Mirrors/chatmail-core
1
0
Fork 0
mirror of https://github.com/chatmail/core.git synced 2026-04-19 22:46:29 +03:00
Code Issues Packages Projects Releases Wiki Activity
7,580 Commits 527 Branches 384 Tags
8cc348bfa45c1a0a4bf55f9bf95e583ce0a5dd67
Commit Graph

7580 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
link2xt
8cc348bfa4 fix: terminate ephemeral and location loop immediately on channel close 
When scheduler is destroyed, e.g. during a key import,
there is some time between destroying the interrupt channel
and the loop task.

To avoid busy looping, tasks should terminate if
receiving from the interrupt loop fails
instead of treating it as the interrupt.
 2024-03-15 01:26:23 +00:00
link2xt
76bbd5fd72 build: add README to deltachat-rpc-client Python packages 2024-03-11 14:42:32 +01:00
link2xt
eaed2381e7 chore(release): prepare for 1.136.4 v1.136.4 2024-03-11 12:52:46 +00:00
link2xt
6198ed0ef5 ci: add workflow for automatic publishing of deltachat-rpc-client 2024-03-11 11:45:02 +00:00
link2xt
9f4af679a3 build: build deltachat-rpc-server wheels with nix 2024-03-10 20:22:47 +00:00
B. Petersen
e158b889c9 fix: remove duplicate CHANGELOG entries for 1.135.1 2024-03-10 01:49:58 +01:00
link2xt
9f7defa8da build(nix): make .#libdeltachat buildable on macOS 2024-03-09 19:10:11 +00:00
link2xt
e9d7fe0561 chore(release): prepare for 1.136.3 v1.136.3 2024-03-09 16:07:15 +00:00
iequidoo
7d7289bd51 feat: Start IMAP loop for sentbox only if it is configured (#5105) 2024-03-09 15:06:49 +01:00
iequidoo
ebdc52247c chore: RPC client: Add missing constants (#5110) 2024-03-08 19:23:47 -03:00
Simon Laux
36bb4a7a32 ci: remove artefacts from npm package 2024-03-08 08:08:39 +00:00
iequidoo
c0832af634 refactor: Remove deduplicate_peerstates() 
There's the `UNIQUE (acpeerstates.addr)` constraint since db v94.
 2024-03-08 00:42:39 -03:00
iequidoo
b6db0152b0 fix: Create new Peerstate for unencrypted message with already known Autocrypt key, but a new address 
An unencrypted message with already known Autocrypt key, but sent from another address, means that
it's rather a new contact sharing the same key than the existing one changed its address, otherwise
it would already have our key to encrypt.
 2024-03-08 00:42:39 -03:00
iequidoo
bc7fd4495b fix: Remove leading whitespace from Subject (#5106) 
If Subject is multiline-formatted, `mailparse` adds the leading whitespace to it. The solution is to
always remove the leading whitespace, because if Subject isn't multiline-formatted, it never
contains the leading whitespace anyway. But as for the trailing whitespace -- i checked -- it's
never removed, so let's keep this as is.
 2024-03-08 00:08:52 -03:00
dependabot[bot]
e67e86422f chore(deps): bump mio from 0.8.8 to 0.8.11 in /fuzz 
Bumps [mio](https://github.com/tokio-rs/mio) from 0.8.8 to 0.8.11.
- [Release notes](https://github.com/tokio-rs/mio/releases)
- [Changelog](https://github.com/tokio-rs/mio/blob/master/CHANGELOG.md)
- [Commits](https://github.com/tokio-rs/mio/compare/v0.8.8...v0.8.11)

---
updated-dependencies:
- dependency-name: mio
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-03-08 02:54:57 +00:00
link2xt
2030de11d9 chore: fix 2024-03-05 nightly clippy warnings 2024-03-08 02:53:47 +00:00
link2xt
2c5a0cac5f build(nix): include SystemConfiguration framework on darwin systems 2024-03-08 00:28:51 +00:00
link2xt
251917e602 build(nix): cleanup cross-compilation code 2024-03-08 00:28:51 +00:00
link2xt
273719ae7c ci: wait for build_windows task before trying to publish it 2024-03-07 23:45:06 +00:00
iequidoo
e639b58c6f refactor: Don't even parse Autocrypt header for outgoing messages (#5259) 
Accordingly, there's no need in `Peerstate` for self addresses (and in the db too).
 2024-03-06 19:32:37 -03:00
link2xt
5addfa8d1d chore(release): prepare for 1.136.2 v1.136.2 2024-03-05 22:42:36 +00:00
link2xt
02d68332c7 build: downgrade cc to 1.0.83 
1.0.84 and 1.0.85 are yanked.
With 1.0.86 and 1.0.89 Delta Chat for Android fails to build.

