NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
eb39f4e146
kumquat-buildroot/package/prosody/prosody.mk

64 lines
1.7 KiB
Makefile
Raw Normal View History

package/prosody: new package As stated by the upstream developers, Prosody only supports lua-5.1 or luajit (which is a lua-5.1 interpreter): > Response from zash at zash.se: > >> I pegged the package to lua 5,1 based on the contents of the >> INSTALL file. Is this a hard requirement? > > Up until Prosody 0.9 Lua 5.1 is required. However LuaJIT > implements Lua 5.1 so it works. The license terms are not very consistent: the source files all state to be "MIT/X11 licensed" and defer to the COPYING file for details, but that file only has the text for the MIT license. Thus, we believe the license to be MIT/X11, as stated in the source files. This installs the base system with certificates for two domains: localhost and example.com The default runtime configuration is tweaked during installation to properly setup logging and pid-file directories. Prosody doesn't like being executed as root, and thus the daemon is executed as the user prosody. The startup script creates the pid file write location with appropriate permissions. Signed-off-by: Dushara Jayasinghe <nidujay@gmail.com> Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-10-01 00:13:03 +02:00
################################################################################
#
# prosody
#
################################################################################
package/prosody: security bump to version 0.11.9 Fixes the following security issues: - CVE-2021-32918: DoS via insufficient memory consumption controls It was discovered that default settings leave Prosody susceptible to remote unauthenticated denial-of-service (DoS) attacks via memory exhaustion when running under Lua 5.2 or Lua 5.3. Lua 5.2 is the default and recommended Lua version for Prosody 0.11.x series. - CVE-2021-32920: DoS via repeated TLS renegotiation causing excessive CPU consumption It was discovered that Prosody does not disable SSL/TLS renegotiation, even though this is not used in XMPP. A malicious client may flood a connection with renegotiation requests to consume excessive CPU resources on the server. - CVE-2021-32921: Use of timing-dependent string comparison with sensitive values It was discovered that Prosody does not use a constant-time algorithm for comparing certain secret strings when running under Lua 5.2 or later. This can potentially be used in a timing attack to reveal the contents of secret strings to an attacker. - CVE-2021-32917: Use of mod_proxy65 is unrestricted in default configuration mod_proxy65 is a file transfer proxy provided with Prosody to facilitate the transfer of files and other data between XMPP clients. It was discovered that the proxy65 component of Prosody allows open access by default, even if neither of the users have an XMPP account on the local server, allowing unrestricted use of the server’s bandwidth. - CVE-2021-32919: Undocumented dialback-without-dialback option insecure The undocumented option ‘dialback_without_dialback’ enabled an experimental feature for server-to-server authentication. A flaw in this feature meant it did not correctly authenticate remote servers, allowing a remote server to impersonate another server when this option is enabled. For more details, see the advisory: https://prosody.im/security/advisory_20210512/ Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-05-14 11:43:09 +02:00
PROSODY_VERSION = 0.11.9
package/prosody: new package As stated by the upstream developers, Prosody only supports lua-5.1 or luajit (which is a lua-5.1 interpreter): > Response from zash at zash.se: > >> I pegged the package to lua 5,1 based on the contents of the >> INSTALL file. Is this a hard requirement? > > Up until Prosody 0.9 Lua 5.1 is required. However LuaJIT > implements Lua 5.1 so it works. The license terms are not very consistent: the source files all state to be "MIT/X11 licensed" and defer to the COPYING file for details, but that file only has the text for the MIT license. Thus, we believe the license to be MIT/X11, as stated in the source files. This installs the base system with certificates for two domains: localhost and example.com The default runtime configuration is tweaked during installation to properly setup logging and pid-file directories. Prosody doesn't like being executed as root, and thus the daemon is executed as the user prosody. The startup script creates the pid file write location with appropriate permissions. Signed-off-by: Dushara Jayasinghe <nidujay@gmail.com> Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-10-01 00:13:03 +02:00
