Hello community, here is the log from the commit of package prosody for openSUSE:Factory checked in at 2016-11-11 14:35:39 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/prosody (Old) and /work/SRC/openSUSE:Factory/.prosody.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "prosody" Changes: -------- --- /work/SRC/openSUSE:Factory/prosody/prosody.changes 2016-11-10 13:18:11.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.prosody.new/prosody.changes 2016-11-11 14:35:40.000000000 +0100 @@ -1,0 +2,21 @@ +Fri Nov 4 16:08:21 UTC 2016 - mvetter@suse.com + +- Update to 0.9.11: + * HTTP parser: Improve buffering of incoming HTTP data and add size +limits (#603) + * Sessionmanager: Fix for an issue which caused people to be kicked from conferences if mod_smacks was enabled (#648) + * Dependencies: Workaround for compatibility with LuaSec 0.6 (#749) + * MUC: Accept missing form as "instant room" request (#377) + * C2S: Fix issues with destroying disconnected connections (#590), (#641) + * mod_privacy: Fix selection of the top resource(s) #694 + * mod_presence: Make sure both users get each others presence after adding each other (#673) + * mod_http_files: Fix traceback when serving a non-wildcard path (#611) + * mod_http_files: Preserve a trailing slash in paths (#639) + * util.datamanager: Fix error handling (#632) + * net.server_event: Fix internal socket API to allow writing from socket.ondrain callback (#661) + * net.server_event: Fix timeout (commit 1909bde0e79f) + * net.server_event: Fix traceback due to write during TLS handshake (commit c774622ad9db) + * net.server_event: Fix buffer length check (commit 206f9b0485ad) +- Remove prosody-upstream-0.9-branch-fixes.patch: included in update + +------------------------------------------------------------------- Old: ---- prosody-0.9.10.tar.gz prosody-0.9.10.tar.gz.asc prosody-upstream-0.9-branch-fixes.patch New: ---- prosody-0.9.11.tar.gz prosody-0.9.11.tar.gz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ prosody.spec ++++++ --- /var/tmp/diff_new_pack.jRbBXG/_old 2016-11-11 14:35:41.000000000 +0100 +++ /var/tmp/diff_new_pack.jRbBXG/_new 2016-11-11 14:35:41.000000000 +0100 @@ -26,7 +26,7 @@ %{!?_tmpfilesdir: %global _tmpfilesdir /usr/lib/tmpfiles.d } Name: prosody -Version: 0.9.10 +Version: 0.9.11 Release: 0 Summary: Modern flexible communications server for Jabber/XMPP License: MIT @@ -41,8 +41,6 @@ Patch2: prosody-makefile.patch # PATCH-FIX-OPENSUSE marguerite@opensuse.org - enable Unix features Patch3: prosody-cfg.patch -# PATCH-FIX-UPSTREAM mvetter@suse.de - add all the fixes from their branch. See changes file. -Patch4: prosody-upstream-0.9-branch-fixes.patch BuildRequires: libidn-devel BuildRequires: libopenssl-devel Requires: lua51-luaexpat @@ -79,7 +77,6 @@ %patch1 %patch2 %patch3 -p1 -%patch4 -p1 sed -i 's|@@LIBDIR@@|%{_libdir}|g;s|@@INCLUDEDIR@@|%{_includedir}|g;' configure sed -i 's|@@LIBDIR@@|%{_libdir}|g;s|@@INCLUDEDIR@@|%{_includedir}|g;' Makefile ++++++ prosody-0.9.10.tar.gz -> prosody-0.9.11.