From f91ba70e322e1ec1fcd42dfc0189fb9b80939034 Mon Sep 17 00:00:00 2001
From: Kim Alvefur <zash@zash.se>
Date: Tue, 22 Nov 2016 15:28:24 +0100
Subject: net.server_select: Prevent writes after a handler is closed (fixes
 #783 I hope)

---
 net/server_select.lua | 1 +
 1 file changed, 1 insertion(+)

diff --git a/net/server_select.lua b/net/server_select.lua
index c50a6ce1..39640a83 100644
--- a/net/server_select.lua
+++ b/net/server_select.lua
@@ -415,6 +415,7 @@ wrapconnection = function( server, listeners, socket, ip, serverport, clientport
 	end
 	handler.port = handler.clientport -- COMPAT server_event
 	local write = function( self, data )
+		if not handler then return false end
 		bufferlen = bufferlen + #data
 		if bufferlen > maxsendlen then
 			_closelist[ handler ] = "send buffer exceeded"	 -- cannot close the client at the moment, have to wait to the end of the cycle
-- 
cgit v1.2.3


From beb660feeb0d38fc343de891fcd0ae7d98f9c093 Mon Sep 17 00:00:00 2001
From: Kim Alvefur <zash@zash.se>
Date: Fri, 25 Nov 2016 05:06:13 +0100
Subject: core.stanza_router: Require 'id' attribute on iq stanzas (fixes #785)

---
 core/stanza_router.lua | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/core/stanza_router.lua b/core/stanza_router.lua
index cf098258..2fb480ee 100644
--- a/core/stanza_router.lua
+++ b/core/stanza_router.lua
@@ -70,6 +70,9 @@ function core_process_stanza(origin, stanza)
 			if not iq_types[st_type] or ((st_type == "set" or st_type == "get") and (#stanza.tags ~= 1)) then
 				origin.send(st.error_reply(stanza, "modify", "bad-request", "Invalid IQ type or incorrect number of children"));
 				return;
+			elseif not stanza.attr.id then
+				origin.send(st.error_reply(stanza, "modify", "bad-request", "Missing required 'id' attribute"));
+				return;
 			end
 		end
 
-- 
cgit v1.2.3


From e9f906c318d5023eab000fda2f317775db4aac32 Mon Sep 17 00:00:00 2001
From: Kim Alvefur <zash@zash.se>
Date: Fri, 25 Nov 2016 05:08:09 +0100
Subject: core.stanza_router: Separate iq type check from child count check

---
 core/stanza_router.lua | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/core/stanza_router.lua b/core/stanza_router.lua
index 2fb480ee..af797f08 100644
--- a/core/stanza_router.lua
+++ b/core/stanza_router.lua
@@ -67,12 +67,15 @@ function core_process_stanza(origin, stanza)
 			return handle_unhandled_stanza(origin.host, origin, stanza);
 		end
 		if name == "iq" then
-			if not iq_types[st_type] or ((st_type == "set" or st_type == "get") and (#stanza.tags ~= 1)) then
-				origin.send(st.error_reply(stanza, "modify", "bad-request", "Invalid IQ type or incorrect number of children"));
+			if not iq_types[st_type] then
+				origin.send(st.error_reply(stanza, "modify", "bad-request", "Invalid IQ type"));
 				return;
 			elseif not stanza.attr.id then
 				origin.send(st.error_reply(stanza, "modify", "bad-request", "Missing required 'id' attribute"));
 				return;
+			elseif (st_type == "set" or st_type == "get") and (#stanza.tags ~= 1) then
+				origin.send(st.error_reply(stanza, "modify", "bad-request", "Incorrect number of children for IQ stanz"));
+				return;
 			end
 		end
 
-- 
cgit v1.2.3


From c8e10aca00e937b29090bb0a1fabaf51d20747fb Mon Sep 17 00:00:00 2001
From: Kim Alvefur <zash@zash.se>
Date: Fri, 25 Nov 2016 05:08:58 +0100
Subject: man/prosodyctl: Add section about certificate commands

---
 man/prosodyctl.markdown | 26 +++++++++++++++++++++++++-
 1 file changed, 25 insertions(+), 1 deletion(-)

diff --git a/man/prosodyctl.markdown b/man/prosodyctl.markdown
index 217dfd3d..6ef93d4a 100644
--- a/man/prosodyctl.markdown
+++ b/man/prosodyctl.markdown
@@ -5,7 +5,7 @@ author:
 date: '2015-12-23'
 section: 1
 title: PROSODYCTL
-...
+---
 
 NAME
 ====
@@ -80,6 +80,30 @@ reload
 status
 :   Prints the current execution status of the prosody server daemon.
 
