From 045a4518667e884b0d179566104ca99bbd407ef5bb689cc7acb3cd22e5330781 Mon Sep 17 00:00:00 2001
From: Marcus Rueckert <mrueckert@suse.com>
Date: Mon, 10 May 2021 17:56:48 +0000
Subject: [PATCH 1/2] Accepting request 891065 from home:darix:apps

- Update to 1.33.1

OBS-URL: https://build.opensuse.org/request/show/891065
OBS-URL: https://build.opensuse.org/package/show/network:messaging:matrix/matrix-synapse?expand=0&rev=175
---
 _service                                      |  4 +-
 ...ump-cryptography-with-system-openssl.patch | 15 ++--
 matrix-synapse-1.32.2.obscpio                 |  3 -
 matrix-synapse-1.33.1.obscpio                 |  3 +
 matrix-synapse-1.4.1-paths.patch              | 42 ++++-----
 matrix-synapse-test.spec                      |  2 +-
 matrix-synapse.changes                        | 85 +++++++++++++++++++
 matrix-synapse.obsinfo                        |  6 +-
 matrix-synapse.spec                           | 14 +--
 series                                        |  1 +
 10 files changed, 131 insertions(+), 44 deletions(-)
 delete mode 100644 matrix-synapse-1.32.2.obscpio
 create mode 100644 matrix-synapse-1.33.1.obscpio

diff --git a/_service b/_service
index 0b1951f..bade60a 100644
--- a/_service
+++ b/_service
@@ -4,11 +4,11 @@
     <param name="versionformat">@PARENT_TAG@</param>
     <param name="url">https://github.com/matrix-org/synapse.git</param>
     <param name="scm">git</param>
-    <param name="revision">v1.32.2</param>
+    <param name="revision">v1.33.1</param>
     <param name="versionrewrite-pattern">v(.*)</param>
     <param name="versionrewrite-replacement">\1</param>
     <!--
-    <param name="revision">v1.32.0rc1</param>
+    <param name="revision">v1.33.0rc2</param>
     <param name="versionrewrite-pattern">v([\.\d]+)(rc.*)</param>
     <param name="versionrewrite-replacement">\1~\2</param>
     -->
diff --git a/dont-bump-cryptography-with-system-openssl.patch b/dont-bump-cryptography-with-system-openssl.patch
index cbba2ad..cb888be 100644
--- a/dont-bump-cryptography-with-system-openssl.patch
+++ b/dont-bump-cryptography-with-system-openssl.patch
@@ -1,13 +1,14 @@
-diff --git a/synapse/python_dependencies.py b/synapse/python_dependencies.py
-index 14ddaed02..eb2137c93 100644
---- a/synapse/python_dependencies.py
-+++ b/synapse/python_dependencies.py
-@@ -84,7 +84,7 @@ REQUIREMENTS = [
+Index: synapse/synapse/python_dependencies.py
+===================================================================
+--- synapse.orig/synapse/python_dependencies.py
++++ synapse/synapse/python_dependencies.py
+@@ -85,7 +85,8 @@ REQUIREMENTS = [
      "typing-extensions>=3.7.4",
      # We enforce that we have a `cryptography` version that bundles an `openssl`
      # with the latest security patches.
--    "cryptography>=3.4.7;python_version>='3.6'",
-+    # "cryptography>=3.4.7;python_version>='3.6'",
+-    "cryptography>=3.4.7",
++    # opensuse we do not bump here as we do not use the intree copy
++    "cryptography",
  ]
  