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/prosody-0.9.10/.hg_archival.txt new/prosody-0.9.11/.hg_archival.txt --- old/prosody-0.9.10/.hg_archival.txt 2016-01-27 14:06:11.000000000 +0100 +++ new/prosody-0.9.11/.hg_archival.txt 2016-09-28 18:04:13.000000000 +0200 @@ -1,6 +1,6 @@ repo: 3e3171b59028ee70122cfec6ecf98f518f946b59 -node: 352270bc04393910a567b569ede03358dbb728b5 +node: 8613086779fa9276615c2af066d2a10c38d0c86e branch: default -latesttag: 0.9.9 -latesttagdistance: 11 -changessincelatesttag: 12 +latesttag: 0.9.10 +latesttagdistance: 26 +changessincelatesttag: 26 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/prosody-0.9.10/core/sessionmanager.lua new/prosody-0.9.11/core/sessionmanager.lua --- old/prosody-0.9.10/core/sessionmanager.lua 2016-01-27 14:06:11.000000000 +0100 +++ new/prosody-0.9.11/core/sessionmanager.lua 2016-09-28 18:04:13.000000000 +0200 @@ -37,9 +37,15 @@ if t then t = filter("bytes/out", tostring(t)); if t then - return w(conn, t); + local ret, err = w(conn, t); + if not ret then + session.log("debug", "Write-error: %s", tostring(err)); + return false; + end + return true; end end + return true; end session.ip = conn:ip(); local conn_name = "c2s"..tostring(session):match("[a-f0-9]+$"); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/prosody-0.9.10/net/http/parser.lua new/prosody-0.9.11/net/http/parser.lua --- old/prosody-0.9.10/net/http/parser.lua 2016-01-27 14:06:11.000000000 +0100 +++ new/prosody-0.9.11/net/http/parser.lua 2016-09-28 18:04:13.000000000 +0200 @@ -1,5 +1,6 @@ local tonumber = tonumber; local assert = assert; +local t_insert, t_concat = table.insert, table.concat; local url_parse = require "socket.url".parse; local urldecode = require "util.http".urldecode; @@ -27,7 +28,9 @@ function httpstream.new(success_cb, error_cb, parser_type, options_cb) local client = true; if not parser_type or parser_type == "server" then client = false; else assert(parser_type == "client", "Invalid parser type"); end - local buf = ""; + local buf, buflen, buftable = {}, 0, true; + local bodylimit = tonumber(options_cb and options_cb().body_size_limit) or 10*1024*1024; + local buflimit = tonumber(options_cb and options_cb().buffer_size_limit) or bodylimit * 2; local chunked, chunk_size, chunk_start; local state = nil; local packet; @@ -38,6 +41,7 @@ feed = function(self, data) if error then return nil, "parse has failed"; end if not data then -- EOF + if buftable then buf, buftable = t_concat(buf), false; end if state and client and not len then -- reading client body until EOF packet.body = buf; success_cb(packet); @@ -46,9 +50,17 @@ end return; end - buf = buf..data; - while #buf > 0 do + if buftable then + t_insert(buf, data); + else + buf = { buf, data }; + buftable = true; + end + buflen = buflen + #data; + if buflen > buflimit then error = true; return error_cb("max-buffer-size-exceeded"); end + while buflen > 0 do if state == nil then -- read request + if buftable then buf, buftable = t_concat(buf), false; end local index = buf:find("\r\n\r\n", nil, true); if not index then return; end -- not enough data local method, path, httpversion, status_code, reason_phrase; @@ -79,6 +91,7 @@ if not first_line then error = true; return error_cb("invalid-status-line"); end chunked = have_body and headers["transfer-encoding"] == "chunked"; len = tonumber(headers["content-length"]); -- TODO check for invalid len + if len and len > bodylimit then error = true; return error_cb("content-length-limit-exceeded"); end if client then -- FIXME handle '100 Continue' response (by skipping it) if not have_body then len = 0; end @@ -115,11 +128,13 @@ }; end buf = buf:sub(index + 4); + buflen = #buf; state = true; end if state then -- read body if client then if chunked then + if buftable then buf, buftable = t_concat(buf), false; end if not buf:find("\r\n", nil, true) then return; end -- not enough data @@ -132,25 +147,29 @@ state, chunk_size = nil, nil; buf = buf:gsub("^.-\r\n\r\n", ""); -- This ensure extensions and trailers are stripped success_cb(packet); - elseif #buf - chunk_start - 2 >= chunk_size then -- we have a chunk + elseif buflen - chunk_start - 2 >= chunk_size then -- we have a chunk packet.body = packet.body..buf:sub(chunk_start, chunk_start + (chunk_size-1)); buf = buf:sub(chunk_start + chunk_size + 2); chunk_size, chunk_start = nil, nil; else -- Partial chunk remaining break; end - elseif len and #buf >= len then + elseif len and buflen >= len then + if buftable then buf, buftable = t_concat(buf), false; end if packet.code == 101 then - packet.body, buf = buf, ""; + packet.body, buf, buflen, buftable = buf, {}, 0, true; else packet.body, buf = buf:sub(1, len), buf:sub(len + 1); + buflen = #buf; end state = nil; success_cb(packet); else break; end - elseif #buf >= len then + elseif buflen >= len then + if buftable then buf, buftable = t_concat(buf), false; end packet.body, buf = buf:sub(1, len), buf:sub(len + 1); + buflen = #buf; state = nil; success_cb(packet); else break; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/prosody-0.9.10/net/http/server.lua new/prosody-0.9.11/net/http/server.lua --- old/prosody-0.9.10/net/http/server.lua 2016-01-27 14:06:11.000000000 +0100 +++ new/prosody-0.9.11/net/http/server.lua 2016-09-28 18:04:13.000000000 +0200 @@ -19,6 +19,7 @@ local listener = {}; local hosts = {}; local default_host; +local options = {}; local function is_wildcard_event(event) return event:sub(-2, -1) == "/*"; @@ -130,7 +131,10 @@ sessions[conn] = nil; conn:close(); end - sessions[conn] = parser_new(success_cb, error_cb); + local function options_cb() + return options; + end + sessions[conn] = parser_new(success_cb, error_cb, "server", options_cb); end function listener.ondisconnect(conn) @@ -300,6 +304,9 @@ function _M.fire_event(event, ...) return events.fire_event(event, ...); end +function _M.set_option(name, value) + options[name] = value; +end _M.listener = listener; _M.codes = codes; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/prosody-0.9.10/net/server_event.lua new/prosody-0.9.11/net/server_event.lua --- old/prosody-0.9.10/net/server_event.lua 2016-01-27 14:06:11.000000000 +0100 +++ new/prosody-0.9.11/net/server_event.lua 2016-09-28 18:04:13.000000000 +0200 @@ -289,8 +289,9 @@ function interface_mt:resume() self:_lock(self.nointerface, false, self.nowriting); - if not self.eventread then + if self.readcallback and not self.eventread then self.eventread = addevent( base, self.conn, EV_READ, self.readcallback, cfg.READ_TIMEOUT ); -- register callback + return true; end end @@ -544,8 +545,11 @@ elseif interface.startsslcallback then -- start ssl connection if needed debug "starting ssl handshake after writing" interface.eventstarthandshake = addevent( base, nil, EV_TIMEOUT, interface.startsslcallback, 0 ) + elseif interface.writebufferlen ~= 0 then + -- data possibly written from ondrain + return EV_WRITE, cfg.WRITE_TIMEOUT elseif interface.eventreadtimeout then - return EV_WRITE, EV_TIMEOUT + return EV_WRITE, cfg.WRITE_TIMEOUT end interface.eventwrite = nil return -1 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/prosody-0.9.10/plugins/mod_c2s.lua new/prosody-0.9.11/plugins/mod_c2s.lua --- old/prosody-0.9.10/plugins/mod_c2s.lua 2016-01-27 14:06:11.000000000 +0100 +++ new/prosody-0.9.11/plugins/mod_c2s.lua 2016-09-28 18:04:13.000000000 +0200 @@ -175,6 +175,9 @@ sm_destroy_session(session, reason); conn:close(); end + else + local reason = (reason and (reason.name or reason.text or reason.condition)) or