Commit Graph

17295 Commits

Author SHA1 Message Date
Patrick Cloke
fedb632d0a Synapse 1.15.2 (2020-07-02)
===========================
 
 Due to the two security issues highlighted below, server administrators are
 encouraged to update Synapse. We are not aware of these vulnerabilities being
 exploited in the wild.
 
 Security advisory
 -----------------
 
 * A malicious homeserver could force Synapse to reset the state in a room to a
   small subset of the correct state. This affects all Synapse deployments which
   federate with untrusted servers. ([96e9afe6](96e9afe625))
 * HTML pages served via Synapse were vulnerable to clickjacking attacks. This
   predominantly affects homeservers with single-sign-on enabled, but all server
   administrators are encouraged to upgrade. ([ea26e9a9](ea26e9a98b))
 
   This was reported by [Quentin Gliech](https://sandhose.fr/).
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEF3tZXk38tRDFVnUIM/xY9qcRMEgFAl799QkACgkQM/xY9qcR
 MEhKzQ/+JJCbIuaymKQuyZRRt4b2ylXmMjfM8LpYgwk1vEUN2z+NNt4pmbFQtvdJ
 Q1unHToDIK8b080DMagAc55MEF8GRtl8D411iGgSDeI/AqgVnsBTOW1cd7gDc0LC
 eEs3jwnL5TYDeZYZUGqu+OfoPbdGnUX8ywQYTXk8y0njELwnoJdMuHSMq8kgsMur
 eQ1cryevidpJiDQZlZFJQzlGoMrr4Aq94BZHooXfAdJnwCoIR/EVW4iie8GKSaNa
 OT5tVYg8l4KzBOWZBrtXeeIKVNh7HHie8aJRJVXAGq/3vAEDT8HTAxPNJ6Ru4DA9
 2VrflzmuRl9phxybfq2m1G1AvNkOlKu67e21YTSKK9EG/52VJoSXzKEeP9hdMfj5
 v/Xfm7v1WqolukZZMc9zyleCoAK2Znu32/0/PYGsgw/vX7wGoCORdP22/vVfuCni
 ZpUkZPlCA5XyD4QAyegzTVlp94IRI5oCErl6v1mESAaSkKyaGZ5jejTFWzOsKMuo
 TpyCLLz6ZKLCtxsU6e7nGwDV7dX2iztq8fGf9+8lFsdXCbdI0YsyzAE8reehK9lL
 rYxzl7fV+m6kzYg+pu3bfjH/YYgkPTvnV4juCOT/LQV7P3sEJAQrYBceIpAzyuS7
 t0kCWTfX4UDrt1XbouuWJnvIHAFOG5/o/BEyhkQmW1c3GvDe8Jo=
 =QQ4B
 -----END PGP SIGNATURE-----

Merge tag 'v1.15.2'

Synapse 1.15.2 (2020-07-02)
===========================

Due to the two security issues highlighted below, server administrators are
encouraged to update Synapse. We are not aware of these vulnerabilities being
exploited in the wild.

Security advisory
-----------------

* A malicious homeserver could force Synapse to reset the state in a room to a
  small subset of the correct state. This affects all Synapse deployments which
  federate with untrusted servers. ([96e9afe6](96e9afe625))
* HTML pages served via Synapse were vulnerable to clickjacking attacks. This
  predominantly affects homeservers with single-sign-on enabled, but all server
  administrators are encouraged to upgrade. ([ea26e9a9](ea26e9a98b))

  This was reported by [Quentin Gliech](https://sandhose.fr/).
2020-07-02 10:54:29 -04:00
Patrick Cloke
244649b7d5 Remove an extraneous space. 2020-07-02 10:53:14 -04:00
Patrick Cloke
5ae0a4cf76 Add links to the fixes. 2020-07-02 10:45:22 -04:00
Patrick Cloke
1d61a24f42 Fix tense in the release notes. 2020-07-02 10:41:11 -04:00
Patrick Cloke
e8c36e527d 1.15.2 2020-07-02 10:35:59 -04:00
Erik Johnston
96e9afe625 Correctly handle outliers as prev events over federation 2020-07-02 10:00:33 -04:00
Patrick Cloke
ea26e9a98b Ensure that HTML pages served from Synapse include headers to avoid embedding. 2020-07-02 09:58:31 -04:00
reivilibre
e5808c4cfb
Hack to add push priority to push notifications (#7765)
* Remove obsolete comment about ancient temporary code

Signed-off-by: Olivier Wilkinson (reivilibre) <olivier@librepush.net>

* Implement hack to set push priority

based on whether the tweaks indicate the event might cause
effects.

