debian/0000775000000000000000000000000012645054250007173 5ustar debian/prosody.docs0000664000000000000000000000000512215101000011512 0ustar doc/ debian/ejabberd2prosody.man.txt0000664000000000000000000000043212215101000013720 0ustar NAME ejabberd2prosody - ejabbed db dump importer for prosody SYNOPSIS ejabberd2prosody file DESCRIPTION The ejabberd dump file can be generated with the following command: ejabberdctl dump file SEE ALSO prosodyctl(8), prosody(8) AUTHOR Matthew Wild debian/prosody.man.txt0000664000000000000000000000041712215101000012162 0ustar NAME prosody - Prosody XMPP Server SYNOPSIS prosody DESCRIPTION Prosody is an XMPP server. It should be started using the startup script in /etc/init.d/prosody. SEE ALSO prosodyctl(8) FILES /etc/prosody/prosody.cfg.lua AUTHOR Matthew Wild debian/prosody.logrotate0000664000000000000000000000033412215101000012567 0ustar /var/log/prosody/prosody.log /var/log/prosody/prosody.err { weekly rotate 52 compress delaycompress create 640 prosody adm postrotate /etc/init.d/prosody reload > /dev/null endscript sharedscripts missingok } debian/README.source0000664000000000000000000000057512215101000011334 0ustar This package uses quilt to manage all modifications to the upstream source. Changes are stored in the source package as diffs in debian/patches and applied during the build. To get detailed instructions on how to apply the series of patches and modify them, please read /usr/share/doc/quilt/README.source -- Sergei Golovan Wed, 30 Sep 2009 20:43:54 +0400 debian/prosody.postrm0000664000000000000000000000150312215101000012112 0ustar #!/bin/sh set -e #DEBHELPER# if [ "$1" = "purge" ] ; then # Delete stale symlink which was created in postinst script if [ -h "/etc/prosody/conf.d/localhost.cfg.lua" ] && \ ! readlink -e "/etc/prosody/conf.d/localhost.cfg.lua" ; then rm "/etc/prosody/conf.d/localhost.cfg.lua" fi # Delete configs directory if [ -d "/etc/prosody/conf.d" ]; then rmdir --ignore-fail-on-non-empty "/etc/prosody/conf.d"; fi # Delete directory for .pid if [ -d "/var/run/prosody" ]; then rm -rf "/var/run/prosody"; fi # Delete directory for users data if [ -d "/var/lib/prosody" ]; then rm -rf "/var/lib/prosody"; fi # Delete directory for log files if [ -d "/var/log/prosody" ]; then rm -rf "/var/log/prosody"; fi # Delete user 'prosody' userdel prosody > /dev/null || true groupdel prosody > /dev/null || true fi debian/prosody.postinst0000664000000000000000000000747412215101000012466 0ustar #!/bin/sh # postinst script for prosody set -e # summary of how this script can be called: # * `configure' # * `abort-upgrade' # * `abort-remove' `in-favour' # # * `abort-deconfigure' `in-favour' # `removing' # # for details, see http://www.debian.org/doc/debian-policy/ or # the debian-policy package case "$1" in configure) if ! getent passwd prosody >/dev/null; then adduser --disabled-password --quiet --system \ --home "/var/lib/prosody" --no-create-home \ --gecos "Prosody XMPP Server" --group prosody fi # Adding prosody user to the ssl-cert group to use the snakeoil # SSL certificate if getent group ssl-cert >/dev/null ; then adduser --quiet prosody ssl-cert fi # Create directory for log files if [ ! -d "/var/log/prosody" ]; then install -d -o prosody -g adm -m 750 "/var/log/prosody"; fi if ! dpkg-statoverride --list "/var/log/prosody" >/dev/null; then chown prosody:adm "/var/log/prosody" chmod 750 "/var/log/prosody" fi # Create data directory if [ ! -d "/var/lib/prosody" ]; then install -d -o prosody -g prosody -m 750 "/var/lib/prosody"; fi if ! dpkg-statoverride --list "/var/lib/prosody" >/dev/null; then chown prosody:prosody "/var/lib/prosody" chmod 750 "/var/lib/prosody" fi # Fix config directory permissions if ! dpkg-statoverride --list "/etc/prosody" >/dev/null; then chown root:root "/etc/prosody" chmod 755 "/etc/prosody" fi # Fix config file permissions if ! dpkg-statoverride --list "/etc/prosody/prosody.cfg.lua" >/dev/null; then for f in "/etc/prosody/prosody.cfg.lua" \ /etc/prosody/prosody.cfg.lua.dpkg*; do if [ -f $f ]; then chown root:prosody $f chmod 640 $f fi done fi # Create subdirs for conf files if [ ! -d "/etc/prosody/conf.d" ]; then install -d -o root -g prosody -m 754 "/etc/prosody/conf.d"; fi if ! dpkg-statoverride --list "/etc/prosody/conf.d" >/dev/null; then chown root:prosody "/etc/prosody/conf.d" chmod 754 "/etc/prosody/conf.d" fi if [ ! -d "/etc/prosody/conf.avail" ]; then install -d -o root -g prosody -m 754 "/etc/prosody/conf.avail"; fi if ! dpkg-statoverride --list "/etc/prosody/conf.avail" >/dev/null; then chown root:prosody "/etc/prosody/conf.avail" chmod 754 "/etc/prosody/conf.avail" fi # Create config symlink # Do it only if it's a fresh install or upgrade from version # less than 0.8.2-2~, allowing admin to safely remove it. if dpkg --compare-versions "$2" lt "0.8.2-2~" ; then if [ ! -f /etc/prosody/conf.d/localhost.cfg.lua ] ; then ln -s ../conf.avail/localhost.cfg.lua /etc/prosody/conf.d/ fi fi # Create directory for SSL certificate and key if [ ! -d "/etc/prosody/certs" ]; then install -d -o root -g prosody -m 750 "/etc/prosody/certs"; fi if ! dpkg-statoverride --list "/etc/prosody/certs" >/dev/null; then chown root:prosody "/etc/prosody/certs" chmod 750 "/etc/prosody/certs" fi if grep -q 'require "util.ztact"' /etc/prosody/prosody.cfg.lua; then # Upgrade config from pre-0.8.0 (removes util.ztact usage) echo "Deprecated method for including conf.d/* detected in"\ "prosody.cfg.lua. Fixing config file in-place, current version"\ "will be saved as /etc/prosody/prosody.cfg.lua.dpkg-bak" >&2; sed -e 's|^local ztact = require "util.ztact"$||'\ -e 'T;: loop;N;s|^--------*$||m;t end;b loop;:end; i\' \ -e 'Include "conf.d/*.cfg.lua"' \ -e 'd' -i.dpkg-bak /etc/prosody/prosody.cfg.lua; fi ;; abort-upgrade|abort-remove|abort-deconfigure) ;; *) echo "postinst called with unknown argument \`$1'" >&2 exit 1 ;; esac #DEBHELPER# debian/prosody.install0000664000000000000000000000027512215101000012241 0ustar usr/bin/* usr/lib/prosody etc/prosody/prosody* etc/prosody/migrator.cfg.lua localhost.cfg.lua etc/prosody/conf.avail/ example.com.cfg.lua etc/prosody/conf.avail/ debian/README etc/prosody/ debian/watch0000664000000000000000000000045212215101000010200 0ustar # test this watch file using: # uscan --watchfile debian/watch --upstream-version 0.0.1 --package prosody # version=3 opts="uversionmangle=s/rc/~rc/" \ http://prosody.im/downloads/source/ prosody-(.*).tar.gz opts="uversionmangle=s/rc/~rc/" \ http://prosody.im/tmp/(\d.\d.\d.*)/ prosody-(.*).tar.gz debian/compat0000664000000000000000000000000212215101000010344 0ustar 7 debian/rules0000775000000000000000000000174412215101000010234 0ustar #!/usr/bin/make -f %: dh --with quilt $@ override_dh_auto_configure: ./configure --ostype=debian --prefix=/usr override_dh_auto_build: dh_auto_build $(MAKE) -C tools/migration override_dh_auto_install: $(MAKE) install DESTDIR=debian/tmp $(MAKE) -C tools/migration install DESTDIR=../../debian/tmp cp tools/ejabberd2prosody.lua debian/tmp/usr/bin/ejabberd2prosody cp tools/erlparse.lua debian/tmp/usr/lib/prosody/util override_dh_installman: txt2man -t "prosody 8" -r "Prosody IM" -v "" debian/prosody.man.txt | sed 1d > prosody.8 txt2man -t "ejabberd2prosody 8" -r "Prosody IM" -v "" debian/ejabberd2prosody.man.txt | sed 1d > ejabberd2prosody.8 txt2man -t "prosody-migrator 8" -r "Prosody IM" -v "" debian/prosody-migrator.man.txt | sed 1d > prosody-migrator.8 dh_installman override_dh_auto_clean: if [ -f config.unix ]; then \ make -C tools/migration clean; \ make clean; \ rm -f config.unix; \ fi rm -f prosody.8 prosodyctl.8 ejabberd2prosody.8 prosody-migrator.8 debian/prosody.manpages0000664000000000000000000000010312215101000012354 0ustar prosody.8 ejabberd2prosody.8 prosody-migrator.8 man/prosodyctl.man debian/changelog0000664000000000000000000001531212645052434011051 0ustar prosody (0.9.1-1ubuntu0.1) trusty-security; urgency=medium * SECURITY UPDATE: path traversal