Merge branch 'release/1.6.12' into main

CHANGES.md

@@ -1,3 +1,20 @@
+Changes in Element v1.6.12 (2024-02-16)
+=======================================
+
+This update provides important security fixes, please update now.
+
+Security fixes 🔐
+-----------------
+ - Add a check on incoming intent. ([#1506 internal](https://github.com/matrix-org/internal-config/issues/1506))
+ - Store temporary files created for Camera in the media folder. ([#1505 internal](https://github.com/matrix-org/internal-config/issues/1505))
+
+Bugfixes 🐛
+----------
+ - Switch the position and styles of the 'already have an account' and 'create account' buttons in the login splash screen. Also changes the 'already have an account one' to just say 'sign in'. ([#+update-login-splash-screen](https://github.com/element-hq/element-android/issues/+update-login-splash-screen))
+ - Improve `Event.getClearContent()` and fix assignment issue that may help to decrypt last Event in the room list. ([#8744](https://github.com/element-hq/element-android/issues/8744))
+ - Fix issues about location Event avatar rendering. ([#8749](https://github.com/element-hq/element-android/issues/8749))
+
+
 Changes in Element v1.6.10 (2024-01-09)
 =======================================
 

SECURITY.md

@@ -1,5 +1,5 @@
 # Reporting a Vulnerability
 
-**If you've found a security vulnerability, please report it to security@matrix.org**
+**If you've found a security vulnerability in Element software, please report it to security@element.io.**
 
-For more information on our security disclosure policy, visit https://www.matrix.org/security-disclosure-policy/
+For more information on our security disclosure policy, visit https://element.io/security/security-disclosure-policy.

dependencies.gradle

@@ -101,7 +101,7 @@ ext.libs = [
         ],
         element     : [
                 'opusencoder'             : "io.element.android:opusencoder:1.1.0",
-                'wysiwyg'                 : "io.element.android:wysiwyg:2.24.0"
+                'wysiwyg'                 : "io.element.android:wysiwyg:2.29.0"
         ],
         squareup    : [
                 'moshi'                  : "com.squareup.moshi:moshi:$moshi",

fastlane/metadata/android/en-US/changelogs/40106100.txt

@@ -1,2 +1,2 @@
-Main changes in this version: add Mobile Device Managament and functional members support.
+Main changes in this version: add Mobile Device Management and functional members support.
 Full changelog: https://github.com/element-hq/element-android/releases

fastlane/metadata/android/en-US/changelogs/40106120.txt

@@ -0,0 +1,2 @@
+Main changes in this version: Security release.
+Full changelog: https://github.com/element-hq/element-android/releases

library/multipicker/src/main/java/im/vector/lib/multipicker/utils/MediaFileUtils.kt

@@ -24,7 +24,7 @@ import java.util.Locale
 
 internal fun createTemporaryMediaFile(context: Context, mediaType: MediaType): File {
     val timeStamp: String = SimpleDateFormat("yyyyMMdd_HHmmss", Locale.getDefault()).format(Date())
-    val storageDir: File = context.filesDir.also { it.mkdirs() }
+    val storageDir: File = File(context.filesDir, "media").also { it.mkdirs() }
     val fileSuffix = when (mediaType) {
         MediaType.IMAGE -> ".jpg"
         MediaType.VIDEO -> ".mp4"

library/multipicker/src/main/res/xml/multipicker_provider_paths.xml

@@ -2,5 +2,5 @@
 <paths>
     <files-path
         name="external_files"
-        path="." />
-</paths>
+        path="media" />
+</paths>

library/ui-strings/src/main/res/values/strings.xml

@@ -2095,6 +2095,7 @@
     <string name="login_splash_text2">Keep conversations private with encryption</string>
     <string name="login_splash_text3">Extend &amp; customize your experience</string>
     <string name="login_splash_submit">Get started</string>
+    <string name="login_splash_sign_in">Sign In</string>
     <string name="login_splash_create_account">Create account</string>
     <string name="login_splash_already_have_account">I already have an account</string>
 

matrix-sdk-android/build.gradle

@@ -62,7 +62,7 @@ android {
         // that the app's state is completely cleared between tests.
         testInstrumentationRunnerArguments clearPackageData: 'true'
 
