From 1ef6084b75798e53abe672cd1e80915669619f63 Mon Sep 17 00:00:00 2001
From: Patrik Oldsberg <patrik.oldsberg@ericsson.com>
Date: Wed, 28 Dec 2016 17:51:33 +0100
Subject: handlers/room_member: fix guest access check when joining rooms

Signed-off-by: Patrik Oldsberg <patrik.oldsberg@ericsson.com>
---
 synapse/handlers/room_member.py | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/synapse/handlers/room_member.py b/synapse/handlers/room_member.py
index ba49075a20..2f8782e522 100644
--- a/synapse/handlers/room_member.py
+++ b/synapse/handlers/room_member.py
@@ -232,10 +232,12 @@ class RoomMemberHandler(BaseHandler):
         is_host_in_room = yield self._is_host_in_room(current_state_ids)
 
         if effective_membership_state == Membership.JOIN:
-            if requester.is_guest and not self._can_guest_join(current_state_ids):
-                # This should be an auth check, but guests are a local concept,
-                # so don't really fit into the general auth process.
-                raise AuthError(403, "Guest access not allowed")
+            if requester.is_guest:
+                guest_can_join = yield self._can_guest_join(current_state_ids)
+                if not guest_can_join:
+                    # This should be an auth check, but guests are a local concept,
+                    # so don't really fit into the general auth process.
+                    raise AuthError(403, "Guest access not allowed")
 
             if not is_host_in_room:
                 inviter = yield self.get_inviter(target.to_string(), room_id)
-- 
cgit 1.5.1


From b42a972b719c2f224fc8b83ced7625ff48ca5879 Mon Sep 17 00:00:00 2001
From: Mark Haines <mark.haines@matrix.org>
Date: Fri, 6 Jan 2017 14:44:28 +0000
Subject: Bump version and changelog

---
 CHANGES.rst         | 7 +++++++
 synapse/__init__.py | 2 +-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/CHANGES.rst b/CHANGES.rst
index c1a8dd7613..28be0bb974 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -1,3 +1,10 @@
+Changes in synapse v0.18.6 (2017-01-06)
+=======================================
+
+Bug fixes:
+
+* Fix bug when checking if a guest user is allowed to join a room (PR #1772)
+
 Changes in synapse v0.18.6-rc3 (2017-01-05)
 ===========================================
 
diff --git a/synapse/__init__.py b/synapse/__init__.py
index a1da92ef92..92690a48ac 100644
--- a/synapse/__init__.py
+++ b/synapse/__init__.py
@@ -16,4 +16,4 @@
 """ This is a reference implementation of a Matrix home server.
 """
 
-__version__ = "0.18.6-rc3"
+__version__ = "0.18.6"
-- 
cgit 1.5.1


From b2850e62db376ea920fed9dff65a47c15cb0dc68 Mon Sep 17 00:00:00 2001
From: Matthew <matthew@matrix.org>
Date: Fri, 6 Jan 2017 23:22:44 +0000
Subject: fix typo breaking the fix to #1753

---
 synapse/events/__init__.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/synapse/events/__init__.py b/synapse/events/__init__.py
index 8c71aeb5e4..da9f3ad436 100644
--- a/synapse/events/__init__.py
+++ b/synapse/events/__init__.py
@@ -43,7 +43,7 @@ class _EventInternalMetadata(object):
 
         returns a str with the name of the server this event is sent on behalf of.
         """
-        return getattr(self, "get_send_on_behalf_of", None)
+        return getattr(self, "send_on_behalf_of", None)
 
 
 def _event_dict_property(key):
-- 
cgit 1.5.1


From 189fd155646c0acb4979ce81ccca422f93be2400 Mon Sep 17 00:00:00 2001
From: Matthew <matthew@matrix.org>
Date: Fri, 6 Jan 2017 23:33:28 +0000
Subject: update changelog

---
 CHANGES.rst | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/CHANGES.rst b/CHANGES.rst
index 28be0bb974..59b7f83a30 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -1,3 +1,10 @@
+Changes in synapse v0.18.7 (2017-01-06)
+=======================================
+
+Bug fixes:
+
+* Fix error in #PR 1764 to actually fix the nightmare #1753 bug.
+
 Changes in synapse v0.18.6 (2017-01-06)
 =======================================
 
-- 
cgit 1.5.1


From 19e2fb4386acbd78aae8ef742fcaee7fca3ed702 Mon Sep 17 00:00:00 2001
From: Matthew <matthew@matrix.org>
Date: Fri, 6 Jan 2017 23:38:22 +0000
Subject: bump version

---
 synapse/__init__.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/synapse/__init__.py b/synapse/__init__.py
index 92690a48ac..498ded38c0 100644
--- a/synapse/__init__.py
+++ b/synapse/__init__.py
@@ -16,4 +16,4 @@
 """ This is a reference implementation of a Matrix home server.
 """
 
-__version__ = "0.18.6"
+__version__ = "0.18.7"
-- 
cgit 1.5.1


From 4086026524fd39803cdc84fb85938142e7378d9f Mon Sep 17 00:00:00 2001
From: Matthew Hodgson <matthew@matrix.org>
Date: Sat, 7 Jan 2017 00:41:46 +0000
Subject: move logging to right place

