Bump actions/upload-artifact from 3 to 4

.github/container/Dockerfile

@@ -1,9 +1,9 @@
 #' Define default build variables
 ## specifc ARGs for METHOD='direct'
-ARG OTP_VSN='25.3'
-ARG ELIXIR_VSN='1.14.4'
+ARG OTP_VSN='26.2'
+ARG ELIXIR_VSN='1.16.1'
 ## specifc ARGs for METHOD='package'
-ARG ALPINE_VSN='3.17'
+ARG ALPINE_VSN='3.19'
 ## general ARGs
 ARG UID='9000'
 ARG USER='ejabberd'

.github/container/ejabberdctl.template

@@ -15,8 +15,8 @@ SCRIPT_DIR="$(cd "$(dirname "$SCRIPT")" && pwd -P)"
 # shellcheck disable=SC2034
 ERTS_VSN="{{erts_vsn}}"
 ERL="{{erl}}"
-IEX="{{bindir}}/iex"
 EPMD="{{epmd}}"
+IEX="{{iexpath}}"
 COOKIE_FILE="$HOME"/.erlang.cookie
 [ -n "$ERLANG_COOKIE" ] && [ ! -f "$COOKIE_FILE" ] && echo "$ERLANG_COOKIE" > "$COOKIE_FILE" && chmod 400 "$COOKIE_FILE"
 
@@ -60,7 +60,6 @@ done
 # define ejabberd variables if not already defined from the command line
 : "${CONFIG_DIR:="{{config_dir}}"}"
 : "${LOGS_DIR:="{{logs_dir}}"}"
-: "${SPOOL_DIR:="{{spool_dir}}"}"
 : "${EJABBERD_CONFIG_PATH:="$CONFIG_DIR/ejabberd.yml"}"
 : "${EJABBERDCTL_CONFIG_PATH:="$CONFIG_DIR/ejabberdctl.cfg"}"
 # Allows passing extra Erlang command-line arguments in vm.args file
@@ -69,6 +68,7 @@ done
 [ -f "$EJABBERDCTL_CONFIG_PATH" ] && . "$EJABBERDCTL_CONFIG_PATH"
 [ -n "$ERLANG_NODE_ARG" ] && ERLANG_NODE="$ERLANG_NODE_ARG"
 [ "$ERLANG_NODE" = "${ERLANG_NODE%.*}" ] && S="-s"
+: "${SPOOL_DIR:="{{spool_dir}}"}"
 : "${EJABBERD_LOG_PATH:="$LOGS_DIR/ejabberd.log"}"
 
 # define erl parameters
@@ -90,11 +90,12 @@ ERL_CRASH_DUMP="$LOGS_DIR"/erl_crash_$(date "+%Y%m%d-%H%M%S").dump
 ERL_INETRC="$CONFIG_DIR"/inetrc
 
 # define ejabberd parameters
-EJABBERD_OPTS="$EJABBERD_OPTS\
-$(sed '/^log_rotate_size/!d;s/:[ \t]*\([0-9]\{1,\}\).*/ \1/;s/:[ \t]*\(infinity\).*/ \1/;s/^/ /' "$EJABBERD_CONFIG_PATH")\
-$(sed '/^log_rotate_count/!d;s/:[ \t]*\([0-9]*\).*/ \1/;s/^/ /' "$EJABBERD_CONFIG_PATH")\
-$(sed '/^log_burst_limit_count/!d;s/:[ \t]*\([0-9]*\).*/ \1/;s/^/ /' "$EJABBERD_CONFIG_PATH")\
-$(sed '/^log_burst_limit_window_time/!d;s/:[ \t]*\([0-9]*[a-z]*\).*/ \1/;s/^/ /' "$EJABBERD_CONFIG_PATH")"
+EJABBERD_OPTS="\
+$(sed '/^log_rotate_size/!d;s/:[ \t]*\([0-9]\{1,\}\).*/ \1/;s/:[ \t]*\(infinity\).*/ \1 /;s/^/ /' "$EJABBERD_CONFIG_PATH")\
+$(sed '/^log_rotate_count/!d;s/:[ \t]*\([0-9]*\).*/ \1 /;s/^/ /' "$EJABBERD_CONFIG_PATH")\
+$(sed '/^log_burst_limit_count/!d;s/:[ \t]*\([0-9]*\).*/ \1 /;s/^/ /' "$EJABBERD_CONFIG_PATH")\
+$(sed '/^log_burst_limit_window_time/!d;s/:[ \t]*\([0-9]*[a-z]*\).*/ \1 /;s/^/ /' "$EJABBERD_CONFIG_PATH")\
+$EJABBERD_OPTS"
 [ -n "$EJABBERD_OPTS" ] && EJABBERD_OPTS="-ejabberd $EJABBERD_OPTS"
 EJABBERD_OPTS="-mnesia dir \"$SPOOL_DIR\" $MNESIA_OPTIONS $EJABBERD_OPTS -s ejabberd"
 
