Commit graph

23 commits

Author SHA1 Message Date
dependabot[bot] c876790f08
Bump github.com/docker/docker from 24.0.9+incompatible to 25.0.6+incompatible (#3405)
Bumps [github.com/docker/docker](https://github.com/docker/docker) from
24.0.9+incompatible to 25.0.6+incompatible.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/docker/docker/releases">github.com/docker/docker's
releases</a>.</em></p>
<blockquote>
<h2>v25.0.6</h2>
<h2>25.0.6</h2>
<p>For a full list of pull requests and changes in this release, refer
to the relevant GitHub milestones:</p>
<ul>
<li><a
href="https://github.com/docker/cli/issues?q=is%3Aclosed+milestone%3A25.0.6">docker/cli,
25.0.6 milestone</a></li>
<li><a
href="https://github.com/moby/moby/issues?q=is%3Aclosed+milestone%3A25.0.6">moby/moby,
25.0.6 milestone</a></li>
<li>Deprecated and removed features, see <a
href="https://github.com/docker/cli/blob/v25.0.6/docs/deprecated.md">Deprecated
Features</a>.</li>
<li>Changes to the Engine API, see <a
href="https://github.com/moby/moby/blob/v25.0.6/docs/api/version-history.md">API
version history</a>.</li>
</ul>
<h3>Security</h3>
<p>This release contains a fix for <a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41110">CVE-2024-41110</a>
/ <a
href="https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq">GHSA-v23v-6jw2-98fq</a>
that impacted setups using <a
href="https://docs.docker.com/engine/extend/plugins_authorization/">authorization
plugins (AuthZ)</a> for access control.</p>
<h3>Bug fixes and enhancements</h3>
<ul>
<li>[25.0] remove erroneous <code>platform</code> from image
<code>config</code> OCI descriptor in <code>docker save</code> output.
<a
href="https://redirect.github.com/moby/moby/pull/47695">moby/moby#47695</a></li>
<li>[25.0 backport] Fix a nil dereference when getting image history for
images having layers without the <code>Created</code> value set. <a
href="https://redirect.github.com/moby/moby/pull/47759">moby/moby#47759</a></li>
<li>[25.0 backport] apparmor: Allow confined runc to kill containers. <a
href="https://redirect.github.com/moby/moby/pull/47830">moby/moby#47830</a></li>
<li>[25.0 backport] Fix an issue where rapidly promoting a Swarm node
after another node was demoted could cause the promoted node to fail its
promotion. <a
href="https://redirect.github.com/moby/moby/pull/47869">moby/moby#47869</a></li>
<li>[25.0 backport] don't depend on containerd platform.Parse to return
a typed error. <a
href="https://redirect.github.com/moby/moby/pull/47890">moby/moby#47890</a></li>
<li>[25.0 backport] builder/mobyexporter: Add missing nil check <a
href="https://redirect.github.com/moby/moby/pull/47987">moby/moby#47987</a></li>
</ul>
<h3>Packaging updates</h3>
<ul>
<li>Update AWS SDK Go v2 to v1.24.1 for AWS CloudWatch logging driver.
<a
href="https://redirect.github.com/moby/moby/pull/47724">moby/moby#47724</a></li>
<li>Update Go runtime to 1.21.12, which contains security fixes for <a
href="https://github.com/advisories/GHSA-hw49-2p59-3mhj">CVE-2024-24791</a>
<a
href="https://redirect.github.com/moby/moby/pull/48146">moby/moby#48146</a></li>
<li>Update Containerd (static binaries only) to <a
href="https://github.com/containerd/containerd/releases/tag/v1.7.20">v1.7.20</a>.
<a
href="https://redirect.github.com/moby/moby/pull/48199">moby/moby#48199</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/moby/moby/compare/v25.0.5...v25.0.6">https://github.com/moby/moby/compare/v25.0.5...v25.0.6</a></p>
<h2>v25.0.5</h2>
<h2>25.0.5</h2>
