Skip to content
This repository
Fetching contributors…

Octocat-spinner-32-eaf2f5

Cannot retrieve contributors at this time

file 581 lines (404 sloc) 18.257 kb
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548 549 550 551 552 553 554 555 556 557 558 559 560 561 562 563 564 565 566 567 568 569 570 571 572 573 574 575 576 577 578 579 580
This file contains news, important changes
and upgrade instructions between different versions of jabberd2.


* 2.2.17 to 2.3.0 upgrade:

What changed:
- Renamed non-standard UPGRADE file overwriting outdated NEWS file
- Semantic Versioning: http://semver.org/
- TLS Everywhere: https://github.com/stpeter/manifesto
- Required GSASL >=1.1
- jabberd should compile without warnings
- out-of-source builds should work
- pgsql: authreg password_type support
- pgsql: schema support
- ldapvcard: groupattr works even if no groupattr_regex defined
- ldapfull: checks for ldap group membership on login
- vCard: Assume tel phone is voice phone
- MySQL: default password hashing algorithm changed to SHA512
- out-conn-reuse s2s.xml option naming unified
- XML parse error will log buffer details
- CRAM-MD5 auth support
- router private key cachain and password support
- hashed passwords support in SQLite3 storage


* 2.2.16 to 2.2.17 upgrade:

What changed:
- cppunit was replaced by check framework
- Fixed build with debug disabled


* 2.2.15 to 2.2.16 upgrade:

What changed:
- Debug logging into file implemented
  See etc/*.xml.dist for instructions
- Unit tests are not mandatory
  See --enable-tests/--disable-tests option for ./configure
- Fix for invalid default router.xml (Unterminated XML comment tag)


* 2.2.14 to 2.2.15 upgrade:

What changed:
- Merged config variables expansion
- Group extraction by RegExp from LDAP
- A1HASH passwords support for MySQL
- PBX integration pipe implementation
- Enable/disable debug output with signals USR1/USR2
- '-i ID' command line option
- DB query rate limitting
- Domain whitelisting support
- Support enforcing TLS secured S2S connections only
- Simple message logging to a directory
- MIO kqueue implementation
- Support for see-other-host stream redirects
- Unit tests

You will need cppunit(-devel) installed to get the tests built.
See example configuration files on how to enable new features.


* 2.2.13 to 2.2.14 upgrade:

What changed:
- There are example upstart configuration files in etc/ you may use.

* 2.2.12 to 2.2.13 upgrade:

What changed:
- New authentication option 'bind' for authreg_ldapfull
  See etc/c2s.xml.dist for instructions
- Stream Compression for S2S connections
  See etc/c2s.xml.dist for instructions


* 2.2.11 to 2.2.12 upgrade:

What changed:
- published-roster
  Uses displayName to populate published-roster name and fallbacks to cn.


* 2.2.10 to 2.2.11 upgrade:

What changed:
- only bugfixes


* 2.2.9 to 2.2.10 upgrade:

What changed:
- removed mod_disco_publish (it was removed from XEP-0030)

Remove <module>disco-publish</module> lines from your sm.xml.


* 2.2.8 to 2.2.9 upgrade:

What changed:
- Implemented component clustering
- Many virtual hosts in one SM process
- FreeBSD kqueue support
- Implemented PBX integration interface
- crypt() password support for LDAP backend

There is new <local/> section in sm.xml. You may use it to configure domains
serviced by the SM process. Old style domain name in <id/> section still works
for backward compatibility, but the <local/> section overrides it.
You need to give different <id/> names to SM instances participating in
clustering. Router needs a way to differenciate these.

There is new <pbx/> section in c2s.xml configuration file. Please see it if you
want to use the PBX integration.


* 2.2.7 to 2.2.8 upgrade:

What changed:
- User can message/query own resources
- Settable size for vCard image field
- Proper server disco#info answer
- Support for /etc/hosts lookup (as a last resort)
- Workaround for Java SSL bug (Google servers connection problems)

You may configure the vCard field size limit in sm.xml.
Look at sm.xml.dist for example.


