* Sat Jun 02 2018 mvetter@suse.com
- bsc#1094890 - (CVE-2018-10847):
Submit 0.10.2 containing the fix to Leap 15.0
* Thu May 31 2018 benedikt@g5r.eu
- Update to 0.10.2:
Security:
* mod_c2s: Do not allow the stream ‘to’ to change across stream restarts (fixes #1147)
Minor changes:
* mod_websocket: Store the request object on the session for use by other modules (fixes #1153)
* mod_c2s: Avoid concatenating potential nil value (fixes #753)
* core.certmanager: Allow all non-whitespace in service name (fixes #1019)
* mod_disco: Skip code specific to disco on user accounts (avoids invoking usermanager, fixes #1150)
* mod_bosh: Store the normalized hostname on session (fixes #1151)
* MUC: Fix error logged when no persistent rooms present (fixes #1154)
- change /usr/bin/env lua5.1 to /usr/bin/lua5.1 to fix the env-script-interpreter rpmlint error
* Wed May 16 2018 mvetter@suse.com
- Update to 0.10.1:
Security:
* SQL: Ensure user archives are purged when a user account is deleted (fixes #1009[1])
Fixes and improvements:
* Core: More robust signal handling (fixes #1047[2], #1029[3])
* MUC: Ensure that elements which match our from are stripped (fixes #1055[4])
* MUC: More robust handling of storage failures (fixes #1091[5], #1091[5])
* mod_mam: Ensure a user's archiving preferences apply even when they are offline (fixes #1024[6])
* Compatibility improvements with LuaSec 0.7, improving curve support
* mod_stanza_debug: New module that logs full stanzas sent and received for debugging purposes
* mod_mam: Implement option to enable MAM implicitly when client support is detected (#867[7])
* mod_mam: Add an option for whether to include 'total' counts by default in queries (for performance)
* MUC: send muc#stanza_id feature as per XEP-0045 v1.31 (fixes #1097[8])
Minor changes:
* SQL: Suppress error log if a transaction failed but was retried ok
* core.stanza_router: Verify that xmlns exists for firing stanza/iq/xmlns/name events (fixes #1022[9]) (thanks SamWhited)
* mod_carbons: Synthesize a 'to' attribute for carbons of stanzas to "self" (fixes #956[10])
* Core: Re-enable timestamps by default when logging to files (fixes #1004[11])
* HTTP: Report HTML Content-Type on error pages (fixes #1030[12])
* mod_c2s: Set a default value for c2s_timeout (fixes #1036[13])
* prosodyctl: Fix traceback with lfs < 1.6.2 and show warning
* Fix incorrect '::' compression of a single 0-group which broke some IPv6 address matching
* mod_dialback: Copy function from mod_s2s instead of depending on it, which made it harder to disable s2s (fixes #1050[14])
* mod_storage_sql: Add an index to SQL archive stores to improve performance of some queries
* MUC: Don't attempt to reply to errors with more errors (fixes #1122[15])
* Module API: Fix parameter order to http client callbacks
* mod_blocklist: Allow mod_presence to handle subscription stanzas before bouncing outgoing presence (fixes #575[16])
* mod_http_files: Fix directory listing cache entries not expiring (fixes #1130[17])
* Fri Dec 15 2017 mvetter@suse.com
- Add pid file location to default config
Seems this got lost with the update to 0.10.0
- enable mod_posix
* Sat Dec 09 2017 sleep_walker@opensuse.org
- add lua51-BitOp as dependency for mod_websocket
https://prosody.im/doc/packagers#section010
* Tue Oct 03 2017 mvetter@suse.com
- Update to 0.10.0:
See https://blog.prosody.im/prosody-0-10-0-released/ for details
- Remove because contained in new upstream:
* prosody-upstream-0.9-branch-fixes-since-0.12-tag.patch
* prosody-backport-555.patch
* prosody-local-socket.patch
- Update:
* prosody-configure.patch
* prosody-makefile.patch
* prosody-cfg.patch
* Fri Sep 15 2017 mvetter@suse.com
- Update prosody-upstream-0.9-branch-fixes-since-0.12-tag.patch:
* mod_c2s: Iterate over child tags instead of child nodes in
stream error (fixes traceback from #987)
* mod_component, mod_s2s: Iterate over child tags instead of
child nodes (can include text) in stream error
(same as 176b7f4e4ac9)
* Sun Sep 10 2017 benedikt@g5r.eu
- Add prosody-backport-555.patch to backport the fix of issue #555:
* net.dns: Use new IPv4-specific socket factory if available (fixes dns on libevent with latest development version of luasocket)
* Thu Aug 03 2017 mvetter@suse.com
- Add prosody-upstream-0.9-branch-fixes-since-0.12-tag.patch to
get the following bugfixes:
* core.rostermanager: Add method for checking if the user is subscribed to a contact
* mod_presence: Send probe once subscribed (fixes #794)
* mod_net_multiplex: Enable SSL on the SSL port (fixes #803)
* mod_register: Require encryption before registration if c2s_require_encryption is set (fixes #595)
* mod_saslauth: Log SASL failure reason
* mod_disco: Correctly set the 'node' attr (fixes #449)
* mod_bosh: Update session.conn to point to the current connection (fixes #890)
* net.dns: Simplify expiry calculation (fixes #919)
* mod_watchregistrations: Return the pointer to the root of the stanza, fixes #922.
