Merge tag 'v1.5.1' into sc

Note: we already had picked the internal v1.5.1 patch for the security release, but we still do this merge to make git merge happy again for future merges, and also clean up a little bit of UI things that I did for that patch but abandonned later. Change-Id: I51b674093e6f32e19fc9556109fb0d231d8f8f3e
2022-10-07 19:32:26 +02:00 · 2022-10-07 19:32:26 +02:00 · c634bb74e5
parent cbffb06c97 aa42746034
commit c634bb74e5
6 changed files with 37 additions and 38 deletions
--- a/CHANGES.md
+++ b/CHANGES.md
@ -1,11 +1,11 @@
-Changes in Element v1.5.1 (2022-09-23)
+Changes in Element v1.5.1 (2022-09-28)
 ======================================

 Security ⚠️
 ----------

 This update provides important security fixes, update now.
-
+Ref: CVE-2022-39246 CVE-2022-39248

 Changes in Element v1.5.0 (2022-09-23)
 ======================================
--- a/library/ui-strings/src/main/res/values/strings.xml
+++ b/library/ui-strings/src/main/res/values/strings.xml
@ -2615,6 +2615,7 @@

    <string name="unencrypted">Unencrypted</string>
    <string name="encrypted_unverified">Encrypted by an unverified device</string>
+    <string name="key_authenticity_not_guaranteed">The authenticity of this encrypted message can\'t be guaranteed on this device.</string>
    <string name="review_logins">Review where you’re logged in</string>
    <string name="verify_other_sessions">Verify all your sessions to ensure your account &amp; messages are safe</string>
    <!-- Argument will be replaced by the other session name (e.g, Desktop, mobile) -->
--- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/MXOlmDevice.kt
+++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/MXOlmDevice.kt
@ -656,7 +656,7 @@ internal class MXOlmDevice @Inject constructor(
                    }
                    // else if the new one is safe and does not connect with existing, import the new one
                } else {
-                // If our existing session is better we keep it
+                    // If our existing session is better we keep it
                    if (existingFirstKnown <= newKnownFirstIndex) {
                        val shouldUpdateTrust = trusted && (existingSession.sessionData.trusted != true)
                        Timber.tag(loggerTag.value).d("## addInboundGroupSession() : updateTrust for $sessionId")
@ -664,10 +664,10 @@ internal class MXOlmDevice @Inject constructor(
                            // the existing as a better index but the new one is trusted so update trust
                            inboundGroupSessionStore.updateToSafe(existingSessionHolder, sessionId, senderKey)
                        }
-                    Timber.tag(loggerTag.value).d("## addInboundGroupSession() : ignore session our is better $senderKey/$sessionId")
+                        Timber.tag(loggerTag.value).d("## addInboundGroupSession() : ignore session our is better $senderKey/$sessionId")
                        candidateSession.releaseSession()
-                    return AddSessionResult.NotImportedHigherIndex(newKnownFirstIndex.toInt())
-                }
+                        return AddSessionResult.NotImportedHigherIndex(newKnownFirstIndex.toInt())
+                    }
                }
            } catch (failure: Throwable) {
                Timber.tag(loggerTag.value).e("## addInboundGroupSession() Failed to add inbound: ${failure.localizedMessage}")
--- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/session/sync/handler/CryptoSyncHandler.kt
+++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/session/sync/handler/CryptoSyncHandler.kt
@ -46,18 +46,18 @@ internal class CryptoSyncHandler @Inject constructor(
        toDevice.events
                ?.filter { isSupportedToDevice(it) }
                ?.forEachIndexed { index, event ->
-            progressReporter?.reportProgress(index * 100F / total)
-            // Decrypt event if necessary
-            Timber.tag(loggerTag.value).i("To device event from ${event.senderId} of type:${event.type}")
-            decryptToDeviceEvent(event, null)
-            if (event.getClearType() == EventType.MESSAGE &&
-                    event.getClearContent()?.toModel<MessageContent>()?.msgType == "m.bad.encrypted") {
-                Timber.tag(loggerTag.value).e("handleToDeviceEvent() : Warning: Unable to decrypt to-device event : ${event.content}")
-            } else {
-                verificationService.onToDeviceEvent(event)
-                cryptoService.onToDeviceEvent(event)
-            }
-        }
+                    progressReporter?.reportProgress(index * 100F / total)
+                    // Decrypt event if necessary
+                    Timber.tag(loggerTag.value).i("To device event from ${event.senderId} of type:${event.type}")
+                    decryptToDeviceEvent(event, null)
+                    if (event.getClearType() == EventType.MESSAGE &&
+                            event.getClearContent()?.toModel<MessageContent>()?.msgType == "m.bad.encrypted") {
+                        Timber.tag(loggerTag.value).e("handleToDeviceEvent() : Warning: Unable to decrypt to-device event : ${event.content}")
+                    } else {
+                        verificationService.onToDeviceEvent(event)
+                        cryptoService.onToDeviceEvent(event)
+                    }
+                }
    }

    private val unsupportedPlainToDeviceEventTypes = listOf(
--- a/vector/src/main/java/im/vector/app/features/home/room/detail/timeline/helper/MessageInformationDataFactory.kt
+++ b/vector/src/main/java/im/vector/app/features/home/room/detail/timeline/helper/MessageInformationDataFactory.kt
@ -225,24 +225,24 @@ class MessageInformationDataFactory @Inject constructor(
                    if (event.root.mxDecryptionResult?.isSafe == false) {
                        E2EDecoration.WARN_UNSAFE_KEY
                    } else {
-                    when {
-                        sendingDevice == null -> {
-                            // For now do not decorate this with warning
-                            // maybe it's a deleted session
+                        when {
+                            sendingDevice == null -> {
+                                // For now do not decorate this with warning
+                                // maybe it's a deleted session
                                E2EDecoration.WARN_SENT_BY_DELETED_SESSION
-                        }
-                        sendingDevice.trustLevel == null -> {
-                            E2EDecoration.WARN_SENT_BY_UNKNOWN
-                        }
-                        sendingDevice.trustLevel?.isVerified().orFalse() -> {
-                            E2EDecoration.NONE
-                        }
-                        else -> {
-                            E2EDecoration.WARN_SENT_BY_UNVERIFIED
+                            }
+                            sendingDevice.trustLevel == null -> {
+                                E2EDecoration.WARN_SENT_BY_UNKNOWN
+                            }
+                            sendingDevice.trustLevel?.isVerified().orFalse() -> {
+                                E2EDecoration.NONE
+                            }
+                            else -> {
+                                E2EDecoration.WARN_SENT_BY_UNVERIFIED
+                            }
                        }
                    }
                }
-                }
            } else {
                e2EDecorationForClearEventInE2ERoom(event, roomSummary)
            }
@ -254,12 +254,12 @@ class MessageInformationDataFactory @Inject constructor(
                    E2EDecoration.NONE
                } else {
                    E2EDecoration.WARN_UNSAFE_KEY
+                }
+            } else {
+                E2EDecoration.NONE
            }
-        } else {
-            E2EDecoration.NONE
        }
    }
-    }

    private fun e2EDecorationForClearEventInE2ERoom(event: TimelineEvent, roomSummary: RoomSummary) =
            if (event.root.isStateEvent()) {
--- a/vector/src/main/java/im/vector/app/features/home/room/detail/timeline/item/AbsBaseMessageItem.kt
+++ b/vector/src/main/java/im/vector/app/features/home/room/detail/timeline/item/AbsBaseMessageItem.kt
@ -86,7 +86,7 @@ abstract class AbsBaseMessageItem<H : AbsBaseMessageItem.Holder>(@LayoutRes layo
        super.bind(holder)
        renderReactions(holder, baseAttributes.informationData.reactionsSummary)
        if (!baseAttributes.informationData.messageLayout.showsE2eDecorationInFooter()) {
-            holder.getEffectiveE2eDecorationView().renderE2EDecoration(baseAttributes.informationData.e2eDecoration)
+            holder.e2EDecorationView.renderE2EDecoration(baseAttributes.informationData.e2eDecoration)
        }
        holder.view.onClick(baseAttributes.itemClickListener)
        holder.view.setOnLongClickListener(baseAttributes.itemLongClickListener)
@ -190,8 +190,6 @@ abstract class AbsBaseMessageItem<H : AbsBaseMessageItem.Holder>(@LayoutRes layo
        val reactionsContainer by bind<ViewGroup>(R.id.reactionsContainer)
        val informationBottom by bind<ViewGroup>(R.id.informationBottom)
        val e2EDecorationView by bind<ShieldImageView>(R.id.messageE2EDecoration)
-
-        open fun getEffectiveE2eDecorationView() = e2EDecorationView
    }

    /**