* 2.2.6 to 2.2.7.1 upgrade:

What changed:
- Fixed issue with not supported but advertised SASL integrity protection
- Workaround for buggy Java TLS implementation affecting OpenFire and GTalk

There is nothing for you to do.


* 2.2.5 to 2.2.6 upgrade:

What changed:
- added ip.origin option to s2s.xml
- Implemented GSASL qop-int integrity checks
- Implemented router-filter packet logging

See etc/s2s.xml and etc/router-filter.xml for new options.


* 2.2.4 to 2.2.5 upgrade:
This is a bugfix release. There are almost none visible changes.
NAD caching was removed. This should reduce memory usage and
memory growth (at a cost of little more CPU usage).
A key was added to the 'status' table in MySQL. This improves performance
for queries to that table. The is recommended for everyone, but will have
the biggest impact for installations with a large number of signons and
signoffs. It only affects installations with mod_status enabled.
You can add the key by running this statement:
ALTER TABLE status ADD KEY (`collection-owner`(255));


* 2.2.3 to 2.2.4 upgrade:

What changed:
- [WIN32] libidn & gsasl downloads are now at GNU servers
- Detecting unrecoverable stream errors on establishing an outgoing s2s connection
- Do not offer compression if STARTTLS is required and not enabled
- Return better error on STARTTLS required failure
- [WIN32] Don't override server.pem on upgrade
- [WIN32] Add TLS server certificate for default win32 c2s config
- [WIN32] Don't fail when service fails to start (Should popup ignore box)
- Implemented logging of compressed conection established
- Implemented My IP Address extension

Fortunately you do not need to configure anything to observe these changes,
but you should be aware of them to not get surprised.


* 2.2.2 to 2.2.3 upgrade:

What changed:
- GnuSASL 0.2.27 is required
- GSSAPI support

Upgrade gsasl to 0.2.27.
You may use GSSAPI if you have it configured. Add <gssapi/> to c2s.xml mechanizms.


* 2.2.1 to 2.2.2 upgrade:

What changed:
- SCOD is gone (again)
- implemented rate limiting throtling
- option to limit stanzas per second

See io.limits.stanzas section in etc/c2s.xml.dist and copy to yours c2s.xml.
Now, when you rate limit your clients, they are throttled instead of disconnected.


* 2.2.0 to 2.2.1 upgrade:

What changed:
- new ./configure option --without-subst
- fixed router-filter
- fixed rate limiting
- removed "leaking" caches etc.

You may disable the "license unsure" subst/ function replacements library
with --without-subst. This allows Debian to include jabberd.
Please see example router-filter.xml for additional notes how it works.
(Please note that filter does not match resources as suggested before.)
You may now expect rate limiting to actually work.
Jabberd should now grow memory usage like before, but may eat a bit more CPU power.


* 2.1.24 to 2.2.0 upgrade:

What changed:
- UDNS library required
- GnuSASL 0.2.26 or higher version required
- resolver component removed
- fixed SSL handling

Install UDNS http://www.corpit.ru/mjt/udns.html and upgrade GSASL to
at least 0.2.26 version.
Resolver is now built in S2S component, so you need to add <lookup/> section
to your s2s.xml config. Then remove resolver component from your configuration.
Please check your verify-mode setting in c2s.xml, and make sure it is what you
wanted. See SSL_CTX_set_verify(3) manual page.


* 2.1.23 to 2.1.24 upgrade:

What changed:
- server component presences

Look at etc/sm.xml.dist to see how 'pkt-sm' chain should look now.


* 2.1.22 to 2.1.23 upgrade:

What changed:
- XEP-0232: Software Information implemented
- BerkeleyDB dump and 2-MySQL migrations scripts in tools
- Updated sources to build on win32 again

See sm.xml.dist config for disco-extend chain snippet for software information
to add to your sm.xml.
See tools/db-update.sqlite for win32 database upgrade script for win32.