PROSODY_SITE = https://prosody.im/downloads/source
PROSODY_LICENSE = MIT
PROSODY_LICENSE_FILES = COPYING
package/prosody: add PROSODY_CPE_ID_VENDOR cpe:2.3:a:prosody:prosody is a valid CPE identifier for this package: https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aprosody%3Aprosody Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-03-03 10:29:57 +01:00
PROSODY_CPE_ID_VENDOR = prosody
prosody: bump to version 0.10.0 this version is not restricted to Lua 5.1 Signed-off-by: Francois Perrad <francois.perrad@gadz.org> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-03-18 13:28:06 +01:00
PROSODY_DEPENDENCIES = host-luainterpreter luainterpreter libidn openssl
package/prosody: new package As stated by the upstream developers, Prosody only supports lua-5.1 or luajit (which is a lua-5.1 interpreter): > Response from zash at zash.se: > >> I pegged the package to lua 5,1 based on the contents of the >> INSTALL file. Is this a hard requirement? > > Up until Prosody 0.9 Lua 5.1 is required. However LuaJIT > implements Lua 5.1 so it works. The license terms are not very consistent: the source files all state to be "MIT/X11 licensed" and defer to the COPYING file for details, but that file only has the text for the MIT license. Thus, we believe the license to be MIT/X11, as stated in the source files. This installs the base system with certificates for two domains: localhost and example.com The default runtime configuration is tweaked during installation to properly setup logging and pid-file directories. Prosody doesn't like being executed as root, and thus the daemon is executed as the user prosody. The startup script creates the pid file write location with appropriate permissions. Signed-off-by: Dushara Jayasinghe <nidujay@gmail.com> Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-10-01 00:13:03 +02:00
prosody: fix build with musl libc musl libc does not provide the mallinfo() API. Define WITHOUT_MALLINFO to skip the code using it. Fixes: http://autobuild.buildroot.net/results/42c/42cd6e3be761d1cb358bc50acd7fa58c8aa1c750/ http://autobuild.buildroot.net/results/29d/29d8dcbe013e549a865c0c5953272dab1fe5f777/ http://autobuild.buildroot.net/results/a6d/a6deb7440f80b072432c0f9c048e59abe4edf1c0/ Cc: Dushara Jayasinghe <nidujay@gmail.com> Cc: Francois Perrad <francois.perrad@gadz.org> Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-03 06:45:24 +02:00
PROSODY_CFLAGS = $(TARGET_CFLAGS) -fPIC -std=c99 \
$(if BR2_TOOLCHAIN_USES_MUSL,-DWITHOUT_MALLINFO)
prosody: refactor with PROSODY_CONF_OPTS variable Signed-off-by: Francois Perrad <francois.perrad@gadz.org> [Thomas: keep TARGET_CONFIGURE_OPTS in the environment.] Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-10-18 18:46:48 +02:00
PROSODY_CONF_OPTS = \
package: clean up remaining references to $(HOST_DIR)/usr Signed-off-by: Ferdinand van Aartsen <ferdinand@ombud.nl> Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-09-24 00:04:59 +02:00
--with-lua-bin=$(HOST_DIR)/bin \
prosody: refactor with PROSODY_CONF_OPTS variable Signed-off-by: Francois Perrad <francois.perrad@gadz.org> [Thomas: keep TARGET_CONFIGURE_OPTS in the environment.] Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-10-18 18:46:48 +02:00
--with-lua=$(STAGING_DIR)/usr \
prosody: bump to version 0.10.0 this version is not restricted to Lua 5.1 Signed-off-by: Francois Perrad <francois.perrad@gadz.org> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-03-18 13:28:06 +01:00
--lua-version=$(LUAINTERPRETER_ABIVER) \
prosody: refactor with PROSODY_CONF_OPTS variable Signed-off-by: Francois Perrad <francois.perrad@gadz.org> [Thomas: keep TARGET_CONFIGURE_OPTS in the environment.] Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-10-18 18:46:48 +02:00
--c-compiler=$(TARGET_CC) \
