head	1.2;
access;
symbols
	pkgsrc-2013Q2:1.2.0.8
	pkgsrc-2013Q2-base:1.2
	pkgsrc-2012Q4:1.2.0.6
	pkgsrc-2012Q4-base:1.2
	pkgsrc-2011Q4:1.2.0.4
	pkgsrc-2011Q4-base:1.2
	pkgsrc-2011Q2:1.2.0.2
	pkgsrc-2011Q2-base:1.2
	pkgsrc-2011Q1:1.1.1.1.0.6
	pkgsrc-2011Q1-base:1.1.1.1
	pkgsrc-2010Q4:1.1.1.1.0.4
	pkgsrc-2010Q4-base:1.1.1.1
	pkgsrc-2010Q3:1.1.1.1.0.2
	pkgsrc-2010Q3-base:1.1.1.1
	pkgsrc-base:1.1.1.1
	TNF:1.1.1;
locks; strict;
comment	@# @;


1.2
date	2011.06.06.14.41.48;	author schnoebe;	state dead;
branches;
next	1.1;

1.1
date	2010.09.21.11.01.22;	author fhajny;	state Exp;
branches
	1.1.1.1;
next	;

1.1.1.1
date	2010.09.21.11.01.22;	author fhajny;	state Exp;
branches
	1.1.1.1.6.1;
next	;

1.1.1.1.6.1
date	2011.06.06.19.49.00;	author tron;	state dead;
branches;
next	;


desc
@@


1.2
log
@Update to prosody 0.8.1.

A security and bug fix release.  The security aspect is to mitigate the
"billion laughs" denial-of-service attack against XML parsers and XMPP
servers.

Other changes:

- Reject XML DTDs, comments and processing instructions, preventing
  the "billion laughs" attack
- Switch to MEDIUMTEXT in the schema for MySQL to avoid truncating
  large data (such as large avatars)
  Prosody automatically upgrades the table in-place if possible, see:
  http://prosody.im/doc/mysql
- Fix for endless loop when parsing certain invalid JSON
- Fix PostgreSQL compatibility in prosody-migrator
- Fix timestamp parsing for DST (affecting MUC scrollback retrieval)
- mod_legacyauth now correctly disabled for unencrypted connections by default
- Components properly inherit SSL settings and certificates from their
  'parent' hosts
- Prevent startup with no VirtualHost entries in the config file
@
text
@$NetBSD: patch-ac,v 1.1 2010/09/21 11:01:22 fhajny Exp $

Add runtime search path to linking phase
--- util-src/Makefile.orig	2010-06-13 00:23:02.000000000 +0000
+++ util-src/Makefile
@@@@ -16,7 +16,7 @@@@ LD?=gcc
 
 .o.so:
 	MACOSX_DEPLOYMENT_TARGET="10.3"; export MACOSX_DEPLOYMENT_TARGET;
-	$(LD) $(LDFLAGS) -o $@@ $< -L$(LUA_LIBDIR) -llua$(LUA_SUFFIX) -lidn -lcrypto
+	$(LD) $(LDFLAGS) -o $@@ $< -L$(LUA_LIBDIR) -R$(LUA_LIBDIR) -llua$(LUA_SUFFIX) -lidn -lcrypto
 
 all: encodings.so hashes.so pposix.so signal.so
 
@


1.1
log
@Initial revision
@
text
@d1 1
a1 1
$NetBSD$
@


1.1.1.1
log
@Import prosody-0.7.0 as chat/prosody.

Prosody is a flexible communications server for Jabber/XMPP written in Lua.
It aims to be easy to use, and light on resources. For developers it aims
to be easy to extend and give a flexible system on which to rapidly develop
added functionality, or prototype new protocols.

(Based on wip/prosody.)
@
text
@@


1.1.1.1.6.1
log
@Pullup ticket #3448 - requested by schnoebe
textproc/lua-expat: security update
chat/prosody: security update

Revisions pulled up:
- chat/prosody/Makefile                                         1.3 via patch
- chat/prosody/PLIST                                            1.2
- chat/prosody/distinfo                                         1.2
- chat/prosody/patches/patch-aa                                 1.2
- chat/prosody/patches/patch-ab                                 1.2
- chat/prosody/patches/patch-ac                                 deleted
- chat/prosody/patches/patch-ad                                 1.2
- textproc/lua-expat/Makefile                                   1.16
- textproc/lua-expat/distinfo                                   1.5

---
   Module Name:	pkgsrc
   Committed By:	schnoebe
   Date:		Sat Jun  4 23:13:40 UTC 2011

   Modified Files:
   	pkgsrc/textproc/lua-expat: Makefile distinfo

   Log Message:
   Update textproc/lua-expat to 1.2.0.

   Required for updating chat/prosody to 0.8.1, which helps handle the
   "billion laughs" exploits on XML parsers and XMPP servers.

   Change log as recorded in the README:

   Version 1.2.0 [02/Jun/2011]

           * support for the StartDoctypeDecl handler
   	* add parser:stop() to abort parsing inside a callback

---
   Module Name:	pkgsrc
   Committed By:	schnoebe
   Date:		Mon Jun  6 14:41:48 UTC 2011

   Modified Files:
   	pkgsrc/chat/prosody: Makefile PLIST distinfo
   	pkgsrc/chat/prosody/patches: patch-aa patch-ab patch-ad
   Removed Files:
   	pkgsrc/chat/prosody/patches: patch-ac

   Log Message:
   Update to prosody 0.8.1.

   A security and bug fix release.  The security aspect is to mitigate the
   "billion laughs" denial-of-service attack against XML parsers and XMPP
   servers.

   Other changes:

   - Reject XML DTDs, comments and processing instructions, preventing
     the "billion laughs" attack
   - Switch to MEDIUMTEXT in the schema for MySQL to avoid truncating
     large data (such as large avatars)
     Prosody automatically upgrades the table in-place if possible, see:
     http://prosody.im/doc/mysql
   - Fix for endless loop when parsing certain invalid JSON
   - Fix PostgreSQL compatibility in prosody-migrator
   - Fix timestamp parsing for DST (affecting MUC scrollback retrieval)
   - mod_legacyauth now correctly disabled for unencrypted connections by default
   - Components properly inherit SSL settings and certificates from their
     'parent' hosts
   - Prevent startup with no VirtualHost entries in the config file
@
text
@d1 1
a1 1
$NetBSD: patch-ac,v 1.1.1.1 2010/09/21 11:01:22 fhajny Exp $
@