-        buildConfigField "String", "SDK_VERSION", "\"1.6.10\""
+        buildConfigField "String", "SDK_VERSION", "\"1.6.12\""
 
         buildConfigField "String", "GIT_SDK_REVISION", "\"${gitRevision()}\""
         buildConfigField "String", "GIT_SDK_REVISION_UNIX_DATE", "\"${gitRevisionUnixDate()}\""

matrix-sdk-android/src/main/java/org/matrix/android/sdk/api/session/SessionExtensions.kt

@@ -19,6 +19,7 @@ package org.matrix.android.sdk.api.session
 import org.matrix.android.sdk.api.session.room.Room
 import org.matrix.android.sdk.api.session.room.model.RoomSummary
 import org.matrix.android.sdk.api.session.user.model.User
+import timber.log.Timber
 
 /**
  * Get a room using the RoomService of a Session.
@@ -41,4 +42,5 @@ fun Session.getUser(userId: String): User? = userService().getUser(userId)
 /**
  * Similar to [getUser], but fallback to a User without details if the User is not known by the SDK, or if Session is null.
  */
-fun Session?.getUserOrDefault(userId: String): User = this?.userService()?.getUser(userId) ?: User(userId)
+fun Session?.getUserOrDefault(userId: String): User = this?.userService()?.getUser(userId)
+        ?: User(userId).also { Timber.w("User $userId not found in local cache, fallback to default") }

matrix-sdk-android/src/main/java/org/matrix/android/sdk/api/session/events/model/Event.kt

@@ -219,10 +219,16 @@ data class Event(
     }
 
     /**
-     * @return the event content
+     * @return the event content.
+     * If the content is encrypted, it will return the decrypted content, or null if the content is not
+     * decrypted.
      */
     fun getClearContent(): Content? {
-        return getDecryptedContent() ?: content
+        return if (isEncrypted()) {
+            getDecryptedContent()
+        } else {
+            content
+        }
     }
 
     /**

matrix-sdk-android/src/main/java/org/matrix/android/sdk/api/session/room/model/livelocation/LiveLocationShareAggregatedSummary.kt

@@ -22,6 +22,7 @@ import org.matrix.android.sdk.api.session.room.model.message.MessageBeaconLocati
  * Aggregation info concerning a live location share.
  */
 data class LiveLocationShareAggregatedSummary(
+        val roomId: String?,
         val userId: String?,
         /**
          * Indicate whether the live is currently running.

matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/RustCryptoService.kt

@@ -627,7 +627,7 @@ internal class RustCryptoService @Inject constructor(
     }
 
     private fun notifyRoomKeyReceived(
-            roomId: String,
+            roomId: String?,
             sessionId: String,
     ) {
         megolmSessionImportManager.dispatchNewSession(roomId, sessionId)
@@ -664,18 +664,18 @@ internal class RustCryptoService @Inject constructor(
             when (event.type) {
                 EventType.ROOM_KEY -> {
                     val content = event.getClearContent().toModel<RoomKeyContent>() ?: return@forEach
-                    content.sessionKey
-                    val roomId = content.sessionId ?: return@forEach
-                    val sessionId = content.sessionId
+
+                    val roomId = content.roomId
+                    val sessionId = content.sessionId ?: return@forEach
 
                     notifyRoomKeyReceived(roomId, sessionId)
                     matrixConfiguration.cryptoAnalyticsPlugin?.onRoomKeyImported(sessionId, EventType.ROOM_KEY)
                 }
                 EventType.FORWARDED_ROOM_KEY -> {
                     val content = event.getClearContent().toModel<ForwardedRoomKeyContent>() ?: return@forEach
 
