util.paseto: Implementation of PASETO v4.public tokens PASETO provides an alternative to JWT with the promise of fewer implementation pitfalls. The v4.public algorithm allows asymmetric cryptographically-verified token issuance and validation. In summary, such tokens can be issued by one party and securely verified by any other party independently using the public key of the issuer. This has a number of potential applications in a decentralized network and ecosystem such as XMPP. For example, such tokens could be combined with XEP-0317 to allow hats to be verified even in the context of a third-party MUC service.

util.crypto: New wrapper for some operations in OpenSSL's libcrypto Specifically, ED25519 key generation/import/export, sign/verify operations, and AES encrypt/decrypt.

util-src: Add new utility header managed_pointer.h The macros in this header allow creation of GC-managed objects from manually- managed C alloc/free APIs.

mod_smacks: Set session.smacks after sending <enabled/> to fix traceback ...with opportunistic writes enabled.

core.moduleapi: Check for local role-aware sessions before e.g. s2s The condition checked for s2sin but not s2sout, so would have ignored bidi-enabled s2sout sessions. Components as well.

mod_smacks: Use new :add_error() in last remaining error result construction

mod_smacks: Split enable handling to stages, to allow easier SASL2 integration

util.stanza: Add add_error() to simplify adding error tags to existing stanzas Some fiddling is required now in error_reply() to ensure the cursor is in the same place as before this change (a lot of code apparently uses that feature).

mod_component: Require 'from' attribute on stanzas by default The old behaviour of falling back to the component domain when it is missing has been merged into the logic for the existing "validate_from_addresses" option (which is strict by default). ejabberd already rejects component stanzas with no 'from' (as the XEP requires), and this has led to compatibility issues for components that were seemingly working fine with Prosody.

mod_external_services: Update tools.ietf.org URL See bd9e006a7a74