Accepting request 1091083 from home:darix:apps

- Update to 1.85.0 - Security - GHSA-26c5-ppr8-f33p / CVE-2023-32682 — Low Severity It may be possible for a deactivated user to login when using uncommon configurations. (boo#1212055) - GHSA-98px-6486-j7qc / CVE-2023-32683 — Low Severity A discovered oEmbed or image URL can bypass the url_preview_url_blacklist setting potentially allowing server side request forgery or bypassing network policies. Impact is limited to IP addresses allowed by the url_preview_ip_range_blacklist setting (by default this only allows public IPs). (boo#1212054) OBS-URL: https://build.opensuse.org/request/show/1091083 OBS-URL: https://build.opensuse.org/package/show/network:messaging:matrix/matrix-synapse?expand=0&rev=273
2023-06-07 07:12:52 +00:00 · 2023-06-07 07:12:52 +00:00 · 3cde411618
commit 3cde411618
parent 0429a50e14
8 changed files with 256 additions and 25 deletions
--- a/4
+++ b/4
@ -4,11 +4,11 @@
    <param name="versionformat">@PARENT_TAG@</param>
    <param name="url">https://github.com/matrix-org/synapse.git</param>
    <param name="scm">git</param>
-    <param name="revision">v1.83.0</param>
+    <param name="revision">v1.85.0</param>
    <param name="versionrewrite-pattern">v(.*)</param>
    <param name="versionrewrite-replacement">\1</param>
    <!--
-    <param name="revision">v1.84.0rc1</param>
+    <param name="revision">v1.86.0rc1</param>
    <param name="versionrewrite-pattern">v([\.\d]+)(rc.*)</param>
    <param name="versionrewrite-replacement">\1~\2</param>
    -->
--- a/matrix-synapse-1.83.0.obscpio
+++ b/matrix-synapse-1.83.0.obscpio
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:a9fc44ead7fcad3c2b75f70e3fd0413a8b0f90c2deb8af55353ca46f4b9acedc
-size 34930189
--- a/matrix-synapse-1.85.0.obscpio
+++ b/matrix-synapse-1.85.0.obscpio
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:5429de1080c5132f493bc0c6b047969a764b9f129cfe309ed619fdc2d0b47520
+size 35069965
--- a/matrix-synapse-test.spec
+++ b/matrix-synapse-test.spec
@ -27,7 +27,7 @@

 %define         pkgname matrix-synapse
 Name:           %{pkgname}-test
-Version:        1.83.0
+Version:        1.85.0
 Release:        0
 Summary:        Test package for %{pkgname}
 License:        Apache-2.0
--- a/matrix-synapse.changes
+++ b/matrix-synapse.changes
@ -1,3 +1,236 @@
+-------------------------------------------------------------------
+Tue Jun  6 11:34:10 UTC 2023 - Marcus Rueckert <mrueckert@suse.de>
+
+- make use that the pythons define and use_python do not diverge by
+  moving them closer to each other.
+
+-------------------------------------------------------------------
+Tue Jun  6 10:06:46 UTC 2023 - Marcus Rueckert <mrueckert@suse.de>
+
+- Update to 1.85.0
+  - Security
+
+    - GHSA-26c5-ppr8-f33p / CVE-2023-32682 — Low Severity It may be
+      possible for a deactivated user to login when using uncommon
+      configurations. (boo#1212055)
+
+    - GHSA-98px-6486-j7qc / CVE-2023-32683 — Low Severity A
+      discovered oEmbed or image URL can bypass the
+      url_preview_url_blacklist setting potentially allowing server
+      side request forgery or bypassing network policies. Impact is
+      limited to IP addresses allowed by the
+      url_preview_ip_range_blacklist setting (by default this only
+      allows public IPs). (boo#1212054) 
+
+  - Features
+    - Improve performance of backfill requests by performing
+      backfill of previously failed requests in the background.
+      (#15585)
+    - Add a new admin API to create a new device for a user.