* mod_disco: Add an account/registered identity on subscribed accounts, fixes #826.
* mod_welcome: Return the pointer to the root of the stanza, fixes a bug similar to #922.
* net.dns: Prevent answers from immediately expiring even if TTL=0 (see #919)
* mod_saslauth: Use correct varible name (thanks Roi)
* util.dependencies: Add compatibility code for LuaSocket no longer exporting as a global
* util.dependencies: Add comment about LuaSec compat
* Mon Jul 24 2017 jengelh@inai.de
- Replace filler wording in description with content.
* Thu Jul 20 2017 tchvatal@suse.com
- Add patch to fix crash "attempt to index global 'socket'":
* prosody-local-socket.patch
* Thu Jul 20 2017 tchvatal@suse.com
- Drop the systemd conditional as all systems have systemd now for
our purposes.
- Switch back to lua5.1 as 0.9 prosody works only with that
* Fri Jul 14 2017 tchvatal@suse.com
- Build against lua5.3 instead of lua5.1
* Tue Jul 11 2017 tchvatal@suse.com
- Fix build with namespaced lua
* Wed Jan 11 2017 Mathias.Homann@opensuse.org
- added patch: prosody-lua51coexist.patch
* makes prosody work on systems that have lua 5.1 and lua 5.2 installed.
* Wed Jan 11 2017 mvetter@suse.com
- Update to 0.9.12:
* Dependencies: Fix certificate verification failures when using LuaSec 0.6 (fixes #781)
* mod_s2s: Lower log message to 'warn' level, standard for remotely-triggered protocol issues
* certs/Makefile: Remove -c flag from chmod call (a GNU extension)
* Networking: Prevent writes after a handler is closed (fixes #783)
* Fri Nov 04 2016 mvetter@suse.com
- Update to 0.9.11:
* HTTP parser: Improve buffering of incoming HTTP data and add size
limits (#603)
* Sessionmanager: Fix for an issue which caused people to be kicked from conferences if mod_smacks was enabled (#648)
* Dependencies: Workaround for compatibility with LuaSec 0.6 (#749)
* MUC: Accept missing form as "instant room" request (#377)
* C2S: Fix issues with destroying disconnected connections (#590), (#641)
* mod_privacy: Fix selection of the top resource(s) #694
* mod_presence: Make sure both users get each others presence after adding each other (#673)
* mod_http_files: Fix traceback when serving a non-wildcard path (#611)
* mod_http_files: Preserve a trailing slash in paths (#639)
* util.datamanager: Fix error handling (#632)
* net.server_event: Fix internal socket API to allow writing from socket.ondrain callback (#661)
* net.server_event: Fix timeout (commit 1909bde0e79f)
* net.server_event: Fix traceback due to write during TLS handshake (commit c774622ad9db)
* net.server_event: Fix buffer length check (commit 206f9b0485ad)
- Remove prosody-upstream-0.9-branch-fixes.patch: included in update
* Tue Oct 11 2016 mvetter@suse.com
- Change license to MIT
* Thu Sep 15 2016 mvetter@suse.com
- Add prosody-upstream-0.9-branch-fixes.patch:
Upstream pushes all fixes for a certain release to its own branch.
See: https://prosody.im/files/branches_explained.png
After some time, mostly when a security bug is found, they do a
new minor release.
The fixes however are often needed to make prosody run smoothly
with its community modules. Thus I monitor them and add the patch
set. It's only fixes no new features.
* Fri Jun 17 2016 mvetter@suse.com
- Remove prosody-rpmlintrc: Not needed since last cleanup