Merge branch 'v0.10.2-fixes'
This commit is contained in:
commit
2fde381a82
13
CHANGELOG.md
13
CHANGELOG.md
@ -1,5 +1,18 @@
|
||||
# Changelog
|
||||
|
||||
## [0.10.2] -- 2022-09-22
|
||||
|
||||
### Security release
|
||||
|
||||
- Fixes potential secret poisoning by the homeserver
|
||||
- A crash when validation malicious html
|
||||
|
||||
Thanks to the matrix.org security team for disclosing this issue.
|
||||
|
||||
An update is highly recommended. Otherwise you can temporarily protect against
|
||||
this issue by not verifying your own devices and not pressing the request button
|
||||
in the setting.
|
||||
|
||||
## [0.10.1] -- 2022-09-07
|
||||
|
||||
### Highlights
|
||||
|
@ -107,7 +107,7 @@ include(GNUInstallDirs)
|
||||
|
||||
set(CPACK_PACKAGE_VERSION_MAJOR "0")
|
||||
set(CPACK_PACKAGE_VERSION_MINOR "10")
|
||||
set(CPACK_PACKAGE_VERSION_PATCH "1")
|
||||
set(CPACK_PACKAGE_VERSION_PATCH "2")
|
||||
set(PROJECT_VERSION_MAJOR ${CPACK_PACKAGE_VERSION_MAJOR})
|
||||
set(PROJECT_VERSION_MINOR ${CPACK_PACKAGE_VERSION_MINOR})
|
||||
set(PROJECT_VERSION_PATCH ${CPACK_PACKAGE_VERSION_PATCH})
|
||||
|
10
appveyor.yml
10
appveyor.yml
@ -1,6 +1,6 @@
|
||||
---
|
||||
|
||||
version: 0.10.1-{build}
|
||||
version: 0.10.2-{build}
|
||||
|
||||
configuration: Release
|
||||
image: Visual Studio 2022
|
||||
@ -29,8 +29,8 @@ build_script:
|
||||
# VERSION format: branch-master/branch-1.2
|
||||
# INSTVERSION format: x.y.z
|
||||
# WINVERSION format: 9999.0.0.123/1.2.0.234
|
||||
- if "%APPVEYOR_REPO_TAG%"=="false" set INSTVERSION=0.10.1
|
||||
- if "%APPVEYOR_REPO_TAG%"=="false" set VERSION=0.10.1
|
||||
- if "%APPVEYOR_REPO_TAG%"=="false" set INSTVERSION=0.10.2
|
||||
- if "%APPVEYOR_REPO_TAG%"=="false" set VERSION=0.10.2
|
||||
- if "%APPVEYOR_REPO_TAG%"=="false" if "%APPVEYOR_REPO_BRANCH%"=="master" set INSTVERSION=9999.0
|
||||
- if "%APPVEYOR_REPO_TAG%"=="false" set WINVERSION=%INSTVERSION%.0.%APPVEYOR_BUILD_NUMBER%
|
||||
# VERSION format: v1.2.3/v1.3.4
|
||||
@ -92,8 +92,8 @@ after_build:
|
||||
- copy %BUILD%\deploy\installer\gui\package.xml installer\packages\io.github.nhekoreborn.nheko\meta
|
||||
- copy %BUILD%\deploy\installer\gui\installscript.qs installer\packages\io.github.nhekoreborn.nheko\meta
|
||||
# Amend version and date
|
||||
- sed -i "s/__VERSION__/0.10.1/" installer\config\config.xml
|
||||
- sed -i "s/__VERSION__/0.10.1/" installer\packages\io.github.nhekoreborn.nheko\meta\package.xml
|
||||
- sed -i "s/__VERSION__/0.10.2/" installer\config\config.xml
|
||||
- sed -i "s/__VERSION__/0.10.2/" installer\packages\io.github.nhekoreborn.nheko\meta\package.xml
|
||||
- sed -i "s/__DATE__/%DATE%/" installer\packages\io.github.nhekoreborn.nheko\meta\package.xml
|
||||
# Copy nheko data
|
||||
- xcopy NhekoData\*.* installer\packages\io.github.nhekoreborn.nheko\data\*.* /s /e /c /y
|
||||
|
@ -61,6 +61,7 @@
|
||||
<url type="homepage">https://github.com/Nheko-Reborn/nheko</url>
|
||||
<update_contact>https://github.com/Nheko-Reborn</update_contact>
|
||||
<releases>
|
||||
<release date="2022-09-28" version="0.10.2"/>
|
||||
<release date="2022-09-07" version="0.10.1"/>
|
||||
