Commit graph

14692 commits

Author SHA1 Message Date
Amber H. Brown
8d9a56e0a6 Merge branch 'shhs' of ssh://github.com/matrix-org/synapse into shhs 2019-07-26 21:35:42 +10:00
Amber Brown
4a5fb548b6 Synapse 1.2.1 (2019-07-26)
==========================
 
 Security update
 ---------------
 
 This release includes *four* security fixes:
 
 - Prevent an attack where a federated server could send redactions for arbitrary events in v1 and v2 rooms. ([\#5767](https://github.com/matrix-org/synapse/issues/5767))
 - Prevent a denial-of-service attack where cycles of redaction events would make Synapse spin infinitely. Thanks to `@lrizika:matrix.org` for identifying and responsibly disclosing this issue. ([0f2ecb961](https://github.com/matrix-org/synapse/commit/0f2ecb961))
 - Prevent an attack where users could be joined or parted from public rooms without their consent. Thanks to @Dylanger for identifying and responsibly disclosing this issue. ([\#5744](https://github.com/matrix-org/synapse/issues/5744))
 - Fix a vulnerability where a federated server could spoof read-receipts from
   users on other servers. Thanks to @Dylanger for identifying this issue too. ([\#5743](https://github.com/matrix-org/synapse/issues/5743))
 
 Additionally, the following fix was in Synapse **1.2.0**, but was not correctly
 identified during the original release:
 
 - It was possible for a room moderator to send a redaction for an `m.room.create` event, which would downgrade the room to version 1. Thanks to `/dev/ponies` for identifying and responsibly disclosing this issue! ([\#5701](https://github.com/matrix-org/synapse/issues/5701))
 -----BEGIN PGP SIGNATURE-----
 
 iQEzBAABCAAdFiEEv27Axt/F4vrTL/8QOSor00I9eP8FAl063MwACgkQOSor00I9
 eP//tQgAhktuhIWwt2w/kvlBm1kCWMC0crl4i0zxdBwcWU71su++e3xarBEOsi3j
 Sz71tigzK/16n2wAXzEMTtr67WH8SC1f/JM78TUO65WdV0On9Il0ezIVB1I+OgG8
 yzgPx05wwFm51MoTpKJNCFKrFHsrBWvwASRbwc3sv900KpJUVVUmZ2cZBQIxry6/
 tIIxGK6OBSZKpBiBfSDozRtK4eIC79rBCHQEnfwd+RVrMLNy2Wn3RxyOYtznkYuZ
 wC+/VRUf6DNyNSwhCRAuIRrasRIbzFcJMjYecNFOABo2j5YqpvkRqX4YxWrfMCus
 wS+b4ou+tAVp8PJBdzuaiGbHPgHFXw==
 =CLSx
 -----END PGP SIGNATURE-----

Merge tag 'v1.2.1' into shhs

Synapse 1.2.1 (2019-07-26)
==========================

Security update
---------------

This release includes *four* security fixes:

- Prevent an attack where a federated server could send redactions for arbitrary events in v1 and v2 rooms. ([\#5767](https://github.com/matrix-org/synapse/issues/5767))
- Prevent a denial-of-service attack where cycles of redaction events would make Synapse spin infinitely. Thanks to `@lrizika:matrix.org` for identifying and responsibly disclosing this issue. ([0f2ecb961](https://github.com/matrix-org/synapse/commit/0f2ecb961))
- Prevent an attack where users could be joined or parted from public rooms without their consent. Thanks to @Dylanger for identifying and responsibly disclosing this issue. ([\#5744](https://github.com/matrix-org/synapse/issues/5744))
- Fix a vulnerability where a federated server could spoof read-receipts from
  users on other servers. Thanks to @Dylanger for identifying this issue too. ([\#5743](https://github.com/matrix-org/synapse/issues/5743))

Additionally, the following fix was in Synapse **1.2.0**, but was not correctly
identified during the original release:

- It was possible for a room moderator to send a redaction for an `m.room.create` event, which would downgrade the room to version 1. Thanks to `/dev/ponies` for identifying and responsibly disclosing this issue! ([\#5701](https://github.com/matrix-org/synapse/issues/5701))
2019-07-26 20:59:41 +10:00
Richard van der Hoff
992333b995 correct attributions in changelog 2019-07-26 11:45:06 +01:00
Richard van der Hoff
8b16696b24 correct attributions in changelog 2019-07-26 11:36:28 +01:00
Richard van der Hoff
dde6ea7ff6 1.2.1 2019-07-26 11:33:16 +01:00
Amber Brown
95a0386579 don't have a circleci config 2019-07-26 20:27:31 +10:00
Richard van der Hoff
a0ee2ec458 Merge branch 'erikj/log_leave_origin_mismatch' into release-v1.2.1 2019-07-26 10:09:36 +01:00
Richard van der Hoff
d1020653fc Log when we receive a /make_* request from a different origin 2019-07-26 10:08:22 +01:00
Erik Johnston
1f8bae7724 Log when we receive receipt from a different origin 2019-07-26 07:55:25 +01:00
Richard van der Hoff
0f2ecb961e Fix DoS when there is a cycle in redaction events
Make sure that synapse doesn't explode when a redaction redacts itself, or
there is a larger cycle.
2019-07-26 06:36:48 +00:00
Richard van der Hoff
70e18cee00 Merge branch 'rav/redactions/cross_room_id' into release-v1.2.1 2019-07-25 18:46:44 +01:00
Richard van der Hoff
b1605cdd23 log when a redaction attempts to redact an event in a different room 2019-07-25 18:26:20 +01:00
Amber H. Brown
b50d8a9dc1 fix merging forward 2019-07-26 02:26:23 +10:00
Amber H. Brown
3edf6e987e fix this 2019-07-26 02:07:05 +10:00
Amber H. Brown
f61cdc14e7 No changes since v1.2.0rc2.
-----BEGIN PGP SIGNATURE-----
 
 iQJHBAABCgAxFiEEgQG31Z317NrSMt0QiISIDS7+X/QFAl05rSATHGFuZHJld0Bh
 bW9yZ2FuLnh5egAKCRCIhIgNLv5f9D36D/9n2clmrMWaVTtRz7SO5F2rY+JuA61l
 kb3Xq1SlYk2WRWD7/K4RnGbYixjAvCWNsIVs9NYhqG3cyQ+Gb0+X4zO6XzvZ5Th0
 h2bqMyNMBvRhy75rFrygS21iSvUjst+e4nrr1XPnGblXPnXgUE/WjJ05m8xTjn/a
 rMUjQbWllpcMEmqPEEFwo84bBMs77evHWIb9k9jEBT6LUfp1BPodXmLdtIEF22ug
 iewx6pBcwtv5vVpWxi9BiUsio0HJjRsTQOFVR9E9fT0rQEZcH1DJjxqk1Z9kJEDd
 krtj/RV2frtteUmxoMcSO2hdUlfm2/0Qi0vgdFwUDT410wweWLG/NYrHrJ3Tlyyz
 luD0PGPiB8BAanytmUEbzTd0yAACV2uBeheCk4zR04gdQ8zkzQyeSn5JUhj5ba8+
 LGi7eZJhnXJEPeZDqioy8y5CdWh3PlJo2rgICH9se6yD0GYFc693j2+yMgygunnB
 ZkuC2Q5lozbOsPoeL/cW80RrFOy2H8V5nU/VTSwAgjP+xIkm9Yk9qVHVusGINsdv
 Df5NWhN8wOIyah4w45+2kbt4GH92fPxf9D+0EZ1wm3K0AmvzIbK94jdXw5oBB24R
 EkkK/8oTAM/ErbnP+sBxeDjVJJGTXsRYL7qC9HeXVtaDDNmqjp1Lw7seuk0dZgap
 S1U6onGrH92xdg==
 =Ej8S
 -----END PGP SIGNATURE-----