<p>For a full list of pull requests and changes in this release, refer
to the relevant GitHub milestones:</p>
<ul>
<li><a
href="https://github.com/docker/cli/issues?q=is%3Aclosed+milestone%3A25.0.5">docker/cli,
25.0.5 milestone</a></li>
<li><a
href="https://github.com/moby/moby/issues?q=is%3Aclosed+milestone%3A25.0.5">moby/moby,
25.0.5 milestone</a></li>
<li>Deprecated and removed features, see <a
href="https://github.com/docker/cli/blob/v25.0.5/docs/deprecated.md">Deprecated
Features</a>.</li>
<li>Changes to the Engine API, see <a
href="https://github.com/moby/moby/blob/v25.0.5/docs/api/version-history.md">API
version history</a>.</li>
</ul>
<h3>Security</h3>
<p>This release contains a security fix for <a
href="https://github.com/moby/moby/security/advisories/GHSA-mq39-4gv4-mvpx">CVE-2024-29018</a>,
a potential data exfiltration from 'internal' networks via authoritative
DNS servers.</p>
<h3>Bug fixes and enhancements</h3>
<ul>
<li>
<p><a
href="https://github.com/moby/moby/security/advisories/GHSA-mq39-4gv4-mvpx">CVE-2024-29018</a>:
Do not forward requests to external DNS servers for a container that is
only connected to an 'internal' network. Previously, requests were
forwarded if the host's DNS server was running on a loopback address,
like systemd's 127.0.0.53. <a
href="https://redirect.github.com/moby/moby/pull/47589">moby/moby#47589</a></p>
</li>
<li>
<p>plugin: fix mounting /etc/hosts when running in UserNS. <a
href="https://redirect.github.com/moby/moby/pull/47588">moby/moby#47588</a></p>
</li>
<li>
<p>rootless: fix <code>open /etc/docker/plugins: permission
denied</code>. <a
href="https://redirect.github.com/moby/moby/pull/47587">moby/moby#47587</a></p>
</li>
<li>
<p>Fix multiple parallel <code>docker build</code> runs leaking disk
space. <a
href="https://redirect.github.com/moby/moby/pull/47527">moby/moby#47527</a></p>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="b08a51fe16"><code>b08a51f</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/docker/issues/48231">#48231</a>
from austinvazquez/backport-vendor-otel-v0.46.1-to-...</li>
<li><a
href="d151b0f87f"><code>d151b0f</code></a>
vendor: OTEL v0.46.1 / v1.21.0</li>
<li><a
href="c6ba9a5124"><code>c6ba9a5</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/docker/issues/48225">#48225</a>
from austinvazquez/backport-workflow-artifact-reten...</li>
<li><a
href="4673a3ca2c"><code>4673a3c</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/docker/issues/48227">#48227</a>
from austinvazquez/backport-backport-branch-check-t...</li>
<li><a
href="30f8908102"><code>30f8908</code></a>
github/ci: Check if backport is opened against the expected branch</li>
<li><a
href="7454d6a2e6"><code>7454d6a</code></a>
ci: update workflow artifacts retention</li>
<li><a
href="65cc597cea"><code>65cc597</code></a>
Merge commit from fork</li>
<li><a
href="b722836927"><code>b722836</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/docker/issues/48199">#48199</a>
from austinvazquez/update-containerd-binary-to-1.7.20</li>
<li><a
href="e8ecb9c76d"><code>e8ecb9c</code></a>
update containerd binary to v1.7.20</li>
<li><a
href="e6cae1f237"><code>e6cae1f</code></a>
update containerd binary to v1.7.19</li>
<li>Additional commits viewable in <a
href="https://github.com/docker/docker/compare/v24.0.9...v25.0.6">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/docker/docker&package-manager=go_modules&previous-version=24.0.9+incompatible&new-version=25.0.6+incompatible)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/matrix-org/dendrite/network/alerts).