  CONDITIONAL_REQUIREMENTS = {
diff --git a/matrix-synapse-1.32.2.obscpio b/matrix-synapse-1.32.2.obscpio
deleted file mode 100644
index 3cfe8d8..0000000
--- a/matrix-synapse-1.32.2.obscpio
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:ec2749143fe449356aa7b1f9d1f784151d25ed92f05d9d9d56e69a5928b8ddd5
-size 29992461
diff --git a/matrix-synapse-1.33.1.obscpio b/matrix-synapse-1.33.1.obscpio
new file mode 100644
index 0000000..71df0a2
--- /dev/null
+++ b/matrix-synapse-1.33.1.obscpio
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:1383a9491e44c5730b8f487cdf44eaaa9029d90d9b0f9d010beb80500689510a
+size 30060045
diff --git a/matrix-synapse-1.4.1-paths.patch b/matrix-synapse-1.4.1-paths.patch
index b747c88..99ce13b 100644
--- a/matrix-synapse-1.4.1-paths.patch
+++ b/matrix-synapse-1.4.1-paths.patch
@@ -1,7 +1,7 @@
-Index: matrix-synapse-1.4.1/contrib/example_log_config.yaml
+Index: synapse/contrib/example_log_config.yaml
 ===================================================================
---- matrix-synapse-1.4.1.orig/contrib/example_log_config.yaml
-+++ matrix-synapse-1.4.1/contrib/example_log_config.yaml
+--- synapse.orig/contrib/example_log_config.yaml
++++ synapse/contrib/example_log_config.yaml
 @@ -26,7 +26,7 @@ handlers:
    file:
      class: logging.handlers.RotatingFileHandler
@@ -11,11 +11,11 @@ Index: matrix-synapse-1.4.1/contrib/example_log_config.yaml
      maxBytes: 100000000
      backupCount: 3
      filters: [context]
-Index: matrix-synapse-1.4.1/synapse/config/key.py
+Index: synapse/synapse/config/key.py
 ===================================================================
---- matrix-synapse-1.4.1.orig/synapse/config/key.py
-+++ matrix-synapse-1.4.1/synapse/config/key.py
-@@ -100,7 +100,7 @@ class KeyConfig(Config):
+--- synapse.orig/synapse/config/key.py
++++ synapse/synapse/config/key.py
+@@ -101,7 +101,7 @@ class KeyConfig(Config):
              signing_key_path = config.get("signing_key_path")
              if signing_key_path is None:
                  signing_key_path = os.path.join(
@@ -24,7 +24,7 @@ Index: matrix-synapse-1.4.1/synapse/config/key.py
                  )
  
              self.signing_key = self.read_signing_keys(signing_key_path, "signing_key")
-@@ -165,7 +165,7 @@ class KeyConfig(Config):
+@@ -166,7 +166,7 @@ class KeyConfig(Config):
      def generate_config_section(
          self, config_dir_path, server_name, generate_secrets=False, **kwargs
      ):
@@ -33,11 +33,11 @@ Index: matrix-synapse-1.4.1/synapse/config/key.py
  
          if generate_secrets:
              macaroon_secret_key = 'macaroon_secret_key: "%s"' % (
-Index: matrix-synapse-1.4.1/synapse/config/logger.py
+Index: synapse/synapse/config/logger.py
 ===================================================================
---- matrix-synapse-1.4.1.orig/synapse/config/logger.py
-+++ matrix-synapse-1.4.1/synapse/config/logger.py
-@@ -89,7 +89,7 @@ class LoggingConfig(Config):
+--- synapse.orig/synapse/config/logger.py
++++ synapse/synapse/config/logger.py
+@@ -131,7 +131,7 @@ class LoggingConfig(Config):
          self.no_redirect_stdio = config.get("no_redirect_stdio", False)
  
      def generate_config_section(self, config_dir_path, server_name, **kwargs):
@@ -46,11 +46,11 @@ Index: matrix-synapse-1.4.1/synapse/config/logger.py
          return (
              """\
          ## Logging ##
-Index: matrix-synapse-1.4.1/synapse/config/server.py
+Index: synapse/synapse/config/server.py
 ===================================================================
---- matrix-synapse-1.4.1.orig/synapse/config/server.py
-+++ matrix-synapse-1.4.1/synapse/config/server.py
-@@ -379,7 +379,7 @@ class ServerConfig(Config):
+--- synapse.orig/synapse/config/server.py
++++ synapse/synapse/config/server.py
+@@ -725,7 +725,7 @@ class ServerConfig(Config):
              bind_port = 8448
              unsecure_port = 8008
  