@@ -199,6 +200,39 @@ livewarning()
     fi
 }
 
+check_etop_result()
+{
+    result=$?
+    if [ $result -eq 1 ] ; then
+        echo ""
+        echo "It seems there was some problem running 'ejabberdctl etop'."
+        echo "Is the error message something like this?"
+        echo "  Failed to load module 'etop' because it cannot be found..."
+        echo "Then probably ejabberd was compiled with development tools disabled."
+        echo "To use 'etop', recompile ejabberd with: ./configure --enable-tools"
+        echo ""
+        exit $result
+    fi
+}
+
+check_iex_result()
+{
+    result=$?
+    if [ $result -eq 127 ] ; then
+        echo ""
+        echo "It seems there was some problem finding 'iex' binary from Elixir."
+        echo "Probably ejabberd was compiled with Rebar3 and Elixir disabled, like:"
+        echo "  ./configure"
+        echo "which is equivalent to:"
+        echo "  ./configure --with-rebar=rebar3 --disable-elixir"
+        echo "To use 'iex', recompile ejabberd enabling Elixir or using Mix:"
+        echo "  ./configure --enable-elixir"
+        echo "  ./configure --with-rebar=mix"
+        echo ""
+        exit $result
+    fi
+}
+
 help()
 {
     echo ""
@@ -228,7 +262,9 @@ help()
 
 # dynamic node name helper
 uid() {
-  if erl -noinput -boot start_clean -eval 'case erlang:system_info(otp_release) >= "23" of true -> halt(1); _ -> halt(0) end.' ; then
+  ERTSVERSION="$("$ERL" -version 2>&1 | sed 's|.*\([0-9][0-9]\).*|\1|g')"
+  if [ $ERTSVERSION -lt 11 ] ; then # otp 23.0 includes erts 11.0
+    # Erlang/OTP lower than 23, which doesn's support dynamic node code
     N=1
     PF=$(( $$ % 97 ))
     while
@@ -241,11 +277,12 @@ uid() {
           ;;
       esac
       N=$(( N + 1 + ( $$ % 5 ) ))
-      epmd -names 2>/dev/null | grep -q " ${NN%@*} "
+      "$EPMD" -names 2>/dev/null | grep -q " ${NN%@*} "
     do :; done
     echo $NN
   else
-    # for R23+ use native dynamic node code
+    # Erlang/OTP 23 or higher: use native dynamic node code
+    # https://www.erlang.org/patches/otp-23.0#OTP-13812
     echo undefined
   fi
 }
@@ -363,19 +400,22 @@ case $1 in
         ;;
     etop)
         set_dist_client
-        exec_erl "$(uid top)" -hidden -node "$ERLANG_NODE" \
+        exec_erl "$(uid top)" -hidden -remsh "$ERLANG_NODE" \
                  -eval 'net_kernel:connect_node('"'$ERLANG_NODE'"')' \
                  -s etop \
-                 -s erlang halt -output text
+                 -output text
+        check_etop_result
         ;;
     iexdebug)
         debugwarning
         set_dist_client
         exec_iex "$(uid debug)" --remsh "$ERLANG_NODE"
+        check_iex_result
         ;;
     iexlive)
         livewarning
         exec_iex "$ERLANG_NODE" --erl "$EJABBERD_OPTS"
+        check_iex_result
         ;;
     ping)
         PEER=${2:-$ERLANG_NODE}

