~raof/conduit-snap/+git/trunk:next

Branch merges

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related charm recipes

ffc57f8... by Matthias Ahouansou <email address hidden> on 2024-06-16

Merge branch 'nightly-rustfmt' into 'next'

ci: use nightly rustfmt

See merge request famedly/conduit!699

fd19dda... by Matthias Ahouansou <email address hidden> on 2024-06-16

ci: use nightly rustfmt

we were using this before, but it broke when refactoring the flake out into separate files

dc0fa09... by Matthias Ahouansou <email address hidden> on 2024-06-14

Merge branch 'bump' into 'next'

chore: bump version to 0.9.0-alpha

See merge request famedly/conduit!698

ba1138a... by Matthias Ahouansou <email address hidden> on 2024-06-14

chore: bump version to 0.9.0-alpha

6398136... by Matthias Ahouansou <email address hidden> on 2024-06-14

Merge branch 'debian-aarch64' into 'next'

ci: build for Debian aarch64

See merge request famedly/conduit!692

16af8b5... by Matthias Ahouansou <email address hidden> on 2024-06-09

ci: build for Debian aarch64

7a5b893... by =?utf-8?q?Timo_K=C3=B6sters?= <email address hidden> on 2024-06-12

Bump version

c453d45... by Matthias Ahouansou <email address hidden> on 2024-06-12

fix(keys): only use keys valid at the time of PDU or transaction, and actually refresh keys

Previously, we only fetched keys once, only requesting them again if we have any missing, allowing for ancient keys to be used to sign PDUs and transactions
Now we refresh keys that either have or are about to expire, preventing attacks that make use of leaked private keys of a homeserver
We also ensure that when validating PDUs or transactions, that they are valid at the origin_server_ts or time of us receiving the transaction respectfully
As to not break event authorization for old rooms, we need to keep old keys around
We move verify_keys which we no longer see in direct requests to the origin to old_verify_keys
We keep old_verify_keys indefinitely as mentioned above, as to not break event authorization (at least until a future MSC addresses this)

144d548... by Matthias Ahouansou <email address hidden> on 2024-06-11

fix: permission checks for aliases

7b25927... by Benjamin Lee <email address hidden> on 2024-06-11

fix: do not return redacted events from search