@@ -59,11 +59,11 @@ Index: matrix-synapse-1.4.1/synapse/config/server.py
  
          # Bring DEFAULT_ROOM_VERSION into the local-scope for use in the
          # default config string
-Index: matrix-synapse-1.4.1/synapse/config/tls.py
+Index: synapse/synapse/config/tls.py
 ===================================================================
---- matrix-synapse-1.4.1.orig/synapse/config/tls.py
-+++ matrix-synapse-1.4.1/synapse/config/tls.py
-@@ -259,7 +259,7 @@ class TlsConfig(Config):
+--- synapse.orig/synapse/config/tls.py
++++ synapse/synapse/config/tls.py
+@@ -275,7 +275,7 @@ class TlsConfig(Config):
          If the TLS paths are not specified the default will be certs in the
          config directory"""
  
@@ -72,7 +72,7 @@ Index: matrix-synapse-1.4.1/synapse/config/tls.py
  
          if bool(tls_certificate_path) != bool(tls_private_key_path):
              raise ConfigError(
-@@ -278,7 +278,7 @@ class TlsConfig(Config):
+@@ -294,7 +294,7 @@ class TlsConfig(Config):
          acme_enabled = bool(acme_domain)
          acme_domain = "matrix.example.com"
  
diff --git a/matrix-synapse-test.spec b/matrix-synapse-test.spec
index 57f474e..37517f8 100644
--- a/matrix-synapse-test.spec
+++ b/matrix-synapse-test.spec
@@ -27,7 +27,7 @@
 
