Merge branch 'develop' of git.pleroma.social:pleroma/pleroma into auth-fetch-exception

This commit is contained in:
Lain Soykaf 2024-05-20 18:21:46 +04:00
commit c67506ba68
555 changed files with 7843 additions and 3240 deletions

6
.dialyzer_ignore.exs Normal file
View File

@ -0,0 +1,6 @@
[
{"lib/cachex.ex", "Unknown type: Spec.cache/0."},
{"lib/pleroma/web/plugs/rate_limiter.ex", "The pattern can never match the type {:commit, _} | {:ignore, _}."},
{"lib/pleroma/web/plugs/rate_limiter.ex", "Function get_scale/2 will never be called."},
{"lib/pleroma/web/plugs/rate_limiter.ex", "Function initialize_buckets!/1 will never be called."}
]

5
.gitignore vendored
View File

@ -57,5 +57,6 @@ pleroma.iml
.tool-versions .tool-versions
# Editor temp files # Editor temp files
/*~ *~
/*# *#
*.swp

View File

@ -1,12 +1,13 @@
image: git.pleroma.social:5050/pleroma/pleroma/ci-base image: git.pleroma.social:5050/pleroma/pleroma/ci-base
variables: &global_variables variables: &global_variables
# Only used for the release
ELIXIR_VER: 1.12.3 ELIXIR_VER: 1.12.3
POSTGRES_DB: pleroma_test POSTGRES_DB: pleroma_test
POSTGRES_USER: postgres POSTGRES_USER: postgres
POSTGRES_PASSWORD: postgres POSTGRES_PASSWORD: postgres
DB_HOST: postgres DB_HOST: postgres
DB_PORT: 5432 DB_PORT: "5432"
MIX_ENV: test MIX_ENV: test
workflow: workflow:
@ -25,9 +26,10 @@ cache: &global_cache_policy
- _build - _build
stages: stages:
- check-changelog
- build - build
- lint
- test - test
- check-changelog
- benchmark - benchmark
- deploy - deploy
- release - release
@ -70,7 +72,7 @@ check-changelog:
tags: tags:
- amd64 - amd64
build: build-1.12.3:
extends: extends:
- .build_changes_policy - .build_changes_policy
- .using-ci-base - .using-ci-base
@ -78,10 +80,20 @@ build:
script: script:
- mix compile --force - mix compile --force
build-1.15.7-otp-25:
extends:
- .build_changes_policy
- .using-ci-base
stage: build
image: git.pleroma.social:5050/pleroma/pleroma/ci-base:elixir-1.15
allow_failure: true
script:
- mix compile --force
spec-build: spec-build:
extends: extends:
- .using-ci-base - .using-ci-base
stage: test stage: build
rules: rules:
- changes: - changes:
- ".gitlab-ci.yml" - ".gitlab-ci.yml"
@ -101,7 +113,7 @@ benchmark:
variables: variables:
MIX_ENV: benchmark MIX_ENV: benchmark
services: services:
- name: postgres:9.6-alpine - name: postgres:11.22-alpine
alias: postgres alias: postgres
command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"] command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"]
script: script:
@ -109,7 +121,7 @@ benchmark:
- mix ecto.migrate - mix ecto.migrate
- mix pleroma.load_testing - mix pleroma.load_testing
unit-testing: unit-testing-1.12.3:
extends: extends:
- .build_changes_policy - .build_changes_policy
- .using-ci-base - .using-ci-base
@ -117,12 +129,11 @@ unit-testing:
cache: &testing_cache_policy cache: &testing_cache_policy
<<: *global_cache_policy <<: *global_cache_policy
policy: pull policy: pull
services: &testing_services
services:
- name: postgres:13-alpine - name: postgres:13-alpine
alias: postgres alias: postgres
command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"] command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"]
script: script: &testing_script
- mix ecto.create - mix ecto.create
- mix ecto.migrate - mix ecto.migrate
- mix test --cover --preload-modules - mix test --cover --preload-modules
@ -133,65 +144,35 @@ unit-testing:
coverage_format: cobertura coverage_format: cobertura
path: coverage.xml path: coverage.xml
unit-testing-erratic: unit-testing-1.15.7-otp-25:
extends:
- .build_changes_policy
- .using-ci-base
stage: test
image: git.pleroma.social:5050/pleroma/pleroma/ci-base:elixir-1.15-otp25
allow_failure: true
cache: *testing_cache_policy
services: *testing_services
script: *testing_script
unit-testing-1.12-erratic:
extends: extends:
- .build_changes_policy - .build_changes_policy
- .using-ci-base - .using-ci-base
stage: test stage: test
retry: 2 retry: 2
