From 40da4e88ea24e85ffbd805fdc8d81921a9893cee Mon Sep 17 00:00:00 2001 From: Norm Date: Fri, 25 Oct 2024 11:09:20 -0400 Subject: [PATCH 1/3] Update hashtag prune to account for followed hashtags Currently pruning hashtags with the prune_objects task only accounts for whether that hashtag is associated with an object, but this may lead to a foreign key constraint violation if that hashtag has no objects but is followed by a local user. This adds an additional check to see if that hashtag has any followers before proceeding to delete it. --- lib/mix/tasks/pleroma/database.ex | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/lib/mix/tasks/pleroma/database.ex b/lib/mix/tasks/pleroma/database.ex index 87ccfdff1..f85fe5bea 100644 --- a/lib/mix/tasks/pleroma/database.ex +++ b/lib/mix/tasks/pleroma/database.ex @@ -346,7 +346,10 @@ def run(["prune_objects" | args]) do DELETE FROM hashtags AS ht WHERE NOT EXISTS ( SELECT 1 FROM hashtags_objects hto - WHERE ht.id = hto.hashtag_id) + WHERE ht.id = hto.hashtag_id + UNION + SELECT 1 FROM user_follows_hashtag ufht + WHERE ht.id = ufht.hashtag_id) """ |> Repo.query!() From 88a8086ad38d7d0fc0992c06aa5dff71597fbb0b Mon Sep 17 00:00:00 2001 From: Norm Date: Fri, 25 Oct 2024 12:25:18 -0400 Subject: [PATCH 2/3] Use LEFT JOIN instead of UNION for hashtag pruning --- lib/mix/tasks/pleroma/database.ex | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/lib/mix/tasks/pleroma/database.ex b/lib/mix/tasks/pleroma/database.ex index f85fe5bea..0a09a1c4a 100644 --- a/lib/mix/tasks/pleroma/database.ex +++ b/lib/mix/tasks/pleroma/database.ex @@ -343,13 +343,16 @@ def run(["prune_objects" | args]) do %{:num_rows => del_hashtags} = """ - DELETE FROM hashtags AS ht - WHERE NOT EXISTS ( - SELECT 1 FROM hashtags_objects hto - WHERE ht.id = hto.hashtag_id - UNION - SELECT 1 FROM user_follows_hashtag ufht - WHERE ht.id = ufht.hashtag_id) + DELETE FROM hashtags + USING hashtags AS ht + LEFT JOIN hashtags_objects hto + ON ht.id = hto.hashtag_id + LEFT JOIN user_follows_hashtag ufht + ON ht.id = ufht.hashtag_id + WHERE + hashtags.id = ht.id + AND hto.hashtag_id is NULL + AND ufht.hashtag_id is NULL """ |> Repo.query!() From f19d5d13809f044580018d1ff65fa41e0335fa31 Mon Sep 17 00:00:00 2001 From: Norm Date: Tue, 17 Dec 2024 18:30:01 -0500 Subject: [PATCH 3/3] Set customize_hostname_check for Swoosh.Adapters.SMTP This should hopefully fix issues with connecting to SMTP servers with wildcard TLS certificates. Taken from https://erlef.github.io/security-wg/secure_coding_and_deployment_hardening/ssl Fixes https://akkoma.dev/AkkomaGang/akkoma/issues/660 --- lib/pleroma/emails/mailer.ex | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/lib/pleroma/emails/mailer.ex b/lib/pleroma/emails/mailer.ex index 6a79a7694..af513f1f1 100644 --- a/lib/pleroma/emails/mailer.ex +++ b/lib/pleroma/emails/mailer.ex @@ -84,8 +84,14 @@ defp default_config(Swoosh.Adapters.SMTP, conf, _) do cacerts: os_cacerts, versions: [:"tlsv1.2", :"tlsv1.3"], verify: :verify_peer, - # some versions have supposedly issues verifying wildcard certs without this server_name_indication: relay, + # This allows wildcard ceritifcates to be verified properly. + # The :https parameter simply means to use the HTTPS wildcard format + # (as opposed to say LDAP). SMTP servers tend to use the same type of + # certs as HTTPS ones so this should work for most. + customize_hostname_check: [ + match_fun: :public_key.pkix_verify_hostname_match_fun(:https) + ], # the default of 10 is too restrictive depth: 32 ]