diff --git a/_service b/_service
index f77625c..d4d9fae 100644
--- a/_service
+++ b/_service
@@ -4,11 +4,11 @@
@PARENT_TAG@
https://github.com/matrix-org/synapse.git
git
- v1.91.2
+ v1.93.0
v(.*)
\1
diff --git a/matrix-synapse-1.91.2.obscpio b/matrix-synapse-1.91.2.obscpio
deleted file mode 100644
index ecfa6cd..0000000
--- a/matrix-synapse-1.91.2.obscpio
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:8df6270da824c716c7855c1dbe4426801844378f369274ad9233dd5bc19e0cc2
-size 35482637
diff --git a/matrix-synapse-1.93.0.obscpio b/matrix-synapse-1.93.0.obscpio
new file mode 100644
index 0000000..80e6c1a
--- /dev/null
+++ b/matrix-synapse-1.93.0.obscpio
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:f157afec4f14f73cb310e600cd21e5baa615e8a6ea2597a84fb33a542cb21bee
+size 35584013
diff --git a/matrix-synapse-test.spec b/matrix-synapse-test.spec
index 0a00ce1..2719a64 100644
--- a/matrix-synapse-test.spec
+++ b/matrix-synapse-test.spec
@@ -27,7 +27,7 @@
%define pkgname matrix-synapse
Name: %{pkgname}-test
-Version: 1.91.2
+Version: 1.93.0
Release: 0
Summary: Test package for %{pkgname}
License: Apache-2.0
diff --git a/matrix-synapse.changes b/matrix-synapse.changes
index 8ce5ed7..18bb1bf 100644
--- a/matrix-synapse.changes
+++ b/matrix-synapse.changes
@@ -1,3 +1,146 @@
+-------------------------------------------------------------------
+Tue Sep 26 17:35:26 UTC 2023 - Marcus Rueckert
+
+- Update to 1.93.0
+ The following issues are fixed in 1.93.0 (and RCs).
+
+ GHSA-4f74-84v3-j9q5 / CVE-2023-41335 — Low Severity
+ https://github.com/matrix-org/synapse/security/advisories/GHSA-4f74-84v3-j9q5
+
+ Temporary storage of plaintext passwords during password changes.
+
+ GHSA-7565-cq32-vx2x / CVE-2023-42453 — Low Severity
+ https://github.com/matrix-org/synapse/security/advisories/GHSA-7565-cq32-vx2x
+
+ Improper validation of receipts allows forged read receipts.
+
+ See the advisories for more details. If you have any questions, email security@matrix.org.
+
+
+ - Features
+ - Add automatic purge after all users have forgotten a room.
+ (#15488)
+ - Restore room purge/shutdown after a Synapse restart. (#15488)
+ - Support resolving homeservers using matrix-fed DNS SRV
+ records from MSC4040. (#16137)
+ - Add the ability to use G (GiB) and T (TiB) suffixes in
+ configuration options that refer to numbers of bytes.
+ (#16219)
+ - Add span information to requests sent to appservices.
+ Contributed by MTRNord. (#16227)
+ - Add the ability to enable/disable registrations when using
+ CAS. Contributed by Aurélien Grimpard. (#16262)
+ - Allow the /notifications endpoint to be routed to workers.
+ (#16265)
+ - Enable users to easily unsubscribe to notifications emails
+ via the List-Unsubscribe header. (#16274)
+ - Report whether a user is locked in the List Accounts admin
+ API, and exclude locked users by default. (#16328)
+ - Bugfixes
+ - Fix a long-standing bug where multi-device accounts could
+ cause high load due to presence. (#16066, #16170, #16171,
+ #16172, #16174)
+ - Fix a long-standing bug where appservices using MSC2409 to
+ receive to_device messages would only get messages for one
+ user. (#16251)
+ - Fix bug when using workers where Synapse could end up
+ re-requesting the same remote device repeatedly. (#16252)
+ - Fix long-standing bug where we kept re-requesting a remote
+ server's key repeatedly, potentially causing delays in
+ receiving events over federation. (#16257)
+ - Avoid temporary storage of sensitive information. (#16272)
+ - Fix bug introduced in Synapse 1.49.0 when using dehydrated
+ devices (MSC2697) and refresh tokens. Contributed by Hanadi.
+ (#16288)
+ - Fix a long-standing bug where invalid receipts would be
+ accepted. (#16327)
+ - Use standard name for UTF-8 charset in emails. (#16329)
+ - Don't try refetching device lists for users on remote hosts
+ that are marked as "down". (#16298)
+ - Improved Documentation
+ - Fix typos in the documentation. (#16282)
+ - Link to the Alpine Linux community package for Synapse.