vulnerability in mod_http_files - debian/patches/CVE-2016-1231.patch - CVE-2016-1231 - LP: #1532943 * SECURITY UPDATE: use of weak PRNG in generation of dialback secrets - debian/patches/CVE-2016-1232.patch - CVE-2016-1232 - LP: #1532943 -- Felix Geyer Mon, 11 Jan 2016 19:21:33 +0100 prosody (0.9.1-1) unstable; urgency=low * New upstream release including ipv6 support (Closes: #721970, #562161) * Packaging moved to git (still collab maint) * Add Vcs-* fields to control file * Standards-Version bumped to 3.9.4, no changes needed * Add delaycompress to logrotate file (Closes: #718703) * Allow user to override IO/CPU scheduler and nice level using /etc/default/prosody, as the upstream does * Fix LSB init info adding $local_fs as a dependency * Align package description with the one used by the upstream -- Enrico Tassi Fri, 16 Aug 2013 16:18:43 +0200 prosody (0.9.0~rc5-2) unstable; urgency=low * Configure prosody using --ostype=debian * New patch to use dpkg-buildflags (activates hardening flags) -- Enrico Tassi Mon, 12 Aug 2013 09:58:27 +0200 prosody (0.9.0~rc5-1) unstable; urgency=low * New upstream release candidate -- Enrico Tassi Thu, 27 Sep 2012 18:22:53 +0200 prosody (0.8.2-4) unstable; urgency=low [ Matthew James Wild ] * Fix init script to expect 'lua5.1' as a process name -- Enrico Tassi Fri, 29 Jun 2012 20:26:21 +0200 prosody (0.8.2-3) unstable; urgency=low * Add patch prosody-lua51.patch to make prosody work even if lua5.2 is installed -- Enrico Tassi Fri, 29 Jun 2012 19:04:46 +0200 prosody (0.8.2-2) unstable; urgency=low [ Sergei Golovan ] * Switched to the snakeoil SSL certificate for localhost server instead of generating a separate one. This moves the responsibility of creating SSL certificate and private key to the ssl-cert package (Closes: #638027, #645853). * Create localhost.cfg.lua symlink in /etc/prosody/conf.d directory in postinstallation script and only on a new install to allow the local admin removing it completely. * Added lua-zlib, lua-dbi-postgresql, lua-dbi-mysql and lua-dbi-sqlite3 to the suggested packages list. lua-zlib allows prosody to use XMPP stream compression, the others let prosody store its data in an external relational database. * Bumped standards version to 3.9.3 (no changes needed). [ Enrico Tassi ] * Fix build dependency using the new Lua packages names -- Sergei Golovan Wed, 16 May 2012 22:07:24 +0400 prosody (0.8.2-1) unstable; urgency=low * New upstream bugfix release * Fixed ssl cert generation in postinst (Closes: #596433) * Bumped standards version to 3.9.2, no changes * source format 3.0 (quilt) -- Enrico Tassi Thu, 21 Jul 2011 21:55:57 +0200 prosody (0.8.1-1) unstable; urgency=high * New upstream release (Closes: #622638) * Depend on lua-expat >= 1.2.0 to fix DoS attack (Closes: #629234) -- Enrico Tassi Sat, 04 Jun 2011 18:42:47 +0200 prosody (0.8.0-1) unstable; urgency=low [ Matthew James Wild ] * New upstream release. (closes: #614175, #620882) * Relocate all Prosody modules into /usr/lib/prosody. (closes: #600370) [ Enrico Tassi ] * Removed prosody.dirs, usr/lib/lua/5.1/util/ not needed * Bumped standards version to 3.9.1. no changes needed * Added watch file -- Enrico Tassi Mon, 23 May 2011 10:07:42 +0200 prosody (0.7.0-1) unstable; urgency=low * New upstream release. * Check username and process name along with pidfile before stopping prosody daemon (closes: #580185). * Strictened dependency on liblua5.1-filesystem0 to versions with fixed umask bug in mkdir procedure (closes: #579087). * Use an absolute SSL certificate and key paths in config example /etc/prosody/conf.avail/example.com.cfg.lua (closes: #581682). * Added $syslog dependency to the prosody init script. * Added liblua5.1-event0 (which provides support for a large number of network connections) to recommended dependencies. * Bumped standards version to 3.9.0. -- Sergei Golovan Mon, 05 Jul 2010 20:55:28 +0400 prosody (0.6.2-2) unstable; urgency=low * Fixed changing ownership