Subject: CVS commit: [pkgsrc-2011Q1] pkgsrc
From: Matthias Scheler
Date: 2011-06-06 21:49:00
Message id: 20110606194900.B54FA175DD@cvs.netbsd.org
Log Message:
Pullup ticket #3448 - requested by schnoebe
textproc/lua-expat: security update
chat/prosody: security update

Revisions pulled up:
- chat/prosody/Makefile                                         1.3 via patch
- chat/prosody/PLIST                                            1.2
- chat/prosody/distinfo                                         1.2
- chat/prosody/patches/patch-aa                                 1.2
- chat/prosody/patches/patch-ab                                 1.2
- chat/prosody/patches/patch-ac                                 deleted
- chat/prosody/patches/patch-ad                                 1.2
- textproc/lua-expat/Makefile                                   1.16
- textproc/lua-expat/distinfo                                   1.5

---
   Module Name:	pkgsrc
   Committed By:	schnoebe
   Date:		Sat Jun  4 23:13:40 UTC 2011

   Modified Files:
   	pkgsrc/textproc/lua-expat: Makefile distinfo

   Log Message:
   Update textproc/lua-expat to 1.2.0.

   Required for updating chat/prosody to 0.8.1, which helps handle the
   "billion laughs" exploits on XML parsers and XMPP servers.

   Change log as recorded in the README:

   Version 1.2.0 [02/Jun/2011]

           * support for the StartDoctypeDecl handler
   	* add parser:stop() to abort parsing inside a callback

---
   Module Name:	pkgsrc
   Committed By:	schnoebe
   Date:		Mon Jun  6 14:41:48 UTC 2011

   Modified Files:
   	pkgsrc/chat/prosody: Makefile PLIST distinfo
   	pkgsrc/chat/prosody/patches: patch-aa patch-ab patch-ad
   Removed Files:
   	pkgsrc/chat/prosody/patches: patch-ac

   Log Message:
   Update to prosody 0.8.1.

   A security and bug fix release.  The security aspect is to mitigate the
   "billion laughs" denial-of-service attack against XML parsers and XMPP
   servers.

   Other changes:

   - Reject XML DTDs, comments and processing instructions, preventing
     the "billion laughs" attack
   - Switch to MEDIUMTEXT in the schema for MySQL to avoid truncating
     large data (such as large avatars)
     Prosody automatically upgrades the table in-place if possible, see:
     http://prosody.im/doc/mysql
   - Fix for endless loop when parsing certain invalid JSON
   - Fix PostgreSQL compatibility in prosody-migrator
   - Fix timestamp parsing for DST (affecting MUC scrollback retrieval)
   - mod_legacyauth now correctly disabled for unencrypted connections by default
   - Components properly inherit SSL settings and certificates from their
     'parent' hosts
   - Prevent startup with no VirtualHost entries in the config file
Files:
RevisionActionfile
1.1.1.1.6.1modifypkgsrc/chat/prosody/Makefile
1.1.1.1.6.1modifypkgsrc/chat/prosody/PLIST
1.1.1.1.6.1modifypkgsrc/chat/prosody/distinfo
1.1.1.1.6.1modifypkgsrc/chat/prosody/patches/patch-aa
1.1.1.1.6.1modifypkgsrc/chat/prosody/patches/patch-ab
1.1.1.1.6.1modifypkgsrc/chat/prosody/patches/patch-ad
1.15.6.1modifypkgsrc/textproc/lua-expat/Makefile
1.4.12.1modifypkgsrc/textproc/lua-expat/distinfo
1.1.1.1removepkgsrc/chat/prosody/patches/patch-ac