| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
| |
STUN server via --ping
|
| |
|
|\ |
|
| |
| |
| |
| |
| | |
While not used by anything in Prosody, it is known to be used by some
3rd party modules.
|
| |
| |
| |
| | |
operational
|
| | |
|
| |
| |
| |
| |
| |
| | |
The default network backend server_epoll already requires LuaSec so
Prosody won't even start without it, so we can get rid of these lines
here too.
|
| |
| |
| |
| | |
config
|
| |
| |
| |
| |
| |
| | |
It is very common to get the "unknown address" warning with this command, but
people do not always understand it, or know how to debug it. Now we clearly
show the addresses that prosodyctl discovered.
|
| | |
|
| | |
|
|/
|
|
|
| |
Sometimes, like in mod_c2s and mod_s2s during shutdown, all you want is
to wait for the first done() and not complicate things.
|
| |
|
|
|
|
| |
The inet_ntop binding was added in 8b612ec00e4a and included in 0.11.0
|
|
|
|
| |
Less code!
|
|
|
|
|
| |
The more modern and user friendly frontend, should be in every supported
version of Debian and Ubuntu by now
|
| |
|
|
|
|
|
| |
These should generally be safe to just ignore, which should be the
default behavior of Expat and LuaExpat
|
| |
|
| |
|
| |
|
|
|
|
|
| |
Load filters can choose to block the loading of certain files, and optionally
return some metadata about the loaded file.
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
Original motivation was tiresome warnings about Lua 5.4 not being
supported yet.
Can still be handy to tweak log level, e.g. to prevent logging to
interfere with command output.
|
|
|
|
| |
Now based on draft-ietf-dnsop-svcb-https-08
|
|
|
|
| |
Based on draft-ietf-dnsop-svcb-https-00
|
|
|
|
|
|
| |
Doesn't affect normal usage by Prosody since neither A nor AAAA records
use this and SRV records has the host name last so the position is not
needed.
|
|
|
|
|
| |
Note the duplicate 9 and 16 entries, neither of which are especially
relevant for our resolver usage.
|
|
|
|
|
| |
Goal is to regenerate this file from the IANA registry using a tool.
Having it in a separate file will reduce vcs noise in util.dns
|
|
|
|
|
|
|
| |
Probably worked anyway but settings might not always have been applied
depending on what order things happens in.
Error was hidden by the pcall, which was sorta intentional...
|
|
|
|
|
|
| |
When there are no records to return the return value from dns.lookup()
might be nil or might be a table containing zero records, depending on
which DNS library is used
|
| |
|
| |
|
|
|
|
|
|
| |
Fixes that a multi-line string ended up "like\
\9this" instead of "like\nthis" as can be demonstrated by somehow
initiating a connection to a HTTP server.
|
|
|
|
|
| |
This should ensure any certificate needed for HTTP services will also be
included in the certificate import.
|
| |
|
|
|
|
|
| |
Since XEP-0363 is essentially mandatory now this will hopefully help
diagnose some common issues.
|
|
|
|
|
|
|
|
|
| |
Shortest first, then alphabetically, so that it prefers the base domain
over subdomains.
Fixes that it might otherwise pick a random sub-domain for filename on
each run, cluttering the certs directory and potentially tricking
Prosody into using an older certificate that might be about to expire.
|
|
|
|
|
|
| |
This one takes a stanza as input
Roughly based on util.interpolation
|
|\ |
|
| |
| |
| |
| |
| | |
Makes the code more like util.xmppstream, allowing easier comparisons if
we ever need to apply fixes in the future.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
LuaExpat uses a registry reference to track handlers, which makes
it so that an upvalue like this creates a reference loop that keeps the
parser and its handlers from being garbage collected. The same issue has
affected util.xmppstream in the past.
Code for checking:
local xml_parse = require"util.xml".parse;
for i = 1, 10000 do xml_parse("<root/>") end
collectgarbage(); collectgarbage();
print(collectgarbage("count"), "KiB");
A future release of LuaExpat may fix the underlying issue there.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Yes. This is as bad as it sounds. CVE pending.
In Prosody itself, this only affects mod_websocket, which uses util.xml
to parse the <open/> frame, thus allowing unauthenticated remote DoS
using Billion Laughs. However, third-party modules using util.xml may
also be affected by this.
This commit installs handlers which disallow the use of doctype
declarations and processing instructions without any escape hatch. It,
by default, also introduces such a handler for comments, however, there
is a way to enable comments nontheless.
This is because util.xml is used to parse human-facing data, where
comments are generally a desirable feature, and also because comments
are generally harmless.
|
| |
| |
| |
| |
| | |
Debugging a case where certs are not imported correctly but prosodyctl
still reports success. Hoping this will shed some light on it.
|
| |
| |
| |
| |
| | |
Prevents potential weirdness in case there's any %s or such in a host,
file or directory name, since show_warning() is printf().
|
| |
| |
| |
| | |
A boolean false should blow up.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Yes. This is as bad as it sounds. CVE pending.
In Prosody itself, this only affects mod_websocket, which uses util.xml
to parse the <open/> frame, thus allowing unauthenticated remote DoS
using Billion Laughs. However, third-party modules using util.xml may
also be affected by this.
This commit installs handlers which disallow the use of doctype
declarations and processing instructions without any escape hatch. It,
by default, also introduces such a handler for comments, however, there
is a way to enable comments nontheless.
This is because util.xml is used to parse human-facing data, where
comments are generally a desirable feature, and also because comments
are generally harmless.
|
| |
| |
| |
| |
| |
| |
| | |
Boolean logic, never correct on the first try.
We want to skip copying the same cert if it _has_ been imported already,
not if it has not.
|