* Changelog for 7765

Signed-off-by: Olivier Wilkinson (reivilibre) <olivier@librepush.net>

* Antilint

* Add tests for push priority

Signed-off-by: Olivier Wilkinson (reivilibre) <olivier@librepush.net>

* Update synapse/push/httppusher.py

Co-authored-by: Brendan Abolivier <babolivier@matrix.org>

* Antilint

* Remove needless invites from tests.

Co-authored-by: Brendan Abolivier <babolivier@matrix.org>
2020-07-01 17:02:31 +01:00
Richard van der Hoff
e866512367
Add early returns to _check_for_soft_fail (#7769)
my editor was complaining about unset variables, so let's add some early
returns to fix that and reduce indentation/cognitive load.
2020-07-01 16:41:19 +01:00
Richard van der Hoff
f01e2ca039
Use symbolic names for replication stream names (#7768)
This makes it much easier to find where streams are referenced.
2020-07-01 16:35:40 +01:00
Richard van der Hoff
a6eae69ffe
Type checking for FederationHandler (#7770)
fix a few things to make this pass mypy.
2020-07-01 16:21:02 +01:00
Erik Johnston
1e03513f9a
Fix new metric where we used ms instead of seconds (#7771)
Introduced in #7755, not yet released.
2020-07-01 15:23:58 +01:00
Richard van der Hoff
244dbb04f7
Fix incorrect error message when database CTYPE was set incorrectly. (#7760) 2020-07-01 13:56:16 +01:00
Andrew Morgan
8718021469 Pin link in CHANGES.md 2020-07-01 11:47:25 +01:00
Andrew Morgan
70e506f0aa Fixes to CHANGES.md 2020-07-01 11:42:01 +01:00
Andrew Morgan
dc80a0762d 1.16.0rc1 2020-07-01 11:26:58 +01:00
Brendan Abolivier
74d3e177f0
Back out MSC2625 implementation (#7761) 2020-07-01 11:08:25 +01:00
Patrick Cloke
71cccf1593
Additional configuration options for auto-join rooms (#7763) 2020-06-30 15:41:36 -04:00
Erik Johnston
a99658074d
Add some metrics for inbound and outbound federation processing times (#7755) 2020-06-30 16:58:06 +01:00
Andrew Morgan
2f6afdd8b4
Explain the purpose of the "tests" conditional dependency requirement (#7751) 2020-06-30 10:11:36 +01:00
Erik Johnston
831b31e563
Add another yield point to state res v2 (#7746) 2020-06-26 10:44:52 +01:00
Andrew Morgan
177b2d0c19
Move flake8 to end. Don't exit script on failure (#7738) 2020-06-25 17:58:55 +01:00
Dagfinn Ilmari Mannsåker
b099ef07d6
Make tox actions work on Debian 10 (#7703)
- Remove the requirement for a specific version of Python
- Move dep comment to a separate line, Tox 3.7.0 like trailing ones

Signed-off-by: Dagfinn Ilmari Mannsåker <ilmari@ilmari.org>
2020-06-25 17:45:35 +01:00
Erik Johnston
0e0a2817a2
Yield during large v2 state res. (#7735)
State res v2 across large data sets can be very CPU intensive, and if
all the relevant events are in the cache the algorithm will run from
start to finish within a single reactor tick. This can result in
blocking the reactor tick for several seconds, which can have major
repercussions on other requests.

To fix this we simply add the occaisonal `sleep(0)` during iterations to
yield execution until the next reactor tick. The aim is to only do this
for large data sets so that we don't impact otherwise quick resolutions.=
2020-06-24 18:48:18 +01:00
Sorunome
6920e58136
add org.matrix.login.jwt so that m.login.jwt can be deprecated (#7675) 2020-06-24 10:23:55 +01:00
Christian Svensson
8bbe87f42d
Set Content-Length for Metrics requests (#7730)
HTTP requires the response to contain a Content-Length header unless chunked encoding is being used.
Prometheus metrics endpoint did not set this, causing software such as prometheus-proxy to not be able to scrape synapse for metrics.

