* Use length with route keys
* closefd during main loop
* ported router connection closing improvement from cwave
* fix potential segfault in a call to xhash_putx()
* enforce iq type
* Fixed packet jabber:server -> jabber:client namespace mangling
* Fixed attribute namespace handling in NAD parser
* Fixed missing reference in log_error
* Special case to ignore the X509_V_ERR_UNABLE_TO_GET_CRL error
when CRL is not present in chain. Merged patch by Michal Witkowski.
* storage_ldapvcard rebind like auth_ldap for successful connection
to MS Active Directory as LDAP storage. Merged patch by x0r.
* Merged SASL External login for clients patch by Michal Witkowski.
* Merged router-filter redirect option by Ugnich Anton.
* Dropped support for PEP
* Fix for crash on empty pkt->to
* Unlimit file descr. to 1024 for c2s, as in c2s configuration file.
* Allow -Os (instead of -O1) as a work-around 64-bit compiler bug.
* Router patch.
What changed:
- Implemented component clustering
- Many virtual hosts in one SM process
- FreeBSD kqueue support
- Implemented PBX integration interface
- crypt() password support for LDAP backend
There is new <local/> section in sm.xml. You may use it to configure
domains serviced by the SM process. Old style domain name in <id/>
section still works for backward compatibility, but the <local/>
section overrides it. You need to give different <id/> names to
SM instances participating in clustering. Router needs a way to
differenciate these.
There is new <pbx/> section in c2s.xml configuration file. Please
see it if you want to use the PBX integration.
Packaging changes:
added PKG_OPTIONS_GROUP.mio to control the choice of I/O modules.
Defaulting to mio-select and mio-poll, which are known to work with
NetBSD > 4.0.
Added missing files to distribution
Check for non configured c2s local.id
Added tool to migrate from jabberd14 to jabberd2 SQLite. BBN.com
contribution.
Fix for authreg_pipe. Fixes#204
Updated bdb2mysql.rb to jabberd 2.1 DB schema
Do not handle disco to nodes
Fixed vCard get
Fixed empty node check
Restored reading [jabberd] group from my.cnf
Unified way utf-8 is selected in MySQL backend
Merged crypted passwords support for MySQL. Closes#184 and 197
Removed debug that might cause segfault. Fixes#196.
Do not handle vCard request destined to full JIDs. Fixes#190
Added charset utf-8 to db-setup.mysql
Fixes segfault that happend when there are multiple sessions and
privacy list was changed. Fixes#188
Really fix gsasl ANONYMOUS login
Webstatus presence resource enabled only when service enabled
Added server component presence resources
Added maxstanzasize debug message
Include “util/inaddr.h” for socklen_t ss_family etc. Refs #191
Include <stdarg.h> if available. Refs #191
TYPE_SOCKLEN_T check. Refs #91
TYPE_SOCKLEN_T check. Refs #91
Include inttypes.h instead of stdlib.h as it is more universally
available. Refs #191
Check for stdarg.h in configure.
Remove AC_PROG_GCC_TRADITIONAL (obsolete).
Remove AC_FUNC_MALLOC, AC_FUNC_REALLOC - if they find malloc(0) does
not return a valid pointer malloc will be defined to rpl_malloc, and
no rpl_malloc is available. See
http://www.gnu.org/software/autoconf/manual/autoconf.html#Particular-Functions
Seems easier to use AC_SEARCH_LIBS for inet_ntop etc.
Move the broken __ss_family check so that it appears after the check
for struct sockaddr_storage.
Check for socklen_t
Fix –enable-pgsql
Fixed compatibility with VC++ and ANSI, variables must be declared at
the beginning of the block.
Check for Win32 OpenSSL and Visual C++ 2005 SP1 Redistributable
Package (x86), and raise error if not found in the installer.
Updated Makefile.am witn new README.protocol file
Unified URI/URN definitions
connecting to something. Putting 'sleep 5' in sm's rc.d script
resolves the problem. (The right fix is to for all programs to ensure
that they are ready to provide all defined services before the
top-level command exits, but that's much harder.) PKGREVISION++.