allow_failure: true allow_failure: true
cache: &testing_cache_policy cache: *testing_cache_policy
<<: *global_cache_policy services: *testing_services
policy: pull
services:
- name: postgres:13-alpine
alias: postgres
command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"]
script: script:
- mix ecto.create - mix ecto.create
- mix ecto.migrate - mix ecto.migrate
- mix test --only=erratic - mix test --only=erratic
# Removed to fix CI issue. In this early state it wasn't adding much value anyway. formatting-1.13:
# TODO Fix and reinstate federated testing
# federated-testing:
# stage: test
# cache: *testing_cache_policy
# services:
# - name: minibikini/postgres-with-rum:12
# alias: postgres
# command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"]
# script:
# - mix deps.get
# - mix ecto.create
# - mix ecto.migrate
# - epmd -daemon
# - mix test --trace --only federated
unit-testing-rum:
extends:
- .build_changes_policy
- .using-ci-base
stage: test
cache: *testing_cache_policy
services:
- name: minibikini/postgres-with-rum:12
alias: postgres
command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"]
variables:
<<: *global_variables
RUM_ENABLED: "true"
script:
- mix ecto.create
- mix ecto.migrate
- "mix ecto.migrate --migrations-path priv/repo/optional_migrations/rum_indexing/"
- mix test --preload-modules
lint:
extends: .build_changes_policy extends: .build_changes_policy
image: &current_elixir elixir:1.12-alpine image: &formatting_elixir elixir:1.13-alpine
stage: test stage: lint
cache: *testing_cache_policy cache: *testing_cache_policy
before_script: &current_bfr_script before_script: &current_bfr_script
- apk update - apk update
@ -202,25 +183,38 @@ lint:
script: script:
- mix format --check-formatted - mix format --check-formatted
analysis: cycles-1.13:
extends:
- .build_changes_policy
- .using-ci-base
stage: test
cache: *testing_cache_policy
script:
- mix credo --strict --only=warnings,todo,fixme,consistency,readability
cycles:
extends: .build_changes_policy extends: .build_changes_policy
image: *current_elixir image: *formatting_elixir
stage: test stage: lint
cache: {} cache: {}
before_script: *current_bfr_script before_script: *current_bfr_script
script: script:
- mix compile - mix compile
- mix xref graph --format cycles --label compile | awk '{print $0} END{exit ($0 != "No cycles found")}' - mix xref graph --format cycles --label compile | awk '{print $0} END{exit ($0 != "No cycles found")}'
analysis:
extends:
- .build_changes_policy
- .using-ci-base
stage: lint
cache: *testing_cache_policy
script:
- mix credo --strict --only=warnings,todo,fixme,consistency,readability
dialyzer:
extends:
- .build_changes_policy
- .using-ci-base
stage: lint
allow_failure: true
when: manual
cache: *testing_cache_policy
tags:
- feld
script:
- mix dialyzer
docs-deploy: docs-deploy:
stage: deploy stage: deploy
cache: *testing_cache_policy cache: *testing_cache_policy
@ -319,8 +313,9 @@ amd64:
- deps - deps
variables: &release-variables variables: &release-variables
MIX_ENV: prod MIX_ENV: prod
VIX_COMPILATION_MODE: PLATFORM_PROVIDED_LIBVIPS
before_script: &before-release before_script: &before-release
- apt-get update && apt-get install -y cmake libmagic-dev - apt-get update && apt-get install -y cmake libmagic-dev libvips-dev erlang-dev
- echo "import Config" > config/prod.secret.exs - echo "import Config" > config/prod.secret.exs
- mix local.hex --force - mix local.hex --force
- mix local.rebar --force - mix local.rebar --force
@ -341,7 +336,7 @@ amd64-musl:
cache: *release-cache cache: *release-cache
variables: *release-variables variables: *release-variables
before_script: &before-release-musl before_script: &before-release-musl
- apk add git build-base cmake file-dev openssl - apk add git build-base cmake file-dev openssl vips-dev
- echo "import Config" > config/prod.secret.exs - echo "import Config" > config/prod.secret.exs
- mix local.hex --force - mix local.hex --force
- mix local.rebar --force - mix local.rebar --force

