mirror of
https://mau.dev/maunium/synapse.git
synced 2024-12-15 01:33:52 +01:00
Synapse 1.10.0rc2 (2020-02-06)
============================== Bugfixes -------- - Fix an issue with cross-signing where device signatures were not sent to remote servers. ([\#6844](https://github.com/matrix-org/synapse/issues/6844)) - Fix to the unknown remote device detection which was introduced in 1.10.rc1. ([\#6848](https://github.com/matrix-org/synapse/issues/6848)) Internal Changes ---------------- - Detect unexpected sender keys on remote encrypted events and resync device lists. ([\#6850](https://github.com/matrix-org/synapse/issues/6850)) -----BEGIN PGP SIGNATURE----- iQJEBAABCgAuFiEEumuwyPtYLL2OMhYdOtoG7cdT0R4FAl478l8QHGVyaWtAbWF0 cml4Lm9yZwAKCRA62gbtx1PRHmKfD/0ZpBV95gMk0iecfvO6IY8+0KigzDUypgXf zp1k+k5DBUmH5/83h7+cXWHIJyofv1At1YdIq9J/nNeyqr3V3dcQwPabOKYbI96d kVD0EZX+2NjuYejAuF9eJNdiwRq5yMLluCfnOXr5jCS0NNdpO1xVb4bWYm50RmcD WJvBvmfwXwCC3AFyNb4IAipaVUXuVXXx1YhjFs6DsbtpPUG88e4uIhpfvrS4v0t8 GFJZNuVJStOvyKHHTfNRIMkhy4xidj3HRUMSmjNpx07WnPBnbv4LnUOD1boYxgaP EoODYnoAPshdiKB0AywNNjue3TmFD/Z7vVEzlFP/lNZ4GDU4kN9C/EwFYw0C2Jqq f9O/E2ZuP9Qqume5O9UwMQQAmhV5lMBaIsYRbixU+9bSB893zRHRffA11HypzD00 ZXj8QDOXpiXp2jpAwN1Rk9e/aZEX3qd+zUAgRmk+kYb0KTC2/gcY956rodNSSO/U RFYg4DFvoCgCrRSxZ4LQMlFu3YY2E7qWH+p/OHk3WG79jW64VpEFaytvv8fR+GKq g3EbtWy6mUzlKYqbjZ+ZTUDe5AWdv6ZX8xJqRD/S6cpiwyh6Gp89HHNvBThXoCmK fxkgw8if7eIITuTlNuDrqunxyWqwd3oVlzd2mi2bg0yRfcqJ9C6OuBV1VTLFZeky 3sjCiU0IRw== =kcSy -----END PGP SIGNATURE----- Merge tag 'v1.10.0rc2' into develop Synapse 1.10.0rc2 (2020-02-06) ============================== Bugfixes -------- - Fix an issue with cross-signing where device signatures were not sent to remote servers. ([\#6844](https://github.com/matrix-org/synapse/issues/6844)) - Fix to the unknown remote device detection which was introduced in 1.10.rc1. ([\#6848](https://github.com/matrix-org/synapse/issues/6848)) Internal Changes ---------------- - Detect unexpected sender keys on remote encrypted events and resync device lists. ([\#6850](https://github.com/matrix-org/synapse/issues/6850))
This commit is contained in:
commit
2201ef8556
8 changed files with 90 additions and 23 deletions
18
CHANGES.md
18
CHANGES.md
|
@ -1,7 +1,23 @@
|
||||||
|
Synapse 1.10.0rc2 (2020-02-06)
|
||||||
|
==============================
|
||||||
|
|
||||||
|
Bugfixes
|
||||||
|
--------
|
||||||
|
|
||||||
|
- Fix an issue with cross-signing where device signatures were not sent to remote servers. ([\#6844](https://github.com/matrix-org/synapse/issues/6844))
|
||||||
|
- Fix to the unknown remote device detection which was introduced in 1.10.rc1. ([\#6848](https://github.com/matrix-org/synapse/issues/6848))
|
||||||
|
|
||||||
|
|
||||||
|
Internal Changes
|
||||||
|
----------------
|
||||||
|
|
||||||
|
- Detect unexpected sender keys on remote encrypted events and resync device lists. ([\#6850](https://github.com/matrix-org/synapse/issues/6850))
|
||||||
|
|
||||||
|
|
||||||
Synapse 1.10.0rc1 (2020-01-31)
|
Synapse 1.10.0rc1 (2020-01-31)
|
||||||
==============================
|
==============================
|
||||||
|
|
||||||
**WARNING**: As of this release Synapse validates `client_secret` parameters in the Client-Server API as per the spec. See [\#6766](https://github.com/matrix-org/synapse/issues/6766) for details.