 %define         pkgname matrix-synapse
 Name:           %{pkgname}-test
-Version:        1.32.2
+Version:        1.33.1
 Release:        0
 Summary:        Test package for %{pkgname}
 License:        Apache-2.0
diff --git a/matrix-synapse.changes b/matrix-synapse.changes
index dd30211..2574d1a 100644
--- a/matrix-synapse.changes
+++ b/matrix-synapse.changes
@@ -1,3 +1,88 @@
+-------------------------------------------------------------------
+Thu May  6 14:44:02 UTC 2021 - Marcus Rueckert <mrueckert@suse.de>
+
+- Update to 1.33.1
+  - Bugfixes
+    - Fix bug where /sync would break if using the latest version
+      of attrs dependency, by pinning to a previous version.
+      (#9937)
+- sync BuildRequires with synapse/python_dependencies.py
+  - Jinja2 dep is now always required
+
+-------------------------------------------------------------------
+Wed May  5 18:45:30 UTC 2021 - Marcus Rueckert <mrueckert@suse.de>
+
+- Update to 1.33.0
+  - Features
+    - Update experimental support for MSC3083: restricting room
+      access via group membership. (#9800, #9814)
+    - Add experimental support for handling presence on a worker.
+      (#9819, #9820, #9828, #9850)
+    - Return a new template when an user attempts to renew their
+      account multiple times with the same token, stating that
+      their account is set to expire. This replaces the invalid
+      token template that would previously be shown in this case.
+      This change concerns the optional account validity feature.
+      (#9832)
+  - Bugfixes
+    - Fix tight loop when handling presence replication when using
+      workers. Introduced in v1.33.0rc1. (#9900)
+    - Fixes the OIDC SSO flow when using a public_baseurl value
+      including a non-root URL path. (#9726)
+    - Fix thumbnail generation for some sites with non-standard
+      content types. Contributed by @rkfg. (#9788)
+    - Add some sanity checks to identity server passed to 3PID
+      bind/unbind endpoints. (#9802)
+    - Limit the size of HTTP responses read over federation.
+      (#9833)
+    - Fix a bug which could cause Synapse to get stuck in a loop of
+      resyncing device lists. (#9867)
+    - Fix a long-standing bug where errors from federation did not
+      propagate to the client. (#9868)
+  - Improved Documentation
+    - Add a note to the docker docs mentioning that we mirror
+      upstream's supported Docker platforms. (#9801)
+  - Internal Changes
+    - Add a dockerfile for running Synapse in worker-mode under
+      Complement. (#9162)
+    - Apply pyupgrade across the codebase. (#9786)
+    - Move some replication processing out of generic_worker.
+      (#9796)
+    - Replace HomeServer.get_config() with inline references.
+      (#9815)
+    - Rename some handlers and config modules to not duplicate the
+      top-level module. (#9816)
+    - Fix a long-standing bug which caused max_upload_size to not
+      be correctly enforced. (#9817)
+    - Reduce CPU usage of the user directory by reusing existing
+      calculated room membership. (#9821)
+    - Small speed up for joining large remote rooms. (#9825)
+    - Introduce flake8-bugbear to the test suite and fix some of
+      its lint violations. (#9838)
+    - Only store the raw data in the in-memory caches, rather than
+      objects that include references to e.g. the data stores.
+      (#9845)
+    - Limit length of accepted email addresses. (#9855)
+    - Remove redundant synapse.types.Collection type definition.
+      (#9856)
+    - Handle recently added rate limits correctly when using
+      --no-rate-limit with the demo scripts. (#9858)
+    - Disable invite rate-limiting by default when running the unit
+      tests. (#9871)
+    - Pass a reactor into SynapseSite to make testing easier.
+      (#9874)
+    - Make DomainSpecificString an attrs class. (#9875)
+    - Add type hints to synapse.api.auth and
+      synapse.api.auth_blocking modules. (#9876)
+    - Remove redundant _PushHTTPChannel test class. (#9878)
+    - Remove backwards-compatibility code for Python versions <
+      3.6. (#9879)
+    - Small performance improvement around handling new local
+      presence updates. (#9887)
+- refreshed patches:
+  dont-bump-cryptography-with-system-openssl.patch
+  matrix-synapse-1.4.1-paths.patch
+
 -------------------------------------------------------------------
 Thu Apr 22 11:12:46 UTC 2021 - Marcus Rueckert <mrueckert@suse.de>
 
diff --git a/matrix-synapse.obsinfo b/matrix-synapse.obsinfo
index c4fbf38..ad7d02a 100644
--- a/matrix-synapse.obsinfo
+++ b/matrix-synapse.obsinfo
@@ -1,5 +1,5 @@
 name: matrix-synapse
-version: 1.32.2
-mtime: 1619086171
-commit: dac44459348bd1d771a2dd6970f2a9e6532ee85f
+version: 1.33.1
+mtime: 1620306398
+commit: ac88aca7f7acc2ce909db230682f93bb4e2ff73b
 
diff --git a/matrix-synapse.spec b/matrix-synapse.spec
index b517715..43cea87 100644
--- a/matrix-synapse.spec
+++ b/matrix-synapse.spec
@@ -45,7 +45,7 @@
 %define         pkgname matrix-synapse
 %define         eggname matrix_synapse
 Name:           %{pkgname}
-Version:        1.32.2
+Version:        1.33.1
 Release:        0
 Summary:        Matrix protocol reference homeserver
 License:        Apache-2.0
@@ -74,6 +74,8 @@ BuildRequires:  unzip
 Requires(pre):  shadow
 Requires:       python3-base >= 3.5
 # NOTE: Keep this is in the same order as synapse/python_dependencie.py.
+BuildRequires:  python3-Jinja2 >= 2.9
+%requires_eq    python3-Jinja2
 BuildRequires:  python3-Pillow >= 4.3.0
 %requires_eq    python3-Pillow
 BuildRequires:  python3-PyNaCl >= 1.2.1
@@ -82,14 +84,16 @@ BuildRequires:  python3-PyYAML >= 3.11
 %requires_eq    python3-PyYAML
 BuildRequires:  python3-Twisted >= 20.3.0
 %requires_eq    python3-Twisted
-BuildRequires:  python3-attrs >= 17.4.0
+BuildRequires:  (python3-attrs >= 19.1.0 with python3-attrs < 21.1.0)
 %requires_eq    python3-attrs
 BuildRequires:  python3-bcrypt >= 3.2.0
 %requires_eq    python3-bcrypt
 BuildRequires:  python3-bleach >= 1.4.3
 %requires_eq    python3-bleach
-BuildRequires:  python3-canonicaljson >= 1.3.0
+BuildRequires:  python3-canonicaljson >= 1.4.0
 %requires_eq    python3-canonicaljson
+BuildRequires:  python3-cryptography
+%requires_eq    python3-cryptography
 BuildRequires:  python3-frozendict >= 1
 %requires_eq    python3-frozendict
 BuildRequires:  python3-idna >= 2.5
@@ -132,10 +136,6 @@ BuildRequires:  python3-unpaddedbase64 >= 1.1.0
 %requires_eq    python3-unpaddedbase64
 # Specify all CONDITIONAL_REQUIREMENTS (we Require them to avoid no-recommends
 # breaking very commonly-used bits of matrix-synapse such as postgresql).
-%if %{with email_notifs}
-BuildRequires:  python3-Jinja2 >= 2.9
-%requires_eq    python3-Jinja2
-%endif
 %if %{with ldap}
 BuildRequires:  python3-matrix-synapse-ldap3 >= 0.1
 %requires_eq    python3-matrix-synapse-ldap3
diff --git a/series b/series
index 2b23912..01c541c 100644
--- a/series
+++ b/series
@@ -1 +1,2 @@
 matrix-synapse-1.4.1-paths.patch
+dont-bump-cryptography-with-system-openssl.patch

From 85934a8339c68052c7190c9da8416c2ded3823f6f96e75046f9c8601cc57a68a Mon Sep 17 00:00:00 2001
From: Aleksa Sarai <asarai@suse.com>
Date: Tue, 11 May 2021 14:14:47 +0000
Subject: [PATCH 2/2] Accepting request 892256 from home:darix:apps

- Update to 1.33.2
  Due to the security issue highlighted below, server
  administrators are encouraged to update Synapse. We are not aware
  of these vulnerabilities being exploited in the wild.
  Security advisory
  This release fixes a denial of service attack (CVE-2021-29471)
  against Synapse's push rules implementation. Server admins are
  encouraged to upgrade.
  - Internal Changes
    - Unpin attrs dependency. (#9946)

OBS-URL: https://build.opensuse.org/request/show/892256
OBS-URL: https://build.opensuse.org/package/show/network:messaging:matrix/matrix-synapse?expand=0&rev=176
---
 _service                      |  2 +-
 matrix-synapse-1.33.1.obscpio |  3 ---
 matrix-synapse-1.33.2.obscpio |  3 +++
 matrix-synapse-test.spec      |  2 +-
 matrix-synapse.changes        | 16 ++++++++++++++++
 matrix-synapse.obsinfo        |  6 +++---
 matrix-synapse.spec           |  4 ++--
 7 files changed, 26 insertions(+), 10 deletions(-)
 delete mode 100644 matrix-synapse-1.33.1.obscpio
 create mode 100644 matrix-synapse-1.33.2.obscpio

