Merge branch 'v0.10.2-fixes'
This commit is contained in:
commit
2fde381a82
13
CHANGELOG.md
13
CHANGELOG.md
@ -1,5 +1,18 @@
|
|||||||
# Changelog
|
# Changelog
|
||||||
|
|
||||||
|
## [0.10.2] -- 2022-09-22
|
||||||
|
|
||||||
|
### Security release
|
||||||
|
|
||||||
|
- Fixes potential secret poisoning by the homeserver
|
||||||
|
- A crash when validation malicious html
|
||||||
|
|
||||||
|
Thanks to the matrix.org security team for disclosing this issue.
|
||||||
|
|
||||||
|
An update is highly recommended. Otherwise you can temporarily protect against
|
||||||
|
this issue by not verifying your own devices and not pressing the request button
|
||||||
|
in the setting.
|
||||||
|
|
||||||
## [0.10.1] -- 2022-09-07
|
## [0.10.1] -- 2022-09-07
|
||||||
|
|
||||||
### Highlights
|
### Highlights
|
||||||
|
@ -107,7 +107,7 @@ include(GNUInstallDirs)
|
|||||||
|
|
||||||
set(CPACK_PACKAGE_VERSION_MAJOR "0")
|
set(CPACK_PACKAGE_VERSION_MAJOR "0")
|
||||||
set(CPACK_PACKAGE_VERSION_MINOR "10")
|
set(CPACK_PACKAGE_VERSION_MINOR "10")
|
||||||
set(CPACK_PACKAGE_VERSION_PATCH "1")
|
set(CPACK_PACKAGE_VERSION_PATCH "2")
|
||||||
set(PROJECT_VERSION_MAJOR ${CPACK_PACKAGE_VERSION_MAJOR})
|
set(PROJECT_VERSION_MAJOR ${CPACK_PACKAGE_VERSION_MAJOR})
|
||||||
set(PROJECT_VERSION_MINOR ${CPACK_PACKAGE_VERSION_MINOR})
|
set(PROJECT_VERSION_MINOR ${CPACK_PACKAGE_VERSION_MINOR})
|
||||||
set(PROJECT_VERSION_PATCH ${CPACK_PACKAGE_VERSION_PATCH})
|
set(PROJECT_VERSION_PATCH ${CPACK_PACKAGE_VERSION_PATCH})
|
||||||
|
10
appveyor.yml
10
appveyor.yml
@ -1,6 +1,6 @@
|
|||||||
---
|
---
|
||||||
|
|
||||||
version: 0.10.1-{build}
|
version: 0.10.2-{build}
|
||||||
|
|
||||||
configuration: Release
|
configuration: Release
|
||||||
image: Visual Studio 2022
|
image: Visual Studio 2022
|
||||||
@ -29,8 +29,8 @@ build_script:
|
|||||||
# VERSION format: branch-master/branch-1.2
|
# VERSION format: branch-master/branch-1.2
|
||||||
# INSTVERSION format: x.y.z
|
# INSTVERSION format: x.y.z
|
||||||
# WINVERSION format: 9999.0.0.123/1.2.0.234
|
# WINVERSION format: 9999.0.0.123/1.2.0.234
|
||||||
- if "%APPVEYOR_REPO_TAG%"=="false" set INSTVERSION=0.10.1
|
- if "%APPVEYOR_REPO_TAG%"=="false" set INSTVERSION=0.10.2
|
||||||
- if "%APPVEYOR_REPO_TAG%"=="false" set VERSION=0.10.1
|
- if "%APPVEYOR_REPO_TAG%"=="false" set VERSION=0.10.2
|
||||||
- if "%APPVEYOR_REPO_TAG%"=="false" if "%APPVEYOR_REPO_BRANCH%"=="master" set INSTVERSION=9999.0
|
- if "%APPVEYOR_REPO_TAG%"=="false" if "%APPVEYOR_REPO_BRANCH%"=="master" set INSTVERSION=9999.0
|
||||||
- if "%APPVEYOR_REPO_TAG%"=="false" set WINVERSION=%INSTVERSION%.0.%APPVEYOR_BUILD_NUMBER%
|
- if "%APPVEYOR_REPO_TAG%"=="false" set WINVERSION=%INSTVERSION%.0.%APPVEYOR_BUILD_NUMBER%
|
||||||
# VERSION format: v1.2.3/v1.3.4
|
# VERSION format: v1.2.3/v1.3.4
|
||||||
@ -92,8 +92,8 @@ after_build:
|
|||||||
- copy %BUILD%\deploy\installer\gui\package.xml installer\packages\io.github.nhekoreborn.nheko\meta
|
- copy %BUILD%\deploy\installer\gui\package.xml installer\packages\io.github.nhekoreborn.nheko\meta
|
||||||
- copy %BUILD%\deploy\installer\gui\installscript.qs installer\packages\io.github.nhekoreborn.nheko\meta
|
- copy %BUILD%\deploy\installer\gui\installscript.qs installer\packages\io.github.nhekoreborn.nheko\meta
|
||||||
# Amend version and date
|
# Amend version and date
|
||||||
- sed -i "s/__VERSION__/0.10.1/" installer\config\config.xml
|
- sed -i "s/__VERSION__/0.10.2/" installer\config\config.xml
|
||||||
- sed -i "s/__VERSION__/0.10.1/" installer\packages\io.github.nhekoreborn.nheko\meta\package.xml
|
- sed -i "s/__VERSION__/0.10.2/" installer\packages\io.github.nhekoreborn.nheko\meta\package.xml
|
||||||
- sed -i "s/__DATE__/%DATE%/" installer\packages\io.github.nhekoreborn.nheko\meta\package.xml
|
- sed -i "s/__DATE__/%DATE%/" installer\packages\io.github.nhekoreborn.nheko\meta\package.xml
|
||||||
# Copy nheko data
|
# Copy nheko data
|
||||||
- xcopy NhekoData\*.* installer\packages\io.github.nhekoreborn.nheko\data\*.* /s /e /c /y
|
- xcopy NhekoData\*.* installer\packages\io.github.nhekoreborn.nheko\data\*.* /s /e /c /y
|
||||||
|
@ -61,6 +61,7 @@
|
|||||||
<url type="homepage">https://github.com/Nheko-Reborn/nheko</url>
|
<url type="homepage">https://github.com/Nheko-Reborn/nheko</url>
|
||||||
<update_contact>https://github.com/Nheko-Reborn</update_contact>
|
<update_contact>https://github.com/Nheko-Reborn</update_contact>
|
||||||
<releases>
|
<releases>
|
||||||
|
<release date="2022-09-28" version="0.10.2"/>
|
||||||
<release date="2022-09-07" version="0.10.1"/>
|
<release date="2022-09-07" version="0.10.1"/>
|
||||||
<release date="2022-07-22" version="0.10.0"/>
|
<release date="2022-07-22" version="0.10.0"/>
|
||||||
<release date="2022-03-25" version="0.9.3"/>
|
<release date="2022-03-25" version="0.9.3"/>
|
||||||
|
@ -342,10 +342,13 @@ handle_olm_message(const OlmMessage &msg, const UserKeyCache &otherUserDeviceKey
|
|||||||
if (msg.sender != local_user.to_string())
|
if (msg.sender != local_user.to_string())
|
||||||
return;
|
return;
|
||||||
|
|
||||||
auto secret_name = request_id_to_secret_name.find(e->content.request_id);
|
auto secret_name_it = request_id_to_secret_name.find(e->content.request_id);
|
||||||
|
|
||||||
if (secret_name != request_id_to_secret_name.end()) {
|
if (secret_name_it != request_id_to_secret_name.end()) {
|
||||||
nhlog::crypto()->info("Received secret: {}", secret_name->second);
|
auto secret_name = secret_name_it->second;
|
||||||
|
request_id_to_secret_name.erase(secret_name_it);
|
||||||
|
|
||||||
|
nhlog::crypto()->info("Received secret: {}", secret_name);
|
||||||
|
|
||||||
mtx::events::msg::SecretRequest secretRequest{};
|
mtx::events::msg::SecretRequest secretRequest{};
|
||||||
secretRequest.action = mtx::events::msg::RequestAction::Cancellation;