and permissions of the old prosody config file (closes: #578837). * Added required-stop dependency on $remote_fs for prosody init script because it requires /usr/bin/prosody existence to run. Also, removed unnecessary dependency on $local_fs. * Bumped standards version to 3.8.4. -- Sergei Golovan Sun, 25 Apr 2010 10:37:20 +0400 prosody (0.6.2-1) unstable; urgency=low [ Enrico Tassi ] * Fixed typo in config file. Thanks Tollef Fog Heen (Closes: #563795) [ Sergei Golovan ] * New upstream release. * Remove prosody group on package purge. * Make /etc/prosody directory readable, so the config filename can be completed in case user enters 'sudo vi /etc/prosody/pr'. The config file itself is world-unreadable now. * Don't change ownership and permissions of prosody config, log and database directories if they are overridden by dpkg-statoverride. -- Sergei Golovan Sun, 18 Apr 2010 11:57:22 +0400 prosody (0.6.1-1) unstable; urgency=low * New upstream release. * Replaced no_daemonize option by daemonize in the prosody config file. -- Sergei Golovan Sun, 13 Dec 2009 16:23:07 +0300 prosody (0.5.2-2) unstable; urgency=low [ Enrico Tassi ] * recommend liblua5.1-sec1 instead of liblua5.1-sec0 -- Enrico Tassi Tue, 17 Nov 2009 10:11:50 +0100 prosody (0.5.2-1) unstable; urgency=low [ Sergei Golovan ] * New upstream release. * Change log rotating frequency to weekly, compress logs, and create log files with adm group instead of prosody and with permissions 640. * Added copyright note for util-src/lsignal.c file to debian/copyright and reformatted it to fit 80 character lines. * Added README.source which explains how to get patched source given the pristine source and the series of patches in debian/patches. * Bumped standards version to 3.8.3. [ Matthew James Wild ] * Suppress output of reload during logrotate, avoiding emails from cron. -- Sergei Golovan Wed, 30 Sep 2009 20:44:14 +0400 prosody (0.5.1-1) unstable; urgency=low * Initial release (closes: #538130). -- Sergei Golovan Fri, 31 Jul 2009 13:43:15 +0400 debian/source/0000775000000000000000000000000012215101000010446 5ustar debian/source/format0000664000000000000000000000001412215101000011654 0ustar 3.0 (quilt) debian/prosody.links0000664000000000000000000000021312215101000011703 0ustar etc/ssl/certs/ssl-cert-snakeoil.pem etc/prosody/certs/localhost.cert etc/ssl/private/ssl-cert-snakeoil.key etc/prosody/certs/localhost.key debian/README0000664000000000000000000000044412215101000010030 0ustar Prosody configuration directory =============================== The configuration file /etc/prosody/prosody.cfg.lua should contain only global settings. Per-host configuration files should be placed in /etc/prosody/conf.avail/, and the active ones should be linked in /etc/prosody/conf.d/ debian/copyright0000664000000000000000000000634012215101000011104 0ustar This package was debianized by Matthew James Wild on Fri, 28 Nov 2008 01:07:10 +0000. It was downloaded from http://prosody.im/ Upstream Authors: Matthew Wild Waqas Hussain Tobias Markmann Copyright: Copyright (C) 2008 Matthew Wild Copyright (C) 2008 Waqas Hussain License: Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. The file util-src/lsignal.c is Copyright (C) 2007 Patrick J. Donnelly (batrick@unm.edu) with the same license as above. The file util/sasl.lua is Copyright (C) 2008 Tobias Markmann All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. * Neither the name of Tobias Markmann nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. The Debian packaging is (C) 2008, Matthew James Wild and is licensed under the GPL, see `/usr/share/common-licenses/GPL'. debian/prosody.init0000775000000000000000000000420312215101000011534 0ustar #! /bin/sh ### BEGIN INIT INFO # Provides: prosody # Required-Start: $network $local_fs $remote_fs $syslog # Required-Stop: $remote_fs $syslog # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: Prosody XMPP Server ### END INIT INFO set -e # /etc/init.d/prosody: start and