diff --git a/CHANGES.md b/CHANGES.md index 9c200bfb7b..4877ba9d44 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -1,3 +1,80 @@ +Synapse 1.84.0rc1 (2023-05-16) +============================== + +Features +-------- + +- Add an option to prevent media downloads from configured domains. ([\#15197](https://github.com/matrix-org/synapse/issues/15197)) +- Add `forget_rooms_on_leave` config option to automatically forget rooms when users leave them or are removed from them. ([\#15224](https://github.com/matrix-org/synapse/issues/15224)) +- Add redis TLS configuration options. ([\#15312](https://github.com/matrix-org/synapse/issues/15312)) +- Add a config option to delay push notifications by a random amount, to discourage time-based profiling. ([\#15516](https://github.com/matrix-org/synapse/issues/15516)) +- Stabilize support for [MSC2659](https://github.com/matrix-org/matrix-spec-proposals/pull/2659): application service ping endpoint. Contributed by Tulir @ Beeper. ([\#15528](https://github.com/matrix-org/synapse/issues/15528)) +- Implement [MSC4009](https://github.com/matrix-org/matrix-spec-proposals/pull/4009) to expand the supported characters in Matrix IDs. ([\#15536](https://github.com/matrix-org/synapse/issues/15536)) +- Advertise support for Matrix 1.6 on `/_matrix/client/versions`. ([\#15559](https://github.com/matrix-org/synapse/issues/15559)) +- Print full error and stack-trace of any exception that occurs during startup/initialization. ([\#15569](https://github.com/matrix-org/synapse/issues/15569)) + + +Bugfixes +-------- + +- Don't fail on federation over TOR where SRV queries are not supported. Contributed by Zdzichu. ([\#15523](https://github.com/matrix-org/synapse/issues/15523)) +- Experimental support for [MSC4010](https://github.com/matrix-org/matrix-spec-proposals/pull/4010) which rejects setting the `"m.push_rules"` via account data. ([\#15554](https://github.com/matrix-org/synapse/issues/15554), [\#15555](https://github.com/matrix-org/synapse/issues/15555)) +- Fix a long-standing bug where an invalid membership event could cause an internal server error. ([\#15564](https://github.com/matrix-org/synapse/issues/15564)) +- Require at least poetry-core v1.1.0. ([\#15566](https://github.com/matrix-org/synapse/issues/15566), [\#15571](https://github.com/matrix-org/synapse/issues/15571)) + + +Updates to the Docker image +--------------------------- + +- Add pkg-config package to Stage 0 to be able to build Dockerfile on ppc64le architecture. ([\#15567](https://github.com/matrix-org/synapse/issues/15567)) + + +Improved Documentation +---------------------- + +- Clarify documentation of the "Create or modify account" Admin API. ([\#15544](https://github.com/matrix-org/synapse/issues/15544)) +- Fix path to the `statistics/database/rooms` admin API in documentation. ([\#15560](https://github.com/matrix-org/synapse/issues/15560)) +- Update and improve Mastodon Single Sign-On documentation. ([\#15587](https://github.com/matrix-org/synapse/issues/15587)) + + +Internal Changes +---------------- + +- Use oEmbed to generate URL previews for YouTube Shorts. ([\#15025](https://github.com/matrix-org/synapse/issues/15025)) +- Create new `Client` for use with HTTP Replication between workers. Contributed by Jason Little. ([\#15470](https://github.com/matrix-org/synapse/issues/15470)) +- Remove need for `worker_replication_*` based settings in worker configuration yaml by placing this data directly on the `instance_map` instead. ([\#15491](https://github.com/matrix-org/synapse/issues/15491)) +- Bump pyicu from 2.10.2 to 2.11. ([\#15509](https://github.com/matrix-org/synapse/issues/15509)) +- Remove references to supporting per-user flag for [MSC2654](https://github.com/matrix-org/matrix-spec-proposals/pull/2654). ([\#15522](https://github.com/matrix-org/synapse/issues/15522)) +- Don't use a trusted key server when running the demo scripts. ([\#15527](https://github.com/matrix-org/synapse/issues/15527)) +- Speed up rebuilding of the user directory for local users. ([\#15529](https://github.com/matrix-org/synapse/issues/15529)) +- Speed up deleting of old rows in `event_push_actions`. ([\#15531](https://github.com/matrix-org/synapse/issues/15531)) +- Install the `xmlsec` and `mdbook` packages and switch back to the upstream [cachix/devenv](https://github.com/cachix/devenv) repo in the nix development environment. ([\#15532](https://github.com/matrix-org/synapse/issues/15532), [\#15533](https://github.com/matrix-org/synapse/issues/15533), [\#15545](https://github.com/matrix-org/synapse/issues/15545)) +- Implement [MSC3987](https://github.com/matrix-org/matrix-spec-proposals/pull/3987) by removing `"dont_notify"` from the list of actions in default push rules. ([\#15534](https://github.com/matrix-org/synapse/issues/15534)) +- Move various module API callback registration methods to a dedicated class. ([\#15535](https://github.com/matrix-org/synapse/issues/15535)) +- Proxy `/user/devices` federation queries to application services for [MSC3984](https://github.com/matrix-org/matrix-spec-proposals/pull/3984). ([\#15539](https://github.com/matrix-org/synapse/issues/15539)) +- Factor out an `is_mine_server_name` method. ([\#15542](https://github.com/matrix-org/synapse/issues/15542)) +- Allow running Complement tests using [podman](https://podman.io/) by adding a `PODMAN` environment variable to `scripts-dev/complement.sh`. ([\#15543](https://github.com/matrix-org/synapse/issues/15543)) +- Bump serde from 1.0.160 to 1.0.162. ([\#15548](https://github.com/matrix-org/synapse/issues/15548)) +- Bump types-setuptools from 67.6.0.5 to 67.7.0.1. ([\#15549](https://github.com/matrix-org/synapse/issues/15549)) +- Bump sentry-sdk from 1.19.1 to 1.22.1. ([\#15550](https://github.com/matrix-org/synapse/issues/15550)) +- Bump ruff from 0.0.259 to 0.0.265. ([\#15551](https://github.com/matrix-org/synapse/issues/15551)) +- Bump hiredis from 2.2.2 to 2.2.3. ([\#15552](https://github.com/matrix-org/synapse/issues/15552)) +- Bump types-requests from 2.29.0.0 to 2.30.0.0. ([\#15553](https://github.com/matrix-org/synapse/issues/15553)) +- Add `org.matrix.msc3981` info to `/_matrix/client/versions`. ([\#15558](https://github.com/matrix-org/synapse/issues/15558)) +- Declare unstable support for [MSC3391](https://github.com/matrix-org/matrix-spec-proposals/pull/3391) under `/_matrix/client/versions` if the experimental implementation is enabled. ([\#15562](https://github.com/matrix-org/synapse/issues/15562)) +- Implement [MSC3821](https://github.com/matrix-org/matrix-spec-proposals/pull/3821) to update the redaction rules. ([\#15563](https://github.com/matrix-org/synapse/issues/15563)) +- Implement updated redaction rules from [MSC3389](https://github.com/matrix-org/matrix-spec-proposals/pull/3389). ([\#15565](https://github.com/matrix-org/synapse/issues/15565)) +- Allow `pip install` to use setuptools_rust 1.6.0 when building Synapse. ([\#15570](https://github.com/matrix-org/synapse/issues/15570)) +- Deal with upcoming Github Actions deprecations. ([\#15576](https://github.com/matrix-org/synapse/issues/15576)) +- Export `run_as_background_process` from the module API. ([\#15577](https://github.com/matrix-org/synapse/issues/15577)) +- Update build system requirements to allow building with poetry-core==1.6.0. ([\#15588](https://github.com/matrix-org/synapse/issues/15588)) +- Bump serde from 1.0.162 to 1.0.163. ([\#15589](https://github.com/matrix-org/synapse/issues/15589)) +- Bump phonenumbers from 8.13.7 to 8.13.11. ([\#15590](https://github.com/matrix-org/synapse/issues/15590)) +- Bump types-psycopg2 from 2.9.21.9 to 2.9.21.10. ([\#15591](https://github.com/matrix-org/synapse/issues/15591)) +- Bump types-commonmark from 0.9.2.2 to 0.9.2.3. ([\#15592](https://github.com/matrix-org/synapse/issues/15592)) +- Bump types-setuptools from 67.7.0.1 to 67.7.0.2. ([\#15594](https://github.com/matrix-org/synapse/issues/15594)) + + Synapse 1.83.0 (2023-05-09) =========================== diff --git a/Cargo.lock b/Cargo.lock index b03076d9fa..e169a665b6 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -323,18 +323,18 @@ checksum = "d29ab0c6d3fc0ee92fe66e2d99f700eab17a8d57d1c1d3b748380fb20baa78cd" [[package]] name = "serde" -version = "1.0.162" +version = "1.0.163" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "71b2f6e1ab5c2b98c05f0f35b236b22e8df7ead6ffbf51d7808da7f8817e7ab6" +checksum = "2113ab51b87a539ae008b5c6c02dc020ffa39afd2d83cffcb3f4eb2722cebec2" dependencies = [ "serde_derive", ] [[package]] name = "serde_derive" -version = "1.0.162" +version = "1.0.163" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a2a0814352fd64b58489904a44ea8d90cb1a91dcb6b4f5ebabc32c8318e93cb6" +checksum = "8c805777e3930c8883389c602315a24224bcc738b63905ef87cd1420353ea93e" dependencies = [ "proc-macro2", "quote", diff --git a/changelog.d/15025.misc b/changelog.d/15025.misc deleted file mode 100644 index 1f04d85729..0000000000 --- a/changelog.d/15025.misc +++ /dev/null @@ -1 +0,0 @@ -Use oEmbed to generate URL previews for YouTube Shorts. diff --git a/changelog.d/15197.feature b/changelog.d/15197.feature deleted file mode 100644 index c8a6f114e8..0000000000 --- a/changelog.d/15197.feature +++ /dev/null @@ -1 +0,0 @@ -Add an option to prevent media downloads from configured domains. \ No newline at end of file diff --git a/changelog.d/15224.feature b/changelog.d/15224.feature deleted file mode 100644 index 5d8413f8be..0000000000 --- a/changelog.d/15224.feature +++ /dev/null @@ -1 +0,0 @@ -Add `forget_rooms_on_leave` config option to automatically forget rooms when users leave them or are removed from them. diff --git a/changelog.d/15312.feature b/changelog.d/15312.feature deleted file mode 100644 index e4e972cfeb..0000000000 --- a/changelog.d/15312.feature +++ /dev/null @@ -1 +0,0 @@ -Add redis TLS configuration options. \ No newline at end of file diff --git a/changelog.d/15470.misc b/changelog.d/15470.misc deleted file mode 100644 index 0af0b499c6..0000000000 --- a/changelog.d/15470.misc +++ /dev/null @@ -1 +0,0 @@ -Create new `Client` for use with HTTP Replication between workers. Contributed by Jason Little. diff --git a/changelog.d/15491.misc b/changelog.d/15491.misc deleted file mode 100644 index 98f88dbf19..0000000000 --- a/changelog.d/15491.misc +++ /dev/null @@ -1 +0,0 @@ -Remove need for `worker_replication_*` based settings in worker configuration yaml by placing this data directly on the `instance_map` instead. diff --git a/changelog.d/15509.misc b/changelog.d/15509.misc deleted file mode 100644 index 1eb26c83b7..0000000000 --- a/changelog.d/15509.misc +++ /dev/null @@ -1 +0,0 @@ -Bump pyicu from 2.10.2 to 2.11. diff --git a/changelog.d/15516.feature b/changelog.d/15516.feature deleted file mode 100644 index 02a101bb88..0000000000 --- a/changelog.d/15516.feature +++ /dev/null @@ -1 +0,0 @@ -Add a config option to delay push notifications by a random amount, to discourage time-based profiling. diff --git a/changelog.d/15522.misc b/changelog.d/15522.misc deleted file mode 100644 index a5a229e4a0..0000000000 --- a/changelog.d/15522.misc +++ /dev/null @@ -1 +0,0 @@ -Remove references to supporting per-user flag for [MSC2654](https://github.com/matrix-org/matrix-spec-proposals/pull/2654) (#15522). diff --git a/changelog.d/15523.bugfix b/changelog.d/15523.bugfix deleted file mode 100644 index c00754019f..0000000000 --- a/changelog.d/15523.bugfix +++ /dev/null @@ -1 +0,0 @@ -Don't fail on federation over TOR where SRV queries are not supported. Contributed by Zdzichu. diff --git a/changelog.d/15527.misc b/changelog.d/15527.misc deleted file mode 100644 index 752a32adeb..0000000000 --- a/changelog.d/15527.misc +++ /dev/null @@ -1 +0,0 @@ -Don't use a trusted key server when running the demo scripts. \ No newline at end of file diff --git a/changelog.d/15528.feature b/changelog.d/15528.feature deleted file mode 100644 index aae9fa1ecf..0000000000 --- a/changelog.d/15528.feature +++ /dev/null @@ -1 +0,0 @@ -Stabilize support for [MSC2659](https://github.com/matrix-org/matrix-spec-proposals/pull/2659): application service ping endpoint. Contributed by Tulir @ Beeper. diff --git a/changelog.d/15529.misc b/changelog.d/15529.misc deleted file mode 100644 index 7ad424d8df..0000000000 --- a/changelog.d/15529.misc +++ /dev/null @@ -1 +0,0 @@ -Speed up rebuilding of the user directory for local users. diff --git a/changelog.d/15531.misc b/changelog.d/15531.misc deleted file mode 100644 index 6d4da961b5..0000000000 --- a/changelog.d/15531.misc +++ /dev/null @@ -1 +0,0 @@ -Speed up deleting of old rows in `event_push_actions`. diff --git a/changelog.d/15532.misc b/changelog.d/15532.misc deleted file mode 100644 index 1ee700f829..0000000000 --- a/changelog.d/15532.misc +++ /dev/null @@ -1 +0,0 @@ -Install the `xmlsec` and `mdbook` packages and switch back to the upstream [cachix/devenv](https://github.com/cachix/devenv) repo in the nix development environment. diff --git a/changelog.d/15533.misc b/changelog.d/15533.misc deleted file mode 100644 index 1ee700f829..0000000000 --- a/changelog.d/15533.misc +++ /dev/null @@ -1 +0,0 @@ -Install the `xmlsec` and `mdbook` packages and switch back to the upstream [cachix/devenv](https://github.com/cachix/devenv) repo in the nix development environment. diff --git a/changelog.d/15534.misc b/changelog.d/15534.misc deleted file mode 100644 index fd9ba2a6e1..0000000000 --- a/changelog.d/15534.misc +++ /dev/null @@ -1 +0,0 @@ -Implement [MSC3987](https://github.com/matrix-org/matrix-spec-proposals/pull/3987) by removing `"dont_notify"` from the list of actions in default push rules. diff --git a/changelog.d/15535.misc b/changelog.d/15535.misc deleted file mode 100644 index 9981606c32..0000000000 --- a/changelog.d/15535.misc +++ /dev/null @@ -1 +0,0 @@ -Move various module API callback registration methods to a dedicated class. \ No newline at end of file diff --git a/changelog.d/15536.feature b/changelog.d/15536.feature deleted file mode 100644 index 824c24575f..0000000000 --- a/changelog.d/15536.feature +++ /dev/null @@ -1 +0,0 @@ -Implement [MSC4009](https://github.com/matrix-org/matrix-spec-proposals/pull/4009) to expand the supported characters in Matrix IDs. diff --git a/changelog.d/15539.misc b/changelog.d/15539.misc deleted file mode 100644 index e5af5dee5c..0000000000 --- a/changelog.d/15539.misc +++ /dev/null @@ -1 +0,0 @@ -Proxy `/user/devices` federation queries to application services for [MSC3984](https://github.com/matrix-org/matrix-spec-proposals/pull/3984). diff --git a/changelog.d/15542.misc b/changelog.d/15542.misc deleted file mode 100644 index 32e3d678a1..0000000000 --- a/changelog.d/15542.misc +++ /dev/null @@ -1 +0,0 @@ -Factor out an `is_mine_server_name` method. diff --git a/changelog.d/15543.misc b/changelog.d/15543.misc deleted file mode 100644 index ba1dc7597e..0000000000 --- a/changelog.d/15543.misc +++ /dev/null @@ -1 +0,0 @@ -Allow running Complement tests using [podman](https://podman.io/) by adding a `PODMAN` environment variable to `scripts-dev/complement.sh`. \ No newline at end of file diff --git a/changelog.d/15544.doc b/changelog.d/15544.doc deleted file mode 100644 index a6d1e96900..0000000000 --- a/changelog.d/15544.doc +++ /dev/null @@ -1 +0,0 @@ -Clarify documentation of the "Create or modify account" Admin API. \ No newline at end of file diff --git a/changelog.d/15545.misc b/changelog.d/15545.misc deleted file mode 100644 index c7c0741f96..0000000000 --- a/changelog.d/15545.misc +++ /dev/null @@ -1 +0,0 @@ - Install the `xmlsec` and `mdbook` packages and switch back to the upstream [cachix/devenv](https://github.com/cachix/devenv) repo in the nix development environment. \ No newline at end of file diff --git a/changelog.d/15548.misc b/changelog.d/15548.misc deleted file mode 100644 index e05ddde438..0000000000 --- a/changelog.d/15548.misc +++ /dev/null @@ -1 +0,0 @@ -Bump serde from 1.0.160 to 1.0.162. diff --git a/changelog.d/15549.misc b/changelog.d/15549.misc deleted file mode 100644 index 70573688d1..0000000000 --- a/changelog.d/15549.misc +++ /dev/null @@ -1 +0,0 @@ -Bump types-setuptools from 67.6.0.5 to 67.7.0.1. diff --git a/changelog.d/15550.misc