<release date="2022-07-22" version="0.10.0"/>
|
||||
<release date="2022-03-25" version="0.9.3"/>
|
||||
|
@ -342,10 +342,13 @@ handle_olm_message(const OlmMessage &msg, const UserKeyCache &otherUserDeviceKey
|
||||
if (msg.sender != local_user.to_string())
|
||||
return;
|
||||
|
||||
auto secret_name = request_id_to_secret_name.find(e->content.request_id);
|
||||
auto secret_name_it = request_id_to_secret_name.find(e->content.request_id);
|
||||
|
||||
if (secret_name != request_id_to_secret_name.end()) {
|
||||
nhlog::crypto()->info("Received secret: {}", secret_name->second);
|
||||
if (secret_name_it != request_id_to_secret_name.end()) {
|
||||
auto secret_name = secret_name_it->second;
|
||||
request_id_to_secret_name.erase(secret_name_it);
|
||||
|
||||
nhlog::crypto()->info("Received secret: {}", secret_name);
|
||||
|
||||
mtx::events::msg::SecretRequest secretRequest{};
|
||||
secretRequest.action = mtx::events::msg::RequestAction::Cancellation;
|
||||
@ -358,15 +361,24 @@ handle_olm_message(const OlmMessage &msg, const UserKeyCache &otherUserDeviceKey
|
||||
return;
|
||||
|
||||
auto deviceKeys = cache::userKeys(local_user.to_string());
|
||||
if (!deviceKeys)
|
||||
return;
|
||||
|
||||
std::string sender_device_id;
|
||||
if (deviceKeys) {
|
||||
for (auto &[dev, key] : deviceKeys->device_keys) {
|
||||
if (key.keys["curve25519:" + dev] == msg.sender_key) {
|
||||
sender_device_id = dev;
|
||||
break;
|
||||
}
|
||||
for (auto &[dev, key] : deviceKeys->device_keys) {
|
||||
if (key.keys["curve25519:" + dev] == msg.sender_key) {
|
||||
sender_device_id = dev;
|
||||
break;
|
||||
}
|
||||
}
|
||||
if (!verificationStatus->verified_devices.count(sender_device_id) ||
|
||||
!verificationStatus->verified_device_keys.count(msg.sender_key) ||
|
||||
verificationStatus->verified_device_keys.at(msg.sender_key) !=
|
||||
crypto::Trust::Verified) {
|
||||
nhlog::net()->critical(
|
||||
"Received secret from unverified device {}! Ignoring!", sender_device_id);
|
||||
return;
|
||||
}
|
||||
|
||||
std::map<mtx::identifiers::User,
|
||||
std::map<std::string, mtx::events::msg::SecretRequest>>
|
||||
@ -380,19 +392,17 @@ handle_olm_message(const OlmMessage &msg, const UserKeyCache &otherUserDeviceKey
|
||||
http::client()->send_to_device<mtx::events::msg::SecretRequest>(
|
||||
http::client()->generate_txn_id(),
|
||||
body,
|
||||
[name = secret_name->second](mtx::http::RequestErr err) {
|
||||
[secret_name](mtx::http::RequestErr err) {
|
||||
if (err) {
|
||||
nhlog::net()->error("Failed to send request cancellation "
|
||||
"for secrect "
|
||||
"'{}'",
|
||||
name);
|
||||
secret_name);
|
||||
}
|
||||
});
|
||||
|
||||
nhlog::crypto()->info("Storing secret {}", secret_name->second);
|
||||
cache::client()->storeSecret(secret_name->second, e->content.secret);
|
||||
|
||||
request_id_to_secret_name.erase(secret_name);
|
||||
nhlog::crypto()->info("Storing secret {}", secret_name);
|
||||
cache::client()->storeSecret(secret_name, e->content.secret);
|
||||
}
|
||||
|
||||
} else if (auto sec_req = std::get_if<DeviceEvent<msg::SecretRequest>>(&device_event)) {
|
||||
|
Loading…
Reference in New Issue
Block a user