From 81a61e3c068417ef5db88cbbf6340016a44d96c9 Mon Sep 17 00:00:00 2001
From: Quentin Gliech <quenting@element.io>
Date: Tue, 17 Jun 2025 16:52:33 +0200
Subject: [PATCH 1/2] Fix loading of DER-encoded key files

---
 crates/config/src/sections/secrets.rs | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/crates/config/src/sections/secrets.rs b/crates/config/src/sections/secrets.rs
index e93817b68..fdee3a90c 100644
--- a/crates/config/src/sections/secrets.rs
+++ b/crates/config/src/sections/secrets.rs
@@ -149,10 +149,10 @@ impl KeyConfig {
     /// Returns the password in case any is provided.
     ///
     /// If `password_file` was given, the password is read from that file.
-    async fn password(&self) -> anyhow::Result<Option<Cow<String>>> {
+    async fn password(&self) -> anyhow::Result<Option<Cow<[u8]>>> {
         Ok(match &self.password {
-            Some(Password::File(path)) => Some(Cow::Owned(tokio::fs::read_to_string(path).await?)),
-            Some(Password::Value(password)) => Some(Cow::Borrowed(password)),
+            Some(Password::File(path)) => Some(Cow::Owned(tokio::fs::read(path).await?)),
+            Some(Password::Value(password)) => Some(Cow::Borrowed(password.as_bytes())),
             None => None,
         })
     }
@@ -160,10 +160,10 @@ impl KeyConfig {
     /// Returns the key.
     ///
     /// If `key_file` was given, the key is read from that file.
-    async fn key(&self) -> anyhow::Result<Cow<String>> {
+    async fn key(&self) -> anyhow::Result<Cow<[u8]>> {
         Ok(match &self.key {
-            Key::File(path) => Cow::Owned(tokio::fs::read_to_string(path).await?),
-            Key::Value(key) => Cow::Borrowed(key),
+            Key::File(path) => Cow::Owned(tokio::fs::read(path).await?),
+            Key::Value(key) => Cow::Borrowed(key.as_bytes()),
         })
     }
 
@@ -174,8 +174,8 @@ impl KeyConfig {
         let (key, password) = try_join(self.key(), self.password()).await?;
 
         let private_key = match password {
-            Some(password) => PrivateKey::load_encrypted(key.as_bytes(), password.as_bytes())?,
-            None => PrivateKey::load(key.as_bytes())?,
+            Some(password) => PrivateKey::load_encrypted(&key, password)?,
+            None => PrivateKey::load(&key)?,
         };
 
         Ok(JsonWebKey::new(private_key)

From 60f16ef1ade7094e9954f70dd4f6737b63f8f0b7 Mon Sep 17 00:00:00 2001
From: "github-actions[bot]"
 <41898282+github-actions[bot]@users.noreply.github.com>
Date: Tue, 17 Jun 2025 15:04:16 +0000
Subject: [PATCH 2/2] 0.17.1

---
 Cargo.lock | 56 +++++++++++++++++++++++++-------------------------
 Cargo.toml | 60 +++++++++++++++++++++++++++---------------------------
 2 files changed, 58 insertions(+), 58 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index 66ca0915d..0824ce1f2 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -3113,7 +3113,7 @@ dependencies = [
 
 [[package]]
 name = "mas-axum-utils"
-version = "0.17.0"
+version = "0.17.1"
 dependencies = [
  "anyhow",
  "axum",
@@ -3147,7 +3147,7 @@ dependencies = [
 
 [[package]]
 name = "mas-cli"
-version = "0.17.0"
+version = "0.17.1"
 dependencies = [
  "anyhow",
  "axum",
@@ -3221,7 +3221,7 @@ dependencies = [
 
 [[package]]
 name = "mas-config"
-version = "0.17.0"
+version = "0.17.1"
 dependencies = [
  "anyhow",
  "camino",
@@ -3253,7 +3253,7 @@ dependencies = [
 
 [[package]]
 name = "mas-context"
-version = "0.17.0"
+version = "0.17.1"
 dependencies = [
  "console",
  "opentelemetry",
@@ -3269,7 +3269,7 @@ dependencies = [
 
 [[package]]
 name = "mas-data-model"
-version = "0.17.0"
+version = "0.17.1"
 dependencies = [
  "base64ct",
  "chrono",
@@ -3290,7 +3290,7 @@ dependencies = [
 
 [[package]]
 name = "mas-email"
-version = "0.17.0"
+version = "0.17.1"
 dependencies = [
  "async-trait",
  "lettre",
@@ -3301,7 +3301,7 @@ dependencies = [
 
 [[package]]
 name = "mas-handlers"
-version = "0.17.0"
+version = "0.17.1"
 dependencies = [
  "aide",
  "anyhow",
@@ -3380,7 +3380,7 @@ dependencies = [
 
 [[package]]
 name = "mas-http"
-version = "0.17.0"
+version = "0.17.1"
 dependencies = [
  "futures-util",
  "headers",
@@ -3401,7 +3401,7 @@ dependencies = [
 
