Commit graph

5811 commits

Author SHA1 Message Date
Nicolas Werner
7ec842ba51
Replace some user visible mentions of spaces 2022-10-01 15:20:38 +02:00
Nicolas Werner
30882d4aa9
Fix wrong file urls 2022-10-01 14:47:42 +02:00
rnhmjoj
f5d5bea840
Add green theme color, make "error" configurable 2022-10-01 10:59:17 +02:00
Nicolas Werner
2a7c6f2d86
Load components on demand 2022-10-01 02:28:02 +02:00
Nicolas Werner
570d7b8b30
Prepare for adding proxy before chat.model 2022-10-01 01:53:12 +02:00
Loren Burkholder
08aa383a62 Remove unnecessary emit 2022-09-30 00:24:43 -04:00
Loren Burkholder
df834ffc48 Various grammar fixes (mostly removing commas) 2022-09-30 00:23:39 -04:00
Loren Burkholder
e78d107558 Add link to repo to show where issues go 2022-09-30 00:04:50 -04:00
Nicolas Werner
78784babd1
Revert accidental animated image change 2022-09-30 04:03:39 +02:00
Nicolas Werner
1ea5449c18
Disable manpage on debian 2022-09-30 03:45:39 +02:00
Nicolas Werner
c34c9f9035
Automatically switch to threading when replying 2022-09-30 03:43:42 +02:00
Nicolas Werner
88cbac1695
Basic threading support 2022-09-30 03:27:05 +02:00
Nicolas Werner
bffa0115d4
Make clazy happy 2022-09-28 17:47:41 +02:00
Nicolas Werner
2fde381a82
Merge branch 'v0.10.2-fixes' 2022-09-28 14:27:54 +02:00
Nicolas Werner
031a129591
Bump version to 0.10.2 2022-09-28 14:11:19 +02:00
Nicolas Werner
67bee15a38
Prevent the homeserver from inserting malicious secrets
Correctly verify that the reply to a secrets request is actually coming
from a verified device. While we did verify that it was us who replied,
we didn't properly cancel storing the secret if the sending device was
one of ours but was maliciously inserted by the homeserver and
unverified. We only send secret requests to verified devices in the
first place, so only the homeserver could abuse this issue.

Additionally we protected against malicious secret poisoning by
verifying that the secret is actually the reply to a request. This means
the server only has 2 places where it can poison the secrets:

- After a verification when we automatically request the secrets
- When the user manually hits the request button

It also needs to prevent other secret answers to reach the client first
since we ignore all replies after that one.

The impact of this might be quite severe. It could allow the server to
replace the cross-signing keys silently and while we might not trust
that key, we possibly could trust it in the future if we rely on the
stored secret. Similarly this could potentially be abused to make the
client trust a malicious online key backup.

If your deployment is not patched yet and you don't control your
homeserver, you can protect against this by simply not doing any
verifications of your own devices and not pressing the request button in
the settings menu.
2022-09-28 13:36:52 +02:00
Joseph Donofry
9010acd909
If and Else blocks were backwards 2022-09-28 12:05:41 +02:00
Joseph Donofry
e6bbe74abf
Make sure there are no spaces in the status string 2022-09-28 12:05:41 +02:00
Joseph Donofry
2a72488a32
Add some additional notarization logging 2022-09-28 12:05:41 +02:00
Joseph Donofry
700978c5ec
Accepted... not Approved 2022-09-28 12:05:41 +02:00
Joseph Donofry
d422e42054
apple's service cares about spaces 2022-09-28 12:05:40 +02:00
Joseph Donofry
975364a901
Update requestUUID source 2022-09-28 12:05:40 +02:00
Joseph Donofry
627f30da69
Use notarytool for notarization instead of altool 2022-09-28 12:05:40 +02:00
Joseph Donofry
64391efc3a
Remove expose_as for codesign job 2022-09-28 12:05:40 +02:00
Joseph Donofry
1f42e17a05
Add macos notarize logs as artifacts 2022-09-28 12:05:40 +02:00
Nicolas Werner
8985c2d1d4
Fix infinite loop that can be triggered by some invalid html 2022-09-28 12:03:04 +02:00
Nicolas Werner
051c25d5b8
Allow editing permissions in spaces recursively 2022-09-28 02:09:04 +02:00
Nicolas Werner
0752f9477e
Fix infinite loop that can be triggered by some invalid html 2022-09-27 22:02:41 +02:00
Joseph Donofry
d103f793bf
If and Else blocks were backwards 2022-09-25 19:16:23 -04:00
Joseph Donofry
d7fffa9f46 Make sure there are no spaces in the status string 2022-09-25 18:08:13 -04:00
Joseph Donofry
e5d0244ef9
Add some additional notarization logging 2022-09-25 18:03:56 -04:00
Nicolas Werner
851333a50d
Switch to clang-format14 2022-09-25 20:05:08 +02:00
Joseph Donofry
951d0f4d23
Accepted... not Approved 2022-09-24 22:46:53 -04:00
Joseph Donofry
7b0ef054d0
apple's service cares about spaces 2022-09-24 22:16:18 -04:00
Joseph Donofry
ae442f3b45
Update requestUUID source 2022-09-24 21:30:27 -04:00
Joseph Donofry
8ac87a5fbe
Use notarytool for notarization instead of altool 2022-09-24 20:57:26 -04:00
Joseph Donofry
cbdcde9572
Remove expose_as for codesign job 2022-09-24 17:46:49 -04:00
Joseph Donofry
3c21e09caf
Add macos notarize logs as artifacts 2022-09-24 17:43:06 -04:00
Nicolas Werner
79ce60382a
Fix crash when deleting room summary
Since this is used across different threads, we have to delete it on the
event loop.