.github/dependabot.yml

@@ -0,0 +1,18 @@
+version: 2
+
+updates:
+
+  - package-ecosystem: "docker"
+    directory: "/.github/container/"
+    schedule:
+      interval: "weekly"
+
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+
+  - package-ecosystem: "mix"
+    directory: "/"
+    schedule:
+      interval: "weekly"

.github/workflows/ci.yml

@@ -301,7 +301,7 @@ jobs:
 
     - name: Upload CT logs
       if: failure()
-      uses: actions/upload-artifact@v3
+      uses: actions/upload-artifact@v4
       with:
         name: ejabberd-ct-logs-${{matrix.otp}}
         #

.github/workflows/codacy.yml

@@ -0,0 +1,86 @@
+name: Codacy Security Scan
+
+on:
+  push:
+    branches: [ "dependabot" ]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ "dependabot" ]
+  schedule:
+    - cron: '45 13 * * 6'
+
+
+jobs:
+  codacy-security-scan:
+    name: Codacy Security Scan
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@main
+
+      - name: Setup Checkov
+        run: |
+          sed -i '/PASSWORD/i #checkov:skip=CKV_SECRET_6:' .github/workflows/ci.yml
+          sed -i '/PASSWORD/i #checkov:skip=CKV_SECRET_6:' test/docker/docker-compose.yml
+
+      - name: Setup CSSlint
+        run: |
+          echo "{\"exclude-list\": [\"priv/css/\"]}" > .csslintrc
+
+      - name: Setup Markdownlint
+        run: |
+          sed -i '1i\<!-- markdownlint-disable -->' .github/ISSUE_TEMPLATE/bug_report.md
+          sed -i '1i\<!-- markdownlint-disable -->' .github/ISSUE_TEMPLATE/feature_request.md
+          sed -i '1i\<!-- markdownlint-disable MD013 -->' CODE_OF_CONDUCT.md
+          sed -i '1i\<!-- markdownlint-disable MD004 MD013 MD025 MD032 MD033 -->' CHANGELOG.md
+          sed -i '1i\<!-- markdownlint-disable MD012 MD013 MD033 MD040 MD041 -->' README.md
+          sed -i '1i\<!-- markdownlint-disable MD013 MD040 -->' test/docker/README.md
+          sed -i '1i\<!-- markdownlint-disable MD003 MD012 MD013 MD029 MD031 MD032 MD040 MD041 -->' CONTAINER.md
+          sed -i '1i\<!-- markdownlint-disable MD012 MD013 MD031 MD040 MD046 -->' COMPILE.md
+          sed -i '1i\<!-- markdownlint-disable MD004 MD012 MD013 MD031 MD032 MD033 -->' CONTRIBUTING.md
+          sed -i '1i\<!-- markdownlint-disable MD013 -->' CONTRIBUTORS.md
+
+      - name: Setup Shellcheck
+        run: |
+          sed -i '1a\# shellcheck disable=all' tools/captcha-ng.sh
+          sed -i '1a\# shellcheck disable=SC2013,SC3014,SC3060' tools/check_xep_versions.sh
+
+      - name: Setup Stylelint
+        run: |
+          sed -i '1i\/* stylelint-disable */' priv/css/admin.css
+          sed -i '1i\/* stylelint-disable */' priv/css/bosh.css
+          sed -i '1i\/* stylelint-disable */' priv/css/muc.css
+          sed -i '1i\/* stylelint-disable */' priv/css/oauth.css
+          sed -i '1i\/* stylelint-disable */' priv/css/register.css
+
+      - name: Setup TSQLlint
+        run: |
+          sed -i '1i\-- tsqllint-disable' sql/*.sql
+          sed -i '1s\disable\disable data-compression set-transaction-isolation-level\' sql/mssql*.sql
+
+      - name: Remove escript files which are not shell scripts
+        run: |
+          rm tools/extract-tr.sh
+          rm tools/hook_deps.sh
+          rm tools/opt_types.sh
+
+      - name: Run Codacy Analysis CLI
+        uses: codacy/codacy-analysis-cli-action@master
+        with:
+          output: results.sarif
+          format: sarif
+          # Adjust severity of non-security issues
+          gh-code-scanning-compat: true
+          # Force 0 exit code to allow SARIF file generation
+          # This will hand over control about PR rejection to the GitHub side
+          max-allowed-issues: 2147483647
+
+      - name: Clean duplicates
+        run:
+          jq '.runs |= unique_by({tool, invocations, results})' <results.sarif >codacy.sarif
+
+      # Upload the SARIF file generated in the previous step
+      - name: Upload SARIF results file
+        uses: github/codeql-action/upload-sarif@main
+        with:
+          sarif_file: codacy.sarif

