Merge tag 'v1.0.0rc3' into rav/saml2_client

Synapse 1.0.0rc3 (2019-06-10)
=============================

Security: Fix authentication bug introduced in 1.0.0rc1. Please upgrade to rc3 immediately

CHANGES.md

@@ -1,3 +1,9 @@
+Synapse 1.0.0rc3 (2019-06-10)
+=============================
+
+Security: Fix authentication bug introduced in 1.0.0rc1. Please upgrade to rc3 immediately
+
+
 Synapse 1.0.0rc2 (2019-06-10)
 =============================
 

changelog.d/5418.bugfix

@@ -0,0 +1 @@
+Fix bug where attempting to send transactions with large number of EDUs can fail.

synapse/__init__.py

@@ -27,4 +27,4 @@ try:
 except ImportError:
     pass
 
-__version__ = "1.0.0rc2"
+__version__ = "1.0.0rc3"

synapse/handlers/auth.py

@@ -479,6 +479,7 @@ class AuthHandler(BaseHandler):
                 medium,
                 threepid_creds["client_secret"],
                 sid=threepid_creds["sid"],
+                validated=True,
             )
 
             threepid = {

synapse/storage/deviceinbox.py

@@ -138,6 +138,10 @@ class DeviceInboxWorkerStore(SQLBaseStore):
         if not has_changed or last_stream_id == current_stream_id:
             return defer.succeed(([], current_stream_id))
 
+        if limit <= 0:
+            # This can happen if we run out of room for EDUs in the transaction.
+            return defer.succeed(([], last_stream_id))
+
         def get_new_messages_for_remote_destination_txn(txn):
             sql = (
                 "SELECT stream_id, messages_json FROM device_federation_outbox"

synapse/storage/registration.py

@@ -998,7 +998,7 @@ class RegistrationStore(
         client_secret,
         address=None,
         sid=None,
-        validated=None,
+        validated=True,
     ):
         """Gets a session_id and last_send_attempt (if available) for a
         client_secret/medium/(address|session_id) combo