Software `/` code `/` prosody

Annotate

makefile @ 12181:783056b4e448 0.11 0.11.12

util.xml: Do not allow doctypes, comments or processing instructions Yes. This is as bad as it sounds. CVE pending. In Prosody itself, this only affects mod_websocket, which uses util.xml to parse the <open/> frame, thus allowing unauthenticated remote DoS using Billion Laughs. However, third-party modules using util.xml may also be affected by this. This commit installs handlers which disallow the use of doctype declarations and processing instructions without any escape hatch. It, by default, also introduces such a handler for comments, however, there is a way to enable comments nontheless. This is because util.xml is used to parse human-facing data, where comments are generally a desirable feature, and also because comments are generally harmless.

author	Jonas Schäfer <jonas@wielicki.name>
date	Mon, 10 Jan 2022 18:23:54 +0100
parent	11748:88ba05494d17
child	11750:a8760562a096

rev	line source
8593 c4222e36333c Add makefiles compatible with BSD make Kim Alvefur <zash@zash.se> parents: diff changeset	1
c4222e36333c Add makefiles compatible with BSD make Kim Alvefur <zash@zash.se> parents: diff changeset	2 include config.unix
c4222e36333c Add makefiles compatible with BSD make Kim Alvefur <zash@zash.se> parents: diff changeset	3
c4222e36333c Add makefiles compatible with BSD make Kim Alvefur <zash@zash.se> parents: diff changeset	4 BIN = $(DESTDIR)$(PREFIX)/bin
c4222e36333c Add makefiles compatible with BSD make Kim Alvefur <zash@zash.se> parents: diff changeset	5 CONFIG = $(DESTDIR)$(SYSCONFDIR)
c4222e36333c Add makefiles compatible with BSD make Kim Alvefur <zash@zash.se> parents: diff changeset	6 MODULES = $(DESTDIR)$(LIBDIR)/prosody/modules
c4222e36333c Add makefiles compatible with BSD make Kim Alvefur <zash@zash.se> parents: diff changeset	7 SOURCE = $(DESTDIR)$(LIBDIR)/prosody
c4222e36333c Add makefiles compatible with BSD make Kim Alvefur <zash@zash.se> parents: diff changeset	8 DATA = $(DESTDIR)$(DATADIR)
c4222e36333c Add makefiles compatible with BSD make Kim Alvefur <zash@zash.se> parents: diff changeset	9 MAN = $(DESTDIR)$(PREFIX)/share/man
c4222e36333c Add makefiles compatible with BSD make Kim Alvefur <zash@zash.se> parents: diff changeset	10
c4222e36333c Add makefiles compatible with BSD make Kim Alvefur <zash@zash.se> parents: diff changeset	11 INSTALLEDSOURCE = $(LIBDIR)/prosody
c4222e36333c Add makefiles compatible with BSD make Kim Alvefur <zash@zash.se> parents: diff changeset	12 INSTALLEDCONFIG = $(SYSCONFDIR)
c4222e36333c Add makefiles compatible with BSD make Kim Alvefur <zash@zash.se> parents: diff changeset	13 INSTALLEDMODULES = $(LIBDIR)/prosody/modules
c4222e36333c Add makefiles compatible with BSD make Kim Alvefur <zash@zash.se> parents: diff changeset	14 INSTALLEDDATA = $(DATADIR)
c4222e36333c Add makefiles compatible with BSD make Kim Alvefur <zash@zash.se> parents: diff changeset	15
c4222e36333c Add makefiles compatible with BSD make Kim Alvefur <zash@zash.se> parents: diff changeset	16 INSTALL=install -p