1
.rgignore Normal file
View File

@ -0,0 +1 @@
priv/static

View File

@ -4,6 +4,22 @@ All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
## 2.6.2
### Security
- MRF StealEmojiPolicy: Sanitize shortcodes (thanks to Hazel K for the report
## 2.6.1
### Changed
- - Document maximum supported version of Erlang & Elixir
### Added
- [docs] add frontends management documentation
### Fixed
- TwitterAPI: Return proper error when healthcheck is disabled
- Fix eblurhash and elixir-captcha not using system cflags
## 2.6.0 ## 2.6.0
### Security ### Security
- Preload: Make generated JSON html-safe. It already was html safe because it only consists of config data that is base64 encoded, but this will keep it safe it that ever changes. - Preload: Make generated JSON html-safe. It already was html safe because it only consists of config data that is base64 encoded, but this will keep it safe it that ever changes.
@ -51,7 +67,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
## 2.5.4 ## 2.5.4
## Security ## Security
- Fix XML External Entity (XXE) loading vulnerability allowing to fetch arbitary files from the server's filesystem - Fix XML External Entity (XXE) loading vulnerability allowing to fetch arbitrary files from the server's filesystem
## 2.5.3 ## 2.5.3
@ -67,7 +83,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
## 2.5.4 ## 2.5.4
## Security ## Security
- Fix XML External Entity (XXE) loading vulnerability allowing to fetch arbitary files from the server's filesystem - Fix XML External Entity (XXE) loading vulnerability allowing to fetch arbitrary files from the server's filesystem
## 2.5.3 ## 2.5.3
@ -107,7 +123,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
- Fix `block_from_stranger` setting - Fix `block_from_stranger` setting
- Fix rel="me" - Fix rel="me"
- Docker images will now run properly - Docker images will now run properly
- Fix inproper content being cached in report content - Fix improper content being cached in report content
- Notification filter on object content will not operate on the ones that inherently have no content - Notification filter on object content will not operate on the ones that inherently have no content
- ZWNJ and double dots in links are parsed properly for Plain-text posts - ZWNJ and double dots in links are parsed properly for Plain-text posts
- OTP releases will work on systems with a newer libcrypt - OTP releases will work on systems with a newer libcrypt
@ -773,7 +789,7 @@ switched to a new configuration mechanism, however it was not officially removed
- Rate limiter crashes when there is no explicitly specified ip in the config - Rate limiter crashes when there is no explicitly specified ip in the config
- 500 errors when no `Accept` header is present if Static-FE is enabled - 500 errors when no `Accept` header is present if Static-FE is enabled
- Instance panel not being updated immediately due to wrong `Cache-Control` headers - Instance panel not being updated immediately due to wrong `Cache-Control` headers
- Statuses posted with BBCode/Markdown having unncessary newlines in Pleroma-FE - Statuses posted with BBCode/Markdown having unnecessary newlines in Pleroma-FE
- OTP: Fix some settings not being migrated to in-database config properly - OTP: Fix some settings not being migrated to in-database config properly
- No `Cache-Control` headers on attachment/media proxy requests - No `Cache-Control` headers on attachment/media proxy requests
- Character limit enforcement being off by 1 - Character limit enforcement being off by 1
@ -1093,10 +1109,10 @@ curl -Lo ./bin/pleroma_ctl 'https://git.pleroma.social/pleroma/pleroma/raw/devel
- Reverse Proxy limiting `max_body_length` was incorrectly defined and only checked `Content-Length` headers which may not be sufficient in some circumstances - Reverse Proxy limiting `max_body_length` was incorrectly defined and only checked `Content-Length` headers which may not be sufficient in some circumstances
### Added ### Added
- Expiring/ephemeral activites. All activities can have expires_at value set, which controls when they should be deleted automatically. - Expiring/ephemeral activities. All activities can have expires_at value set, which controls when they should be deleted automatically.
- Mastodon API: in post_status, the expires_in parameter lets you set the number of seconds until an activity expires. It must be at least one hour. - Mastodon API: in post_status, the expires_in parameter lets you set the number of seconds until an activity expires. It must be at least one hour.
- Mastodon API: all status JSON responses contain a `pleroma.expires_at` item which states when an activity will expire. The value is only shown to the user who created the activity. To everyone else it's empty. - Mastodon API: all status JSON responses contain a `pleroma.expires_at` item which states when an activity will expire. The value is only shown to the user who created the activity. To everyone else it's empty.
- Configuration: `ActivityExpiration.enabled` controls whether expired activites will get deleted at the appropriate time. Enabled by default. - Configuration: `ActivityExpiration.enabled` controls whether expired activities will get deleted at the appropriate time. Enabled by default.
- Conversations: Add Pleroma-specific conversation endpoints and status posting extensions. Run the `bump_all_conversations` task again to create the necessary data. - Conversations: Add Pleroma-specific conversation endpoints and status posting extensions. Run the `bump_all_conversations` task again to create the necessary data.
- MRF: Support for priming the mediaproxy cache (`Pleroma.Web.ActivityPub.MRF.MediaProxyWarmingPolicy`) - MRF: Support for priming the mediaproxy cache (`Pleroma.Web.ActivityPub.MRF.MediaProxyWarmingPolicy`)
- MRF: Support for excluding specific domains from Transparency. - MRF: Support for excluding specific domains from Transparency.

View File

@ -8,8 +8,9 @@ FROM ${ELIXIR_IMG}:${ELIXIR_VER}-erlang-${ERLANG_VER}-alpine-${ALPINE_VER} as bu
COPY . . COPY . .
ENV MIX_ENV=prod ENV MIX_ENV=prod
ENV VIX_COMPILATION_MODE=PLATFORM_PROVIDED_LIBVIPS
RUN apk add git gcc g++ musl-dev make cmake file-dev &&\ RUN apk add git gcc g++ musl-dev make cmake file-dev vips-dev &&\
echo "import Config" > config/prod.secret.exs &&\ echo "import Config" > config/prod.secret.exs &&\
mix local.hex --force &&\ mix local.hex --force &&\
mix local.rebar --force &&\ mix local.rebar --force &&\
@ -37,7 +38,7 @@ ARG HOME=/opt/pleroma
ARG DATA=/var/lib/pleroma ARG DATA=/var/lib/pleroma
RUN apk update &&\ RUN apk update &&\
apk add exiftool ffmpeg imagemagick libmagic ncurses postgresql-client &&\ apk add exiftool ffmpeg vips libmagic ncurses postgresql-client &&\
adduser --system --shell /bin/false --home ${HOME} pleroma &&\ adduser --system --shell /bin/false --home ${HOME} pleroma &&\
mkdir -p ${DATA}/uploads &&\ mkdir -p ${DATA}/uploads &&\
mkdir -p ${DATA}/static &&\ mkdir -p ${DATA}/static &&\

View File

1
changelog.d/3987.fix Normal file
View File

@ -0,0 +1 @@
Remove checking ImageMagick's commands for Pleroma.Upload.Filter.AnalyzeMetadata

View File

@ -0,0 +1 @@
Fix authentication check on account rendering when bio is defined

View File

@ -0,0 +1 @@
ap userview: add outbox field.

View File

@ -1 +0,0 @@
Fix XML External Entity (XXE) loading vulnerability allowing to fetch arbitary files from the server's filesystem

View File

@ -0,0 +1 @@
Fix #strip_report_status_data

View File

View File

View File

@ -0,0 +1 @@
Support /authorize-interaction route used by Mastodon

View File

@ -0,0 +1 @@
Include following/followers in backups

View File

@ -0,0 +1 @@
Invalid activities delivered to the inbox will be rejected with a 400 Bad Request

View File

@ -0,0 +1 @@
Support Bandit as an alternative to Cowboy for the HTTP server.

View File

@ -0,0 +1 @@
Replace eblurhash with rinpatch_blurhash. This also removes a dependency on ImageMagick.

View File

@ -0,0 +1 @@
Allow to group bookmarks in folders

View File

View File

@ -0,0 +1 @@
Fix federation with Convergence AP Bridge

View File

@ -0,0 +1 @@
Mastodon API: Remove deprecated GET /api/v1/statuses/:id/card endpoint https://github.com/mastodon/mastodon/pull/11213

View File

@ -0,0 +1 @@
Include image description in status media cards

View File

@ -0,0 +1 @@
ChatMessage: Tolerate attachment field set to an empty array

View File

@ -1 +0,0 @@
CommonAPI: Prevent users from accessing media of other users by creating a status with reused attachment ID

View File

@ -0,0 +1 @@
- Config: Check the permissions of the linked file instead of the symlink

View File

@ -0,0 +1 @@
MediaProxy was setting the content-length header which is not permitted by RFC9112§6.2 when we are chunking the reply as it conflicts with the existence of the transfer-encoding header.

