| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | |
|
| |
|
|
|
| |
Since XEP-0363 is essentially mandatory now this will hopefully help
diagnose some common issues.
|
| |
|
|
|
|
|
|
|
| |
Shortest first, then alphabetically, so that it prefers the base domain
over subdomains.
Fixes that it might otherwise pick a random sub-domain for filename on
each run, cluttering the certs directory and potentially tricking
Prosody into using an older certificate that might be about to expire.
|
| |
|
|
|
|
| |
This one takes a stanza as input
Roughly based on util.interpolation
|
| |\ |
|
| | |
| |
| |
| |
| | |
Makes the code more like util.xmppstream, allowing easier comparisons if
we ever need to apply fixes in the future.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
LuaExpat uses a registry reference to track handlers, which makes
it so that an upvalue like this creates a reference loop that keeps the
parser and its handlers from being garbage collected. The same issue has
affected util.xmppstream in the past.
Code for checking:
local xml_parse = require"util.xml".parse;
for i = 1, 10000 do xml_parse("<root/>") end
collectgarbage(); collectgarbage();
print(collectgarbage("count"), "KiB");
A future release of LuaExpat may fix the underlying issue there.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Yes. This is as bad as it sounds. CVE pending.
In Prosody itself, this only affects mod_websocket, which uses util.xml
to parse the <open/> frame, thus allowing unauthenticated remote DoS
using Billion Laughs. However, third-party modules using util.xml may
also be affected by this.
This commit installs handlers which disallow the use of doctype
declarations and processing instructions without any escape hatch. It,
by default, also introduces such a handler for comments, however, there
is a way to enable comments nontheless.
This is because util.xml is used to parse human-facing data, where
comments are generally a desirable feature, and also because comments
are generally harmless.
|
| | |
| |
| |
| |
| | |
Debugging a case where certs are not imported correctly but prosodyctl
still reports success. Hoping this will shed some light on it.
|
| | |
| |
| |
| |
| | |
Prevents potential weirdness in case there's any %s or such in a host,
file or directory name, since show_warning() is printf().
|
| | |
| |
| |
| | |
A boolean false should blow up.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Yes. This is as bad as it sounds. CVE pending.
In Prosody itself, this only affects mod_websocket, which uses util.xml
to parse the <open/> frame, thus allowing unauthenticated remote DoS
using Billion Laughs. However, third-party modules using util.xml may
also be affected by this.
This commit installs handlers which disallow the use of doctype
declarations and processing instructions without any escape hatch. It,
by default, also introduces such a handler for comments, however, there
is a way to enable comments nontheless.
This is because util.xml is used to parse human-facing data, where
comments are generally a desirable feature, and also because comments
are generally harmless.
|
| | |
| |
| |
| |
| |
| |
| | |
Boolean logic, never correct on the first try.
We want to skip copying the same cert if it _has_ been imported already,
not if it has not.
|
| | |
| |
| |
| |
| |
| | |
The 'prosody' global is not global this early so there was no way to
override the process type field or argument parsing settings from
outside, e.g. from the migrator.
|
| | |
| |
| |
| |
| | |
This ought to make it easier to translate in the future.
And easier to reword, now!
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Recent experience with translations in the context of Snikket
highlighted that sentences spread across concatenated strings like this
makes the experience less than pleasant for translators.
We don't have translation yet, but it is a future goal and why not?
The duplication can be solved with a parameterized function for the
common cases.
|
| | |
| |
| |
| | |
Why would they use different wording?
|
| | |
| |
| |
| |
| | |
Previously this would end up passing the "max" directly to the
underlying storage.
|
| | |
| |
| |
| | |
Packages exists now.
|
| | |
| |
| |
| |
| | |
These cases are caught by `check_text(v, ..)` above. Those errors do not
contain the attribute however, which would have been nice.
|
| | | |
|
| | |
| |
| |
| | |
Allows reuse of repetitive definitions in schemas.
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| | |
More security for less pain than switching to SCRAM-SHA-256
The XEP will likely be change to reference the RFC that will probably
come from draft-ietf-kitten-password-storage once it is ready, and then
we should update to follow that.
|
| | |
| |
| |
| |
| | |
If buckets thresholds are to be taken as "less than or equal to", then
using the less than or equal to operator seems sensible.
|
| | |
| |
| |
| |
| |
| | |
The buckets thresholds are to be taken as "less than or equal to".
The condition as written in the code did only "less than", not
"less than or equal to". That's fixed now.
|
| | | |
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| | |
Conversations uses this for its randomized resources. Presumably fine
and collision resistant enough when you have a few devices at most.
|
| | |
| |
| |
| |
| | |
Modules using ids for logging should not need the now pretty large
medium one.
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| |
| | |
These provide (a) a way to deal with random assortments of certs
and (b) avoid unnecessary error messages and warnings, according
to #1669 anyway, which this fixes.
|
| | |
| |
| |
| | |
TLS good, SSL bad.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This may in theory cause multiple disconnect events for the
adminstream client, if the only code using that wasn't calling
os.exit right away.
Hence, this should be a good enough partial fix for #1671. It is
not a full fix, because the shell will only notice the disconnect
after one has hit enter in the input; until then, it is stuck in
a read() call to stdin and completely oblivious to the disconnect.
|
| | |
| |
| |
| |
| |
| | |
There was an off-by-one in the modulo calculation. Switching to a plain
old array-table makes the apparent size of the queue wrong, but since
some of the queue may not be available this is likely for the best.
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Meant to be used in mod_smacks for XEP-0198
Meant to have a larger virtual size than actual number of items stored,
on the theory that in most cases, the excess will be acked before needed
for a resumption event.
|
| | |
| |
| |
| |
| |
| | |
A search for log formats in use points to %s being the most common,
followed by %d, so worth having a fast path for that. %g works well with
most numbers and is what Lua 5.1 and 5.2 used
|
| | | |
|
| | |
| |
| |
| | |
Amazing how string.format behaves differently under each Lua version
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Ie. log("debug", "%d", "\1\2\3") should not result in garbage.
Also optimizing for the common case of ASCII string passed to %s and
early returns everywhere.
Returning nil from a gsub callback keeps the original substring.
|
| | |
| |
| |
| |
| |
| | |
Should prevent invalid UTF-8 from making it into the logs, which can
cause trouble with terminals or log viewers or other tools, such as when
grep determines that log files are binary.
|
| | |
| |
| |
| |
| | |
This should allow modules to override the username in a profile handler by
assigning to self.username.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
vim> Change "sevral" to:
1 "several"
2 "sacral"
3 "spiral"
4 "feral"
5 "serial"
jonas’> I choose 4.
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Running woken runners in the next iteration of the event loop prevents
unexpected recursion, unexpected tracebacks, and is generally more
predictable.
The pattern is borrowed from util.promise, where we're now doing the same.
|