+      (#15611)
+    - Add Unix socket support for Redis connections. Contributed by
+      Jason Little. (#15644)
+  - Bugfixes
+    - Fix a performance issue introduced in Synapse v1.83.0 which
+      meant that purging rooms was very slow and
+      database-intensive. (#15693)
+    - Fix a long-standing bug where setting the read marker could
+      fail when using message retention. Contributed by Nick @
+      Beeper (@Fizzadar). (#15464)
+    - Fix a long-standing bug where the url_preview_url_blacklist
+      configuration setting was not applied to oEmbed or image URLs
+      found while previewing a URL. (#15601)
+    - Fix a long-standing bug where filters with multiple
+      backslashes were rejected. (#15607)
+    - Fix a bug introduced in Synapse 1.82.0 where the error
+      message displayed when validation of the
+      app_service_config_files config option fails would be
+      incorrectly formatted. (#15614)
+    - Fix a long-standing bug where deactivated users were still
+      able to login using the custom org.matrix.login.jwt login
+      type (if enabled). (#15624)
+    - Fix a long-standing bug where deactivated users were able to
+      login in uncommon situations. (#15634)
+  - Improved Documentation
+    - Warn users that at least 3.75GB of space is needed for the
+      nix Synapse development environment. (#15613)
+    - Remove outdated comment from the generated and sample
+      homeserver log configs. (#15648)
+    - Improve contributor docs to make it more clear that Rust is a
+      necessary prerequisite. Contributed by @grantm. (#15668)
+  - Deprecations and Removals
+    - Deprecate calling the /register endpoint with an unspecced
+      user property for application services. (#15703)
+    - Remove the old version of the R30 (30-day retained users)
+      phone-home metric. (#10428)
+  - Internal Changes
+    - Speed up background jobs populate_full_user_id_user_filters
+      and populate_full_user_id_profiles. (#15700)
+    - Create dependabot changelogs at release time. (#15481)
+    - Add not null constraint to column full_user_id of tables
+      profiles and user_filters. (#15537)
+    - Allow connecting to HTTP Replication Endpoints by using
+      worker_name when constructing the request. (#15578)
+    - Make the thread_id column on event_push_actions,
+      event_push_actions_staging, and event_push_summary non-null.
+      (#15597)
+    - Run mypy type checking with the minimum supported Python
+      version to catch new usage that isn't backwards-compatible.
+      (#15602)
+    - Fix subscriptable type usage in Python <3.9. (#15604)
+    - Update internal terminology. (#15606, #15620)
+    - Instrument state and state_group storage-related operations
+      to better picture what's happening when tracing. (#15610,
+      #15647)
+    - Trace how many new events from the backfill response we need
+      to process. (#15633)
+    - Re-type config paths in ConfigErrors to be StrSequences
+      instead of Iterable[str]s. (#15615)
+    - Update Mutual Rooms (MSC2666) implementation to match new
+      proposal text. (#15621)
+    - Remove the unstable identifiers from faster joins (MSC3706).
+      (#15625)
+    - Fix the olddeps CI. (#15626)
+    - Remove duplicate timestamp from test logs
+      (_trial_temp/test.log). (#15636)
+    - Fix two memory leaks in trial test runs. (#15630)
+    - Limit the size of the HomeServerConfig cache in trial test
+      runs. (#15646)
+    - Improve type hints. (#15658, #15659)
+    - Add requesting user id parameter to key claim methods in
+      TransportLayerClient. (#15663)
+    - Speed up rebuilding of the user directory for local users.
+      (#15665)
+    - Implement "option 2" for MSC3820: Room version 11. (#15666,
+      #15678)
+
+-------------------------------------------------------------------
+Fri May 26 19:16:23 UTC 2023 - Marcus Rueckert <mrueckert@suse.de>
+
+- Update to 1.84.1
+  This patch release fixes a major issue with homeservers that do
+  not have an instance_map defined but which do use workers. If you
+  have already upgraded to Synapse 1.84.0 and your homeserver is
+  working normally, then there is no need to update to this patch
+  release.
+
+  - Bugfixes
+    - Fix a bug introduced in Synapse v1.84.0 where workers do not
+      start up when no instance_map was provided. (#15672)
+  - Internal Changes
+    - Add dch and notify-send to the development Nix flake so that
+      the release script can be used. (#15673)
+
+-------------------------------------------------------------------
+Wed May 24 00:15:46 UTC 2023 - Marcus Rueckert <mrueckert@suse.de>
+
+- Update to 1.84.0
+  The worker_replication_* configuration settings have been
+  deprecated in favour of configuring the main process consistently
+  with other instances in the instance_map. The deprecated settings
+  will be removed in Synapse v1.88.0, but changing your
+  configuration in advance is recommended. See the upgrade notes
+  for more information.
+
+  https://github.com/matrix-org/synapse/blob/release-v1.84/docs/upgrade.md#upgrading-to-v1840
+
+  - Features
+    - Add an option to prevent media downloads from configured
+      domains. (#15197)
+    - Add forget_rooms_on_leave config option to automatically
+      forget rooms when users leave them or are removed from them.
+      (#15224)
+    - Add redis TLS configuration options. (#15312)
+    - Add a config option to delay push notifications by a random
+      amount, to discourage time-based profiling. (#15516)
+    - Stabilize support for MSC2659: application service ping
+      endpoint. Contributed by Tulir @ Beeper. (#15528)
+    - Implement MSC4009 to expand the supported characters in
+      Matrix IDs. (#15536)
+    - Advertise support for Matrix 1.6 on /_matrix/client/versions.
