Merge pull request #3419 from ClearlyClaire/glitch-soc/merge-4.4

ClearlyClaire · web-flow · commit f0b875f9c31f · 2026-02-24T15:48:00.000+01:00
Merge upstream changes up to 1e5ac0f into stable-4.4
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,22 @@
 
 All notable changes to this project will be documented in this file.
 
+## [4.4.14] - 2026-02-24
+
+### Security
+
+- Reject unconfirmed FASPs (#37926 by @oneiros, [GHSA-qgmm-vr4c-ggjg](https://github.com/mastodon/mastodon/security/advisories/GHSA-qgmm-vr4c-ggjg))
+- Re-use custom socket class for FASP requests (#37925 by @oneiros, [GHSA-46w6-g98f-wxqm](https://github.com/mastodon/mastodon/security/advisories/GHSA-46w6-g98f-wxqm))
+
+### Added
+
+- Add `--suspended-only` option to `tootctl emoji purge` (#37828 and #37861 by @ClearlyClaire and @mjankowski)
+
+### Fixed
+
+- Fix custom emojis not being purged on domain suspension (#37808 by @ClearlyClaire)
+- Fix processing of object updates with duplicate hashtags (#37756 by @ClearlyClaire)
+
 ## [4.4.13] - 2026-02-03
 
 ### Security
diff --git a/app/controllers/api/fasp/base_controller.rb b/app/controllers/api/fasp/base_controller.rb
@@ -47,7 +47,7 @@ def validate_signature!
     provider = nil
 
     Linzer.verify!(request.rack_request, no_older_than: 5.minutes) do |keyid|
-      provider = Fasp::Provider.find(keyid)
+      provider = Fasp::Provider.confirmed.find(keyid)
       Linzer.new_ed25519_public_key(provider.provider_public_key_pem, keyid)
     end
 
diff --git a/app/lib/fasp/request.rb b/app/lib/fasp/request.rb
@@ -29,7 +29,7 @@ def perform_request(verb, path, body: nil)
     response = HTTP
                .headers(headers)
                .use(http_signature: { key:, covered_components: COVERED_COMPONENTS })
-               .send(verb, url, body:)
+               .send(verb, url, body:, socket_class: ::Request::Socket)
 
     validate!(response)
 
diff --git a/app/lib/request.rb b/app/lib/request.rb
@@ -349,5 +349,5 @@ def check_private_address(_address, _host)
     end
   end
 
-  private_constant :ClientLimit, :Socket, :ProxySocket
+  private_constant :ClientLimit
 end
diff --git a/app/models/fasp/provider.rb b/app/models/fasp/provider.rb
@@ -34,6 +34,7 @@ class Fasp::Provider < ApplicationRecord
   before_create :create_keypair
   after_commit :update_remote_capabilities
 
+  scope :confirmed, -> { where(confirmed: true) }
   scope :with_capability, lambda { |capability_name|
     where('fasp_providers.capabilities @> ?::jsonb', "[{\"id\": \"#{capability_name}\", \"enabled\": true}]")
   }
diff --git a/app/services/activitypub/process_status_update_service.rb b/app/services/activitypub/process_status_update_service.rb
@@ -209,7 +209,7 @@ def update_tags!
       Tag.find_or_create_by_names([tag]).filter(&:valid?)
     rescue ActiveRecord::RecordInvalid
       []
-    end
+    end.uniq
 
     return unless @status.distributable?
 
diff --git a/app/services/block_domain_service.rb b/app/services/block_domain_service.rb
@@ -29,7 +29,12 @@ def process_domain_block!
       suspend_accounts!
     end
 
-    DomainClearMediaWorker.perform_async(domain_block.id) if domain_block.reject_media?
+    if domain_block.suspend?
+      # Account images and attachments are already handled by `suspend_accounts!`
+      PurgeCustomEmojiWorker.perform_async(blocked_domain)
+    elsif domain_block.reject_media?
+      DomainClearMediaWorker.perform_async(domain_block.id)
+    end
   end
 