Merge tag 'v1.2.0' into shhs

No changes since v1.2.0rc2.
2019-07-26 01:48:50 +10:00
Amber H. Brown
43cf23475f dockerfile update 2019-07-26 01:48:20 +10:00
Andrew Morgan
c0a1301ccd 1.2.0 2019-07-25 14:10:32 +01:00
Andrew Morgan
2d573e2e2b 1.2.0rc2 2019-07-24 13:43:40 +01:00
Jorik Schellekens
cf2972c818
Fix servlet metric names (#5734)
* Fix servlet metric names

Co-Authored-By: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>

* Remove redundant check

* Cover all return paths
2019-07-24 13:07:35 +01:00
Andrew Morgan
8b0d5b171e Make changelog slightly more readable 2019-07-22 13:15:35 +01:00
Andrew Morgan
54437c48ca 1.2.0rc1 2019-07-22 12:59:04 +01:00
Jorik Schellekens
826e6ec3bd
Opentracing Documentation (#5703)
* Opentracing survival guide

* Update decorator names in doc

* Doc cleanup

These are all alterations as a result of comments in #5703, it
includes mostly typos and clarifications. The most interesting
changes are:

- Split developer and user docs into two sections
- Add a high level description of OpenTracing

* newsfile

* Move contributer specific info to docstring.

* Sample config.

* Trailing whitespace.

* Update 5703.misc

* Apply suggestions from code review

Mostly just rewording parts of the docs for clarity.

Co-Authored-By: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
2019-07-22 11:15:21 +01:00
Neil Johnson
a3e40bd5b4 towncrier 2019-07-18 16:02:09 +01:00
Neil Johnson
cfc00068bd enable aggregations support by default 2019-07-18 15:56:59 +01:00
Richard van der Hoff
82345bc09a
Clean up opentracing configuration options (#5712)
Clean up config settings and dead code.

This is mostly about cleaning up the config format, to bring it into line with our conventions. In particular:
 * There should be a blank line after `## Section ##' headings
 * There should be a blank line between each config setting
 * There should be a `#`-only line between a comment and the setting it describes
 * We don't really do the `#  #` style commenting-out of whole sections if we can help it
 * rename `tracer_enabled` to `enabled`

While we're here, do more config parsing upfront, which makes it easier to use
later on.

Also removes redundant code from LogContextScopeManager.

Also changes the changelog fragment to a `feature` - it's exciting!
2019-07-18 15:06:54 +01:00
Amber Brown
7ad1d76356
Support Prometheus_client 0.4.0+ (#5636) 2019-07-18 23:57:15 +10:00
Andrew Morgan
b2a382efdb
Remove the ability to query relations when the original event was redacted. (#5629)
Fixes #5594

Forbid viewing relations on an event once it has been redacted.
2019-07-18 14:41:42 +01:00
Amber H. Brown
b7962f5bfd add a wait 2019-07-18 23:23:12 +10:00
Richard van der Hoff
fa8271c5ac
Convert synapse.federation.transport.server to async (#5689)
* Convert BaseFederationServlet._wrap to async

Empirically, this fixes some lost stacktraces. It should be safe because the
wrapped function is called from JsonResource._async_render, which is already
async.

* Convert the rest of synapse.federation.transport.server to async

We may as well do the whole file while we're here.

* changelog

* flake8
2019-07-18 11:46:47 +01:00
Richard van der Hoff
9c70a02a9c
Ignore redactions of m.room.create events (#5701) 2019-07-17 19:08:02 +01:00
Richard van der Hoff
1def298119
Improve Depends specs in debian package. (#5675)
This is basically a contrived way of adding a `Recommends` on `libpq5`, to fix #5653.

The way this is supposed to happen in debhelper is to run
`dh_shlibdeps`, which in turn runs `dpkg-shlibdeps`, which spits things out
into `debian/<package>.substvars` whence they can later be included by
`control`.

Previously, we had disabled `dh_shlibdeps`, mostly because `dpkg-shlibdeps`
gets confused about PIL's interdependent objects, but that's not really the
right thing to do and there is another way to work around that.

Since we don't always use postgres, we don't necessarily want a hard Depends on
libpq5, so I've actually ended up adding an explicit invocation of
`dpkg-shlibdeps` for `psycopg2`.

I've also updated the build-depends list for the package, which was missing a
couple of entries.
2019-07-17 17:47:07 +01:00
Richard van der Hoff
2091c91fde
More refactoring in get_events_as_list (#5707)
We can now use `_get_events_from_cache_or_db` rather than going right back to
the database, which means that (a) we can benefit from caching, and (b) it
opens the way forward to more extensive checks on the original event.

We now always require the original event to exist before we will serve up a
redaction.
2019-07-17 17:34:13 +01:00
Richard van der Hoff
375162b3c3
Fix redaction authentication (#5700)
Ensures that redactions are correctly authenticated for recent room versions.

There are a few things going on here:

 * `_fetch_event_rows` is updated to return a dict rather than a list of rows.

 * Rather than returning multiple copies of an event which was redacted
   multiple times, it returns the redactions as a list within the dict.

 * It also returns the actual rejection reason, rather than merely the fact
   that it was rejected, so that we don't have to query the table again in
   `_get_event_from_row`.

 * The redaction handling is factored out of `_get_event_from_row`, and now
   checks if any of the redactions are valid.
2019-07-17 16:52:02 +01:00
Richard van der Hoff
65c5592b8e
Refactor get_events_as_list (#5699)
A couple of changes here:

* get rid of a redundant `allow_rejected` condition - we should already have filtered out any rejected
  events before we get to that point in the code, and the redundancy is confusing. Instead, let's stick in
  an assertion just to make double-sure we aren't leaking rejected events by mistake.

* factor out a `_get_events_from_cache_or_db` method, which is going to be important for a 
  forthcoming fix to redactions.
2019-07-17 16:49:19 +01:00
Amber H. Brown
9bbf2d23c4 fix 2019-07-17 04:46:20 +10:00
Amber H. Brown
5daee2eb4a fix 2019-07-17 04:41:00 +10:00
Amber H. Brown
14c8b036ea fix 2019-07-17 04:36:27 +10:00
Amber H. Brown
7fcd6c1df9 fix 2019-07-17 04:32:50 +10:00
Amber H. Brown
c43c1adb0c fix 2019-07-17 04:28:11 +10:00
Amber H. Brown
a025abebe8 try now 2019-07-17 04:02:15 +10:00
Amber H. Brown
c1777f51a9 try now 2019-07-17 04:00:34 +10:00
Amber H. Brown
646292cfb1 see if we can do a build! 2019-07-17 03:58:34 +10:00
Erik Johnston
c831c5b2bb
Merge pull request #5597 from matrix-org/erikj/admin_api_cmd
Create basic admin command app
2019-07-16 15:59:36 +01:00
Erik Johnston
5ed7853bb0 Remove pointless description 2019-07-16 11:45:57 +01:00
Erik Johnston
f44354e17f Clean up arg name and remove lying comment 2019-07-16 11:39:40 +01:00
Erik Johnston
d0d479c1af
Fix typo in synapse/app/admin_cmd.py
Co-Authored-By: Aaron Raimist <aaron@raim.ist>
2019-07-16 09:52:56 +01:00
Erik Johnston
03cc8c4b5d Fix invoking add_argument from homeserver.py 2019-07-15 14:25:05 +01:00
Erik Johnston
eca4f5ac73 s/exfiltrate_user_data/export_user_data/ 2019-07-15 14:17:28 +01:00
Erik Johnston
1b2067f53d Add FileExfiltrationWriter 2019-07-15 14:15:22 +01:00
Erik Johnston
e8c53b07f2 Merge branch 'develop' of github.com:matrix-org/synapse into erikj/admin_api_cmd 2019-07-15 14:13:22 +01:00