-                    val roomId = content.sessionId ?: return@forEach
-                    val sessionId = content.sessionId
+                    val roomId = content.roomId
+                    val sessionId = content.sessionId ?: return@forEach
 
                     notifyRoomKeyReceived(roomId, sessionId)
                     matrixConfiguration.cryptoAnalyticsPlugin?.onRoomKeyImported(sessionId, EventType.FORWARDED_ROOM_KEY)

matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/database/mapper/LiveLocationShareAggregatedSummaryMapper.kt

@@ -28,6 +28,7 @@ internal class LiveLocationShareAggregatedSummaryMapper @Inject constructor() :
 
     override fun map(entity: LiveLocationShareAggregatedSummaryEntity): LiveLocationShareAggregatedSummary {
         return LiveLocationShareAggregatedSummary(
+                roomId = entity.roomId,
                 userId = entity.userId,
                 isActive = entity.isActive,
                 endOfLiveTimestampMillis = entity.endOfLiveTimestampMillis,

matrix-sdk-android/src/test/java/org/matrix/android/sdk/internal/database/mapper/LiveLocationShareAggregatedSummaryMapperTest.kt

@@ -24,6 +24,7 @@ import org.matrix.android.sdk.api.session.room.model.message.LocationInfo
 import org.matrix.android.sdk.api.session.room.model.message.MessageBeaconLocationDataContent
 import org.matrix.android.sdk.internal.database.model.livelocation.LiveLocationShareAggregatedSummaryEntity
 
+private const val ANY_ROOM_ID = "a-room-id"
 private const val ANY_USER_ID = "a-user-id"
 private const val ANY_ACTIVE_STATE = true
 private const val ANY_TIMEOUT = 123L
@@ -40,6 +41,7 @@ class LiveLocationShareAggregatedSummaryMapperTest {
         val summary = mapper.map(entity)
 
         summary shouldBeEqualTo LiveLocationShareAggregatedSummary(
+                roomId = ANY_ROOM_ID,
                 userId = ANY_USER_ID,
                 isActive = ANY_ACTIVE_STATE,
                 endOfLiveTimestampMillis = ANY_TIMEOUT,
@@ -48,6 +50,7 @@ class LiveLocationShareAggregatedSummaryMapperTest {
     }
 
     private fun anEntity(content: MessageBeaconLocationDataContent) = LiveLocationShareAggregatedSummaryEntity(
+            roomId = ANY_ROOM_ID,
             userId = ANY_USER_ID,
             isActive = ANY_ACTIVE_STATE,
             endOfLiveTimestampMillis = ANY_TIMEOUT,

matrix-sdk-android/src/test/java/org/matrix/android/sdk/internal/session/event/ValidDecryptedEventTest.kt

@@ -89,7 +89,7 @@ class ValidDecryptedEventTest {
                 ).toContent()
         )
 
-        val unValidatedContent = mixedEvent.getClearContent().toModel<MessageTextContent>()
+        val unValidatedContent = mixedEvent.content.toModel<MessageTextContent>()
         unValidatedContent?.body shouldBe "some message"
 
         mixedEvent.toValidDecryptedEvent()?.clearContent?.toModel<MessageTextContent>() shouldBe null

matrix-sdk-android/src/test/java/org/matrix/android/sdk/internal/session/room/location/DefaultLocationSharingServiceTest.kt

@@ -229,6 +229,7 @@ internal class DefaultLocationSharingServiceTest {
     fun `livedata of live summaries is correctly computed`() {
         val entity = LiveLocationShareAggregatedSummaryEntity()
         val summary = LiveLocationShareAggregatedSummary(
+                roomId = A_ROOM_ID,
                 userId = "",
                 isActive = true,
                 endOfLiveTimestampMillis = 123,
@@ -255,6 +256,7 @@ internal class DefaultLocationSharingServiceTest {
     fun `given an event id when getting livedata on corresponding live summary then it is correctly computed`() {
         val entity = LiveLocationShareAggregatedSummaryEntity()
         val summary = LiveLocationShareAggregatedSummary(
+                roomId = A_ROOM_ID,
                 userId = "",
                 isActive = true,
                 endOfLiveTimestampMillis = 123,

tools/release/download_github_artifacts.py

@@ -16,11 +16,12 @@
 #
 
 import argparse
-import hashlib
 import json
 import os
 # Run `pip3 install requests` if not installed yet
 import requests
+# Run `pip3 install re` if not installed yet
+import re
 
