Hello community, here is the log from the commit of package prosody for openSUSE:Factory checked in at 2018-06-02 12:15:44 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/prosody (Old) and /work/SRC/openSUSE:Factory/.prosody.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "prosody" Sat Jun 2 12:15:44 2018 rev:11 rq:613633 version:0.10.2 Changes: -------- --- /work/SRC/openSUSE:Factory/prosody/prosody.changes 2018-05-16 18:44:45.720423871 +0200 +++ /work/SRC/openSUSE:Factory/.prosody.new/prosody.changes 2018-06-02 12:16:16.262916736 +0200 @@ -1,0 +2,15 @@ +Thu May 31 20:04:45 UTC 2018 - benedikt@g5r.eu + +- Update to 0.10.2: + Security: + * mod_c2s: Do not allow the stream ‘to’ to change across stream restarts (fixes #1147) + Minor changes: + * mod_websocket: Store the request object on the session for use by other modules (fixes #1153) + * mod_c2s: Avoid concatenating potential nil value (fixes #753) + * core.certmanager: Allow all non-whitespace in service name (fixes #1019) + * mod_disco: Skip code specific to disco on user accounts (avoids invoking usermanager, fixes #1150) + * mod_bosh: Store the normalized hostname on session (fixes #1151) + * MUC: Fix error logged when no persistent rooms present (fixes #1154) +- change /usr/bin/env lua5.1 to /usr/bin/lua5.1 to fix the env-script-interpreter rpmlint error + +------------------------------------------------------------------- Old: ---- prosody-0.10.1.tar.gz prosody-0.10.1.tar.gz.asc New: ---- prosody-0.10.2.tar.gz prosody-0.10.2.tar.gz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ prosody.spec ++++++ --- /var/tmp/diff_new_pack.4aCu1G/_old 2018-06-02 12:16:18.698827387 +0200 +++ /var/tmp/diff_new_pack.4aCu1G/_new 2018-06-02 12:16:18.702827240 +0200 @@ -18,7 +18,7 @@ %define _piddir /run Name: prosody -Version: 0.10.1 +Version: 0.10.2 Release: 0 Summary: Communications server for Jabber/XMPP License: MIT ++++++ prosody-0.10.1.tar.gz -> prosody-0.10.2.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/prosody-0.10.1/.hg_archival.txt new/prosody-0.10.2/.hg_archival.txt --- old/prosody-0.10.1/.hg_archival.txt 2018-05-11 16:16:15.000000000 +0200 +++ new/prosody-0.10.2/.hg_archival.txt 2018-05-31 00:10:09.000000000 +0200 @@ -1,6 +1,6 @@ repo: 3e3171b59028ee70122cfec6ecf98f518f946b59 -node: 4ae8dd415e9431924ad4aa0b57bcee8a4a9272f8 +node: 7ec098b68042f60687f1002e788b34b06048945d branch: default -latesttag: 0.10.0 -latesttagdistance: 72 -changessincelatesttag: 79 +latesttag: 0.10.1 +latesttagdistance: 17 +changessincelatesttag: 19 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/prosody-0.10.1/core/certmanager.lua new/prosody-0.10.2/core/certmanager.lua --- old/prosody-0.10.1/core/certmanager.lua 2018-05-11 16:16:15.000000000 +0200 +++ new/prosody-0.10.2/core/certmanager.lua 2018-05-31 00:10:09.000000000 +0200 @@ -157,7 +157,7 @@ local function create_context(host, mode, ...) local cfg = new_config(); cfg:apply(core_defaults); - local service_name, port = host:match("^(%w+) port (%d+)$"); + local service_name, port = host:match("^(%S+) port (%d+)$"); if service_name then cfg:apply(find_service_cert(service_name, tonumber(port))); else diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/prosody-0.10.1/plugins/mod_bosh.lua new/prosody-0.10.2/plugins/mod_bosh.lua --- old/prosody-0.10.1/plugins/mod_bosh.lua 2018-05-11 16:16:15.000000000 +0200 +++ new/prosody-0.10.2/plugins/mod_bosh.lua 2018-05-31 00:10:09.000000000 +0200 @@ -281,7 +281,7 @@ -- New session sid = new_uuid(); local session = { - type = "c2s_unauthed", conn = request.conn, sid = sid, rid = rid, host = attr.to, + type = "c2s_unauthed", conn = request.conn, sid = sid, rid = rid, host = to_host, bosh_version = attr.ver, bosh_wait = wait, streamid = sid, bosh_max_inactive = bosh_max_inactivity, requests = { }, send_buffer = {}, reset_stream = bosh_reset_stream, diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/prosody-0.10.1/plugins/mod_c2s.lua new/prosody-0.10.2/plugins/mod_c2s.lua --- old/prosody-0.10.1/plugins/mod_c2s.lua 2018-05-11 16:16:15.000000000 +0200 +++ new/prosody-0.10.2/plugins/mod_c2s.lua 2018-05-31 00:10:09.000000000 +0200 @@ -49,12 +49,19 @@ function stream_callbacks.streamopened(session, attr) local send = session.send; - session.host = nameprep(attr.to); - if not session.host then + local host = nameprep(attr.to); + if not host then session:close{ condition = "improper-addressing", text = "A valid 'to' attribute is required on stream headers" }; return; end + if not session.host then + session.host = host; + elseif session.host ~= host then + session:close{ condition = "not-authorized", + text = "The 'to' attribute must remain the same across stream restarts" }; + return; + end session.version = tonumber(attr.version) or 0; session.streamid = uuid_generate(); (session.log or session)("debug", "Client sent opening stream:stream to %s", session.host); @@ -168,7 +175,7 @@ function session.send() return false; end local reason_text = (reason and (reason.name or reason.text or reason.condition)) or reason; - session.log("debug", "c2s stream for %s closed: %s", session.full_jid or ("<"..session.ip..">"), reason_text or "session closed"); + session.log("debug", "c2s stream for %s closed: %s", session.full_jid or session.ip or "<unknown>", reason_text or "session closed"); -- Authenticated incoming stream may still be sending us stanzas, so wait for </stream:stream> from remote local conn = session.conn; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/prosody-0.10.1/plugins/mod_disco.lua new/prosody-0.10.2/plugins/mod_disco.lua --- old/prosody-0.10.1/plugins/mod_disco.lua 2018-05-11 16:16:15.000000000 +0200 +++ new/prosody-0.10.2/plugins/mod_disco.lua 2018-05-31 00:10:09.000000000 +0200 @@ -154,6 +154,7 @@ end); -- Handle disco requests to user accounts +if module:get_host_type() ~= "local" then return end -- skip for components module:hook("iq/bare/http://jabber.org/protocol/disco#info:query", function(event) local origin, stanza = event.origin, event.stanza; if stanza.attr.type ~= "get" then return; end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/prosody-0.10.1/plugins/muc/mod_muc.lua new/prosody-0.10.2/plugins/muc/mod_muc.lua --- old/prosody-0.10.1/plugins/muc/mod_muc.lua 2018-05-11 16:16:15.000000000 +0200 +++ new/prosody-0.10.2/plugins/muc/mod_muc.lua 2018-05-31 00:10:09.000000000 +0200 @@ -39,8 +39,11 @@ local persistent_rooms_storage = module:open_store("persistent"); local persistent_rooms, err = persistent_rooms_storage:get(); if not persistent_rooms then - module:log("error", "Error loading list of persistent rooms from storage. Reload mod_muc or restart to recover."); - assert(not err, err); + if err then + module:log("error", "Error loading list of persistent rooms from storage. Reload mod_muc or restart to recover."); + error("Storage error: "..err); + end + module:log("debug", "No persistent rooms found in the database"); persistent_rooms = {}; end local room_configs = module:open_store("config"); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/prosody-0.10.1/prosody.release new/prosody-0.10.2/prosody.release --- old/prosody-0.10.1/prosody.release 2018-05-11 16:16:15.000000000 +0200 +++ new/prosody-0.10.2/prosody.release 2018-05-31 00:10:10.000000000 +0200 @@ -1 +1 @@ -0.10.1 +0.10.2 ++++++ prosody-lua51coexist.patch ++++++ --- /var/tmp/diff_new_pack.4aCu1G/_old 2018-06-02 12:16:18.870821078 +0200 +++ /var/tmp/diff_new_pack.4aCu1G/_new 2018-06-02 12:16:18.870821078 +0200 @@ -3,7 +3,7 @@ +++ prosody-0.9.11/prosody 2016-12-14 11:11:33.025945126 +0100 @@ -1,4 +1,4 @@ -#!/usr/bin/env lua -+#!/usr/bin/env lua5.1 ++#!/usr/bin/lua5.1 -- Prosody IM -- Copyright (C) 2008-2010 Matthew Wild -- Copyright (C) 2008-2010 Waqas Hussain @@ -12,7 +12,7 @@ +++ prosody-0.9.11/prosodyctl 2016-12-14 11:11:39.469664663 +0100 @@ -1,4 +1,4 @@ -#!/usr/bin/env lua -+#!/usr/bin/env lua5.1 ++#!/usr/bin/lua5.1 -- Prosody IM -- Copyright (C) 2008-2010 Matthew Wild -- Copyright (C) 2008-2010 Waqas Hussain