|
**WARNING to client developers**: As of this release Synapse validates `client_secret` parameters in the Client-Server API as per the spec. See [\#6766](https://github.com/matrix-org/synapse/issues/6766) for details.
|
||||||
|
|
||||||
|
|
||||||
Features
|
Features
|
||||||
|
|
|
@ -36,7 +36,7 @@ try:
|
||||||
except ImportError:
|
except ImportError:
|
||||||
pass
|
pass
|
||||||
|
|
||||||
__version__ = "1.10.0rc1"
|
__version__ = "1.10.0rc2"
|
||||||
|
|
||||||
if bool(os.environ.get("SYNAPSE_TEST_PATCH_LOG_CONTEXTS", False)):
|
if bool(os.environ.get("SYNAPSE_TEST_PATCH_LOG_CONTEXTS", False)):
|
||||||
# We import here so that we don't have to install a bunch of deps when
|
# We import here so that we don't have to install a bunch of deps when
|
||||||
|
|
|
@ -77,12 +77,11 @@ class EventTypes(object):
|
||||||
Aliases = "m.room.aliases"
|
Aliases = "m.room.aliases"
|
||||||
Redaction = "m.room.redaction"
|
Redaction = "m.room.redaction"
|
||||||
ThirdPartyInvite = "m.room.third_party_invite"
|
ThirdPartyInvite = "m.room.third_party_invite"
|
||||||
Encryption = "m.room.encryption"
|
|
||||||
RelatedGroups = "m.room.related_groups"
|
RelatedGroups = "m.room.related_groups"
|
||||||
|
|
||||||
RoomHistoryVisibility = "m.room.history_visibility"
|
RoomHistoryVisibility = "m.room.history_visibility"
|
||||||
CanonicalAlias = "m.room.canonical_alias"
|
CanonicalAlias = "m.room.canonical_alias"
|
||||||
Encryption = "m.room.encryption"
|
Encrypted = "m.room.encrypted"
|
||||||
RoomAvatar = "m.room.avatar"
|
RoomAvatar = "m.room.avatar"
|
||||||
RoomEncryption = "m.room.encryption"
|
RoomEncryption = "m.room.encryption"
|
||||||
GuestAccess = "m.room.guest_access"
|
GuestAccess = "m.room.guest_access"
|
||||||
|
|
|
@ -598,7 +598,13 @@ class DeviceListUpdater(object):
|
||||||
# happens if we've missed updates.
|
# happens if we've missed updates.
|
||||||
resync = yield self._need_to_do_resync(user_id, pending_updates)
|
resync = yield self._need_to_do_resync(user_id, pending_updates)
|
||||||
|
|
||||||
logger.debug("Need to re-sync devices for %r? %r", user_id, resync)
|
if logger.isEnabledFor(logging.INFO):
|
||||||
|
logger.info(
|
||||||
|
"Received device list update for %s, requiring resync: %s. Devices: %s",
|
||||||
|
user_id,
|
||||||
|
resync,
|
||||||
|
", ".join(u[0] for u in pending_updates),
|
||||||
|
)
|
||||||
|
|
||||||
if resync:
|
if resync:
|
||||||
yield self.user_device_resync(user_id)
|
yield self.user_device_resync(user_id)
|
||||||
|
|
|
@ -752,29 +752,75 @@ class FederationHandler(BaseHandler):
|
||||||
|
|
||||||
# For encrypted messages we check that we know about the sending device,
|
# For encrypted messages we check that we know about the sending device,
|
||||||
# if we don't then we mark the device cache for that user as stale.
|
# if we don't then we mark the device cache for that user as stale.
|
||||||
if event.type == EventTypes.Encryption:
|
if event.type == EventTypes.Encrypted:
|
||||||
device_id = event.content.get("device_id")
|
device_id = event.content.get("device_id")
|
||||||
|
sender_key = event.content.get("sender_key")
|
||||||
|
|
||||||
|
cached_devices = await self.store.get_cached_devices_for_user(event.sender)
|
||||||
|
|
||||||
|
resync = False # Whether we should resync device lists.
|
||||||
|
|
||||||
|
device = None
|
||||||
if device_id is not None:
|
if device_id is not None:
|
||||||
cached_devices = await self.store.get_cached_devices_for_user(
|
device = cached_devices.get(device_id)
|
||||||
event.sender
|
if device is None:
|
||||||
)
|
|
||||||
if device_id not in cached_devices:
|
|
||||||
logger.info(
|
logger.info(
|
||||||
"Received event from remote device not in our cache: %s %s",
|
"Received event from remote device not in our cache: %s %s",
|
||||||
event.sender,
|
event.sender,
|
||||||
device_id,
|
device_id,
|
||||||
)
|
)
|
||||||
await self.store.mark_remote_user_device_cache_as_stale(
|
resync = True
|
||||||
event.sender
|
|
||||||
|
# We also check if the `sender_key` matches what we expect.
|
||||||
|
if sender_key is not None:
|
||||||
|
# Figure out what sender key we're expecting. If we know the
|
||||||
|
# device and recognize the algorithm then we can work out the
|
||||||
|
# exact key to expect. Otherwise check it matches any key we
|
||||||
|
# have for that device.
|
||||||
|
if device:
|
||||||
|
keys = device.get("keys", {}).get("keys", {})
|
||||||
|
|
||||||
|
if event.content.get("algorithm") == "m.megolm.v1.aes-sha2":
|
||||||
|
# For this algorithm we expect a curve25519 key.
|
||||||
|
key_name = "curve25519:%s" % (device_id,)
|
||||||
|
current_keys = [keys.get(key_name)]
|
||||||
|
else:
|
||||||
|
# We don't know understand the algorithm, so we just
|
||||||
|
# check it matches a key for the device.
|
||||||
|
current_keys = keys.values()
|
||||||
|
elif device_id:
|
||||||
|
# We don't have any keys for the device ID.
|
||||||
|
current_keys = []
|
||||||
|
else:
|
||||||
|
# The event didn't include a device ID, so we just look for
|
||||||
|
# keys across all devices.
|
||||||
|
current_keys = (
|
||||||
|
key
|
||||||
|
for device in cached_devices
|
||||||
|
for key in device.get("keys", {}).get("keys", {}).values()
|
||||||
)
|
)
|
||||||
|
|
||||||
# Immediately attempt a resync in the background
|
# We now check that the sender key matches (one of) the expected
|
||||||
if self.config.worker_app:
|
# keys.
|
||||||
return run_in_background(self._user_device_resync, event.sender)
|
if sender_key not in current_keys:
|
||||||
else:
|
logger.info(
|
||||||
return run_in_background(
|
"Received event from remote device with unexpected sender key: %s %s: %s",
|
||||||
self._device_list_updater.user_device_resync, event.sender
|
event.sender,
|
||||||
)
|
device_id or "<no device_id>",
|
||||||
|
sender_key,
|
||||||
|
)
|
||||||
|
resync = True
|
||||||
|
|
||||||
|
if resync:
|
||||||
|
await self.store.mark_remote_user_device_cache_as_stale(event.sender)
|
||||||
|
|
||||||
|
# Immediately attempt a resync in the background
|
||||||
|
if self.config.worker_app:
|
||||||
|
return run_in_background(self._user_device_resync, event.sender)
|
||||||
|
else:
|
||||||
|
return run_in_background(
|
||||||
|
self._device_list_updater.user_device_resync, event.sender
|
||||||
|
)
|
||||||
|
|
||||||
@log_function
|
@log_function
|
||||||
async def backfill(self, dest, room_id, limit, extremities):
|
async def backfill(self, dest, room_id, limit, extremities):
|
||||||
|
|
|
@ -360,7 +360,7 @@ class RoomCreationHandler(BaseHandler):
|
||||||
(EventTypes.RoomHistoryVisibility, ""),
|
(EventTypes.RoomHistoryVisibility, ""),
|
||||||
(EventTypes.GuestAccess, ""),
|
(EventTypes.GuestAccess, ""),
|
||||||
(EventTypes.RoomAvatar, ""),
|
(EventTypes.RoomAvatar, ""),
|
||||||
(EventTypes.Encryption, ""),
|
(EventTypes.RoomEncryption, ""),
|
||||||
(EventTypes.ServerACL, ""),
|
(EventTypes.ServerACL, ""),
|
||||||
(EventTypes.RelatedGroups, ""),
|
(EventTypes.RelatedGroups, ""),
|
||||||
(EventTypes.PowerLevels, ""),
|
(EventTypes.PowerLevels, ""),
|
||||||
|
|
|
@ -286,7 +286,7 @@ class StatsHandler(StateDeltasHandler):
|
||||||
room_state["history_visibility"] = event_content.get(
|
room_state["history_visibility"] = event_content.get(
|
||||||
"history_visibility"
|
"history_visibility"
|
||||||
)
|
)
|
||||||
elif typ == EventTypes.Encryption:
|
elif typ == EventTypes.RoomEncryption:
|
||||||
room_state["encryption"] = event_content.get("algorithm")
|
room_state["encryption"] = event_content.get("algorithm")
|
||||||
elif typ == EventTypes.Name:
|
elif typ == EventTypes.Name:
|
||||||
room_state["name"] = event_content.get("name")
|
room_state["name"] = event_content.get("name")
|
||||||
|
|
|
@ -744,7 +744,7 @@ class StatsStore(StateDeltasStore):
|
||||||
EventTypes.Create,
|
EventTypes.Create,
|
||||||
EventTypes.JoinRules,
|
EventTypes.JoinRules,
|
||||||
EventTypes.RoomHistoryVisibility,
|
EventTypes.RoomHistoryVisibility,
|
||||||
EventTypes.Encryption,
|
EventTypes.RoomEncryption,
|
||||||
EventTypes.Name,
|
EventTypes.Name,
|
||||||
EventTypes.Topic,
|
EventTypes.Topic,
|
||||||
EventTypes.RoomAvatar,
|
EventTypes.RoomAvatar,
|
||||||
|
@ -816,7 +816,7 @@ class StatsStore(StateDeltasStore):
|
||||||
room_state["history_visibility"] = event.content.get(
|
room_state["history_visibility"] = event.content.get(
|
||||||
"history_visibility"
|
"history_visibility"
|
||||||
)
|
)
|
||||||
elif event.type == EventTypes.Encryption:
|
elif event.type == EventTypes.RoomEncryption:
|
||||||
room_state["encryption"] = event.content.get("algorithm")
|
room_state["encryption"] = event.content.get("algorithm")
|
||||||
elif event.type == EventTypes.Name:
|
elif event.type == EventTypes.Name:
|
||||||
room_state["name"] = event.content.get("name")
|
room_state["name"] = event.content.get("name")
|
||||||
|
|
Loading…
Reference in a new issue