 [[package]]
 name = "mas-i18n"
-version = "0.17.0"
+version = "0.17.1"
 dependencies = [
  "camino",
  "icu_calendar",
@@ -3423,7 +3423,7 @@ dependencies = [
 
 [[package]]
 name = "mas-i18n-scan"
-version = "0.17.0"
+version = "0.17.1"
 dependencies = [
  "camino",
  "clap",
@@ -3437,7 +3437,7 @@ dependencies = [
 
 [[package]]
 name = "mas-iana"
-version = "0.17.0"
+version = "0.17.1"
 dependencies = [
  "schemars",
  "serde",
@@ -3445,7 +3445,7 @@ dependencies = [
 
 [[package]]
 name = "mas-iana-codegen"
-version = "0.17.0"
+version = "0.17.1"
 dependencies = [
  "anyhow",
  "async-trait",
@@ -3461,7 +3461,7 @@ dependencies = [
 
 [[package]]
 name = "mas-jose"
-version = "0.17.0"
+version = "0.17.1"
 dependencies = [
  "base64ct",
  "chrono",
@@ -3491,7 +3491,7 @@ dependencies = [
 
 [[package]]
 name = "mas-keystore"
-version = "0.17.0"
+version = "0.17.1"
 dependencies = [
  "aead",
  "base64ct",
@@ -3519,7 +3519,7 @@ dependencies = [
 
 [[package]]
 name = "mas-listener"
-version = "0.17.0"
+version = "0.17.1"
 dependencies = [
  "anyhow",
  "bytes",
@@ -3544,7 +3544,7 @@ dependencies = [
 
 [[package]]
 name = "mas-matrix"
-version = "0.17.0"
+version = "0.17.1"
 dependencies = [
  "anyhow",
  "async-trait",
@@ -3554,7 +3554,7 @@ dependencies = [
 
 [[package]]
 name = "mas-matrix-synapse"
-version = "0.17.0"
+version = "0.17.1"
 dependencies = [
  "anyhow",
  "async-trait",
@@ -3571,7 +3571,7 @@ dependencies = [
 
 [[package]]
 name = "mas-oidc-client"
-version = "0.17.0"
+version = "0.17.1"
 dependencies = [
  "assert_matches",
  "async-trait",
@@ -3607,7 +3607,7 @@ dependencies = [
 
 [[package]]
 name = "mas-policy"
-version = "0.17.0"
+version = "0.17.1"
 dependencies = [
  "anyhow",
  "arc-swap",
@@ -3624,7 +3624,7 @@ dependencies = [
 
 [[package]]
 name = "mas-router"
-version = "0.17.0"
+version = "0.17.1"
 dependencies = [
  "axum",
  "serde",
@@ -3635,7 +3635,7 @@ dependencies = [
 
 [[package]]
 name = "mas-spa"
-version = "0.17.0"
+version = "0.17.1"
 dependencies = [
  "camino",
  "serde",
@@ -3644,7 +3644,7 @@ dependencies = [
 
 [[package]]
 name = "mas-storage"
-version = "0.17.0"
+version = "0.17.1"
 dependencies = [
  "async-trait",
  "chrono",
@@ -3666,7 +3666,7 @@ dependencies = [
 
 [[package]]
 name = "mas-storage-pg"
-version = "0.17.0"
+version = "0.17.1"
 dependencies = [
  "async-trait",
  "chrono",
@@ -3693,7 +3693,7 @@ dependencies = [
 
 [[package]]
 name = "mas-tasks"
-version = "0.17.0"
+version = "0.17.1"
 dependencies = [
  "anyhow",
  "async-trait",
@@ -3725,7 +3725,7 @@ dependencies = [
 
 [[package]]
 name = "mas-templates"
-version = "0.17.0"
+version = "0.17.1"
 dependencies = [
  "anyhow",
  "arc-swap",
@@ -3755,7 +3755,7 @@ dependencies = [
 
 [[package]]
 name = "mas-tower"
-version = "0.17.0"
+version = "0.17.1"
 dependencies = [
  "http",
  "opentelemetry",
@@ -4025,7 +4025,7 @@ dependencies = [
 
 [[package]]
 name = "oauth2-types"
-version = "0.17.0"
+version = "0.17.1"
 dependencies = [
  "assert_matches",
  "base64ct",
@@ -6175,7 +6175,7 @@ dependencies = [
 
 [[package]]
 name = "syn2mas"
-version = "0.17.0"
+version = "0.17.1"
 dependencies = [
  "anyhow",
  "arc-swap",
diff --git a/Cargo.toml b/Cargo.toml
index 9204e64d5..f8690ab6a 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -4,7 +4,7 @@ members = ["crates/*"]
 resolver = "2"
 
 # Updated in the CI with a `sed` command
-package.version = "0.17.0"
+package.version = "0.17.1"
 package.license = "AGPL-3.0-only"
 package.authors = ["Element Backend Team"]
 package.edition = "2024"
@@ -27,35 +27,35 @@ broken_intra_doc_links = "deny"
 [workspace.dependencies]
 