   def silence_accounts!
diff --git a/app/workers/purge_custom_emoji_worker.rb b/app/workers/purge_custom_emoji_worker.rb
@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+class PurgeCustomEmojiWorker
+  include Sidekiq::IterableJob
+
+  def build_enumerator(domain, cursor:)
+    return if domain.blank?
+
+    active_record_batches_enumerator(CustomEmoji.by_domain_and_subdomains(domain), cursor:)
+  end
+
+  def each_iteration(custom_emojis, _domain)
+    AttachmentBatch.new(CustomEmoji, custom_emojis).delete
+  end
+end
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -59,7 +59,7 @@ services:
   web:
     # You can uncomment the following line if you want to not use the prebuilt image, for example if you have local code changes
     # build: .
-    image: ghcr.io/glitch-soc/mastodon:v4.4.13
+    image: ghcr.io/glitch-soc/mastodon:v4.4.14
     restart: always
     env_file: .env.production
     command: bundle exec puma -C config/puma.rb
@@ -83,7 +83,7 @@ services:
     # build:
     #   dockerfile: ./streaming/Dockerfile
     #   context: .
-    image: ghcr.io/glitch-soc/mastodon-streaming:v4.4.13
+    image: ghcr.io/glitch-soc/mastodon-streaming:v4.4.14
     restart: always
     env_file: .env.production
     command: node ./streaming/index.js
@@ -102,7 +102,7 @@ services:
   sidekiq:
     # You can uncomment the following line if you want to not use the prebuilt image, for example if you have local code changes
     # build: .
-    image: ghcr.io/glitch-soc/mastodon:v4.4.13
+    image: ghcr.io/glitch-soc/mastodon:v4.4.14
     restart: always
     env_file: .env.production
     command: bundle exec sidekiq
diff --git a/lib/mastodon/cli/emoji.rb b/lib/mastodon/cli/emoji.rb
@@ -109,15 +109,27 @@ def export(path)
     end
 
     option :remote_only, type: :boolean
+    option :suspended_only, type: :boolean
     desc 'purge', 'Remove all custom emoji'
     long_desc <<-LONG_DESC
       Removes all custom emoji.
 
       With the --remote-only option, only remote emoji will be deleted.
+
+      With the --suspended-only option, only emoji from suspended servers will be deleted.
     LONG_DESC
     def purge
-      scope = options[:remote_only] ? CustomEmoji.remote : CustomEmoji
-      scope.in_batches.destroy_all
+      if options[:suspended_only]
+        DomainBlock.where(severity: :suspend).find_each do |domain_block|
+          CustomEmoji.by_domain_and_subdomains(domain_block.domain).find_in_batches do |custom_emojis|
+            AttachmentBatch.new(CustomEmoji, custom_emojis).delete
+          end
+        end
+      else
+        scope = options[:remote_only] ? CustomEmoji.remote : CustomEmoji
+        scope.in_batches.destroy_all
+      end
+
       say('OK', :green)
     end
 
diff --git a/lib/mastodon/version.rb b/lib/mastodon/version.rb
@@ -13,7 +13,7 @@ def minor
     end
 
     def patch
-      13
+      14
     end
 
     def default_prerelease
diff --git a/spec/lib/fasp/request_spec.rb b/spec/lib/fasp/request_spec.rb
@@ -55,6 +55,24 @@
         end
       end
     end
+
+    context 'when the provider host name resolves to a private address' do
+      around do |example|
+        WebMock.disable!
+        example.run
+        WebMock.enable!
+      end
+
+      it 'raises Mastodon::ValidationError' do
+        resolver = instance_double(Resolv::DNS)
+
+        allow(resolver).to receive(:getaddresses).with('reqprov.example.com').and_return(%w(0.0.0.0 2001:db8::face))
+        allow(resolver).to receive(:timeouts=).and_return(nil)
+        allow(Resolv::DNS).to receive(:open).and_yield(resolver)
+
+        expect { subject.send(method, '/test_path') }.to raise_error(Mastodon::ValidationError)
+      end
+    end
   end
 
   describe '#get' do
diff --git a/spec/lib/mastodon/cli/emoji_spec.rb b/spec/lib/mastodon/cli/emoji_spec.rb
@@ -23,6 +23,36 @@
           .to output_results('OK')
       end
     end
+
+    context 'with --suspended-only and existing custom emoji on blocked servers' do
+      let(:blocked_domain) { 'evil.com' }
+      let(:blocked_subdomain) { 'subdomain.evil.org' }
+      let(:blocked_domain_without_emoji) { 'blocked.com' }
+      let(:silenced_domain) { 'silenced.com' }
+
+      let(:options) { { suspended_only: true } }
+
+      before do
+        Fabricate(:custom_emoji)
+        Fabricate(:custom_emoji, domain: blocked_domain)
+        Fabricate(:custom_emoji, domain: blocked_subdomain)
+        Fabricate(:custom_emoji, domain: silenced_domain)
+
+        Fabricate(:domain_block, severity: :suspend, domain: blocked_domain)
+        Fabricate(:domain_block, severity: :suspend, domain: 'evil.org')
+        Fabricate(:domain_block, severity: :suspend, domain: blocked_domain_without_emoji)
+        Fabricate(:domain_block, severity: :silence, domain: silenced_domain)
+      end
+
+      it 'reports a successful purge' do
+        expect { subject }
+          .to output_results('OK')
+          .and change { CustomEmoji.by_domain_and_subdomains(blocked_domain).count }.to(0)
+          .and change { CustomEmoji.by_domain_and_subdomains('evil.org').count }.to(0)
+          .and not_change { CustomEmoji.by_domain_and_subdomains(silenced_domain).count }
+          .and(not_change { CustomEmoji.local.count })
+      end
+    end
   end
 
