Also:
* remove ShareablesFromPerson evil-query
* improve multi-stream and aspect-stream queries
* fix logging for recieve
* don't add last 100 public posts to users streams after sharing
* delete share visibility when shareable is deleted
refactoring:
- remove unused return-values (were used for caching, which was removed again)
- remove transaction (doesn't help here, added in 2615126)
closes#6068
* Dropped all references to Resque
* Moved all jobs under app/workers since that's the Sidekiq convention
* Renamed Jobs module to Worker to match new location
* Adapted all jobs to Sidekiq
* Replaced all enqueue calls with perform_async
* Dropped Resque hacks from specs and features, replaced with
sidekig/testing in RSpec and sidekig/testing/inline in Cucumber
* Updated scripts to start a Sidekiq server
* Inline Sidekiq sinatra app
* Let Sidekiq create the actual Redis instance
* Workaround already initialized constant warnings in service models
* Resolved ToDo in one job definition by creating proper exception clases
for some errors in receiving posts
* Added sidekiq section to configuration to make it completly
configurable to the user
* Add Sidekiq middleware for clean backtraces
* Delay HttpMulti retry to give offline pods a chance to come back up
* Do not retry on GUID already taken and alike errors
* Be graceful about deleted posts in GatherOEmbedData
* Rename and reorganize post fetcher to fix autoloading, also let it use
Faradays default connection so we get nice redirects
* Add initializer to load libs at a central place
* added lib dir to autoload_once paths to increase thread safety
* Moved lib/exceptions.rb to lib/diaspora/ to conform namespacing
This is a fix for public messages, where a malicious pod could spoof a message from someone a user was connected to, as the verified signatures were not checked that the object was also from said sender. This hole only affected public messages, and the private part of code had the correct checks
THX to s-f-s(Stephan Schulz) for reporting and tracking down this issue, and props to Raven24(florian.staudacher@gmx.at) for helping me test the patch
