matrix-synapse/dont-bump-cryptography-with-system-openssl.patch

Index: synapse/synapse/python_dependencies.py
===================================================================
--- synapse.orig/synapse/python_dependencies.py
+++ synapse/synapse/python_dependencies.py
@@ -51,7 +51,7 @@ REQUIREMENTS = [
     # we use the TYPE_CHECKER.redefine method added in jsonschema 3.0.0
     "jsonschema>=3.0.0",
     # frozendict 2.1.2 is broken on Debian 10: https://github.com/Marco-Sulla/python-frozendict/issues/41
-    "frozendict>=1,<2.1.2",
+    "frozendict>=2.1.3",
     "unpaddedbase64>=1.1.0",
     "canonicaljson>=1.4.0",
     # we use the type definitions added in signedjson 1.1.
@@ -86,7 +86,8 @@ REQUIREMENTS = [
     "typing-extensions>=3.7.4",
     # We enforce that we have a `cryptography` version that bundles an `openssl`
     # with the latest security patches.
-    "cryptography>=3.4.7",
+    # opensuse we do not bump here as we do not use the intree copy
+    "cryptography",
     "ijson>=3.1",
     "matrix-common==1.0.0",
 ]
Accepting request 891065 from home:darix:apps - Update to 1.33.1 OBS-URL: https://build.opensuse.org/request/show/891065 OBS-URL: https://build.opensuse.org/package/show/network:messaging:matrix/matrix-synapse?expand=0&rev=175 2021-05-10 19:56:48 +02:00			`Index: synapse/synapse/python_dependencies.py`
			`===================================================================`
			`--- synapse.orig/synapse/python_dependencies.py`
			`+++ synapse/synapse/python_dependencies.py`
Accepting request 948430 from home:darix:apps - Update to 1.50.2 OBS-URL: https://build.opensuse.org/request/show/948430 OBS-URL: https://build.opensuse.org/package/show/network:messaging:matrix/matrix-synapse?expand=0&rev=205 2022-01-24 16:16:01 +01:00			`@@ -51,7 +51,7 @@ REQUIREMENTS = [`
			`# we use the TYPE_CHECKER.redefine method added in jsonschema 3.0.0`
			`"jsonschema>=3.0.0",`
			`# frozendict 2.1.2 is broken on Debian 10: https://github.com/Marco-Sulla/python-frozendict/issues/41`
			`- "frozendict>=1,<2.1.2",`
			`+ "frozendict>=2.1.3",`
			`"unpaddedbase64>=1.1.0",`
			`"canonicaljson>=1.4.0",`
			`# we use the type definitions added in signedjson 1.1.`
			`@@ -86,7 +86,8 @@ REQUIREMENTS = [`
Accepting request 881504 from home:darix:apps - Update to 1.30.1 This release is identical to Synapse 1.30.0, with the exception of explicitly setting a minimum version of Python's Cryptography library to ensure that users of Synapse are protected from the recent OpenSSL security advisories, especially CVE-2021-3449. - Internal Changes - Enforce that `cryptography` dependency is up to date to ensure it has the most recent openssl patches. (#9697) - Note: we do not bump the cryptography dependency in our package as we use the system OpenSSL which gets the fix. Add dont-bump-cryptography-with-system-openssl.patch to comment out the dependency because otherwise the newer version requirement is enforced on startup OBS-URL: https://build.opensuse.org/request/show/881504 OBS-URL: https://build.opensuse.org/package/show/network:messaging:matrix/matrix-synapse?expand=0&rev=165 2021-03-27 04:03:37 +01:00			`"typing-extensions>=3.7.4",`
			# We enforce that we have a `cryptography` version that bundles an `openssl`
			`# with the latest security patches.`
Accepting request 891065 from home:darix:apps - Update to 1.33.1 OBS-URL: https://build.opensuse.org/request/show/891065 OBS-URL: https://build.opensuse.org/package/show/network:messaging:matrix/matrix-synapse?expand=0&rev=175 2021-05-10 19:56:48 +02:00			`- "cryptography>=3.4.7",`
			`+ # opensuse we do not bump here as we do not use the intree copy`
			`+ "cryptography",`
Accepting request 940581 from home:darix:apps - Update to 1.49.0 OBS-URL: https://build.opensuse.org/request/show/940581 OBS-URL: https://build.opensuse.org/package/show/network:messaging:matrix/matrix-synapse?expand=0&rev=202 2021-12-20 08:30:44 +01:00			`"ijson>=3.1",`
Accepting request 948430 from home:darix:apps - Update to 1.50.2 OBS-URL: https://build.opensuse.org/request/show/948430 OBS-URL: https://build.opensuse.org/package/show/network:messaging:matrix/matrix-synapse?expand=0&rev=205 2022-01-24 16:16:01 +01:00			`"matrix-common==1.0.0",`
Accepting request 881504 from home:darix:apps - Update to 1.30.1 This release is identical to Synapse 1.30.0, with the exception of explicitly setting a minimum version of Python's Cryptography library to ensure that users of Synapse are protected from the recent OpenSSL security advisories, especially CVE-2021-3449. - Internal Changes - Enforce that `cryptography` dependency is up to date to ensure it has the most recent openssl patches. (#9697) - Note: we do not bump the cryptography dependency in our package as we use the system OpenSSL which gets the fix. Add dont-bump-cryptography-with-system-openssl.patch to comment out the dependency because otherwise the newer version requirement is enforced on startup OBS-URL: https://build.opensuse.org/request/show/881504 OBS-URL: https://build.opensuse.org/package/show/network:messaging:matrix/matrix-synapse?expand=0&rev=165 2021-03-27 04:03:37 +01:00			`]`