 # This script downloads artifacts from GitHub.
 # Ref: https://docs.github.com/en/rest/actions/artifacts#get-an-artifact
@@ -65,22 +66,20 @@
     print(args)
 
 # Split the artifact URL to get information
-# Ex: https://github.com/element-hq/element-android/suites/9293388174/artifacts/435942121
+# Ex: https://github.com/element-hq/element-android/actions/runs/7460386865/artifacts/1156548729
 artifactUrl = args.artifactUrl
-if not artifactUrl.startswith('https://github.com/'):
-    print("❌ Invalid parameter --artifactUrl %s. Must start with 'https://github.com/'" % artifactUrl)
-    exit(1)
-if "/artifacts/" not in artifactUrl:
-    print("❌ Invalid parameter --artifactUrl %s. Must contain '/artifacts/'" % artifactUrl)
-    exit(1)
-artifactItems = artifactUrl.split("/")
-if len(artifactItems) != 9:
-    print("❌ Invalid parameter --artifactUrl %s. Please check the format." % (artifactUrl))
+
+url_regex = r"https://github.com/(.+?)/(.+?)/actions/runs/.+?/artifacts/(.+)"
+result = re.search(url_regex, artifactUrl)
+
+if result is None:
+    print(
+        "❌ Invalid parameter --artifactUrl '%s'. Please check the format.\nIt should be something like: %s" %
+        (artifactUrl, 'https://github.com/element-hq/element-android/actions/runs/7460386865/artifacts/1156548729')
+    )
     exit(1)
 
-gitHubRepoOwner = artifactItems[3]
-gitHubRepo = artifactItems[4]
-artifactId = artifactItems[8]
+(gitHubRepoOwner, gitHubRepo, artifactId) = result.groups()
 
 if args.verbose:
     print("gitHubRepoOwner: %s, gitHubRepo: %s, artifactId: %s" % (gitHubRepoOwner, gitHubRepo, artifactId))

vector-app/build.gradle

@@ -37,7 +37,7 @@ ext.versionMinor = 6
 // Note: even values are reserved for regular release, odd values for hotfix release.
 // When creating a hotfix, you should decrease the value, since the current value
 // is the value for the next regular release.
-ext.versionPatch = 10
+ext.versionPatch = 12
 
 static def getGitTimestamp() {
     def cmd = 'git show -s --format=%ct'

vector/src/main/java/im/vector/app/core/epoxy/bottomsheet/BottomSheetMessagePreviewItem.kt

@@ -103,10 +103,10 @@ abstract class BottomSheetMessagePreviewItem : VectorEpoxyModel<BottomSheetMessa
                     .apply(RequestOptions.centerCropTransform())
                     .into(holder.staticMapImageView)
 
-            safeLocationUiData.locationPinProvider.create(safeLocationUiData.locationOwnerId) { pinDrawable ->
-                GlideApp.with(holder.staticMapPinImageView)
-                        .load(pinDrawable)
-                        .into(holder.staticMapPinImageView)
+            val pinMatrixItem = matrixItem.takeIf { safeLocationUiData.locationOwnerId != null }
+            safeLocationUiData.locationPinProvider.create(pinMatrixItem) { pinDrawable ->
+                // we are not using Glide since it does not display it correctly when there is no user photo
+                holder.staticMapPinImageView.setImageDrawable(pinDrawable)
             }
         }
     }