2.1.14
2007-08-14
* Integrated authreg_oracle by fundy.
* Operands incompatibility fix for Sun compiler.
* contrib/cyrus-sasl-digest-md5-fix added
* Applied MIO memleak fix related to time_checks by Christof Meerwald.
2.1.13
2007-08-08
* Reverted broken [311] and [313] changes to source:trunk/mio/mio_impl.h
* compilation fix
* Fix configuration XML files domain update
* Don't allow reinstalling on newer version
* Fixed off-by-one error in base64
* Force uninstall previous version on upgrade.
2.1.12
2007-07-30
* Fixed many memleaks
* Check if OpenSSL is already initialized in PostgreSQL backend.
* Implemented PQconnectdb PostgreSQL connection method.
* Applied pg_config using by configure patch by Michael Krelin.
* Implemented auth/reg stream features advertisement.
* Removed useless while/alloc loops
* WiX notes for Windows README
* WiX new "JabberWelcomeDlg?"
* WiX fixed cases of reinstall & upgrade
* nad_cache_new & nad_cache_free exported as JABBERD2_API functions.
* Changed allocator BLOCKSIZE to 128 bytes
2.1.11
2007-07-27
* Changed SASL level error reporting to malformed-request error according
to rfc3920bis.
* Fixed ./configure tests reliability.
* Changed DOS line endings to UNIX line endings.
* Fixed XML predefined entities quoting in serialized XML.
2.1.10
2007-07-20
* Removed SASL backend fallbacks
* Added roster items limit option. Closes#89
* Added count support in SQLite3 backend
2.1.9
2007-07-19
* Added jabber❌oob redirection support during in-band registration
* Logging JID on disconnection
* Added counting packets on c2s and s2s connections
* Added TLS indicator for c2s and s2s logs.
* Added type='log' to ComponentProtocol <route/> wrapper for logged packets.
2.1.8
2007-07-12
* Resurrected /scod from revision 189
* Changed SASL backend selection method. Incorporated SCOD selection option.
* Keeping garbage out of LIBS variable.
* Reporting dropped packet when starttls-required.
* Fix for storage_db compilation error after util/ cleanup.
2.1.7
2007-07-04
* Full Win32 support
o proper build under Windows
o support for native Windows network I/O
o runs as a service under Windows
o native Windows auth modules:
+ ntlogon
+ sspi
o Windows installer
* Support for reloading c2s serviced hosts on SIGHUP
* Proper dynamic module handling on non GCC platforms
* Defaulting MySQL connection to UTF-8
* Removed support for ZeroK authentication
* Fixed dynamic linker detection with libtool
* XMPP compatibility fixes
* Exported libsubst sysmbols dynamic for sm modules to use
the owner of all installed files is a non-root user. This change
affects most packages that require special users or groups by making
them use the specified unprivileged user and group instead.
(1) Add two new variables PKG_GROUPS_VARS and PKG_USERS_VARS to
unprivileged.mk. These two variables are lists of other bmake
variables that define package-specific users and groups. Packages
that have user-settable variables for users and groups, e.g. apache
and APACHE_{USER,GROUP}, courier-mta and COURIER_{USER,GROUP},
etc., should list these variables in PKG_USERS_VARS and PKG_GROUPS_VARS
so that unprivileged.mk can know to set them to ${UNPRIVILEGED_USER}
and ${UNPRIVILEGED_GROUP}.
(2) Modify packages to use PKG_GROUPS_VARS and PKG_USERS_VARS.
the shared libraries were not installed, the configure added -ldb and
we did not have this dependency to satisfy libtool.
Also use bdb.buildlink3.mk. Bump PKGREVISION.
A lot of changes were made since previous update, like SASL support,
SQLite support, etc. Please see the following URL for a full list
of changes:
http://jabberd2.xiaoka.com/wiki/Releases
clear that these variables are completely unrelated to
BUILDLINK_TRANSFORM.
Added a legacy check that catches appearances of BUILDLINK_TRANSFORM.*.
XXX: Where should incompatible changes in pkgsrc be documented?
RECOMMENDED is removed. It becomes ABI_DEPENDS.