c4222e36333c Add makefiles compatible with BSD make Kim Alvefur <zash@zash.se> parents: diff changeset	17 INSTALL_DATA=$(INSTALL) -m644
c4222e36333c Add makefiles compatible with BSD make Kim Alvefur <zash@zash.se> parents: diff changeset	18 INSTALL_EXEC=$(INSTALL) -m755
c4222e36333c Add makefiles compatible with BSD make Kim Alvefur <zash@zash.se> parents: diff changeset	19 MKDIR=install -d
c4222e36333c Add makefiles compatible with BSD make Kim Alvefur <zash@zash.se> parents: diff changeset	20 MKDIR_PRIVATE=$(MKDIR) -m750
c4222e36333c Add makefiles compatible with BSD make Kim Alvefur <zash@zash.se> parents: diff changeset	21
c4222e36333c Add makefiles compatible with BSD make Kim Alvefur <zash@zash.se> parents: diff changeset	22 .PHONY: all test clean install
c4222e36333c Add makefiles compatible with BSD make Kim Alvefur <zash@zash.se> parents: diff changeset	23
c4222e36333c Add makefiles compatible with BSD make Kim Alvefur <zash@zash.se> parents: diff changeset	24 all: prosody.install prosodyctl.install prosody.cfg.lua.install prosody.version
c4222e36333c Add makefiles compatible with BSD make Kim Alvefur <zash@zash.se> parents: diff changeset	25 $(MAKE) -C util-src install
c4222e36333c Add makefiles compatible with BSD make Kim Alvefur <zash@zash.se> parents: diff changeset	26 .if $(EXCERTS) == "yes"
c4222e36333c Add makefiles compatible with BSD make Kim Alvefur <zash@zash.se> parents: diff changeset	27 $(MAKE) -C certs localhost.crt example.com.crt
c4222e36333c Add makefiles compatible with BSD make Kim Alvefur <zash@zash.se> parents: diff changeset	28 .endif
c4222e36333c Add makefiles compatible with BSD make Kim Alvefur <zash@zash.se> parents: diff changeset	29
c4222e36333c Add makefiles compatible with BSD make Kim Alvefur <zash@zash.se> parents: diff changeset	30 install: prosody.install prosodyctl.install prosody.cfg.lua.install util/encodings.so util/encodings.so util/pposix.so util/signal.so
c4222e36333c Add makefiles compatible with BSD make Kim Alvefur <zash@zash.se> parents: diff changeset	31 $(MKDIR) $(BIN) $(CONFIG) $(MODULES) $(SOURCE)
c4222e36333c Add makefiles compatible with BSD make Kim Alvefur <zash@zash.se> parents: diff changeset	32 $(MKDIR_PRIVATE) $(DATA)
c4222e36333c Add makefiles compatible with BSD make Kim Alvefur <zash@zash.se> parents: diff changeset	33 $(MKDIR) $(MAN)/man1
c4222e36333c Add makefiles compatible with BSD make Kim Alvefur <zash@zash.se> parents: diff changeset	34 $(MKDIR) $(CONFIG)/certs
c4222e36333c Add makefiles compatible with BSD make Kim Alvefur <zash@zash.se> parents: diff changeset	35 $(MKDIR) $(SOURCE)/core $(SOURCE)/net $(SOURCE)/util
c4222e36333c Add makefiles compatible with BSD make Kim Alvefur <zash@zash.se> parents: diff changeset	36 $(INSTALL_EXEC) ./prosody.install $(BIN)/prosody
c4222e36333c Add makefiles compatible with BSD make Kim Alvefur <zash@zash.se> parents: diff changeset	37 $(INSTALL_EXEC) ./prosodyctl.install $(BIN)/prosodyctl
c4222e36333c Add makefiles compatible with BSD make Kim Alvefur <zash@zash.se> parents: diff changeset	38 $(INSTALL_DATA) core/*.lua $(SOURCE)/core