vector/src/main/java/im/vector/app/features/MainActivity.kt

@@ -39,6 +39,9 @@ import im.vector.app.features.analytics.VectorAnalytics
 import im.vector.app.features.analytics.plan.ViewRoom
 import im.vector.app.features.home.HomeActivity
 import im.vector.app.features.home.ShortcutsHandler
+import im.vector.app.features.home.room.detail.RoomDetailActivity
+import im.vector.app.features.home.room.threads.ThreadsActivity
+import im.vector.app.features.location.live.map.LiveLocationMapViewActivity
 import im.vector.app.features.notifications.NotificationDrawerManager
 import im.vector.app.features.pin.UnlockedActivity
 import im.vector.app.features.pin.lockscreen.crypto.LockScreenKeyRepository
@@ -115,6 +118,14 @@ class MainActivity : VectorBaseActivity<ActivityMainBinding>(), UnlockedActivity
                 putExtra(EXTRA_ROOM_ID, roomId)
             }
         }
+
+        val allowList = listOf(
+                HomeActivity::class.java.name,
+                MainActivity::class.java.name,
+                RoomDetailActivity::class.java.name,
+                ThreadsActivity::class.java.name,
+                LiveLocationMapViewActivity::class.java.name,
+        )
     }
 
     private val startAppViewModel: StartAppViewModel by viewModel()
@@ -186,6 +197,7 @@ class MainActivity : VectorBaseActivity<ActivityMainBinding>(), UnlockedActivity
             // Start the next Activity
             startSyncing()
             val nextIntent = intent.getParcelableExtraCompat<Intent>(EXTRA_NEXT_INTENT)
+                    ?.takeIf { it.isValid() }
             startIntentAndFinish(nextIntent)
         } else if (intent.hasExtra(EXTRA_INIT_SESSION)) {
             startSyncing()
@@ -380,4 +392,11 @@ class MainActivity : VectorBaseActivity<ActivityMainBinding>(), UnlockedActivity
         intent?.let { startActivity(it) }
         finish()
     }
+
+    private fun Intent.isValid(): Boolean {
+        val componentName = resolveActivity(packageManager) ?: return false
+        val packageName = componentName.packageName
+        val className = componentName.className
+        return packageName == buildMeta.applicationId && className in allowList
+    }
 }

vector/src/main/java/im/vector/app/features/home/room/detail/timeline/action/MessageActionsEpoxyController.kt

@@ -238,7 +238,7 @@ class MessageActionsEpoxyController @Inject constructor(
         val locationUrl = locationContent.toLocationData()
                 ?.let { urlMapProvider.buildStaticMapUrl(it, INITIAL_MAP_ZOOM_IN_TIMELINE, 1200, 800) }
                 ?: return null
-        val locationOwnerId = if (locationContent.isSelfLocation()) state.informationData.matrixItem.id else null
+        val locationOwnerId = if (locationContent.isSelfLocation()) state.informationData.senderId else null
 
         return LocationUiData(
                 locationUrl = locationUrl,

vector/src/main/java/im/vector/app/features/home/room/detail/timeline/factory/LiveLocationShareMessageItemFactory.kt

@@ -114,7 +114,7 @@ class LiveLocationShareMessageItemFactory @Inject constructor(
                 .locationUrl(locationUrl)
                 .mapWidth(width)
                 .mapHeight(height)
-                .locationUserId(attributes.informationData.senderId)
+                .pinMatrixItem(attributes.informationData.matrixItem)
                 .locationPinProvider(locationPinProvider)
                 .highlighted(highlight)
                 .leftGuideline(avatarSizeProvider.leftGuideline)

vector/src/main/java/im/vector/app/features/home/room/detail/timeline/factory/MessageItemFactory.kt

@@ -233,14 +233,14 @@ class MessageItemFactory @Inject constructor(
             urlMapProvider.buildStaticMapUrl(it, INITIAL_MAP_ZOOM_IN_TIMELINE, width, height)
         }
 
-        val locationUserId = if (locationContent.isSelfLocation()) informationData.senderId else null
+        val pinMatrixItem = if (locationContent.isSelfLocation()) informationData.matrixItem else null
 
         return MessageLocationItem_()
                 .attributes(attributes)
                 .locationUrl(locationUrl)
                 .mapWidth(width)
                 .mapHeight(height)
-                .locationUserId(locationUserId)
+                .pinMatrixItem(pinMatrixItem)
                 .locationPinProvider(locationPinProvider)
                 .highlighted(highlight)
                 .leftGuideline(avatarSizeProvider.leftGuideline)