Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package prosody for openSUSE:Factory checked
in at 2022-01-29 20:59:26
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/prosody (Old)
and /work/SRC/openSUSE:Factory/.prosody.new.1898 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "prosody"
Sat Jan 29 20:59:26 2022 rev:28 rq:949722 version:0.11.13
Changes:
--------
--- /work/SRC/openSUSE:Factory/prosody/prosody.changes 2022-01-13
23:22:22.848084358 +0100
+++ /work/SRC/openSUSE:Factory/.prosody.new.1898/prosody.changes
2022-01-29 20:59:57.987527429 +0100
@@ -1,0 +2,7 @@
+Fri Jan 28 16:09:28 UTC 2022 - Michael Vetter <mvet...@suse.com>
+
+- Update to 0.11.13:
+ * util.xml: Break reference to help the GC (fixes #1711)
+ * util.xml: Deduplicate handlers for restricted XML
+
+-------------------------------------------------------------------
Old:
----
prosody-0.11.12.tar.gz
prosody-0.11.12.tar.gz.asc
New:
----
prosody-0.11.13.tar.gz
prosody-0.11.13.tar.gz.asc
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ prosody.spec ++++++
--- /var/tmp/diff_new_pack.JZTuBX/_old 2022-01-29 20:59:58.743522346 +0100
+++ /var/tmp/diff_new_pack.JZTuBX/_new 2022-01-29 20:59:58.751522292 +0100
@@ -18,7 +18,7 @@
%define _piddir /run
Name: prosody
-Version: 0.11.12
+Version: 0.11.13
Release: 0
Summary: Communications server for Jabber/XMPP
License: MIT
++++++ prosody-0.11.12.tar.gz -> prosody-0.11.13.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/prosody-0.11.12/.hg_archival.txt
new/prosody-0.11.13/.hg_archival.txt
--- old/prosody-0.11.12/.hg_archival.txt 2022-01-13 13:19:13.904158902
+0100
+++ new/prosody-0.11.13/.hg_archival.txt 2022-01-24 14:59:43.066214980
+0100
@@ -1,4 +1,4 @@
repo: 3e3171b59028ee70122cfec6ecf98f518f946b59
-node: 783056b4e4480389d0e27883289b1bfef57e4729
+node: ebeb4d959fb3fdbc9235fd42e16a33f3f78241a8
branch: 0.11
-tag: 0.11.12
+tag: 0.11.13
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/prosody-0.11.12/prosody.release
new/prosody-0.11.13/prosody.release
--- old/prosody-0.11.12/prosody.release 2022-01-13 13:19:13.904158902 +0100
+++ new/prosody-0.11.13/prosody.release 2022-01-24 14:59:43.066214980 +0100
@@ -1 +1 @@
-0.11.12
+0.11.13
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/prosody-0.11.12/util/xml.lua
new/prosody-0.11.13/util/xml.lua
--- old/prosody-0.11.12/util/xml.lua 2022-01-13 13:19:13.904158902 +0100
+++ new/prosody-0.11.13/util/xml.lua 2022-01-24 14:59:43.066214980 +0100
@@ -65,27 +65,19 @@
function handler:EndElement()
stanza:up();
end
- local parser;
-- SECURITY: These two handlers, especially the Doctype one,
are required to prevent exploits such as Billion Laughs.
- function handler:StartDoctypeDecl()
- if not parser.stop or not parser:stop() then
- error("Failed to abort parsing");
- end
- end
- function handler:ProcessingInstruction()
+ local function restricted_handler(parser)
if not parser.stop or not parser:stop() then
error("Failed to abort parsing");
end
end
+ handler.StartDoctypeDecl = restricted_handler;
+ handler.ProcessingInstruction = restricted_handler;
if not options or not options.allow_comments then
-- NOTE: comments are generally harmless and can be
useful when parsing configuration files or other data, even user-provided data
- function handler:Comment()
- if not parser.stop or not parser:stop() then
- error("Failed to abort parsing");
- end
- end
+ handler.Comment = restricted_handler;
end
- parser = lxp.new(handler, ns_separator);
+ local parser = lxp.new(handler, ns_separator);
local ok, err, line, col = parser:parse(xml);
if ok then ok, err, line, col = parser:parse(); end
--parser:close();
