Set customize_hostname_check for Swoosh.Adapters.SMTP

This should hopefully fix issues with connecting to SMTP servers
with wildcard TLS certificates.

Taken from https://erlef.github.io/security-wg/secure_coding_and_deployment_hardening/ssl

Fixes #660

CHANGELOG.md

@@ -6,11 +6,6 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 
 ## UNRELEASED
 
-## Fixed
-- Media proxy no longer attempts to proxy embedded images
-
-## 3.13.3 
-
 ## BREAKING
 - Minimum PostgreSQL version is raised to 12
 - Swagger UI moved from `/akkoma/swaggerui/` to `/pleroma/swaggerui/`
@@ -28,8 +23,6 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 - AP objects with additional JSON-LD profiles beyond ActivityStreams can now be fetched
 - Single-selection polls no longer expose the voter_count; MastoAPI demands it be null
   and this confused some clients leading to vote distributions >100%
-- ObjectAge policy no longer lets unlisted posts slip through
-- ObjectAge policy no longer leaks belated DMs and follower-only posts
 
 ## Changed
 - Refactored Rich Media to cache the content in the database. Fetching operations that could block status rendering have been eliminated.

docs/docs/installation/generic_dependencies.include

@@ -2,7 +2,7 @@
 
 * PostgreSQL 12+
 * Elixir 1.14+ (currently tested up to 1.16)
-* Erlang OTP 25+ (currently tested up to OTP27)
+* Erlang OTP 25+ (currently tested up to OTP26)
 * git
 * file / libmagic
 * gcc (clang might also work)

lib/pleroma/emails/mailer.ex

@@ -84,8 +84,14 @@ defp default_config(Swoosh.Adapters.SMTP, conf, _) do
       cacerts: os_cacerts,
       versions: [:"tlsv1.2", :"tlsv1.3"],
       verify: :verify_peer,
-      # some versions have supposedly issues verifying wildcard certs without this
       server_name_indication: relay,
+      # This allows wildcard ceritifcates to be verified properly.
+      # The :https parameter simply means to use the HTTPS wildcard format
+      # (as opposed to say LDAP). SMTP servers tend to use the same type of
+      # certs as HTTPS ones so this should work for most.
+      customize_hostname_check: [
+        match_fun: :public_key.pkix_verify_hostname_match_fun(:https)
+      ],
       # the default of 10 is too restrictive
       depth: 32
     ]

lib/pleroma/user.ex

@@ -443,7 +443,6 @@ defp fix_follower_address(params), do: params
   def remote_user_changeset(struct \\ %User{local: false}, params) do
     bio_limit = Config.get([:instance, :user_bio_length], 5000)
     name_limit = Config.get([:instance, :user_name_length], 100)
-    fields_limit = Config.get([:instance, :max_remote_account_fields], 0)
 
     name =
       case params[:name] do
@@ -457,7 +456,6 @@ def remote_user_changeset(struct \\ %User{local: false}, params) do
       |> Map.put_new(:last_refreshed_at, NaiveDateTime.utc_now())
       |> truncate_if_exists(:name, name_limit)
       |> truncate_if_exists(:bio, bio_limit)
-      |> Map.update(:fields, [], &Enum.take(&1, fields_limit))
       |> truncate_fields_param()
       |> fix_follower_address()
 

lib/pleroma/user/signing_key.ex

@@ -194,24 +194,31 @@ def get_or_fetch_by_key_id(key_id) do
   """
   def fetch_remote_key(key_id) do
     Logger.debug("Fetching remote key: #{key_id}")
+    resp = Pleroma.Object.Fetcher.fetch_and_contain_remote_object_from_id(key_id)
 
-    with {:ok, _body} = resp <-
-           Pleroma.Object.Fetcher.fetch_and_contain_remote_object_from_id(key_id),
-         {:ok, ap_id, public_key_pem} <- handle_signature_response(resp) do
-      Logger.debug("Fetched remote key: #{ap_id}")
-      # fetch the user
-      {:ok, user} = User.get_or_fetch_by_ap_id(ap_id)
-      # store the key
-      key = %__MODULE__{
-        user_id: user.id,
-        public_key: public_key_pem,
-        key_id: key_id
-      }
+    case resp do
+      {:ok, _body} ->
+        case handle_signature_response(resp) do
+          {:ok, ap_id, public_key_pem} ->
+            Logger.debug("Fetched remote key: #{ap_id}")
+            # fetch the user
+            {:ok, user} = User.get_or_fetch_by_ap_id(ap_id)
+            # store the key
+            key = %__MODULE__{
+              user_id: user.id,
+              public_key: public_key_pem,
+              key_id: key_id
+            }
 