 # Workspace crates
-mas-axum-utils = { path = "./crates/axum-utils/", version = "=0.17.0" }
-mas-cli = { path = "./crates/cli/", version = "=0.17.0" }
-mas-config = { path = "./crates/config/", version = "=0.17.0" }
-mas-context = { path = "./crates/context/", version = "=0.17.0" }
-mas-data-model = { path = "./crates/data-model/", version = "=0.17.0" }
-mas-email = { path = "./crates/email/", version = "=0.17.0" }
-mas-graphql = { path = "./crates/graphql/", version = "=0.17.0" }
-mas-handlers = { path = "./crates/handlers/", version = "=0.17.0" }
-mas-http = { path = "./crates/http/", version = "=0.17.0" }
-mas-i18n = { path = "./crates/i18n/", version = "=0.17.0" }
-mas-i18n-scan = { path = "./crates/i18n-scan/", version = "=0.17.0" }
-mas-iana = { path = "./crates/iana/", version = "=0.17.0" }
-mas-iana-codegen = { path = "./crates/iana-codegen/", version = "=0.17.0" }
-mas-jose = { path = "./crates/jose/", version = "=0.17.0" }
-mas-keystore = { path = "./crates/keystore/", version = "=0.17.0" }
-mas-listener = { path = "./crates/listener/", version = "=0.17.0" }
-mas-matrix = { path = "./crates/matrix/", version = "=0.17.0" }
-mas-matrix-synapse = { path = "./crates/matrix-synapse/", version = "=0.17.0" }
-mas-oidc-client = { path = "./crates/oidc-client/", version = "=0.17.0" }
-mas-policy = { path = "./crates/policy/", version = "=0.17.0" }
-mas-router = { path = "./crates/router/", version = "=0.17.0" }
-mas-spa = { path = "./crates/spa/", version = "=0.17.0" }
-mas-storage = { path = "./crates/storage/", version = "=0.17.0" }
-mas-storage-pg = { path = "./crates/storage-pg/", version = "=0.17.0" }
-mas-tasks = { path = "./crates/tasks/", version = "=0.17.0" }
-mas-templates = { path = "./crates/templates/", version = "=0.17.0" }
-mas-tower = { path = "./crates/tower/", version = "=0.17.0" }
-oauth2-types = { path = "./crates/oauth2-types/", version = "=0.17.0" }
-syn2mas = { path = "./crates/syn2mas", version = "=0.17.0" }
+mas-axum-utils = { path = "./crates/axum-utils/", version = "=0.17.1" }
+mas-cli = { path = "./crates/cli/", version = "=0.17.1" }
+mas-config = { path = "./crates/config/", version = "=0.17.1" }
+mas-context = { path = "./crates/context/", version = "=0.17.1" }
+mas-data-model = { path = "./crates/data-model/", version = "=0.17.1" }
+mas-email = { path = "./crates/email/", version = "=0.17.1" }
+mas-graphql = { path = "./crates/graphql/", version = "=0.17.1" }
+mas-handlers = { path = "./crates/handlers/", version = "=0.17.1" }
+mas-http = { path = "./crates/http/", version = "=0.17.1" }
+mas-i18n = { path = "./crates/i18n/", version = "=0.17.1" }
+mas-i18n-scan = { path = "./crates/i18n-scan/", version = "=0.17.1" }
+mas-iana = { path = "./crates/iana/", version = "=0.17.1" }
+mas-iana-codegen = { path = "./crates/iana-codegen/", version = "=0.17.1" }
+mas-jose = { path = "./crates/jose/", version = "=0.17.1" }
+mas-keystore = { path = "./crates/keystore/", version = "=0.17.1" }
+mas-listener = { path = "./crates/listener/", version = "=0.17.1" }
+mas-matrix = { path = "./crates/matrix/", version = "=0.17.1" }
+mas-matrix-synapse = { path = "./crates/matrix-synapse/", version = "=0.17.1" }
+mas-oidc-client = { path = "./crates/oidc-client/", version = "=0.17.1" }
+mas-policy = { path = "./crates/policy/", version = "=0.17.1" }
+mas-router = { path = "./crates/router/", version = "=0.17.1" }
+mas-spa = { path = "./crates/spa/", version = "=0.17.1" }
+mas-storage = { path = "./crates/storage/", version = "=0.17.1" }
+mas-storage-pg = { path = "./crates/storage-pg/", version = "=0.17.1" }
+mas-tasks = { path = "./crates/tasks/", version = "=0.17.1" }
+mas-templates = { path = "./crates/templates/", version = "=0.17.1" }
+mas-tower = { path = "./crates/tower/", version = "=0.17.1" }
+oauth2-types = { path = "./crates/oauth2-types/", version = "=0.17.1" }
+syn2mas = { path = "./crates/syn2mas", version = "=0.17.1" }
 
 # OpenAPI schema generation and validation
 [workspace.dependencies.aide]