From 1ef1c4fbaeffdf8dc657d6d564846c0a4a7f35d0 Mon Sep 17 00:00:00 2001 From: RiotRobot Date: Wed, 19 May 2021 14:44:08 +0100 Subject: [PATCH 01/10] Upgrade matrix-js-sdk to 11.1.0-rc.1 --- package.json | 2 +- yarn.lock | 15 +++++++++++++++ 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/package.json b/package.json index 552574fbcd..056d8ce394 100644 --- a/package.json +++ b/package.json @@ -59,7 +59,7 @@ "highlight.js": "^10.5.0", "jsrsasign": "^10.1.5", "katex": "^0.12.0", - "matrix-js-sdk": "github:matrix-org/matrix-js-sdk#develop", + "matrix-js-sdk": "11.1.0-rc.1", "matrix-react-sdk": "github:matrix-org/matrix-react-sdk#develop", "matrix-widget-api": "^0.1.0-beta.14", "olm": "https://packages.matrix.org/npm/olm/olm-3.2.1.tgz", diff --git a/yarn.lock b/yarn.lock index 115ffe14d2..2c15579c3f 100644 --- a/yarn.lock +++ b/yarn.lock @@ -7648,6 +7648,21 @@ mathml-tag-names@^2.1.3: resolved "https://registry.yarnpkg.com/mathml-tag-names/-/mathml-tag-names-2.1.3.tgz#4ddadd67308e780cf16a47685878ee27b736a0a3" integrity sha512-APMBEanjybaPzUrfqU0IMU5I0AswKMH7k8OTLs0vvV4KZpExkTkY87nR/zpbuTPj+gARop7aGUbl11pnDfW6xg== +matrix-js-sdk@11.1.0-rc.1: + version "11.1.0-rc.1" + resolved "https://registry.yarnpkg.com/matrix-js-sdk/-/matrix-js-sdk-11.1.0-rc.1.tgz#98da580fa51bc8c70c57984e79dc63c617a671d1" + integrity sha512-yyZeL1mHttw+EnZcGfMH+wd33s0+ZKB+KyXHA3QiqiVRWLgANjIY9QCNjbJYa9FK8zZRqO2yHiFLtTAAU379Ag== + dependencies: + "@babel/runtime" "^7.12.5" + another-json "^0.2.0" + browser-request "^0.3.3" + bs58 "^4.0.1" + content-type "^1.0.4" + loglevel "^1.7.1" + qs "^6.9.6" + request "^2.88.2" + unhomoglyph "^1.0.6" + "matrix-js-sdk@github:matrix-org/matrix-js-sdk#develop": version "11.0.0" resolved "https://codeload.github.com/matrix-org/matrix-js-sdk/tar.gz/52a893a8116d60bb76f1b015d3161a15404b3628" From d95a6a38aebb1951b2deac8557ce8d1146363385 Mon Sep 17 00:00:00 2001 From: RiotRobot Date: Wed, 19 May 2021 14:45:45 +0100 Subject: [PATCH 02/10] Upgrade matrix-react-sdk to 3.22.0-rc.1 --- package.json | 2 +- yarn.lock | 23 +++++------------------ 2 files changed, 6 insertions(+), 19 deletions(-) diff --git a/package.json b/package.json index 056d8ce394..02c9b1cde2 100644 --- a/package.json +++ b/package.json @@ -60,7 +60,7 @@ "jsrsasign": "^10.1.5", "katex": "^0.12.0", "matrix-js-sdk": "11.1.0-rc.1", - "matrix-react-sdk": "github:matrix-org/matrix-react-sdk#develop", + "matrix-react-sdk": "3.22.0-rc.1", "matrix-widget-api": "^0.1.0-beta.14", "olm": "https://packages.matrix.org/npm/olm/olm-3.2.1.tgz", "prop-types": "^15.7.2", diff --git a/yarn.lock b/yarn.lock index 2c15579c3f..6429831bd0 100644 --- a/yarn.lock +++ b/yarn.lock @@ -7663,20 +7663,6 @@ matrix-js-sdk@11.1.0-rc.1: request "^2.88.2" unhomoglyph "^1.0.6" -"matrix-js-sdk@github:matrix-org/matrix-js-sdk#develop": - version "11.0.0" - resolved "https://codeload.github.com/matrix-org/matrix-js-sdk/tar.gz/52a893a8116d60bb76f1b015d3161a15404b3628" - dependencies: - "@babel/runtime" "^7.12.5" - another-json "^0.2.0" - browser-request "^0.3.3" - bs58 "^4.0.1" - content-type "^1.0.4" - loglevel "^1.7.1" - qs "^6.9.6" - request "^2.88.2" - unhomoglyph "^1.0.6" - matrix-mock-request@^1.2.3: version "1.2.3" resolved "https://registry.yarnpkg.com/matrix-mock-request/-/matrix-mock-request-1.2.3.tgz#56b15d86e2601a9b48a854844396d18caab649c8" @@ -7685,9 +7671,10 @@ matrix-mock-request@^1.2.3: bluebird "^3.5.0" expect "^1.20.2" -"matrix-react-sdk@github:matrix-org/matrix-react-sdk#develop": - version "3.21.0" - resolved "https://codeload.github.com/matrix-org/matrix-react-sdk/tar.gz/4929e3f3edf8ee15d6ddd27d1f13b4da340bb5b4" +matrix-react-sdk@3.22.0-rc.1: + version "3.22.0-rc.1" + resolved "https://registry.yarnpkg.com/matrix-react-sdk/-/matrix-react-sdk-3.22.0-rc.1.tgz#1054ee6b0509b4cc53e09546ce10b2f84dfad006" + integrity sha512-E8OPbDcgfNnxqhSTIIDq8vrF8z5fdF7UlnuN1GtxG8+GhyM7bpIiMMvrT1x54UuV4+ILw5MQBqQgCJI2MznAmA== dependencies: "@babel/runtime" "^7.12.5" await-lock "^2.1.0" @@ -7715,7 +7702,7 @@ matrix-mock-request@^1.2.3: katex "^0.12.0" linkifyjs "^2.1.9" lodash "^4.17.20" - matrix-js-sdk "github:matrix-org/matrix-js-sdk#develop" + matrix-js-sdk "11.1.0-rc.1" matrix-widget-api "^0.1.0-beta.14" minimist "^1.2.5" opus-recorder "^8.0.3" From ea01af7993ebf948ed5aa17160255a0783571abc Mon Sep 17 00:00:00 2001 From: RiotRobot Date: Wed, 19 May 2021 15:33:04 +0100 Subject: [PATCH 03/10] Prepare changelog for v1.7.29-rc.1 --- CHANGELOG.md | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 8a8a0c2ea8..42065c9fc6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,23 @@ +Changes in [1.7.29-rc.1](https://github.com/vector-im/element-web/releases/tag/v1.7.29-rc.1) (2021-05-19) +========================================================================================================= +[Full Changelog](https://github.com/vector-im/element-web/compare/v1.7.28...v1.7.29-rc.1) + + * Upgrade to React SDK 3.22.0-rc.1 and JS SDK 11.1.0-rc.1 + * Translations update from Weblate + [\#17384](https://github.com/vector-im/element-web/pull/17384) + * Prevent minification of `.html` files + [\#17349](https://github.com/vector-im/element-web/pull/17349) + * Update matrix-widget-api/react-sdk dependency reference + [\#17346](https://github.com/vector-im/element-web/pull/17346) + * Add `yarn start:https` + [\#16989](https://github.com/vector-im/element-web/pull/16989) + * Translations update from Weblate + [\#17239](https://github.com/vector-im/element-web/pull/17239) + * Remove "in development" flag from voice messages labs documentation + [\#17204](https://github.com/vector-im/element-web/pull/17204) + * Add required webpack+jest config to load Safari support modules + [\#17193](https://github.com/vector-im/element-web/pull/17193) + Changes in [1.7.28](https://github.com/vector-im/element-web/releases/tag/v1.7.28) (2021-05-17) =============================================================================================== [Full Changelog](https://github.com/vector-im/element-web/compare/v1.7.28-rc.1...v1.7.28) From 618665f65574a0f3ad623dadac1288da6155defe Mon Sep 17 00:00:00 2001 From: RiotRobot Date: Wed, 19 May 2021 15:33:04 +0100 Subject: [PATCH 04/10] v1.7.29-rc.1 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 02c9b1cde2..f988cbd79c 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "element-web", - "version": "1.7.28", + "version": "1.7.29-rc.1", "description": "A feature-rich client for Matrix.org", "author": "New Vector Ltd.", "repository": { From 06ac124bab9e6a3352fe9011829bede11767b489 Mon Sep 17 00:00:00 2001 From: Hubert Chathi Date: Fri, 21 May 2021 16:10:48 -0400 Subject: [PATCH 05/10] Bump libolm dependency, and update package name. --- package.json | 2 +- src/vector/init.tsx | 4 ++-- yarn.lock | 8 ++++---- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/package.json b/package.json index f988cbd79c..1939954b89 100644 --- a/package.json +++ b/package.json @@ -62,7 +62,7 @@ "matrix-js-sdk": "11.1.0-rc.1", "matrix-react-sdk": "3.22.0-rc.1", "matrix-widget-api": "^0.1.0-beta.14", - "olm": "https://packages.matrix.org/npm/olm/olm-3.2.1.tgz", + "@matrix-org/olm": "https://gitlab.matrix.org/api/v4/projects/27/packages/npm/@matrix-org/olm/-/@matrix-org/olm-3.2.2.tgz", "prop-types": "^15.7.2", "react": "^16.14.0", "react-dom": "^16.14.0", diff --git a/src/vector/init.tsx b/src/vector/init.tsx index 019cb352f8..f3f848222a 100644 --- a/src/vector/init.tsx +++ b/src/vector/init.tsx @@ -19,8 +19,8 @@ limitations under the License. // eslint-disable-next-line @typescript-eslint/ban-ts-comment // @ts-ignore -import olmWasmPath from "olm/olm.wasm"; -import Olm from 'olm'; +import olmWasmPath from "@matrix-org/olm/olm.wasm"; +import Olm from '@matrix-org/olm'; import * as ReactDOM from "react-dom"; import * as React from "react"; diff --git a/yarn.lock b/yarn.lock index 6429831bd0..cdf7c0b7bf 100644 --- a/yarn.lock +++ b/yarn.lock @@ -1313,6 +1313,10 @@ "@types/yargs" "^15.0.0" chalk "^4.0.0" +"@matrix-org/olm@https://gitlab.matrix.org/api/v4/projects/27/packages/npm/@matrix-org/olm/-/@matrix-org/olm-3.2.2.tgz": + version "3.2.2" + resolved "https://gitlab.matrix.org/api/v4/projects/27/packages/npm/@matrix-org/olm/-/@matrix-org/olm-3.2.2.tgz#5e3d784461ca3bbeb791ac8f3c175375aeb81318" + "@mrmlnc/readdir-enhanced@^2.2.1": version "2.2.1" resolved "https://registry.yarnpkg.com/@mrmlnc/readdir-enhanced/-/readdir-enhanced-2.2.1.tgz#524af240d1a360527b730475ecfa1344aa540dde" @@ -8552,10 +8556,6 @@ obuf@^1.0.0, obuf@^1.1.2: resolved "https://registry.yarnpkg.com/obuf/-/obuf-1.1.2.tgz#09bea3343d41859ebd446292d11c9d4db619084e" integrity sha512-PX1wu0AmAdPqOL1mWhqmlOd8kOIZQwGZw6rh7uby9fTc5lhaOWFLX3I6R1hrF9k3zUY40e6igsLGkDXK92LJNg== -"olm@https://packages.matrix.org/npm/olm/olm-3.2.1.tgz": - version "3.2.1" - resolved "https://packages.matrix.org/npm/olm/olm-3.2.1.tgz#d623d76f99c3518dde68be8c86618d68bc7b004a" - on-finished@~2.3.0: version "2.3.0" resolved "https://registry.yarnpkg.com/on-finished/-/on-finished-2.3.0.tgz#20f1336481b083cd75337992a16971aa2d906947" From 4960838e58a7cd2a36a91e6ecc2775218c30dae1 Mon Sep 17 00:00:00 2001 From: Hubert Chathi Date: Mon, 24 May 2021 11:13:11 -0400 Subject: [PATCH 06/10] bump to olm 3.2.3 --- package.json | 2 +- yarn.lock | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/package.json b/package.json index 1939954b89..2ea4c46257 100644 --- a/package.json +++ b/package.json @@ -62,7 +62,7 @@ "matrix-js-sdk": "11.1.0-rc.1", "matrix-react-sdk": "3.22.0-rc.1", "matrix-widget-api": "^0.1.0-beta.14", - "@matrix-org/olm": "https://gitlab.matrix.org/api/v4/projects/27/packages/npm/@matrix-org/olm/-/@matrix-org/olm-3.2.2.tgz", + "@matrix-org/olm": "https://gitlab.matrix.org/api/v4/projects/27/packages/npm/@matrix-org/olm/-/@matrix-org/olm-3.2.3.tgz", "prop-types": "^15.7.2", "react": "^16.14.0", "react-dom": "^16.14.0", diff --git a/yarn.lock b/yarn.lock index cdf7c0b7bf..6815fb3fd1 100644 --- a/yarn.lock +++ b/yarn.lock @@ -1313,9 +1313,9 @@ "@types/yargs" "^15.0.0" chalk "^4.0.0" -"@matrix-org/olm@https://gitlab.matrix.org/api/v4/projects/27/packages/npm/@matrix-org/olm/-/@matrix-org/olm-3.2.2.tgz": - version "3.2.2" - resolved "https://gitlab.matrix.org/api/v4/projects/27/packages/npm/@matrix-org/olm/-/@matrix-org/olm-3.2.2.tgz#5e3d784461ca3bbeb791ac8f3c175375aeb81318" +"@matrix-org/olm@https://gitlab.matrix.org/api/v4/projects/27/packages/npm/@matrix-org/olm/-/@matrix-org/olm-3.2.3.tgz": + version "3.2.3" + resolved "https://gitlab.matrix.org/api/v4/projects/27/packages/npm/@matrix-org/olm/-/@matrix-org/olm-3.2.3.tgz#cc332fdd25c08ef0e40f4d33fc3f822a0f98b6f4" "@mrmlnc/readdir-enhanced@^2.2.1": version "2.2.1" From 59e00cb41d2872e1bed5f800c401c93fec648717 Mon Sep 17 00:00:00 2001 From: RiotRobot Date: Mon, 24 May 2021 17:27:24 +0100 Subject: [PATCH 07/10] Upgrade matrix-js-sdk to 11.1.0 --- package.json | 4 ++-- yarn.lock | 15 +++++++++++++++ 2 files changed, 17 insertions(+), 2 deletions(-) diff --git a/package.json b/package.json index 2ea4c46257..dd7618a1d1 100644 --- a/package.json +++ b/package.json @@ -54,15 +54,15 @@ "test": "jest" }, "dependencies": { + "@matrix-org/olm": "https://gitlab.matrix.org/api/v4/projects/27/packages/npm/@matrix-org/olm/-/@matrix-org/olm-3.2.3.tgz", "browser-request": "^0.3.3", "gfm.css": "^1.1.2", "highlight.js": "^10.5.0", "jsrsasign": "^10.1.5", "katex": "^0.12.0", - "matrix-js-sdk": "11.1.0-rc.1", + "matrix-js-sdk": "11.1.0", "matrix-react-sdk": "3.22.0-rc.1", "matrix-widget-api": "^0.1.0-beta.14", - "@matrix-org/olm": "https://gitlab.matrix.org/api/v4/projects/27/packages/npm/@matrix-org/olm/-/@matrix-org/olm-3.2.3.tgz", "prop-types": "^15.7.2", "react": "^16.14.0", "react-dom": "^16.14.0", diff --git a/yarn.lock b/yarn.lock index 6815fb3fd1..b3d2c3927c 100644 --- a/yarn.lock +++ b/yarn.lock @@ -7652,6 +7652,21 @@ mathml-tag-names@^2.1.3: resolved "https://registry.yarnpkg.com/mathml-tag-names/-/mathml-tag-names-2.1.3.tgz#4ddadd67308e780cf16a47685878ee27b736a0a3" integrity sha512-APMBEanjybaPzUrfqU0IMU5I0AswKMH7k8OTLs0vvV4KZpExkTkY87nR/zpbuTPj+gARop7aGUbl11pnDfW6xg== +matrix-js-sdk@11.1.0: + version "11.1.0" + resolved "https://registry.yarnpkg.com/matrix-js-sdk/-/matrix-js-sdk-11.1.0.tgz#59119f9fe76adbc38b309947c5532baea8499bf1" + integrity sha512-yBvSGb33MDz9mfbjtVGO7557kgtY/kJcrFyhtN7LwSyi/TDhhYleq5xAqsi7MJrmIb/E0JIF10JIwlF9dAW64Q== + dependencies: + "@babel/runtime" "^7.12.5" + another-json "^0.2.0" + browser-request "^0.3.3" + bs58 "^4.0.1" + content-type "^1.0.4" + loglevel "^1.7.1" + qs "^6.9.6" + request "^2.88.2" + unhomoglyph "^1.0.6" + matrix-js-sdk@11.1.0-rc.1: version "11.1.0-rc.1" resolved "https://registry.yarnpkg.com/matrix-js-sdk/-/matrix-js-sdk-11.1.0-rc.1.tgz#98da580fa51bc8c70c57984e79dc63c617a671d1" From cef446d7fa8d6ab3f31543fc15e640f2e8c7c24b Mon Sep 17 00:00:00 2001 From: RiotRobot Date: Mon, 24 May 2021 17:28:39 +0100 Subject: [PATCH 08/10] Upgrade matrix-react-sdk to 3.22.0 --- package.json | 2 +- yarn.lock | 25 +++++-------------------- 2 files changed, 6 insertions(+), 21 deletions(-) diff --git a/package.json b/package.json index dd7618a1d1..51df2f9791 100644 --- a/package.json +++ b/package.json @@ -61,7 +61,7 @@ "jsrsasign": "^10.1.5", "katex": "^0.12.0", "matrix-js-sdk": "11.1.0", - "matrix-react-sdk": "3.22.0-rc.1", + "matrix-react-sdk": "3.22.0", "matrix-widget-api": "^0.1.0-beta.14", "prop-types": "^15.7.2", "react": "^16.14.0", diff --git a/yarn.lock b/yarn.lock index b3d2c3927c..aaf3bd4e7f 100644 --- a/yarn.lock +++ b/yarn.lock @@ -7667,21 +7667,6 @@ matrix-js-sdk@11.1.0: request "^2.88.2" unhomoglyph "^1.0.6" -matrix-js-sdk@11.1.0-rc.1: - version "11.1.0-rc.1" - resolved "https://registry.yarnpkg.com/matrix-js-sdk/-/matrix-js-sdk-11.1.0-rc.1.tgz#98da580fa51bc8c70c57984e79dc63c617a671d1" - integrity sha512-yyZeL1mHttw+EnZcGfMH+wd33s0+ZKB+KyXHA3QiqiVRWLgANjIY9QCNjbJYa9FK8zZRqO2yHiFLtTAAU379Ag== - dependencies: - "@babel/runtime" "^7.12.5" - another-json "^0.2.0" - browser-request "^0.3.3" - bs58 "^4.0.1" - content-type "^1.0.4" - loglevel "^1.7.1" - qs "^6.9.6" - request "^2.88.2" - unhomoglyph "^1.0.6" - matrix-mock-request@^1.2.3: version "1.2.3" resolved "https://registry.yarnpkg.com/matrix-mock-request/-/matrix-mock-request-1.2.3.tgz#56b15d86e2601a9b48a854844396d18caab649c8" @@ -7690,10 +7675,10 @@ matrix-mock-request@^1.2.3: bluebird "^3.5.0" expect "^1.20.2" -matrix-react-sdk@3.22.0-rc.1: - version "3.22.0-rc.1" - resolved "https://registry.yarnpkg.com/matrix-react-sdk/-/matrix-react-sdk-3.22.0-rc.1.tgz#1054ee6b0509b4cc53e09546ce10b2f84dfad006" - integrity sha512-E8OPbDcgfNnxqhSTIIDq8vrF8z5fdF7UlnuN1GtxG8+GhyM7bpIiMMvrT1x54UuV4+ILw5MQBqQgCJI2MznAmA== +matrix-react-sdk@3.22.0: + version "3.22.0" + resolved "https://registry.yarnpkg.com/matrix-react-sdk/-/matrix-react-sdk-3.22.0.tgz#1b6d660737f48e541eb64bda2d8352e454399a79" + integrity sha512-HicdBqx5tyHBNW+hpfbKoMNLC2fWwqbtNJwHZ6qzmkRHTAGiVnmxJigbKRuIxHRfWcUF50Sh7kPHN0zIoohmfw== dependencies: "@babel/runtime" "^7.12.5" await-lock "^2.1.0" @@ -7721,7 +7706,7 @@ matrix-react-sdk@3.22.0-rc.1: katex "^0.12.0" linkifyjs "^2.1.9" lodash "^4.17.20" - matrix-js-sdk "11.1.0-rc.1" + matrix-js-sdk "11.1.0" matrix-widget-api "^0.1.0-beta.14" minimist "^1.2.5" opus-recorder "^8.0.3" From 3d90242abac98e5344fc70404a30e51214ce3efb Mon Sep 17 00:00:00 2001 From: RiotRobot Date: Mon, 24 May 2021 17:40:21 +0100 Subject: [PATCH 09/10] Prepare changelog for v1.7.29 --- CHANGELOG.md | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 42065c9fc6..c2f6f82361 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,20 @@ +Changes in [1.7.29](https://github.com/vector-im/element-web/releases/tag/v1.7.29) (2021-05-24) +=============================================================================================== +[Full Changelog](https://github.com/vector-im/element-web/compare/v1.7.29-rc.1...v1.7.29) + +## Security notice + +Element Web 1.7.29 fixes (by upgrading to olm 3.2.3) an issue in code used for +decrypting server-side stored secrets. The issue could potentially allow a +malicious homeserver to cause a stack buffer overflow in the affected function +and to control that function's local variables. + +## All changes + + * Upgrade to React SDK 3.22.0 and JS SDK 11.1.0 + * [Release] Bump libolm dependency, and update package name + [\#17456](https://github.com/vector-im/element-web/pull/17456) + Changes in [1.7.29-rc.1](https://github.com/vector-im/element-web/releases/tag/v1.7.29-rc.1) (2021-05-19) ========================================================================================================= [Full Changelog](https://github.com/vector-im/element-web/compare/v1.7.28...v1.7.29-rc.1) From 3a67dc18e9e30ec5f00f214796cc1341477a8761 Mon Sep 17 00:00:00 2001 From: RiotRobot Date: Mon, 24 May 2021 17:40:21 +0100 Subject: [PATCH 10/10] v1.7.29 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 51df2f9791..c73077c92d 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "element-web", - "version": "1.7.29-rc.1", + "version": "1.7.29", "description": "A feature-rich client for Matrix.org", "author": "New Vector Ltd.", "repository": {