Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Do not send alias events when creating / upgrading a room #6941

Merged
merged 8 commits into from
Feb 20, 2020

Conversation

clokep
Copy link
Member

@clokep clokep commented Feb 18, 2020

This is the second part of #6898:

Update POST /_matrix/client/r0/rooms/{roomId}/upgrade API to stop copying room aliases (and thus to stop m.room.aliases events). Update POST /_matrix/client/r0/createRoom to stop sending m.room.aliases events.

Additionally it also propagates the "alt_aliases" from the old room to the new room during room upgrade.

Additionally it propagates the content of the canonical alias event from the old room to the new room during a room upgrade.

@clokep
Copy link
Member Author

clokep commented Feb 18, 2020

This seems to cause 50federation/40publicroomlist "Name/topic keys are correct" test to become flaky. I'm wondering if this exposes a race in the tests somewhere?

@clokep
Copy link
Member Author

clokep commented Feb 18, 2020

I've been struggling to get the intermittent failure to pass, I've gotten a few different errors from that test, but it seems to boil down to information not being in sync between the room creation and the room list query. I've seen the test fail with both the name and topic not being in sync.

I'm looking for pointers of how to debug this! Looking at the synapse logs it seems like all the proper calls are occurring (the APIs to create rooms with the proper data are called). Adding a delay (sleep 5;) between creating the rooms and querying the room list seems to consistently get the tests to pass.

I'm unsure if I'm even attempting to debug a Synapse race condition or a tests race condition (or an interaction between the two). Any help would be appreciated.

@richvdh
Copy link
Member

richvdh commented Feb 19, 2020

The room list is updated asynchronously, so I'm frankly surprised that test ever worked. Perhaps removing the extra event has made createRoom complete faster so that the public room list hasn't caught up? Anyway if you look at the top of the file in question, it says # Copied from 30rooms/70publicroomslist.pl..., and if you look at that file, you can see it makes several attempts to call publicRooms, to handle this case. Suggest doing something similar here.

synapse/handlers/directory.py Outdated Show resolved Hide resolved
synapse/handlers/room.py Outdated Show resolved Hide resolved
@clokep clokep requested a review from a team February 19, 2020 17:40
@clokep clokep marked this pull request as ready for review February 19, 2020 17:40
@clokep
Copy link
Member Author

clokep commented Feb 19, 2020

This is ready for review. There's a corresponding PR for tests: matrix-org/sytest#812, which is failing right now so still looking into that.

@clokep clokep force-pushed the clokep/more-stop-sending-aliases branch from d10ada5 to 9286aae Compare February 19, 2020 17:51
@clokep
Copy link
Member Author

clokep commented Feb 19, 2020

This is ready for review. There's a corresponding PR for tests: matrix-org/sytest#812, which is failing right now so still looking into that.

I believe this was a mismatch between when the base branch was created for sytest vs. synapse. I just rebased both PRs.

synapse/handlers/directory.py Outdated Show resolved Hide resolved
synapse/handlers/room.py Outdated Show resolved Hide resolved
synapse/handlers/room.py Outdated Show resolved Hide resolved
@clokep clokep requested a review from richvdh February 20, 2020 17:41
Copy link
Member

@richvdh richvdh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm!

@richvdh
Copy link
Member

richvdh commented Feb 20, 2020

some notes for future reference, when we inevitably return and wonder wtf we were thinking:

We discussed the correct behaviour wrt the canonical_alias event and remote aliases. The problem is that the server performing the upgrade has no way to ensure that any remote aliases are updated in a timely fashion; specifically, remote servers cannot update the aliases until at least one user on that server joins the new room (a server cannot/should not support aliases for rooms it is not a member of, since it cannot help with the join dance for that room (though #6958)).

So you have to choose between (a) listing aliases which still point to the old room, and (b) removing any remote aliases from the canonical_aliases list. The conclusion was that (a) was by far the lesser evil, since:

  • aliases which point to the old room aren't a disaster anyway
  • Hopefully the aliases will be updated reasonably quickly
  • In the future we might be able to improve it further by having remote servers auto-join the new room to support the aliases.