stop Prosody XMPP server USER=prosody DAEMON=/usr/bin/prosody PIDPATH=/var/run/prosody PIDFILE="$PIDPATH"/prosody.pid NICE= MAXFDS= CPUSCHED= IOSCHED= test -x "$DAEMON" || exit 0 . /lib/lsb/init-functions if [ -f /etc/default/prosody ] ; then . /etc/default/prosody fi start_opts() { test -z "$NICE" || echo -n " --nicelevel $NICE" test -z "$CPUSCHED" || echo -n " --procsched $CPUSCHED" test -z "$IOSCHED" || echo -n " --iosched $IOSCHED" } start_prosody () { mkdir -p `dirname $PIDFILE` chown prosody:adm `dirname $PIDFILE` if start-stop-daemon --start --quiet --pidfile "$PIDFILE" \ --chuid "$USER" --oknodo --user "$USER" --name lua5.1 \ $(start_opts) --startas "$DAEMON"; then return 0 else return 1 fi } stop_prosody () { if start-stop-daemon --stop --quiet --retry 30 \ --oknodo --pidfile "$PIDFILE" --user "$USER" --name lua5.1; then return 0 else return 1 fi } signal_prosody () { if start-stop-daemon --stop --quiet --pidfile "$PIDFILE" \ --user "$USER" --name lua5.1 --oknodo --signal $1; then return 0 else return 1 fi } case "$1" in start) log_daemon_msg "Starting Prosody XMPP Server" "prosody" if start_prosody; then log_end_msg 0; else log_end_msg 1; fi ;; stop) log_daemon_msg "Stopping Prosody XMPP Server" "prosody" if stop_prosody; then log_end_msg 0; else log_end_msg 1; fi ;; force-reload|restart) log_daemon_msg "Restarting Prosody XMPP Server" "prosody" stop_prosody if start_prosody; then log_end_msg 0; else log_end_msg 1; fi ;; reload) log_daemon_msg "Reloading Prosody XMPP Server" "prosody" if signal_prosody 1; then log_end_msg 0; else log_end_msg 1; fi ;; *) log_action_msg "Usage: /etc/init.d/prosody {start|stop|restart|reload}" exit 1 esac exit 0 debian/control0000664000000000000000000000205712645054225010604 0ustar Source: prosody Section: net Priority: extra Maintainer: Ubuntu Developers XSBC-Original-Maintainer: Matthew James Wild Uploaders: Enrico Tassi , Sergei Golovan Build-Depends: lua5.1, liblua5.1-dev, libidn11-dev, libssl-dev, debhelper (>> 8.1.3), txt2man, quilt (>= 0.46-7) Standards-Version: 3.9.4 Homepage: http://www.prosody.im/ Vcs-Git: git://git.debian.org/git/collab-maint/prosody.git Vcs-Browser: http://git.debian.org/?p=collab-maint/prosody.git Package: prosody Architecture: any Multi-Arch: foreign Depends: adduser, ssl-cert, lua5.1, lua5.1-expat, lua-expat (>= 1.2.0), lua5.1-socket, lua5.1-filesystem, lua-filesystem (>= 1.4.2-3~), ${shlibs:Depends}, ${misc:Depends} Recommends: lua5.1-sec, lua5.1-event Suggests: lua-zlib, lua-dbi-postgresql, lua-dbi-mysql, lua-dbi-sqlite3 Description: Lightweight Jabber/XMPP server Prosody IM is a simple-to-use XMPP server. It is designed to be easy to extend via plugins, and light on resources. debian/patches/0000775000000000000000000000000012645052432010622 5ustar debian/patches/dpkg-buildflags.patch0000664000000000000000000000071112215101000014654 0ustar Index: prosody-0.9.0~rc5/configure =================================================================== --- prosody-0.9.0~rc5.orig/configure 2013-08-16 16:14:15.122984068 +0200 +++ prosody-0.9.0~rc5/configure 2013-08-16 16:14:40.306983001 +0200 @@ -18,8 +18,8 @@ LD=gcc RUNWITH=lua -CFLAGS="-fPIC -Wall" -LDFLAGS="-shared" +CFLAGS="`dpkg-buildflags --get CFLAGS` -fPIC -Wall" +LDFLAGS="`dpkg-buildflags --get LDFLAGS` -shared" IDN_LIBRARY=idn # Help debian/patches/prosody-migrator.patch0000664000000000000000000000133312215101000015137 0ustar Index: prosody-0.8.0rc2/tools/migration/Makefile =================================================================== --- prosody-0.8.0rc2.orig/tools/migration/Makefile 2011-03-03 18:16:23.000000000 +0000 +++ prosody-0.8.0rc2/tools/migration/Makefile 2011-03-03 18:16:32.000000000 +0000 @@ -12,9 +12,9 @@ INSTALLEDMODULES = $(PREFIX)/lib/prosody/modules INSTALLEDDATA = $(DATADIR) -SOURCE_FILES = main.lua migrator/*.lua +SOURCE_FILES = migrator/*.lua -all: prosody-migrator.install migrator.cfg.lua.install $(SOURCE_FILES) +all: prosody-migrator.install