narayana/anotherim
narayana/anotherim
3
2
Fork 0
Code Issues 3 Pull requests 2 Actions Packages Projects Releases 4 Wiki Activity
7245 commits 6 branches 4 tags 61 MiB
Commit graph

1033 commits

Author SHA1 Message Date
Daniel Gultsch 09f6343ced
Security: Introduce backup file format v2 
This switches the SQL based backup format to something JSON based.

The SQL based format has always been prone to SQL injections that, for example, could delete other messages or preexisting accounts in the app. This hasn’t been a concern this far because why would anyone purposely try to restore a faulty backup? However the argument has been made that a user can be socially engineered to restore an exploited backup file.
Before version 2.12.8 a third party app could even trigger the restore process, leaving the backup password entry dialog the only hurdle.
On top of that it has been demonstrated that a backup file can be crafted in a way that puts preexisting credentials into a 'pending' message to an attacker ultimately leading to that information being leaked.

While destorying information has always been deemed an acceptable risk, leaking information is one step too far.

Starting with Conversations 2.12.9 Conversations will no longer be able to read v1 backup files. This means if you are restoring on a new device and you have a v1 backup file you must first install Conversations <= 2.12.8, restore the backup, and then upgrade to Conversations >= 2.12.9.

ceb2txt¹ has support for v2 backup files. Conceivably ceb2txt could be extended to convert between v1 and v2 file formats. (ceb2txt already recreates the database from v1 files; It is relatively straight forward to create v2 files from that database. Pull requests welcome.)

¹: https://github.com/iNPUTmice/ceb2txt/
 2023-08-17 12:07:51 +02:00
Daniel Gultsch b4a07d0093
remove channel discovery from Google Play build flavor 2023-08-08 10:39:36 +02:00
Stephen Paul Weber 4c38c480fa
Use libidn for stringprep 
Which actually validates according to spec instead of just being lazy.
 2023-06-27 16:31:01 +02:00
Daniel Gultsch e3a121121b
UP: add custom extensions for app<->distributor interaction 
On registration the app can pass in a 'Messenger' to get a direct response
instead of having to somehow wait for the broadcast receiver to fire.

The app name can be passed as a pending intent which allows the distributor
to validate the sender.
 2023-06-26 16:09:01 +02:00
Daniel Gultsch 1fff1a0649
add ability to remove account from server 2023-04-08 09:31:17 +02:00
Daniel Gultsch 41cd96e37b
UP: null check transport verification 2023-01-10 17:22:48 +01:00
Daniel Gultsch b7c7c40b94
send directed presence to transport if endpoints are configured 2023-01-06 17:04:15 +01:00
Daniel Gultsch 0e10ae387a
periodically renew endpoints 2023-01-06 15:44:39 +01:00
Daniel Gultsch 4ee5c167be
do not attempt endpoint renewal when account is disabled. renew on bind 2023-01-04 20:59:08 +01:00
Daniel Gultsch b1f95d2e39
integrate UnifiedPush distributor 2023-01-04 10:23:20 +01:00
Daniel Gultsch 97d9cb7dd5
remove work arounds for slack 2023-01-01 12:05:49 +01:00
Daniel Gultsch 2093aa76ad code clean up in ContactChooserTargetService 2022-12-11 20:13:09 +01:00
Daniel Gultsch 4e8ceadfbf prepare JingleRtpConnection for content-adds 2022-11-28 08:59:23 +01:00
Daniel Gultsch 8fb2c11771 use plurals for missed call strings 2022-11-19 08:14:50 +01:00
Daniel Gultsch ab0ea7096e make it easier to disable muclumbus in Config 2022-10-12 14:47:02 +02:00
Daniel Gultsch 716c804353 only run account options through int conversion. fixes #4390 2022-10-12 11:53:57 +02:00
Daniel Gultsch cb775ece99 wait for DB restore before bind 2022-09-26 09:47:53 +02:00
Daniel Gultsch c1abca35da copy bookmarks before passing them to other parts of the app for read 
closes #4381
 2022-09-14 12:49:18 +02:00
Daniel Gultsch a210568a9c refactor SASL choice into factory; remove unused TagWriter 2022-09-06 09:25:23 +02:00
Daniel Gultsch eb49a7f5e5 fix crash in buggy connection manager. fixes #4368 2022-09-03 12:33:27 +02:00
Daniel Gultsch cb1d7c69a1 remove comment 2022-09-03 11:05:27 +02:00
Daniel Gultsch b792563fad use non-custom missed called 2022-08-29 14:04:33 +02:00
Daniel Gultsch f8b9e15634 fixups for missed call notifications 2022-08-29 13:01:20 +02:00
Dmitry Markin a6b88ba9e9
Add missed call notifications 
Co-authored-by: Daniel Gultsch <daniel@gultsch.de>
 2022-08-29 12:41:35 +02:00
Daniel Gultsch e439c223ee add overflow menu action to delete own avatar 2022-08-25 19:22:40 +02:00
Daniel Gultsch 41d98da17d set immutable flags for backup notifications 2022-08-12 11:02:22 +02:00
Daniel Gultsch 150f8313a0 make launch conversation and launch tor pending intents immutable 2022-08-11 14:31:27 +02:00
Daniel Gultsch 508e1ac1bd add immutable flag to pending alarm intents 2022-08-09 19:43:10 +02:00
Daniel Gultsch b3a3f2b930 try to detect if a container contains video or audio 
fixes #4321
 2022-08-09 09:40:04 +02:00
Daniel Gultsch 52ff6f446c add permission checks to appRTCBluetoothManager 2022-08-05 10:56:19 +02:00
Daniel Gultsch 50ba165746 bump targetSdk to 32 2022-08-05 10:52:00 +02:00
Daniel Gultsch 67f021426b remove null bytes from strings before creating sql statements in backup 2022-08-04 11:31:58 +02:00
Daniel Gultsch 73c7d76bd6 add local only flag to foreground service 2022-07-01 15:54:55 +02:00
Daniel Gultsch 85f06f1cd6 do not merge failed decryptions 
fixes #4314
 2022-05-02 08:29:54 +02:00
Daniel Gultsch d7637192e2 fix NPE during bookmark creation 
closes #4312

