Kim Alvefur <zash@zash.se> [Wed, 02 Feb 2022 18:30:54 +0100] rev 12246
man/prosodyctl: Normalize formatting syntax
Filtered trough pandoc
Kim Alvefur <zash@zash.se> [Wed, 02 Feb 2022 17:58:48 +0100] rev 12245
util.dns: Minor updates of SVCB parser
Now based on draft-ietf-dnsop-svcb-https-08
Kim Alvefur <zash@zash.se> [Sun, 04 Oct 2020 21:29:44 +0200] rev 12244
util.dns: Implement SVCB record parser
Based on draft-ietf-dnsop-svcb-https-00
Kim Alvefur <zash@zash.se> [Sun, 04 Oct 2020 21:27:20 +0200] rev 12243
util.dns: Fix returning read position after zero-length name
Doesn't affect normal usage by Prosody since neither A nor AAAA records
use this and SRV records has the host name last so the position is not
needed.
Kim Alvefur <zash@zash.se> [Wed, 02 Feb 2022 17:31:39 +0100] rev 12242
util.dnsregistry: Regenerate from IANA registry
Note the duplicate 9 and 16 entries, neither of which are especially
relevant for our resolver usage.
Kim Alvefur <zash@zash.se> [Sun, 04 Oct 2020 19:26:53 +0200] rev 12241
tools.dnsregistry: For converting IANA DNS registry data to Lua table
Kim Alvefur <zash@zash.se> [Sun, 04 Oct 2020 19:23:16 +0200] rev 12240
util.dns: Move DNS parameters details into util.dnsregistry
Goal is to regenerate this file from the IANA registry using a tool.
Having it in a separate file will reduce vcs noise in util.dns
Kim Alvefur <zash@zash.se> [Thu, 18 Mar 2021 00:03:16 +0100] rev 12239
doap: Make note of mod_mam storing XEP-0184 receipts
Kim Alvefur <zash@zash.se> [Tue, 11 Jan 2022 17:51:26 +0100] rev 12238
plugins: Update for namespace bump in XEP-0353 v0.4.0
Kim Alvefur <zash@zash.se> [Tue, 01 Feb 2022 14:46:42 +0100] rev 12237
util.prosodyctl.check: Fix reset of libunbound before DNS checks
Probably worked anyway but settings might not always have been applied
depending on what order things happens in.
Error was hidden by the pcall, which was sorta intentional...
Kim Alvefur <zash@zash.se> [Mon, 31 Jan 2022 17:07:12 +0100] rev 12236
doap: Let's say XEP-0368 support is complete now
We break the SHOULD about the merged _xmpp and _xmpps SRV handling, but
we follow all the MUSTs
Kim Alvefur <zash@zash.se> [Sun, 30 Jan 2022 16:04:22 +0100] rev 12235
util.prosodyctl.check: Fix A/AAAA check for proxy65 and http
When there are no records to return the return value from dns.lookup()
might be nil or might be a table containing zero records, depending on
which DNS library is used
Kim Alvefur <zash@zash.se> [Sun, 30 Jan 2022 13:16:30 +0100] rev 12234
util.prosodyctl.check: Include multiplexed ports in DNS checks #1704
Kim Alvefur <zash@zash.se> [Sun, 30 Jan 2022 12:49:43 +0100] rev 12233
mod_admin_shell: Add descriptions of each column to 'help columns'
Since some of the titles are quite dense
Kim Alvefur <zash@zash.se> [Sun, 30 Jan 2022 11:10:51 +0100] rev 12232
mod_admin_shell: Use exact match instead of Lua patterns in c2s,s2s:show
It is unexpected that 'example.com' matches 'exampleicom.org' and this
use of Lua patterns is undocumented and unlikely to be widely known or
used.
Kim Alvefur <zash@zash.se> [Sat, 29 Jan 2022 16:11:38 +0100] rev 12231
mod_http_file_share: Use alternate syntax for filename in Content-Disposition
The Lua string.format %q doesn't behave correctly for all characters
that should be escaped in a quoted-string. And who knows what effects
higher Unicode might have here.
Applying percent-encoding of filenames seems like the safest way to deal
with filenames, as well as being easier than implementing the actual
quoted-string transform, which seems complicated and I'm not even sure
it covers every possible character.
Filenames can safely be assumed to be UTF-8 since they are passed in an
attribute in the query without any escaping.
Kim Alvefur <zash@zash.se> [Sat, 29 Jan 2022 15:01:38 +0100] rev 12230
mod_admin_shell: Fix traceback on rendering graph of stats without extra labels
Stops an error when extra_labels is nil since it attempts to index it
Unsure about correctness
Kim Alvefur <zash@zash.se> [Sat, 29 Jan 2022 14:58:37 +0100] rev 12229
mod_admin_shell: Add help section about stats
Kim Alvefur <zash@zash.se> [Fri, 28 Jan 2022 20:39:13 +0100] rev 12228
mod_admin_shell: Add help section about customizing table columns
Kim Alvefur <zash@zash.se> [Fri, 28 Jan 2022 14:19:05 +0100] rev 12227
README: Reflow text to ~78 columns
It's what `gwl` in my vim did. Must be optimal then.
Kim Alvefur <zash@zash.se> [Fri, 28 Jan 2022 11:57:58 +0100] rev 12226
INSTALL: Update from site version
Kim Alvefur <zash@zash.se> [Thu, 27 Jan 2022 21:40:13 +0100] rev 12225
util.format: Expand explanation of purpose in comments
Kim Alvefur <zash@zash.se> [Thu, 27 Jan 2022 21:14:22 +0100] rev 12224
util.format: Skip control code escaping when doing full serialization
Fixes that a multi-line string ended up "like\
\9this" instead of "like\nthis" as can be demonstrated by somehow
initiating a connection to a HTTP server.
Kim Alvefur <zash@zash.se> [Thu, 27 Jan 2022 16:23:26 +0100] rev 12223
util.prosodyctl.cert: Look for certs matching 'http_host'
This should ensure any certificate needed for HTTP services will also be
included in the certificate import.
Kim Alvefur <zash@zash.se> [Thu, 27 Jan 2022 12:52:01 +0100] rev 12222
util.prosodyctl.check: Fix use of LuaSocket URL parser
Kim Alvefur <zash@zash.se> [Thu, 27 Jan 2022 12:36:50 +0100] rev 12221
util.prosodyctl.check: Add HTTP related DNS checks
Since XEP-0363 is essentially mandatory now this will hopefully help
diagnose some common issues.
Kim Alvefur <zash@zash.se> [Wed, 26 Jan 2022 13:24:23 +0100] rev 12220
util.prosodyctl.cert: Look for certificates in a consistent order
Shortest first, then alphabetically, so that it prefers the base domain
over subdomains.
Fixes that it might otherwise pick a random sub-domain for filename on
each run, cluttering the certs directory and potentially tricking
Prosody into using an older certificate that might be about to expire.
Kim Alvefur <zash@zash.se> [Mon, 24 Jan 2022 23:06:45 +0100] rev 12219
mod_pubsub: Allow configuring summary templates
Enables generation of summaries for more than Atom without additional
modules.
Kim Alvefur <zash@zash.se> [Mon, 24 Jan 2022 23:04:38 +0100] rev 12218
mod_pubsub: Use the util.xtemplate to render Atom summary
Kim Alvefur <zash@zash.se> [Mon, 24 Jan 2022 23:54:32 +0100] rev 12217
util.xtemplate: Yet another string template library
This one takes a stanza as input
Roughly based on util.interpolation
Kim Alvefur <zash@zash.se> [Mon, 24 Jan 2022 23:05:26 +0100] rev 12216
mod_pubsub: Use the 'pubsub#type' setting to pick summary generator
Allows using different ones even if multiple semantically different
formats share the same root element xmlns, e.g. generic Atom and
XEP-0277 entries.
Kim Alvefur <zash@zash.se> [Tue, 25 Jan 2022 13:20:26 +0100] rev 12215
mod_tls: Set ALPN on outgoing connections
Relevant and sometimes needed for Direct TLS which mod_s2s uses this
context for. Primarily when e.g. mod_net_multiplex or equivalent ALPN
based dispatch is used.
All these contexts should likely move away from mod_tls and into either
mod_s2s or portmanager. The later already duplicates some of this work.
Matthew Wild <mwild1@gmail.com> [Mon, 24 Jan 2022 13:58:04 +0000] rev 12214
Added tag 0.11.13 for changeset ebeb4d959fb3
Kim Alvefur <zash@zash.se> [Sun, 23 Jan 2022 20:06:50 +0100] rev 12213
mod_admin_shell: Add command to show current user roles
Kim Alvefur <zash@zash.se> [Sun, 23 Jan 2022 19:55:32 +0100] rev 12212
mod_admin_shell: Add help section about roles
As in the argument to user:create() and user:roles()
Tricky to come up with something sensible to write when Prosody core
only knows of the 'prosody:admin' role so far.
Kim Alvefur <zash@zash.se> [Fri, 21 Jan 2022 18:42:38 +0100] rev 12211
mod_s2s: Retrieve TLS context for outgoing Direct TLS connections from mod_tls
So that the same TLS context is used for both Direct TLS and starttls,
since they are supposed to be functionally identical apart from the few
extra round trips.
A new event is added because the 's2s-created' event fires much later,
after a connection has already been established, where we need the TLS
context before that.
Kim Alvefur <zash@zash.se> [Fri, 21 Jan 2022 17:59:19 +0100] rev 12210
mod_s2s: Enable outgoing Direct TLS connections
Makes it faster by cutting out the roundtrips involved in <starttls/>,
at the cost of making an additional SRV lookup.
Since we already ignore a missing <starttls/> offer and try anyway there
is not much difference in security. The fact that XMPP is used and the
hostnames involved might still be visible until the future Encrypted
ClientHello extension allows hiding those too.
Kim Alvefur <zash@zash.se> [Fri, 21 Jan 2022 17:57:47 +0100] rev 12209
net.connect: Allow passing TLS context from resolver
Only allowing it to be passed directly makes it hard to combine plain
(i.e. starttls) and Direct TLS connections in the same connection
resolution procedure. But now we can, using chained resolvers!
Kim Alvefur <zash@zash.se> [Fri, 21 Jan 2022 17:56:20 +0100] rev 12208
net.resolvers.chain: A resolver for combining other resolvers
Say if you wanted to try both _xmpp and _xmpps services
Kim Alvefur <zash@zash.se> [Thu, 20 Jan 2022 13:02:24 +0100] rev 12207
Merge 0.11->trunk
Kim Alvefur <zash@zash.se> [Thu, 20 Jan 2022 10:51:46 +0100] rev 12206
util.xml: Deduplicate handlers for restricted XML
Makes the code more like util.xmppstream, allowing easier comparisons if
we ever need to apply fixes in the future.
Kim Alvefur <zash@zash.se> [Thu, 20 Jan 2022 09:57:20 +0100] rev 12205
util.xml: Break reference to help the GC (fix #1711)
LuaExpat uses a registry reference to track handlers, which makes
it so that an upvalue like this creates a reference loop that keeps the
parser and its handlers from being garbage collected. The same issue has
affected util.xmppstream in the past.
Code for checking:
local xml_parse = require"util.xml".parse;
for i = 1, 10000 do xml_parse("<root/>") end
collectgarbage(); collectgarbage();
print(collectgarbage("count"), "KiB");
A future release of LuaExpat may fix the underlying issue there.
Kim Alvefur <zash@zash.se> [Wed, 19 Jan 2022 10:28:09 +0100] rev 12204
util.prosodyctl.cert: Check success of copy operations, warn on fail
Debugging a case where certs are not imported correctly but prosodyctl
still reports success. Hoping this will shed some light on it.
Kim Alvefur <zash@zash.se> [Wed, 19 Jan 2022 10:26:43 +0100] rev 12203
util.prosodyctl.cert: Pass variables via formatting instead of concatenation
Prevents potential weirdness in case there's any %s or such in a host,
file or directory name, since show_warning() is printf().
Kim Alvefur <zash@zash.se> [Tue, 18 Jan 2022 15:43:17 +0100] rev 12202
tools/xep227toprosody: Remove obsolete tool in favor of storage driver
This tool hasn't been updated for recent XEP-0227 changes, hasn't seen
many changes at all since its introduction and I don't remember anyone
mentioning ever using it.
Using mod_storage_xmlarchive and the migrator or the 3rd party
mod_migrate tool should work better these days and should be the way
forward.
Kim Alvefur <zash@zash.se> [Tue, 18 Jan 2022 11:52:35 +0100] rev 12201
core.certmanager: Use 'tls_profile' instead of 'tls_preset' to match documentation
Confusion!