---
 synapse/state.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/synapse/state.py b/synapse/state.py
index ba0d2a39ac..8003099c88 100644
--- a/synapse/state.py
+++ b/synapse/state.py
@@ -160,9 +160,9 @@ class StateHandler(object):
 
     @defer.inlineCallbacks
     def get_current_user_in_room(self, room_id, latest_event_ids=None):
-        logger.info("calling resolve_state_groups from get_current_user_in_room")
         if not latest_event_ids:
             latest_event_ids = yield self.store.get_latest_event_ids_in_room(room_id)
+        logger.info("calling resolve_state_groups from get_current_user_in_room")
         entry = yield self.resolve_state_groups(room_id, latest_event_ids)
         joined_users = yield self.store.get_joined_users_from_state(
             room_id, entry.state_id, entry.state
-- 
cgit 1.5.1


From 2f5be2d8dcdb03c14178d0f7dd19583d377457d6 Mon Sep 17 00:00:00 2001
From: Matthew Hodgson <matthew@matrix.org>
Date: Sat, 7 Jan 2017 01:11:56 +0000
Subject: oops, this should have been rc1

---
 CHANGES.rst         | 5 +++--
 synapse/__init__.py | 2 +-
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/CHANGES.rst b/CHANGES.rst
index 59b7f83a30..3db747df38 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -1,9 +1,10 @@
-Changes in synapse v0.18.7 (2017-01-06)
-=======================================
+Changes in synapse v0.18.7-rc1 (2017-01-06)
+===========================================
 
 Bug fixes:
 
 * Fix error in #PR 1764 to actually fix the nightmare #1753 bug.
+* Improve deadlock logging further
 
 Changes in synapse v0.18.6 (2017-01-06)
 =======================================
diff --git a/synapse/__init__.py b/synapse/__init__.py
index 498ded38c0..91e3a2c2e0 100644
--- a/synapse/__init__.py
+++ b/synapse/__init__.py
@@ -16,4 +16,4 @@
 """ This is a reference implementation of a Matrix home server.
 """
 
-__version__ = "0.18.7"
+__version__ = "0.18.7-rc1"
-- 
cgit 1.5.1


From e10c52793079185b5b6171bbd5e1ee624367ad90 Mon Sep 17 00:00:00 2001
From: Matthew <matthew@matrix.org>
Date: Sat, 7 Jan 2017 02:13:06 +0000
Subject: Discard PDUs from invalid origins due to #1753 in 0.18.[56]

---
 synapse/federation/federation_server.py | 24 +++++++++++++++++++++++-
 1 file changed, 23 insertions(+), 1 deletion(-)

diff --git a/synapse/federation/federation_server.py b/synapse/federation/federation_server.py
index 800f04189f..5f6e6cbb42 100644
--- a/synapse/federation/federation_server.py
+++ b/synapse/federation/federation_server.py
@@ -23,6 +23,7 @@ from synapse.util.async import Linearizer
 from synapse.util.logutils import log_function
 from synapse.util.caches.response_cache import ResponseCache
 from synapse.events import FrozenEvent
+from synapse.types import get_domain_from_id
 import synapse.metrics
 
 from synapse.api.errors import AuthError, FederationError, SynapseError
@@ -132,7 +133,7 @@ class FederationServer(FederationBase):
 
         if response:
             logger.debug(
-                "[%s] We've already responed to this request",
+                "[%s] We've already responded to this request",
                 transaction.transaction_id
             )
             defer.returnValue(response)
@@ -475,6 +476,27 @@ class FederationServer(FederationBase):
     @defer.inlineCallbacks
     @log_function
     def _handle_new_pdu(self, origin, pdu, get_missing=True):
+
+        # check that it's actually being sent from a valid destination to
+        # workaround bug #1753 in 0.18.5 and 0.18.6
+        if origin != get_domain_from_id(pdu.event_id):
+            if not (
+                pdu.type == 'm.room.member' and
+                pdu.content and
+                pdu.content.get("membership", None) == 'join' and
+                self.hs.is_mine_id(pdu.state_key)
+            ):
+                logger.info(
+                    "Discarding PDU %s from invalid origin %s",
+                    pdu.event_id, origin
+                )
+                return
+            else:
+                logger.info(
+                    "Accepting join PDU %s from %s",
+                    pdu.event_id, origin
+                )
+
         # We reprocess pdus when we have seen them only as outliers
         existing = yield self._get_persisted_pdu(
             origin, pdu.event_id, do_auth=False
-- 
cgit 1.5.1


From 6515b9c0d4ea5a084700951d46b1a299b90d70a6 Mon Sep 17 00:00:00 2001
From: Matthew Hodgson <matthew@matrix.org>
Date: Sat, 7 Jan 2017 02:52:37 +0000
Subject: changelog

---
 CHANGES.rst | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/CHANGES.rst b/CHANGES.rst
index 3db747df38..da42327903 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -5,6 +5,8 @@ Bug fixes:
 
 * Fix error in #PR 1764 to actually fix the nightmare #1753 bug.
 * Improve deadlock logging further
+* Discard inbound federation traffic from invalid domains, to immunise
+  against #1753
 
 Changes in synapse v0.18.6 (2017-01-06)
 =======================================
-- 
cgit 1.5.1