+ (#16304)
+ - Use string for federation_client_minimum_tls_version
+ documentation examples. Contributed by @jcgruenhage. (#16353)
+ - Internal Changes
+ - Allow modules to delete rooms. (#15997)
+ - Add GCC and GNU Make to the Nix flake development environment
+ so that ruff can be compiled. (#16090, #16263)
+ - Fix type checking when using the new version of Twisted.
+ (#16235)
+ - Delete device messages asynchronously and in staged batches
+ using the task scheduler. (#16240, #16311, #16312, #16313)
+ - Bump minimum supported Rust version to 1.61.0. (#16248)
+ - Update rust to version 1.71.1 in the nix development
+ environment. (#16260)
+ - Simplify server key storage. (#16261)
+ - Reduce CPU overhead of change password endpoint. (#16264)
+ - Stop purging from tables slated for removal. (#16273)
+ - Improve type hints. (#16276, #16301, #16325, #16326)
+ - Raise setuptools_rust version cap to 1.7.0. (#16277)
+ - Fix using the new task scheduler causing lots of CPU to be
+ used. (#16278)
+ - Upgrade CI run of Python 3.12 from rc1 to rc2. (#16280)
+ - Include values in SQL debug when using execute_values with
+ Postgres. (#16281)
+ - Enable additional linting checks. (#16283)
+ - Refactor receipts_graph Postgres transactions to stop error
+ messages. (#16299)
+ - Small improvements to logging in replication code. (#16309)
+ - Remove a reference cycle in background processes. (#16314)
+ - Only use literal strings for background process names.
+ (#16315)
+ - Refactor get_user_by_id. (#16316)
+ - Speed up task to delete to-device messages. (#16318)
+ - Avoid patching code in tests. (#16349)
+ - Test against PostgreSQL 16. (#16351)
+
+-------------------------------------------------------------------
+Mon Sep 25 23:09:42 UTC 2023 - Marcus Rueckert
+
+- Update to 1.92.3
+ This release does not affect openSUSE as we do not use the intree
+ libwebp
+
+ Upstream changes:
+ This is again a security update targeted at mitigating
+ CVE-2023-4863. It turns out that libwebp is bundled statically in
+ Pillow wheels so we need to update this dependency instead of
+ libwebp package at the OS level.
+
+ Unlike what was advertised in 1.92.2 changelog this release also
+ impacts PyPI wheels and Debian packages from matrix.org.
+
+ We encourage admins to upgrade as soon as possible.
+
+ Internal Changes
+ - Pillow 10.0.1 is now mandatory because of libwebp
+ CVE-2023-4863, since Pillow provides libwebp in the wheels.
+ (#16347)
+- bump all the dependencies which are not available in tumbleweed.
+
+-------------------------------------------------------------------
+Fri Sep 15 13:57:20 UTC 2023 - Marcus Rueckert
+
+- Update to 1.92.2
+ Only fix in this is actually changing the upstream docker
+ configuration to mitigate the webp security bug. Does not affect
+ our package.
+
+-------------------------------------------------------------------
+Tue Sep 12 20:21:04 UTC 2023 - Marcus Rueckert
+
+- Update to 1.92.1
+ - Bugfixes
+ - Revert MSC3861 introspection cache, admin impersonation and
+ account lock. (#16258)
+ - Internal Changes
+ - Fix incorrect docstring for Ratelimiter. (#16255)
+ - Update the release script to work on macOS. (#16266)
+ - Stop building Ubuntu Kinetic since it is EOL and repos seem
+ to be dead.