* 2.1.21 to 2.1.22 upgrade:

What changed:
- MySQL 5.0+ dependency
- moved --enable-sasl configure option to --with-sasl


* 2.1.20 to 2.1.21 upgrade:

What changed:
- LDAP backend <query/> option

See c2s.xml.dist for example, how to use news <query/> option, that
allows you to customize the query sent to LDAP server.


* 2.1.19 to 2.1.20 upgrade:

What changed:
- added missing XEP-0054 fields
- server vcard support
- new authreg ldapfull, storage ldapvcard and sm roster-publish modules
- implemented maximum stanza size limit
- disabled CyrusSASL backend compilation

You need to add missing columns to "vcard" table:
ALTER TABLE vcard ADD "jabberid" text, ADD "mailer" text, ADD "uid" text;
See c2s.xml and sm.xml for options of new modules and stanzasize.


* 2.1.18 to 2.1.19 upgrade:

What changed:
- mod_status stores full last presence stanza
- so called "offline status" support
  (sending last unavailable presence stanza for unavailable users)

You need to add "xml" column to "status" table:
ALTER TABLE "status" ADD COLUMN "xml" TEXT;


* 2.1.17 to 2.1.18 upgrade:

What changed:
- implemented /webstatus service

If you want to allow users of other servers to store their presence information
in your "status" database table, add status.resource section and status module
in 'pkt-sm' chain in sm.xml. See sm.xml.dist for reference.


* 2.1.16 to 2.1.17 upgrade:

What changed:
- s2s maximum fds option implemented

If you want to configure maximum file descriptors for s2s, look in s2s.xml.dist
for io/max_fds option, that mirrors the same option from c2s.xml.


* 2.1.15 to 2.1.16 upgrade:

What changed:
- Offline storage does not store headline messages by default
- XEP-0157: Contact Addresses for XMPP Services
- --enable-superseded ./configure option
- Messages are delivered to all resources with highest priority number
  in accordance to RFC3921bis changes
- XEP-0138: Stream Compression
- XEP-0198: Stanza Acknowledgements
- Dynamic virtual hosts support
- Packet througput counters implemented
- XEP-0202: Entity Time, XEP-0203: Delayed Delivery

If you want to store headline messages in offlinestorage, enable
<storeheadlines/> in sm.xml. See etc/sm.xml.dist for reference.
If you want to set XEP-0157: Contact Addresses please see
etc/sm.xml.dist discovery.serverinfo section for example configuration
to include in sm.xml. You need to add new chain 'disco-extend' section
and discovery/sserverinfo section to configuration.
If you wish, you may use --disable-superseded option during ./configure
to disable all features, that was superseded by newer ones.
If you want to enable stream compression, please uncomment proper section
in c2s.xml.
If you want to enable XEP-0198, please give --enable-experimental parameter
to ./configure script.
If you configure an <id/> in c2s.xml with no hostname, it will be used as
a fallback default configuration for running SM with no configured <id/>.
See <stats/> sections in c2s.xml and s2s.xml for reference how to configure
packet counters.


* 2.1.14 to 2.1.15 upgrade:

Only bug and compilation fixes. No configuration changes needed.


* 2.1.13 to 2.1.14 upgrade:

What changed:
- Oracle authreg backend

You may use Oracle backend to store your user data too. See c2s.xml.dist.


* 2.1.12 to 2.1.13 upgrade:

Only bug and compilation fixes. No configuration changes needed.


* 2.1.11 to 2.1.12 upgrade:

What changed:
- PQconnectdb PostgreSQL connection method
- using pg_config to find PostgreSQL

For the PQconnectdb see <conninfo/> in etc/c2s.xml.dist and etc/sm.xml.dist.
You may add --enable-pgsql=/path/to/pg_config to ./configure to get PostgreSQL
paths using pg_config.