+      (#15559)
+    - Print full error and stack-trace of any exception that occurs
+      during startup/initialization. (#15569)
+  - Bugfixes
+    - Fix a bug introduced in Synapse 1.84.0rc1 where errors during
+      startup were not reported correctly on Python < 3.10.
+      (#15599)
+    - Don't fail on federation over TOR where SRV queries are not
+      supported. Contributed by Zdzichu. (#15523)
+    - Experimental support for MSC4010 which rejects setting the
+      "m.push_rules" via account data. (#15554, #15555)
+    - Fix a long-standing bug where an invalid membership event
+      could cause an internal server error. (#15564)
+    - Require at least poetry-core v1.1.0. (#15566, #15571)
+  - Deprecations and Removals
+    - Remove need for worker_replication_* based settings in worker
+      configuration yaml by placing this data directly on the
+      instance_map instead. (#15491)
+  - Updates to the Docker image
+    - Add pkg-config package to Stage 0 to be able to build
+      Dockerfile on ppc64le architecture. (#15567)
+  - Improved Documentation
+    - Clarify documentation of the "Create or modify account" Admin
+      API. (#15544)
+    - Fix path to the statistics/database/rooms admin API in
+      documentation. (#15560)
+    - Update and improve Mastodon Single Sign-On documentation.
+      (#15587)
+  - Internal Changes
+    - Use oEmbed to generate URL previews for YouTube Shorts.
+      (#15025)
+    - Create new Client for use with HTTP Replication between
+      workers. Contributed by Jason Little. (#15470)
+    - Remove need for worker_replication_* based settings in worker
+      configuration yaml by placing this data directly on the
+      instance_map instead. (#15491)
+    - Bump pyicu from 2.10.2 to 2.11. (#15509)
+    - Remove references to supporting per-user flag for MSC2654.
+      (#15522)
+    - Don't use a trusted key server when running the demo scripts.
+      (#15527)
+    - Speed up rebuilding of the user directory for local users.
+      (#15529)
+    - Speed up deleting of old rows in event_push_actions. (#15531)
+    - Install the xmlsec and mdbook packages and switch back to the
+      upstream cachix/devenv repo in the nix development
+      environment. (#15532, #15533, #15545)
+    - Implement MSC3987 by removing "dont_notify" from the list of
+      actions in default push rules. (#15534)
+    - Move various module API callback registration methods to a
+      dedicated class. (#15535)
+    - Proxy /user/devices federation queries to application
+      services for MSC3984. (#15539)
+    - Factor out an is_mine_server_name method. (#15542)
+    - Allow running Complement tests using podman by adding a
+      PODMAN environment variable to scripts-dev/complement.sh.
+      (#15543)
+    - Bump serde from 1.0.160 to 1.0.162. (#15548)
+    - Bump types-setuptools from 67.6.0.5 to 67.7.0.1. (#15549)
+    - Bump sentry-sdk from 1.19.1 to 1.22.1. (#15550)
+    - Bump ruff from 0.0.259 to 0.0.265. (#15551)
+    - Bump hiredis from 2.2.2 to 2.2.3. (#15552)
+    - Bump types-requests from 2.29.0.0 to 2.30.0.0. (#15553)
+    - Add org.matrix.msc3981 info to /_matrix/client/versions.
+      (#15558)
+    - Declare unstable support for MSC3391 under
+      /_matrix/client/versions if the experimental implementation
+      is enabled. (#15562)
+    - Implement MSC3821 to update the redaction rules. (#15563)
+    - Implement updated redaction rules from MSC3389. (#15565)
+    - Allow pip install to use setuptools_rust 1.6.0 when building
+      Synapse. (#15570)
+    - Deal with upcoming Github Actions deprecations. (#15576)
+    - Export run_as_background_process from the module API.
