Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

types.pl upgrade to v3.5.5 #8

Merged
merged 13 commits into from Nov 26, 2022
Merged

types.pl upgrade to v3.5.5 #8

merged 13 commits into from Nov 26, 2022

Conversation

ionathanch
Copy link
Collaborator

@ionathanch ionathanch commented Nov 17, 2022
edited

Cherry-picked the glitch-soc commits corresponding to v3.5.5 on Mastodon (https://github.com/mastodon/mastodon/commits/v3.5.5), see #7 for deets
The five most recent commits cherry-picked are a security fix for the vulnerability described here: https://portswigger.net/research/stealing-passwords-from-infosec-mastodon-without-bypassing-csp

@ionathanch ionathanch changed the title types.pl upgrade to v3.5.5 (#7) types.pl upgrade to v3.5.5 (Issue #7) Nov 17, 2022
@ionathanch ionathanch changed the title types.pl upgrade to v3.5.5 (Issue #7) types.pl upgrade to v3.5.5 Nov 17, 2022
@ionathanch
Copy link
Collaborator Author

omfg WHY is yarn.lock always missing

ClearlyClaire and others added 8 commits November 17, 2022 11:14
@ClearlyClaire @ionathanch
Fix crash when a remote Flag activity mentions a private post (mastod…
e808ce9 
…on#18760)

* Add tests

* Fix crash when a remote Flag activity mentions a private post
@delroth @ionathanch
blurhash_transcoder: prevent out-of-bound reads with <8bpp images (ma…
bdfe4ca 
…stodon#20388)

The Blurhash library used by Mastodon requires an input encoded as 24
bits raw RGB data. The conversion to raw RGB using Imagemagick did not
previously specify the desired bit depth. In some situations, this leads
Imagemagick to output in a pixel format using less bpp than expected.
This then manifested as segfaults of the Sidekiq process due to
out-of-bounds read, or potentially a (highly noisy) memory infoleak.

Fixes mastodon#19235.
@Gargron @ionathanch
Fix rate limiting for paths with formats (mastodon#20675)
fa8929f
@ClearlyClaire @ionathanch
Fix emoji substitution not applying only to text nodes in Web UI (mas…
29b00ae 
…todon#20640)

Signed-off-by: Claire <claire.github-309c@sitedethib.com>

Signed-off-by: Claire <claire.github-309c@sitedethib.com>
@ClearlyClaire @ionathanch
Fix emoji substitution not applying only to text nodes in backend code (
6838df3 
mastodon#20641)

Signed-off-by: Claire <claire.github-309c@sitedethib.com>

Signed-off-by: Claire <claire.github-309c@sitedethib.com>
@ClearlyClaire @ionathanch
[Glitch] Fix emoji substitution not applying only to text nodes in We…
ad36143 
…b UI

Port 625e086 to glitch-soc

Signed-off-by: Claire <claire.github-309c@sitedethib.com>
@ClearlyClaire @ionathanch
Fix nodes order being sometimes mangled when rewriting emoji (mastodo…
d9d7185 
…n#20677)

* Fix front-end emoji tests

* Fix nodes order being sometimes mangled when rewriting emoji
@ClearlyClaire @ionathanch
[Glitch] Fix nodes order being sometimes mangled when rewriting emoji
610d453 
Port ccbca50 to glitch-soc

Signed-off-by: Claire <claire.github-309c@sitedethib.com>
@ionathanch
Copy link
Collaborator Author

Deployed on a new server, looks like the fix works: https://types.ionathan.ch/@systemu/109399991270401485

@ionathanch ionathanch merged commit c73e908 into types.pl Nov 26, 2022
@ionathanch ionathanch deleted the types.pl-3.5.5 branch November 26, 2022 18:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@ionathanch @ClearlyClaire @delroth @Gargron