| 26 Mar 2025 |
 ma27 | hi!
given you also do synapse stuff regularly and we were just talking about 1.127.1, we figured it makes sense to also have you here :) | 22:03:58 |
 Nick Cao | I actually use matrix for work, so can't afford having a broken synapse! | 22:05:43 |
 Emma [it/its] | T&S here, so me neither | 22:06:37 |
| Emma [it/its] | thanks sumner and nick for fast tracking this one :) | 22:06:54 |
| Nick Cao | Ah I was expecting worse, that's some relief | 22:07:32 |
| Emma [it/its] | i cant have my synapse going down when running multiple moderation bots for various communities says me running custom patches | 22:08:11 |
| ma27 | merged the backport (cherry-picked the commit on 24.11 before to deploy my hs). I guess I can go to bed now, then :) | 22:11:06 |
 emily | embargoed vulns don't work so well when you write a helpful commit message 😆 | 22:12:14 |
 Ralith | still not on the channel? | 22:52:33 |
 Sumner Evans | don't we have to wait for it to get built and such? | 22:53:33 |
| emily | yes, it'll probably be a couple days (unless someone bumps the channels now) | 22:54:06 |
| emily | (which can be done for a sufficiently severe vuln but not clear to me if this DoS would qualify) | 22:54:30 |
| emily | people can get a patched Synapse from master though | 22:54:49 |
| Emma [it/its] | fwiw, the vuln breaks joining affected rooms | 22:55:13 |
| Emma [it/its] | being in any affected room completely breaks federation for all rooms (the old nixos space is affected btw) | 22:55:57 |
| Emma [it/its] | matrix:roomid/brXHJeAtqliwNGqHQx:lossy.network | 22:56:15 |
| Emma [it/its] | * matrix:roomid/brXHJeAtqliwNGqHQx:lossy.network for those still in it | 22:56:40 |
 Dandellion | how are we chatting here then? | 22:56:46 |
| Emma [it/its] | * to the best of my understanding | 22:57:04 |
| Emma [it/its] | the patch fixes federation and handling broken rooms fwiw | 22:57:49 |
| Emma [it/its] | in particular, if either your server or any server youre joining via arent patched, the join will fail with a number out of range error | 22:58:43 |
| Sumner Evans | from what I understand, it's only outbound federation traffic that is affected. Confirming with the synapse devs | 22:59:32 |
| Sumner Evans | Redacted or Malformed Event | 23:00:24 |
| Sumner Evans | Redacted or Malformed Event | 23:03:46 |
| Sumner Evans | from the maintainers:
Inbound traffic can cause outbound traffic to fail across all rooms
Personally, I think this is serious enough to bump the channels. | 23:04:41 |
| Sumner Evans | Redacted or Malformed Event | 23:04:48 |
 f0x | In reply to @sumner:nevarro.space
from what I understand, it's only outbound federation traffic that is affected. Confirming with the synapse devs. I think that if it's only possible for users on your own homeserver to cause this problem, then we don't have to bump the channel https://github.com/element-hq/synapse/security/advisories/GHSA-v56r-hwv5-mxg6 states "a malicious server" so pretty sure this is exploitable over federation | 23:05:21 |
| Sumner Evans | Redacted or Malformed Event | 23:05:45 |
| emily | I'd suggest asking for a bump in #infra:nixos.org. I have the technical permissions but I don't feel confident in using them unilaterally here | 23:08:07 |
| emily | e.g., it would delay the security fixes currently building on staging-next-24.11 | 23:08:18 |