   describe '#import' do
diff --git a/spec/requests/api/fasp/data_sharing/v0/backfill_requests_spec.rb b/spec/requests/api/fasp/data_sharing/v0/backfill_requests_spec.rb
@@ -6,34 +6,33 @@
   include ProviderRequestHelper
 
   describe 'POST /api/fasp/data_sharing/v0/backfill_requests' do
-    let(:provider) { Fabricate(:fasp_provider) }
+    subject do
+      post api_fasp_data_sharing_v0_backfill_requests_path, headers:, params:, as: :json
+    end
+
+    let(:provider) { Fabricate(:confirmed_fasp) }
+    let(:params) { { category: 'content', maxCount: 10 } }
+    let(:headers) do
+      request_authentication_headers(provider,
+                                     url: api_fasp_data_sharing_v0_backfill_requests_url,
+                                     method: :post,
+                                     body: params)
+    end
+
+    it_behaves_like 'forbidden for unconfirmed provider'
 
     context 'with valid parameters' do
       it 'creates a new backfill request' do
-        params = { category: 'content', maxCount: 10 }
-        headers = request_authentication_headers(provider,
-                                                 url: api_fasp_data_sharing_v0_backfill_requests_url,
-                                                 method: :post,
-                                                 body: params)
-
-        expect do
-          post api_fasp_data_sharing_v0_backfill_requests_path, headers:, params:, as: :json
-        end.to change(Fasp::BackfillRequest, :count).by(1)
+        expect { subject }.to change(Fasp::BackfillRequest, :count).by(1)
         expect(response).to have_http_status(201)
       end
     end
 
     context 'with invalid parameters' do
+      let(:params) { { category: 'unknown', maxCount: 10 } }
+
       it 'does not create a backfill request' do
-        params = { category: 'unknown', maxCount: 10 }
-        headers = request_authentication_headers(provider,
-                                                 url: api_fasp_data_sharing_v0_backfill_requests_url,
-                                                 method: :post,
-                                                 body: params)
-
-        expect do
-          post api_fasp_data_sharing_v0_backfill_requests_path, headers:, params:, as: :json
-        end.to_not change(Fasp::BackfillRequest, :count)
+        expect { subject }.to_not change(Fasp::BackfillRequest, :count)
         expect(response).to have_http_status(422)
       end
     end
diff --git a/spec/requests/api/fasp/data_sharing/v0/continuations_spec.rb b/spec/requests/api/fasp/data_sharing/v0/continuations_spec.rb
@@ -6,15 +6,22 @@
   include ProviderRequestHelper
 
   describe 'POST /api/fasp/data_sharing/v0/backfill_requests/:id/continuations' do
-    let(:backfill_request) { Fabricate(:fasp_backfill_request) }
-    let(:provider) { backfill_request.fasp_provider }
+    subject do
+      post api_fasp_data_sharing_v0_backfill_request_continuation_path(backfill_request), headers:, as: :json
+    end
 
-    it 'queues a job to continue the given backfill request' do
-      headers = request_authentication_headers(provider,
-                                               url: api_fasp_data_sharing_v0_backfill_request_continuation_url(backfill_request),
-                                               method: :post)
+    let(:provider) { Fabricate(:confirmed_fasp) }
+    let(:backfill_request) { Fabricate(:fasp_backfill_request, fasp_provider: provider) }
+    let(:headers) do
+      request_authentication_headers(provider,
+                                     url: api_fasp_data_sharing_v0_backfill_request_continuation_url(backfill_request),
+                                     method: :post)
+    end
 
-      post api_fasp_data_sharing_v0_backfill_request_continuation_path(backfill_request), headers:, as: :json
+    it_behaves_like 'forbidden for unconfirmed provider'
+
+    it 'queues a job to continue the given backfill request' do
+      subject
       expect(response).to have_http_status(204)
       expect(Fasp::BackfillWorker).to have_enqueued_sidekiq_job(backfill_request.id)
     end
diff --git a/spec/requests/api/fasp/data_sharing/v0/event_subscriptions_spec.rb b/spec/requests/api/fasp/data_sharing/v0/event_subscriptions_spec.rb
@@ -6,51 +6,57 @@
   include ProviderRequestHelper
 
   describe 'POST /api/fasp/data_sharing/v0/event_subscriptions' do
-    let(:provider) { Fabricate(:fasp_provider) }
+    subject do
+      post api_fasp_data_sharing_v0_event_subscriptions_path, headers:, params:, as: :json
+    end
+
+    let(:provider) { Fabricate(:confirmed_fasp) }
+    let(:params) { { category: 'content', subscriptionType: 'lifecycle', maxBatchSize: 10 } }
+    let(:headers) do
+      request_authentication_headers(provider,
+                                     url: api_fasp_data_sharing_v0_event_subscriptions_url,
+                                     method: :post,
+                                     body: params)
+    end
+
+    it_behaves_like 'forbidden for unconfirmed provider'
 