c4222e36333c Add makefiles compatible with BSD make Kim Alvefur <zash@zash.se> parents: diff changeset	39 $(INSTALL_DATA) net/*.lua $(SOURCE)/net
c4222e36333c Add makefiles compatible with BSD make Kim Alvefur <zash@zash.se> parents: diff changeset	40 $(MKDIR) $(SOURCE)/net/http $(SOURCE)/net/resolvers $(SOURCE)/net/websocket
c4222e36333c Add makefiles compatible with BSD make Kim Alvefur <zash@zash.se> parents: diff changeset	41 $(INSTALL_DATA) net/http/*.lua $(SOURCE)/net/http
c4222e36333c Add makefiles compatible with BSD make Kim Alvefur <zash@zash.se> parents: diff changeset	42 $(INSTALL_DATA) net/resolvers/*.lua $(SOURCE)/net/resolvers
c4222e36333c Add makefiles compatible with BSD make Kim Alvefur <zash@zash.se> parents: diff changeset	43 $(INSTALL_DATA) net/websocket/*.lua $(SOURCE)/net/websocket
c4222e36333c Add makefiles compatible with BSD make Kim Alvefur <zash@zash.se> parents: diff changeset	44 $(INSTALL_DATA) util/*.lua $(SOURCE)/util
c4222e36333c Add makefiles compatible with BSD make Kim Alvefur <zash@zash.se> parents: diff changeset	45 $(INSTALL_DATA) util/*.so $(SOURCE)/util
c4222e36333c Add makefiles compatible with BSD make Kim Alvefur <zash@zash.se> parents: diff changeset	46 $(MKDIR) $(SOURCE)/util/sasl
c4222e36333c Add makefiles compatible with BSD make Kim Alvefur <zash@zash.se> parents: diff changeset	47 $(INSTALL_DATA) util/sasl/*.lua $(SOURCE)/util/sasl
c4222e36333c Add makefiles compatible with BSD make Kim Alvefur <zash@zash.se> parents: diff changeset	48 $(MKDIR) $(MODULES)/mod_s2s $(MODULES)/mod_pubsub $(MODULES)/adhoc $(MODULES)/muc $(MODULES)/mod_mam
c4222e36333c Add makefiles compatible with BSD make Kim Alvefur <zash@zash.se> parents: diff changeset	49 $(INSTALL_DATA) plugins/*.lua $(MODULES)
c4222e36333c Add makefiles compatible with BSD make Kim Alvefur <zash@zash.se> parents: diff changeset	50 $(INSTALL_DATA) plugins/mod_s2s/*.lua $(MODULES)/mod_s2s
c4222e36333c Add makefiles compatible with BSD make Kim Alvefur <zash@zash.se> parents: diff changeset	51 $(INSTALL_DATA) plugins/mod_pubsub/*.lua $(MODULES)/mod_pubsub
c4222e36333c Add makefiles compatible with BSD make Kim Alvefur <zash@zash.se> parents: diff changeset	52 $(INSTALL_DATA) plugins/adhoc/*.lua $(MODULES)/adhoc
c4222e36333c Add makefiles compatible with BSD make Kim Alvefur <zash@zash.se> parents: diff changeset	53 $(INSTALL_DATA) plugins/muc/*.lua $(MODULES)/muc
c4222e36333c Add makefiles compatible with BSD make Kim Alvefur <zash@zash.se> parents: diff changeset	54 $(INSTALL_DATA) plugins/mod_mam/*.lua $(MODULES)/mod_mam
c4222e36333c Add makefiles compatible with BSD make Kim Alvefur <zash@zash.se> parents: diff changeset	55 .if $(EXCERTS) == "yes"
c4222e36333c Add makefiles compatible with BSD make Kim Alvefur <zash@zash.se> parents: diff changeset	56 $(INSTALL_DATA) certs/localhost.crt certs/localhost.key $(CONFIG)/certs
c4222e36333c Add makefiles compatible with BSD make Kim Alvefur <zash@zash.se> parents: diff changeset	57 $(INSTALL_DATA) certs/example.com.crt certs/example.com.key $(CONFIG)/certs
c4222e36333c Add makefiles compatible with BSD make Kim Alvefur <zash@zash.se> parents: diff changeset	58 .endif
