aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* | various: Update IETF RFC URLs for tools.ietf.org transitionKim Alvefur2022-08-054-10/+10
| | | | | | | | | | | | See https://www.ietf.org/blog/finalizing-ietf-tools-transition/ Already done in various other places.
* | mod_admin_shell: Remove obsolete module:load() argument from 0.8 timeKim Alvefur2022-08-051-2/+2
| | | | | | | | This 'config' argument was removed without explanation in d8dbf569766c
* | mod_tls: Record STARTTLS state so it can be shown in ShellKim Alvefur2022-08-022-1/+6
| | | | | | | | | | | | | | This field can be viewed using s2s:show(nil, "... starttls") even without any special support in mod_admin_shell, which can be added later to make it nicer. One can then assume that a TLS connection with an empty / nil starttls field means Direct TLS.
* | net.resolvers.basic: Add opt-out argument for DNSSEC security statusKim Alvefur2022-08-021-3/+5
| | | | | | | | | | | | | | This makes explicit which lookups can accept an unsigned response. Insecure (unsigned, as before DNSSEC) A and AAAA records can be used as security would come from TLS, but an insecure TLSA record is worthless.
* | Merge 0.12->trunkKim Alvefur2022-07-293-6/+20
|\|
| * mod_storage_sql: Fix summary API with Postgres (fixes #1766)Kim Alvefur2022-07-221-4/+2
| | | | | | | | | | | | | | The ORDER BY and LIMIT clauses are not needed and don't even make much sense. This part was most likely a leftover from the :find method. Tested with sqlite and postgres 14
| * storage tests: Add test for the archive:summary APIKim Alvefur2022-07-221-0/+17
| | | | | | | | | | Passes with memory, internal, sqlite Fails with postgres as in #1766
| * mod_http_files: Log warning about legacy modules using mod_http_filesKim Alvefur2022-07-171-2/+1
| | | | | | | | | | | | | | | | | | It is time. Most community modules should have been adjusted to work with the new (net.http.files) way. At some point this usage should be prevented. Related to #1765
* | util.sasl.scram: Add 'tls-exporter' as recognised channel binding methodKim Alvefur2022-07-271-1/+1
| | | | | | | | | | The last missing piece of #1760, otherwise SCRAM-SHA-*-PLUS is not actually advertised.
* | Merge 0.12->trunkKim Alvefur2022-07-273-2/+33
|\|
| * mod_bookmarks: Reduce error about not having bookmarks to debug (thanks tom)Kim Alvefur2022-07-262-1/+32
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is happens if the account is new and doesn't have any bookmarks yet, which is not a problem. Rarely seen since most clients currently use the older version of XEP-0084 stored in XEP-0049 rather than in PEP, but at least one (Converse.js )does. One scenario in which this would show up often is with Converse.js as a guest chat using anonymous authentication, where all "accounts" would always be new and not have any bookmarks. This scenario probably does not need to have mod_bookmarks at all, but if enabled globally it would likely become loaded onto the VirtualHost unless explicitly disabled.
| * mod_storage_sql: Fix bypass of load procedure under prosodyctlKim Alvefur2022-07-261-1/+1
| | | | | | | | | | | | | | | | | | | | | | There's no 'prosody.prosodyctl' property other than this one, introduced in 6216743c188c in 2015. Guessing that the intent was to skip this when running as a prosodyctl command. The module.command code does its own version of this initialization, so this seems likely. Thanks raja for noticing
* | mod_saslauth: Implement RFC 9266 'tls-exporter' channel binding (#1760)Kim Alvefur2022-06-014-0/+25
| | | | | | | | | | | | | | | | | | | | | | | | | | Brings back SCRAM-SHA-*-PLUS from its hiatus brought on by the earlier channel binding method being undefined for TLS 1.3, and the increasing deployment of TLS 1.3. See 1bfd238e05ad and #1542 Requires future version of LuaSec, once support for this key material export method is merged. See https://github.com/brunoos/luasec/pull/187
* | util.table: Fix inaccurate commentKim Alvefur2022-07-111-1/+1
| | | | | | | | | | | | | | Probably a duplicate of the comment next to Lmove, recorded by mistake Lpack can probably be removed at some point in the near future once we are confident it is not used anywhere.
