Accepting request 915279 from home:darix:apps

- Update to 1.41.1 OBS-URL: https://build.opensuse.org/request/show/915279 OBS-URL: https://build.opensuse.org/package/show/network:messaging:matrix/matrix-synapse?expand=0&rev=191
2021-08-31 14:35:09 +00:00 · 2021-08-31 14:35:09 +00:00 · 5bd783aded
commit 5bd783aded
parent 3387a730b2
7 changed files with 55 additions and 11 deletions
--- a/2
+++ b/2
@ -4,7 +4,7 @@
    <param name="versionformat">@PARENT_TAG@</param>
    <param name="url">https://github.com/matrix-org/synapse.git</param>
    <param name="scm">git</param>
-    <param name="revision">v1.41.0</param>
+    <param name="revision">v1.41.1</param>
    <param name="versionrewrite-pattern">v(.*)</param>
    <param name="versionrewrite-replacement">\1</param>
    <!--
--- a/matrix-synapse-1.41.0.obscpio
+++ b/matrix-synapse-1.41.0.obscpio
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:e01b511c001907a2d809cc1fd9500946dfa9f7333de81150bbedcf807d9c002e
-size 30903309
--- a/matrix-synapse-1.41.1.obscpio
+++ b/matrix-synapse-1.41.1.obscpio
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:551b407807772a38984769b5c74e7767d3f60e02a282a51533894236a7f39641
+size 30918669
--- a/matrix-synapse-test.spec
+++ b/matrix-synapse-test.spec
@ -27,7 +27,7 @@

 %define         pkgname matrix-synapse
 Name:           %{pkgname}-test
-Version:        1.41.0
+Version:        1.41.1
 Release:        0
 Summary:        Test package for %{pkgname}
 License:        Apache-2.0
--- a/matrix-synapse.changes
+++ b/matrix-synapse.changes
@ -1,3 +1,47 @@
+-------------------------------------------------------------------
+Tue Aug 31 14:21:51 UTC 2021 - Marcus Rueckert <mrueckert@suse.de>
+
+- Update to 1.41.1
+  Due to the two security issues highlighted below, server
+  administrators are encouraged to update Synapse. We are not aware
+  of these vulnerabilities being exploited in the wild.
+
+  - Security advisory
+    The following issues are fixed in v1.41.1.
+
+    - GHSA-3x4c-pq33-4w3q / CVE-2021-39164: Enumerating a private
+      room's list of members and their display names.
+
+      If an unauthorized user both knows the Room ID of a private
+      room and that room's history visibility is set to shared,
+      then they may be able to enumerate the room's members,
+      including their display names.
+
+      The unauthorized user must be on the same homeserver as a
+      user who is a member of the target room.
+
+      Fixed by 52c7a51cf.
+
+    - GHSA-jj53-8fmw-f2w2 / CVE-2021-39163: Disclosing a private
+      room's name, avatar, topic, and number of members.
+
+      If an unauthorized user knows the Room ID of a private room,
+      then its name, avatar, topic, and number of members may be
+      disclosed through Group / Community features.
+
+      The unauthorized user must be on the same homeserver as a
+      user who is a member of the target room, and their homeserver
+      must allow non-administrators to create groups
+      (enable_group_creation in the Synapse configuration; off by
+      default).
+
+      Fixed by cb35df940a, #10723.
+
+  - Bugfixes
+    - Fix a regression introduced in Synapse 1.41 which broke email
+      transmission on systems using older versions of the Twisted
+      library. (#10713)
+
 -------------------------------------------------------------------
 Tue Aug 24 16:07:40 UTC 2021 - Marcus Rueckert <mrueckert@suse.de>

@ -1734,9 +1778,9 @@ Wed Jan 13 12:28:54 UTC 2021 - Marcus Rueckert <mrueckert@suse.de>
  deprecated and will be removed in a future release. They will be
  replaced by the Delete Room APIe

-	POST /_synapse/admin/v1/rooms/<room_id>/delete replaces
+  POST /_synapse/admin/v1/rooms/<room_id>/delete replaces
  POST /_synapse/admin/v1/purge_room and
-	POST /_synapse/admin/v1/shutdown_room/<room_id>.
+  POST /_synapse/admin/v1/shutdown_room/<room_id>.

  - Features
    - Add an admin API that lets server admins get power in rooms
--- a/matrix-synapse.obsinfo
+++ b/matrix-synapse.obsinfo
@ -1,5 +1,5 @@
 name: matrix-synapse
-version: 1.41.0
-mtime: 1629817593
-commit: f03cafb50c49a1569f1f99485f9cc42abfdc7b21
+version: 1.41.1
+mtime: 1630413808
+commit: a4c8a2f08b735266fbbe2f259e640f00dc5e3a00

--- a/matrix-synapse.spec
+++ b/matrix-synapse.spec
@ -47,7 +47,7 @@
 %define         pkgname matrix-synapse
 %define         eggname matrix_synapse
 Name:           %{pkgname}
-Version:        1.41.0
+Version:        1.41.1
 Release:        0
 Summary:        Matrix protocol reference homeserver
 License:        Apache-2.0