0353: Jingle Message Initiation important
+ * mod_http_files: Avoid using inode in etag, fixes #1498: Fail to download
file on FreeBSD
+ * mod_admin_telnet: Create a DNS resolver per console session (fixes #1492:
Telnet console DNS commands reduced usefulness)
+ * core.certmanager: Move EECDH ciphers before EDH in default cipherstring
(fixes #1513)
+ * mod_s2s: Escape invalid XML in loggin (same way as mod_c2s) (fixes #1574:
Invalid XML input on s2s connection is logged unescaped)
+ * mod_muc: Allow control over the server-admins-are-room-owners feature (see
#1174)
+ * mod_muc_mam: Remove spoofed archive IDs before archiving (fixes #1552: MUC
MAM may strip its own archive id)
+ * mod_muc_mam: Fix stanza id filter event name, fixes #1546: mod_muc_mam
does not strip spoofed stanza ids
+ * mod_muc_mam: Fix missing advertising of XEP-0359, fixes #1547: mod_muc_mam
does not advertise stanza-id
+ Minor changes:
+ * net.http API: Add request:cancel() method
+ * net.http API: Fix traceback on invalid URL passed to request()
+ * MUC: Persist affiliation_data in new MUC format
+ * mod_websocket: Fire event on session creation (thanks Aaron van Meerten)
+ * MUC: Always include ???affiliation???/???role??? attributes, defaulting to
???none??? if nil
+ * mod_tls: Log when certificates are (re)loaded
+ * mod_vcard4: Report correct error condition (fixes #1521: mod_vcard4
reports wrong error)
+ * net.http: Re-expose destroy_request() function (fixes unintentional API
breakage)
+ * net.http.server: Strip port from Host header in IPv6 friendly way (fix
#1302)
+ * util.prosodyctl: Tell prosody do daemonize via command line flag (fixes
#1514)
+ * SASL: Apply saslprep where necessary, fixes #1560: Login fails if password
contains special chars
+ * net.http.server: Fix reporting of missing Host header
+ * util.datamanager API: Fix iterating over ???users??? (thanks marc0s)
+ * net.resolvers.basic: Default conn_type to ???tcp??? consistently if
unspecified (thanks marc0s)
+ * mod_storage_sql: Fix check for deletion limits (fixes #1494)
+ * mod_admin_telnet: Handle unavailable cipher info (fixes #1510:
mod_admin_telnet backtrace)
+ * Log warning when using prosodyctl start/stop/restart
+ * core.certmanager: Look for privkey.pem to go with fullchain.pem (fixes
#1526)
+ * mod_storage_sql: Add index covering sort_id to improve performance (fixes
#1505)
+ * mod_mam,mod_muc_mam: Allow other work to be performed during archive
cleanup (fixes #1504)
+ * mod_muc_mam: Don???t strip MUC tags, fix #1567: MUC tags stripped by
mod_muc_mam
+ * mod_pubsub, mod_pep: Ensure correct number of children of (fixes #1496)
+ * mod_register_ibr: Add FORM_TYPE as required by XEP-0077 (fixes #1511)
+ * mod_muc_mam: Fix traceback saving message from non-occupant (fixes #1497)
+ * util.startup: Remove duplicated initialization of logging (fix #1527:
startup: Logging initialized twice)
+
+-------------------------------------------------------------------
+Thu Mar 26 07:29:08 UTC 2020 - Michael Vetter <mvet...@suse.com>
+
+- Update to 0.11.5:
+ Fixes and improvements:
+ * prosody / mod_posix: Support for command-line flags to
+ override ???daemonize??? config option
+ Minor changes:
+ * mod_websocket: Clear mask bit when reflecting ping frames
+ (fixes #1484: Websocket masks pong answer)
+
+-------------------------------------------------------------------
+Mon Jan 20 08:15:32 UTC 2020 - Michael Vetter <mvet...@suse.com>
+
+- Update to 0.11.4:
+ Fixes and improvements:
+ * core.rostermanager: Improve performance by caching rosters of offline #1233
+ * mod_pep: Handling subscriptions more efficiently #1372
+ Minor changes:
+ * util.interpolation: Support unescaped variables with more modifiers #1452
+ * MUC: Mark source of historic messages correctly #1416
+ * mod_auth_internal_hashed: Pass on errors #1477
+ * mod_mam, mod_muc_mam: Improve logging of failures #1478, #1480, #1481
+ * mod_muc, mod_muc_mam: Reschedule message expiry in case of failure
+ * mod_mam: Add flag to session when it performs a MAM query
+ * prosodyctl check: Warn about conflict between mod_pep and mod_pep_simple
