Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | mod_dialback: Use correct host for certificate check (fixes #1381) | Kim Alvefur | 2019-06-23 | 1 | -2/+1 |
| | |||||
* | mod_dialback: Use constant-time comparison with hmac | Matthew Wild | 2021-05-12 | 1 | -1/+2 |
| | |||||
* | mod_proxy65: Restrict access to local c2s connections by default | Matthew Wild | 2021-05-12 | 1 | -4/+12 |
| | | | | | Previously no 'proxy65_acl' option would allow unrestricted access by local or remote JIDs. | ||||
* | mod_limits: Use default limits if none configured | Matthew Wild | 2021-05-11 | 1 | -1/+10 |
| | |||||
* | prosody.cfg.lua.dist: Enable rate limits by default | Matthew Wild | 2021-05-11 | 1 | -1/+12 |
| | |||||
* | prosodyctl about: Report libexpat version if known | Matthew Wild | 2021-05-11 | 1 | -1/+5 |
| | |||||
* | certmanager: Disable renegotiation by default | Matthew Wild | 2021-05-11 | 1 | -0/+2 |
| | | | | This requires LuaSec 0.7+ and OpenSSL 1.1.1+ | ||||
* | mod_limits: Don't emit error when no burst period is configured | Matthew Wild | 2021-05-11 | 1 | -1/+1 |
| | |||||
* | core.certmanager: Test for SSL options in absence of LuaSec config | Kim Alvefur | 2021-04-26 | 1 | -5/+9 |
| | |||||
* | core.certmanager: Attempt to directly access LuaSec config table | Kim Alvefur | 2021-04-26 | 1 | -1/+1 |
| | | | | | Due to a bug this field was not properly exported before See https://github.com/brunoos/luasec/issues/149 | ||||
* | util.xmppstream: Allow dynamically configuring the stanza size limit for a ↵ | Matthew Wild | 2021-05-10 | 1 | -0/+3 |
| | | | | | | | stream This may be useful for any plugins that want to experiment with different policies for stanza size limits (e.g. unauthenticated vs authenticated streams). | ||||
* | util.xmppstream: Mark bytes for stream closure as handled | Matthew Wild | 2021-05-10 | 1 | -0/+3 |
| | |||||
* | MUC: Add support for advertising muc#roomconfig_allowinvites in room disco#info | Matthew Wild | 2021-05-10 | 1 | -2/+10 |
| | | | | | | | | | | | | The de-facto interpretation of this (undocumented) option is to indicate to the client whether it is allowed to invite other users to the MUC. This is differs from the existing option in our config form, which only controls the behaviour of sending of invites in a members-only MUC (we always allow invites in open rooms). Conversations is one client known to use this disco#info item to determine whether it may send invites. | ||||
* | mod_auth_internal_{plain,hashed}: Use constant-time string comparison for ↵ | Matthew Wild | 2021-05-10 | 2 | -3/+5 |
| | | | | secrets | ||||
* | util.xmppstream: Reduce default xmppstream limit to 1MB | Matthew Wild | 2021-05-10 | 1 | -1/+1 |
| | |||||
* | util.set: Add is_set() to test if an object is a set | Matthew Wild | 2021-05-10 | 1 | -2/+8 |
| | |||||
* | util.hashes: Add constant-time string comparison (binding to CRYPTO_memcmp) | Matthew Wild | 2021-05-10 | 1 | -0/+14 |
| | |||||
* | mod_c2s, mod_s2s, mod_component, mod_bosh, mod_websockets: Set default ↵ | Matthew Wild | 2021-05-07 | 5 | -5/+7 |
| | | | | | | | | | | | | stanza size limits c2s/bosh/ws streams will default to 256KB, s2s and components to 512KB. These values are aligned with ejabberd's default settings, which should reduce issues related to inconsistent size limits between servers on the XMPP network. The previous default (10MB) is excessive for any production server, and allows significant memory usage by even unauthenticated sessions. | ||||
* | util.startup: Set more aggressive defaults for GC | Matthew Wild | 2021-05-07 | 1 | -1/+7 |
| | | | | | | | | | Testing has demonstrated that the default GC parameters are not sufficient to prevent runaway memory growth when running under Lua 5.2 and Lua 5.3. Setting the GC speed to 500 was tested on Lua versions 5.1->5.4 and did not display unbounded memory growth. | ||||
* | prosodyctl: check config: Add 'gc' to list of global options | Matthew Wild | 2021-04-30 | 1 | -1/+1 |
| | |||||
* | mod_saslauth: Use a defined SASL error | Kim Alvefur | 2021-03-18 | 1 | -1/+1 |
| | |||||
* | mod_saslauth: Improve code style | Kim Alvefur | 2021-03-18 | 1 | -1/+3 |
| | | | | | | This many returns deserve their own line. `session["sasl_handler"]` style isn't used anywhere else. | ||||
* | mod_c2s: Log about missing conn on async state changes | Kim Alvefur | 2021-03-18 | 1 | -0/+4 |
| | |||||
* | mod_c2s: Improve code style | Kim Alvefur | 2021-03-18 | 1 | -2/+6 |
| | | | | | We don't use the quoted table indexing style that often, it's not needed here and it's enough to check for falsyness rather than `nil`. | ||||
* | mod_c2s: Fix traceback in session close when conn is nil | Kim Alvefur | 2021-03-17 | 1 | -2/+2 |
| | | | | Unclear how this happens. | ||||