+
-------------------------------------------------------------------
Wed Sep 6 20:43:15 UTC 2023 - Marcus Rueckert
diff --git a/matrix-synapse.obsinfo b/matrix-synapse.obsinfo
index 0322580..e108d44 100644
--- a/matrix-synapse.obsinfo
+++ b/matrix-synapse.obsinfo
@@ -1,4 +1,4 @@
name: matrix-synapse
-version: 1.91.2
-mtime: 1694013057
-commit: 9de615b3aa4f20cab182cf3822943b9465a30643
+version: 1.93.0
+mtime: 1695740214
+commit: 88ba67eb91215a708f321e16559fe3c2c0d0a407
diff --git a/matrix-synapse.spec b/matrix-synapse.spec
index 9be9974..a635cff 100644
--- a/matrix-synapse.spec
+++ b/matrix-synapse.spec
@@ -21,17 +21,14 @@
# NOTE: Keep this is in the same order as pyproject.toml.
%if %{with use_poetry_for_dependencies}
%global Jinja2_version 3.1.2
-# TODO: 10.0.0
-%global Pillow_version 9.5.0
-# TODO: 6.0.1
-%global PyYAML_version 6.0
+%global Pillow_version 10.0.1
+%global PyYAML_version 6.0.1
%global Twisted_version 22.10.0
%global attrs_version 23.1.0
%global bcrypt_version 4.0.1
%global bleach_version 5.0.1
%global canonicaljson_version 2.0.0
-# TODO: 41.0.3
-%global cryptography_version 41.0.2
+%global cryptography_version 41.0.3
%global immutabledict_version 3.0.0
%global idna_version 3.4
%global ijson_version 3.2.3
@@ -41,15 +38,14 @@
%global matrix_common_max_version 2
%global msgpack_version 1.0.5
%global netaddr_version 0.8.0
-# TODO: 8.13.14
+# TODO: 8.13.19
%global phonenumbers_version 8.13.18
# TODO: 0.17.1
%global prometheus_client_version 0.17.0
%global psutil_version 2.0.0
%global pyOpenSSL_version 23.0.0
%global pyasn1_version 0.5.0
-# TODO 0.3.0
-%global pyasn1_modules_version 0.2.8
+%global pyasn1_modules_version 0.3.0
%global pymacaroons_version 0.13.0
%global service_identity_version 23.1.0
%global signedjson_version 1.1.4
@@ -61,13 +57,12 @@
%global unpaddedbase64_version 2.1.0
%global matrix_synapse_ldap3_version 0.2.2
%global packaging_version 23.1
-%global psycopg2_version 2.9.6
+%global psycopg2_version 2.9.7
# TODO 7.3.1
%global pysaml2_version 7.2.1
%global Authlib_version 1.2.1
-# TODO 4.9.3
-%global lxml_version 4.9.2
-%global sentry_sdk_version 1.29.2
+%global lxml_version 4.9.3
+%global sentry_sdk_version 1.30.0
%global PyJWT_version 2.4.0
%global jaeger_client_version 4.8.0
%global opentracing_version 2.4.0
@@ -76,12 +71,11 @@
%global txredisapi_version 1.4.9
%global Pympler_version 1.0.1
%global pydantic_version 1.9.1
-# TODO: 2.10.2
-%global pyicu_version 2.10.2
+%global pyicu_version 2.11
%else
# some version locks based on poetry.lock
%global Jinja2_version 3.0
-%global Pillow_version 5.4.0
+%global Pillow_version 10.0.1
%global PyYAML_version 3.13
%global Twisted_version 18.9.0
%global attrs_version 21.1.1
@@ -160,7 +154,7 @@
%define pkgname matrix-synapse
%define eggname matrix_synapse
Name: %{pkgname}
-Version: 1.91.2
+Version: 1.93.0
Release: 0
Summary: Matrix protocol reference homeserver
License: Apache-2.0
@@ -194,11 +188,11 @@ BuildRequires: systemd-rpm-macros
BuildRequires: sysuser-shadow
BuildRequires: sysuser-tools
BuildRequires: unzip
-BuildRequires: (%{use_python}-poetry-core >= 1.0.0 with %{use_python}-poetry-core =< 1.7.0)
+BuildRequires: (%{use_python}-poetry-core >= 1.1.0 with %{use_python}-poetry-core =< 1.7.0)
%{?systemd_ordering}
%{sysusers_requires}
%requires_peq %{use_python}-base
-BuildRequires: (%{use_python}-setuptools-rust >= 1.3 with %{use_python}-setuptools-rust =< 1.6.0)
+BuildRequires: (%{use_python}-setuptools-rust >= 1.3 with %{use_python}-setuptools-rust =< 1.7.0)
# NOTE: Keep this is in the same order as pyproject.toml.
# some version locks based on poetry.lock
BuildRequires: %{use_python}-Jinja2 >= %{Jinja2_version}
diff --git a/vendor.tar.zst b/vendor.tar.zst
index f8d692f..12afce8 100644
--- a/vendor.tar.zst
+++ b/vendor.tar.zst
@@ -1,3 +1,3 @@
version https://git-lfs.github.com/spec/v1
-oid sha256:ff32dd13fbe8c28fc0a31caeabf132296d4f72f17f84da2f2fcb8b89f0738ba8
-size 5740177
+oid sha256:2da7c77d5281c44f4627669634dedb57e1a57fb35314306aff79d8f6b7d7466b
+size 5765828