+ * prosodyctl check: Warn about conflict between mod_vcard and
mod_vcard_legacy #1469
+ * core.modulemanager: Disable mod_vcard if mod_vcard_legacy is enabled to
prevent conflict #1469
+ * MUC: Strip tags with MUC-related namespaces from private messages #1427
+ * MUC: Don???t advertise registration feature on host #1451
+ * mod_vcard_legacy: Fix handling of empty photo elements #1432
+ * mod_vcard_legacy: Advertise lack of avatar correctly #1431
+ * prosodyctl: Handle if the setting proxy65_address has the wrong type
+ * prosodyctl: Print a blank line to improve spacing and readability
+ * MUC: Fix role loss in Nickname change #1466
+ * util.pposix: Fix reporting of memory usage in 2-4GB range #1445
+ * util.startup: Fix a regression concerning directory paths #1430
+ * mod_websocket: Don???t mask WebSocket pong answers #1484
+ * net.resolvers: Apply IDNA conversion to ascii for DNS lookups (affects
only HTTP queries) #1426
+ * net.resolvers.basic: Fix resolution of IPv6 literals (in brackets) #1459
+
+-------------------------------------------------------------------
+Mon Oct 7 05:19:21 UTC 2019 - mvet...@suse.com
+
+- Update to 0.11.3:
+ * MUC: Advertise XEP-0410 support
+ * mod_muc_mam: Import cleanup mechanism from mod_mam (fixes #672:
mod_muc_mam: Archive expiry)
+ * mod_bosh: Handle missing wait attribute (fixes #1288: BOSH: Traceback on
missing ???wait??? attribute)
+ * mod_storage_sql: Handle SQLite DELETE with LIMIT being optional (fixes
#1359: Sqlite3 archive_store:delete error in prepared statement)
+ * mod_c2s: Fixed #1313: attempt to call a field ???data??? (a nil value))
+ * net.server_epoll: Restore wantread flag after pause (fixes #1354:
server_epoll: Race in chunked reads)
+ * util.encodings: Allow unassigned code points in ICU mode to match libidn
behavior (fixes #1348: Different treatment of unassigned code points between
libidn and ICU )
+ * util.ip: Add missing netmask for 192.168???16 range (fixes #1343)
+ * util.hashes: Use HMAC function provided by OpenSSL (fixes #1345:
util.hashes: HMAC-SHA-512 implementation broken)
+ * net.dns: Close resolv.conf handle when done (fixes #1342)
+ * mod_websocket: Clone stanza before mutating (fixes #1398: mod_websocket
leaks explicit xmlns attr)
+ * mod_announce: Check for admin on current virtualhost instead of global
(fixes #1365: ???host admins??? should be able to use mod_announce as well as
???global admins???) (thanks yc)
+ * mod_blocklist: Trigger resend of presence when unblocking a contact (fixes
#1380: Prosody does not send presence when unblocking (XEP-0191))
+ * mod_vcard_legacy: Multiple improvements (fixes #1289: mod_vcard_legacy
upgrade experience):
+ - mod_vcard_legacy: Don???t overwrite existing PEP data
+ - mod_vcard_legacy: Handle partial migration
+ - mod_vcard_legacy: Allow disabling vcard conversion
+ - mod_vcard_legacy: Adapt node defaults to number of avatars
+ * mod_muc_mam: Strip the stanza ???to??? attribute (fixes #1259: [muc_mam]
forwarded stanza has a ???to??? attribute while spec says it MUST NOT)
+ * util.pubsub: Validate node configuration on node creation (fixes #1328:
Pubsub: Node configuration not validated on node creation)
+ * mod_pep/mod_pubsub: Simplify configuration for storage of node data (fixes
#1320)
+ * MUC: Fix delay@from to be room JID (fixes #1416: MUC: Wrong delay@from on
historic messages)
+ * mod_mam/mod_muc_mam: Cache last date that archive owner has messages to
reduce writes (fixes #1368: Archive cleanup doubles number of storage access)
+ * mod_mam: Perform message expiry based on building an index by date
(backport of 39ee70fbb009 from trunk)
+- For details see: https://blog.prosody.im/prosody-0.11.3-released/
+- Remove prosody-0.11-upstream-fixes.patch
+
+-------------------------------------------------------------------
+Tue Jul 16 08:39:17 UTC 2019 - mvet...@suse.com
++++ 507 more lines (skipped)
++++ between /dev/null
++++ and
/work/SRC/openSUSE:Leap:15.2:Update/.prosody.16284.new.2988/prosody.changes
New:
----
prosody-0.11.9.tar.gz
