Merge branch 'develop' into rav/more_logcontext_leaks
commit
415c6b672e
23
CHANGES.rst
23
CHANGES.rst
|
@ -1,5 +1,26 @@
|
||||||
|
Changes in synapse v0.28.1 (2018-05-01)
|
||||||
|
=======================================
|
||||||
|
|
||||||
|
SECURITY UPDATE
|
||||||
|
|
||||||
|
* Clamp the allowed values of event depth received over federation to be
|
||||||
|
[0, 2^63 - 1]. This mitigates an attack where malicious events
|
||||||
|
injected with depth = 2^63 - 1 render rooms unusable. Depth is used to
|
||||||
|
determine the cosmetic ordering of events within a room, and so the ordering
|
||||||
|
of events in such a room will default to using stream_ordering rather than depth
|
||||||
|
(topological_ordering).
|
||||||
|
|
||||||
|
This is a temporary solution to mitigate abuse in the wild, whilst a long term solution
|
||||||
|
is being implemented to improve how the depth parameter is used.
|
||||||
|
|
||||||
|
Full details at
|
||||||
|
https://docs.google.com/document/d/1I3fi2S-XnpO45qrpCsowZv8P8dHcNZ4fsBsbOW7KABI
|
||||||
|
|
||||||
|
* Pin Twisted to <18.4 until we stop using the private _OpenSSLECCurve API.
|
||||||
|
|
||||||
|
|
||||||
Changes in synapse v0.28.0 (2018-04-26)
|
Changes in synapse v0.28.0 (2018-04-26)
|
||||||
===========================================
|
=======================================
|
||||||
|
|
||||||
Bug Fixes:
|
Bug Fixes:
|
||||||
|
|
||||||
|
|
|
@ -16,4 +16,4 @@
|
||||||
""" This is a reference implementation of a Matrix home server.
|
""" This is a reference implementation of a Matrix home server.
|
||||||
"""
|
"""
|
||||||
|
|
||||||
__version__ = "0.28.0"
|
__version__ = "0.28.1"
|
||||||
|
|
|
@ -32,7 +32,7 @@ class LogFormatter(logging.Formatter):
|
||||||
super(LogFormatter, self).__init__(*args, **kwargs)
|
super(LogFormatter, self).__init__(*args, **kwargs)
|
||||||
|
|
||||||
def formatException(self, ei):
|
def formatException(self, ei):
|
||||||
sio = StringIO.StringIO()
|
sio = StringIO()
|
||||||
(typ, val, tb) = ei
|
(typ, val, tb) = ei
|
||||||
|
|
||||||
# log the stack above the exception capture point if possible, but
|
# log the stack above the exception capture point if possible, but
|
||||||
|
|
|
@ -17,6 +17,8 @@ from synapse.appservice.scheduler import (
|
||||||
_ServiceQueuer, _TransactionController, _Recoverer
|
_ServiceQueuer, _TransactionController, _Recoverer
|
||||||
)
|
)
|
||||||
from twisted.internet import defer
|
from twisted.internet import defer
|
||||||
|
|
||||||
|
from synapse.util.logcontext import make_deferred_yieldable
|
||||||
from ..utils import MockClock
|
from ..utils import MockClock
|
||||||
from mock import Mock
|
from mock import Mock
|
||||||
from tests import unittest
|
from tests import unittest
|
||||||
|
@ -204,7 +206,9 @@ class ApplicationServiceSchedulerQueuerTestCase(unittest.TestCase):
|
||||||
|
|
||||||
def test_send_single_event_with_queue(self):
|
def test_send_single_event_with_queue(self):
|
||||||
d = defer.Deferred()
|
d = defer.Deferred()
|
||||||
self.txn_ctrl.send = Mock(return_value=d)
|
self.txn_ctrl.send = Mock(
|
||||||
|
side_effect=lambda x, y: make_deferred_yieldable(d),
|
||||||
|
)
|
||||||
service = Mock(id=4)
|
service = Mock(id=4)
|
||||||
event = Mock(event_id="first")
|
event = Mock(event_id="first")
|
||||||
event2 = Mock(event_id="second")
|
event2 = Mock(event_id="second")
|
||||||
|
@ -235,7 +239,10 @@ class ApplicationServiceSchedulerQueuerTestCase(unittest.TestCase):
|
||||||
srv_2_event2 = Mock(event_id="srv2b")
|
srv_2_event2 = Mock(event_id="srv2b")
|
||||||
|
|
||||||
send_return_list = [srv_1_defer, srv_2_defer]
|
send_return_list = [srv_1_defer, srv_2_defer]
|
||||||
self.txn_ctrl.send = Mock(side_effect=lambda x, y: send_return_list.pop(0))
|
|
||||||
|
def do_send(x, y):
|
||||||
|
return make_deferred_yieldable(send_return_list.pop(0))
|
||||||
|
self.txn_ctrl.send = Mock(side_effect=do_send)
|
||||||
|
|
||||||
# send events for different ASes and make sure they are sent
|
# send events for different ASes and make sure they are sent
|
||||||
self.queuer.enqueue(srv1, srv_1_event)
|
self.queuer.enqueue(srv1, srv_1_event)
|
||||||
|
|
|
@ -128,7 +128,6 @@ class EventPushActionsStoreTestCase(tests.unittest.TestCase):
|
||||||
yield _rotate(10)
|
yield _rotate(10)
|
||||||
yield _assert_counts(1, 1)
|
yield _assert_counts(1, 1)
|
||||||
|
|
||||||
@tests.unittest.DEBUG
|
|
||||||
@defer.inlineCallbacks
|
@defer.inlineCallbacks
|
||||||
def test_find_first_stream_ordering_after_ts(self):
|
def test_find_first_stream_ordering_after_ts(self):
|
||||||
def add_event(so, ts):
|
def add_event(so, ts):
|
||||||
|
|
|
@ -0,0 +1,38 @@
|
||||||
|
# -*- coding: utf-8 -*-
|
||||||
|
# Copyright 2018 New Vector Ltd
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
import sys
|
||||||
|
|
||||||
|
from synapse.util.logformatter import LogFormatter
|
||||||
|
from tests import unittest
|
||||||
|
|
||||||
|
|
||||||
|
class TestException(Exception):
|
||||||
|
pass
|
||||||
|
|
||||||
|
|
||||||
|
class LogFormatterTestCase(unittest.TestCase):
|
||||||
|
def test_formatter(self):
|
||||||
|
formatter = LogFormatter()
|
||||||
|
|
||||||
|
try:
|
||||||
|
raise TestException("testytest")
|
||||||
|
except TestException:
|
||||||
|
ei = sys.exc_info()
|
||||||
|
|
||||||
|
output = formatter.formatException(ei)
|
||||||
|
|
||||||
|
# check the output looks vaguely sane
|
||||||
|
self.assertIn("testytest", output)
|
||||||
|
self.assertIn("Capture point", output)
|
Loading…
Reference in New Issue