c4222e36333c Add makefiles compatible with BSD make Kim Alvefur <zash@zash.se> parents: diff changeset	59 $(INSTALL_DATA) man/prosodyctl.man $(MAN)/man1/prosodyctl.1
c4222e36333c Add makefiles compatible with BSD make Kim Alvefur <zash@zash.se> parents: diff changeset	60 test -f $(CONFIG)/prosody.cfg.lua \|\| $(INSTALL_DATA) prosody.cfg.lua.install $(CONFIG)/prosody.cfg.lua
c4222e36333c Add makefiles compatible with BSD make Kim Alvefur <zash@zash.se> parents: diff changeset	61 -test -f prosody.version && $(INSTALL_DATA) prosody.version $(SOURCE)/prosody.version
c4222e36333c Add makefiles compatible with BSD make Kim Alvefur <zash@zash.se> parents: diff changeset	62 $(MAKE) install -C util-src
c4222e36333c Add makefiles compatible with BSD make Kim Alvefur <zash@zash.se> parents: diff changeset	63
c4222e36333c Add makefiles compatible with BSD make Kim Alvefur <zash@zash.se> parents: diff changeset	64 clean:
c4222e36333c Add makefiles compatible with BSD make Kim Alvefur <zash@zash.se> parents: diff changeset	65 rm -f prosody.install
c4222e36333c Add makefiles compatible with BSD make Kim Alvefur <zash@zash.se> parents: diff changeset	66 rm -f prosodyctl.install
c4222e36333c Add makefiles compatible with BSD make Kim Alvefur <zash@zash.se> parents: diff changeset	67 rm -f prosody.cfg.lua.install
c4222e36333c Add makefiles compatible with BSD make Kim Alvefur <zash@zash.se> parents: diff changeset	68 rm -f prosody.version
c4222e36333c Add makefiles compatible with BSD make Kim Alvefur <zash@zash.se> parents: diff changeset	69 $(MAKE) clean -C util-src
c4222e36333c Add makefiles compatible with BSD make Kim Alvefur <zash@zash.se> parents: diff changeset	70
c4222e36333c Add makefiles compatible with BSD make Kim Alvefur <zash@zash.se> parents: diff changeset	71 test:
c4222e36333c Add makefiles compatible with BSD make Kim Alvefur <zash@zash.se> parents: diff changeset	72 busted --lua=$(RUNWITH)
c4222e36333c Add makefiles compatible with BSD make Kim Alvefur <zash@zash.se> parents: diff changeset	73
c4222e36333c Add makefiles compatible with BSD make Kim Alvefur <zash@zash.se> parents: diff changeset	74
c4222e36333c Add makefiles compatible with BSD make Kim Alvefur <zash@zash.se> parents: diff changeset	75 prosody.install: prosody
c4222e36333c Add makefiles compatible with BSD make Kim Alvefur <zash@zash.se> parents: diff changeset	76 sed "1s\| lua$$\| $(RUNWITH)\|; \
c4222e36333c Add makefiles compatible with BSD make Kim Alvefur <zash@zash.se> parents: diff changeset	77 s\|^CFG_SOURCEDIR=.*;$$\|CFG_SOURCEDIR='$(INSTALLEDSOURCE)';\|; \
c4222e36333c Add makefiles compatible with BSD make Kim Alvefur <zash@zash.se> parents: diff changeset	78 s\|^CFG_CONFIGDIR=.*;$$\|CFG_CONFIGDIR='$(INSTALLEDCONFIG)';\|; \
c4222e36333c Add makefiles compatible with BSD make Kim Alvefur <zash@zash.se> parents: diff changeset	79 s\|^CFG_DATADIR=.*;$$\|CFG_DATADIR='$(INSTALLEDDATA)';\|; \
c4222e36333c Add makefiles compatible with BSD make Kim Alvefur <zash@zash.se> parents: diff changeset	80 s\|^CFG_PLUGINDIR=.*;$$\|CFG_PLUGINDIR='$(INSTALLEDMODULES)/';\|;" < prosody > $@
