X-Git-Url: https://git.enpas.org/?a=blobdiff_plain;f=util%2Fdependencies.lua;h=4d50cf63a17452d76f17891cdba3f9e57d5eec51;hb=533fc1fa57ce10fc0821f8edaeb247f2710a543c;hp=5baea942af4b52781332af029b0c30e47841219d;hpb=c269396a37a8bef1b71982f2cdd336324eb72d07;p=prosody.git

diff --git a/util/dependencies.lua b/util/dependencies.lua
index 5baea942..4d50cf63 100644
--- a/util/dependencies.lua
+++ b/util/dependencies.lua
@@ -49,6 +49,14 @@ package.preload["util.ztact"] = function ()
 end;
 
 function check_dependencies()
+	if _VERSION ~= "Lua 5.1" then
+		print "***********************************"
+		print("Unsupported Lua version: ".._VERSION);
+		print("Only Lua 5.1 is supported.");
+		print "***********************************"
+		return false;
+	end
+
 	local fatal;
 	
 	local lxp = softreq "lxp"
@@ -136,6 +144,22 @@ function log_warnings()
 			log("error", "This version of LuaSec contains a known bug that causes disconnects, see http://prosody.im/doc/depends");
 		end
 	end
+	if lxp then
+		if not pcall(lxp.new, { StartDoctypeDecl = false }) then
+			log("error", "The version of LuaExpat on your system leaves Prosody "
+				.."vulnerable to denial-of-service attacks. You should upgrade to "
+				.."LuaExpat 1.3.0 or higher as soon as possible. See "
+				.."http://prosody.im/doc/depends#luaexpat for more information.");
+		end
+		if not lxp.new({}).getcurrentbytecount then
+			log("error", "The version of LuaExpat on your system does not support "
+				.."stanza size limits, which may leave servers on untrusted "
+				.."networks (e.g. the internet) vulnerable to denial-of-service "
+				.."attacks. You should upgrade to LuaExpat 1.3.0 or higher as "
+				.."soon as possible. See "
+				.."http://prosody.im/doc/depends#luaexpat for more information.");
+		end
+	end
 end
 
 return _M;