BUILDLINK_RECOMMENDED.foo becomes BUILDLINK_ABI_DEPENDS.foo.
BUILDLINK_DEPENDS.foo becomes BUILDLINK_API_DEPENDS.foo.
BUILDLINK_DEPENDS does not change.
IGNORE_RECOMMENDED (which defaulted to "no") becomes USE_ABI_DEPENDS
which defaults to "yes".
Added to obsolete.mk checking for IGNORE_RECOMMENDED.
I did not manually go through and fix any aesthetic tab/spacing issues.
I have tested the above patch on DragonFly building and packaging
subversion and pkglint and their many dependencies.
I have also tested USE_ABI_DEPENDS=no on my NetBSD workstation (where I
have used IGNORE_RECOMMENDED for a long time). I have been an active user
of IGNORE_RECOMMENDED since it was available.
As suggested, I removed the documentation sentences suggesting bumping for
"security" issues.
As discussed on tech-pkg.
I will commit to revbump, pkglint, pkg_install, createbuildlink separately.
Note that if you use wip, it will fail! I will commit to pkgsrc-wip
later (within day).
* fixed SASL anonymous
* fixed edge cases with new dynamic jid code
* fixed incorrect free order in c2s
* corrected debug logging
* fixed s2s bus error on 64-bit architectures
* fixed c2s collisions due to long jids
* fixed error response to iq result
* fixed roster pushing packets without id
* applied new dynamic jid patch
* fixed double free of nad in c2s and s2s
* major memory enhancement, made jid structure dynamically allocated
* fixed glibc error with custom sql statements
* fixed segfault with keepalives
as the INSTALL and DEINSTALL scripts no longer distinguish between
the two types of files. Drop SUPPORT_FILES{,_PERMS} and modify the
packages in pkgsrc accordingly.
The jabberd project team is pleased to announce the release of jabberd 2.0s9.
This is a security release. There is a buffer overflow that could be used to
perform a DoS attack and possible code execution. It is *HIGHLY* recommended
that you upgrade!
ChangeLog:
* fixed only one user is loaded correctly for each router acl
* fixed s2s segfault under particular connection timeout conditions
* fixed id is being case sensitive
* fixed Users cannot login after a long period of server inactivity
* fixed handling of stream errors
* fixed version attribute reply in stream
* fixed c2s glibc abort and mysql option flags
* fixed sx io mem leak
* fixed Incorrect SASL error message defined in sx/sasl.c
* fixed 3 buffer overflows in jid.c
* fixed second log-in in with similar resource breaks routing for first login
Changes:
* Fix base64 encoding length in authreg_pipe.c Stephen Marquard,
Diagnosed by Jerome Vandenabeele
* Fixes segfault on s2s startup on some platforms when ssl is enabled
(local pemfile defined in s2s.xml), Stephen Marquard
* mod_offline handling of jabber❌event client requests (JEP-0022) can
lead to a loop repeatedly adding duplicates to the offline queue under
certain race conditions. Correctly detect jabber❌event notifications
and do not respond to them as requests, Stephen Marquard
* Check for invalid jids in directed presence packets, Stephen Marquard,
Based on bug report by Christopher Zorn
* Fixes minor memory leaks in authreg_ldap, Ilja Booij
* Fixes error in storage filter code using bdb storage causing sm
crash, Stephen Marquard
* Changes incorrectly indexed primary keys to non-unique indexes,
adds other indexes for efficiency, and changes type of xml field to
increase max allowed length, Stephen Marquard
* Include sys/types.h if available in util.h inter alia for FreeeBSD,
Stephen Marquard
* Minor code cleanups for compilation on HP-UX, Christof Meerwald
* Fix configure.in for correct handling of resolv.h, Magnus Henoch
* Include resquery checks from MAIN cvs branch in 2.0, Christof Meerwald
* Allows jabberd to start new components and place itself in the
background, Richard Bullington-McGuire (original ver), Additional
components defined in jabberd.cfg get started as long as they are in
the same directory as the jabberd script (useful for mu-conference
installed through jcr) The script can daemonize itself with the "-b"
switch after starting the various programs it watches over, unless the
debug option is set.
* Paranoia, ensure than srv->name is nul terminated., Jedi/Sector One
And more, please see the Changelog file.
under share/examples/rc.d. The variable name already was named
RCD_SCRIPTS_EXAMPLEDIR.
This is from ideas from Greg Woods and others.
Also bumped PKGREVISION for all packages using RCD_SCRIPTS mechanism
(as requested by wiz).
http://www.marquard.net/jabber/#recommended,
specifically patch 58 which fixes the remote exploit listed at:
http://www.securityfocus.com/archive/1/382250
Patches included:
28* patch-jedi8-sm-object_c
Remove incorrect semicolumn from os_object_free() in sm/object.c
29* patch-jedi-mysql-storage
Fixes to mysql storage for boundary conditions
30* patch-base64
Fix length-related issues in base64 decoding routines
31* patch-sm-storage_db
Fixes to storage_db.c to avoid roster corruption: "sm/storage_db
inserts items in the filter hash table with keys which are located
on the stack. This creates confusion when the code later tries to
compare with these keys."
32* patch-nad-escape
Fixes bug in _nad_escape() where escaping ]]> can cause a segfault
when handling large messages where nad_realloc is called.
38* patch-jedi-pgsql-storage
Fixes to pgsql storage for boundary conditions and incorrect buffer
length calculation
46* patch-memleaks
Fix minor memory leaks in digest-md5 authentication and nad_free()
47* patch-ns-fix
Fixes omission of namespace declaration where a namespace has
already been used in the XML stanza
48* patch-sm-nad-triplet
Fixes omission of prefix on attributes processed by nad_parse (e.g.
in queue storage)
49* patch-mod_disco_publish
Corrects check for deleting previously published disco items from
"delete" to "remove" (as per JEP-0030).
50* patch-sm-filter
Alters filter handling and adds mysql/pgsql escaping on filter
strings to allow brackets and apostrophes in resource names that
form part of JIDs stored as roster entries
58* patch-c2s-buffers
Fixes buffer overflow that can lead to segfault in c2s mysql and
pgsql auth modules - see report by icbm (www.venustech.com.cn)
Changes:
* Fixed race condition allowing c2s to be killed, Stephen Marquard
* Fixed off-by-one bug in s2s/main.c leading to segfault on startup
in some environmentsp
* Fixed memory leak in sm, Michal Kera
* Fixed problem relating to SSL connections not being closed
correctly, Nathan Christiansen
* Fixed 3 problems in mod_announce: (a) NAD freed before use, (b)
struct tm not initialised correctly on some platforms, and (c)
time not initialised for broadcast motd messages delivered to
online users, Stephen Marquard
* Fixed insertion of extra namespace in element in some types of
messages retrieved from offline queue, which causes a parse
error in the router, Matthew Buckett
* Fixed off-by-one bug in PLAIN SASL authentication code. May also
resolve a number of other bugs relating to c2s authentication,
Robert Theisen
* Fixed return value of jid_new() in pkt.c to avoid sm segfault
from dereferencing NULL pointer, triggered by a message with a
to JID of the form "@some.server@", Stephen Marquard
* Avoided adding nads to the cache that are created through
nad_copy(), Stephen Marquard
* Fixed bug in retrieving hash values, Stephen Marquard
* Improved performance of pool cleanup function, Stephen Marquard
* Corrected handling of EMAIL, TEL and ADR/CTRY elements in vcards
for JEP-0054 compliance, Stephen Marquard
* Optimised sm algorithm for announcing presence to skip presence
announcements and probes for users on the same server who are
not online, Stephen Marquard
* Checked that storage drivers are initialised correctly; if not,
abort, Stephen Marquard
* Fixed file descriptor leak in storage_fs
* Allowed c2s to supply a certificate chain to clients, Iain
MacDonnell
in the process. (More information on tech-pkg.)
Bump PKGREVISION and BUILDLINK_DEPENDS of all packages using libtool and
installing .la files.
Bump PKGREVISION (only) of all packages depending directly on the above
via a buildlink3 include.