* | compat: Use table.pack (there since Lua 5.2) over our util.tableKim Alvefur2022-07-115-5/+5
| | | | | | | | | | Added in d278a770eddc avoid having to deal with its absence in Lua 5.1. No longer needed when Lua 5.1 support is dropped.
* | compat: Remove handling of Lua 5.1 location of 'unpack' functionKim Alvefur2022-07-1117-17/+17
| |
* | Merge 0.12->trunkKim Alvefur2022-07-111-1/+1
|\|
| * core.s2smanager: Don't remove unrelated session on close of bidi sessionKim Alvefur2022-06-271-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Normally with bidi, any outgoing connection should be the same as the incoming, hence when closing a bidi connection it should be removed as a route to the remote server. However it is not guaranteed, a remote bidi-capable server might have decided to open a new connection for some reason. This can lead to a situation where there are two bidi connections, and the s2sout route is a locally initiated s2sout connection. In this case, such a s2sout connection should be kept. Noticed in a rare case where bidi has just been enabled on a running server, and something establishes new connections immediately when a connection is closed.
* | luacheck: Set expected globals to Lua 5.4 + compatKim Alvefur2022-07-101-1/+1
| | | | | | | | Requires luacheck 0.25.0
* | Merge 0.12->trunkKim Alvefur2022-07-080-0/+0
|\|
| * luacheck: Shut up (backports 3caff1f93520, ignores module deleted in trunk)Kim Alvefur2022-05-302-2/+4
| |
* | Merge 0.12->trunkKim Alvefur2022-07-080-0/+0
|\|
| * Backport 875f73ead4e8 8e4033213c62 to deal with luacheck 0.26Kim Alvefur2022-07-081-1/+1
| |
* | Merge 0.12->trunkKim Alvefur2022-07-086-307/+458
|\|
| * util.datamapper: Improve handling of schemas with non-obvious "type"Kim Alvefur2022-07-083-25/+63
| | | | | | | | | | | | | | | | | | | | | | | | The JSON Schema specification says that schemas are objects or booleans, and that the 'type' property is optional and can be an array. This module previously allowed bare type names as schemas and did not really handle booleans. It now handles missing 'type' properties and boolean 'true' as a schema. Objects and arrays are guessed based on the presence of 'properties' or 'items' field.
| * util.jsonschema: Fix validation to not assume presence of "type" fieldKim Alvefur2022-07-083-282/+395
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | MattJ reported a curious issue where validation did not work as expected. Primarily that the "type" field was expected to be mandatory, and thus leaving it out would result in no checks being performed. This was likely caused by misreading during initial development. Spent some time testing against https://github.com/json-schema-org/JSON-Schema-Test-Suite.git and discovered a multitude of issues, far too many to bother splitting into separate commits. More than half of them fail. Many because of features not implemented, which have been marked NYI. For example, some require deep comparisons e.g. when objects or arrays are present in enums fields. Some because of quirks with how Lua differs from JavaScript, e.g. no distinct array or object types. Tests involving fractional floating point numbers. We're definitely not going to follow references to remote resources. Or deal with UTF-16 sillyness. One test asserted that 1.0 is an integer, where Lua 5.3+ will disagree.
* | executables: Reject Lua 5.1 earlyKim Alvefur2022-07-022-0/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Prevents attempting to load libraries that may no longer be found and crashing with a traceback. Platforms like Debian where multiple Lua versions can be installed at the same time and 'lua' pointing to one of the installed interpreters via symlinks, there's the possibility that prosody/prosodyctl may be invoked with Lua 5.1, which will no longer have any of the rest of Prosody libraries available to be require(), and thus would immediately fail with an unfriendly traceback. Checking and aborting early with a friendlier message and reference to more information is better. Part of #1600
* | CHANGES: Lua 5.1 support removed (closes #1600)Kim Alvefur2022-07-051-0/+4
| |
* | util.envload: Remove Lua 5.1 methodKim Alvefur2022-07-051-29/+10
| | | | | | | | | | | | Part of #1600 Is this module even needed anymore?