c4222e36333c Add makefiles compatible with BSD make Kim Alvefur <zash@zash.se> parents: diff changeset	81
c4222e36333c Add makefiles compatible with BSD make Kim Alvefur <zash@zash.se> parents: diff changeset	82 prosodyctl.install: prosodyctl
c4222e36333c Add makefiles compatible with BSD make Kim Alvefur <zash@zash.se> parents: diff changeset	83 sed "1s\| lua$$\| $(RUNWITH)\|; \
c4222e36333c Add makefiles compatible with BSD make Kim Alvefur <zash@zash.se> parents: diff changeset	84 s\|^CFG_SOURCEDIR=.*;$$\|CFG_SOURCEDIR='$(INSTALLEDSOURCE)';\|; \
c4222e36333c Add makefiles compatible with BSD make Kim Alvefur <zash@zash.se> parents: diff changeset	85 s\|^CFG_CONFIGDIR=.*;$$\|CFG_CONFIGDIR='$(INSTALLEDCONFIG)';\|; \
c4222e36333c Add makefiles compatible with BSD make Kim Alvefur <zash@zash.se> parents: diff changeset	86 s\|^CFG_DATADIR=.*;$$\|CFG_DATADIR='$(INSTALLEDDATA)';\|; \
c4222e36333c Add makefiles compatible with BSD make Kim Alvefur <zash@zash.se> parents: diff changeset	87 s\|^CFG_PLUGINDIR=.*;$$\|CFG_PLUGINDIR='$(INSTALLEDMODULES)/';\|;" < prosodyctl > $@
c4222e36333c Add makefiles compatible with BSD make Kim Alvefur <zash@zash.se> parents: diff changeset	88
c4222e36333c Add makefiles compatible with BSD make Kim Alvefur <zash@zash.se> parents: diff changeset	89 prosody.cfg.lua.install: prosody.cfg.lua.dist
c4222e36333c Add makefiles compatible with BSD make Kim Alvefur <zash@zash.se> parents: diff changeset	90 sed 's\|certs/\|$(INSTALLEDCONFIG)/certs/\|' prosody.cfg.lua.dist > $@
c4222e36333c Add makefiles compatible with BSD make Kim Alvefur <zash@zash.se> parents: diff changeset	91
c4222e36333c Add makefiles compatible with BSD make Kim Alvefur <zash@zash.se> parents: diff changeset	92 prosody.version:
11748 88ba05494d17 makefile: fix prosody.version target Lucas <lucas@sexy.is> parents: 8593 diff changeset	93 if [ -f prosody.release ]; then \
88ba05494d17 makefile: fix prosody.version target Lucas <lucas@sexy.is> parents: 8593 diff changeset	94 cp prosody.release $@; \
88ba05494d17 makefile: fix prosody.version target Lucas <lucas@sexy.is> parents: 8593 diff changeset	95 elif [ -f .hg_archival.txt ]; then \
88ba05494d17 makefile: fix prosody.version target Lucas <lucas@sexy.is> parents: 8593 diff changeset	96 sed -n 's/^node: $............$.*/\1/p' .hg_archival.txt > $@; \
88ba05494d17 makefile: fix prosody.version target Lucas <lucas@sexy.is> parents: 8593 diff changeset	97 elif [ -f .hg/dirstate ]; then \
88ba05494d17 makefile: fix prosody.version target Lucas <lucas@sexy.is> parents: 8593 diff changeset	98 hexdump -n6 -e'6/1 "%02x"' .hg/dirstate > $@; \
88ba05494d17 makefile: fix prosody.version target Lucas <lucas@sexy.is> parents: 8593 diff changeset	99 else \
88ba05494d17 makefile: fix prosody.version target Lucas <lucas@sexy.is> parents: 8593 diff changeset	100 echo unknown > $@; \
88ba05494d17 makefile: fix prosody.version target Lucas <lucas@sexy.is> parents: 8593 diff changeset	101 fi

prosody

0.11.12

makefile

Software / code / prosody

Annotate

makefile @ 12181:783056b4e448 0.11 0.11.12

Software `/` code `/` prosody