-------------------------------------------------------------------------------- Fedora EPEL Update Notification FEDORA-EPEL-2025-0e2820eea0 2025-04-15 18:24:03.969056+00:00 --------------------------------------------------------------------------------
Name : prosody Product : Fedora EPEL 8 Version : 13.0.1 Release : 1.el8 URL : https://prosody.im/ Summary : Flexible communications server for Jabber/XMPP Description : Prosody is a flexible communications server for Jabber/XMPP written in Lua. It aims to be easy to use, and light on resources. For developers it aims to be easy to extend and give a flexible system on which to rapidly develop added functionality, or prototype new protocols. -------------------------------------------------------------------------------- Update Information: Prosody 13.0.1 Summary As is the tradition with software, here is upstream's first patch release following shortly behind their major 13.0.0 release. It fixes some important bugs that were discovered after the release. Changes Summary of all changes in this release: Fixes and improvements mod_admin_shell: Add debug:cert_index() command to aid debugging of automatic certificate selection mod_tls: Enable Prosodyâs certificate checking for incoming s2s connections portmanager: Multiple fixes to use correct certificates for direct TLS ports net.server_epoll: Use correct connection timeout when initiating Direct TLS mod_roster: Fix shell commands when a component is involved mod_http_file_share: Explicitly reject all unsupported ranges mod_http_file_share: Fix off by one in Range response mod_admin_shell, prosodyctl shell: Report command failure when no password entered Minor changes mod_storage_sql: Drop legacy index without confirmation to ease upgrades util.adminstream: Fix traceback on double-close (fixes #1913: Prosody fails to completely stop while shell watch:log is active) certmanager: Improve logging for all cases where certs are skipped mod_tls: Collect full certificate chain validation information mod_s2s: Fix error detection with newer versions of OpenSSL portmanager: Add debug log message to state which certificate we end up using prosodyctl check certs: Use correct hostname in warning message about HTTPS prosodyctl check: Be more robust against invalid disco_items, and show warning spec/tls: Add TLS/certificate integration tests mod_http_file_share: Improve error reporting by using util.error more core.storagemanager: Fix tests by removing an assert that upset luarocks core.usermanager: Fix COMPAT layer for legacy is_admin() function certmanager: Remove obsolete and verbose index log (replaced by shell command) doap: Add XEP-0333, XEP-0334, XEP-0156 and mod_http_altconnect Prosody 13.0.0 Summary See upstream's blog post for an overview of the main features and improvements this release brings. Upgrading It is expected that Prosody 13.0 will function correctly on any config file that is compatible with 0.12. No changes are required, however there may be some recommendations - such as options that have been deprecated or replaced. The best way to find these is to run prosodyctl check config, before and after you upgrade, which will find most issues and suggest a solution. SQL users: A schema upgrade may be required, see below. Common issues SQL schema changes If you are upgrading from an earlier release and you use PostgreSQL or SQLite for storage, Prosody may refuse to initialize storage until you complete a schema upgrade. You may see log messages like this: error Old database format detected. Please run: prosodyctl mod_storage_sql upgrade To check for any necessary schema upgrades and apply them, run: prosodyctl mod_storage_sql upgrade Restart Prosody (systemctl restart prosody) after it completes. Component permissions With the introduction of the new roles and permissions framework, some default permissions have changed slightly. In most cases there is nothing you need to do, but some deployments may need tweaking. The most common component module affected by the change is mod_http_file_share. It will work without any changes if your Component domain is a direct subdomain of your VirtualHost. This means if you have something like VirtualHost "example.com" and Component "upload.example.com" "http_file_share" then youâre all good! Some more unusual configurations may need to explicitly set the permissions. This includes configurations where: The component is not a direct subdomain (e.g. VirtualHost "example.com" with Component "upload.xmpp.example.com" "http_file_share") The component is shared by multiple VirtualHosts In both cases you are probably already using the disco_items option to link the component with the VirtualHost. If you have a single VirtualHost using the component, then under the Component you can set the parent_host option: Component "upload.example.com" "http_file_share" -- Grant permissions for users on the 'xmpp.example.com' VirtualHost parent_host = "xmpp.example.com" If your component is used by multiple VirtualHosts, the easiest thing to do is grant the permissions to every VirtualHost on the current Prosody instance. For this, use the server_user_role option: Component "upload.example.com" "http_file_share" -- Grant permission for all users on this Prosody instance server_user_role = "prosody:registered" Changes New in this release Modules A number of popular modules have transitioned from community