From 8985c2d1d4b297ea9fdc70e79e344bde73356216 Mon Sep 17 00:00:00 2001 From: Nicolas Werner Date: Tue, 27 Sep 2022 21:58:24 +0200 Subject: [PATCH 01/12] Fix infinite loop that can be triggered by some invalid html --- src/Utils.cpp | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/Utils.cpp b/src/Utils.cpp index 0e193c43..d6c701b0 100644 --- a/src/Utils.cpp +++ b/src/Utils.cpp @@ -494,7 +494,11 @@ utils::escapeBlacklistedHtml(const QString &rawStr) attrStart = consumeSpaces(attrEnd); - if (attrStart < attrsEnd) { + if (attrName.isEmpty()) { + buffer.append(QUrl::toPercentEncoding(QString(QByteArray(attrStart, 1)))); + attrStart++; + continue; + } else if (attrStart < attrsEnd) { if (*attrStart == '=') { attrStart = consumeSpaces(attrStart + 1); From 1f42e17a0524d917861027a8acef054e8fbb05af Mon Sep 17 00:00:00 2001 From: Joseph Donofry Date: Sat, 24 Sep 2022 17:43:06 -0400 Subject: [PATCH 02/12] Add macos notarize logs as artifacts --- .ci/macos/notarize.sh | 4 ++-- .gitlab-ci.yml | 1 + 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.ci/macos/notarize.sh b/.ci/macos/notarize.sh index 111610a8..1e1b2049 100755 --- a/.ci/macos/notarize.sh +++ b/.ci/macos/notarize.sh @@ -36,8 +36,8 @@ done codesign --force --timestamp --options=runtime --sign "${APPLE_DEV_IDENTITY}" "build/nheko.app" -NOTARIZE_SUBMIT_LOG=$(mktemp -t notarize-submit) -NOTARIZE_STATUS_LOG=$(mktemp -t notarize-status) +NOTARIZE_SUBMIT_LOG=$(mktemp /tmp/notarize-submit.XXXXXX) +NOTARIZE_STATUS_LOG=$(mktemp /tmp/notarize-status.XXXXXX) finish() { rm "$NOTARIZE_SUBMIT_LOG" "$NOTARIZE_STATUS_LOG" diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 89157309..2daee894 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -96,6 +96,7 @@ build-macos: artifacts: paths: - build/nheko.app + - /tmp/notarize* name: nheko-${CI_COMMIT_SHORT_SHA}-macos-app expose_as: 'macos-app' public: false From 64391efc3af558109a39ca09f4f3d4206ad7af75 Mon Sep 17 00:00:00 2001 From: Joseph Donofry Date: Sat, 24 Sep 2022 17:46:49 -0400 Subject: [PATCH 03/12] Remove expose_as for codesign job --- .gitlab-ci.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 2daee894..7b576a82 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -96,7 +96,6 @@ build-macos: artifacts: paths: - build/nheko.app - - /tmp/notarize* name: nheko-${CI_COMMIT_SHORT_SHA}-macos-app expose_as: 'macos-app' public: false @@ -125,9 +124,8 @@ codesign-macos: artifacts: paths: - artifacts/nheko-${CI_COMMIT_SHORT_SHA}.dmg + - /tmp/notarize* name: nheko-${CI_COMMIT_SHORT_SHA}-macos - expose_as: 'macos-dmg' - build-flatpak-amd64: stage: build From 627f30da690b6f8bc76edf070fdce170c521d2ea Mon Sep 17 00:00:00 2001 From: Joseph Donofry Date: Sat, 24 Sep 2022 20:57:26 -0400 Subject: [PATCH 04/12] Use notarytool for notarization instead of altool --- .ci/macos/notarize.sh | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/.ci/macos/notarize.sh b/.ci/macos/notarize.sh index 1e1b2049..b5dd0db8 100755 --- a/.ci/macos/notarize.sh +++ b/.ci/macos/notarize.sh @@ -27,8 +27,8 @@ security unlock-keychain -p "${RUNNER_USER_PW}" login.keychain ) echo "[INFO] Signing app contents" -find "build/nheko.app/Contents"|while read fname; do - if [[ -f $fname ]]; then +find "build/nheko.app/Contents"|while read -r fname; do + if [ -f "$fname" ]; then echo "[INFO] Signing $fname" codesign --force --timestamp --options=runtime --sign "${APPLE_DEV_IDENTITY}" "$fname" fi @@ -50,24 +50,27 @@ user=$(id -nu) chown "${user}" nheko.dmg echo "--> Start Notarization process" -xcrun altool -t osx -f nheko.dmg --primary-bundle-id "io.github.nheko-reborn.nheko" --notarize-app -u "${APPLE_DEV_USER}" -p "${APPLE_DEV_PASS}" > "$NOTARIZE_SUBMIT_LOG" 2>&1 -requestUUID="$(awk -F ' = ' '/RequestUUID/ {print $2}' "$NOTARIZE_SUBMIT_LOG")" +# OLD altool usage: xcrun altool -t osx -f nheko.dmg --primary-bundle-id "io.github.nheko-reborn.nheko" --notarize-app -u "${APPLE_DEV_USER}" -p "${APPLE_DEV_PASS}" > "$NOTARIZE_SUBMIT_LOG" 2>&1 +xcrun notarytool submit nheko.dmg --apple-id "${APPLE_DEV_USER}" --password "${APPLE_DEV_PASS}" --team-id "${APPLE_TEAM_ID}" > "$NOTARIZE_SUBMIT_LOG" 2>&1 +requestUUID="$(awk -F ' = ' '/RequestUUID/ {print $2}' "$NOTARIZE_SUBMIT_LOG" | head -1)" while sleep 60 && date; do echo "--> Checking notarization status for ${requestUUID}" - xcrun altool --notarization-info "${requestUUID}" -u "${APPLE_DEV_USER}" -p "${APPLE_DEV_PASS}" > "$NOTARIZE_STATUS_LOG" 2>&1 + # OLD altool usage: xcrun altool --notarization-info "${requestUUID}" -u "${APPLE_DEV_USER}" -p "${APPLE_DEV_PASS}" > "$NOTARIZE_STATUS_LOG" 2>&1 + xcrun notarytool info "${requestUUID}" --apple-id "${APPLE_DEV_USER}" --password "${APPLE_DEV_PASS}" --team-id "${APPLE_TEAM_ID}" > "$NOTARIZE_STATUS_LOG" 2>&1 - isSuccess=$(grep "success" "$NOTARIZE_STATUS_LOG") - isFailure=$(grep "invalid" "$NOTARIZE_STATUS_LOG") + sub_status="$(awk -F ':' '/status/ {print $2}' "$NOTARIZE_STATUS_LOG")" + #isSuccess=$(grep "success" "$NOTARIZE_STATUS_LOG") + #isFailure=$(grep "invalid" "$NOTARIZE_STATUS_LOG") - if [ -n "${isSuccess}" ]; then + if [ "${sub_status}" = "Approved" ]; then echo "Notarization done!" xcrun stapler staple -v nheko.dmg echo "Stapler done!" break fi - if [ -n "${isFailure}" ]; then + if [ "${sub_status}" = "Invalid" ] || [ "${sub_status}" = "Rejected" ]; then echo "Notarization failed" cat "$NOTARIZE_STATUS_LOG" 1>&2 exit 1 From 975364a9011702f8815a2003f294e3631b654eca Mon Sep 17 00:00:00 2001 From: Joseph Donofry Date: Sat, 24 Sep 2022 21:30:27 -0400 Subject: [PATCH 05/12] Update requestUUID source --- .ci/macos/notarize.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.ci/macos/notarize.sh b/.ci/macos/notarize.sh index b5dd0db8..0b05a1d0 100755 --- a/.ci/macos/notarize.sh +++ b/.ci/macos/notarize.sh @@ -52,7 +52,8 @@ chown "${user}" nheko.dmg echo "--> Start Notarization process" # OLD altool usage: xcrun altool -t osx -f nheko.dmg --primary-bundle-id "io.github.nheko-reborn.nheko" --notarize-app -u "${APPLE_DEV_USER}" -p "${APPLE_DEV_PASS}" > "$NOTARIZE_SUBMIT_LOG" 2>&1 xcrun notarytool submit nheko.dmg --apple-id "${APPLE_DEV_USER}" --password "${APPLE_DEV_PASS}" --team-id "${APPLE_TEAM_ID}" > "$NOTARIZE_SUBMIT_LOG" 2>&1 -requestUUID="$(awk -F ' = ' '/RequestUUID/ {print $2}' "$NOTARIZE_SUBMIT_LOG" | head -1)" +# OLD altool usage: requestUUID="$(awk -F ' = ' '/RequestUUID/ {print $2}' "$NOTARIZE_SUBMIT_LOG")" +requestUUID="$(awk -F ':' '/id/ {print $2}' "$NOTARIZE_SUBMIT_LOG" | head -1)" while sleep 60 && date; do echo "--> Checking notarization status for ${requestUUID}" From d422e42054ca0a5060e414326bcffbe45d422702 Mon Sep 17 00:00:00 2001 From: Joseph Donofry Date: Sat, 24 Sep 2022 22:16:18 -0400 Subject: [PATCH 06/12] apple's service cares about spaces --- .ci/macos/notarize.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.ci/macos/notarize.sh b/.ci/macos/notarize.sh index 0b05a1d0..ed398ee3 100755 --- a/.ci/macos/notarize.sh +++ b/.ci/macos/notarize.sh @@ -53,7 +53,7 @@ echo "--> Start Notarization process" # OLD altool usage: xcrun altool -t osx -f nheko.dmg --primary-bundle-id "io.github.nheko-reborn.nheko" --notarize-app -u "${APPLE_DEV_USER}" -p "${APPLE_DEV_PASS}" > "$NOTARIZE_SUBMIT_LOG" 2>&1 xcrun notarytool submit nheko.dmg --apple-id "${APPLE_DEV_USER}" --password "${APPLE_DEV_PASS}" --team-id "${APPLE_TEAM_ID}" > "$NOTARIZE_SUBMIT_LOG" 2>&1 # OLD altool usage: requestUUID="$(awk -F ' = ' '/RequestUUID/ {print $2}' "$NOTARIZE_SUBMIT_LOG")" -requestUUID="$(awk -F ':' '/id/ {print $2}' "$NOTARIZE_SUBMIT_LOG" | head -1)" +requestUUID="$(awk -F ': ' '/id/ {print $2}' "$NOTARIZE_SUBMIT_LOG" | head -1)" while sleep 60 && date; do echo "--> Checking notarization status for ${requestUUID}" From 700978c5ecae964bd39e65bf38b14c1eecff038e Mon Sep 17 00:00:00 2001 From: Joseph Donofry Date: Sat, 24 Sep 2022 22:46:53 -0400 Subject: [PATCH 07/12] Accepted... not Approved --- .ci/macos/notarize.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.ci/macos/notarize.sh b/.ci/macos/notarize.sh index ed398ee3..0b327ac6 100755 --- a/.ci/macos/notarize.sh +++ b/.ci/macos/notarize.sh @@ -65,7 +65,7 @@ while sleep 60 && date; do #isSuccess=$(grep "success" "$NOTARIZE_STATUS_LOG") #isFailure=$(grep "invalid" "$NOTARIZE_STATUS_LOG") - if [ "${sub_status}" = "Approved" ]; then + if [ "${sub_status}" = "Accepted" ]; then echo "Notarization done!" xcrun stapler staple -v nheko.dmg echo "Stapler done!" From 2a72488a3229cf7303adb7b790b6f24fcc2986af Mon Sep 17 00:00:00 2001 From: Joseph Donofry Date: Sun, 25 Sep 2022 18:03:56 -0400 Subject: [PATCH 08/12] Add some additional notarization logging --- .ci/macos/notarize.sh | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/.ci/macos/notarize.sh b/.ci/macos/notarize.sh index 0b327ac6..d3041250 100755 --- a/.ci/macos/notarize.sh +++ b/.ci/macos/notarize.sh @@ -55,6 +55,13 @@ xcrun notarytool submit nheko.dmg --apple-id "${APPLE_DEV_USER}" --password "${A # OLD altool usage: requestUUID="$(awk -F ' = ' '/RequestUUID/ {print $2}' "$NOTARIZE_SUBMIT_LOG")" requestUUID="$(awk -F ': ' '/id/ {print $2}' "$NOTARIZE_SUBMIT_LOG" | head -1)" +if [ -z "${requestUUID}" ]; then + echo "Received requestUUID: ${requestUUID}" +else + echo "Something went wrong when submitting the request... we don't have a UUID" + exit 1 +fi + while sleep 60 && date; do echo "--> Checking notarization status for ${requestUUID}" @@ -65,6 +72,8 @@ while sleep 60 && date; do #isSuccess=$(grep "success" "$NOTARIZE_STATUS_LOG") #isFailure=$(grep "invalid" "$NOTARIZE_STATUS_LOG") + echo "Status for submission ${requestUUID}: ${sub_status}" + if [ "${sub_status}" = "Accepted" ]; then echo "Notarization done!" xcrun stapler staple -v nheko.dmg From e6bbe74abfb73003495da68e847e6af8397c5ae9 Mon Sep 17 00:00:00 2001 From: Joseph Donofry Date: Sun, 25 Sep 2022 18:08:13 -0400 Subject: [PATCH 09/12] Make sure there are no spaces in the status string --- .ci/macos/notarize.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.ci/macos/notarize.sh b/.ci/macos/notarize.sh index d3041250..0090da9b 100755 --- a/.ci/macos/notarize.sh +++ b/.ci/macos/notarize.sh @@ -56,23 +56,23 @@ xcrun notarytool submit nheko.dmg --apple-id "${APPLE_DEV_USER}" --password "${A requestUUID="$(awk -F ': ' '/id/ {print $2}' "$NOTARIZE_SUBMIT_LOG" | head -1)" if [ -z "${requestUUID}" ]; then - echo "Received requestUUID: ${requestUUID}" + echo "Received requestUUID: \"${requestUUID}\"" else echo "Something went wrong when submitting the request... we don't have a UUID" exit 1 fi while sleep 60 && date; do - echo "--> Checking notarization status for ${requestUUID}" + echo "--> Checking notarization status for \"${requestUUID}\"" # OLD altool usage: xcrun altool --notarization-info "${requestUUID}" -u "${APPLE_DEV_USER}" -p "${APPLE_DEV_PASS}" > "$NOTARIZE_STATUS_LOG" 2>&1 xcrun notarytool info "${requestUUID}" --apple-id "${APPLE_DEV_USER}" --password "${APPLE_DEV_PASS}" --team-id "${APPLE_TEAM_ID}" > "$NOTARIZE_STATUS_LOG" 2>&1 - sub_status="$(awk -F ':' '/status/ {print $2}' "$NOTARIZE_STATUS_LOG")" + sub_status="$(awk -F ': ' '/status/ {print $2}' "$NOTARIZE_STATUS_LOG")" #isSuccess=$(grep "success" "$NOTARIZE_STATUS_LOG") #isFailure=$(grep "invalid" "$NOTARIZE_STATUS_LOG") - echo "Status for submission ${requestUUID}: ${sub_status}" + echo "Status for submission \"${requestUUID}\": \"${sub_status}\"" if [ "${sub_status}" = "Accepted" ]; then echo "Notarization done!" From 9010acd909e9b17910700640c21e228897a00b15 Mon Sep 17 00:00:00 2001 From: Joseph Donofry Date: Sun, 25 Sep 2022 19:16:23 -0400 Subject: [PATCH 10/12] If and Else blocks were backwards --- .ci/macos/notarize.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.ci/macos/notarize.sh b/.ci/macos/notarize.sh index 0090da9b..af62a6d2 100755 --- a/.ci/macos/notarize.sh +++ b/.ci/macos/notarize.sh @@ -56,10 +56,10 @@ xcrun notarytool submit nheko.dmg --apple-id "${APPLE_DEV_USER}" --password "${A requestUUID="$(awk -F ': ' '/id/ {print $2}' "$NOTARIZE_SUBMIT_LOG" | head -1)" if [ -z "${requestUUID}" ]; then - echo "Received requestUUID: \"${requestUUID}\"" -else echo "Something went wrong when submitting the request... we don't have a UUID" exit 1 +else + echo "Received requestUUID: \"${requestUUID}\"" fi while sleep 60 && date; do From 67bee15a389f9b8a9f6c3a340558d1e2319e7199 Mon Sep 17 00:00:00 2001 From: Nicolas Werner Date: Wed, 28 Sep 2022 13:36:52 +0200 Subject: [PATCH 11/12] Prevent the homeserver from inserting malicious secrets Correctly verify that the reply to a secrets request is actually coming from a verified device. While we did verify that it was us who replied, we didn't properly cancel storing the secret if the sending device was one of ours but was maliciously inserted by the homeserver and unverified. We only send secret requests to verified devices in the first place, so only the homeserver could abuse this issue. Additionally we protected against malicious secret poisoning by verifying that the secret is actually the reply to a request. This means the server only has 2 places where it can poison the secrets: - After a verification when we automatically request the secrets - When the user manually hits the request button It also needs to prevent other secret answers to reach the client first since we ignore all replies after that one. The impact of this might be quite severe. It could allow the server to replace the cross-signing keys silently and while we might not trust that key, we possibly could trust it in the future if we rely on the stored secret. Similarly this could potentially be abused to make the client trust a malicious online key backup. If your deployment is not patched yet and you don't control your homeserver, you can protect against this by simply not doing any verifications of your own devices and not pressing the request button in the settings menu. --- src/encryption/Olm.cpp | 40 +++++++++++++++++++++++++--------------- 1 file changed, 25 insertions(+), 15 deletions(-) diff --git a/src/encryption/Olm.cpp b/src/encryption/Olm.cpp index b53d1ce4..6ab55b32 100644 --- a/src/encryption/Olm.cpp +++ b/src/encryption/Olm.cpp @@ -342,10 +342,13 @@ handle_olm_message(const OlmMessage &msg, const UserKeyCache &otherUserDeviceKey if (msg.sender != local_user.to_string()) return; - auto secret_name = request_id_to_secret_name.find(e->content.request_id); + auto secret_name_it = request_id_to_secret_name.find(e->content.request_id); - if (secret_name != request_id_to_secret_name.end()) { - nhlog::crypto()->info("Received secret: {}", secret_name->second); + if (secret_name_it != request_id_to_secret_name.end()) { + auto secret_name = secret_name_it->second; + request_id_to_secret_name.erase(secret_name_it); + + nhlog::crypto()->info("Received secret: {}", secret_name); mtx::events::msg::SecretRequest secretRequest{}; secretRequest.action = mtx::events::msg::RequestAction::Cancellation; @@ -358,15 +361,24 @@ handle_olm_message(const OlmMessage &msg, const UserKeyCache &otherUserDeviceKey return; auto deviceKeys = cache::userKeys(local_user.to_string()); + if (!deviceKeys) + return; + std::string sender_device_id; - if (deviceKeys) { - for (auto &[dev, key] : deviceKeys->device_keys) { - if (key.keys["curve25519:" + dev] == msg.sender_key) { - sender_device_id = dev; - break; - } + for (auto &[dev, key] : deviceKeys->device_keys) { + if (key.keys["curve25519:" + dev] == msg.sender_key) { + sender_device_id = dev; + break; } } + if (!verificationStatus->verified_devices.count(sender_device_id) || + !verificationStatus->verified_device_keys.count(msg.sender_key) || + verificationStatus->verified_device_keys.at(msg.sender_key) != + crypto::Trust::Verified) { + nhlog::net()->critical( + "Received secret from unverified device {}! Ignoring!", sender_device_id); + return; + } std::map> @@ -380,19 +392,17 @@ handle_olm_message(const OlmMessage &msg, const UserKeyCache &otherUserDeviceKey http::client()->send_to_device( http::client()->generate_txn_id(), body, - [name = secret_name->second](mtx::http::RequestErr err) { + [secret_name](mtx::http::RequestErr err) { if (err) { nhlog::net()->error("Failed to send request cancellation " "for secrect " "'{}'", - name); + secret_name); } }); - nhlog::crypto()->info("Storing secret {}", secret_name->second); - cache::client()->storeSecret(secret_name->second, e->content.secret); - - request_id_to_secret_name.erase(secret_name); + nhlog::crypto()->info("Storing secret {}", secret_name); + cache::client()->storeSecret(secret_name, e->content.secret); } } else if (auto sec_req = std::get_if>(&device_event)) { From 031a129591d79266055c7bebb9751f893766d4ea Mon Sep 17 00:00:00 2001 From: Nicolas Werner Date: Wed, 28 Sep 2022 14:11:19 +0200 Subject: [PATCH 12/12] Bump version to 0.10.2 --- CHANGELOG.md | 13 +++++++++++++ CMakeLists.txt | 2 +- appveyor.yml | 10 +++++----- io.github.NhekoReborn.Nheko.yaml | 30 ------------------------------ resources/nheko.appdata.xml.in | 1 + 5 files changed, 20 insertions(+), 36 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 928ea944..7af2ceb2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,18 @@ # Changelog +## [0.10.2] -- 2022-09-22 + +### Security release + +- Fixes potential secret poisoning by the homeserver +- A crash when validation malicious html + +Thanks to the matrix.org security team for disclosing this issue. + +An update is highly recommended. Otherwise you can temporarily protect against +this issue by not verifying your own devices and not pressing the request button +in the setting. + ## [0.10.1] -- 2022-09-07 ### Highlights diff --git a/CMakeLists.txt b/CMakeLists.txt index da5f29ae..d8088376 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -108,7 +108,7 @@ include(GNUInstallDirs) set(CPACK_PACKAGE_VERSION_MAJOR "0") set(CPACK_PACKAGE_VERSION_MINOR "10") -set(CPACK_PACKAGE_VERSION_PATCH "1") +set(CPACK_PACKAGE_VERSION_PATCH "2") set(PROJECT_VERSION_MAJOR ${CPACK_PACKAGE_VERSION_MAJOR}) set(PROJECT_VERSION_MINOR ${CPACK_PACKAGE_VERSION_MINOR}) set(PROJECT_VERSION_PATCH ${CPACK_PACKAGE_VERSION_PATCH}) diff --git a/appveyor.yml b/appveyor.yml index f0930d19..0db56109 100644 --- a/appveyor.yml +++ b/appveyor.yml @@ -1,6 +1,6 @@ --- -version: 0.10.1-{build} +version: 0.10.2-{build} configuration: Release image: Visual Studio 2019 @@ -31,8 +31,8 @@ build_script: # VERSION format: branch-master/branch-1.2 # INSTVERSION format: x.y.z # WINVERSION format: 9999.0.0.123/1.2.0.234 - - if "%APPVEYOR_REPO_TAG%"=="false" set INSTVERSION=0.10.1 - - if "%APPVEYOR_REPO_TAG%"=="false" set VERSION=0.10.1 + - if "%APPVEYOR_REPO_TAG%"=="false" set INSTVERSION=0.10.2 + - if "%APPVEYOR_REPO_TAG%"=="false" set VERSION=0.10.2 - if "%APPVEYOR_REPO_TAG%"=="false" if "%APPVEYOR_REPO_BRANCH%"=="master" set INSTVERSION=9999.0 - if "%APPVEYOR_REPO_TAG%"=="false" set WINVERSION=%INSTVERSION%.0.%APPVEYOR_BUILD_NUMBER% # VERSION format: v1.2.3/v1.3.4 @@ -94,8 +94,8 @@ after_build: - copy %BUILD%\deploy\installer\gui\package.xml installer\packages\io.github.nhekoreborn.nheko\meta - copy %BUILD%\deploy\installer\gui\installscript.qs installer\packages\io.github.nhekoreborn.nheko\meta # Amend version and date - - sed -i "s/__VERSION__/0.10.1/" installer\config\config.xml - - sed -i "s/__VERSION__/0.10.1/" installer\packages\io.github.nhekoreborn.nheko\meta\package.xml + - sed -i "s/__VERSION__/0.10.2/" installer\config\config.xml + - sed -i "s/__VERSION__/0.10.2/" installer\packages\io.github.nhekoreborn.nheko\meta\package.xml - sed -i "s/__DATE__/%DATE%/" installer\packages\io.github.nhekoreborn.nheko\meta\package.xml # Copy nheko data - xcopy NhekoData\*.* installer\packages\io.github.nhekoreborn.nheko\data\*.* /s /e /c /y diff --git a/io.github.NhekoReborn.Nheko.yaml b/io.github.NhekoReborn.Nheko.yaml index e7684652..b5aea92e 100644 --- a/io.github.NhekoReborn.Nheko.yaml +++ b/io.github.NhekoReborn.Nheko.yaml @@ -23,17 +23,11 @@ cleanup: - /bin/mdb* - '*.a' - /libexec - - /lib/girepository-1.0/ - - /lib/gst-validate-launcher/ - - /lib/gstreamer-1.0/include/ - - /lib/gstreamer-1.0/validate/ - /lib/cmake/ - - /bin/gst-* - /bin/cmark - /bin/event_rpcgen.py - /bin/playout - /bin/secret-tool - - /share/gir-1.0 modules: - name: lmdb sources: @@ -151,30 +145,6 @@ modules: - sha256: 1155fd1a83049767360e9a120c43c578145db3204d2b309eba49fbbedd0f4ed3 type: archive url: https://github.com/nlohmann/json/archive/v3.10.4.tar.gz - - buildsystem: meson - name: gstreamer - sources: - - commit: ccf22e315cedf81e0075ab179ffb1b733da5206e - tag: 1.20.3 - type: git - url: https://gitlab.freedesktop.org/gstreamer/gstreamer.git - config-opts: - - -Dcompositor=enabled - - -Dgl=enabled - - -Dgood=enabled - - -Dgst-plugins-good:pulse=enabled - - -Dgst-plugins-good:qt5=enabled - - -Dgst-plugins-good:rtp=enabled - - -Dgst-plugins-good:rtpmanager=enabled - - -Dgst-plugins-good:vpx=enabled - - -Dbad=enabled - - -Dgst-plugins-bad:dtls=enabled - - -Dgst-plugins-bad:gl=enabled - - -Dgst-plugins-bad:openh264=enabled - - -Dgst-plugins-bad:opus=enabled - - -Dgst-plugins-bad:srtp=enabled - - -Dgst-plugins-bad:webrtc=enabled - - -Dgst-plugins-bad:flite=disabled - buildsystem: qmake name: qt-jdenticon no-make-install: true diff --git a/resources/nheko.appdata.xml.in b/resources/nheko.appdata.xml.in index 5d6a87fb..58372b72 100644 --- a/resources/nheko.appdata.xml.in +++ b/resources/nheko.appdata.xml.in @@ -61,6 +61,7 @@ https://github.com/Nheko-Reborn/nheko https://github.com/Nheko-Reborn +