prosody-0.11.9.tar.gz.asc
prosody-cfg.patch
prosody-configure.patch
prosody-lua51coexist.patch
prosody.changes
prosody.keyring
prosody.service
prosody.spec
prosody.tmpfile
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ prosody.spec ++++++
#
# spec file for package prosody
#
# Copyright (c) 2021 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
%define _piddir /run
Name: prosody
Version: 0.11.9
Release: 0
Summary: Communications server for Jabber/XMPP
License: MIT
Group: Productivity/Networking/Other
URL: http://prosody.im/
Source: http://prosody.im/downloads/source/%{name}-%{version}.tar.gz
Source2: http://prosody.im/downloads/source/%{name}-%{version}.tar.gz.asc
Source3: %{name}.keyring
Source4: %{name}.service
Source5: prosody.tmpfile
# Make prosody work on systems that have lua 5.1 AND 5.2 installed
Patch0: prosody-lua51coexist.patch
Patch1: prosody-configure.patch
# PATCH-FIX-OPENSUSE marguer...@opensuse.org - enable Unix features
Patch3: prosody-cfg.patch
BuildRequires: libidn-devel
BuildRequires: libopenssl-devel
BuildRequires: lua51-devel
BuildRequires: systemd-rpm-macros
Requires: lua51
Requires: lua51-BitOp
Requires: lua51-luaexpat
Requires: lua51-luafilesystem
Requires: lua51-luasec
Requires: lua51-luasocket
Requires(pre): permissions
Requires(pre): shadow
Recommends: lua51-luadbi
Recommends: lua51-luaevent
Recommends: lua51-zlib
%{?systemd_requires}
%description
Prosody is a communications server for Jabber/XMPP written in Lua.
Prosody can link up with other Prosody installations and other
XMPP-compatible services to form an open communication network,
whilst allowing control over who they connect to, and who they share
data with.
%prep
%setup -q
%patch0 -p1
%patch1 -p1
%patch3 -p1
sed -i 's|@@INCLUDEDIR@@|%{_includedir}|g;' configure
sed -i 's|@@INCLUDEDIR@@|%{_includedir}|g;' makefile
sed -i 's|@@PIDDIR@@|%{_piddir}|g;' prosody.cfg.lua.dist
%build
# CFLAGS need to keep -fPIC for shared modules
./configure \
--lua-suffix="5.1" \
%if 0%{?suse_version} >= 1500
--with-lua-include=%{lua_incdir} \
--cflags="%{optflags} -fPIC" \
%else
--cflags="%{optflags} -fPIC -std=c99" \
%endif
--c-compiler=gcc \
--libdir=%{_libdir}
make %{?_smp_mflags}
%install
%make_install
install -D -m 0644 %{SOURCE4} %{buildroot}%{_unitdir}/%{name}.service
# tmpfiles.d
install -D -m 0644 %{SOURCE5} %{buildroot}%{_tmpfilesdir}/%{name}.conf
mkdir -p %{buildroot}%{_sbindir}
ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rcprosody
# mkdir read/write by prosody
mkdir -p %{buildroot}%{_piddir}/prosody
mkdir -p %{buildroot}%{_localstatedir}/log/prosody
# clean up for rpmlint
chmod 644 %{buildroot}/%{_libdir}/prosody/prosody.version
chmod -R g+rX,o= %{buildroot}%{_sysconfdir}/prosody
%pre
getent group %{name} > /dev/null || groupadd -r %{name}
getent passwd %{name} > /dev/null || useradd -r -g %{name} -d
%{_localstatedir}/lib/%{name} -s/sbin/nologin -c "user for %{name}" %{name}
%service_add_pre %{name}.service
%post
%service_add_post %{name}.service
systemd-tmpfiles --create %{_tmpfilesdir}/%{name}.conf ||:
%preun
%service_del_preun %{name}.service
%postun
%service_del_postun %{name}.service
%files
%config %attr(-,root,prosody) %{_sysconfdir}/prosody/
%{_bindir}/prosody
%{_bindir}/prosodyctl
%dir %{_libdir}/prosody
%{_libdir}/prosody/core
%{_libdir}/prosody/modules/
%{_libdir}/prosody/net
%{_libdir}/prosody/prosody.version
%{_libdir}/prosody/util
%{_mandir}/man1/prosodyctl.1%{?ext_man}
%dir %attr(-,prosody,prosody) %{_localstatedir}/lib/prosody
%dir %attr(-,prosody,prosody) %{_localstatedir}/log/prosody
%{_sbindir}/rcprosody
%{_unitdir}/%{name}.service
%{_tmpfilesdir}/%{name}.conf
%dir %attr(0755,prosody,prosody) %ghost %{_piddir}/prosody
%changelog
++++++ prosody-cfg.patch ++++++
diff -urEbwB prosody-0.11.0/prosody.cfg.lua.dist
prosody-0.11.0.new/prosody.cfg.lua.dist
--- prosody-0.11.0/prosody.cfg.lua.dist 2018-11-19 11:42:24.000000000 +0100
+++ prosody-0.11.0.new/prosody.cfg.lua.dist 2018-11-22 12:53:45.221894008
+0100
@@ -91,6 +91,9 @@
-- "posix"; -- POSIX functionality, sends server to background, enables
syslog, etc.
