Accepting request 841978 from home:darix:apps

- prepare to support more optional features in the buildrequires (oidc/redis). failing atm due to missing libraries - Update to 1.21.2 - Security advisory - HTML pages served via Synapse were vulnerable to cross-site scripting (XSS) attacks. All server administrators are encouraged to upgrade. (#8444) (CVE-2020-26891) - This fix was originally included in v1.21.0 but was missing a security advisory. This was reported by Denis Kasak. - Bugfixes - Fix rare bug where sending an event would fail due to a racey assertion. (#8530) - An updated version of the authlib dependency is included in the Docker and Debian images to fix an issue using OpenID Connect. See #8534 for details. OBS-URL: https://build.opensuse.org/request/show/841978 OBS-URL: https://build.opensuse.org/package/show/network:messaging:matrix/matrix-synapse?expand=0&rev=147
2020-10-15 17:17:52 +00:00 · 2020-10-15 17:17:52 +00:00 · 4c5b1c1305
commit 4c5b1c1305
parent 7803f922fb
7 changed files with 44 additions and 9 deletions
--- a/2
+++ b/2
@ -4,7 +4,7 @@
    <param name="versionformat">@PARENT_TAG@</param>
    <param name="url">https://github.com/matrix-org/synapse.git</param>
    <param name="scm">git</param>
-    <param name="revision">v1.21.1</param>
+    <param name="revision">v1.21.2</param>
    <param name="versionrewrite-pattern">v(.*)</param>
    <param name="versionrewrite-replacement">\1</param>
    <!--
--- a/matrix-synapse-1.21.1.obscpio
+++ b/matrix-synapse-1.21.1.obscpio
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:376af40c3224e3c343eae7118656cf6baf5a3b934130a00e80a0761c9c07c562
-size 28527629
--- a/matrix-synapse-1.21.2.obscpio
+++ b/matrix-synapse-1.21.2.obscpio
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:dfd64b2877d1dc86bf724937719ae41c82817fa383008a83db1bacf237b4dd66
+size 28528653
--- a/matrix-synapse-test.spec
+++ b/matrix-synapse-test.spec
@ -32,7 +32,7 @@

 %define         pkgname matrix-synapse
 Name:           %{pkgname}-test
-Version:        1.21.1
+Version:        1.21.2
 Release:        0
 Summary:        Test package for %{pkgname}
 License:        Apache-2.0
--- a/matrix-synapse.changes
+++ b/matrix-synapse.changes
@ -1,3 +1,26 @@
+-------------------------------------------------------------------
+Thu Oct 15 17:16:29 UTC 2020 - Marcus Rueckert <mrueckert@suse.de>
+
+- prepare to support more optional features in the buildrequires
+  (oidc/redis). failing atm due to missing libraries
+
+-------------------------------------------------------------------
+Thu Oct 15 16:45:55 UTC 2020 - Marcus Rueckert <mrueckert@suse.de>
+
+- Update to 1.21.2 
+  - Security advisory
+    - HTML pages served via Synapse were vulnerable to cross-site
+      scripting (XSS) attacks. All server administrators are
+      encouraged to upgrade. (#8444) (CVE-2020-26891)
+    - This fix was originally included in v1.21.0 but was missing a
+      security advisory.  This was reported by Denis Kasak.
+  - Bugfixes
+    - Fix rare bug where sending an event would fail due to a racey
+      assertion. (#8530)
+    - An updated version of the authlib dependency is included in
+      the Docker and Debian images to fix an issue using OpenID
+      Connect. See #8534 for details.
+
 -------------------------------------------------------------------
 Wed Oct 14 16:09:43 UTC 2020 - Marcus Rueckert <mrueckert@suse.de>

--- a/matrix-synapse.obsinfo
+++ b/matrix-synapse.obsinfo
@ -1,5 +1,5 @@
 name: matrix-synapse
-version: 1.21.1
-mtime: 1602581236
-commit: 58e583eac1204e6eee6ee924a798180542f1e2c0
+version: 1.21.2
+mtime: 1602772423
+commit: 9b8a53c7b9e1a3ca5f46e417b9fa705f8bacb494

--- a/matrix-synapse.spec
+++ b/matrix-synapse.spec
@ -19,9 +19,11 @@
 # These come from matrix-synapse's CONDITIONAL_REQUIREMENTS.
 %bcond_without email_notifs
 %bcond_without postgres
+%bcond_with    oidc
 %bcond_without saml
 %bcond_without url_preview
 %bcond_without jwt
+%bcond_with    redis
 # missing deps
 %bcond_with    opentracing
 # matrix-synapse-ldap isn't packaged on openSUSE.
@ -46,7 +48,7 @@
 %define         modname synapse
 %define         pkgname matrix-synapse
 Name:           %{pkgname}
-Version:        1.21.1
+Version:        1.21.2
 Release:        0
 Summary:        Matrix protocol reference homeserver
 License:        Apache-2.0
@ -154,6 +156,10 @@ BuildRequires:  python3-txacme >= 0.9.2
 BuildRequires:  python3-pysaml2 >= 4.5.0
 %requires_eq    python3-pysaml2
 %endif
+%if %{with oidc}
+BuildRequires:  python3-authlib >= 0.15.1
+%requires_eq    python3-authlib
+%endif
 %if %{with url_preview}
 BuildRequires:  python3-lxml >= 3.5.0
 %requires_eq    python3-lxml
@ -172,6 +178,12 @@ BuildRequires:  python3-jaeger-client >= 4.0.0
 BuildRequires:  python3-opentracing   >= 2.2.0
 %requires_eq    python3-opentracing
 %endif
+%if %{with redis}
+BuildRequires:  python3-txredisapi >= 1.4.7
+%requires_eq    python3-txredisapi
+BuildRequires:  python3-hiredis
+%requires_eq    python3-hiredis
+%endif
 BuildArch:      noarch
 # We only provide/obsolete python2 to ensure that users upgrade.
 Obsoletes:      python2-matrix-synapse < %{version}-%{release}