</details>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Till Faelligen <2353100+S7evinK@users.noreply.github.com>
2024-08-02 08:56:24 +02:00
Till a37d317958
Bump go to 1.21 (#3360) 2024-08-02 08:35:38 +02:00
Till b341a66152
Version 0.13.3 (#3213) 2023-09-28 12:06:21 +02:00
Till e3a7039c81
Fix CI, upgrade image used for upgrade tests (#3151) 2023-08-28 13:28:22 +02:00
kegsay 4679098a64
Use IRoomVersion (#3064)
This is a step towards allowing arbitrary room version impls.
2023-04-24 11:50:37 +01:00
Till 5e85a00cb3
Remove BaseDendrite (#3023)
Removes `BaseDendrite` to, hopefully, make testing and composing of
components easier in the future.
2023-03-22 09:21:32 +01:00
Till 11d9b9db0e
Remove polylith/API mode (#2967)
This removes most of the code used for polylith/API mode.

This removes the `/api` internal endpoints entirely. 

Binary size change roughly 5%: 
```
51437560 Feb 13 10:15 dendrite-monolith-server # old
48759008 Feb 13 10:15 dendrite-monolith-server # new
```
2023-02-14 12:47:47 +01:00
Till 9a46d8d95c
Test and CI related changes (#2896)
In an attempt to:
- make on-boarding a bit easier (`go test ./...` should now not need
additional postgres setup)
- get code coverage faster, not only scheduled at night
- test the `create-account` binary
2022-12-02 11:44:20 +01:00
Neil Alexander 72ce6acf71
Run upgrade tests for SQLite too (#2875)
This should hopefully catch problems with database migrations in SQLite
as well as PostgreSQL.
2022-11-11 11:21:16 +00:00
Neil Alexander efa50253f6
Fix lint error 2022-11-10 10:16:56 +00:00
Neil Alexander 503d9c7586
Improve logging in upgrade tests 2022-11-10 10:07:19 +00:00
Neil Alexander c8935fb53f
Do not use ioutil as it is deprecated (#2625) 2022-08-05 10:26:59 +01:00
Till 1b7f84250a
Fix linter issues (#2624)
* Try that again

* All hail the mighty linter?

* And once again

* goimport all the things
2022-08-05 11:12:41 +02:00
Till 081f5e7226
Update database migrations, remove goose (#2264)
* Add new db migration

* Update migrations
Remove goose

* Add possibility to test direct upgrades

* Try to fix WASM test

* Add checks for specific migrations

* Remove AddMigration
Use WithTransaction
Add Dendrite version to table

* Fix linter issues

* Update tests

* Update comments, outdent if

* Namespace migrations

* Add direct upgrade tests, skipping over one version

* Split migrations

* Update go version in CI

* Fix copy&paste mistake

* Use contexts in migrations

Co-authored-by: kegsay <kegan@matrix.org>
Co-authored-by: Neil Alexander <neilalexander@users.noreply.github.com>
2022-07-25 10:39:22 +01:00
Neil Alexander 3ea21273bc
Ristretto cache (#2563)
* Try Ristretto cache

* Tweak

* It's beautiful

* Update GMSL

* More strict keyable interface

* Fix that some more

* Make less panicky

* Don't enforce mutability checks for now

* Determine mutability using deep equality

* Tweaks

* Namespace keys

* Make federation caches mutable

* Update cost estimation, add metric

* Update GMSL

* Estimate cost for metrics better

* Reduce counters a bit

* Try caching events

* Some guards

* Try again

* Try this

* Use separate caches for hopefully better hash distribution

* Fix bug with admitting events into cache

* Try to fix bugs

* Check nil

* Try that again

* Preserve order jeezo this is messy

* thanks VS Code for doing exactly the wrong thing

* Try this again

* Be more specific

* aaaaargh

* One more time

* That might be better

* Stronger sorting

* Cache expiries, async publishing of EDUs

* Put it back

* Use a shared cache again

* Cost estimation fixes

* Update ristretto

* Reduce counters a bit

* Clean up a bit

* Update GMSL

* 1GB

* Configurable cache sizees

* Tweaks

* Add `config.DataUnit` for specifying friendly cache sizes

* Various tweaks

* Update GMSL

* Add back some lazy loading caching

* Include key in cost

* Include key in cost

* Tweak max age handling, config key name

* Only register prometheus metrics if requested

* Review comments @S7evinK

* Don't return errors when creating caches (it is better just to crash since otherwise we'll `nil`-pointer exception everywhere)

