prosody (0.7.0-1squeeze1+deb6u2) squeeze-lts; urgency=high * CVE-2016-0756: insecure dialback key generation/validation algorithm * Fix for regression introduced in the previous CVE-2016-1232 fix: s2s doesn't work if /dev/urandom is read-only -- Sergei Golovan Sat, 30 Jan 2016 10:34:59 +0300 prosody (0.7.0-1squeeze1+deb6u1) squeeze-lts; urgency=high * CVE-2016-1232: Fix weak PRNG for mod_dialback on S2S. -- Chris Lamb Sat, 16 Jan 2016 10:29:40 +0100 prosody (0.7.0-1squeeze1) stable; urgency=low * Secutiry fix for the “billion laughs” denial-of-service attack (Closes: #629234) -- Enrico Tassi Sun, 05 Jun 2011 19:51:00 +0200 prosody (0.7.0-1) unstable; urgency=low * New upstream release. * Check username and process name along with pidfile before stopping prosody daemon (closes: #580185). * Strictened dependency on liblua5.1-filesystem0 to versions with fixed umask bug in mkdir procedure (closes: #579087). * Use an absolute SSL certificate and key paths in config example /etc/prosody/conf.avail/example.com.cfg.lua (closes: #581682). * Added $syslog dependency to the prosody init script. * Added liblua5.1-event0 (which provides support for a large number of network connections) to recommended dependencies. * Bumped standards version to 3.9.0. -- Sergei Golovan Mon, 05 Jul 2010 20:55:28 +0400 prosody (0.6.2-2) unstable; urgency=low * Fixed changing ownership and permissions of the old prosody config file (closes: #578837). * Added required-stop dependency on $remote_fs for prosody init script because it requires /usr/bin/prosody existence to run. Also, removed unnecessary dependency on $local_fs. * Bumped standards version to 3.8.4. -- Sergei Golovan Sun, 25 Apr 2010 10:37:20 +0400 prosody (0.6.2-1) unstable; urgency=low [ Enrico Tassi ] * Fixed typo in config file. Thanks Tollef Fog Heen (Closes: #563795) [ Sergei Golovan ] * New upstream release. * Remove prosody group on package purge. * Make /etc/prosody directory readable, so the config filename can be completed in case user enters 'sudo vi /etc/prosody/pr'. The config file itself is world-unreadable now. * Don't change ownership and permissions of prosody config, log and database directories if they are overridden by dpkg-statoverride. -- Sergei Golovan Sun, 18 Apr 2010 11:57:22 +0400 prosody (0.6.1-1) unstable; urgency=low * New upstream release. * Replaced no_daemonize option by daemonize in the prosody config file. -- Sergei Golovan Sun, 13 Dec 2009 16:23:07 +0300 prosody (0.5.2-2) unstable; urgency=low [ Enrico Tassi ] * recommend liblua5.1-sec1 instead of liblua5.1-sec0 -- Enrico Tassi Tue, 17 Nov 2009 10:11:50 +0100 prosody (0.5.2-1) unstable; urgency=low [ Sergei Golovan ] * New upstream release. * Change log rotating frequency to weekly, compress logs, and create log files with adm group instead of prosody and with permissions 640. * Added copyright note for util-src/lsignal.c file to debian/copyright and reformatted it to fit 80 character lines. * Added README.source which explains how to get patched source given the pristine source and the series of patches in debian/patches. * Bumped standards version to 3.8.3. [ Matthew James Wild ] * Suppress output of reload during logrotate, avoiding emails from cron. -- Sergei Golovan Wed, 30 Sep 2009 20:44:14 +0400 prosody (0.5.1-1) unstable; urgency=low * Initial release (closes: #538130). -- Sergei Golovan Fri, 31 Jul 2009 13:43:15 +0400