Kim Alvefur <zash@zash.se> [Mon, 30 Aug 2021 15:22:01 +0200] rev 11754
Merge 0.11->trunk
Jonas Schäfer <jonas@wielicki.name> [Sun, 29 Aug 2021 15:04:47 +0200] rev 11753
net.http: fail open if surrounding code does not configure TLS
Previously, if surrounding code was not configuring the TLS context
used default in net.http, it would not validate certificates at all.
This is not a security issue with prosody, because prosody updates the
context with `verify = "peer"` as well as paths to CA certificates in
util.startup.init_http_client.
Nevertheless... Let's not leave this pitfall out there in the open.
Lucas <lucas@sexy.is> [Sun, 15 Aug 2021 04:10:36 +0000] rev 11752
makefile: fix prosody.version target
POSIX is quite explicit regarding the precedence of AND-OR lists [0]:
> The operators "&&" and "||" shall have equal precedence and shall be
> evaluated with left associativity. For example, both of the following
> commands write solely `bar` to standard output:
> false && echo foo || echo bar
> true || echo foo && echo bar
Given that, `prosody.version` target behaves as
((((((test -f prosody.release && cp ...) ||
test -f ...) &&
sed ...) ||
test -f ...) &&
hexdump ...) ||
echo unknown > $@)
In the case of release tarballs, `prosody.release` does exist, so the
first AND pair is executed. Given that it's successful, then the first
`test -f` in the OR pair is ignored, and instead the `sed` in the AND
pair is executed. `sed` success, as `.hg_archival.txt` exists, making
the second `test -f` in the OR pair ignored, and `hexdump` in the AND
pair is executed. Now, given that `.hg` doesn't exist, it fails, so the
last `echo` is run, overwriting `prosody.version` with `unknown`.
This can be worked around placing `()` around the AND pairs. Decided to use
conditionals instead, as I think they better communicate the intention
of the block.
[0]: https://pubs.opengroup.org/onlinepubs/9699919799/utilities/V3_chap02.html#tag_18_09_03
Matthew Wild <mwild1@gmail.com> [Thu, 26 Aug 2021 16:42:42 +0100] rev 11751
Merge 0.11->trunk
Matthew Wild <mwild1@gmail.com> [Tue, 06 Jul 2021 08:18:28 +0100] rev 11750
mod_c2s: Indicate stream secure state in error text when no stream features to offer
Matthew Wild <mwild1@gmail.com> [Thu, 26 Aug 2021 16:35:43 +0100] rev 11749
usermanager, mod_authz_internal: Add methods to fetch users/JIDs of given role
Holger Weiss <holger@zedat.fu-berlin.de> [Fri, 06 Aug 2021 19:25:43 +0200] rev 11748
mod_muc_mam: Omit queryid attribute from <fin/>
Since version 0.4 of XEP-0313, the <fin/> element is sent with the IQ
result and no longer has a queryid attribute.
Kim Alvefur <zash@zash.se> [Mon, 16 Aug 2021 20:15:38 +0200] rev 11747
net.server_epoll: Split, attempt to clarify dirty noise message
Only relevant because a "dirty" connection (with incoming data in
LuaSocket's buffer) does not count as "readable" according to epoll, so
special care needs to be taken to keep on processing it.
Kim Alvefur <zash@zash.se> [Mon, 16 Aug 2021 12:45:14 +0200] rev 11746
mod_c2s,mod_s2s: Fire event just before writes
Could allow e.g. a XEP-0198 implementation to efficiently send ack
requests at optimal times without using timers or nextTick.
Kim Alvefur <zash@zash.se> [Mon, 16 Aug 2021 12:34:52 +0200] rev 11745
net.server: Add a predrain callaback just before writes
Allows sneaking in things in the write buffer just before it's sent to
the network stack. For example ack requests, compression flushes or
other things that make sense to send after stanzas or other things.
This ensures any additional trailing data sent is included in the same
write, and possibly the same TCP packet. Other methods used such as
timers or nextTick might not have the same effect as it depends on
scheduling.