27 Aug 2021 |
@andreas.schraegle:helsinki-systems.de |
⚠️ We expect to publish a security release Synapse 1.41.1 on Tuesday, 31 August which fixes two moderate severity issues.
| 22:53:34 |
30 Aug 2021 |
@sumner:sumnerevans.com | The restricted join rule is now implemented in Synapse and has support in Element. That means that you can create rooms that are join-able if you are in a particular space. For example, this room could be set to joinable by anyone in the #community:nixos.org space. Note that this requires room upgrades to version 8, which is an annoying process. I think that all future rooms should use this, but it is not likely worth it to upgrade existing rooms. | 15:42:28 |
31 Aug 2021 |
hexa | heads-up: on python-unstable we are seeing https://github.com/matrix-org/python-canonicaljson/issues/36, which is breaking matrix-synapse | 14:27:31 |
@andreas.schraegle:helsinki-systems.de | I thought we were still on frozendict 1.2? | 14:34:07 |
@andreas.schraegle:helsinki-systems.de | ah, on python-unstable? Maybe I should close this then | 14:34:29 |
hexa | we are on 2.0.6 on python-unstable | 14:36:38 |
hexa | if you are doing more than bumping the package then merge it and we'll rebase | 14:37:08 |
hexa | I think octoprint works, let me check | 14:40:44 |
hexa | yes, it does 🥳 | 14:49:57 |
@andreas.schraegle:helsinki-systems.de | magic. Looking at the diff, I switched from fetchPypi to fetchFromGitHub and disabled it on python 2.x, but I don't remember why I did any of that | 14:50:35 |
hexa | yeah, I wish. It was blood and sweat. https://github.com/NixOS/nixpkgs/pull/135302 | 14:54:08 |
philipp | https://matrix.org/blog/2021/08/31/synapse-1-41-1-released | 15:01:24 |
philipp |
GHSA-3x4c-pq33-4w3q / CVE-2021-39164: Enumerating a private room's list of members and their display names.
GHSA-jj53-8fmw-f2w2 / CVE-2021-39163: Disclosing a private room's name, avatar, topic, and number of members.
| 15:02:17 |
@sumner:sumnerevans.com | Can we get this merged, especially considering 1.8.2 was just released? https://github.com/NixOS/nixpkgs/pull/134492/files | 16:43:54 |
ma27 | are there enough people who tested element 1.8 on 21.05 yet? I'd be in favor of merging the PR sumner has filed. | 21:53:21 |
1 Sep 2021 |
| stites (Old) changed their display name from stites to stites (Old). | 19:20:59 |
2 Sep 2021 |
| sam joined the room. | 00:08:55 |
philipp | Touched up the conduit module for 0.2.0. Maybe now would be a good time to merge it to unstable. | 10:08:50 |
philipp | * Touched up the conduit module for 0.2.0. Maybe now would be a good time to get it merged to unstable. | 10:09:08 |
@sumner:sumnerevans.com | ma27: I created the backport PR: https://github.com/NixOS/nixpkgs/pull/136481 | 15:11:18 |
3 Sep 2021 |
| cw (novus ordo seclorum) changed their display name from cw (just got delta) to cw (novus ordo seclorum). | 07:41:32 |
| sam changed their display name from stites to sam. | 16:05:05 |
10 Sep 2021 |
Florian | Pre-disclosure: upcoming critical fix for several popular Matrix clients | 16:04:58 |
ma27 | ah you were faster, just got an email from element for that :) | 18:09:51 |
11 Sep 2021 |
philipp | ma27: Do you know which clients are affected? Nheko doesn't seem to be (in stable) as per devs in their channel. | 11:25:44 |
ma27 | Since there's also an official announcement, I guess it's OK to share the email here:
Hi,
I'm Denis, a security researcher at Element. I'm emailing you because I determined you are a package maintainer for either Element Web/Desktop or matrix-js-sdk based on information from repology.org.
I'm writing to inform you that there will be a coordinated security release for a critical flaw happening on Monday, Sep 13th for several Matrix clients/libraries, including Element Web/Desktop and matrix-js-sdk.
+See https://matrix.org/blog/2021/09/10/pre-disclosure-upcoming-critical-fix-for-several-popular-matrix-clients.
We apologize for the rather short notice -- various factors prevented us from reaching out earlier.
Kind regards,
Denis
if nheko uses the matrix-js-sdk, they may be affected as well from my understanding
| 11:27:44 |
philipp | Thanks! Good to know. | 11:31:37 |
| Jamie joined the room. | 11:36:48 |
| Sushi Dude joined the room. | 11:37:02 |
| Emelie joined the room. | 11:44:53 |