-      Repo.insert(key, on_conflict: :replace_all, conflict_target: :key_id)
-    else
-      e ->
-        Logger.debug("Failed to fetch remote key: #{inspect(e)}")
+            Repo.insert(key, on_conflict: :replace_all, conflict_target: :key_id)
+
+          e ->
+            Logger.debug("Failed to fetch remote key: #{inspect(e)}")
+            {:error, "Could not fetch key"}
+        end
+
+      _ ->
+        Logger.debug("Failed to fetch remote key: #{inspect(resp)}")
         {:error, "Could not fetch key"}
     end
   end

lib/pleroma/web/activity_pub/mrf/object_age_policy.ex

@@ -34,34 +34,16 @@ defp check_reject(message, actions) do
     end
   end
 
-  @spec delete_and_count(list(), term()) :: {integer(), list()}
-  defp delete_and_count(list, element), do: delete_and_count(list, element, {0, [], list})
-
-  defp delete_and_count([], _element, {0, _nlist, olist}), do: {0, olist}
-  defp delete_and_count([], _element, {count, nlist, _olist}), do: {count, Enum.reverse(nlist)}
-
-  defp delete_and_count([h | r], h, {count, nlist, olist}),
-    do: delete_and_count(r, h, {count + 1, nlist, olist})
-
-  defp delete_and_count([h | r], element, {count, nlist, olist}),
-    do: delete_and_count(r, element, {count, [h | nlist], olist})
-
-  defp insert_if_needed(list, oldcount, element) do
-    if oldcount <= 0 || Enum.member?(list, element) do
-      list
-    else
-      [element | list]
-    end
-  end
-
   defp check_delist(message, actions) do
     if :delist in actions do
       with %User{} = user <- User.get_cached_by_ap_id(message["actor"]) do
-        {pubcnt, to} = delete_and_count(message["to"] || [], Pleroma.Constants.as_public())
-        {flwcnt, cc} = delete_and_count(message["cc"] || [], user.follower_address)
+        to =
+          List.delete(message["to"] || [], Pleroma.Constants.as_public()) ++
+            [user.follower_address]
 
-        cc = insert_if_needed(cc, pubcnt, Pleroma.Constants.as_public())
-        to = insert_if_needed(to, flwcnt, user.follower_address)
+        cc =
+          List.delete(message["cc"] || [], user.follower_address) ++
+            [Pleroma.Constants.as_public()]
 
         message =
           message
@@ -83,8 +65,8 @@ defp check_delist(message, actions) do
   defp check_strip_followers(message, actions) do
     if :strip_followers in actions do
       with %User{} = user <- User.get_cached_by_ap_id(message["actor"]) do
-        {_, to} = delete_and_count(message["to"] || [], user.follower_address)
-        {_, cc} = delete_and_count(message["cc"] || [], user.follower_address)
+        to = List.delete(message["to"] || [], user.follower_address)
+        cc = List.delete(message["cc"] || [], user.follower_address)
 
         message =
           message

lib/pleroma/web/activity_pub/transmogrifier.ex

@@ -950,7 +950,8 @@ defp build_emoji_tag({name, url}) do
       "icon" => %{"url" => "#{URI.encode(url)}", "type" => "Image"},
       "name" => ":" <> name <> ":",
       "type" => "Emoji",
-      "updated" => "1970-01-01T00:00:00Z"
+      "updated" => "1970-01-01T00:00:00Z",
+      "id" => nil
     }
   end
 

lib/pleroma/web/media_proxy.ex

@@ -52,11 +52,11 @@ def url(url) do
 
   @spec url_proxiable?(String.t()) :: boolean()
   def url_proxiable?(url) do
-    not local?(url) and not whitelisted?(url) and not blocked?(url) and http_scheme?(url)
+    not local?(url) and not whitelisted?(url) and not blocked?(url)
   end
 
   def preview_url(url, preview_params \\ []) do
-    if preview_enabled?() and url_proxiable?(url) do
+    if preview_enabled?() do
       encode_preview_url(url, preview_params)
     else
       url(url)
@@ -71,8 +71,6 @@ def preview_enabled?, do: enabled?() and !!Config.get([:media_preview_proxy, :en
 
   def local?(url), do: String.starts_with?(url, Endpoint.url())
 
-  def http_scheme?(url), do: String.starts_with?(url, ["http:", "https:"])
-
   def whitelisted?(url) do
     %{host: domain} = URI.parse(url)
 

lib/pleroma/web/nodeinfo/nodeinfo_controller.ex

@@ -31,7 +31,7 @@ def nodeinfo(conn, %{"version" => version}) when version in ["2.0", "2.1"] do
     conn
     |> put_resp_header(
       "content-type",
-      "application/json; profile=\"http://nodeinfo.diaspora.software/ns/schema/#{version}#\"; charset=utf-8"
+      "application/json; profile=http://nodeinfo.diaspora.software/ns/schema/2.0#; charset=utf-8"
     )
     |> json(Nodeinfo.get_nodeinfo(version))
   end

mix.exs

@@ -4,7 +4,7 @@ defmodule Pleroma.Mixfile do
   def project do
     [
       app: :pleroma,
-      version: version("3.13.3"),
+      version: version("3.13.2"),
       elixir: "~> 1.14",
       elixirc_paths: elixirc_paths(Mix.env()),
       compilers: Mix.compilers(),

priv/repo/migrations/20240625220752_move_signing_keys.exs

@@ -8,14 +8,13 @@ def up do
     # we do not handle remote users here!
     # because we want to store a key id -> user id mapping, and we don't
     # currently store key ids for remote users...
-    # Also this MUST use select, else the migration will fail in future installs with new user fields!
-    from(u in Pleroma.User,
-      where: u.local == true,
-      select: {u.id, u.keys, u.ap_id}
-    )
-    |> Repo.stream(timeout: :infinity)
+    query =
+      from(u in User)
+      |> where(local: true)
+
+    Repo.stream(query, timeout: :infinity)
     |> Enum.each(fn
-      {user_id, private_key, ap_id} ->
+      %User{id: user_id, keys: private_key, local: true, ap_id: ap_id} ->
         IO.puts("Migrating user #{user_id}")
         # we can precompute the public key here...
         # we do use it on every user view which makes it a bit of a dos attack vector

priv/repo/migrations/20241126093029_add_signing_key_index.exs

@@ -1,7 +0,0 @@
-defmodule Pleroma.Repo.Migrations.AddSigningKeyIndex do
-  use Ecto.Migration
-
-  def change do
-    create_if_not_exists(index(:signing_keys, [:user_id], name: :signing_keys_user_id_index))
-  end
-end

test/pleroma/user_test.exs

@@ -966,21 +966,6 @@ test "it is invalid given a local user" do
 
       refute cs.valid?
     end
-
-    test "it truncates fields" do
-      clear_config([:instance, :max_remote_account_fields], 2)
-
-      fields = [
-        %{"name" => "One", "value" => "Uno"},
-        %{"name" => "Two", "value" => "Dos"},
-        %{"name" => "Three", "value" => "Tres"}
-      ]
-
-      cs = User.remote_user_changeset(@valid_remote |> Map.put(:fields, fields))
-
-      assert [%{"name" => "One", "value" => "Uno"}, %{"name" => "Two", "value" => "Dos"}] ==
-               Ecto.Changeset.get_field(cs, :fields)
-    end
   end
 
   describe "followers and friends" do

test/pleroma/web/activity_pub/mrf/object_age_policy_test.exs

@@ -79,7 +79,7 @@ test "works with objects with empty to or cc fields" do
 
       {:ok, data} = ObjectAgePolicy.filter(data)
 
-      assert Visibility.get_visibility(%{data: data}) == "direct"
+      assert Visibility.get_visibility(%{data: data}) == "unlisted"
     end
 
     test "it delists an old post" do

test/pleroma/web/activity_pub/transmogrifier/note_handling_test.exs

@@ -698,6 +698,7 @@ test "take_emoji_tags/1" do
     assert Transmogrifier.take_emoji_tags(user) == [
              %{
                "icon" => %{"type" => "Image", "url" => "https://example.org/firefox.png"},
+               "id" => nil,
                "name" => ":firefox:",
                "type" => "Emoji",
                "updated" => "1970-01-01T00:00:00Z"

test/pleroma/web/activity_pub/transmogrifier/user_update_handling_test.exs

@@ -119,8 +119,8 @@ test "it works with custom profile fields" do
     user = User.get_cached_by_ap_id(user.ap_id)
 
     assert user.fields == [
-             %{"name" => "foo", "value" => "bar"},
-             %{"name" => "foo11", "value" => "bar11"}
+             %{"name" => "foo", "value" => "updated"},
+             %{"name" => "foo1", "value" => "updated"}
            ]
 
     update_data =

test/pleroma/web/activity_pub/views/user_view_test.exs

@@ -47,6 +47,7 @@ test "Renders with emoji tags" do
              "tag" => [
                %{
                  "icon" => %{"type" => "Image", "url" => "/test"},
+                 "id" => nil,
                  "name" => ":bib:",
                  "type" => "Emoji",
                  "updated" => "1970-01-01T00:00:00Z"

test/pleroma/web/media_proxy_test.exs

@@ -37,10 +37,6 @@ test "ignores local url" do
       assert MediaProxy.url(local_root) == local_root
     end
 
-    test "ignores data url" do
-      assert MediaProxy.url("data:image/png;base64,") == "data:image/png;base64,"
-    end
-
     test "encodes and decodes URL" do
       url = "https://pleroma.soykaf.com/static/logo.png"
       encoded = MediaProxy.url(url)