The JDK 7 signature of ConcurrentHashMap#keySet() returns a Set, while JDK 8 signature
returns a KeySetView, which is a new class in JDK 8. As a result, using Java 7 to run
an Openfire instance that is compiled with Java 8 (using the -source/-target 1.7
compilation flags) causes a java.lang.NoSuchMethodError.

To work around this problem, this commit applies a workaround as presented by
Martin Buchholz in https://bugs.openjdk.java.net/browse/JDK-8151366

alter statements (at least in oracle 11g or earlier) do not allow the
COLUMN keyword after ADD in an ALTER statement
Conflicts:
	src/database/upgrade/23/openfire_oracle.sql

OF-1157

Will build on bamboo + debian with java7 as well

Conflicts:
	build/debian/rules

 * will maintain this on the ignite bamboo server as a symlink

The abstract implementation of GroupProvider should not hide the thrown
clause as defined by the createGroup() signature.

When validating a certificate chain, the provided chain aught to be ordered. If our
own ordering fails, we should use the first certifcate of the (unordered) chain,
instead of failing completely.

untested by me, just a simple s/7/8/ with the debian build files

Stored preferences of encryption protocols and/or cipher suites might include
non-supported items. To prevent issues, the list of preferences should be checked
against the currently supported items.

Denote Openfire 4.0.2 Release

Since the release of Openfire 3.9.3, users have reported problems with
"ghost" sessions left on the server. After reviewing the changes that
went into the 3.9.3 release, it seemed the fix for OF-464 may have had
some side effect causing this.

Since Igniterealtime's Openfire was reproducing OF-829, I did a test
whereby the functional changes of Igniterealtime/Openfire#ad08cae9
were reverted.  After 36 hours, there were no ghosts!

This will likely necessitate reopening OF-464.

IQ result should be the last stanza. This way, clients know that the
last archived message has arrived.

Some user providers might not provide a creation date for each user. There's no
reason that the Admin Console should not be able to cope with that.

With the current implementation, any user can send the register IQ to register with
a room as a 'member'. This also allows outcasts, that were banned from a room, to be
able to register again as a member, and eventually re-join the room. The solution is
to prevent outcasts from registering with the room.

In dom4j, the default namespace of an element cannot be set by adding
a namespace that has an empty-string prefix. Although the string
representation of the element will be correct, that namespace is not
being recognized as the default namespace of the element (instead, it
is a namespace like any other prefixed namespace, to be used in child
elements).

The original code depends on a whitespace to be present within the limits
of the element. This is not safe (eg: <message><foo/></message> fails).
Instead, the closing characters ( > or /> ) of the first element should
be used, as that's guaranteed to be present.

A change introduced in Openfire 3.10.3 (OF-938) changed how the BOSH
implementation would add default namespace definitions where applicable.
This new implementation depends on a space from being present in the
outer stanza. The 'fin' element that's transmitted here is wrapped in
a message stanza without any attributes ( <message><fin ... ) which
caused the namespace to be injected in the fin element (where the first
space was).

This commit adds a 'to' attribute to the wrapping message stanza, to
allow for users to work around the problem without having to update
Openfire itself.

The BOSH implementation will be adjusted to account for this in another
commit.

When a room occupant sends an availability update to a host in an
Openfire cluster, other users cannot join the room from other hosts in
the cluster. The availability update causes the other hosts to lose an
occupant's role and affiliation. New occupants encounter an NPE when
joining and are prevented from joining the room. Specifically, the NPE
occurs when Openfire attempts to send initial presences for current
occupants.

Remote hosts in the cluster lose the occupant's association because the
local room simply broadcasts the presence packet for the occupant's
availability update. Because it is from the client, this packet does not
have the occupant's role or affiliation. The remote hosts treat the
presence packet as the occupant's presence without modification.

This fix changes the order in which Openfire handles an availability
update. First, it updates its local view of an occupant's presence. This
populates the correct association. Then, it broadcasts the updated
presence to remote hosts in the cluster.

In the current read scheme for Openfire, it is possible that due
to variable width encoding that we sometimes only create a
string with a partial character.

This breaks the message text and causes encoding issues when read.

This change modifies the way the characters are
read to use an bytearrayoutputstream and
only do the string conversion once.

Since we only do the string creation once after the full
buffer is read, we no longer have encoding
issues with broken unicode characters.

In #routeToComponent, it is first checked if the component is being hosted in the local JVM. If it was not found, then all nodes in the ComponentsCache are checked to find if the component is hosted by one of those. In this process, the local routing table is again searched for the component, because it may have been added after the previous check. However, after this search, there is no null check done for the searched route. This results in an NPE when the component was not found locally and the #process(packet) method is called on the object. 

This also prevents the code from searching other nodes that may have been in the nodes set. Added a null check to prevent this scenario.

See XEP-0016, example 50.

Patch submitted by community member lukzie.

This commit moves jetty 9.2.9 to 9.2.14, which currently is the
latest release of it 9.2 branch.

Conflicts:
	build/lib/versions.txt

Ensure cluster listener is properly initialized (and destroyed).

The unmodifiable collection in the original code is not immutable: when
the original collection is modified, this is reflected (which can cause
problems in iterators created from the unmodifiable collection). This
commit creates a new collection to prevent this from happening.