}
+-- Unix specific
+pidfile = "@@PIDDIR@@/prosody/prosody.pid"
+
-- Disable account creation by default, for security
-- For more information see https://prosody.im/doc/creating_accounts
allow_registration = false
@@ -153,8 +156,8 @@
-- Logging configuration
-- For advanced logging see https://prosody.im/doc/logging
log = {
- info = "prosody.log"; -- Change 'info' to 'debug' for verbose logging
- error = "prosody.err";
+ info = "/var/log/prosody/prosody.log"; -- Change 'info' to 'debug' for
verbose logging
+ error = "/var/log/prosody/prosody.err";
-- "*syslog"; -- Uncomment this for logging to syslog
-- "*console"; -- Log to the console, useful for debugging with
daemonize=false
}
++++++ prosody-configure.patch ++++++
diff -urEbwB prosody-0.11.0/configure prosody-0.11.0.new/configure
--- prosody-0.11.0/configure 2018-11-19 11:42:24.000000000 +0100
+++ prosody-0.11.0.new/configure 2018-11-22 12:38:01.969935735 +0100
@@ -4,15 +4,15 @@
APP_NAME="Prosody"
APP_DIRNAME="prosody"
-PREFIX="/usr/local"
-SYSCONFDIR="$PREFIX/etc/$APP_DIRNAME"
+PREFIX="/usr"
+SYSCONFDIR="/etc/$APP_DIRNAME"
LIBDIR="$PREFIX/lib"
-DATADIR="$PREFIX/var/lib/$APP_DIRNAME"
+DATADIR="/var/lib/$APP_DIRNAME"
LUA_SUFFIX=""
LUA_DIR="/usr"
LUA_BINDIR="/usr/bin"
-LUA_INCDIR="/usr/include"
-LUA_LIBDIR="/usr/lib"
+LUA_INCDIR="@@INCLUDEDIR@@"
+LUA_LIBDIR="@@LIBDIR@@"
IDN_LIB="idn"
ICU_FLAGS="-licui18n -licudata -licuuc"
OPENSSL_LIB="crypto"
++++++ prosody-lua51coexist.patch ++++++
diff -bruNE prosody-0.9.11_orig/prosody prosody-0.9.11/prosody
--- prosody-0.9.11_orig/prosody 2016-12-14 11:10:56.135550760 +0100
+++ prosody-0.9.11/prosody 2016-12-14 11:11:33.025945126 +0100
@@ -1,4 +1,4 @@
-#!/usr/bin/env lua
+#!/usr/bin/lua5.1
-- Prosody IM
-- Copyright (C) 2008-2010 Matthew Wild
-- Copyright (C) 2008-2010 Waqas Hussain
diff -bruNE prosody-0.9.11_orig/prosodyctl prosody-0.9.11/prosodyctl
--- prosody-0.9.11_orig/prosodyctl 2016-12-14 11:10:55.927559814 +0100
+++ prosody-0.9.11/prosodyctl 2016-12-14 11:11:39.469664663 +0100
@@ -1,4 +1,4 @@
-#!/usr/bin/env lua
+#!/usr/bin/lua5.1
-- Prosody IM
-- Copyright (C) 2008-2010 Matthew Wild
-- Copyright (C) 2008-2010 Waqas Hussain
++++++ prosody.service ++++++
[Unit]
Description=Jabber/XMPP Server
After=network-online.target mysql.service
[Service]
Type=forking
PIDFile=/run/prosody/prosody.pid
ExecStart=/usr/bin/prosodyctl start
ExecStop=/usr/bin/prosodyctl stop
[Install]
WantedBy=multi-user.target
Alias=org.prosody.service
++++++ prosody.tmpfile ++++++
# prosody needs some files in /run:
d /run/prosody 0755 prosody prosody -
