From: lissine Subject: [Security update] net/prosody 13.0.5 To: ports@openbsd.org Cc: Lucas Gabriel Vuotto Date: Sun, 24 May 2026 13:24:30 +0100 Hello ports, Prosody 13.0.5 fixes a few security issues. The release notes: https://blog.prosody.im/prosody-13.0.5-released/ The security advisory: https://prosody.im/security/advisory_735dd9d3/ I have been running the update on my server without issues. This should probably be made available for the OpenBSD 7.9 and 7.8 releases. Best regards Index: net/prosody/Makefile =================================================================== RCS file: /cvs/ports/net/prosody/Makefile,v retrieving revision 1.82 diff -u -p -u -r1.82 Makefile --- net/prosody/Makefile 12 Feb 2026 12:37:26 -0000 1.82 +++ net/prosody/Makefile 24 May 2026 11:41:28 -0000 @@ -1,5 +1,5 @@ COMMENT = communications server for Jabber/XMPP written in Lua -DISTNAME = prosody-13.0.4 +DISTNAME = prosody-13.0.5 CATEGORIES = net HOMEPAGE = https://prosody.im/ Index: net/prosody/distinfo =================================================================== RCS file: /cvs/ports/net/prosody/distinfo,v retrieving revision 1.34 diff -u -p -u -r1.34 distinfo --- net/prosody/distinfo 12 Feb 2026 12:37:26 -0000 1.34 +++ net/prosody/distinfo 24 May 2026 11:41:28 -0000 @@ -1,2 +1,2 @@ -SHA256 (prosody-13.0.4.tar.gz) = BtUkFV05m+MGQNWLT7qXaykXwVfT47gz0pvXaYoP4II= -SIZE (prosody-13.0.4.tar.gz) = 739068 +SHA256 (prosody-13.0.5.tar.gz) = lDskhg79EOnbfqq4fjX4JBWlXUamlLZn8CELiKQyPEI= +SIZE (prosody-13.0.5.tar.gz) = 741778 Index: net/prosody/patches/patch-util-src_pposix_c =================================================================== RCS file: /cvs/ports/net/prosody/patches/patch-util-src_pposix_c,v retrieving revision 1.4 diff -u -p -u -r1.4 patch-util-src_pposix_c --- net/prosody/patches/patch-util-src_pposix_c 22 Mar 2025 12:04:04 -0000 1.4 +++ net/prosody/patches/patch-util-src_pposix_c 24 May 2026 11:41:28 -0000 @@ -16,7 +16,7 @@ Index: util-src/pposix.c #if ! defined(__FreeBSD__) #ifndef _POSIX_C_SOURCE -@@ -654,6 +659,7 @@ static int lc_abort(lua_State *L) { +@@ -662,6 +667,7 @@ static int lc_abort(lua_State *L) { return 0; } @@ -24,7 +24,7 @@ Index: util-src/pposix.c const char *pipe_flag_names[] = { "cloexec", "direct", -@@ -664,6 +670,7 @@ const int pipe_flag_values[] = { +@@ -672,6 +678,7 @@ const int pipe_flag_values[] = { O_DIRECT, O_NONBLOCK }; Index: net/prosody/patches/patch-util_prosodyctl_lua =================================================================== RCS file: /cvs/ports/net/prosody/patches/patch-util_prosodyctl_lua,v retrieving revision 1.9 diff -u -p -u -r1.9 patch-util_prosodyctl_lua --- net/prosody/patches/patch-util_prosodyctl_lua 22 Mar 2025 12:04:04 -0000 1.9 +++ net/prosody/patches/patch-util_prosodyctl_lua 24 May 2026 11:41:28 -0000 @@ -1,7 +1,7 @@ Index: util/prosodyctl.lua --- util/prosodyctl.lua.orig +++ util/prosodyctl.lua -@@ -200,7 +200,7 @@ local function start(source_dir, lua) +@@ -198,7 +198,7 @@ local function start(source_dir, lua) if not source_dir then os.execute(lua .. "./prosody -D"); else @@ -10,7 +10,7 @@ Index: util/prosodyctl.lua end if notify_socket then -@@ -252,7 +252,7 @@ local render_cli = interpolation.new("%b{}", function +@@ -250,7 +250,7 @@ local render_cli = interpolation.new("%b{}", function local function call_luarocks(operation, mod, server) local dir = prosody.paths.installer; Index: net/prosody/patches/patch-util_startup_lua =================================================================== RCS file: /cvs/ports/net/prosody/patches/patch-util_startup_lua,v retrieving revision 1.3 diff -u -p -u -r1.3 patch-util_startup_lua --- net/prosody/patches/patch-util_startup_lua 12 Feb 2026 12:37:26 -0000 1.3 +++ net/prosody/patches/patch-util_startup_lua 24 May 2026 11:41:28 -0000 @@ -3,7 +3,7 @@ Use the right default user. Index: util/startup.lua --- util/startup.lua.orig +++ util/startup.lua -@@ -588,7 +588,7 @@ function startup.switch_user() +@@ -604,7 +604,7 @@ function startup.switch_user() local arg_root = prosody.opts.root; if prosody.current_uid == 0 and config.get("*", "run_as_root") ~= true and not arg_root then -- We haz root!