It is very common to get the "unknown address" warning with this command, but
people do not always understand it, or know how to debug it. Now we clearly
show the addresses that prosodyctl discovered.
The prosody-trunk nightly packages currently use the Debian dh-lua
framework to install core/, net/ and util/ into Lua-versioned directory
trees, while plugins and executables should still be installed like
before.
LuaExpat uses a registry reference to track handlers, which makes
it so that an upvalue like this creates a reference loop that keeps the
parser and its handlers from being garbage collected. The same issue has
affected util.xmppstream in the past.
Code for checking:
local xml_parse = require"util.xml".parse;
for i = 1, 10000 do xml_parse("<root/>") end
collectgarbage(); collectgarbage();
print(collectgarbage("count"), "KiB");
A future release of LuaExpat may fix the underlying issue there.
Yes. This is as bad as it sounds. CVE pending.
In Prosody itself, this only affects mod_websocket, which uses util.xml
to parse the <open/> frame, thus allowing unauthenticated remote DoS
using Billion Laughs. However, third-party modules using util.xml may
also be affected by this.
This commit installs handlers which disallow the use of doctype
declarations and processing instructions without any escape hatch. It,
by default, also introduces such a handler for comments, however, there
is a way to enable comments nontheless.
This is because util.xml is used to parse human-facing data, where
comments are generally a desirable feature, and also because comments
are generally harmless.
Since 5cd075ed4fd3 any file matching "fullchain" would be considered for
use.
Dehydrated stores fullchain certs in e.g, fullchain-1641171024.pem and a
symlink fullchain.pem pointing at the latest one. However the current
rule for finding a corresponding private key would try
privkey-1641171024.pem in the same directory, which may not exist.
Ensures unavailable presence and other outgoing stanzas are sent.
Waiting for c2s sessions to close first before proceeding to disable and
close s2s ensures that unavailable presence can go out, even if it
requires dialback to complete first.
Data is already wiped from storage, but this ensures everything is
properly unsubscribed, possibly with notifications etc.
Clears recipient cache as well, since it is no longer relevant.
