Commit Graph

23678 Commits

Author SHA1 Message Date
Erik Johnston
55b0aa847a Fix GHSA-3h7q-rfh9-xm4v
Weakness in auth chain indexing allows DoS from remote room members
through disk fill and high CPU usage.

A remote Matrix user with malicious intent, sharing a room with Synapse
instances before 1.104.1, can dispatch specially crafted events to
exploit a weakness in how the auth chain cover index is calculated. This
can induce high CPU consumption and accumulate excessive data in the
database of such instances, resulting in a denial of service.

Servers in private federations, or those that do not federate, are not
affected.
2024-04-23 15:25:49 +01:00
Olivier Wilkinson (reivilibre)
fbb2573525 1.105.0 2024-04-16 15:53:30 +01:00
Andrew Morgan
db4e321219 1.105.0rc1 2024-04-11 12:16:31 +01:00
Patrick Cloke
657b8cc75c
Stabilize support for MSC4010: push rules & account data. (#17022)
See
[MSC4010](https://github.com/matrix-org/matrix-spec-proposals/pull/4010),
but this is pretty much just removing an experimental flag.

Part of #17021
2024-04-09 17:11:50 +01:00
Patrick Cloke
a2a543fd12
Stabliize support for MSC3981: recurse /relations (#17023)
See
[MSC3981](https://github.com/matrix-org/matrix-spec-proposals/pull/3981),
this pretty much just removes flags though.

Part of #17021
2024-04-09 17:11:08 +01:00
Erik Johnston
89f1092284
Also check if first event matches the last in prev batch (#17066)
Refinement of #17064 

cc @richvdh
2024-04-09 14:01:12 +00:00
Sumiran Pokharel
4ffed6330f
#17039 Issue: Update base_rules.rs (#17043)
Co-authored-by: Olivier Wilkinson (reivilibre) <oliverw@matrix.org>
2024-04-09 14:07:26 +01:00
Mathieu Velten
e363881592
Fix PR #16677, a parameter was missing in a function call (#17033)
Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
2024-04-09 14:06:46 +01:00
Erik Johnston
d40878451c
Add forgotten schema delta (#17054)
This should have been in #17045. Whoops.
2024-04-09 13:03:41 +01:00
dependabot[bot]
892cbd0624
Bump packaging from 23.2 to 24.0 (#17027) 2024-04-09 11:25:32 +01:00
dependabot[bot]
106cfd4b39
Bump serde_json from 1.0.114 to 1.0.115 (#17041) 2024-04-09 11:25:23 +01:00
dependabot[bot]
0a6ae6fe4c
Bump regex from 1.10.3 to 1.10.4 (#17028)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-04-08 17:56:37 +01:00
dependabot[bot]
13a3987929
Bump ruff from 0.3.2 to 0.3.5 (#17060)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-04-08 17:54:18 +01:00
dependabot[bot]
680f60102b
Bump types-pillow from 10.2.0.20240125 to 10.2.0.20240406 (#17061)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-04-08 17:52:43 +01:00
dependabot[bot]
3e51b370c5
Bump typing-extensions from 4.9.0 to 4.11.0 (#17062)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-04-08 17:52:02 +01:00
dependabot[bot]
9b8597e431
Bump types-requests from 2.31.0.20240125 to 2.31.0.20240406 (#17063)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-04-08 17:50:16 +01:00
Erik Johnston
4d10a8fb18
Fixups to #17064 (#17065)
Forget a line, and an empty batch is trivially linear.

c.f. #17064
2024-04-08 14:55:19 +01:00
Erik Johnston
1f8f991d51
Add back fast path for non-gappy syncs (#17064)
PR #16942 removed an invalid optimisation that avoided pulling out state
for non-gappy syncs. This causes a large increase in DB usage. c.f.
#16941 for why that optimisation was wrong.

However, we can still optimise in the simple case where the events in
the timeline are a linear chain without any branching/merging of the
DAG.

cc. @richvdh
2024-04-08 14:25:28 +01:00
Erik Johnston
5360baeb64
Pull out fewer receipts from DB when doing push (#17049)
Before we were pulling out *all* read receipts for a user for every
event we pushed. Instead let's only pull out the relevant receipts.

This also pulled out the event rows for each receipt, causing load on
the events table.
2024-04-05 12:46:34 +01:00
Richard van der Hoff
0e68e9b7f4
Fix bug in calculating state for non-gappy syncs (#16942)
Unfortunately, the optimisation we applied here for non-gappy syncs is
not actually valid.

Fixes https://github.com/element-hq/synapse/issues/16941.

~~Based on https://github.com/element-hq/synapse/pull/16930.~~
Requires https://github.com/matrix-org/sytest/pull/1374.
2024-04-04 16:15:35 +00:00
Richard van der Hoff
230b709d9d
/sync: fix bug in calculating state response (#16930)
Fix a long-standing issue which could cause state to be omitted from the
sync response if the last event was filtered out.

Fixes: https://github.com/element-hq/synapse/issues/16928
2024-04-04 12:14:24 +00:00
Richard van der Hoff
05957ac70f
Fix bug in /sync response for archived rooms (#16932)
This PR fixes a very, very niche edge-case, but I've got some more work
coming which will otherwise make the problem worse.

The bug happens when the syncing user leaves a room, and has a sync
filter which includes "left" rooms, but sets the timeline limit to 0. In
that case, the state returned in the `state` section is calculated
incorrectly.

The fix is to pass a token corresponding to the point that the user
leaves the room through to `compute_state_delta`.
2024-04-04 12:47:59 +01:00
Erik Johnston
31122b71bc
Add missing index to access_tokens table (#17045)
This was causing sequential scans when using refresh tokens.
2024-04-04 11:05:40 +01:00
Erik Johnston
51776745b9 Merge branch 'master' into develop 2024-04-02 18:44:47 +01:00
Erik Johnston
ca27b51665 1.104.0 2024-04-02 17:17:02 +01:00
Erik Johnston
ec174d0470
Refactor chain fetching (#17044)
Since these queries are duplicated in two places.
2024-04-02 15:33:56 +01:00
Erik Johnston
fd48fc4585
Fixups to new push stream (#17038)
Follow on from #17037
2024-03-28 16:29:23 +00:00
Erik Johnston
ea6bfae0fc
Add support for moving /push_rules off of main process (#17037) 2024-03-28 15:44:07 +00:00
Erik Johnston
59ceabcb97 Fixup changelog 2024-03-26 13:45:57 +00:00
Erik Johnston
0581741342 Fixup changelog 2024-03-26 13:44:06 +00:00
Erik Johnston
34878b6bc9 Merge remote-tracking branch 'origin/develop' into release-v1.104 2024-03-26 13:42:09 +00:00
Erik Johnston
c900d18647
Fix OIDC login regression (#17031)
Requests may require a User-Agent header, and the change in #16972
accidentally removed it, resulting in requests getting rejected causing
login to fail.
2024-03-26 13:26:46 +00:00
Erik Johnston
03f0d746c3 1.104.0rc1 2024-03-26 11:49:11 +00:00
Richard van der Hoff
b5322b4daf
Ensure that pending to-device events are sent over federation at startup (#16925)
Fixes https://github.com/element-hq/synapse/issues/16680, as well as a
related bug, where servers which we had *never* successfully sent an
event to would not be retried.

In order to fix the case of pending to-device messages, we hook into the
existing `wake_destinations_needing_catchup` process, by extending it to
look for destinations that have pending to-device messages. The
federation transmission loop then attempts to send the pending to-device
messages as normal.
2024-03-22 13:24:11 +00:00
Mathieu Velten
b7af076ab5
Add OIDC config to add extra parameters to the authorize URL (#16971) 2024-03-22 10:35:11 +00:00
SpiritCroc
9ad49e7ecf
Do not refuse to set read_marker if previous event_id is in wrong room (#16990) 2024-03-21 18:43:07 +00:00
Hanadi
f7a3ebe44d
Fix reject knocks on deactivating account (#17010) 2024-03-21 18:05:54 +00:00
Sam Wedgwood
bef765b262
generate configuration with correct user in start.py for docker (#16978) 2024-03-21 17:55:44 +00:00
dependabot[bot]
6d3ffdd421
Bump dawidd6/action-download-artifact from 3.1.2 to 3.1.4 (#17008) 2024-03-21 17:50:18 +00:00
Mathieu Velten
3ab9e6d524
OIDC: try to JWT decode userinfo response if JSON parsing failed (#16972) 2024-03-21 17:49:44 +00:00
Richard van der Hoff
db95b75515
Patch the db conn pool sooner in tests (#17017)
When running unit tests, we patch the database connection pool so that
it runs queries "synchronously". This is ok, except that if any queries
are launched before we do the patching, those queries get left in limbo
and never complete.

To fix this, let's change the way we do the switcheroo, by patching out
the method which creates the connection pool in the first place.
2024-03-21 17:48:16 +00:00
dependabot[bot]
4c98aad47b
Bump netaddr from 0.9.0 to 1.2.1 (#17006) 2024-03-21 17:36:40 +00:00
Tadeusz Sośnierz
5a59c68b3d
Remove the hardcoded poetry version from contributing guide (#17002) 2024-03-21 17:12:02 +00:00
grahhnt
6cf23febb9
Add note to using --curses under sqlite porting (#17012) 2024-03-21 17:07:21 +00:00
Eirik
159536d525
Update link, in installation guide, for docker hub synapse images (#17001) 2024-03-21 17:05:52 +00:00
dependabot[bot]
70a86f69c2
Bump types-jsonschema from 4.21.0.20240118 to 4.21.0.20240311 (#17007) 2024-03-21 16:53:51 +00:00
Andrew Morgan
21daa56ee1
Prevent start_for_complement.sh from setting START_POSTGRES to false when it's already set (#16985)
I have a use case where I'd like the Synapse image to start up a
postgres instance that I can use, but don't want to force Synapse to use
postgres as well.

This commit prevents postgres from being started when it has already
been explicitly enabled elsewhere.
2024-03-21 13:50:51 +00:00
Shay
cf5adc80e1
Update power level default for public rooms (#16907) 2024-03-19 17:55:31 +00:00
Shay
8fb5b0f335
Improve event validation (#16908)
As the title states.
2024-03-19 17:52:53 +00:00
dependabot[bot]
77b824008c
Bump pydantic from 2.6.0 to 2.6.4 (#17004) 2024-03-19 17:45:56 +00:00