This project is mirrored from https://github.com/Nheko-Reborn/nheko.git.
Pull mirroring updated .
- Oct 13, 2022
-
-
Nicolas Werner authored
-
- Oct 10, 2022
-
-
Nicolas Werner authored
-
- Oct 09, 2022
-
-
Nicolas Werner authored
We can't have a pack that is neither sticker nor emoji. Which is why none defaults to both on. That wasn't propagated to the UI, which made the interaction very confusing. It also made some states unsettable, since you can't turn anything off from the none state. fixes #1152
-
- Oct 08, 2022
-
-
Nicolas Werner authored
This should reduce payload size a lot
-
- Oct 07, 2022
-
-
Nicolas Werner authored
-
Nicolas Werner authored
-
- Oct 06, 2022
-
-
Nicolas Werner authored
-
Nicolas Werner authored
The reply pagination logic is a bit weird rn though.
-
- Oct 05, 2022
-
-
Nicolas Werner authored
-
- Oct 03, 2022
-
-
Nicolas Werner authored
-
Loren Burkholder authored
* cppcheck stuff * Update src/ui/RoomSettings.cpp Co-authored-by:
DeepBlueV7.X <nicolas.werner@hotmail.de> * Update src/ui/RoomSettings.cpp Co-authored-by:
-
Loren Burkholder authored
-
Nicolas Werner authored
-
- Oct 02, 2022
-
-
Nicolas Werner authored
-
Nicolas Werner authored
Causes error messages like: error C3493: 'key_id' cannot be implicitly captured because no default capture mode has been specified
-
- Oct 01, 2022
-
-
Nicolas Werner authored
-
Nicolas Werner authored
fixes #1203
-
Nicolas Werner authored
-
Nicolas Werner authored
Otherwise it conflicts with C++20 fmt.
-
Nicolas Werner authored
-
Nicolas Werner authored
-
Nicolas Werner authored
-
rnhmjoj authored
-
- Sep 30, 2022
-
-
Loren Burkholder authored
-
Loren Burkholder authored
-
Loren Burkholder authored
-
Nicolas Werner authored
-
Nicolas Werner authored
-
Nicolas Werner authored
-
- Sep 28, 2022
-
-
Nicolas Werner authored
-
Nicolas Werner authored
Correctly verify that the reply to a secrets request is actually coming from a verified device. While we did verify that it was us who replied, we didn't properly cancel storing the secret if the sending device was one of ours but was maliciously inserted by the homeserver and unverified. We only send secret requests to verified devices in the first place, so only the homeserver could abuse this issue. Additionally we protected against malicious secret poisoning by verifying that the secret is actually the reply to a request. This means the server only has 2 places where it can poison the secrets: - After a verification when we automatically request the secrets - When the user manually hits the request button It also needs to prevent other secret answers to reach the client first since we ignore all replies after that one. The impact of this might be quite severe. It could allow the server to replace the cross-signing keys silently and while we might not trust that key, we possibly could trust it in the future if we rely on the stored secret. Similarly this could potentially be abused to make the client trust a malicious online key backup. If your deployment is not patched yet and you don't control your homeserver, you can protect against this by simply not doing any verifications of your own devices and not pressing the request button in the settings menu.
-
Nicolas Werner authored
-
Nicolas Werner authored
-
- Sep 27, 2022
-
-
Nicolas Werner authored
-
- Sep 25, 2022
-
-
Nicolas Werner authored
-
- Sep 24, 2022
-
-
Nicolas Werner authored
Since this is used across different threads, we have to delete it on the event loop. Thank you, q234rty, for the help with debugging this.
-
- Sep 23, 2022
-
-
Nicolas Werner authored
-
- Sep 22, 2022
-
-
Nicolas Werner authored
-
- Sep 20, 2022
-
-
Nicolas Werner authored
-
Nicolas Werner authored
-
