Kim Alvefur <zash@zash.se> [Thu, 22 Jul 2021 17:18:39 +0200] rev 11716
MUC: Fix logic for access to affiliation lists
Fixes https://prosody.im/security/advisory_20210722/
Backs out 4d7b925652d9
Kim Alvefur <zash@zash.se> [Mon, 19 Jul 2021 17:07:59 +0200] rev 11715
MUC: Skip adding to history when it's set to zero
Optimizes away all the processing on every message in case the
end-result is zero history.
Kim Alvefur <zash@zash.se> [Sun, 18 Jul 2021 23:25:45 +0200] rev 11714
net.resolvers.service: Only do DANE with secure SRV records
If this seems backwards, that' because it is but the API isn't really
designed to easily pass along details from each resolution step onto the
next.
Kim Alvefur <zash@zash.se> [Sun, 18 Jul 2021 22:46:57 +0200] rev 11713
core.certmanager: Support 'use_dane' setting to enable DANE support
Removes the need to enable DANE with two separate settings.
Previously you had to also set `ssl = { dane = true }` to activate DANE
support in LuaSec and OpenSSL.
Kim Alvefur <zash@zash.se> [Sun, 18 Jul 2021 21:57:24 +0200] rev 11712
Revert 926d53af9a7a: Restore DANE support
Previous commit adds a workaround, so this doesn't mutate global state
anymore, only per-connection 'extra' state as originally intended.
Kim Alvefur <zash@zash.se> [Sun, 18 Jul 2021 21:53:26 +0200] rev 11711
mod_s2s: Clone 'extra' data to let resolvers add more to it
This way 'extra' is unique for each connect() instance, making it safer
to mutate it, while inheriting the global settings.
See 926d53af9a7a for some more context.
Kim Alvefur <zash@zash.se> [Sun, 18 Jul 2021 12:57:06 +0200] rev 11710
editorconfig: We use tabs
This lets various supporting editors know what indentation style should
be used for files in the repo. See https://editorconfig.org/
Coding style for Lua files is described in `doc/coding_style.md`
The 3-space indentation in `configure` comes from its LuaRocks
inheritance.
`doc/doap.xml` is normalized with `xmllint` which spits out 2-space
indentation.
Kim Alvefur <zash@zash.se> [Sun, 18 Jul 2021 09:17:31 +0200] rev 11709
mod_s2s: Handle measurement where the local host is unknown
This could happen with Dialback-only connections or others that were
missing the stream 'to' attribute.
Kim Alvefur <zash@zash.se> [Sun, 18 Jul 2021 09:08:04 +0200] rev 11708
mod_s2s: Guard against missing 'to' on incoming stream
Given an incoming <stream:stream from="example.com"> this line would
have mistakenly reported the 'from' as the local host. Neither are
technically required and may be missing, especially on connections used
only for Dialback.
Outgoing connections initiated by Prosody always have 'from_host' and
'to_host', so it is safer to check it this way.
Kim Alvefur <zash@zash.se> [Sun, 18 Jul 2021 08:53:37 +0200] rev 11707
net.server_epoll: Fix traceback-causing typo
Caused "attempt to index a string value (local 'data')", but only if
keep_buffers is set to false, which is not the default.
Introduced in 917eca7be82b