+Certificates
+------------
+
+prosodyctl can create self-signed certificates, certificate requests and
+private keys for use with Prosody. Commands are of the form
+`prosodyctl cert subcommand`. Commands take a list of hosts to be
+included in the certificate.
+
+request hosts
+:   Create a certificate request (CSR) file for submission to a
+    certificate authority. Multiple hosts can be given, sub-domains are
+    automatically included.
+
+generate hosts
+:   Generate a self-signed certificate.
+
+key host \[size\]
+:   Generate a private key of 'size' bits (defaults to 2048). Invoked
+    automatically by 'request' and 'generate' if needed.
+
+config hosts
+:   Produce a config file for the list of hosts. Invoked automatically
+    by 'request' and 'generate' if needed.
+
 Debugging
 ---------
 
-- 
cgit v1.2.3


From 561922914bcfcaf5b6fad981a28962833748145a Mon Sep 17 00:00:00 2001
From: Kim Alvefur <zash@zash.se>
Date: Fri, 25 Nov 2016 05:09:44 +0100
Subject: man/prosodyctl: Mention --config

---
 man/prosodyctl.markdown | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/man/prosodyctl.markdown b/man/prosodyctl.markdown
index 6ef93d4a..e4c355a2 100644
--- a/man/prosodyctl.markdown
+++ b/man/prosodyctl.markdown
@@ -134,6 +134,9 @@ details of how these commands work you should see ejabberdctl(8).
 OPTIONS
 =======
 
+`--config filename`
+:   Use the specified config file instead of the default.
+
 `--help`
 :   Display help text for the specified command.
 
-- 
cgit v1.2.3


From 710d550957d14af969ffa2b942f23dd5d9c7a9d9 Mon Sep 17 00:00:00 2001
From: Kim Alvefur <zash@zash.se>
Date: Sat, 26 Nov 2016 20:08:48 +0100
Subject: core.certmanager: Translate "no start line" to something friendlier
 (thanks santiago)

---
 core/certmanager.lua | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/core/certmanager.lua b/core/certmanager.lua
index 3872bd9a..12ae94b1 100644
--- a/core/certmanager.lua
+++ b/core/certmanager.lua
@@ -184,9 +184,12 @@ local function create_context(host, mode, ...)
 		err = err or "invalid ssl config"
 		local file = err:match("^error loading (.-) %(");
 		if file then
+			local typ;
 			if file == "private key" then
+				typ = file;
 				file = user_ssl_config.key or "your private key";
 			elseif file == "certificate" then
+				typ = file;
 				file = user_ssl_config.certificate or "your certificate file";
 			end
 			local reason = err:match("%((.+)%)$") or "some reason";
@@ -196,6 +199,8 @@ local function create_context(host, mode, ...)
 				reason = "Check that the path is correct, and the file exists.";
 			elseif reason == "system lib" then
 				reason = "Previous error (see logs), or other system error.";
+			elseif reason == "no start line" then
+				reason = "Check that the file contains a "..(typ or file);
 			elseif reason == "(null)" or not reason then
 				reason = "Check that the file exists and the permissions are correct";
 			else
-- 
cgit v1.2.3


From 234d7178f15e860dc6c624f1e16dd245372ec34d Mon Sep 17 00:00:00 2001
From: Kim Alvefur <zash@zash.se>
Date: Sat, 26 Nov 2016 20:10:40 +0100
Subject: doc: Add a description of the Storage API in TypedLua format

---
 doc/storage.tld | 61 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 61 insertions(+)
 create mode 100644 doc/storage.tld

diff --git a/doc/storage.tld b/doc/storage.tld
new file mode 100644
index 00000000..f1d33e58
--- /dev/null
+++ b/doc/storage.tld
@@ -0,0 +1,61 @@
+-- Storage Interface API Description
+--
+-- This is written as a TypedLua description
+
+-- Key-Value stores (the default)
+
+interface keyval_store
+	get : ( self, string? ) -> (any) | (nil, string)
+	set : ( self, string?, any ) -> (boolean) | (nil, string)
+end
+
+-- Map stores (key-key-value stores)
+
+interface map_store
+	get : ( self, string?, any ) -> (any) | (nil, string)
+	set : ( self, string?, any, any ) -> (boolean) | (nil, string)
+	set_keys : ( self, string?, { any : any }) -> (boolean) | (nil, string)
+	remove : {}
+end
+
+-- Archive stores
+
+typealias archive_query = {
+	"start"  : number?, -- timestamp
+	"end"    : number?, -- timestamp
+	"with"   : string?,
+	"after"  : string?, -- archive id
+	"before" : string?, -- archive id
+	"total"  : boolean?,
+}
+
+interface archive_store
+	-- Optional set of capabilities
+	caps   : {
+		-- Optional total count of matching items returned as second return value from :find()
+		"total" : boolean?,
+	}?
+
+	-- Add to the archive
+	append : ( self, string?, string?, any, number?, string? ) -> (string) | (nil, string)
+
+	-- Iterate over archive
+	find   : ( self, string?, archive_query? ) -> ( () -> ( string, any, number?, string? ), integer? )
+
+	-- Removal of items. API like find. Optional?
+	delete : ( self, string?, archive_query? ) -> (boolean) | (number) | (nil, string)
+
+	-- Array of dates which do have messages (Optional?)
+	dates  : ( self, string? ) -> ({ string }) | (nil, string)
+end
+
+-- This represents moduleapi
+interface module
+	-- If the first string is omitted then the name of the module is used
+	-- The second string is one of "keyval" (default), "map" or "archive"
+	open_store : (self, string?, string?) -> (keyval_store) | (map_store) | (archive_store) | (nil, string)
+
+	-- Other module methods omitted
+end
+
+module : module
-- 
cgit v1.2.3