Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Improve signature checking on some federation APIs #6262

Merged
merged 2 commits into from Oct 28, 2019

Conversation

@richvdh
Copy link
Member

richvdh commented Oct 28, 2019

Make sure that we check that events sent over /send_join, /send_leave, and
/invite, are correctly signed and come from the expected servers.

richvdh added 2 commits Oct 25, 2019
Make sure that we check that events sent over /send_join, /send_leave, and
/invite, are correctly signed and come from the expected servers.
@richvdh richvdh requested a review from matrix-org/synapse-core Oct 28, 2019
@richvdh richvdh merged commit 172f264 into release-v1.5.0 Oct 28, 2019
18 checks passed
18 checks passed
buildkite/synapse Build #5145 passed (21 minutes, 45 seconds)
Details
buildkite/synapse/check-sample-config Passed (1 minute, 28 seconds)
Details
buildkite/synapse/check-style Passed (1 minute, 46 seconds)
Details
buildkite/synapse/isort Passed (18 seconds)
Details
buildkite/synapse/mypy Passed (21 seconds)
Details
buildkite/synapse/newspaper-newsfile Passed (14 seconds)
Details
buildkite/synapse/packaging Passed (20 seconds)
Details
buildkite/synapse/pipeline Passed (3 seconds)
Details
buildkite/synapse/python-3-dot-5-slash-postgres-9-dot-5 Passed (19 minutes, 44 seconds)
Details
buildkite/synapse/python-3-dot-5-slash-sqlite Passed (6 minutes, 30 seconds)
Details
buildkite/synapse/python-3-dot-5-slash-sqlite-slash-old-deps Passed (9 minutes, 29 seconds)
Details
buildkite/synapse/python-3-dot-6-slash-sqlite Passed (6 minutes, 14 seconds)
Details
buildkite/synapse/python-3-dot-7-slash-postgres-11 Passed (17 minutes, 16 seconds)
Details
buildkite/synapse/python-3-dot-7-slash-postgres-9-dot-5 Passed (17 minutes, 51 seconds)
Details
buildkite/synapse/python-3-dot-7-slash-sqlite Passed (6 minutes, 50 seconds)
Details
buildkite/synapse/sytest-python-3-dot-5-slash-postgres-9-dot-6-slash-monolith Passed (13 minutes, 27 seconds)
Details
buildkite/synapse/sytest-python-3-dot-5-slash-postgres-9-dot-6-slash-workers Passed (12 minutes, 18 seconds)
Details
buildkite/synapse/sytest-python-3-dot-5-slash-sqlite-slash-monolith Passed (13 minutes, 32 seconds)
Details
@richvdh richvdh deleted the rav/send_join_sigs branch Oct 28, 2019
richvdh added a commit that referenced this pull request Oct 28, 2019
Synapse 1.5.0rc2 (2019-10-28)
=============================

Bugfixes
--------

- Update list of boolean columns in `synapse_port_db`. ([\#6247](#6247))
- Fix /keys/query API on workers. ([\#6256](#6256))
- Improve signature checking on some federation APIs. ([\#6262](#6262))

Internal Changes
----------------

- Move schema delta files to the correct data store. ([\#6248](#6248))
- Small performance improvement by removing repeated config lookups in room stats calculation. ([\#6255](#6255))
@Ma27 Ma27 referenced this pull request Oct 29, 2019
4 of 10 tasks complete
felixonmars-bot pushed a commit to felixonmars/archlinux-community that referenced this pull request Nov 3, 2019
This release fixes a security issue relating to signature checking of events.
matrix-org/synapse#6262


git-svn-id: file:///srv/repos/svn-community/svn@522534 9fca08f4-af9d-4005-b8df-a31f2cc04f65
@kyrias

This comment has been minimized.

Copy link
Contributor

kyrias commented Nov 8, 2019

This apparently got assigned CVE-2019-18835.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
3 participants
You can’t perform that action at this time.