Thanks Martin
Kim Alvefur <zash@zash.se> [Tue, 18 Jan 2022 08:04:16 +0100] rev 12200
core.certmanager: Apply TLS preset before global settings (thanks Menel)
Allows overriding settings via the global 'ssl' settings as before.
This order was probably accidental. That said, 'ssl' is a giant footgun
we will want to discourage use of.
Matthew Wild <mwild1@gmail.com> [Mon, 17 Jan 2022 14:18:27 +0000] rev 12199
mod_storage_xep0227: Fix luacheck warning
Matthew Wild <mwild1@gmail.com> [Mon, 17 Jan 2022 14:12:45 +0000] rev 12198
mod_storage_xep0227: Fix traceback during iteration of driver stores
:include(other_set), :add(item)
Matthew Wild <mwild1@gmail.com> [Mon, 17 Jan 2022 14:11:45 +0000] rev 12197
mod_storage_xep0227: Fix file export (missing parameter) from refactor in 270047afa6af
Kim Alvefur <zash@zash.se> [Sat, 15 Jan 2022 17:37:07 +0100] rev 12196
mod_http: Increase severity of loading unreachable http modules
This is either caused by an earlier failure to bind http/s ports, in
which case that should be corrected, or explicitly disbling the http/s
ports, in which case ... why enable http modules?
Suggested by jonas’
Kim Alvefur <zash@zash.se> [Sat, 27 Nov 2021 12:26:15 +0100] rev 12195
mod_http: Skip querying portmanager when http_external_url when is set
When http_external_url is set then the portmanager usage only really
serves as a check of whether any http service is enabled at all.
Should allow generating an URL from prosodyctl when http_external_url is
set.
Kim Alvefur <zash@zash.se> [Sat, 15 Jan 2022 16:25:25 +0100] rev 12194
util.jid: Explicitly check for nil rather than falsy
A boolean false should blow up.
Jonas Schäfer <jonas@wielicki.name> [Sat, 15 Jan 2022 15:40:29 +0100] rev 12193
mod_storage_xep0227: treat roster metadata pseudo-entry correctly
The roster version is stored in a pseudo-item which has the key `false`.
The if condition in the touched code attempts to guard against this, but
it does not take into account that the jid prepping returns nil instead
of false.
By moving the jid prepping into the if, we can check for the metadata
entry safely.
Jonas Schäfer <jonas@wielicki.name> [Sat, 15 Jan 2022 15:39:13 +0100] rev 12192
mod_storage_xep0227: be defensive against empty vCard
An empty vCard store may look like the empty table, which does not have
the `attr` key, which would then blow up in util.stanza.deserialize.
Kim Alvefur <zash@zash.se> [Sat, 15 Jan 2022 15:13:41 +0100] rev 12191
mod_http: Limit unencrypted http port (5280) to loopback by default
Since accessing this port directly over the wider Internet is unlikely
to intentional anymore. Most uses will likely be by reverse proxies, by
mistake or because of trouble configuring HTTPS.
Blocking mistaken uses is just a good thing, letting users send
potentially private things unencrypted tends to be Strongly Discouraged
these days.
Many reverse proxy setups operate over loopback, so listening there
instead of all interfaces is a net improvement.
Improved automatic certificate location and SNI support has mostly
eliminated the need for manual certificate configuration so HTTPS should
Just Work once certificates have been provided.
For local testing during development, connecting over loopback is likely
fine as well. When really needed, `http_interfaces` can still be set.
Suggested by Link Mauve
Kim Alvefur <zash@zash.se> [Sat, 15 Jan 2022 09:09:24 +0100] rev 12190
mod_cron: Allow for a small amount of timer drift
If the timer activates a bit early then a task might be just a few
seconds short of being allowed to run. This would run such a task rather
than wait another hour.
The value 0.5% chosen so that a weekly task does not run an entire hour
earlier than last time.
Matthew Wild <mwild1@gmail.com> [Fri, 14 Jan 2022 17:00:13 +0000] rev 12189
mod_storage_xep0227: Fix luacheck warnings
Matthew Wild <mwild1@gmail.com> [Fri, 14 Jan 2022 16:57:19 +0000] rev 12188
mod_storage_xep0227: Add API to iterate all stores of a user
Matthew Wild <mwild1@gmail.com> [Fri, 14 Jan 2022 16:55:18 +0000] rev 12187
mod_storage_xep0227: Skip self-contacts on roster import