README.md

@@ -37,9 +37,9 @@ Installation
 There are several ways to install ejabberd:
 
 - Source code: compile yourself, see [COMPILE](COMPILE.md)
-- Installers from [ProcessOne Download][p1download] or [ejabberd GitHub Releases][releases] (run/deb/rpm for x64 and arm64)
-- `ecs` container image available in [Docker Hub][hubecs] and [Github Packages][packagesecs], see [ecs README][docker-ecs-readme] (for x64)
-- `ejabberd` container image available in [Github Packages][packages], see [CONTAINER](CONTAINER.md) (for x64 and arm64)
+- Installers: [ProcessOne Download][p1download] and [GitHub Releases][releases] for releases, [GitHub Actions](https://github.com/processone/ejabberd/actions/workflows/installers.yml) for master branch (run/deb/rpm for x64 and arm64)
+- `ecs` container image: [Docker Hub][hubecs] and [Github Packages][packagesecs], see [ecs README][docker-ecs-readme] (for x64)
+- `ejabberd` container image: [Github Packages][packages] for releases and master branch, see [CONTAINER](CONTAINER.md) (for x64 and arm64)
 - Using your [Operating System package][osp]
 - Using the [Homebrew][homebrew] package manager
 
@@ -71,6 +71,10 @@ or in your local machine as explained in [Localization][localization].
 
 Documentation for developers is available in [ejabberd docs: Developers][docs-dev].
 
+There are nightly builds of ejabberd, both for `master` branch and for Pull Requests:
+- Installers: go to [GitHub Actions: Installers](https://github.com/processone/ejabberd/actions/workflows/installers.yml), open the most recent commit, on the bottom of that commit page, download the `ejabberd-packages.zip` artifact.
+- `ejabberd` container image: go to [ejabberd Github Packages][packages]
+
 Security reports or concerns should preferably be reported privately,
 please send an email to the address: contact at process-one dot net
 or some other method from [ProcessOne Contact][p1contact].
@@ -123,3 +127,4 @@ and [ejabberd translations](https://github.com/processone/ejabberd-po/) under MI
 [xeps]: https://www.process-one.net/en/ejabberd/protocols/
 [xmpp]: https://xmpp.org/
 [xmppej]: https://xmpp.org/software/servers/ejabberd/
+

ejabberdctl.template

@@ -249,7 +249,9 @@ help()
 
 # dynamic node name helper
 uid() {
-  if erl -noinput -boot start_clean -eval 'case erlang:system_info(otp_release) >= "23" of true -> halt(1); _ -> halt(0) end.' ; then
+  ERTSVERSION="$("$ERL" -version 2>&1 | sed 's|.*\([0-9][0-9]\).*|\1|g')"
+  if [ $ERTSVERSION -lt 11 ] ; then # otp 23.0 includes erts 11.0
+    # Erlang/OTP lower than 23, which doesn's support dynamic node code
     N=1
     PF=$(( $$ % 97 ))
     while
@@ -262,11 +264,12 @@ uid() {
           ;;
       esac
       N=$(( N + 1 + ( $$ % 5 ) ))
-      epmd -names 2>/dev/null | grep -q " ${NN%@*} "
+      "$EPMD" -names 2>/dev/null | grep -q " ${NN%@*} "
     do :; done
     echo $NN
   else
-    # for R23+ use native dynamic node code
+    # Erlang/OTP 23 or higher: use native dynamic node code
+    # https://www.erlang.org/patches/otp-23.0#OTP-13812
     echo undefined
   fi
 }

src/ejabberd_ctl.erl

@@ -898,7 +898,7 @@ print_usage_command2(Cmd, C, MaxC, ShCode) ->
 
     IsDefinerMod = case Definer of
                      unknown -> true;
-                     _ -> lists:member(gen_mod, proplists:get_value(behaviour, Definer:module_info(attributes)))
+                     _ -> lists:member([gen_mod], proplists:get_all_values(behaviour, Definer:module_info(attributes)))
                  end,
     ModuleFmt = case IsDefinerMod of
                     true -> ["  ",?B("Module"),": ", atom_to_list(Definer), "\n\n"];

test/ejabberd_SUITE.erl

@@ -897,7 +897,8 @@ presence_broadcast(Config) ->
     IQ = #iq{type = get,
 	     from = JID,
 	     sub_els = [#disco_info{node = Node}]} = recv_iq(Config),
-    #message{type = normal} = recv_message(Config),
+    #message{type = normal,
+             subject = [#text{lang = <<"en">>,data = <<"Welcome!">>}]} = recv_message(Config),
     #presence{from = JID, to = JID} = recv_presence(Config),
     send(Config, #iq{type = result, id = IQ#iq.id,
 		     to = JID, sub_els = [Info]}),

tools/make-binaries

@@ -70,9 +70,9 @@ termcap_vsn='1.3.1'
 expat_vsn='2.5.0'
 zlib_vsn='1.3'
 yaml_vsn='0.2.5'
-ssl_vsn='1.1.1w'
-otp_vsn='26.1.1'
-elixir_vsn='1.15.6'
+ssl_vsn='3.2.1'
+otp_vsn='26.2.2'
+elixir_vsn='1.16.1'
 pam_vsn='1.5.2'
 png_vsn='1.6.40'
 jpeg_vsn='9e'
@@ -180,7 +180,7 @@ check_configured_dep_vsns()
 {
 	check_vsn 'OpenSSL' "$ssl_vsn" \
 	          'https://www.openssl.org/source/' \
-	          'openssl-\(1\.[0-9][0-9a-z.]*\)\.tar\.gz'
+	          'openssl-\(3\.[1-9]\.[0-9.]*\)\.tar\.gz'
 	check_vsn 'LibYAML' "$yaml_vsn" \
 	          'https://pyyaml.org/wiki/LibYAML' \
 	          'yaml-\([0-9][0-9.]*\)\.tar\.gz'
@@ -578,9 +578,11 @@ build_deps()
 
 	info "Building OpenSSL $ssl_vsn for $arch-$libc ..."
 	cd "$target_src_dir/$ssl_dir"
-	CFLAGS="$CFLAGS -O3 -fPIC" ./Configure no-shared no-ui-console \
+	CFLAGS="$CFLAGS -O3 -fPIC" \
+	    ./Configure no-shared no-module no-ui-console \
 	    --prefix="$prefix" \
 	    --openssldir="$prefix" \
+	    --libdir='lib' \
 	    "linux-${target%-linux-*}"
 	make build_libs
 	make install_dev