summary refs log tree commit diff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--CHANGES.md6
-rw-r--r--changelog.d/5418.bugfix1
-rw-r--r--synapse/__init__.py2
-rw-r--r--synapse/handlers/auth.py1
-rw-r--r--synapse/storage/deviceinbox.py4
-rw-r--r--synapse/storage/registration.py2
6 files changed, 14 insertions, 2 deletions
diff --git a/CHANGES.md b/CHANGES.md
index 523cdb1153..f4a3ab71ca 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -1,3 +1,9 @@
+Synapse 1.0.0rc3 (2019-06-10)
+=============================
+
+Security: Fix authentication bug introduced in 1.0.0rc1. Please upgrade to rc3 immediately
+
+
 Synapse 1.0.0rc2 (2019-06-10)
 =============================
 
diff --git a/changelog.d/5418.bugfix b/changelog.d/5418.bugfix
new file mode 100644
index 0000000000..3fd4d2a882
--- /dev/null
+++ b/changelog.d/5418.bugfix
@@ -0,0 +1 @@
+Fix bug where attempting to send transactions with large number of EDUs can fail.
diff --git a/synapse/__init__.py b/synapse/__init__.py
index 8dc07fe73c..9c75a0a27f 100644
--- a/synapse/__init__.py
+++ b/synapse/__init__.py
@@ -27,4 +27,4 @@ try:
 except ImportError:
     pass
 
-__version__ = "1.0.0rc2"
+__version__ = "1.0.0rc3"
diff --git a/synapse/handlers/auth.py b/synapse/handlers/auth.py
index 7f8ddc99c6..a0cf37a9f9 100644
--- a/synapse/handlers/auth.py
+++ b/synapse/handlers/auth.py
@@ -479,6 +479,7 @@ class AuthHandler(BaseHandler):
                 medium,
                 threepid_creds["client_secret"],
                 sid=threepid_creds["sid"],
+                validated=True,
             )
 
             threepid = {
diff --git a/synapse/storage/deviceinbox.py b/synapse/storage/deviceinbox.py
index 9b0a99cb49..4ea0deea4f 100644
--- a/synapse/storage/deviceinbox.py
+++ b/synapse/storage/deviceinbox.py
@@ -138,6 +138,10 @@ class DeviceInboxWorkerStore(SQLBaseStore):
         if not has_changed or last_stream_id == current_stream_id:
             return defer.succeed(([], current_stream_id))
 
+        if limit <= 0:
+            # This can happen if we run out of room for EDUs in the transaction.
+            return defer.succeed(([], last_stream_id))
+
         def get_new_messages_for_remote_destination_txn(txn):
             sql = (
                 "SELECT stream_id, messages_json FROM device_federation_outbox"
diff --git a/synapse/storage/registration.py b/synapse/storage/registration.py
index 9b41cbd757..1dd1182e82 100644
--- a/synapse/storage/registration.py
+++ b/synapse/storage/registration.py
@@ -998,7 +998,7 @@ class RegistrationStore(
         client_secret,
         address=None,
         sid=None,
-        validated=None,
+        validated=True,
     ):
         """Gets a session_id and last_send_attempt (if available) for a
         client_secret/medium/(address|session_id) combo
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-09-20 11:45:07 +0000