FEDORA-2015-6437 created by robert 6 years ago for Fedora 22
stable

Prosody 0.9.8

A summary of changes in this release:

High

  • Ensure only valid UTF-8 is passed to libidn. It was found (CVE-2015-2059) that libidn can read beyond the boundaries of the provided buffer when an input string contains invalid UTF-8 sequences.

Systems where Prosody is compiled to use libICU are not affected by this issue.

Medium

  • DNS: Fix traceback caused when DNS server IP is unroutable (issue 473)
  • HTTP client: More robust handling of chunked encoding across packet boundaries
  • Stanza router: Fix handling of 'error' <iq>'s with multiple children

Minor

  • c2s: Fix error reply when clients try to bind multiple resources on the same stream (issue 484)
  • s2s: Ensure to/from attributes are always present on stream headers, even if empty (issue 468)
  • Build scripts: Add --libdir option to ./configure to simplify building on some platforms
  • Fix traceback in datamanager when used outside of Prosody (e.g. in some migration tools)
  • mod_admin_telnet: Fix potential traceback in server:memory() command (issue 471)
  • HTTP server: Improved debug logging

Prosody 0.9.7

A summary of changes in this release:

  • util.stanza: Don't XML-escape whitespace
  • prosodyctl: Fix traceback in 'about' command with LuaRocks 2.2.0

Prosody 0.9.6

Note: This release disables SSLv3 by default, which has been shown to be insecure when used by clients. Clients that only support SSLv3 will no longer be able to connect. There are not many of these nowadays, but they exist.

A summary of changes in this release:

  • certmanager, net.http: Disable SSLv3 by default
  • net.http.parser: Support status code 101 and allow handling of the received data by plugins
  • util.filters: Ignore filters being added twice (fixes issues on removal, i.e. when some plugins are reloaded/unloaded)
  • mod_s2s: Close offending s2s streams missing an 'id' attribute with a stream error instead of throwing an unhandled error
  • Networking API: Add 'ondetach' callback for listener objects, to prevent leaks when connections have their listener changed
  • core.stanza_router: Stricter validation of stanzas
  • mod_admin_adhoc: Mark 'accountjids' field as required in 'end user sessions' command (thanks Lloyd)
  • mod_admin_adhoc: Add required to field in user deletion form too
  • net.dns: Avoid duplicate cache entries
  • util.stanza: Escape newlines and tabs ( ) when serializing stanzas.
  • util/dataforms: Make sure we iterate over field tags only
  • mod_s2s: Capitalize log message
  • mod_pubsub: Fix error type of 'forbidden' (change from 'cancel' to 'auth')

Prosody 0.9.5

A summary of changes in this release:

  • C2S: Fix traceback if a client opens a stream to component, which could cause a crash in combination with some versions of LuaEvent
  • C2S, S2S: Log received invalid stream headers
  • S2S: Fix case where stream headers were sometimes sent twice
  • DNS: Ensure all pending requests get notified of a timeout when looking up a record
  • DNS: Fix duplicated cache insertions by limiting outstanding queries per name to one
  • xmppstream: Disable LuaExpat's buffering
  • xmppstream: Disable CharacterData merging after stream restarts
  • xmppstream: Pass invalid stream headers to error handling
  • Privacy lists: Correctly sort privacy list rules by order
  • prosody: Check dependencies later in the startup sequence
  • Config: Delay importing LuaFileSystem until needed by an Include line
  • Config: Normalize VirtualHost and Component names
  • prosodyctl: Normalize JIDs for adduser/passwd/deluser
  • POSIX: Fix error reporting from disk space allocation
  • POSIX: Verify that 'pidfile' is a string, show friendly error otherwise
  • Dependency checking: Check that prosody is running under Lua 5.1. We don't currently support any other versions. (LuaJIT identifies as 5.1)
  • Compliance: Reset stream ID when resetting stream
  • Compression: Log compression setup errors
  • Console: Fix commands for adding and replacing name servers
  • Console MUC commands: Fix error when a non-existent host is entered
  • Filters: Prevent filters from being added twice
  • Network: Transfer all available data between linked sockets
  • dataforms: Add support for XEP-0221: Data Forms Media Element

How to install

sudo dnf upgrade --advisory=FEDORA-2015-6437

This update has been submitted for testing by robert.

6 years ago

Taskotron: depcheck test PASSED on i386. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/59641/steps/runtask/logs/stdio (results are informative only)

Taskotron: depcheck test PASSED on x86_64. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/59641/steps/runtask/logs/stdio (results are informative only)

Taskotron: depcheck test PASSED on i386. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/59673/steps/runtask/logs/stdio (results are informative only)

Taskotron: depcheck test PASSED on x86_64. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/59673/steps/runtask/logs/stdio (results are informative only)

This update is currently being pushed to the Fedora 22 testing updates repository.

6 years ago

This update is currently being pushed to the Fedora 22 testing updates repository.

6 years ago

This update has been pushed to testing

6 years ago

This update has reached 3 days in testing and can be pushed to stable now if the maintainer wishes

6 years ago

This update has been submitted for stable by robert.

6 years ago

Taskotron: upgradepath test PASSED on noarch. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/61886/steps/runtask/logs/stdio (results are informative only)

This update is currently being pushed to the Fedora 22 stable updates repository.

6 years ago

This update is currently being pushed to the Fedora 22 stable updates repository.

6 years ago

This update has been pushed to stable

6 years ago

Please login to add feedback.

Metadata
Type
enhancement
Karma
0
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
disabled
Stable by Time
disabled
Dates
submitted
6 years ago
in testing
6 years ago
in stable
6 years ago
modified
6 years ago
BZ#985563 Logging, conf.d and log rotation
0
0
BZ#1091499 Please use luajit instead of lua in F20+ (prosody requires lua 5.1; lua 5.2 is packaged)
0
0
BZ#1152126 prosody-0.9.8 is available
0
0

Automated Test Results