modules into Prosody with this release: mod_cloud_notify mod_http_altconnect And the following modules are completely new: mod_account_activity mod_flags mod_s2s_auth_dane_in mod_server_info Administration New prosodyctl check features recommends configuration improvements mod_announce: Add shell commands to send messages to all users, online users, or limited by roles New mod_account_activity plugin records last login/logout time of a user account New watch log command to follow live debug logs at runtime Similarly, watch stanzas can be used to capture XML logs in real-time Networking Honour weight parameter during SRV record selection Support for RFC 8305 âHappy Eyeballsâ to improve IPv4/IPv6 connectivity Support for TCP Fast Open in server_epoll (pending LuaSocket support) Support for deferred accept in server_epoll (pending LuaSocket support) MUC Component admins are no longer room owners by default. This can be reverted to the old behaviour with component_admins_as_room_owners = true, but this has known incompatibilities with some clients. Instead, use the shell or ad-hoc commands to gain ownership of rooms when necessary. Permissions updates: Room creation restricted to local users (of the parent host) by default restrict_room_creation = true restricts to admins, false disables all restrictions Persistent rooms can only be created by local users (parent host) by default muc_room_allow_persistent = false restricts to admins Public rooms can only be created by local users (parent host) by default muc_room_allow_public = false restricts to admins Commands to show occupants and affiliations in the Shell Save âreasonâ text supplied with affiliation change Owners can set MUC avatars (functionality previously in community module mod_vcard_muc) Security and authentication New role and permissions framework and API Ability to disable and enable user accounts A âgrace periodâ is now supported for deletion requests via in-band registration Advertise supported SASL Channel-Binding types (XEP-0440) Implement RFC 9266 âtls-exporterâ channel binding with TLS 1.3 Implement âtls-server-end-pointâ channel binding Full DANE support for s2s No longer check certificate Common Names per RFC 9525 Storage Performance improvements in internal archive stores Ability to use SQLite3 storage with LuaSQLite3 instead of LuaDBI SQLCipher support Module API for developers New âkeyval+â combined keyval/map store type Config interface API can require that string values be picked from a provided set Acceptable interval can be specified for number options Method for parsing time periods / intervals from config Method for retrieving integer settings from config It is now easy for modules to expose a Prosody shell command, by adding a shell- command item Modules can now implement a module.ready method which will be called after server initialization module:depends() now accepts a second parameter âsoftâ to enable soft dependencies Configuration file Configuration file now supports referring and appending to options previously set Direct usage of the Lua API in the config file is deprecated, but can now be accessed via Lua.* instead Convenience functions for reading values from files, with variant meant for credentials or secrets (e.g. from systemd-creds) Changed in this release Support sub-second precision timestamps mod_blocklist: New option âmigrate_legacy_blockingâ to disable migration from mod_privacy Moved all modules into the Lua namespace prosody Forwarded header from RFC 7239 supported, disabled by default mod_http_file_share now uses roles framework, affecting access from e.g. components Intervals of mod_cron managed periodic jobs made configurable When mod_smacks is enabled, s2s connections not responding to ack requests are closed Arguments to prosodyctl shell that start with : are now turned into method calls Support for the roster group access_model in mod_pep Support for systemd socket activation in server_epoll mod_invites_adhoc gained a command for creating password resets mod_cloud_notify imported from community modules for push notification support mod_http_altconnect imported from community modules, simplifying web clients Removed in this release Lua 5.1 support XEP-0090 support removed from mod_time util.rfc6724 -------------------------------------------------------------------------------- ChangeLog: * Sun Apr 6 2025 Robert Scheck <[email protected]> 13.0.1-1 - Upgrade to 13.0.1 (#2352897 #c1) * Tue Apr 1 2025 Robert Scheck <[email protected]> 13.0.0-1 - Upgrade to 13.0.0 (#2352897) - Build against OpenSSL 3 on RHEL 8 (for openssl/param_build.h) * Sat Jan 18 2025 Fedora Release Engineering <[email protected]> - 0.12.5-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2352897 - prosody-13.0.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2352897 -------------------------------------------------------------------------------- This update can be installed with the "yum" update programs. Use su -c 'yum update prosody' at the command line. For more information, refer to "YUM", available at https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7\ /html/System_Administrators_Guide/ch-yum.html All packages are signed with the Fedora EPEL GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------
-- _______________________________________________ epel-package-announce mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