reason; + sm_destroy_session(session, reason); end end @@ -258,6 +261,7 @@ if session then (session.log or log)("info", "Client disconnected: %s", err or "connection closed"); sm_destroy_session(session, err); + session.conn = nil; sessions[conn] = nil; end end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/prosody-0.9.10/plugins/mod_http.lua new/prosody-0.9.11/plugins/mod_http.lua --- old/prosody-0.9.10/plugins/mod_http.lua 2016-01-27 14:06:11.000000000 +0100 +++ new/prosody-0.9.11/plugins/mod_http.lua 2016-09-28 18:04:13.000000000 +0200 @@ -18,6 +18,9 @@ server.set_default_host(module:get_option_string("http_default_host")); +server.set_option("body_size_limit", module:get_option_number("http_max_content_size")); +server.set_option("buffer_size_limit", module:get_option_number("http_max_buffer_size")); + local function normalize_path(path) if path:sub(-1,-1) == "/" then path = path:sub(1, -2); end if path:sub(1,1) ~= "/" then path = "/"..path; end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/prosody-0.9.10/plugins/mod_http_files.lua new/prosody-0.9.11/plugins/mod_http_files.lua --- old/prosody-0.9.10/plugins/mod_http_files.lua 2016-01-27 14:06:11.000000000 +0100 +++ new/prosody-0.9.11/plugins/mod_http_files.lua 2016-09-28 18:04:13.000000000 +0200 @@ -56,6 +56,7 @@ local urldecode = require "util.http".urldecode; function sanitize_path(path) + if not path then return end local out = {}; local c = 0; @@ -74,6 +75,9 @@ out[c] = component; end end + if path:sub(-1,-1) == "/" then + out[c+1] = ""; + end return "/"..table.concat(out, "/"); end @@ -88,12 +92,13 @@ local directory_index = opts.directory_index; local function serve_file(event, path) local request, response = event.request, event.response; - path = sanitize_path(path); - if not path then + local sanitized_path = sanitize_path(path); + if path and not sanitized_path then return 400; end + path = sanitized_path; local orig_path = sanitize_path(request.path); - local full_path = base_path .. (path and "/"..path or ""):gsub("/", path_sep); + local full_path = base_path .. (path or ""):gsub("/", path_sep); local attr = stat(full_path:match("^.*[^\\/]")); -- Strip trailing path separator because Windows if not attr then return 404; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/prosody-0.9.10/plugins/mod_presence.lua new/prosody-0.9.11/plugins/mod_presence.lua --- old/prosody-0.9.10/plugins/mod_presence.lua 2016-01-27 14:06:11.000000000 +0100 +++ new/prosody-0.9.11/plugins/mod_presence.lua 2016-09-28 18:04:13.000000000 +0200 @@ -201,6 +201,7 @@ end core_post_stanza(origin, stanza); send_presence_of_available_resources(node, host, to_bare, origin); + core_post_stanza(origin, st.presence({ type = "probe", from = from_bare, to = to_bare })); elseif stanza.attr.type == "unsubscribed" then -- 1. send unavailable -- 2. route stanza diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/prosody-0.9.10/plugins/mod_privacy.lua new/prosody-0.9.11/plugins/mod_privacy.lua --- old/prosody-0.9.10/plugins/mod_privacy.lua 2016-01-27 14:06:11.000000000 +0100 +++ new/prosody-0.9.11/plugins/mod_privacy.lua 2016-09-28 18:04:13.000000000 +0200 @@ -397,7 +397,7 @@ local prio = 0; if bare_sessions[node.."@"..host] ~= nil then for resource, session_ in pairs(bare_sessions[node.."