|
secretRequest.action = mtx::events::msg::RequestAction::Cancellation;
|
||||||
@ -358,15 +361,24 @@ handle_olm_message(const OlmMessage &msg, const UserKeyCache &otherUserDeviceKey
|
|||||||
return;
|
return;
|
||||||
|
|
||||||
auto deviceKeys = cache::userKeys(local_user.to_string());
|
auto deviceKeys = cache::userKeys(local_user.to_string());
|
||||||
|
if (!deviceKeys)
|
||||||
|
return;
|
||||||
|
|
||||||
std::string sender_device_id;
|
std::string sender_device_id;
|
||||||
if (deviceKeys) {
|
for (auto &[dev, key] : deviceKeys->device_keys) {
|
||||||
for (auto &[dev, key] : deviceKeys->device_keys) {
|
if (key.keys["curve25519:" + dev] == msg.sender_key) {
|
||||||
if (key.keys["curve25519:" + dev] == msg.sender_key) {
|
sender_device_id = dev;
|
||||||
sender_device_id = dev;
|
break;
|
||||||
break;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
if (!verificationStatus->verified_devices.count(sender_device_id) ||
|
||||||
|
!verificationStatus->verified_device_keys.count(msg.sender_key) ||
|
||||||
|
verificationStatus->verified_device_keys.at(msg.sender_key) !=
|
||||||
|
crypto::Trust::Verified) {
|
||||||
|
nhlog::net()->critical(
|
||||||
|
"Received secret from unverified device {}! Ignoring!", sender_device_id);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
std::map<mtx::identifiers::User,
|
std::map<mtx::identifiers::User,
|
||||||
std::map<std::string, mtx::events::msg::SecretRequest>>
|
std::map<std::string, mtx::events::msg::SecretRequest>>
|
||||||
@ -380,19 +392,17 @@ handle_olm_message(const OlmMessage &msg, const UserKeyCache &otherUserDeviceKey
|
|||||||
http::client()->send_to_device<mtx::events::msg::SecretRequest>(
|
http::client()->send_to_device<mtx::events::msg::SecretRequest>(
|
||||||
http::client()->generate_txn_id(),
|
http::client()->generate_txn_id(),
|
||||||
body,
|
body,
|
||||||
[name = secret_name->second](mtx::http::RequestErr err) {
|
[secret_name](mtx::http::RequestErr err) {
|
||||||
if (err) {
|
if (err) {
|
||||||
nhlog::net()->error("Failed to send request cancellation "
|
nhlog::net()->error("Failed to send request cancellation "
|
||||||
"for secrect "
|
"for secrect "
|
||||||
"'{}'",
|
"'{}'",
|
||||||
name);
|
secret_name);
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
|
|
||||||
nhlog::crypto()->info("Storing secret {}", secret_name->second);
|
nhlog::crypto()->info("Storing secret {}", secret_name);
|
||||||
cache::client()->storeSecret(secret_name->second, e->content.secret);
|
cache::client()->storeSecret(secret_name, e->content.secret);
|
||||||
|
|
||||||
request_id_to_secret_name.erase(secret_name);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
} else if (auto sec_req = std::get_if<DeviceEvent<msg::SecretRequest>>(&device_event)) {
|
} else if (auto sec_req = std::get_if<DeviceEvent<msg::SecretRequest>>(&device_event)) {
|
||||||
|
Loading…
Reference in New Issue
Block a user