* | util-src: Remove Lua 5.1 compat macrosKim Alvefur2022-07-0112-56/+2
| | | | | | | | Part of #1600
* | mod_storage_sql: Remove Lua 5.1 compatibility hackKim Alvefur2022-07-021-2/+1
| | | | | | | | Part of #1600
* | util: Remove various Lua 5.1 compatibility hacksKim Alvefur2022-07-025-31/+2
| | | | | | | | Part of #1600
* | util.dependencies: Reject Lua 5.1, Lua 5.2 or later is now required (see #1600)Kim Alvefur2022-07-021-2/+2
| |
* | tests: Remove special-casing of Lua 5.1Kim Alvefur2022-07-022-24/+22
| | | | | | | | Part of #1600
* | configure: No longer accept Lua 5.1Kim Alvefur2022-06-301-14/+11
| |
* | util.dependencies: Deprecate support for Lua 5.1, this is your final warningKim Alvefur2022-06-301-1/+1
| |
* | util.hashes: Revert to HMAC() convenience functionKim Alvefur2022-06-241-22/+2
| | | | | | | | | | | | | | | | | | Reverts some of 1e41dd0f8353 Seems HMAC() isn't deprecated after all? Must have been at some point according to #1589 Twice as fast for some reason.
* | util.hashes: Remove unused constantsKim Alvefur2022-06-241-3/+0
| |
* | util.hashes: Remove unused structKim Alvefur2022-06-241-8/+0
| | | | | | | | Unused since 9f1c5ae8d70b
* | util.hashes: Return OpenSSL error messages on failureKim Alvefur2022-06-241-3/+4
| | | | | | | | With luck, might contain more details than just "failed"
* | util.hashes: Add SHA3 bindingsKim Alvefur2020-09-103-0/+38
| |
* | util.hashes: Bind BLAKE2 algoritms supported by OpenSSLKim Alvefur2020-09-103-0/+25
| |
* | util.hashes: Refactor PBKDF2 to deduplicate codeKim Alvefur2020-09-101-17/+8
| |
* | util.hashes: Expose sha224 and sha384 HMAC functionsKim Alvefur2020-11-293-0/+14
| | | | | | | | For completeness and consistency with set of plain hash functions
* | util.hashes: Refactor HMAC bindings (fixes #1589)Kim Alvefur2020-11-291-22/+61
| | | | | | | | | | | | | | HMAC() is deprecated As with the regular hash functions, macros like this make it awkward to apply static analysis and code formatting.
* | util.hashes: Refactor hash functions to use OpenSSL EVP methods (fix #1698)Kim Alvefur2020-09-101-20/+63
| | | | | | | | | | | | | | MD5() is deprecated, but EVP_md5() is not. Functions in macros like this make it awkward to apply static analysis and code formatting.
* | Merge 0.12->trunkKim Alvefur2022-06-191-11/+8
|\|
| * net.unbound: Merge luaunbound and prosody defaults in absence of user config ↵Kim Alvefur2022-06-191-11/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | (fixes #1763) (thanks rgd) add_defaults() is supposed to merge 3 tables, the defaults in luaunbound, the defaults from prosody and any config from the prosody config file. In the case where no `unbound={}` has been in the config, it skips over the merge and returns only the prosody built-in defaults. This results in libunbound skipping reading resolv.conf and uses its default behavior of full recursive resolution. Prior to #1737 there were only two tables, the luaunbound defaults and the prosody config, where bypassing the merge and returning the former did the right thing.
* | mod_mam: Silence luacheck (yay warnings in CI but not locally)Kim Alvefur2022-06-141-1/+1
| |
* | mod_mam: Clarify comment (thanks chili-b)Kim Alvefur2022-06-141-2/+6
| | | | | | | | | | This was slightly inaccurate since 6e1af07921d1 because the conditions are more complicated now.