+      (#15577)
+    - Update build system requirements to allow building with
+      poetry-core==1.6.0. (#15588)
+    - Bump serde from 1.0.162 to 1.0.163. (#15589)
+    - Bump phonenumbers from 8.13.7 to 8.13.11. (#15590)
+    - Bump types-psycopg2 from 2.9.21.9 to 2.9.21.10. (#15591)
+    - Bump types-commonmark from 0.9.2.2 to 0.9.2.3. (#15592)
+    - Bump types-setuptools from 67.7.0.1 to 67.7.0.2. (#15594)
+
 -------------------------------------------------------------------
 Tue May  9 18:58:15 UTC 2023 - Marcus Rueckert <mrueckert@suse.de>

--- a/matrix-synapse.obsinfo
+++ b/matrix-synapse.obsinfo
@ -1,4 +1,4 @@
 name: matrix-synapse
-version: 1.83.0
-mtime: 1683648828
-commit: 64a11fb61fac47f652858d7e2109d077874135e0
+version: 1.85.0
+mtime: 1686042381
+commit: ec71214243eac58a4a6d272c15441a6405f6ae9c
--- a/matrix-synapse.spec
+++ b/matrix-synapse.spec
@ -37,8 +37,9 @@
 %global matrix_common_max_version     2
 %global msgpack_version               1.0.5
 %global netaddr_version               0.8.0
+# TODO: 8.13.11
 %global phonenumbers_version          8.13.5
-%global prometheus_client_version     0.16.0
+%global prometheus_client_version     0.17.0
 %global psutil_version                2.0.0
 %global pyOpenSSL_version             23.0.0
 %global pyasn1_version                0.4.8
@ -60,14 +61,16 @@
 %global pysaml2_version               7.2.1
 %global Authlib_version               1.2.0
 %global lxml_version                  4.9.2
-%global sentry_sdk_version            1.19.0
+%global sentry_sdk_version            1.22.1
 %global PyJWT_version                 2.4.0
 %global jaeger_client_version         4.8.0
 %global opentracing_version           2.4.0
+# TODO: 2.2.3
 %global hiredis_version               2.2.2
 %global txredisapi_version            1.4.9
 %global Pympler_version               1.0.1
 %global pydantic_version              1.9.1
+# TODO: 2.10.2
 %global pyicu_version                 2.10.2
 %else
 # some version locks based on poetry.lock
@ -121,8 +124,10 @@
 %endif

 %define requires_peq() %(echo '%*' | LC_ALL=C xargs -r rpm -q --whatprovides --qf 'Requires: %%{name} = %%{epoch}:%%{version}\\n' | sed -e 's/ (none):/ /' -e 's/ 0:/ /' | grep -v "is not")
-# only switch this back to python3 when immutabledict supports the current default python version
-%define pythons python3
+
+%define use_python python3
+
+%define pythons %{use_python}

 # These come from matrix-synapse's CONDITIONAL_REQUIREMENTS.
 # missing deps
@ -145,18 +150,11 @@
 #   https://github.com/matrix-org/synapse/releases or synapse/CHANGES.md
 # * Commit+submit

-#if 0%{?suse_version} >= 1550
-#define use_python python38
-#define __python3 #{_bindir}/python3
-#else
-%define use_python python310
-#endif
-
 %define         modname synapse
 %define         pkgname matrix-synapse
 %define         eggname matrix_synapse
 Name:           %{pkgname}
-Version:        1.83.0
+Version:        1.85.0
 Release:        0
 Summary:        Matrix protocol reference homeserver
 License:        Apache-2.0
@ -181,7 +179,6 @@ Patch1:         bump-dependencies.patch
 Source100:      10719-Fix-instert-of-duplicate-key-into-event_json.patch
 BuildRequires:  %{use_python}-base >= 3.8
 BuildRequires:  %{use_python}-pip
-BuildRequires:  %{use_python}-poetry-core >= 1.0.0
 BuildRequires:  %{use_python}-setuptools
 BuildRequires:  %{use_python}-wheel
 BuildRequires:  cargo
@ -191,10 +188,11 @@ BuildRequires:  systemd-rpm-macros
 BuildRequires:  sysuser-shadow
 BuildRequires:  sysuser-tools
 BuildRequires:  unzip
+BuildRequires:  (%{use_python}-poetry-core >= 1.0.0 with %{use_python}-poetry-core =< 1.6.1)
 %{?systemd_ordering}
 %{sysusers_requires}
 %requires_peq   %{use_python}-base
-BuildRequires:  (%{use_python}-setuptools-rust >= 1.3 with %{use_python}-setuptools-rust < 1.7.0)
+BuildRequires:  (%{use_python}-setuptools-rust >= 1.3 with %{use_python}-setuptools-rust =< 1.6.0)
 # NOTE: Keep this is in the same order as pyproject.toml.
 # some version locks based on poetry.lock
 BuildRequires:  %{use_python}-Jinja2 >= %{Jinja2_version}
--- a/vendor.tar.zst
+++ b/vendor.tar.zst
@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:b1ce7e6b94bc9019311f5e8a5da798e973cab8b81b2a6a5031b44f84f625f849
-size 8818682
+oid sha256:a1a27815d8c0b6e477437aa0e80e78e5a0ae37645b0bf46061fb9e1cc6f485ac
+size 8787173