d3v1l/matrixion
1
0
Fork 0
mirror of https://github.com/Nheko-Reborn/nheko.git synced 2024-11-25 12:38:48 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions
5379 commits 62 branches 46 tags 31 MiB
Commit graph

57 commits

Author SHA1 Message Date
Nicolas Werner
d08535efbb
Remove final which breaks type registration 2023-07-16 20:32:19 +02:00
Nicolas Werner
9d16f2e8b4
Fix verification error codes 2023-07-16 19:25:37 +02:00
Nicolas Werner
e89e65dc17
Fix build against fmt10 
fixes #1499
 2023-06-28 13:16:10 +02:00
Nicolas Werner
ce1a64bc19
Move to automatic type registration 2023-06-19 01:38:40 +02:00
Nicolas Werner
9e983b1584
Remove a few more QPairs 2023-06-08 22:32:12 +02:00
Nicolas Werner
5fed4d21b1
Fix a few more clazy warnings 2023-06-08 22:32:11 +02:00
Nicolas Werner
10b65b78fa
Adapt to the new inherited variant 2023-04-11 01:38:46 +02:00
Nicolas Werner
96f791daf1
Get rid of year in license headers 
See also:
https://daniel.haxx.se/blog/2023/01/08/copyright-without-years/
https://hynek.me/til/copyright-years/
 2023-02-21 23:48:49 +01:00
Nicolas Werner
a11b1221a3
Switch to upstream olm error code 2023-02-21 02:21:31 +01:00
Nicolas Werner
920409e914
Reduce code bloat a bit 
Especially the emoji array shrinks a lot with this, but adds a few extra
relocations on startup. But it removes a lot of exception handling code
at runtime, which is nice and possibly this is still faster.
 2023-02-19 21:38:28 +01:00
Nicolas Werner
20740c9976
Automatically fetch keys for undecrypted messages after verification 
Also fix rerendering edited messages after keys are received.

fixes #1375
fixes #770
fixes #888
 2023-02-18 03:08:23 +01:00
Nicolas Werner
1d8fc18304
Warn when no secret can be requested 2023-01-22 05:31:33 +01:00
Jason Volk
0253aa59c7
Skip empty requests for cross-signing keys when user only has one device. 
Cause: Request button pressed in user settings.

Result: Request body is jsNull; sendToDevice requires jsObject.
 2023-01-22 05:26:10 +01:00
Nicolas Werner
b84bc7895e
Add some more error logging 2023-01-09 02:06:49 +01:00
Nicolas Werner
3a6a905429
A whole new year full of excitement and possibilities! 2023-01-02 04:25:33 +01:00
Nicolas Werner
537fa437e2
Store secrets (apart from the pickle key) in the database 2022-11-06 03:36:56 +01:00
Nicolas Werner
676a6506cb
Speedup sending encrypted messages after metasync was reenabled 
Calling fsync everytime we save to the db is slow, which is actually
fairly noticeable in some larger E2EE rooms. Speed that up slightly by
batching the olm session persisting.
 2022-11-01 20:58:01 +01:00
Nicolas Werner
b28fa86e6a
Enable -Wconversion 2022-10-26 01:10:35 +02:00
Nicolas Werner
af699eb83e
Mark classes as final where possible 2022-10-10 14:38:45 +02:00
Loren Burkholder
8ecbb39dc6
cppcheck stuff (#1200) 
* cppcheck stuff

* Update src/ui/RoomSettings.cpp

Co-authored-by: DeepBlueV7.X <nicolas.werner@hotmail.de>

* Update src/ui/RoomSettings.cpp

Co-authored-by: DeepBlueV7.X <nicolas.werner@hotmail.de>

* Fix linting

Co-authored-by: DeepBlueV7.X <nicolas.werner@hotmail.de>
 2022-10-03 21:57:30 +00:00
Nicolas Werner
a55fc8e43b
Work around MSVC bug with structured bindings in lambdas 
Causes error messages like:
error C3493: 'key_id' cannot be implicitly captured because no default capture mode has been specified
 2022-10-02 02:06:09 +02:00
Nicolas Werner
2fde381a82
Merge branch 'v0.10.2-fixes' 2022-09-28 14:27:54 +02:00
Nicolas Werner
67bee15a38
Prevent the homeserver from inserting malicious secrets 
Correctly verify that the reply to a secrets request is actually coming
from a verified device. While we did verify that it was us who replied,
we didn't properly cancel storing the secret if the sending device was
one of ours but was maliciously inserted by the homeserver and
unverified. We only send secret requests to verified devices in the
first place, so only the homeserver could abuse this issue.

