Bug#1003696: prosody: CVE-2022-0217: Unauthenticated Remote Denial of Service Attack in the WebSocket interface

Hi folks, This is a link to the upstream patch for our 0.11.x series: https://hg.prosody.im/0.11/raw-rev/783056b4e448 Let me know if you have any questions! Regards, Matthew (Prosody developer)

Bug#827689: prosody: Also search plugins in /usr/local?

On 25 April 2018 at 14:27, Sergei Golovan wrote: > Hi Elrond, > > On Sun, Jun 19, 2016 at 8:03 PM, Elrond > wrote: >> >> So could you add the following to the default >> prosody.cfg.lua? >> >> -- Also search for plugins/modules here: >> plugin_paths = { "/usr/local/lib/prosody/mo

Bug#851464: suggest/recommend python-bcrypt (provides bcrypt auth backend)

I can confirm Prosody doesn't do bcrypt. It would be possible to make such a backend as a plugin, and someone possibly already has, but it's not in the prosody package, and we don't depend on any bcrypt library. On 10 October 2017 at 12:31, Victor Seva wrote: > I don't see any reference of bcrypt

Bug#846470: prosody: fails to check incoming certificates valididy

Thanks for the report. This is an upstream bug in 0.9.11 when used with LuaSec 0.6. Patch is here: https://hg.prosody.im/0.9/rev/2a7b52437167 We're working on a 0.9.12 release with the fix.

Bug#842963: Please provide 0.10 (future) in experimental

On 3 November 2016 at 09:20, Daniel Scharon wrote: > maybe as a separate package 'prosody-0.10' like upstream does? > http://packages.prosody.im/debian/pool/main/p/prosody-0.10/ > that way an eventual upload to unstable could be possible as well. With my upstream hat on, I'd prefer not having pac

Bug#836236: prosody: doesn't try IPv4 when IPv6 fails

On 31 August 2016 at 23:25, Cyril Brulebois wrote: > So it looks to me like it could be an initial DNS issue (partial and/or > no resolution depending on the domain) which happened at start-up time, > and failed/incomplete resolutions weren't attempted again later on. > > Would this seem even remo

Bug#836236: prosody: doesn't try IPv4 when IPv6 fails

Hi Cyril, Thanks for the report. Can you please bump your log level up to 'debug' (there should be comments in your config file explaining how to do this), and include those logs? The 'info' level logs tend to give a high-level approximate view of issues, but only the debug logs can be relied upon

Bug#803396: [Debian-rtc-admin] Bug#803396: options for developers who don't want to use debian.org XMPP

On 6 November 2015 at 09:48, Rhonda D'Vine wrote: > Hi, > > * Daniel Pocock [2015-10-29 17:09:36 CET]: >> If a developer has their own XMPP account elsewhere or simply doesn't >> want to use it, any requests to be in their roster will simply not be >> responded to. Should we provide an opti

Bug#743836: Breaks Tigase Messenger on Android

It would be helpful if you could test the following patch with Tigase Messenger: https://hg.prosody.im/0.8/raw-rev/278489ee6e34 I have confirmed that it fixes Psi, so I'm pretty confident it will work. Regards, Matthew -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with

Bug#743836: prosody: Login fails with 'Unhandled c2s_unauthed stream element: compress' although package lua-zlib is installed

Hi Oliver, On 7 April 2014 08:27, Oliver Ladner wrote: > Package: prosody > Version: 0.8.2-4+deb7u1 > Severity: normal > > Dear Maintainer, > >* What led up to the situation? > > After updating to 0.8.2-4+deb7u1 (because of DSA-2895-1), client > logins fail with the above error when

Bug#656579: attempt to index field 'conn' (a nil value)

Hi Piotr, On 20 January 2012 09:25, Piotr Ożarowski wrote: > Package: prosody > Version: 0.8.2-1~bpo60+1 > Severity: normal > > my /var/log/prosody/prosody.err contains (few times a day max) tracebacks like > this one: > > | Jan 20 04:44:10 general error   Top-level error, please report: > | /usr

Bug#622638: more information

On 13 April 2011 16:18, Antoine Beaupre wrote: > Here are some good tips for the update: > > http://prosody.im/doc/packagers > Thanks, I wrote the tips and they have already been incorporated into the package ;) I believe the 0.8 package is ready for upload, however LuaDBI is not packaged yet (a

Bug#620882: prosody: incomplete filetransfer with mod_proxy65

Hi Michael, On 4 April 2011 21:27, Michael Trunner wrote: > Package: prosody > Version: 0.7.0-1~bpo50+1 > Severity: important > > > What steps will reproduce the problem? > 1. transfer a file with the help of mod_proxy65 > 2. sender said successful > 3. receiver says sender aborts > > > What is t

Bug#614175: Can't run after install

On 20 February 2011 09:33, Julien PUYDT wrote: > Hi, > > Le 20/02/2011 10:19, Matthew Wild a écrit : >> > > I did try to dpkg --purge, check there was nothing left then apt-get install > again -- always for the same result. > Ok, changing tack a little. It seems liblua

Bug#614175: Can't run after install

Hi Julien, On 20 February 2011 08:01, Julien PUYDT wrote: > Package: prosody > Version: 0.7.0-1 > Severity: grave > > "apt-get install prosody" leads to : > >  * Starting Prosody XMPP Server prosody > > ** > A problem occured while reading the config file /etc/prosody/pros

Bug#580185: pid file attack can be used to kill arbitrary processes

Excerpts from Joey Hess's message of Tue May 04 06:43:01 +0100 2010: > > Note that beyond the possibility this could be used as a security > hole, things go wrong, pid files end up with stale data in them. > Blindling killing w/o checking is asking for trouble. > Valid points. Perhaps a solutio