mirror
/
nheko
mirror of https://github.com/Nheko-Reborn/nheko
2
0
Fork 1
Code Issues Releases Wiki Activity

Merge branch 'v0.10.2-fixes'

Browse Source
pull/1022/merge
Nicolas Werner 2 years ago
parent 051c25d5b8 031a129591
commit 2fde381a82
No known key found for this signature in database
GPG Key ID: C8D75E610773F2D9
5 changed files with 45 additions and 21 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 13
      CHANGELOG.md
  2. 2
      CMakeLists.txt
  3. 10
      appveyor.yml
  4. 1
      resources/nheko.appdata.xml.in
  5. 30
      src/encryption/Olm.cpp

13
CHANGELOG.md
Unescape View File

@ -1,5 +1,18 @@
# Changelog
## [0.10.2] -- 2022-09-22
### Security release
- Fixes potential secret poisoning by the homeserver
- A crash when validation malicious html
Thanks to the matrix.org security team for disclosing this issue.
An update is highly recommended. Otherwise you can temporarily protect against
this issue by not verifying your own devices and not pressing the request button
in the setting.
## [0.10.1] -- 2022-09-07
### Highlights

2
CMakeLists.txt
Unescape View File

@ -107,7 +107,7 @@ include(GNUInstallDirs)
set(CPACK_PACKAGE_VERSION_MAJOR "0")
set(CPACK_PACKAGE_VERSION_MINOR "10")
set(CPACK_PACKAGE_VERSION_PATCH "1")
set(CPACK_PACKAGE_VERSION_PATCH "2")
set(PROJECT_VERSION_MAJOR ${CPACK_PACKAGE_VERSION_MAJOR})
set(PROJECT_VERSION_MINOR ${CPACK_PACKAGE_VERSION_MINOR})
set(PROJECT_VERSION_PATCH ${CPACK_PACKAGE_VERSION_PATCH})

10
appveyor.yml
Unescape View File

@ -1,6 +1,6 @@
---
version: 0.10.1-{build}
version: 0.10.2-{build}
configuration: Release
image: Visual Studio 2022
@ -29,8 +29,8 @@ build_script:
# VERSION format: branch-master/branch-1.2
# INSTVERSION format: x.y.z
# WINVERSION format: 9999.0.0.123/1.2.0.234
- if "%APPVEYOR_REPO_TAG%"=="false" set INSTVERSION=0.10.1
- if "%APPVEYOR_REPO_TAG%"=="false" set VERSION=0.10.1
- if "%APPVEYOR_REPO_TAG%"=="false" set INSTVERSION=0.10.2
- if "%APPVEYOR_REPO_TAG%"=="false" set VERSION=0.10.2
- if "%APPVEYOR_REPO_TAG%"=="false" if "%APPVEYOR_REPO_BRANCH%"=="master" set INSTVERSION=9999.0
- if "%APPVEYOR_REPO_TAG%"=="false" set WINVERSION=%INSTVERSION%.0.%APPVEYOR_BUILD_NUMBER%
# VERSION format: v1.2.3/v1.3.4
@ -92,8 +92,8 @@ after_build:
- copy %BUILD%\deploy\installer\gui\package.xml installer\packages\io.github.nhekoreborn.nheko\meta
- copy %BUILD%\deploy\installer\gui\installscript.qs installer\packages\io.github.nhekoreborn.nheko\meta
# Amend version and date
- sed -i "s/__VERSION__/0.10.1/" installer\config\config.xml
- sed -i "s/__VERSION__/0.10.1/" installer\packages\io.github.nhekoreborn.nheko\meta\package.xml
- sed -i "s/__VERSION__/0.10.2/" installer\config\config.xml
- sed -i "s/__VERSION__/0.10.2/" installer\packages\io.github.nhekoreborn.nheko\meta\package.xml
- sed -i "s/__DATE__/%DATE%/" installer\packages\io.github.nhekoreborn.nheko\meta\package.xml
# Copy nheko data
- xcopy NhekoData\*.* installer\packages\io.github.nhekoreborn.nheko\data\*.* /s /e /c /y

1
resources/nheko.appdata.xml.in
Unescape View File

@ -61,6 +61,7 @@
<url type="homepage">https://github.com/Nheko-Reborn/nheko</url>
<update_contact>https://github.com/Nheko-Reborn</update_contact>
<releases>
<release date="2022-09-28" version="0.10.2"/>
<release date="2022-09-07" version="0.10.1"/>
<release date="2022-07-22" version="0.10.0"/>
<release date="2022-03-25" version="0.9.3"/>

30
src/encryption/Olm.cpp
Unescape View File

@ -342,10 +342,13 @@ handle_olm_message(const OlmMessage &msg, const UserKeyCache &otherUserDeviceKey
if (msg.sender != local_user.to_string())
return;
auto secret_name = request_id_to_secret_name.find(e->content.request_id);
auto secret_name_it = request_id_to_secret_name.find(e->content.request_id);
if (secret_name != request_id_to_secret_name.end()) {
nhlog::crypto()->info("Received secret: {}", secret_name->second);
if (secret_name_it != request_id_to_secret_name.end()) {
auto secret_name = secret_name_it->second;
request_id_to_secret_name.erase(secret_name_it);
nhlog::crypto()->info("Received secret: {}", secret_name);
mtx::events::msg::SecretRequest secretRequest{};
secretRequest.action = mtx::events::msg::RequestAction::Cancellation;
@ -358,14 +361,23 @@ handle_olm_message(const OlmMessage &msg, const UserKeyCache &otherUserDeviceKey
return;
auto deviceKeys = cache::userKeys(local_user.to_string());
if (!deviceKeys)
return;
std::string sender_device_id;
if (deviceKeys) {
for (auto &[dev, key] : deviceKeys->device_keys) {
if (key.keys["curve25519:" + dev] == msg.sender_key) {
sender_device_id = dev;
break;
}
}
if (!verificationStatus->verified_devices.count(sender_device_id) ||
!verificationStatus->verified_device_keys.count(msg.sender_key) ||
verificationStatus->verified_device_keys.at(msg.sender_key) !=
crypto::Trust::Verified) {
nhlog::net()->critical(
"Received secret from unverified device {}! Ignoring!", sender_device_id);
return;
}
std::map<mtx::identifiers::User,
@ -380,19 +392,17 @@ handle_olm_message(const OlmMessage &msg, const UserKeyCache &otherUserDeviceKey
http::client()->send_to_device<mtx::events::msg::SecretRequest>(
http::client()->generate_txn_id(),
body,
[name = secret_name->second](mtx::http::RequestErr err) {
[secret_name](mtx::http::RequestErr err) {
if (err) {
nhlog::net()->error("Failed to send request cancellation "
"for secrect "
"'{}'",
name);
secret_name);
}
});
nhlog::crypto()->info("Storing secret {}", secret_name->second);
cache::client()->storeSecret(secret_name->second, e->content.secret);
request_id_to_secret_name.erase(secret_name);
nhlog::crypto()->info("Storing secret {}", secret_name);
cache::client()->storeSecret(secret_name, e->content.secret);
}
} else if (auto sec_req = std::get_if<DeviceEvent<msg::SecretRequest>>(&device_event)) {

Write Preview
Loading…
Cancel
Save