     context 'with valid parameters' do
       it 'creates a new subscription' do
-        params = { category: 'content', subscriptionType: 'lifecycle', maxBatchSize: 10 }
-        headers = request_authentication_headers(provider,
-                                                 url: api_fasp_data_sharing_v0_event_subscriptions_url,
-                                                 method: :post,
-                                                 body: params)
-
         expect do
-          post api_fasp_data_sharing_v0_event_subscriptions_path, headers:, params:, as: :json
+          subject
         end.to change(Fasp::Subscription, :count).by(1)
         expect(response).to have_http_status(201)
       end
     end
 
     context 'with invalid parameters' do
-      it 'does not create a subscription' do
-        params = { category: 'unknown' }
-        headers = request_authentication_headers(provider,
-                                                 url: api_fasp_data_sharing_v0_event_subscriptions_url,
-                                                 method: :post,
-                                                 body: params)
+      let(:params) { { category: 'unknown' } }
 
-        expect do
-          post api_fasp_data_sharing_v0_event_subscriptions_path, headers:, params:, as: :json
-        end.to_not change(Fasp::Subscription, :count)
+      it 'does not create a subscription' do
+        expect { subject }.to_not change(Fasp::Subscription, :count)
         expect(response).to have_http_status(422)
       end
     end
   end
 
   describe 'DELETE /api/fasp/data_sharing/v0/event_subscriptions/:id' do
-    let(:subscription) { Fabricate(:fasp_subscription) }
-    let(:provider) { subscription.fasp_provider }
+    subject do
+      delete api_fasp_data_sharing_v0_event_subscription_path(subscription), headers:, as: :json
+    end
 
-    it 'deletes the subscription' do
-      headers = request_authentication_headers(provider,
-                                               url: api_fasp_data_sharing_v0_event_subscription_url(subscription),
-                                               method: :delete)
+    let(:provider) { Fabricate(:confirmed_fasp) }
+    let!(:subscription) { Fabricate(:fasp_subscription, fasp_provider: provider) }
+    let(:headers) do
+      request_authentication_headers(provider,
+                                     url: api_fasp_data_sharing_v0_event_subscription_url(subscription),
+                                     method: :delete)
+    end
+
+    it_behaves_like 'forbidden for unconfirmed provider'
 
-      expect do
-        delete api_fasp_data_sharing_v0_event_subscription_path(subscription), headers:, as: :json
-      end.to change(Fasp::Subscription, :count).by(-1)
+    it 'deletes the subscription' do
+      expect { subject }.to change(Fasp::Subscription, :count).by(-1)
       expect(response).to have_http_status(204)
     end
   end
diff --git a/spec/requests/api/fasp/debug/v0/callback/responses_spec.rb b/spec/requests/api/fasp/debug/v0/callback/responses_spec.rb
diff --git a/spec/services/activitypub/process_status_update_service_spec.rb b/spec/services/activitypub/process_status_update_service_spec.rb
diff --git a/spec/support/examples/fasp/api.rb b/spec/support/examples/fasp/api.rb
diff --git a/spec/workers/fasp/announce_account_lifecycle_event_worker_spec.rb b/spec/workers/fasp/announce_account_lifecycle_event_worker_spec.rb
diff --git a/spec/workers/fasp/announce_content_lifecycle_event_worker_spec.rb b/spec/workers/fasp/announce_content_lifecycle_event_worker_spec.rb
diff --git a/spec/workers/fasp/announce_trend_worker_spec.rb b/spec/workers/fasp/announce_trend_worker_spec.rb
diff --git a/spec/workers/fasp/backfill_worker_spec.rb b/spec/workers/fasp/backfill_worker_spec.rb
diff --git a/spec/workers/purge_custom_emoji_worker_spec.rb b/spec/workers/purge_custom_emoji_worker_spec.rb

Original file line number	Diff line number	Diff line change
`@@ -34,6 +34,7 @@ class Fasp::Provider < ApplicationRecord`
`34`	`34`	`before_create :create_keypair`
`35`	`35`	`after_commit :update_remote_capabilities`
`36`	`36`
	`37`	`+ scope :confirmed, -> { where(confirmed: true) }`
`37`	`38`	`scope :with_capability, lambda { \|capability_name\|`
`38`	`39`	`where('fasp_providers.capabilities @> ?::jsonb', "[{\"id\": \"#{capability_name}\", \"enabled\": true}]")`
`39`	`40`	`}`