diff --git a/_service b/_service
index bade60a..b1c84d6 100644
--- a/_service
+++ b/_service
@@ -4,7 +4,7 @@
     <param name="versionformat">@PARENT_TAG@</param>
     <param name="url">https://github.com/matrix-org/synapse.git</param>
     <param name="scm">git</param>
-    <param name="revision">v1.33.1</param>
+    <param name="revision">v1.33.2</param>
     <param name="versionrewrite-pattern">v(.*)</param>
     <param name="versionrewrite-replacement">\1</param>
     <!--
diff --git a/matrix-synapse-1.33.1.obscpio b/matrix-synapse-1.33.1.obscpio
deleted file mode 100644
index 71df0a2..0000000
--- a/matrix-synapse-1.33.1.obscpio
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:1383a9491e44c5730b8f487cdf44eaaa9029d90d9b0f9d010beb80500689510a
-size 30060045
diff --git a/matrix-synapse-1.33.2.obscpio b/matrix-synapse-1.33.2.obscpio
new file mode 100644
index 0000000..964a1be
--- /dev/null
+++ b/matrix-synapse-1.33.2.obscpio
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:5177d693f414c3a6812f9e1c24c646c638ebc1fdd701c0857441f7d051cdfd06
+size 30069261
diff --git a/matrix-synapse-test.spec b/matrix-synapse-test.spec
index 37517f8..0a8f106 100644
--- a/matrix-synapse-test.spec
+++ b/matrix-synapse-test.spec
@@ -27,7 +27,7 @@
 
 %define         pkgname matrix-synapse
 Name:           %{pkgname}-test
-Version:        1.33.1
+Version:        1.33.2
 Release:        0
 Summary:        Test package for %{pkgname}
 License:        Apache-2.0
diff --git a/matrix-synapse.changes b/matrix-synapse.changes
index 2574d1a..c9ccc33 100644
--- a/matrix-synapse.changes
+++ b/matrix-synapse.changes
@@ -1,3 +1,19 @@
+-------------------------------------------------------------------
+Tue May 11 13:46:25 UTC 2021 - Marcus Rueckert <mrueckert@suse.de>
+
+- Update to 1.33.2
+  Due to the security issue highlighted below, server
+  administrators are encouraged to update Synapse. We are not aware
+  of these vulnerabilities being exploited in the wild.
+
+  Security advisory
+  This release fixes a denial of service attack (CVE-2021-29471)
+  against Synapse's push rules implementation. Server admins are
+  encouraged to upgrade.
+
+  - Internal Changes
+    - Unpin attrs dependency. (#9946)
+
 -------------------------------------------------------------------
 Thu May  6 14:44:02 UTC 2021 - Marcus Rueckert <mrueckert@suse.de>
 
diff --git a/matrix-synapse.obsinfo b/matrix-synapse.obsinfo
index ad7d02a..24c681d 100644
--- a/matrix-synapse.obsinfo
+++ b/matrix-synapse.obsinfo
@@ -1,5 +1,5 @@
 name: matrix-synapse
-version: 1.33.1
-mtime: 1620306398
-commit: ac88aca7f7acc2ce909db230682f93bb4e2ff73b
+version: 1.33.2
+mtime: 1620738586
+commit: d1473f7362e9b146dbd256076c8e3c7d163e7d94
 
diff --git a/matrix-synapse.spec b/matrix-synapse.spec
index 43cea87..85defbb 100644
--- a/matrix-synapse.spec
+++ b/matrix-synapse.spec
@@ -45,7 +45,7 @@
 %define         pkgname matrix-synapse
 %define         eggname matrix_synapse
 Name:           %{pkgname}
-Version:        1.33.1
+Version:        1.33.2
 Release:        0
 Summary:        Matrix protocol reference homeserver
 License:        Apache-2.0
@@ -84,7 +84,7 @@ BuildRequires:  python3-PyYAML >= 3.11
 %requires_eq    python3-PyYAML
 BuildRequires:  python3-Twisted >= 20.3.0
 %requires_eq    python3-Twisted
-BuildRequires:  (python3-attrs >= 19.1.0 with python3-attrs < 21.1.0)
+BuildRequires:  ((python3-attrs >= 19.1.0 with python3-attrs < 21.1.0) or python3-attrs > 21.1.0)
 %requires_eq    python3-attrs
 BuildRequires:  python3-bcrypt >= 3.2.0
 %requires_eq    python3-bcrypt