@"..host].sessions) do - if session_.priority ~= nil and session_.priority > prio then + if session_.priority ~= nil and session_.priority >= prio then session = session_; prio = session_.priority; end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/prosody-0.9.10/plugins/mod_s2s/mod_s2s.lua new/prosody-0.9.11/plugins/mod_s2s/mod_s2s.lua --- old/prosody-0.9.10/plugins/mod_s2s/mod_s2s.lua 2016-01-27 14:06:11.000000000 +0100 +++ new/prosody-0.9.11/plugins/mod_s2s/mod_s2s.lua 2016-09-28 18:04:13.000000000 +0200 @@ -365,7 +365,7 @@ elseif session.direction == "outgoing" then session.notopen = nil; if not attr.id then - log("error", "Stream response did not give us a stream id!"); + log("warn", "Stream response did not give us a stream id!"); session:close({ condition = "undefined-condition", text = "Missing stream ID" }); return; end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/prosody-0.9.10/plugins/muc/muc.lib.lua new/prosody-0.9.11/plugins/muc/muc.lib.lua --- old/prosody-0.9.10/plugins/muc/muc.lib.lua 2016-01-27 14:06:11.000000000 +0100 +++ new/prosody-0.9.11/plugins/muc/muc.lib.lua 2016-09-28 18:04:13.000000000 +0200 @@ -668,6 +668,14 @@ if form.attr.type == "cancel" then origin.send(st.reply(stanza)); return; end if form.attr.type ~= "submit" then origin.send(st.error_reply(stanza, "cancel", "bad-request", "Not a submitted form")); return; end + if form.tags[1] == nil then + -- instant room + if self.save then self:save(true); end + origin.send(st.reply(stanza)); + return true; + end + + local fields = self:get_form_layout():data(form); if fields.FORM_TYPE ~= "http://jabber.org/protocol/muc#roomconfig" then origin.send(st.error_reply(stanza, "cancel", "bad-request", "Form is not of type room configuration")); return; end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/prosody-0.9.10/prosody.release new/prosody-0.9.11/prosody.release --- old/prosody-0.9.10/prosody.release 2016-01-27 14:06:11.000000000 +0100 +++ new/prosody-0.9.11/prosody.release 2016-09-28 18:04:13.000000000 +0200 @@ -1 +1 @@ -0.9.10 +0.9.11 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/prosody-0.9.10/prosodyctl new/prosody-0.9.11/prosodyctl --- old/prosody-0.9.10/prosodyctl 2016-01-27 14:06:11.000000000 +0100 +++ new/prosody-0.9.11/prosodyctl 2016-09-28 18:04:13.000000000 +0200 @@ -361,8 +361,8 @@ end local user, host = jid_split(arg[1]); if not user and host then - show_message [[Failed to understand JID, please supply the JID you want to set the password for]] - show_usage [[passwd user@host]] + show_message [[Failed to understand JID, please supply the JID to the user account you want to delete]] + show_usage [[deluser user@host]] return 1; end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/prosody-0.9.10/util/datamanager.lua new/prosody-0.9.11/util/datamanager.lua --- old/prosody-0.9.10/util/datamanager.lua 2016-01-27 14:06:11.000000000 +0100 +++ new/prosody-0.9.11/util/datamanager.lua 2016-09-28 18:04:13.000000000 +0200 @@ -152,6 +152,7 @@ if not ok then break end ok, msg = f:close(); + f = nil; -- no longer valid if not ok then break end return os_rename(scratch, filename); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/prosody-0.9.10/util/dependencies.lua new/prosody-0.9.11/util/dependencies.lua --- old/prosody-0.9.10/util/dependencies.lua 2016-01-27 14:06:11.000000000 +0100 +++ new/prosody-0.9.11/util/dependencies.lua 2016-09-28 18:04:13.000000000 +0200 @@ -99,6 +99,9 @@ ["luarocks"] = "luarocks install luasec"; ["Source"] = "http://www.inf.puc-rio.br/~brunoos/luasec/"; }, "SSL/TLS support will not be available"); + elseif not _G.ssl then + _G.ssl = ssl; + _G.ssl.context = require "ssl.context"; end local encodings, err = softreq "util.encodings"