* 2.1.10 to 2.1.11 upgrade:

Only bug and compliance fixes. No configuration changes needed.


* 2.1.9 to 2.1.10 upgrade:

What changed:
- configure SASL backend fallback removed
- user roster items limit support

If you want to use other than GnuSASL backend for SASL, you need to enforce it
by --with-sasl=BACKEND option to ./configure. There is no fallback anymore,
because other backends are not supported and mostly do not work.
If you want to limit user roster items, please see etc/sm.xml.dist for reference.


* 2.1.8 to 2.1.9 upgrade:

What changed:
- logging formats
- oob redirection during registration

If you use log analysers please note that c2s and s2s connect messages have
now a "TLS negotiated" indicator at the end. For s2s it was "SSL negotiated".
c2s disconnection message now has user JID included.
If you want to use oob redirection during registration, please see
etc/c2s.xml.dist for reference.


* 2.1.7 to 2.1.8 upgrade:

What changed:
- SASL backend selection method

During ./configure use --with-sasl=BACKEND instead of --enable-gsasl
and --enable-cyrus.


* 2.1.6 to 2.1.7 upgrade:

What changed:
- MySQL connection defaults to UTF-8 now
- Removed support for ZeroK authentication

Please make sure that the encoding of the data in your MySQL DB is UTF-8
or is convertable by MySQL to UTF-8.
You may remove the 'token', 'sequence' and 'hash' columns in authreg table.


* 2.1.5 to 2.1.6 upgrade:

What changed:
- implemented XEP-0199: XMPP ping
- sysconfdir isn't changed to .../etc/jabberd anymore
- SASL backend is now GnuSASL by default with Cyrus as an alternative
- configure.in was renamed to configure.ac
- strndup() and timegm() implementations in subst/
- PATH_MAX definition added when necessary

Add <module>iq-ping</module> to in-sess and pkt-sm chains in sm.xml.
You need to explicitly set --sysconfdir with jabberd subdir if you want to.
You need to --disable-gsasl and --enable-cyrus if you need to use Cyrus SASL.
Remove all source dependant patches for missing functions if you have ones.


* 2.1.4 to 2.1.5 upgrade:

What changed:
- auth/reg/storage modules are now loaded dynamically at runtime
- MySQL storage backend is not enabled by default

Dynamic modules should run out of box once installed (make install).
If you need to configure other than the compiled-in path for it, please refer
to the c2s.xml.dist and sm.xml.dist for a proper <path/> option.
You will need to explicitly --enable-mysql during ./configure if you want to
use MySQL backends.


* 2.1.3 to 2.1.4 upgrade:

What changed:
- full SQLite support
- PostgreSQL NULL parameters handling
- more than one LDAP server support
- new LDAP append-realm setting
- correct CA chain handling

Please refer to sm.xml.dist and c2s.xml.dist for new config sections and add
them to your config files.
Please read these example files to see how to setup your CA chain correctly.
You may also remove cachain option from c2s.xml.
You may remove hostname form PostgreSQL setup to access it via unix socket.


* 2.1 to 2.1.3 upgrade:

What changed:
- c2s.xml added <ssl-mechanisms/> section
- c2s PAM authenticator now handles realm setting
- libjabberd moved from /usr/lib to /usr/lib/jabberd
- removed bootstrap script - use: autoreconf --install if you build from sources

If you want to use new SSL aware auth mechanizms please merge <ssl-mechanisms/>
section of c2s.xml.dist into your c2s.xml config file.
Remove any realm setting for PAM authenticated domains or setup your PAM system
to handle additional realms.
If you use modules.path in sm.xml, add .../jabberd/ at the end.


* 2.0 to 2.1 upgrade:

What changed:
- c2s.xml local/id syntax:
- DB schema
- amp and status modules
- CyrusSASL usage


Upgrade:

Basically all <local/> subitems and registration options from section
<register/> are configurable per-realm now. So you need to move pemfile,
verify-mode, require-starttls to <id/> attributes.
You may also use subitems of <local/> as before, and these will be used
for legacy port 5223 SSL wrapper.

