openSUSE Recommended Update: Recommended update for prosody ______________________________________________________________________________ Announcement ID: openSUSE-RU-2018:1289-1 Rating: moderate References: #1093088 Affected Products: openSUSE Leap 42.3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for prosody fixes the following issues: - Update to 0.9.13 (boo#1093088): Security: * Fix for compatibility with LuaSocket 3.0rc1 (fixes denial of service from remote) * mod_register: Require encryption before registration if c2s_require_encryption is set (fixes #595[1]) * MUC: Ensure that elements which match our from are stripped (fixes #1055[2]) Fixes and improvements: * Compatibility fix with newer LuaSec 0.6 (fixes #781[3]) * mod_presence: Send probe once subscribed (fixes #794[4]) * mod_net_multiplex: Enable SSL on the SSL port (fixes #803[5]) Minor changes: * core.rostermanager: Add method for checking if the user is subscribed to a contact * mod_saslauth: Log SASL failure reason * mod_disco: Correctly set the 'node' attr (fixes #449) * mod_bosh: Update session.conn to point to the current connection (fixes #890) * net.dns: Simplify expiry calculation (fixes #919) * mod_watchregistrations: Return the pointer to the root of the stanza, fixes #922. * mod_disco: Add an account/registered identity on subscribed accounts, fixes #826. * mod_welcome: Return the pointer to the root of the stanza, fixes a bug similar to #922. * net.dns: Prevent answers from immediately expiring even if TTL=0 (see #919) * mod_saslauth: Use correct varible name (thanks Roi) * mod_c2s: Iterate over child tags instead of child nodes in stream error (fixes traceback from #987) * mod_component, mod_s2s: Iterate over child tags instead of child nodes (can include text) in stream error (same as 176b7f4e4ac9) * MUC: Always send subject message, even if it is empty (fixes #1053) * MUC: fix the @from on in history replay (fixes #1054) * MUC: Rename variable to make it clearer that it is the room JID and not the MUC host Patch Instructions: To install this openSUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 42.3: zypper in -t patch openSUSE-2018-458=1 Package List: - openSUSE Leap 42.3 (i586 x86_64): prosody-0.9.13-2.3.1 prosody-debuginfo-0.9.13-2.3.1 prosody-debugsource-0.9.13-2.3.1 References: https://bugzilla.suse.com/1093088