Matthew Wild <mwild1@gmail.com> [Thu, 06 Oct 2022 15:59:07 +0100] rev 12746
mod_tokenauth: Invalidate tokens issued before most recent password change
This is a security improvement, to ensure that sessions authenticated using a
token (note: not currently possible in stock Prosody) are invalidated just
like password-authenticated sessions are.
Matthew Wild <mwild1@gmail.com> [Thu, 06 Oct 2022 11:12:57 +0100] rev 12745
prosodyctl: check turn: More clearly indicate the error is from TURN server
Kim Alvefur <zash@zash.se> [Tue, 04 Oct 2022 12:04:43 +0200] rev 12744
mod_authz_internal: Fix warning due to global use
Thanks Menel and Martin
Jonas Schäfer <jonas@wielicki.name> [Mon, 03 Oct 2022 12:55:11 +0200] rev 12743
Backed out changeset 1bc2220cd6ec
The use of the error helpers creates an `<error/>` child element
containing the error condition. This is however not allowed as per
XEP-0198, which specifies that the error condition is to be a direct
child of the `<failed/>` stream management element.
This has triggered a fun reconnect loop in aioxmpp where it was
reported by a user [1].
[1]: https://github.com/horazont/aioxmpp/issues/382
Matthew Wild <mwild1@gmail.com> [Fri, 30 Sep 2022 20:38:31 +0100] rev 12742
util.jwt: More robust ECDSA signature parsing, fail early on unexpected length
Kim Alvefur <zash@zash.se> [Fri, 30 Sep 2022 00:27:10 +0200] rev 12741
util.crypto: Fix tests
Found this number in a hat.
Sleepy time. Good night.
Matthew Wild <mwild1@gmail.com> [Thu, 29 Sep 2022 23:17:42 +0100] rev 12740
util.jwt: Add support for ES512 (+ tests)
Matthew Wild <mwild1@gmail.com> [Thu, 29 Sep 2022 23:15:39 +0100] rev 12739
util.crypto, util.jwt: Generate consistent signature sizes (via padding)
This fixes the signature parsing and building to work correctly. Sometimes
a signature was one or two bytes too short, and needed to be padded. OpenSSL
can do this for us.
Matthew Wild <mwild1@gmail.com> [Thu, 29 Sep 2022 12:57:05 +0100] rev 12738
CHANGES: Update with MUC permission changes
Matthew Wild <mwild1@gmail.com> [Thu, 29 Sep 2022 12:46:02 +0100] rev 12737
mod_authz_internal: Allow specifying default role for public (remote) users