Additionally we protected against malicious secret poisoning by
verifying that the secret is actually the reply to a request. This means
the server only has 2 places where it can poison the secrets:

- After a verification when we automatically request the secrets
- When the user manually hits the request button

It also needs to prevent other secret answers to reach the client first
since we ignore all replies after that one.

The impact of this might be quite severe. It could allow the server to
replace the cross-signing keys silently and while we might not trust
that key, we possibly could trust it in the future if we rely on the
stored secret. Similarly this could potentially be abused to make the
client trust a malicious online key backup.

If your deployment is not patched yet and you don't control your
homeserver, you can protect against this by simply not doing any
verifications of your own devices and not pressing the request button in
the settings menu.
 2022-09-28 13:36:52 +02:00
Nicolas Werner
851333a50d
Switch to clang-format14 2022-09-25 20:05:08 +02:00
Nicolas Werner
db43743697
Fix too many fmt parameters 2022-07-30 16:47:55 +02:00
Nicolas Werner
3c480d47f1
Make code compile with hidden friends 2022-07-29 04:04:44 +02:00
Nicolas Werner
904745543a
Verifications sneakily accumulating in the background 2022-07-22 11:46:37 +02:00
Nicolas Werner
ead10cd0fd
Request full online keybackup when turning it on 2022-06-19 16:37:00 +02:00
Nicolas Werner
35ff02ce48
Remove a few more headers 2022-06-18 02:31:01 +02:00
Nicolas Werner
8cdfbf9391
Get rid of 'using json = nlohmann::json' 2022-06-17 22:03:54 +02:00
Nicolas Werner
ef941920ea
Fix compilation without implicit nlohmann conversions 2022-06-17 03:14:48 +02:00
Nicolas Werner
beb59d5d2e
Simplify includes a bit 2022-06-16 01:19:26 +02:00
Nicolas Werner
62b3b461ec
Fix comparison for glare algorithm 2022-06-12 19:09:07 +02:00
Nicolas Werner
00740a7e65
Properly handle glare when verifying 2022-06-12 17:53:17 +02:00
Nicolas Werner
90da39313f
Use right linter 2022-05-10 03:53:35 +02:00
Nicolas Werner
a6b2be112b
More image dialog fixes 2022-05-10 03:20:09 +02:00
Nicolas Werner
66b7ff639c Remove sender key from megolm session index 
implements MSC3700

see https://github.com/matrix-org/matrix-spec-proposals/pull/3700
 2022-04-08 01:53:00 +02:00
Nicolas Werner
8e20139079
Allow properly editing pending encrypted messages 2022-02-27 06:43:45 +01:00
Nicolas Werner
1bc986fd3b
Prevent old verification requests from showing up 2022-02-14 15:25:55 +01:00
Nicolas Werner
61404641d9
Update year in copyright notice to shut up lint job 2022-01-01 04:57:53 +01:00
Nicolas Werner
19dc6cadea
Reserve size of some containers we are filling 2021-12-29 06:01:38 +01:00
Nicolas Werner
d8ead9573b
Reduce allocations using QStringLiteral 2021-12-29 04:52:52 +01:00
Nicolas Werner
bb290f9fec
Fix more warnings and remove dead code 2021-12-28 22:30:12 +01:00
Nicolas Werner
89e58f78f1
Fix a few shadowing warnings 
fixes #824
 2021-12-11 06:19:54 +01:00
Nicolas Werner
a13f492e7d
Make clang-format <13 and clang-format >=13 behave the same 
I think old clang-format is just buggy in those cases, so we should
reenable those blocks, once everyone has 13 or up.
 2021-11-22 00:33:43 +01:00
Nicolas Werner
f9362c75cf
Fix no replies being rendered for edits sent from Element in encrypted rooms 2021-11-11 00:41:21 +01:00
Nicolas Werner
ff560a09f5
Improve fetching of device keys after login 2021-11-08 17:01:22 +01:00
Nicolas Werner
809be93e20
Fix self verification status never updating 2021-11-07 21:27:58 +01:00
Nicolas Werner
7de24a4271
Don't try to load verification status before db is ready 2021-11-07 20:27:56 +01:00
Nicolas Werner
5ca1fb18bb
Move away from using an event loop to access secrets 
Fixes messages in room flickering and being stuck

fixes #760
relates to #770
relates to #789
 2021-11-07 03:52:57 +01:00