Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix storage deserialization bugs #2673

Closed
23 tasks done
richvdh opened this issue Dec 18, 2024 · 4 comments
Closed
23 tasks done

Fix storage deserialization bugs #2673

richvdh opened this issue Dec 18, 2024 · 4 comments
Assignees
@andybalaam @BillCarsonFr

Comments

@richvdh
Copy link
Member

richvdh commented Dec 18, 2024
edited
Loading

matrix-org/matrix-rust-sdk#4424 is a bug in deserialising crypto data from the crypto store. Creating this issue to track rolling out fixes:
@BillCarsonFr
Copy link
Member

BillCarsonFr commented Dec 18, 2024
edited
Loading

For the OwnUserIdentityVerifiedState state migration, we are looking for 2 different PRs that must have landed.
#3846 Introduces OwnUserIdentityVerifiedState merged Aug 16th
#4067 Renames PreviouslyVerifiedButNoLonger in VerificationViolation merged Oct 10th

Classic Android is affected because:

1.6.22 (in store Nov 5) is using sdk lib 0.4.3 (Sept 18)
and then
1.6.24 (In store Dec 2nd) is using sdk lib 0.5.0 (Oct 31)

Classic iOS not yet affected

Because #4067 has not yet landed in the sdk. Current version is 0.27.17 based on rust ffi 0.4.3 (sept 12) before the refactoring.

WebR affected

wasm bindings is affected since 10.0.0. So web is since it using a higher bindings version.
So affected since js-sdk 0.35.0
Shipped in web v1.11.88

EXA affected

EXA 0.5.12 uses component-kotlin 0.2.41 that has #3846

And EXA 0.7.1 (oct 25th) uses sdk https://github.com/matrix-org/matrix-rust-sdk/commits/31e9600078cbaa9c3119ebe79f4a8fd6860b9ce4/ that has #4067

EXI Affected

Rust-component-kotlin affected since v1.0.55 and iOS 1.8.5 released Oct 8th

@andybalaam
Copy link
Member

Thanks @richvdh, I started to write a description like this before I realised you had done a much better job already!

@BillCarsonFr
Copy link
Member

This is my understanding of how users can be affected:

Migration error due to OwnUserIdentityVerifiedState

In order to hit the bug, your session needs to be previously verified but not anymore.
E.g. If you reset the identity from another session and not verify it again.
Then if you are in that state, and you updated to an affected version you will hit the bug.

  • On classic android it will crash due to missing handling of crypto store errors in flows.
  • Web will launch, but you will see errors in the console.
    • Sending will fail because in share_room_key we try to get our own device that will load the device owner identity (via wrap_device_data) => causing the migration error.
    • Incoming messages from new contacts are UTDs? (if we have existing megolm session or existing olm channel it should be OK.
  • On classic iOS?
  • On android

Migration error due to VerificationLevel

Inbound group session where sender data is "From a previously verified user" will fail to load. So message will be in UTD instead of having a red shield

This was referenced Dec 19, 2024
Merged
Closed
@BillCarsonFr
Copy link
Member

Updated. EXA 0.7.6 and EXI 1.9.10 are released with the fix

@richvdh richvdh closed this as completed Jan 2, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@andybalaam andybalaam

@BillCarsonFr BillCarsonFr

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@andybalaam @richvdh @BillCarsonFr