util.crand: Reduce scope here too Same as previous commit

util.strbitop: Reduce scope of functions Equivalent to 'local' in Lua, these functions are exported via the luaopen_ function, which is the only one needing to be visible outside of the file. Pointed out by Link Mauve at some point, but there wasn't really any rush here.

net.connect: Fix accumulation of connection attempt references Connection attempts that failed the Happy Eyeballs race were not unreferenced and would accumulate. Tested by inspecting the 'pending_connections_map' after establishing s2s with a s2s target where the IPv6 port has a -j DROP rule causing it to time out and the IPv4 attempt wins the race. Expected is that the losing connection stays around until net.server timeouts kick in where it should be removed. The map table should tend towards being empty during idle times.

Merge 0.12->trunk

util.prosodyctl: check turn: ensure a result is always returned from a check (thanks eTaurus)

make: Install stanza watcher library (thanks Menel)

mod_admin_shell: Add watch:stanzas() command

mod_debug_stanzas/watcher: New module library to dynamically 'watch' for stanzas

mod_s2s: Store real stanzas in session.sendq, rather than strings This is the "right" thing to do. Strings were more memory-efficient, but e.g. bypassed stanza filters at reconnection time. Also not being stanzas prevents us from potential future work, such as merging sendq with mod_smacks. Regarding performance: we should counter the probable negative effect of this change with other positive changes that are desired anyway - e.g. a limit on the size of the sendq, improved in-memory representation of stanzas, s2s backoff (e.g. if a remote server is persistently unreachable, cache this failure for a while and don't just keep forever queuing stanzas for it).

Merge 0.12->trunk

mod_storage_xep0227: Fix mapping of nodes without explicit configuration Turns out this table was wrong, it's missing some fields which are required and it's 'name', not 'node'. Setting it to the boolean true invokes compatibility behavior in mod_pep which results in the correct default structure.

Merge 0.12->trunk

mod_storage_xep0227: Fix conversion of SCRAM into internal format (fix #1741) Looks like this function was a copy of hex_to_base64 without modifying it to do its inverse.

mod_storage_xep0227: Support basic listing of PEP nodes in absence of pubsub#admin data Allows migrating PEP nodes with default settings

mod_storage_xep0227: Improve logging What were we looking at?

Merge 0.12->trunk

mod_storage_xep0227: Handle missing {pubsub#owner}pubsub element (fixes #1740)

Merge 0.12->trunk

prosodyctl: Pass server when listing (outdated) plugins (fix #1738) Needed since it checks the manifest of the repository and most likely defaults to luarocks.org unless specified

Merge 0.12->trunk

core.modulemanager: Fix global flag on per-host instances of shared modules (fix #1736) This flag is something of a shortcut for `module.host == "*"` and should always be equal to that. Its absence on the proxy object made the property of the global module instance visible, causing problems such as with URL reporting in mod_http

Merge 0.12->trunk

configmanager: Clearer errors when providing unexpected values after VirtualHost (fixes #1735, thanks arawaks)

Merge 0.12->trunk

util.random: Test whether util.crand works before using it (fix #1734) util.crand can be configured at compile time to use the Linux getrandom() system call, available from Linux 3.17, but it is still possible to load it with an older kernel lacking that system call, where attempting to use it throws an ENOSYS error. By testing for this on load we can fall back to /dev/urandom in this case.

Merge 0.12->trunk

mod_http (and dependent modules): Make CORS opt-in by default (fixes #1731) The same-origin policy enforced by browsers is a security measure that should only be turned off when it is safe to do so. It is safe to do so in Prosody's default modules, but people may load third-party modules that are unsafe. Therefore we have flipped the default, so that modules must explicitly opt in to having CORS headers added on their requests.

mod_http: Reintroduce support for disabling or limiting CORS (fixes #1730) This is far better than pre-0.12, because we now have a universal way to configure and enable/disable CORS on a per-module basis.

Merge 0.12->trunk

prosodyctl: check config: Report paths of loaded configuration files (fixed #1729)