b/changelog.d/15550.misc deleted file mode 100644 index 58d5594e7a..0000000000 --- a/changelog.d/15550.misc +++ /dev/null @@ -1 +0,0 @@ -Bump sentry-sdk from 1.19.1 to 1.22.1. diff --git a/changelog.d/15551.misc b/changelog.d/15551.misc deleted file mode 100644 index a8bedbe0e7..0000000000 --- a/changelog.d/15551.misc +++ /dev/null @@ -1 +0,0 @@ -Bump ruff from 0.0.259 to 0.0.265. diff --git a/changelog.d/15552.misc b/changelog.d/15552.misc deleted file mode 100644 index 24972a2f8c..0000000000 --- a/changelog.d/15552.misc +++ /dev/null @@ -1 +0,0 @@ -Bump hiredis from 2.2.2 to 2.2.3. diff --git a/changelog.d/15553.misc b/changelog.d/15553.misc deleted file mode 100644 index ca9eafd6c1..0000000000 --- a/changelog.d/15553.misc +++ /dev/null @@ -1 +0,0 @@ -Bump types-requests from 2.29.0.0 to 2.30.0.0. diff --git a/changelog.d/15554.bugfix b/changelog.d/15554.bugfix deleted file mode 100644 index 0fd9de8c65..0000000000 --- a/changelog.d/15554.bugfix +++ /dev/null @@ -1 +0,0 @@ -Experimental support for [MSC4010](https://github.com/matrix-org/matrix-spec-proposals/pull/4010) which rejects setting the `"m.push_rules"` via account data. diff --git a/changelog.d/15555.bugfix b/changelog.d/15555.bugfix deleted file mode 100644 index 0fd9de8c65..0000000000 --- a/changelog.d/15555.bugfix +++ /dev/null @@ -1 +0,0 @@ -Experimental support for [MSC4010](https://github.com/matrix-org/matrix-spec-proposals/pull/4010) which rejects setting the `"m.push_rules"` via account data. diff --git a/changelog.d/15560.doc b/changelog.d/15560.doc deleted file mode 100644 index a552391886..0000000000 --- a/changelog.d/15560.doc +++ /dev/null @@ -1 +0,0 @@ -Fix path to the `statistics/database/rooms` admin API in documentation. diff --git a/changelog.d/15562.misc b/changelog.d/15562.misc deleted file mode 100644 index eeeb553d8f..0000000000 --- a/changelog.d/15562.misc +++ /dev/null @@ -1 +0,0 @@ -Declare unstable support for [MSC3391](https://github.com/matrix-org/matrix-spec-proposals/pull/3391) under `/_matrix/client/versions` if the experimental implementation is enabled. \ No newline at end of file diff --git a/changelog.d/15566.bugfix b/changelog.d/15566.bugfix deleted file mode 100644 index 130342590c..0000000000 --- a/changelog.d/15566.bugfix +++ /dev/null @@ -1 +0,0 @@ -Require at least poetry-core v1.1.0. diff --git a/changelog.d/15567.docker b/changelog.d/15567.docker deleted file mode 100644 index 8995bc1bd7..0000000000 --- a/changelog.d/15567.docker +++ /dev/null @@ -1 +0,0 @@ -Add pkg-config package to Stage 0 to be able to build Dockerfile on ppc64le architecture. diff --git a/changelog.d/15569.feature b/changelog.d/15569.feature deleted file mode 100644 index b58af8ad55..0000000000 --- a/changelog.d/15569.feature +++ /dev/null @@ -1 +0,0 @@ -Print full error and stack-trace of any exception that occurs during startup/initialization. diff --git a/changelog.d/15570.misc b/changelog.d/15570.misc deleted file mode 100644 index ee04509981..0000000000 --- a/changelog.d/15570.misc +++ /dev/null @@ -1 +0,0 @@ -Allow `pip install` to use setuptools_rust 1.6.0 when building Synapse. diff --git a/changelog.d/15571.bugfix b/changelog.d/15571.bugfix deleted file mode 100644 index 130342590c..0000000000 --- a/changelog.d/15571.bugfix +++ /dev/null @@ -1 +0,0 @@ -Require at least poetry-core v1.1.0. diff --git a/changelog.d/15576.misc b/changelog.d/15576.misc deleted file mode 100644 index 9df71999d9..0000000000 --- a/changelog.d/15576.misc +++ /dev/null @@ -1 +0,0 @@ -Deal with upcoming Github Actions deprecations. diff --git a/debian/changelog b/debian/changelog index 15ff7e82c3..ad163add2b 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +matrix-synapse-py3 (1.84.0~rc1) stable; urgency=medium + + * New Synapse release 1.84.0rc1. + + -- Synapse Packaging team Tue, 16 May 2023 11:12:02 +0100 + matrix-synapse-py3 (1.83.0) stable; urgency=medium * New Synapse release 1.83.0. diff --git a/docs/openid.md b/docs/openid.md index 73f1e06121..9773a7de52 100644 --- a/docs/openid.md +++ b/docs/openid.md @@ -569,7 +569,7 @@ You should receive a response similar to the following. Make sure to save it. {"client_id":"someclientid_123","client_secret":"someclientsecret_123","id":"12345","name":"my_synapse_app","redirect_uri":"https://[synapse_public_baseurl]/_synapse/client/oidc/callback","website":null,"vapid_key":"somerandomvapidkey_123"} ``` -As the Synapse login mechanism needs an attribute to uniquely identify users, and Mastodon's endpoint does not return a `sub` property, an alternative `subject_claim` has to be set. Your Synapse configuration should include the following: +As the Synapse login mechanism needs an attribute to uniquely identify users, and Mastodon's endpoint does not return a `sub` property, an alternative `subject_template` has to be set. Your Synapse configuration should include the following: ```yaml oidc_providers: @@ -585,7 +585,9 @@ oidc_providers: scopes: ["read"] user_mapping_provider: config: - subject_claim: "id" + subject_template: "{{ user.id }}" + localpart_template: "{{ user.username }}" + display_name_template: "{{ user.display_name }}" ``` Note that the fields `client_id` and `client_secret` are taken from the CURL response above. diff --git a/poetry.lock b/poetry.lock index 09d486ba51..48a752986d 100644 --- a/poetry.lock +++ b/poetry.lock @@ -1632,14 +1632,14 @@ files = [ [[package]] name = "phonenumbers" -version = "8.13.7" +version = "8.13.11" description = "Python version of Google's common library for parsing, formatting, storing and validating international phone numbers." category = "main" optional = false python-versions = "*" files = [ - {file = "phonenumbers-8.13.7-py2.py3-none-any.whl", hash = "sha256:d3e3555b38c89b121f5b2e917847003bdd07027569d758d5f40156c01aeac089"}, - {file = "phonenumbers-8.13.7.tar.gz", hash = "sha256:253bb0e01250d21a11f2b42b3e6e161b7f6cb2ac440e2e2a95c1da71d221ee1a"}, + {file = "phonenumbers-8.13.11-py2.py3-none-any.whl", hash = "sha256:107469114fd297258a485bdf8238d0522cb392db1257faf2bf23384ecbdb0e8a"}, + {file = "phonenumbers-8.13.11.tar.gz", hash = "sha256:3e3274d88cab3609b55ff5b93417075dbca2d13064f103fbf562e0ea1dda0f9a"}, ] [[package]] @@ -3010,14 +3010,14 @@ files = [ [[package]] name = "types-commonmark" -version = "0.9.2.2" +version = "0.9.2.3" description = "Typing stubs for commonmark" category = "dev" optional = false python-versions = "*" files = [ - {file = "types-commonmark-0.9.2.2.tar.gz", hash = "sha256:f3259350634c2ce68ae503398430482f7cf44e5cae3d344995e916fbf453b4be"}, - {file = "types_commonmark-0.9.2.2-py3-none-any.whl", hash = "sha256:d3d878692615e7fbe47bf19ba67497837b135812d665012a3d42219c1f2c3a61"}, + {file = "types-commonmark-0.9.2.3.tar.gz", hash = "sha256:42769a2c194fd5b49fd9eedfd4a83cd1d2514c6d0a36f00f5c5ffe0b6a2d2fcf"}, + {file = "types_commonmark-0.9.2.3-py3-none-any.whl", hash = "sha256:b575156e1b8a292d43acb36f861110b85c4bc7aa53bbfb5ac64addec15d18cfa"}, ] [[package]] @@ -3070,14 +3070,14 @@ files = [ [[package]] name = "types-psycopg2" -version = "2.9.21.9" +version = "2.9.21.10" description = "Typing stubs for psycopg2" category = "dev" optional = false python-versions = "*" files = [ - {file = "types-psycopg2-2.9.21.9.tar.gz", hash = "sha256:388dc36a04551632289c4aaf1fc5b91e147654b165db896d094844e216f22bf5"}, - {file = "types_psycopg2-2.9.21.9-py3-none-any.whl", hash = "sha256:0332525fb9d3031d3da46f091e7d40b2c4d4958e9c00d2b4c1eaaa9f8ef9de4e"}, + {file = "types-psycopg2-2.9.21.10.tar.gz", hash = "sha256:c2600892312ae1c34e12f145749795d93dc4eac3ef7dbf8a9c1bfd45385e80d7"}, + {file = "types_psycopg2-2.9.21.10-py3-none-any.whl", hash = "sha256:918224a0731a3650832e46633e720703b5beef7693a064e777d9748654fcf5e5"}, ] [[package]] @@ -3124,14 +3124,14 @@ types-urllib3 = "*" [[package]] name = "types-setuptools" -version = "67.7.0.1" +version = "67.7.0.2" description = "Typing stubs for setuptools" category = "dev" optional = false python-versions = "*" files = [ - {file = "types-setuptools-67.7.0.1.tar.gz", hash = "sha256:980a2651b2b019809817e1585071596b87fbafcb54433ff3b12445461db23790"}, - {file = "types_setuptools-67.7.0.1-py3-none-any.whl", hash = "sha256:471a4ecf6984ffada63ffcfa884bfcb62718bd2d1a1acf8ee5513ec99789ed5e"}, + {file = "types-setuptools-67.7.0.2.tar.gz", hash = "sha256:155789e85e79d5682b0d341919d4beb6140408ae52bac922af25b54e36ab25c0"}, + {file = "types_setuptools-67.7.0.2-py3-none-any.whl", hash = "sha256:bd30f6dbe9b83f0a7e6e3eab6d2df748aa4f55700d54e9f077d3aa30cc019445"}, ] [[package]] diff --git a/pyproject.toml b/pyproject.toml index 16b5d9bc3b..86e1537a6d 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -89,7 +89,7 @@ manifest-path = "rust/Cargo.toml" [tool.poetry] name = "matrix-synapse" -version = "1.83.0" +version = "1.84.0rc1" description = "Homeserver for the Matrix decentralised comms protocol" authors = ["Matrix.org Team and Contributors "] license = "Apache-2.0" @@ -368,7 +368,7 @@ furo = ">=2022.12.7,<2024.0.0" # system changes. # We are happy to raise these upper bounds upon request, # provided we check that it's safe to do so (i.e. that CI passes). -requires = ["poetry-core>=1.1.0,<=1.5.0", "setuptools_rust>=1.3,<=1.6.0"] +requires = ["poetry-core>=1.1.0,<=1.6.0", "setuptools_rust>=1.3,<=1.6.0"] build-backend = "poetry.core.masonry.api" diff --git a/synapse/api/room_versions.py b/synapse/api/room_versions.py index 5d9c13e3c3..7030b133d3 100644 --- a/synapse/api/room_versions.py +++ b/synapse/api/room_versions.py @@ -96,11 +96,15 @@ class RoomVersion: msc2716_historical: bool # MSC2716: Adds support for redacting "insertion", "chunk", and "marker" events msc2716_redactions: bool + # MSC3389: Protect relation information from redaction. + msc3389_relation_redactions: bool # MSC3787: Adds support for a `knock_restricted` join rule, mixing concepts of # knocks and restricted join rules into the same join condition. msc3787_knock_restricted_join_rule: bool # MSC3667: Enforce integer power levels msc3667_int_only_power_levels: bool + # MSC3821: Do not redact the third_party_invite content field for membership events. + msc3821_redaction_rules: bool # MSC3931: Adds a push rule condition for "room version feature flags", making # some push rules room version dependent. Note that adding a flag to this list # is not enough to mark it "supported": the push rule evaluator also needs to @@ -128,8 +132,10 @@ class RoomVersions: msc2403_knocking=False, msc2716_historical=False, msc2716_redactions=False, + msc3389_relation_redactions=False, msc3787_knock_restricted_join_rule=False, msc3667_int_only_power_levels=False, + msc3821_redaction_rules=False, msc3931_push_features=(), msc3989_redaction_rules=False, ) @@ -149,8 +155,10 @@ class RoomVersions: msc2403_knocking=False, msc2716_historical=False, msc2716_redactions=False, + msc3389_relation_redactions=False, msc3787_knock_restricted_join_rule=False, msc3667_int_only_power_levels=False, + msc3821_redaction_rules=False, msc3931_push_features=(), msc3989_redaction_rules=False, ) @@ -170,8 +178,10 @@ class RoomVersions: msc2403_knocking=False, msc2716_historical=False, msc2716_redactions=False, + msc3389_relation_redactions=False, msc3787_knock_restricted_join_rule=False, msc3667_int_only_power_levels=False, + msc3821_redaction_rules=False, msc3931_push_features=(), msc3989_redaction_rules=False, ) @@ -191,8 +201,10 @@ class RoomVersions: msc2403_knocking=False, msc2716_historical=False, msc2716_redactions=False, + msc3389_relation_redactions=False, msc3787_knock_restricted_join_rule=False, msc3667_int_only_power_levels=False, + msc3821_redaction_rules=False, msc3931_push_features=(), msc3989_redaction_rules=False, ) @@ -212,8 +224,10 @@ class RoomVersions: msc2403_knocking=False, msc2716_historical=False, msc2716_redactions=False, + msc3389_relation_redactions=False, msc3787_knock_restricted_join_rule=False, msc3667_int_only_power_levels=False, + msc3821_redaction_rules=False, msc3931_push_features=(), msc3989_redaction_rules=False, ) @@ -233,8 +247,10 @@ class RoomVersions: msc2403_knocking=False, msc2716_historical=False, msc2716_redactions=False, + msc3389_relation_redactions=False, msc3787_knock_restricted_join_rule=False, msc3667_int_only_power_levels=False, + msc3821_redaction_rules=False, msc3931_push_features=(), msc3989_redaction_rules=False, ) @@ -254,8 +270,10 @@ class RoomVersions: msc2403_knocking=False, msc2716_historical=False, msc2716_redactions=False, + msc3389_relation_redactions=False, msc3787_knock_restricted_join_rule=False, msc3667_int_only_power_levels=False, + msc3821_redaction_rules=False, msc3931_push_features=(), msc3989_redaction_rules=False, ) @@ -275,8 +293,10 @@ class RoomVersions: msc2403_knocking=True, msc2716_historical=False, msc2716_redactions=False, + msc3389_relation_redactions=False, msc3787_knock_restricted_join_rule=False, msc3667_int_only_power_levels=False, + msc3821_redaction_rules=False, msc3931_push_features=(), msc3989_redaction_rules=False, ) @@ -296,8 +316,10 @@ class RoomVersions: msc2403_knocking=True, msc2716_historical=False, msc2716_redactions=False, + msc3389_relation_redactions=False, msc3787_knock_restricted_join_rule=False, msc3667_int_only_power_levels=False, + msc3821_redaction_rules=False, msc3931_push_features=(), msc3989_redaction_rules=False, ) @@ -317,8 +339,10 @@ class RoomVersions: msc2403_knocking=True, msc2716_historical=False, msc2716_redactions=False, + msc3389_relation_redactions=False, msc3787_knock_restricted_join_rule=False, msc3667_int_only_power_levels=False, + msc3821_redaction_rules=False, msc3931_push_features=(), msc3989_redaction_rules=False, ) @@ -338,8 +362,33 @@ class RoomVersions: msc2403_knocking=True, msc2716_historical=False, msc2716_redactions=False, + msc3389_relation_redactions=False, msc3787_knock_restricted_join_rule=True, msc3667_int_only_power_levels=False, + msc3821_redaction_rules=False, + msc3931_push_features=(), + msc3989_redaction_rules=False, + ) + MSC3821 = RoomVersion( + "org.matrix.msc3821.opt1", + RoomDisposition.UNSTABLE, + EventFormatVersions.ROOM_V4_PLUS, + StateResolutionVersions.V2, + enforce_key_validity=True, + special_case_aliases_auth=False, + strict_canonicaljson=True, + limit_notifications_power_levels=True, + msc2175_implicit_room_creator=False, + msc2176_redaction_rules=False, + msc3083_join_rules=True, + msc3375_redaction_rules=True, + msc2403_knocking=True, + msc2716_historical=False, + msc2716_redactions=False, + msc3389_relation_redactions=False, + msc3787_knock_restricted_join_rule=False, + msc3667_int_only_power_levels=False, + msc3821_redaction_rules=True, msc3931_push_features=(), msc3989_redaction_rules=False, ) @@ -359,8 +408,10 @@ class RoomVersions: msc2403_knocking=True, msc2716_historical=False, msc2716_redactions=False, + msc3389_relation_redactions=False, msc3787_knock_restricted_join_rule=True, msc3667_int_only_power_levels=True, + msc3821_redaction_rules=False, msc3931_push_features=(), msc3989_redaction_rules=False, ) @@ -380,8 +431,10 @@ class RoomVersions: msc2403_knocking=True, msc2716_historical=True, msc2716_redactions=True, + msc3389_relation_redactions=False, msc3787_knock_restricted_join_rule=False, msc3667_int_only_power_levels=False, + msc3821_redaction_rules=False, msc3931_push_features=(), msc3989_redaction_rules=False, ) @@ -402,8 +455,10 @@ class RoomVersions: msc2403_knocking=True, msc2716_historical=False, msc2716_redactions=False, + msc3389_relation_redactions=False, msc3787_knock_restricted_join_rule=True, msc3667_int_only_power_levels=True, + msc3821_redaction_rules=False, msc3931_push_features=(PushRuleRoomFlag.EXTENSIBLE_EVENTS,), msc3989_redaction_rules=False, ) @@ -423,8 +478,10 @@ class RoomVersions: msc2403_knocking=True, msc2716_historical=False, msc2716_redactions=False, + msc3389_relation_redactions=False, msc3787_knock_restricted_join_rule=True, msc3667_int_only_power_levels=True, + msc3821_redaction_rules=False, msc3931_push_features=(), msc3989_redaction_rules=True, ) diff --git a/synapse/event_auth.py b/synapse/event_auth.py index 25898b95a5..b4b43ec4d7 100644 --- a/synapse/event_auth.py +++ b/synapse/event_auth.py @@ -1054,10 +1054,15 @@ def _verify_third_party_invite( """ if "third_party_invite" not in event.content: return False - if "signed" not in event.content["third_party_invite"]: + third_party_invite = event.content["third_party_invite"] + if not isinstance(third_party_invite, collections.abc.Mapping): return False - signed = event.content["third_party_invite"]["signed"] - for key in {"mxid", "token"}: + if "signed" not in third_party_invite: + return False + signed = third_party_invite["signed"] + if not isinstance(signed, collections.abc.Mapping): + return False + for key in {"mxid", "token", "signatures"}: if key not in signed: return False @@ -1075,8 +1080,6 @@ def _verify_third_party_invite( if signed["mxid"] != event.state_key: return False - if signed["token"] != token: - return False for public_key_object in get_public_keys(invite_event): public_key = public_key_object["public_key"] @@ -1088,7 +1091,9 @@ def _verify_third_party_invite( verify_key = decode_verify_key_bytes( key_name, decode_base64(public_key) ) - verify_signed_json(signed, server, verify_key) + # verify_signed_json incorrectly states it wants a dict, it + # just needs a mapping. + verify_signed_json(signed, server, verify_key) # type: ignore[arg-type] # We got the public key from the invite, so we know that the # correct server signed the signed bundle. diff --git a/synapse/events/utils.py b/synapse/events/utils.py index 0802eb1963..e6d040176b 100644 --- a/synapse/events/utils.py +++ b/synapse/events/utils.py @@ -130,6 +130,16 @@ def prune_event_dict(room_version: RoomVersion, event_dict: JsonDict) -> JsonDic add_fields("membership") if room_version.msc3375_redaction_rules: add_fields(EventContentFields.AUTHORISING_USER) + if room_version.msc3821_redaction_rules: + # Preserve the signed field under third_party_invite. + third_party_invite = event_dict["content"].get("third_party_invite") + if isinstance(third_party_invite, collections.abc.Mapping): + new_content["third_party_invite"] = {} + if "signed" in third_party_invite: + new_content["third_party_invite"]["signed"] = third_party_invite[ + "signed" + ] + elif event_type == EventTypes.Create: # MSC2176 rules state that create events cannot be redacted. if room_version.msc2176_redaction_rules: @@ -171,6 +181,18 @@ def prune_event_dict(room_version: RoomVersion, event_dict: JsonDict) -> JsonDic elif room_version.msc2716_redactions and event_type == EventTypes.MSC2716_MARKER: add_fields(EventContentFields.MSC2716_INSERTION_EVENT_REFERENCE) + # Protect the rel_type and event_id fields under the m.relates_to field. + if room_version.msc3389_relation_redactions: + relates_to = event_dict["content"].get("m.relates_to") + if isinstance(relates_to, collections.abc.Mapping): + new_relates_to = {} + for field in ("rel_type", "event_id"): + if field in relates_to: + new_relates_to[field] = relates_to[field] + # Only include a non-empty relates_to field. + if new_relates_to: + new_content["m.relates_to"] = new_relates_to + allowed_fields = {k: v for k, v in event_dict.items() if k in allowed_keys} allowed_fields["content"] = new_content diff --git a/synapse/module_api/__init__.py b/synapse/module_api/__init__.py index 4b59e6825b..2c9d181acf 100644 --- a/synapse/module_api/__init__.py +++ b/synapse/module_api/__init__.py @@ -156,6 +156,7 @@ __all__ = [ "parse_json_object_from_request", "respond_with_html", "run_in_background", + "run_as_background_process", "cached", "NOT_SPAM", "UserID", diff --git a/synapse/rest/client/versions.py b/synapse/rest/client/versions.py index 2d2be6ef38..58c5b07390 100644 --- a/synapse/rest/client/versions.py +++ b/synapse/rest/client/versions.py @@ -79,6 +79,7 @@ class VersionsRestServlet(RestServlet): "v1.3", "v1.4", "v1.5", + "v1.6", ], # as per MSC1497: "unstable_features": { @@ -125,6 +126,8 @@ class VersionsRestServlet(RestServlet): "org.matrix.msc3912": self.config.experimental.msc3912_enabled, # Adds support for unstable "intentional mentions" behaviour. "org.matrix.msc3952_intentional_mentions": self.config.experimental.msc3952_intentional_mentions, + # Whether recursively provide relations is supported. + "org.matrix.msc3981": self.config.experimental.msc3981_recurse_relations, # Adds support for deleting account data. "org.matrix.msc3391": self.config.experimental.msc3391_enabled, }, diff --git a/synapse/rest/key/v2/local_key_resource.py b/synapse/rest/key/v2/local_key_resource.py index d03e728d42..22e7bf9d86 100644 --- a/synapse/rest/key/v2/local_key_resource.py +++ b/synapse/rest/key/v2/local_key_resource.py @@ -34,6 +34,8 @@ class LocalKey(RestServlet): """HTTP resource containing encoding the TLS X.509 certificate and NACL signature verification keys for this server:: + GET /_matrix/key/v2/server HTTP/1.1 + GET /_matrix/key/v2/server/a.key.id HTTP/1.1 HTTP/1.1 200 OK @@ -100,6 +102,15 @@ class LocalKey(RestServlet): def on_GET( self, request: Request, key_id: Optional[str] = None ) -> Tuple[int, JsonDict]: + # Matrix 1.6 drops support for passing the key_id, this is incompatible + # with earlier versions and is allowed in order to support both. + # A warning is issued to help determine when it is safe to drop this. + if key_id: + logger.warning( + "Request for local server key with deprecated key ID (logging to determine usage level for future removal): %s", + key_id, + ) + time_now = self.clock.time_msec() # Update the expiry time if less than half the interval remains. if time_now + self.config.key.key_refresh_interval / 2 > self.valid_until_ts: diff --git a/synapse/rest/key/v2/remote_key_resource.py b/synapse/rest/key/v2/remote_key_resource.py index ff0454ca57..8f3865d412 100644 --- a/synapse/rest/key/v2/remote_key_resource.py +++ b/synapse/rest/key/v2/remote_key_resource.py @@ -126,6 +126,15 @@ class RemoteKey(RestServlet): self, request: Request, server: str, key_id: Optional[str] = None ) -> Tuple[int, JsonDict]: if server and key_id: + # Matrix 1.6 drops support for passing the key_id, this is incompatible + # with earlier versions and is allowed in order to support both. + # A warning is issued to help determine when it is safe to drop this. + logger.warning( + "Request for remote server key with deprecated key ID (logging to determine usage level for future removal): %s / %s", + server, + key_id, + ) + minimum_valid_until_ts = parse_integer(request, "minimum_valid_until_ts") arguments = {} if minimum_valid_until_ts is not None: @@ -161,7 +170,7 @@ class RemoteKey(RestServlet): time_now_ms = self.clock.time_msec() - # Map server_name->key_id->int. Note that the value of the init is unused. + # Map server_name->key_id->int. Note that the value of the int is unused. # XXX: why don't we just use a set? cache_misses: Dict[str, Dict[str, int]] = {} for (server_name, key_id, _), key_results in cached.items(): diff --git a/tests/events/test_utils.py b/tests/events/test_utils.py index 1b179acb20..e40eac2eb0 100644 --- a/tests/events/test_utils.py +++ b/tests/events/test_utils.py @@ -15,6 +15,8 @@ import unittest as stdlib_unittest from typing import Any, List, Mapping, Optional +import attr + from synapse.api.constants import EventContentFields from synapse.api.room_versions import RoomVersions from synapse.events import EventBase, make_event_from_dict @@ -392,7 +394,7 @@ class PruneEventTestCase(stdlib_unittest.TestCase): ) def test_member(self) -> None: - """Member events have changed behavior starting with MSC3375.""" + """Member events have changed behavior in MSC3375 and MSC3821.""" self.run_test( { "type": "m.room.member", @@ -435,6 +437,167 @@ class PruneEventTestCase(stdlib_unittest.TestCase): room_version=RoomVersions.V9, ) + # After MSC3821, the signed key under third_party_invite is protected + # from redaction. + THIRD_PARTY_INVITE = { + "display_name": "alice", + "signed": { + "mxid": "@alice:example.org", + "signatures": { + "magic.forest": { + "ed25519:3": "fQpGIW1Snz+pwLZu6sTy2aHy/DYWWTspTJRPyNp0PKkymfIsNffysMl6ObMMFdIJhk6g6pwlIqZ54rxo8SLmAg" + } + }, + "token": "abc123", + }, + } + + self.run_test( + { + "type": "m.room.member", + "content": { + "membership": "invite", + "third_party_invite": THIRD_PARTY_INVITE, + "other_key": "stripped", + }, + }, + { + "type": "m.room.member", + "content": { + "membership": "invite", + "third_party_invite": {"signed": THIRD_PARTY_INVITE["signed"]}, + }, + "signatures": {}, + "unsigned": {}, + }, + room_version=RoomVersions.MSC3821, + ) + + # Ensure this doesn't break if an invalid field is sent. + self.run_test( + { + "type": "m.room.member", + "content": { + "membership": "invite", + "third_party_invite": {}, + "other_key": "stripped", + }, + }, + { + "type": "m.room.member", + "content": {"membership": "invite", "third_party_invite": {}}, + "signatures": {}, + "unsigned": {}, + }, + room_version=RoomVersions.MSC3821, + ) + + self.run_test( + { + "type": "m.room.member", + "content": { + "membership": "invite", + "third_party_invite": "stripped", + "other_key": "stripped", + }, + }, + { + "type": "m.room.member", + "content": {"membership": "invite"}, + "signatures": {}, + "unsigned": {}, + }, + room_version=RoomVersions.MSC3821, + ) + + def test_relations(self) -> None: + """Event relations get redacted until MSC3389.""" + # Normally the m._relates_to field is redacted. + self.run_test( + { + "type": "m.room.message", + "content": { + "body": "foo", + "m.relates_to": { + "rel_type": "rel_type", + "event_id": "$parent:domain", + "other": "stripped", + }, + }, + }, + { + "type": "m.room.message", + "content": {}, + "signatures": {}, + "unsigned": {}, + }, + room_version=RoomVersions.V10, + ) + + # Create a new room version. + msc3389_room_ver = attr.evolve( + RoomVersions.V10, msc3389_relation_redactions=True + ) + + self.run_test( + { + "type": "m.room.message", + "content": { + "body": "foo", + "m.relates_to": { + "rel_type": "rel_type", + "event_id": "$parent:domain", + "other": "stripped", + }, + }, + }, + { + "type": "m.room.message", + "content": { + "m.relates_to": { + "rel_type": "rel_type", + "event_id": "$parent:domain", + }, + }, + "signatures": {}, + "unsigned": {}, + }, + room_version=msc3389_room_ver, + ) + + # If the field is not an object, redact it. + self.run_test( + { + "type": "m.room.message", + "content": { + "body": "foo", + "m.relates_to": "stripped", + }, + }, + { + "type": "m.room.message", + "content": {}, + "signatures": {}, + "unsigned": {}, + }, + room_version=msc3389_room_ver, + ) + + # If the m.relates_to property would be empty, redact it. + self.run_test( + { + "type": "m.room.message", + "content": {"body": "foo", "m.relates_to": {"foo": "stripped"}}, + }, + { + "type": "m.room.message", + "content": {}, + "signatures": {}, + "unsigned": {}, + }, + room_version=msc3389_room_ver, + ) + class SerializeEventTestCase(stdlib_unittest.TestCase): def serialize(self, ev: EventBase, fields: Optional[List[str]]) -> JsonDict: