maxmustermann/synapse
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Merge branch 'release-v1.10.0' into matrix-org-hotfixes

Browse source
This commit is contained in:
Richard van der Hoff 2020-02-10 09:54:40 +00:00
parent 8a29def84a 8e64c5a24c
commit f8a1e0d1d2
9 changed files with 45 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
.buildkite/scripts/test_old_deps.sh Executable file
View file

@ -0,0 +1,18 @@
#!/bin/bash
# this script is run by buildkite in a plain `xenial` container; it installs the
# minimal requirements for tox and hands over to the py35-old tox environment.
set -ex
apt-get update
apt-get install -y python3.5 python3.5-dev python3-pip libxml2-dev libxslt-dev zlib1g-dev
# workaround for https://github.com/jaraco/zipp/issues/40
python3.5 -m pip install 'setuptools>=34.4.0'
python3.5 -m pip install tox
export LANG="C.UTF-8"
exec tox -e py35-old,combine

18
CHANGES.md
View file

@ -1,7 +1,23 @@
Synapse 1.10.0rc2 (2020-02-06)
==============================
Bugfixes
--------
- Fix an issue with cross-signing where device signatures were not sent to remote servers. ([\#6844](https://github.com/matrix-org/synapse/issues/6844))
- Fix to the unknown remote device detection which was introduced in 1.10.rc1. ([\#6848](https://github.com/matrix-org/synapse/issues/6848))
Internal Changes
----------------
- Detect unexpected sender keys on remote encrypted events and resync device lists. ([\#6850](https://github.com/matrix-org/synapse/issues/6850))
Synapse 1.10.0rc1 (2020-01-31)
==============================
**WARNING**: As of this release Synapse validates `client_secret` parameters in the Client-Server API as per the spec. See [\#6766](https://github.com/matrix-org/synapse/issues/6766) for details.
**WARNING to client developers**: As of this release Synapse validates `client_secret` parameters in the Client-Server API as per the spec. See [\#6766](https://github.com/matrix-org/synapse/issues/6766) for details.
Features

1
changelog.d/6844.bugfix
View file

@ -1 +0,0 @@
Fix an issue with cross-signing where device signatures were not sent to remote servers.

1
changelog.d/6848.bugfix
View file

@ -1 +0,0 @@
Fix detecting unknown devices from remote encrypted events.

1
changelog.d/6850.misc
View file

@ -1 +0,0 @@
Detect unexpected sender keys on inbound encrypted events and resync device lists.

1
changelog.d/6878.feature Normal file
View file

@ -0,0 +1 @@
Filter out m.room.aliases from the CS API to mitigate abuse while a better solution is specced.

1
changelog.d/6880.misc Normal file
View file

@ -0,0 +1 @@
Fix continuous integration failures with old versions of `pip`, which were introduced by a release of the `zipp` library.

2
synapse/__init__.py
View file

@ -36,7 +36,7 @@ try:
except ImportError:
pass
__version__ = "1.10.0rc1"
__version__ = "1.10.0rc2"
if bool(os.environ.get("SYNAPSE_TEST_PATCH_LOG_CONTEXTS", False)):
# We import here so that we don't have to install a bunch of deps when

7
synapse/visibility.py
View file

@ -122,6 +122,13 @@ def filter_events_for_client(
if not event.is_state() and event.sender in ignore_list:
return None
# Until MSC2261 has landed we can't redact malicious alias events, so for
# now we temporarily filter out m.room.aliases entirely to mitigate
# abuse, while we spec a better solution to advertising aliases
# on rooms.
if event.type == EventTypes.Aliases:
return None
# Don't try to apply the room's retention policy if the event is a state event, as
# MSC1763 states that retention is only considered for non-state events.
if apply_retention_policies and not event.is_state():