* | mod_saslauth: Don't throw errors in async code when connections are gone | tmolitor | 2021-03-18 | 1 | -0/+1 |
| | | | | Fixes #1515 | ||||
* | mod_c2s: Don't throw errors in async code when connections are gone | tmolitor | 2021-03-18 | 1 | -2/+2 |
| | | | | Fixes #1507 | ||||
* | mod_http: Restore ip field for requests without proxies | Kim Alvefur | 2021-02-27 | 1 | -2/+2 |
| | | | | | 8603011e51fe optimized out more than just the loop, leaving the .ip field blank when the request wasn't from a proxy. | ||||
* | mod_http: Fix trusted proxies check (thanks buildbot) | Kim Alvefur | 2021-02-18 | 1 | -1/+1 |
| | | | | | is_trusted_proxy() is only in trunk, I dun goofed when I rebased 8603011e51fe from trunk. | ||||
* | mod_http: Skip IP resolution in non-proxied case | Kim Alvefur | 2021-02-18 | 1 | -1/+1 |
| | | | | | Skips doing the whole get_ip_from_request() dance if the request isn't from a proxy at all, even if the client sent the header for some reason. | ||||
* | Tag 0.11.8 | Kim Alvefur | 2021-02-15 | 0 | -0/+0 |
| | |||||
* | mod_pep: Advertise base pubsub feature (fixes #1632)0.11.8 | Kim Alvefur | 2021-02-15 | 1 | -0/+1 |
| | | | | | Noticed while discussing feature discovery in Gajim Thanks lovetox | ||||
* | util.interpolation: Fix combination of filters and fallback values #1623 | Kim Alvefur | 2021-01-25 | 1 | -2/+2 |
| | |||||
* | net.adns: Prevent empty packets from being sent on "connect" (fix #1619) | Kim Alvefur | 2021-01-12 | 1 | -0/+5 |
| | | | | Thanks Ge0rG for testing | ||||
* | net.server_epoll: Fix off-by-one in 2c559953ad41 | Kim Alvefur | 2021-01-10 | 1 | -1/+1 |
| | | | | Thanks tmolitor | ||||
* | util.timer: Ensure timers can't run more than once per tick (fixes #1620) | Kim Alvefur | 2021-01-08 | 1 | -1/+14 |
| | | | | See longer explanation in 2c559953ad41 | ||||
* | net.server_epoll: Ensure timers can't run more than once per tick | Kim Alvefur | 2021-01-08 | 1 | -2/+18 |
| | | | | | | | | This makes sure that a timer that returns 0 (or less) does not prevent runtimers() from completing, as well as making sure a timer added with zero timeout from within a timer does not run until the next tick. Thanks tmolitor | ||||
* | util.stanza: Move misplaced argument to correct place | Kim Alvefur | 2020-12-24 | 1 | -2/+2 |
| | | | | | valid_utf8() takes only one argument, so the false was probably meant to be valid_xml_cdata(text, attribute=false) | ||||
* | mod_s2s: Fix copypaste mistake in b3ae48362f78 | Kim Alvefur | 2020-12-16 | 1 | -1/+1 |
| | | | | | Directly sending something over s2s needs to use sends2s() but the code copied from mod_c2s had .send() | ||||
* | MUC: Fix logic bug causing unnecessary presence to be sent, fixes #1615 ↵ | Matthew Wild | 2020-12-15 | 1 | -2/+2 |
| | | | | (thanks damencho) | ||||
* | mod_s2s: Prevent whitespace keepalives the stream has been opened | Kim Alvefur | 2020-12-10 | 1 | -1/+4 |
| | | | | | | | | | This will result in the stream timing out instead, which is probably correct if the stream has not been opened yet. This was already done for c2s in e69df8093387 Thanks Ge0rG | ||||
* | mod_saslauth: Only advertise channel binding if a finished message is available | Kim Alvefur | 2020-11-23 | 1 | -1/+1 |
| | | | | In some cases this method returns nothing, unclear why. | ||||
* | mod_saslauth: Disable 'tls-unique' channel binding with TLS 1.3 (closes #1542) | Kim Alvefur | 2020-11-23 | 1 | -1/+4 |
| | | | | | | | | The 'tls-unique' channel binding is undefined in TLS 1.3 according to a single sentence in parenthesis in Apendix C of RFC 8446 This may trigger downgrade protection in clients that were expecting channel binding to be available. | ||||
* | util.promise: Use xpcall() for promise function to preserve tracebacks | Matthew Wild | 2020-11-23 | 1 | -1/+1 |
| | |||||
* | util.stanza: Reject ASCII control characters (fixes #1606) | Kim Alvefur | 2020-11-11 | 2 | -1/+10 |
| | |||||
* | mod_pubsub: Fix notification stanza type setting (fixes #1605) | Kim Alvefur | 2020-11-06 | 1 | -1/+1 |
| | |||||
* | mod_pubsub: Lower priority of default <body> generator | Kim Alvefur | 2020-11-05 | 1 | -1/+1 |
| | | | | | | | in order to avoid conflict with a handler at the default (0) priority, making it easier to write your own formatting in plugins. this follows the common pattern of default modules having lower priority | ||||
* | util.dbuffer: Optimize :sub() and :byte() | Matthew Wild | 2020-10-28 | 1 | -4/+26 |
| | |||||
* | util.debug: Fix locals being reported under wrong stack frame in some cases ↵ | Matthew Wild | 2020-10-16 | 2 | -1/+94 |
| | | | | (+tests!!) | ||||
* | Back out changeset 2c1583bb0e0f | Kim Alvefur | 2020-10-15 | 1 | -0/+4 |
| | | | | Same reason as 712b2e6a09d9 |