* Review comments

* Update sample configs

* Update GHA Workflow

* Update Complement images to Go 1.18

* Remove the cache test from the federation API as we no longer guarantee immediate cache admission

* Don't check the caches in the renewal test

* Possibly fix the upgrade tests

* Update to matrix-org/gomatrixserverlib#322

* Update documentation to refer to Go 1.18
2022-07-11 14:31:31 +01:00
Till 26a1512808
Add restrictions for open registration (#2402)
* Add restrications for open registration

* Make enable open registration a parameter

* Enable registration for CI

* Update error message

* Shuffle things around a bit

* Add a warning at every startup just to be extra annoying

* Ignore shared secret when warning about open registration, since it's not strictly required when it is set if registration is otherwise enabled

* Make CI happy?

* Add missing parameter; try new parameter in upgrade-test

Co-authored-by: Neil Alexander <neilalexander@users.noreply.github.com>
2022-04-29 09:31:11 +02:00
kegsay 2c581377a5
Remodel how device list change IDs are created (#2098)
* Remodel how device list change IDs are created

Previously we made them using the offset Kafka supplied.
We don't run Kafka anymore, so now we make the SQL table assign
the change ID via an AUTOINCREMENTing ID. Redesign the
`keyserver_key_changes` table to have `UNIQUE(user_id)` so we
don't accumulate key changes forevermore, we now have at most 1
row per user which contains the highest change ID.

This needs a SQL migration.

* Ensure we bump the change ID on sqlite

* Actually read the DeviceChangeID not the Offset in synapi

* Add SQL migrations

* Prepare after migration; fixup dendrite-upgrade-test logging

* Use higher version numbers; fix sqlite query to increment better

* Default 0 on postgres

* fixup postgres migration on fresh dendrite instances
2022-01-21 09:56:06 +00:00
S7evinK 161f145176
Add NATS JetStream support (#1866)
* Add NATS JetStream support
Update shopify/sarama

* Fix addresses

* Don't change Addresses in Defaults

* Update saramajetstream

* Add missing error check

Keep typing events for at least one minute

* Use all configured NATS addresses

* Update saramajetstream

* Try setting up with NATS

* Make sure NATS uses own persistent directory (TODO: make this configurable)

* Update go.mod/go.sum

* Jetstream package

* Various other refactoring

* Build fixes

* Config tweaks, make random jetstream storage path for CI

* Disable interest policies

* Try to sane default on jetstream base path

* Try to use in-memory for CI

* Restore storage/retention

* Update nats.go dependency

* Adapt changes to config

* Remove unneeded TopicFor

* Dep update

* Revert "Remove unneeded TopicFor"

This reverts commit f5a4e4a339.

* Revert changes made to streams

* Fix build problems

* Update nats-server

* Update go.mod/go.sum

* Roomserver input API queuing using NATS

* Fix topic naming

* Prometheus metrics

* More refactoring to remove saramajetstream

* Add missing topic

* Don't try to populate map that doesn't exist

* Roomserver output topic

* Update go.mod/go.sum

* Message acknowledgements

* Ack tweaks

* Try to resume transaction re-sends

* Try to resume transaction re-sends

* Update to matrix-org/gomatrixserverlib@91dadfb

* Remove internal.PartitionStorer from components that don't consume keychanges

* Try to reduce re-allocations a bit in resolveConflictsV2

* Tweak delivery options on RS input

* Publish send-to-device messages into correct JetStream subject

* Async and sync roomserver input

* Update dendrite-config.yaml

* Remove roomserver tests for now (they need rewriting)

* Remove roomserver test again (was merged back in)

* Update documentation

* Docker updates

* More Docker updates

* Update Docker readme again

* Fix lint issues

* Send final event in `processEvent` synchronously (since this might stop Sytest from being so upset)

* Don't report event rejection errors via `/send`, since apparently this is upsetting tests that don't expect that

* Go 1.16 instead of Go 1.13 for upgrade tests and Complement

* Revert "Don't report event rejection errors via `/send`, since apparently this is upsetting tests that don't expect that"

This reverts commit 368675283f.