Fixes <https://github.com/deltachat/deltachat-android/issues/2972>.
 2024-03-05 22:21:28 +00:00
link2xt
97abb9a0a9 ci: update setup-node action 2024-03-05 03:19:46 +00:00
link2xt
d0e0cfafef chore(release): prepare for 1.136.1 v1.136.1 2024-03-05 01:23:12 +00:00
link2xt
f630b5fb39 chore: update node constants 2024-03-05 01:18:22 +00:00
link2xt
d9bab938d5 build: restore MSRV 1.70.0 2024-03-05 01:04:49 +00:00
link2xt
215ec14b20 build: revert to OpenSSL 3.1 
OpenSSL 3.2 build currently fails under Nix
so we cannot build deltachat-rpc-server releases:
<https://github.com/alexcrichton/openssl-src-rs/issues/235>
 2024-03-05 00:14:52 +00:00
link2xt
ea728e9b62 docs: add missing 1.136.0 link to changelog 2024-03-04 21:33:20 +00:00
link2xt
2af9ff1d01 chore(release): prepare for 1.136.0 v1.136.0 2024-03-04 21:10:04 +00:00
link2xt
7502234686 api: dc_accounts_set_push_device_token and dc_get_push_state APIs 2024-03-04 21:10:04 +00:00
link2xt
863a386d0f test: test that ASM "encrypted" with plaintext algorithm is not accepted 2024-03-04 21:10:04 +00:00
link2xt
e4b49dfdef fix: validate Group IDs and SecureJoin tokens 2024-03-04 21:10:04 +00:00
iequidoo
612aa1431e fix: Check that peer SecureJoin messages (except vc/vg-request) gossip our addr+pubkey 
This fixes the following identity-misbinding attack:

It appears that Bob’s messages in the SecureJoin protocol do not properly “bind” to Alice’s public
key or fingerprint. Even though Bob’s messages carry Alice’s public key and address as a gossip in
the protected payload, Alice does not reject the message if the gossiped key is different from her
own key. As a result, Mallory could perform an identity-misbinding attack. If Mallory obtained
Alice’s QR invite code, she could change her own QR code to contain the same tokens as in Alice’s QR
code, and convince Bob to scan the modified QR code, possibly as an insider attacker. Mallory would
forward messages from Bob to Alice and craft appropriate responses for Bob on his own. In the end,
Bob would believe he is talking to Mallory, but Alice would believe she is talking to Bob.
 2024-03-04 21:10:04 +00:00
link2xt
781d3abdb9 fix: make should_do_gossip() return true even if we send securejoin only to Alice 2024-03-04 21:10:04 +00:00
link2xt
78d01933ad fix: don't leak Group-ID in Message-ID 
Chat assignment based on In-Reply-To and References works good enough
even if the message cannot be decrypted.
 2024-03-04 21:07:10 +00:00
iequidoo
1a1467f7cf fix: Remove unsigned Chat-Group-* headers from Autocrypt-encrypted messages 
These headers are opportunistically protected, so if they appear in the unencrypted part, they are
probably added by a malicious server.
 2024-03-04 21:07:10 +00:00
link2xt
8d09291d1e fix: do not send Secure-Join-Group in vg-request 
Secure-Join-Group is only expected by old core in vg-request-with-auth.
There is no reason to leak group ID in unencrypted vg-request.
Besides that, Secure-Join-Group is deprecated
as Alice knows Group ID corresponding to the auth code,
so the header can be removed completely eventually.
 2024-03-04 21:07:10 +00:00
link2xt
4ccd2b8d02 fix: require that Autocrypt Setup Message is self-sent 2024-03-04 21:07:10 +00:00
iequidoo
794596ec69 fix: Don't log SecureJoin QRs 
Delta Chat mustn't write sensitive information to unencrypted log files in local storage.
 2024-03-04 21:07:10 +00:00
link2xt
3a787519b3 test: test that encrypted Message-ID overwrites X-Microsoft-Original-Message-ID 2024-03-04 21:07:10 +00:00
link2xt
c03e163ed2 fix: reject messages with protected From not corresponding to outer From 2024-03-04 21:07:10 +00:00
iequidoo
6cee295a5d fix: Don't treat forged outgoing messages as Autocrypt-encrypted 2024-03-04 21:07:10 +00:00
iequidoo
f0be7daae9 test: Add failing test on outgoing message forgery 
If a message is sent from SELF, but signed with a foreign key, it mustn't be considered
Autocrypt-encrypted and shown with a padlock. Currently this is broken.
 2024-03-04 21:07:10 +00:00
link2xt
0b279ec84e fix: make protected Message-ID take precedence over X-Microsoft-Original-Message-ID 2024-03-04 21:07:10 +00:00
link2xt
e919de78a3 fix: do not take Secure-Join-Auth from unprotected headers 2024-03-04 21:07:10 +00:00
link2xt
6ea675a12f fix: do not use Secure-Join-Group header 
Alice already knows which auth token corresponds to which group.
There is no need to trust Bob on sending the correct group ID.
 2024-03-04 21:07:10 +00:00
link2xt
b970ebe67a fix: do not compress SecureJoin messages 2024-03-04 21:07:10 +00:00
link2xt
3c4c701f9b fix: protect Secure-Join header 
Secure-Join header must come from protected headers
unless it is a "vc-request" or "vg-request".
 2024-03-04 21:07:10 +00:00
link2xt
01ac9c8b90 fix: ensure Autocrypt-Gossip is not taken from insecure headers 2024-03-04 21:07:10 +00:00
link2xt
f6de23738d build: increase MSRV to 1.74.0 
This is what updated dependencies require.

Also update Rust used to build manylinux wheels
from 1.72.0 to 1.76.0.
 2024-03-04 21:07:10 +00:00