Signed-off-by: Christian Svensson <blue@cmd.nu>
2020-06-23 18:06:01 +01:00
Patrick Cloke
24110255cd
Sync ignored table names in synapse_port_db to current database schema (#7717) 2020-06-23 07:33:25 -04:00
Patrick Cloke
95e41f368b
Allow local media to be marked as safe from being quarantined. (#7718) 2020-06-22 08:04:14 -04:00
Patrick Cloke
e060bf4462
Convert directory handler to async/await (#7727) 2020-06-22 07:18:00 -04:00
Erik Johnston
91e886d615
Speed up state res v2 across large state differences. (#7725) 2020-06-19 13:56:35 +01:00
Jesse Riddle
1b1489ff18
Fixed typo by adding a 'g' to PostgreSQL (#7724) 2020-06-19 07:19:21 -04:00
Richard van der Hoff
7d2824395f add a comment 2020-06-18 10:47:06 +01:00
Brendan Abolivier
e35d44c01d
Merge pull request #7716 from matrix-org/babolivier/unread_fix
Fix unread counts in sync
2020-06-17 15:44:15 +01:00
Patrick Cloke
3630825612
Convert the typing handler to async/await. (#7679) 2020-06-17 10:37:59 -04:00
Oleg Girko
96bc110a68
Require parameterized package version to be at least 0.7.0. (#7680)
Older versions of `parameterized` package have no `parameterized_class` decorator. This decorator is used in tests.

Signed-off-by: Oleg Girko <ol@infoserver.lv>
2020-06-17 15:31:40 +01:00
Brendan Abolivier
5a5cf6460e
Fix unread counts in sync
* Always return an unread_count in get_unread_event_push_actions_by_room_for_user
* Don't always expect unread_count to be there so we don't take out sync entirely if something goes wrong
2020-06-17 15:10:44 +01:00
Patrick Cloke
6418b0379f
Ignore the UI Auth sessions when porting from sqlite to postgresql (#7711) 2020-06-17 10:01:18 -04:00
Erik Johnston
e07a8caf58
Add support for using rust-python-jaeger-reporter (#7697) 2020-06-17 14:13:41 +01:00
Erik Johnston
b44bdd7f7b
Support running multiple media repos. (#7706)
This requires a new config option to specify which media repo should be
responsible for running background jobs to e.g. clear out expired URL
preview caches.
2020-06-17 14:13:30 +01:00
Patrick Cloke
434716e1d3
Fetch from the r0 media path instead of the unspecced v1. (#7714) 2020-06-17 08:36:46 -04:00
lub
890c0c041d
Update postgres in the Docker compose example to 12-alpine. (#7696) 2020-06-17 08:29:08 -04:00
Brendan Abolivier
46613aaf79
Implement unread counter (MSC2625) (#7673)
Implementation of https://github.com/matrix-org/matrix-doc/pull/2625
2020-06-17 10:58:32 +01:00
Richard van der Hoff
e452973fd2
fix broken link in sample config (#7712) 2020-06-16 19:50:16 +01:00
Erik Johnston
f6f7511a4c
Refactor getting replication updates from database. (#7636)
The aim here is to make it easier to reason about when streams are limited and when they're not, by moving the logic into the database functions themselves. This should mean we can kill of `db_query_to_update_function` function.
2020-06-16 17:10:28 +01:00
Patrick Cloke
231252516c
Fix "argument of type 'ObservableDeferred' is not iterable" error (#7708) 2020-06-16 12:01:18 -04:00
hungrymonkey
5c5516f80e
Add instructions for authing with Keycloak via OpenID (#7659) 2020-06-16 11:28:21 -04:00
Patrick Cloke
ac51bd581a
Include a user agent in federation requests. (#7677) 2020-06-16 10:43:29 -04:00
Dagfinn Ilmari Mannsåker
a3f11567d9
Replace all remaining six usage with native Python 3 equivalents (#7704) 2020-06-16 08:51:47 -04:00
Patrick Cloke
98c4e35e3c
Convert the device message and pagination handlers to async/await. (#7678) 2020-06-16 08:06:17 -04:00
Richard van der Hoff
03619324fc
Create a ListenerConfig object (#7681)
This ended up being a bit more invasive than I'd hoped for (not helped by
generic_worker duplicating some of the code from homeserver), but hopefully
it's an improvement.

The idea is that, rather than storing unstructured `dict`s in the config for
the listener configurations, we instead parse it into a structured
`ListenerConfig` object.
2020-06-16 12:44:07 +01:00