Options require-starttls, register-enable and password-change ale boolean.
These are enabled if set to anything. 'true' seems reasonable for clarity.
WARNING: Setting 'false' doesn't disable it!!!

When you disabled new registrations for a realm not setting register-enable,
you may wish to set password-change to enable users to change password.

For new options like httpforward, see example c2s.xml for reference.


DB changes:
You need to add the following fields to the "vcard" table:

ALTER TABLE vcard ADD COLUMN "tz" text;
ALTER TABLE vcard ADD COLUMN "n-middle" text;
ALTER TABLE vcard ADD COLUMN "n-prefix" text;
ALTER TABLE vcard ADD COLUMN "n-suffix" text;
ALTER TABLE vcard ADD COLUMN "n-prefx" text;
ALTER TABLE vcard ADD COLUMN "n-suffix" text;
ALTER TABLE vcard ADD COLUMN "adr-street" text;
ALTER TABLE vcard ADD COLUMN "adr-extadd" text;
ALTER TABLE vcard ADD COLUMN "adr-pobox" text;
ALTER TABLE vcard ADD COLUMN "adr-locality" text;
ALTER TABLE vcard ADD COLUMN "adr-region" text;
ALTER TABLE vcard ADD COLUMN "adr-pcode" text;
ALTER TABLE vcard ADD COLUMN "adr-country" text;
ALTER TABLE vcard ADD COLUMN "geo-lat" text;
ALTER TABLE vcard ADD COLUMN "geo-lon" text;
ALTER TABLE vcard ADD COLUMN "org-orgname" text;
ALTER TABLE vcard ADD COLUMN "agent-extval" text;
ALTER TABLE vcard ADD COLUMN "sort-string" text;
ALTER TABLE vcard ADD COLUMN "desc" text;
ALTER TABLE vcard ADD COLUMN "note" text;
ALTER TABLE vcard ADD COLUMN "photo-type" text;
ALTER TABLE vcard ADD COLUMN "photo-binval" text;
ALTER TABLE vcard ADD COLUMN "photo-extval" text;
ALTER TABLE vcard ADD COLUMN "logo-type" text;
ALTER TABLE vcard ADD COLUMN "logo-binval" text;
ALTER TABLE vcard ADD COLUMN "logo-extval" text;
ALTER TABLE vcard ADD COLUMN "sound-phonetic" text;
ALTER TABLE vcard ADD COLUMN "sound-binval" text;
ALTER TABLE vcard ADD COLUMN "sound-extval" text;
ALTER TABLE vcard ADD COLUMN "key-type" text;
ALTER TABLE vcard ADD COLUMN "key-cred" text;
ALTER TABLE vcard ADD COLUMN "rev" text;

and create table "status":

CREATE TABLE "status" (
    "collection-owner" text PRIMARY KEY,
    "object-sequence" bigint,
    "status" text NOT NULL,
    "show" text,
    "last-login" int DEFAULT '0',
    "last-logout" int DEFAULT '0' );

NOTE: PostgreSQL schema was greatly improved as a whole.
It might be a good idea to dump your data (as INSERTS), recreate DB from
new schema and import data back again.


New modules: amp and status

In order for amp and status session manager modules to work, you need to
add them to appropriate chains in sm.xml and set their configuration options.
Chains needed to be updated: sess-start, sess-end, in-sess, pkt-sm, pkt-user
and user-delete. For details see sm.xml.dist.


CyrusSASL

You need working CyrusSASL installation. Please take care to include all
required auth modules. Especially cyrus-sasl-md5 and cyrus-sasl-plain.




Please report all errors of this howto to:
http://bugs.xiaoka.com/proj3

Tomasz Sterna <tomek@xiaoka.com>
Something went wrong with that request. Please try again.