* Don't report any errors on `/send` to see what fun that creates

* Fix panics on closed channel sends

* Enforce state key matches sender

* Do the same for leave

* Various tweaks to make tests happier

Squashed commit of the following:

commit 13f9028e7a
Author: Neil Alexander <neilalexander@users.noreply.github.com>
Date:   Tue Jan 4 15:47:14 2022 +0000

    Do the same for leave

commit e6be7f05c3
Author: Neil Alexander <neilalexander@users.noreply.github.com>
Date:   Tue Jan 4 15:33:42 2022 +0000

    Enforce state key matches sender

commit 85ede6d64b
Author: Neil Alexander <neilalexander@users.noreply.github.com>
Date:   Tue Jan 4 14:07:04 2022 +0000

    Fix panics on closed channel sends

commit 9755494a98
Author: Neil Alexander <neilalexander@users.noreply.github.com>
Date:   Tue Jan 4 13:38:22 2022 +0000

    Don't report any errors on `/send` to see what fun that creates

commit 3bb4f87b5d
Author: Neil Alexander <neilalexander@users.noreply.github.com>
Date:   Tue Jan 4 13:00:26 2022 +0000

    Revert "Don't report event rejection errors via `/send`, since apparently this is upsetting tests that don't expect that"

    This reverts commit 368675283f.

commit fe2673ed7b
Author: Neil Alexander <neilalexander@users.noreply.github.com>
Date:   Tue Jan 4 12:09:34 2022 +0000

    Go 1.16 instead of Go 1.13 for upgrade tests and Complement

commit 368675283f
Author: Neil Alexander <neilalexander@users.noreply.github.com>
Date:   Tue Jan 4 11:51:45 2022 +0000

    Don't report event rejection errors via `/send`, since apparently this is upsetting tests that don't expect that

commit b028dfc085
Author: Neil Alexander <neilalexander@users.noreply.github.com>
Date:   Tue Jan 4 10:29:08 2022 +0000

    Send final event in `processEvent` synchronously (since this might stop Sytest from being so upset)

* Merge in NATS Server v2.6.6 and nats.go v1.13 into the in-process connection fork

* Add `jetstream.WithJetStreamMessage` to make ack/nak-ing less messy, use process context in consumers

* Fix consumer component name in  federation API

* Add comment explaining where streams are defined

* Tweaks to roomserver input with comments

* Finish that sentence that I apparently forgot to finish in INSTALL.md

* Bump version number of config to 2

* Add comments around asynchronous sends to roomserver in processEventWithMissingState

* More useful error message when the config version does not match

* Set version in generate-config

* Fix version in config.Defaults

Co-authored-by: Neil Alexander <neilalexander@users.noreply.github.com>
2022-01-05 17:44:49 +00:00
Ryan W a624eab309
- Removed double imports (#1989)
- Lower cased error messages

Signed-off-by: Ryan Whittington <twentybitdev@gmail.com>

Co-authored-by: kegsay <kegan@matrix.org>
2021-09-08 17:31:03 +01:00
kegsay ef331c52af
dendrite-upgrade-test: tweaks to get it to run under CI in docker (#1905)
* dendrite-upgrade-test: tweaks to get it to run under CI in docker

* Linting
2021-07-08 12:28:04 +01:00
Kegan Dougal 717d16345c Improve error handling and close files post-tarring 2021-07-08 10:17:21 +01:00
kegsay bb6e4487dd
dendrite-upgrade-test: support --from HEAD-N, cleanup on startup (#1903) 2021-07-07 14:20:07 +01:00
kegsay d72d634391
Add dendrite-upgrade-test (#1901)
* Add WIP binary for testing dendrite version upgrades

* WIP dendrite upgrade work

* Finish dendrite upgrade checks

* go mod tidy

* Review comments; print container logs on failure

* Linting
2021-07-07 12:06:17 +01:00