Commit graph

5271 commits

Author SHA1 Message Date
Nicolas Werner
1365e4e266
Try to fix qtjdenticon build in appveyor 2022-10-02 11:40:14 +02:00
Nicolas Werner
a55fc8e43b
Work around MSVC bug with structured bindings in lambdas
Causes error messages like:
error C3493: 'key_id' cannot be implicitly captured because no default capture mode has been specified
2022-10-02 02:06:09 +02:00
Nicolas Werner
b55b5a8321
Fix a few more warnings 2022-10-01 23:57:44 +02:00
Nicolas Werner
09babc91d2
Green is not Svg::green
fixes #1203
2022-10-01 23:57:44 +02:00
Loren Burkholder
2aef39fda8 Update some Esperanto translations 2022-10-01 13:11:05 -04:00
Nicolas Werner
42a23e1859
Reduce windows ci warnings 2022-10-01 19:05:44 +02:00
Nicolas Werner
22a6b8ddb4
Properly qualify fmt function
Otherwise it conflicts with C++20 fmt.
2022-10-01 18:05:49 +02:00
Nicolas Werner
944e369d50
Fix clazy 2022-10-01 16:30:20 +02:00
DeepBlueV7.X
f8724fdea8
Merge pull request #1198 from rnhmjoj/pr-green
Add green theme color, make "error" configurable
2022-10-01 13:45:26 +00:00
Nicolas Werner
b2b2932c98
Fix linting 2022-10-01 15:26:33 +02:00
Nicolas Werner
7ec842ba51
Replace some user visible mentions of spaces 2022-10-01 15:20:38 +02:00
Nicolas Werner
30882d4aa9
Fix wrong file urls 2022-10-01 14:47:42 +02:00
rnhmjoj
f5d5bea840
Add green theme color, make "error" configurable 2022-10-01 10:59:17 +02:00
Nicolas Werner
2a7c6f2d86
Load components on demand 2022-10-01 02:28:02 +02:00
Nicolas Werner
570d7b8b30
Prepare for adding proxy before chat.model 2022-10-01 01:53:12 +02:00
Loren Burkholder
08aa383a62 Remove unnecessary emit 2022-09-30 00:24:43 -04:00
Loren Burkholder
df834ffc48 Various grammar fixes (mostly removing commas) 2022-09-30 00:23:39 -04:00
Loren Burkholder
e78d107558 Add link to repo to show where issues go 2022-09-30 00:04:50 -04:00
Nicolas Werner
78784babd1
Revert accidental animated image change 2022-09-30 04:03:39 +02:00
Nicolas Werner
1ea5449c18
Disable manpage on debian 2022-09-30 03:45:39 +02:00
Nicolas Werner
c34c9f9035
Automatically switch to threading when replying 2022-09-30 03:43:42 +02:00
Nicolas Werner
88cbac1695
Basic threading support 2022-09-30 03:27:05 +02:00
Nicolas Werner
bffa0115d4
Make clazy happy 2022-09-28 17:47:41 +02:00
Nicolas Werner
2fde381a82
Merge branch 'v0.10.2-fixes' 2022-09-28 14:27:54 +02:00
Nicolas Werner
031a129591
Bump version to 0.10.2 2022-09-28 14:11:19 +02:00
Nicolas Werner
67bee15a38
Prevent the homeserver from inserting malicious secrets
Correctly verify that the reply to a secrets request is actually coming
from a verified device. While we did verify that it was us who replied,
we didn't properly cancel storing the secret if the sending device was
one of ours but was maliciously inserted by the homeserver and
unverified. We only send secret requests to verified devices in the
first place, so only the homeserver could abuse this issue.

Additionally we protected against malicious secret poisoning by
verifying that the secret is actually the reply to a request. This means
the server only has 2 places where it can poison the secrets:

- After a verification when we automatically request the secrets
- When the user manually hits the request button

It also needs to prevent other secret answers to reach the client first
since we ignore all replies after that one.

The impact of this might be quite severe. It could allow the server to
replace the cross-signing keys silently and while we might not trust
that key, we possibly could trust it in the future if we rely on the
stored secret. Similarly this could potentially be abused to make the
client trust a malicious online key backup.

If your deployment is not patched yet and you don't control your
homeserver, you can protect against this by simply not doing any
verifications of your own devices and not pressing the request button in
the settings menu.
2022-09-28 13:36:52 +02:00
Joseph Donofry
9010acd909
If and Else blocks were backwards 2022-09-28 12:05:41 +02:00
Joseph Donofry
e6bbe74abf
Make sure there are no spaces in the status string 2022-09-28 12:05:41 +02:00
Joseph Donofry
2a72488a32
Add some additional notarization logging 2022-09-28 12:05:41 +02:00
Joseph Donofry
700978c5ec
Accepted... not Approved 2022-09-28 12:05:41 +02:00
Joseph Donofry
d422e42054
apple's service cares about spaces 2022-09-28 12:05:40 +02:00
Joseph Donofry
975364a901
Update requestUUID source 2022-09-28 12:05:40 +02:00
Joseph Donofry
627f30da69
Use notarytool for notarization instead of altool 2022-09-28 12:05:40 +02:00
Joseph Donofry
64391efc3a
Remove expose_as for codesign job 2022-09-28 12:05:40 +02:00
Joseph Donofry
1f42e17a05
Add macos notarize logs as artifacts 2022-09-28 12:05:40 +02:00
Nicolas Werner
8985c2d1d4
Fix infinite loop that can be triggered by some invalid html 2022-09-28 12:03:04 +02:00
Nicolas Werner
051c25d5b8
Allow editing permissions in spaces recursively 2022-09-28 02:09:04 +02:00
Nicolas Werner
0752f9477e
Fix infinite loop that can be triggered by some invalid html 2022-09-27 22:02:41 +02:00
Joseph Donofry
d103f793bf
If and Else blocks were backwards 2022-09-25 19:16:23 -04:00
Joseph Donofry
d7fffa9f46 Make sure there are no spaces in the status string 2022-09-25 18:08:13 -04:00
Joseph Donofry
e5d0244ef9
Add some additional notarization logging 2022-09-25 18:03:56 -04:00
Nicolas Werner
851333a50d
Switch to clang-format14 2022-09-25 20:05:08 +02:00
Joseph Donofry
951d0f4d23
Accepted... not Approved 2022-09-24 22:46:53 -04:00
Joseph Donofry
7b0ef054d0
apple's service cares about spaces 2022-09-24 22:16:18 -04:00
Joseph Donofry
ae442f3b45
Update requestUUID source 2022-09-24 21:30:27 -04:00
Joseph Donofry
8ac87a5fbe
Use notarytool for notarization instead of altool 2022-09-24 20:57:26 -04:00
Joseph Donofry
cbdcde9572
Remove expose_as for codesign job 2022-09-24 17:46:49 -04:00
Joseph Donofry
3c21e09caf
Add macos notarize logs as artifacts 2022-09-24 17:43:06 -04:00
Nicolas Werner
79ce60382a
Fix crash when deleting room summary
Since this is used across different threads, we have to delete it on the
event loop.

Thank you, q234rty, for the help with debugging this.
2022-09-24 10:36:26 +02:00
Nicolas Werner
ce2d4defde
Try to handle rate limiting 2022-09-23 15:47:25 +02:00