fixes #4211

thank you @singpolyma
 2022-04-21 17:03:26 +02:00
Daniel Gultsch 09cf5feefa limit posh files to 10k 2022-03-30 09:25:05 +02:00
Daniel Gultsch 36756fbd41 catch two rare exceptions to fix crash 2022-03-26 08:25:45 +01:00
Daniel Gultsch d6be6ddd18 use full file name for all new files 2022-02-22 16:05:02 +01:00
Daniel Gultsch 8abacd23e8 use new storage location for backup and recordings 2022-02-22 15:14:00 +01:00
Daniel Gultsch db834a1f07 indicate call reconnect in notification 2021-11-19 12:26:11 +01:00
Daniel Gultsch d4cbf2e11e take intent type into account when sharing with conversations 2021-11-07 11:35:00 +01:00
Daniel Gultsch f182fe6697 use PM on direct reply if last message in notifacation stack is PM 2021-10-03 16:38:30 +02:00
Daniel Gultsch 3075833ab3 swap out transcoder library 
the transcoder library we used hasn’t been updated in years

this commit switches to a maintained fork https://natario1.github.io/Transcoder/
 2021-09-15 11:38:06 +02:00
Daniel Gultsch c195e8b3d2 run file observer on its own thread. fixes #4164 2021-09-10 19:07:57 +02:00
Daniel Gultsch 8b817b3bd8 add database migration for new fts scheme 2021-09-07 16:47:40 +02:00
Daniel Gultsch 6c88a4b4fa reset affiliation when inviting someone not currently in group. fixes #4146 2021-08-24 14:42:50 +02:00
Daniel Gultsch 87f99d3570 Transferables interface needs to differentiate between 0 and null file size 2021-05-17 15:51:21 +02:00
Daniel Gultsch 89012b0f8b synchronize startRinging() to not create multiple vibrate futures 2021-05-08 11:49:24 +02:00
Daniel Gultsch ac7855a332 show domains in manual cert accept dialog 2021-05-03 08:28:03 +02:00
Daniel Gultsch c5e90199c3 trigger registration dialog on roster;ibr=y only if no accounts are configured 
fixes #4065
 2021-04-30 11:32:42 +02:00