Thank you, q234rty, for the help with debugging this.
2022-09-24 10:36:26 +02:00
Nicolas Werner
ce2d4defde
Try to handle rate limiting 2022-09-23 15:47:25 +02:00
Nicolas Werner
683fd75700
More granular automoc 2022-09-23 15:47:25 +02:00
Weblate
3b99e3826e Translated using Weblate (Russian)
Currently translated at 31.9% (265 of 830 strings)

Translated using Weblate (Russian)

Currently translated at 31.9% (265 of 830 strings)

Translated using Weblate (Russian)

Currently translated at 31.9% (265 of 830 strings)

Co-authored-by: Artem <ego.cordatus@gmail.com>
Co-authored-by: Mihail Iosilevich <mihail.iosilevitch@yandex.ru>
Co-authored-by: SOT-TECH <sblazhko@sot-te.ch>
Translate-URL: https://weblate.nheko.im/projects/nheko/nheko-master/ru/
Translation: Nheko/nheko
2022-09-23 09:05:09 -04:00
Weblate
aad97cffef Translated using Weblate (Russian)
Currently translated at 31.5% (262 of 830 strings)

Co-authored-by: SOT-TECH <sblazhko@sot-te.ch>
Translate-URL: https://weblate.nheko.im/projects/nheko/nheko-master/ru/
Translation: Nheko/nheko
2022-09-22 16:09:04 -04:00
Nicolas Werner
ed15d73d36
Allow adding non-existing userids to power levels 2022-09-22 21:24:41 +02:00
Nicolas Werner
33d45d5765
Upgrade build images 2022-09-22 20:18:08 +02:00
Nicolas Werner
a8e35e5623
Set macos deployment target explicitly 2022-09-22 20:18:08 +02:00
Nicolas Werner
efb9970178
Switch to C++20 2022-09-22 20:18:04 +02:00
Weblate
7efb4a22c7 Translated using Weblate (Russian)
Currently translated at 31.5% (262 of 830 strings)

Co-authored-by: SOT-TECH <sblazhko@sot-te.ch>
Translate-URL: https://weblate.nheko.im/projects/nheko/nheko-master/ru/
Translation: Nheko/nheko
2022-09-22 10:00:56 -04:00
DeepBlueV7.X
ed880248c8
Merge pull request #1190 from Bubu/patch-3
Readme: fix steam deck instructions
2022-09-22 12:46:40 +00:00
Weblate
a079e370ff Translated using Weblate (Russian)
Currently translated at 31.5% (262 of 830 strings)

Translated using Weblate (Russian)

Currently translated at 31.5% (262 of 830 strings)

Translated using Weblate (Russian)

Currently translated at 31.5% (262 of 830 strings)

Co-authored-by: Herecore <herecore@protonmail.com>
Co-authored-by: Mihail Iosilevich <mihail.iosilevitch@yandex.ru>
Co-authored-by: SOT-TECH <sblazhko@sot-te.ch>
Translate-URL: https://weblate.nheko.im/projects/nheko/nheko-master/ru/
Translation: Nheko/nheko
2022-09-22 08:02:06 -04:00