prosody (0.8.2-4+deb7u4) wheezy-security; urgency=high

  * CVE-2016-0756: insecure dialback key generation/validation algorithm
  * Fix for regression introduced in the previous CVE-2016-1232 fix:
    s2s doesn't work if /dev/urandom is read-only.

 -- Sergei Golovan <sgolovan@debian.org>  Thu, 28 Jan 2016 10:28:24 +0300

prosody (0.8.2-4+deb7u3) wheezy-security; urgency=high

  * CVE-2016-1231: path traversal in http built-in server
  * CVE-2016-1232: weak PRNG for dialback on S2S

 -- Enrico Tassi <gareuselesinge@debian.org>  Fri, 08 Jan 2016 20:07:12 +0100

prosody (0.8.2-4+deb7u2) wheezy-security; urgency=high

  * Fixup to prosody-0.8-compression-dos-2.patch to prevent clients with
    compression enabled to disconnect (Closes: #743836):
    - compression-advertisement-fix.patch

 -- Enrico Tassi <gareuselesinge@debian.org>  Sun, 20 Apr 2014 09:52:15 +0200

prosody (0.8.2-4+deb7u1) wheezy-security; urgency=high

  * Patch to prevent a DOS:
    - prosody-0.8-compression-dos-2.patch

 -- Enrico Tassi <gareuselesinge@debian.org>  Tue, 01 Apr 2014 13:42:11 +0200

prosody (0.8.2-4) unstable; urgency=low

  [ Matthew James Wild ]
  * Fix init script to expect 'lua5.1' as a process name

 -- Enrico Tassi <gareuselesinge@debian.org>  Fri, 29 Jun 2012 20:26:21 +0200

prosody (0.8.2-3) unstable; urgency=low

  * Add patch prosody-lua51.patch to make prosody work even if lua5.2
    is installed

 -- Enrico Tassi <gareuselesinge@debian.org>  Fri, 29 Jun 2012 19:04:46 +0200

prosody (0.8.2-2) unstable; urgency=low

  [ Sergei Golovan ]
  * Switched to the snakeoil SSL certificate for localhost server instead of
    generating a separate one. This moves the responsibility of creating SSL
    certificate and private key to the ssl-cert package (Closes: #638027,
    #645853).
  * Create localhost.cfg.lua symlink in /etc/prosody/conf.d directory in
    postinstallation script and only on a new install to allow the local
    admin removing it completely.
  * Added lua-zlib, lua-dbi-postgresql, lua-dbi-mysql and lua-dbi-sqlite3 to
    the suggested packages list. lua-zlib allows prosody to use XMPP stream
    compression, the others let prosody store its data in an external
    relational database.
  * Bumped standards version to 3.9.3 (no changes needed).

  [ Enrico Tassi ]
  * Fix build dependency using the new Lua packages names

 -- Sergei Golovan <sgolovan@debian.org>  Wed, 16 May 2012 22:07:24 +0400

prosody (0.8.2-1) unstable; urgency=low

  * New upstream bugfix release
  * Fixed ssl cert generation in postinst (Closes: #596433)
  * Bumped standards version to 3.9.2, no changes
  * source format 3.0 (quilt) 

 -- Enrico Tassi <gareuselesinge@debian.org>  Thu, 21 Jul 2011 21:55:57 +0200

prosody (0.8.1-1) unstable; urgency=high

  * New upstream release (Closes: #622638)
  * Depend on lua-expat >= 1.2.0 to fix DoS attack (Closes: #629234)

 -- Enrico Tassi <gareuselesinge@debian.org>  Sat, 04 Jun 2011 18:42:47 +0200

prosody (0.8.0-1) unstable; urgency=low

  [ Matthew James Wild ]
  * New upstream release. (closes: #614175, #620882)
  * Relocate all Prosody modules into /usr/lib/prosody. (closes: #600370)

  [ Enrico Tassi ]
  * Removed prosody.dirs, usr/lib/lua/5.1/util/ not needed
  * Bumped standards version to 3.9.1. no changes needed 
  * Added watch file

 -- Enrico Tassi <gareuselesinge@debian.org>  Mon, 23 May 2011 10:07:42 +0200

prosody (0.7.0-1) unstable; urgency=low

  * New upstream release.
  * Check username and process name along with pidfile before stopping
    prosody daemon (closes: #580185).
  * Strictened dependency on liblua5.1-filesystem0 to versions with fixed
    umask bug in mkdir procedure (closes: #579087).
  * Use an absolute SSL certificate and key paths in config example
    /etc/prosody/conf.avail/example.com.cfg.lua (closes: #581682).
  * Added $syslog dependency to the prosody init script.
  * Added liblua5.1-event0 (which provides support for a large number of
    network connections) to recommended dependencies.
  * Bumped standards version to 3.9.0.

 -- Sergei Golovan <sgolovan@debian.org>  Mon, 05 Jul 2010 20:55:28 +0400

prosody (0.6.2-2) unstable; urgency=low

  * Fixed changing ownership and permissions of the old prosody config
    file (closes: #578837).
  * Added required-stop dependency on $remote_fs for prosody init script
    because it requires /usr/bin/prosody existence to run. Also, removed
    unnecessary dependency on $local_fs.
  * Bumped standards version to 3.8.4.

 -- Sergei Golovan <sgolovan@debian.org>  Sun, 25 Apr 2010 10:37:20 +0400

prosody (0.6.2-1) unstable; urgency=low

  [ Enrico Tassi ]
  * Fixed typo in config file. Thanks  Tollef Fog Heen (Closes: #563795)

  [ Sergei Golovan ]
  * New upstream release.
  * Remove prosody group on package purge.
  * Make /etc/prosody directory readable, so the config filename can be
    completed in case user enters 'sudo vi /etc/prosody/pr<TAB>'. The config
    file itself is world-unreadable now.
  * Don't change ownership and permissions of prosody config, log and
    database directories if they are overridden by dpkg-statoverride.

 -- Sergei Golovan <sgolovan@debian.org>  Sun, 18 Apr 2010 11:57:22 +0400

prosody (0.6.1-1) unstable; urgency=low

  * New upstream release.
  * Replaced no_daemonize option by daemonize in the prosody config file.

 -- Sergei Golovan <sgolovan@debian.org>  Sun, 13 Dec 2009 16:23:07 +0300

prosody (0.5.2-2) unstable; urgency=low

  [ Enrico Tassi ]
  * recommend liblua5.1-sec1 instead of liblua5.1-sec0

 -- Enrico Tassi <gareuselesinge@debian.org>  Tue, 17 Nov 2009 10:11:50 +0100

prosody (0.5.2-1) unstable; urgency=low

  [ Sergei Golovan ]
  * New upstream release.
  * Change log rotating frequency to weekly, compress logs, and create log
    files with adm group instead of prosody and with permissions 640.
  * Added copyright note for util-src/lsignal.c file to debian/copyright
    and reformatted it to fit 80 character lines.
  * Added README.source which explains how to get patched source given the
    pristine source and the series of patches in debian/patches.
  * Bumped standards version to 3.8.3.

  [ Matthew James Wild ]
  * Suppress output of reload during logrotate, avoiding emails from cron.

 -- Sergei Golovan <sgolovan@debian.org>  Wed, 30 Sep 2009 20:44:14 +0400

prosody (0.5.1-1) unstable; urgency=low

  * Initial release (closes: #538130).

 -- Sergei Golovan <sgolovan@debian.org>  Fri, 31 Jul 2009 13:43:15 +0400