View File

@ -0,0 +1 @@

View File

View File

View File

View File

View File

View File

0
changelog.d/doc-fix.skip Normal file
View File

View File

@ -0,0 +1 @@
When downloading remote emojis packs, account for pagination

View File

@ -1 +0,0 @@
Emoji pack loader sanitizes pack names

View File

@ -0,0 +1 @@
Make remote emoji packs API use specifically the V1 URL. Akkoma does not understand it without V1, and it works either way with normal pleroma, so no reason to not do this

View File

View File

View File

0
changelog.d/exile.skip Normal file
View File

View File

@ -0,0 +1 @@
Implement `/api/v1/accounts/familiar_followers`

1
changelog.d/favicon.add Normal file
View File

@ -0,0 +1 @@
Add support for configuring favicon, embed favicon and PWA manifest in server-generated meta

View File

@ -0,0 +1 @@
Removed support for multiple federator modules as we only support ActivityPub

View File

1
changelog.d/fep-2c59.add Normal file
View File

@ -0,0 +1 @@
Implement FEP-2c59, add "webfinger" to user actor

View File

@ -0,0 +1 @@
Framegrabs with ffmpeg will execute with a 5 second timeout and cache the URLs of failures with a TTL of 15 minutes to prevent excessive retries.

View File

@ -0,0 +1 @@
Following HTTP Redirects when the HTTP Adapter is Finch

View File

View File

View File

View File

@ -0,0 +1 @@
Add ForceMention MRF

View File

@ -0,0 +1 @@
Video framegrabs were not working correctly after the change to use Exile to execute ffmpeg

View File

@ -0,0 +1 @@
[docs] add frontends management documentation

View File

@ -0,0 +1 @@
Implement group actors

View File

1
changelog.d/gun_pool.fix Normal file
View File

@ -0,0 +1 @@
Fix logic error in Gun connection pooling which prevented retries even when the worker was launched with retry = true

View File

@ -0,0 +1 @@
Connection pool errors when publishing an activity is a soft-error that will be retried shortly.

View File

View File

@ -0,0 +1 @@
Remote object fetch failures will prevent the object fetch job from retrying if the object request returns 401, 403, 404, 410, or exceeds the maximum thread depth.

View File

@ -0,0 +1 @@
Add contact account to InstanceView

View File

View File

@ -0,0 +1 @@
Add instance rules

View File

@ -0,0 +1 @@
Implement /api/v2/instance route

View File

View File

@ -0,0 +1 @@
Handle cases when users.inbox is nil.

View File

@ -0,0 +1 @@
- Change AccountView `last_status_at` from a datetime to a date (as done in Mastodon 3.1.0)

View File

@ -0,0 +1 @@
Verify profile link ownership with rel="me"

View File

View File

@ -0,0 +1 @@
Use correct domain for fqn and InstanceView

View File

@ -0,0 +1 @@
The query for marking notifications as read has been simplified

View File

@ -0,0 +1 @@
Add new parameters to /api/v2/instance: configuration[accounts][max_pinned_statuses] and configuration[statuses][characters_reserved_per_url]

View File

@ -0,0 +1 @@
Mastodon API /api/v1/directory: Fix listing directory contents when not authenticated

1
changelog.d/memleak.fix Normal file
View File

@ -0,0 +1 @@
Fix a memory leak caused by Websocket connections that would not enter a state where a full garbage collection run could be triggered.

View File

View File

@ -0,0 +1 @@

View File

@ -0,0 +1 @@
Startup detection for configured MRF modules that are missing or incorrectly defined

View File

@ -0,0 +1 @@
MRF: Log sensible error for subdomains_regex

View File

@ -0,0 +1 @@
MRF.StealEmojiPolicy: Properly add fallback extension to filenames missing one

View File

@ -0,0 +1 @@
Federated timeline removal of hashtags via MRF HashtagPolicy

View File

@ -0,0 +1 @@
Support objects with a null contentMap (firefish)

View File

@ -0,0 +1 @@
Fix notifications query which was not using the index properly

View File

@ -0,0 +1 @@
Notifications: improve performance by filtering on users table instead of activities table

View File

@ -0,0 +1 @@
Use User.full_nickname/1 in oauth html template

View File

@ -0,0 +1 @@
Add media proxy to opengraph rich media cards

View File

@ -0,0 +1 @@
Optimistic Inbox reduces the processing overhead of incoming activities without instantly verifiable signatures.

1
changelog.d/otp26.add Normal file
View File

@ -0,0 +1 @@
Support for Erlang OTP 26

View File

@ -1 +0,0 @@
- Reduced permissions of config files and directories, distros requiring greater permissions like group-read need to pre-create the directories

View File

@ -0,0 +1 @@
Disable jit by default for PostgreSQL

View File

@ -0,0 +1 @@
- Prioritize mentioned recipients (i.e., those that are not just followers) when federating.

View File

@ -0,0 +1 @@
Change the prometheus library to PromEx.

View File

@ -0,0 +1 @@
Expose nonAnonymous field from Smithereen polls

Some files were not shown because too many files have changed in this diff Show More