migrator.cfg.lua.install main.lua $(SOURCE_FILES) install: prosody-migrator.install migrator.cfg.lua.install install -d $(BIN) $(CONFIG) $(SOURCE) $(SOURCE)/migrator debian/patches/CVE-2016-1231.patch0000664000000000000000000000330012645052411013223 0ustar From: Enrico Tassi Date: Thu, 7 Jan 2016 21:01:23 +0100 Subject: CVE-2016-1231: path traversal in http built-in server --- plugins/mod_http_files.lua | 34 +++++++++++++++++++++++++++++++++- 1 file changed, 33 insertions(+), 1 deletion(-) diff --git a/plugins/mod_http_files.lua b/plugins/mod_http_files.lua index 3a9368b..62b957b 100644 --- a/plugins/mod_http_files.lua +++ b/plugins/mod_http_files.lua @@ -49,6 +49,34 @@ if not mime_map then end end +local forbidden_chars_pattern = "[/%z]"; +if prosody.platform == "windows" then + forbidden_chars_pattern = "[/%z\001-\031\127\"*:<>?|]" +end + +local urldecode = require "util.http".urldecode; +function sanitize_path(path) + local out = {}; + + local c = 0; + for component in path:gmatch("([^/]+)") do + component = urldecode(component); + if component:find(forbidden_chars_pattern) then + return nil; + elseif component == ".." then + if c <= 0 then + return nil; + end + out[c] = nil; + c = c - 1; + elseif component ~= "." then + c = c + 1; + out[c] = component; + end + end + return "/"..table.concat(out, "/"); +end + local cache = setmetatable({}, { __mode = "kv" }); -- Let the garbage collector have it if it wants to. function serve(opts) @@ -60,7 +88,11 @@ function serve(opts) local directory_index = opts.directory_index; local function serve_file(event, path) local request, response = event.request, event.response; - local orig_path = request.path; + path = sanitize_path(path); + if not path then + return 400; + end + local orig_path = sanitize_path(request.path); local full_path = base_path .. (path and "/"..path or ""); local attr = stat(full_path); if not attr then debian/patches/series0000664000000000000000000000013512645052411012033 0ustar conf.patch prosody-lua51.patch dpkg-buildflags.patch CVE-2016-1231.patch CVE-2016-1232.patch debian/patches/CVE-2016-1232.patch0000664000000000000000000000410712645052411013232 0ustar From: Enrico Tassi Date: Fri, 8 Jan 2016 10:20:33 +0100 Subject: CVE-2016-1232: weak PRNG for dialback on S2S --- util/uuid.lua | 44 ++++++++++++++++---------------------------- 1 file changed, 16 insertions(+), 28 deletions(-) diff --git a/util/uuid.lua b/util/uuid.lua index 796c8ee..58f792f 100644 --- a/util/uuid.lua +++ b/util/uuid.lua @@ -6,45 +6,33 @@ -- COPYING file in the source package for more information. -- - -local m_random = math.random; -local tostring = tostring; -local os_time = os.time; -local os_clock = os.clock; -local sha1 = require "util.hashes".sha1; +local error = error; +local round_up = math.ceil; +local urandom, urandom_err = io.open("/dev/urandom", "r+"); module "uuid" -local last_uniq_time = 0; -local function uniq_time() - local new_uniq_time = os_time(); - if last_uniq_time >= new_uniq_time then new_uniq_time = last_uniq_time + 1; end - last_uniq_time = new_uniq_time; - return new_uniq_time; -end - -local function new_random(x) - return sha1(x..os_clock()..tostring({}), true); -end - -local buffer = new_random(uniq_time()); -local function _seed(x) - buffer = new_random(buffer..x); -end local function get_nibbles(n) - if #buffer < n then _seed(uniq_time()); end - local r = buffer:sub(0, n); - buffer = buffer:sub(n+1); - return r; + local binary_random = urandom:read(round_up(n/2)); + local hex_random = binary_random:gsub(".", + function (x) return ("%02x"):format(x:byte()) end); + return hex_random:sub(1, n); end local function get_twobits() - return ("%x"):format(get_nibbles(1):byte() % 4 + 8); + return ("%x"):format(urandom:read(1):byte() % 4 + 8); end function generate() + if not urandom then + error("Unable to obtain a secure random number generator, please see https://prosody.im/doc/random ("..urandom_err..")"); + end -- generate RFC 4122 complaint UUIDs (version 4 - random) return get_nibbles(8).."-"..get_nibbles(4).."-4"..get_nibbles(3).."-"..(get_twobits())..get_nibbles(3).."-"..get_nibbles(12); end -seed = _seed; + +function seed(x) + urandom:write(x); + urandom:flush(); +end return _M; debian/patches/conf.patch0000664000000000000000000001177312215101000012554 0ustar Index: prosody-0.9.0~rc5/prosody.cfg.lua.dist =================================================================== --- prosody-0.9.0~rc5.orig/prosody.cfg.lua.dist 2013-08-10 22:07:04.133246298 +0200 +++ prosody-0.9.0~rc5/prosody.cfg.lua.dist 2013-08-10 22:07:45.293244526 +0200 @@ -44,7 +44,7 @@ -- These are commented by default as they have a performance impact --"privacy"; -- Support privacy lists - --"compression"; -- Stream compression + --"compression"; -- Stream compression (Debian: requires lua-zlib module to work) -- Nice to have "version"; -- Replies to server version requests @@ -63,7 +63,7 @@ --"http_files"; -- Serve static files from a directory over HTTP -- Other specific functionality - --"posix"; -- POSIX functionality, sends server to background, enables syslog, etc. + "posix"; -- POSIX functionality, sends server to background, enables syslog, etc. --"groups"; -- Shared roster support --"announce"; -- Send announcement to all online users --"welcome"; -- Welcome users who register accounts @@ -84,6 +84,17 @@ -- For more information see http://prosody.im/doc/creating_accounts allow_registration = false; +-- Debian: +-- send the server to background. +-- +daemonize = true; + +-- Debian: +-- Please, don't change this option since /var/run/prosody/ +-- is one of the few directories Prosody is allowed to write to +-- +pidfile = "/var/run/prosody/prosody.pid"; + -- These are the SSL/TLS-related settings. If you don't want -- to use SSL/TLS, you may comment or remove this ssl = { @@ -129,7 +140,8 @@ -- through modules. An "sql" backend is included by default, but requires -- additional dependencies. See http://prosody.im/doc/storage for more info. ---storage = "sql" -- Default is "internal" +--storage = "sql" -- Default is "internal" (Debian: "sql" requires one of the +-- lua-dbi-sqlite3, lua-dbi-mysql or lua-dbi-postgresql packages to work) -- For the "sql" backend, you can uncomment *one* of the below to configure: --sql = { driver = "SQLite3", database = "prosody.sqlite" } -- Default. 'database' is the filename. @@ -138,19 +150,22 @@ -- Logging configuration -- For advanced logging see http://prosody.im/doc/logging +-- +-- Debian: +-- Logs info and higher to /var/log +-- Logs errors to syslog also log = { - info = "prosody.log"; -- Change 'info' to 'debug' for verbose logging - error = "prosody.err"; - -- "*syslog"; -- Uncomment this for logging to syslog - -- "*console"; -- Log to the console, useful for debugging with daemonize=false + -- Log files (change 'info' to 'debug' for debug logs): + info = "/var/log/prosody/prosody.log"; + error = "/var/log/prosody/prosody.err"; + -- Syslog: + { levels = { "error" }; to = "syslog"; }; } ----------- Virtual hosts ----------- -- You need to add a VirtualHost entry for each domain you wish Prosody to serve. -- Settings under each VirtualHost entry apply *only* to that host. -VirtualHost "localhost" - VirtualHost "example.com" enabled = false -- Remove this line to enable this host @@ -182,3 +197,10 @@ -- --Component "gateway.example.com" -- component_secret = "password" + +------ Additional config files ------ +-- For organizational purposes you may prefer to add VirtualHost and +-- Component definitions in their own config files. This line includes +-- all config files in /etc/prosody/conf.d/ + +Include "conf.d/*.cfg.lua" Index: prosody-0.9.0~rc5/localhost.cfg.lua =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 +++ prosody-0.9.0~rc5/localhost.cfg.lua 2013-08-10 22:07:04.129246298 +0200 @@ -0,0 +1,5 @@ +-- Section for localhost + +-- This allows clients to connect to localhost. No harm in it. +VirtualHost "localhost" + Index: prosody-0.9.0~rc5/example.com.cfg.lua =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 +++ prosody-0.9.0~rc5/example.com.cfg.lua 2013-08-10 22:07:04.129246298 +0200 @@ -0,0 +1,29 @@ +-- Section for example.com + +VirtualHost "example.com" + enabled = false -- Remove this line to enable this host + + -- Assign this host a certificate for TLS, otherwise it would use the one + -- set in the global section (if any). + -- Note that old-style SSL on port 5223 only supports one certificate, and will always + -- use the global one. + ssl = { + key = "/etc/prosody/certs/example.com.key"; + certificate = "/etc/prosody/certs/example.com.crt"; + } + +------ Components ------ +-- You can specify components to add hosts that provide special services, +-- like multi-user conferences, and transports. +-- For more information on components, see http://prosody.im/doc/components + +-- Set up a MUC (multi-user chat) room server on conference.example.com: +Component "conference.example.com" "muc" + +-- Set up a SOCKS5 bytestream proxy for server-proxied file transfers: +--Component "proxy.example.com" "proxy65" + +---Set up an external component (default component port is 5347) +--Component "gateway.example.com" +-- component_secret = "password" + debian/patches/ejabberd2prosody.patch0000664000000000000000000000066612215101000015066 0ustar --- prosody-0.7.0.orig/tools/ejabberd2prosody.lua +++ prosody-0.7.0/tools/ejabberd2prosody.lua @@ -9,13 +9,8 @@ -package.path = package.path ..";../?.lua"; - -if arg[0]:match("^./") then - package.path = package.path .. ";"..arg[0]:gsub("/ejabberd2prosody.lua$", "/?.lua"); -end - -require "erlparse"; +package.path = package.path ..";/usr/share/lua/5.1/prosody/?.lua"; +local erlparse = require "util.erlparse"; prosody = {}; debian/patches/prosody-lua51.patch0000664000000000000000000000162412215101000014245 0ustar diff -r 44b131d7041b prosody --- a/prosody Sat Jun 11 02:16:26 2011 +0100 +++ b/prosody Fri Jun 29 17:57:02 2012 +0100 @@ -1,4 +1,4 @@ -#!/usr/bin/env lua +#!/usr/bin/env lua5.1 -- Prosody IM -- Copyright (C) 2008-2010 Matthew Wild -- Copyright (C) 2008-2010 Waqas Hussain diff -r 44b131d7041b prosodyctl --- a/prosodyctl Sat Jun 11 02:16:26 2011 +0100 +++ b/prosodyctl Fri Jun 29 17:57:02 2012 +0100 @@ -1,4 +1,4 @@ -#!/usr/bin/env lua +#!/usr/bin/env lua5.1 -- Prosody IM -- Copyright (C) 2008-2010 Matthew Wild -- Copyright (C) 2008-2010 Waqas Hussain diff -r 44b131d7041b tools/migration/prosody-migrator.lua --- a/tools/migration/prosody-migrator.lua Sat Jun 11 02:16:26 2011 +0100 +++ b/tools/migration/prosody-migrator.lua Fri Jun 29 17:57:02 2012 +0100 @@ -1,4 +1,4 @@ -#!/usr/bin/env lua +#!/usr/bin/env lua5.1 CFG_SOURCEDIR=os.getenv("PROSODY_SRCDIR"); CFG_CONFIGDIR=os.getenv("PROSODY_CFGDIR"); debian/prosody-migrator.man.txt0000664000000000000000000000177612215101000014015 0ustar NAME prosody-migrator - Migrate data between Prosody data stores SYNOPSIS prosody-migrator [OPTIONS] [SOURCE_STORE DESTINATION_STORE] DESCRIPTION prosody-migrator is used to move data (user accounts, rosters, vcards, etc.) between different data stores. For example this allows you to migrate data from a file-based store to an SQL database, and vice-versa. Note: the migrator assumes that the destination store is empty. Existing data that conflicts with data in the source store will be overwritten! OPTIONS --config=FILENAME Specify an alternative config file to use. The default is /etc/prosody/migrator.cfg.lua. SOURCE_STORE The name of the store (defined in the config file) to migrate data from. Defaults to 'input'. DESTINATION_STORE The name of the store (also defined in the config file) to migrate data to. Defaults to 'output'. FILES /etc/prosody/migrator.cfg.lua The migrator config file. SEE ALSO prosody(8), prosodyctl(8) AUTHOR Matthew Wild debian/prosody.lintian-overrides0000664000000000000000000000006612215101000014227 0ustar prosody binary: possible-gpl-code-linked-with-openssl