@clokep clokep merged commit 99eed85 into develop Feb 20, 2020
@clokep clokep deleted the clokep/more-stop-sending-aliases branch February 20, 2020 21:24
richvdh added a commit that referenced this pull request Mar 23, 2020
Synapse 1.12.0 (2020-03-23)
===========================

No significant changes since 1.12.0rc1.

Debian packages and Docker images are rebuilt using the latest versions of
dependency libraries, including Twisted 20.3.0. **Please see security advisory
below**.

Security advisory
-----------------

Synapse may be vulnerable to request-smuggling attacks when it is used with a
reverse-proxy. The vulnerabilties are fixed in Twisted 20.3.0, and are
described in
[CVE-2020-10108](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10108)
and
[CVE-2020-10109](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10109).
For a good introduction to this class of request-smuggling attacks, see
https://portswigger.net/research/http-desync-attacks-request-smuggling-reborn.

We are not aware of these vulnerabilities being exploited in the wild, and
do not believe that they are exploitable with current versions of any reverse
proxies. Nevertheless, we recommend that all Synapse administrators ensure that
they have the latest versions of the Twisted library to ensure that their
installation remains secure.

* Administrators using the [`matrix.org` Docker
  image](https://hub.docker.com/r/matrixdotorg/synapse/) or the [Debian/Ubuntu
  packages from
  `matrix.org`](https://github.com/matrix-org/synapse/blob/master/INSTALL.md#matrixorg-packages)
  should ensure that they have version 1.12.0 installed: these images include
  Twisted 20.3.0.
* Administrators who have [installed Synapse from
  source](https://github.com/matrix-org/synapse/blob/master/INSTALL.md#installing-from-source)
  should upgrade Twisted within their virtualenv by running:
  ```sh
  <path_to_virtualenv>/bin/pip install 'Twisted>=20.3.0'
  ```
* Administrators who have installed Synapse from distribution packages should
  consult the information from their distributions.

The `matrix.org` Synapse instance was not vulnerable to these vulnerabilities.

Advance notice of change to the default `git` branch for Synapse
----------------------------------------------------------------

Currently, the default `git` branch for Synapse is `master`, which tracks the
latest release.

After the release of Synapse 1.13.0, we intend to change this default to
`develop`, which is the development tip. This is more consistent with common
practice and modern `git` usage.

Although we try to keep `develop` in a stable state, there may be occasions
where regressions creep in. Developers and distributors who have scripts which
run builds using the default branch of `Synapse` should therefore consider
pinning their scripts to `master`.

Synapse 1.12.0rc1 (2020-03-19)
==============================

Features
--------

- Changes related to room alias management ([MSC2432](matrix-org/matrix-spec-proposals#2432)):
  - Publishing/removing a room from the room directory now requires the user to have a power level capable of modifying the canonical alias, instead of the room aliases. ([\#6965](#6965))
  - Validate the `alt_aliases` property of canonical alias events. ([\#6971](#6971))
  - Users with a power level sufficient to modify the canonical alias of a room can now delete room aliases. ([\#6986](#6986))
  - Implement updated authorization rules and redaction rules for aliases events, from [MSC2261](matrix-org/matrix-spec-proposals#2261) and [MSC2432](matrix-org/matrix-spec-proposals#2432). ([\#7037](#7037))
  - Stop sending m.room.aliases events during room creation and upgrade. ([\#6941](#6941))
  - Synapse no longer uses room alias events to calculate room names for push notifications. ([\#6966](#6966))
  - The room list endpoint no longer returns a list of aliases. ([\#6970](#6970))
  - Remove special handling of aliases events from [MSC2260](matrix-org/matrix-spec-proposals#2260) added in v1.10.0rc1. ([\#7034](#7034))
- Expose the `synctl`, `hash_password` and `generate_config` commands in the snapcraft package. Contributed by @devec0. ([\#6315](#6315))
- Check that server_name is correctly set before running database updates. ([\#6982](#6982))
- Break down monthly active users by `appservice_id` and emit via Prometheus. ([\#7030](#7030))
- Render a configurable and comprehensible error page if something goes wrong during the SAML2 authentication process. ([\#7058](#7058), [\#7067](#7067))
- Add an optional parameter to control whether other sessions are logged out when a user's password is modified. ([\#7085](#7085))
- Add prometheus metrics for the number of active pushers. ([\#7103](#7103), [\#7106](#7106))
- Improve performance when making HTTPS requests to sygnal, sydent, etc, by sharing the SSL context object between connections. ([\#7094](#7094))

Bugfixes
--------

- When a user's profile is updated via the admin API, also generate a displayname/avatar update for that user in each room. ([\#6572](#6572))
- Fix a couple of bugs in email configuration handling. ([\#6962](#6962))
- Fix an issue affecting worker-based deployments where replication would stop working, necessitating a full restart, after joining a large room. ([\#6967](#6967))
- Fix `duplicate key` error which was logged when rejoining a room over federation. ([\#6968](#6968))
- Prevent user from setting 'deactivated' to anything other than a bool on the v2 PUT /users Admin API. ([\#6990](#6990))
- Fix py35-old CI by using native tox package. ([\#7018](#7018))
- Fix a bug causing `org.matrix.dummy_event` to be included in responses from `/sync`. ([\#7035](#7035))
- Fix a bug that renders UTF-8 text files incorrectly when loaded from media. Contributed by @TheStranjer. ([\#7044](#7044))
- Fix a bug that would cause Synapse to respond with an error about event visibility if a client tried to request the state of a room at a given token. ([\#7066](#7066))
- Repair a data-corruption issue which was introduced in Synapse 1.10, and fixed in Synapse 1.11, and which could cause `/sync` to return with 404 errors about missing events and unknown rooms. ([\#7070](#7070))
- Fix a bug causing account validity renewal emails to be sent even if the feature is turned off in some cases. ([\#7074](#7074))

Improved Documentation
----------------------

- Updated CentOS8 install instructions. Contributed by Richard Kellner. ([\#6925](#6925))
- Fix `POSTGRES_INITDB_ARGS` in the `contrib/docker/docker-compose.yml` example docker-compose configuration. ([\#6984](#6984))
- Change date in [INSTALL.md](./INSTALL.md#tls-certificates) for last date of getting TLS certificates to November 2019. ([\#7015](#7015))
- Document that the fallback auth endpoints must be routed to the same worker node as the register endpoints. ([\#7048](#7048))

Deprecations and Removals
-------------------------

- Remove the unused query_auth federation endpoint per [MSC2451](matrix-org/matrix-spec-proposals#2451). ([\#7026](#7026))

Internal Changes
----------------

- Add type hints to `logging/context.py`. ([\#6309](#6309))
- Add some clarifications to `README.md` in the database schema directory. ([\#6615](#6615))
- Refactoring work in preparation for changing the event redaction algorithm. ([\#6874](#6874), [\#6875](#6875), [\#6983](#6983), [\#7003](#7003))
- Improve performance of v2 state resolution for large rooms. ([\#6952](#6952), [\#7095](#7095))
- Reduce time spent doing GC, by freezing objects on startup. ([\#6953](#6953))
- Minor perfermance fixes to `get_auth_chain_ids`. ([\#6954](#6954))
- Don't record remote cross-signing keys in the `devices` table. ([\#6956](#6956))
- Use flake8-comprehensions to enforce good hygiene of list/set/dict comprehensions. ([\#6957](#6957))
- Merge worker apps together. ([\#6964](#6964), [\#7002](#7002), [\#7055](#7055), [\#7104](#7104))
- Remove redundant `store_room` call from `FederationHandler._process_received_pdu`. ([\#6979](#6979))
- Update warning for incorrect database collation/ctype to include link to documentation. ([\#6985](#6985))
- Add some type annotations to the database storage classes. ([\#6987](#6987))
- Port `synapse.handlers.presence` to async/await. ([\#6991](#6991), [\#7019](#7019))
- Add some type annotations to the federation base & client classes. ([\#6995](#6995))
- Port `synapse.rest.keys` to async/await. ([\#7020](#7020))
- Add a type check to `is_verified` when processing room keys. ([\#7045](#7045))
- Add type annotations and comments to the auth handler. ([\#7063](#7063))
phil-flex pushed a commit to phil-flex/synapse that referenced this pull request Apr 15, 2020
…#6941)

Stop emitting room alias update events during room creation/upgrade.
babolivier pushed a commit that referenced this pull request Sep 1, 2021
* commit '99eed85a7':
  Do not send alias events when creating / upgrading a room (#6941)
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants