From 55ddf72168d207991a5135de56795b0aed0ad579 Mon Sep 17 00:00:00 2001 From: Benoit Marty Date: Fri, 28 Feb 2025 09:58:49 +0100 Subject: [PATCH 1/4] Ignore server errors (network error, etc.) when login out the user after 3 incorrect PIN entered. --- .../src/main/java/im/vector/app/features/MainActivity.kt | 4 +++- .../main/java/im/vector/app/features/pin/PinFragment.kt | 8 +++++++- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/vector/src/main/java/im/vector/app/features/MainActivity.kt b/vector/src/main/java/im/vector/app/features/MainActivity.kt index fcedb7c21a..6b16c2deb8 100644 --- a/vector/src/main/java/im/vector/app/features/MainActivity.kt +++ b/vector/src/main/java/im/vector/app/features/MainActivity.kt @@ -61,6 +61,7 @@ import javax.inject.Inject data class MainActivityArgs( val clearCache: Boolean = false, val clearCredentials: Boolean = false, + val ignoreLogoutServerError: Boolean = false, val isUserLoggedOut: Boolean = false, val isAccountDeactivated: Boolean = false, val isSoftLogout: Boolean = false @@ -238,6 +239,7 @@ class MainActivity : VectorBaseActivity(), UnlockedActivity return MainActivityArgs( clearCache = argsFromIntent?.clearCache ?: false, clearCredentials = argsFromIntent?.clearCredentials ?: false, + ignoreLogoutServerError = argsFromIntent?.ignoreLogoutServerError ?: false, isUserLoggedOut = argsFromIntent?.isUserLoggedOut ?: false, isAccountDeactivated = argsFromIntent?.isAccountDeactivated ?: false, isSoftLogout = argsFromIntent?.isSoftLogout ?: false @@ -263,7 +265,7 @@ class MainActivity : VectorBaseActivity(), UnlockedActivity } } args.clearCredentials -> { - signout(session, onboardingStore, ignoreServerError = false) + signout(session, onboardingStore, ignoreServerError = args.ignoreLogoutServerError) } args.clearCache -> { lifecycleScope.launch { diff --git a/vector/src/main/java/im/vector/app/features/pin/PinFragment.kt b/vector/src/main/java/im/vector/app/features/pin/PinFragment.kt index 0dafe88118..effe976ce3 100644 --- a/vector/src/main/java/im/vector/app/features/pin/PinFragment.kt +++ b/vector/src/main/java/im/vector/app/features/pin/PinFragment.kt @@ -162,6 +162,12 @@ class PinFragment : } private fun launchResetPinFlow() { - MainActivity.restartApp(requireActivity(), MainActivityArgs(clearCredentials = true)) + MainActivity.restartApp( + activity = requireActivity(), + args = MainActivityArgs( + clearCredentials = true, + ignoreLogoutServerError = true, + ) + ) } } From fe7a8fe1af7fffd9477251d0d8b07734d6930a87 Mon Sep 17 00:00:00 2001 From: Benoit Marty Date: Fri, 7 Mar 2025 09:40:44 +0100 Subject: [PATCH 2/4] Prepare release 1.6.34 --- CHANGES.md | 7 +++++++ fastlane/metadata/android/en-US/changelogs/40106340.txt | 2 ++ 2 files changed, 9 insertions(+) create mode 100644 fastlane/metadata/android/en-US/changelogs/40106340.txt diff --git a/CHANGES.md b/CHANGES.md index 195008a0c2..46a7241015 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -1,3 +1,10 @@ +Changes in Element v1.6.34 (2025-03-07) +======================================= + +Other changes +------------- +- Fix security issue. + Changes in Element v1.6.32 (2025-02-18) ======================================= diff --git a/fastlane/metadata/android/en-US/changelogs/40106340.txt b/fastlane/metadata/android/en-US/changelogs/40106340.txt new file mode 100644 index 0000000000..6563fef2e4 --- /dev/null +++ b/fastlane/metadata/android/en-US/changelogs/40106340.txt @@ -0,0 +1,2 @@ +Main changes in this version: Improve security. +Full changelog: https://github.com/element-hq/element-android/releases From 83974a2d0c49f5d7923aea3ab17c63b9178d9ce2 Mon Sep 17 00:00:00 2001 From: Benoit Marty Date: Mon, 10 Mar 2025 16:24:07 +0100 Subject: [PATCH 3/4] Update changelog --- CHANGES.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index 46a7241015..a57d76125f 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -1,9 +1,9 @@ Changes in Element v1.6.34 (2025-03-07) ======================================= -Other changes -------------- -- Fix security issue. +Security fixes 🔐 +----------------- +- Fix for [GHSA-632v-9pm3-m8ch](https://github.com/element-hq/element-android/security/advisories/GHSA-632v-9pm3-m8ch) / CVE-2025-27606 Changes in Element v1.6.32 (2025-02-18) ======================================= From 53bd78b05de375c6e6b0b5aa794a56b4ba95984c Mon Sep 17 00:00:00 2001 From: Benoit Marty Date: Tue, 11 Mar 2025 16:33:10 +0100 Subject: [PATCH 4/4] Add link to the CVE. Co-authored-by: davidegirardi <16451191+davidegirardi@users.noreply.github.com> --- CHANGES.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGES.md b/CHANGES.md index a57d76125f..2eb5240608 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -3,7 +3,7 @@ Changes in Element v1.6.34 (2025-03-07) Security fixes 🔐 ----------------- -- Fix for [GHSA-632v-9pm3-m8ch](https://github.com/element-hq/element-android/security/advisories/GHSA-632v-9pm3-m8ch) / CVE-2025-27606 +- Fix for [GHSA-632v-9pm3-m8ch](https://github.com/element-hq/element-android/security/advisories/GHSA-632v-9pm3-m8ch) / [CVE-2025-27606](https://www.cve.org/CVERecord?id=CVE-2025-27606) Changes in Element v1.6.32 (2025-02-18) =======================================