prosody: fix build with musl libc musl libc does not provide the mallinfo() API. Define WITHOUT_MALLINFO to skip the code using it. Fixes: http://autobuild.buildroot.net/results/42c/42cd6e3be761d1cb358bc50acd7fa58c8aa1c750/ http://autobuild.buildroot.net/results/29d/29d8dcbe013e549a865c0c5953272dab1fe5f777/ http://autobuild.buildroot.net/results/a6d/a6deb7440f80b072432c0f9c048e59abe4edf1c0/ Cc: Dushara Jayasinghe <nidujay@gmail.com> Cc: Francois Perrad <francois.perrad@gadz.org> Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-03 06:45:24 +02:00
--cflags="$(PROSODY_CFLAGS)" \
prosody: refactor with PROSODY_CONF_OPTS variable Signed-off-by: Francois Perrad <francois.perrad@gadz.org> [Thomas: keep TARGET_CONFIGURE_OPTS in the environment.] Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-10-18 18:46:48 +02:00
--linker=$(TARGET_CC) \
--ldflags="$(TARGET_LDFLAGS) -shared" \
--sysconfdir=/etc/prosody \
--prefix=/usr
prosody: bump to version 0.10.0 this version is not restricted to Lua 5.1 Signed-off-by: Francois Perrad <francois.perrad@gadz.org> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-03-18 13:28:06 +01:00
ifeq ($(BR2_PACKAGE_LUAJIT),y)
PROSODY_CONF_OPTS += --runwith=luajit
endif
package/prosody: new package As stated by the upstream developers, Prosody only supports lua-5.1 or luajit (which is a lua-5.1 interpreter): > Response from zash at zash.se: > >> I pegged the package to lua 5,1 based on the contents of the >> INSTALL file. Is this a hard requirement? > > Up until Prosody 0.9 Lua 5.1 is required. However LuaJIT > implements Lua 5.1 so it works. The license terms are not very consistent: the source files all state to be "MIT/X11 licensed" and defer to the COPYING file for details, but that file only has the text for the MIT license. Thus, we believe the license to be MIT/X11, as stated in the source files. This installs the base system with certificates for two domains: localhost and example.com The default runtime configuration is tweaked during installation to properly setup logging and pid-file directories. Prosody doesn't like being executed as root, and thus the daemon is executed as the user prosody. The startup script creates the pid file write location with appropriate permissions. Signed-off-by: Dushara Jayasinghe <nidujay@gmail.com> Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-10-01 00:13:03 +02:00
define PROSODY_CONFIGURE_CMDS
cd $(@D) && \
$(TARGET_CONFIGURE_OPTS) \
prosody: refactor with PROSODY_CONF_OPTS variable Signed-off-by: Francois Perrad <francois.perrad@gadz.org> [Thomas: keep TARGET_CONFIGURE_OPTS in the environment.] Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-10-18 18:46:48 +02:00
./configure $(PROSODY_CONF_OPTS)
package/prosody: new package As stated by the upstream developers, Prosody only supports lua-5.1 or luajit (which is a lua-5.1 interpreter): > Response from zash at zash.se: > >> I pegged the package to lua 5,1 based on the contents of the >> INSTALL file. Is this a hard requirement? > > Up until Prosody 0.9 Lua 5.1 is required. However LuaJIT > implements Lua 5.1 so it works. The license terms are not very consistent: the source files all state to be "MIT/X11 licensed" and defer to the COPYING file for details, but that file only has the text for the MIT license. Thus, we believe the license to be MIT/X11, as stated in the source files. This installs the base system with certificates for two domains: localhost and example.com The default runtime configuration is tweaked during installation to properly setup logging and pid-file directories. Prosody doesn't like being executed as root, and thus the daemon is executed as the user prosody. The startup script creates the pid file write location with appropriate permissions. Signed-off-by: Dushara Jayasinghe <nidujay@gmail.com> Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-10-01 00:13:03 +02:00
endef
define PROSODY_BUILD_CMDS
$(TARGET_MAKE_ENV) $(MAKE) -C $(@D)
endef
define PROSODY_INSTALL_TARGET_CMDS
$(TARGET_MAKE_ENV) $(MAKE) DESTDIR="$(TARGET_DIR)" -C $(@D) install
endef
define PROSODY_INSTALL_INIT_SYSV
$(INSTALL) -D -m 0755 package/prosody/S50prosody \
$(TARGET_DIR)/etc/init.d/S50prosody
endef
define PROSODY_USERS
prosody -1 prosody -1 * - - - Prosody user
endef
# make install installs a Makefile and meta data to generate certs
define PROSODY_REMOVE_CERT_GENERATOR
rm -f $(TARGET_DIR)/etc/prosody/certs/Makefile
rm -f $(TARGET_DIR)/etc/prosody/certs/*.cnf
endef
PROSODY_POST_INSTALL_TARGET_HOOKS += PROSODY_REMOVE_CERT_GENERATOR
$(eval $(generic-package))
Reference in New Issue Copy Permalink