diff --git a/_service b/_service
index de46536..20962d2 100644
--- a/_service
+++ b/_service
@@ -4,11 +4,11 @@
@PARENT_TAG@
https://github.com/matrix-org/synapse.git
git
- v1.28.0
+ v1.30.1
v(.*)
\1
diff --git a/dont-bump-cryptography-with-system-openssl.patch b/dont-bump-cryptography-with-system-openssl.patch
new file mode 100644
index 0000000..cbba2ad
--- /dev/null
+++ b/dont-bump-cryptography-with-system-openssl.patch
@@ -0,0 +1,13 @@
+diff --git a/synapse/python_dependencies.py b/synapse/python_dependencies.py
+index 14ddaed02..eb2137c93 100644
+--- a/synapse/python_dependencies.py
++++ b/synapse/python_dependencies.py
+@@ -84,7 +84,7 @@ REQUIREMENTS = [
+ "typing-extensions>=3.7.4",
+ # We enforce that we have a `cryptography` version that bundles an `openssl`
+ # with the latest security patches.
+- "cryptography>=3.4.7;python_version>='3.6'",
++ # "cryptography>=3.4.7;python_version>='3.6'",
+ ]
+
+ CONDITIONAL_REQUIREMENTS = {
diff --git a/matrix-synapse-1.28.0.obscpio b/matrix-synapse-1.28.0.obscpio
deleted file mode 100644
index eede7ff..0000000
--- a/matrix-synapse-1.28.0.obscpio
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:41f784e39c907130ad877dae57497af924ebfeea8d8e2c05b4b20fab15b16f28
-size 29639181
diff --git a/matrix-synapse-1.30.1.obscpio b/matrix-synapse-1.30.1.obscpio
new file mode 100644
index 0000000..ec9862e
--- /dev/null
+++ b/matrix-synapse-1.30.1.obscpio
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:ec26fa01b940639e8c85c9ac02afe17ae204f624db3c38fe79fba3fc2c9dd575
+size 29782029
diff --git a/matrix-synapse-test.spec b/matrix-synapse-test.spec
index a5abc96..2e823a4 100644
--- a/matrix-synapse-test.spec
+++ b/matrix-synapse-test.spec
@@ -19,7 +19,7 @@
# synapse only supports python >= 3.5, which is not available on pre-15 Leap.
# However, future versions of matrix-synapse will no longer support python2 and
# continued use of python2 is not recommended, so we only use the primary
-# python3 flavor. As a result, at no point do we have two versions of the
+# python3 flavor. As a result, at no point do we have two versions of the
# matrix-synapse package.
# Disable debug packages since we're not installing anything.
@@ -27,7 +27,7 @@
%define pkgname matrix-synapse
Name: %{pkgname}-test
-Version: 1.28.0
+Version: 1.30.1
Release: 0
Summary: Test package for %{pkgname}
License: Apache-2.0
@@ -40,6 +40,7 @@ BuildRequires: %{pkgname} == %{version}
touch %{_sourcedir}/%{pkgname}
%build
+
%install
%check
diff --git a/matrix-synapse.changes b/matrix-synapse.changes
index 9433930..e3c6e9c 100644
--- a/matrix-synapse.changes
+++ b/matrix-synapse.changes
@@ -1,3 +1,196 @@
+-------------------------------------------------------------------
+Fri Mar 26 12:39:34 UTC 2021 - Marcus Rueckert
+
+- Update to 1.30.1
+ This release is identical to Synapse 1.30.0, with the exception
+ of explicitly setting a minimum version of Python's Cryptography
+ library to ensure that users of Synapse are protected from the
+ recent OpenSSL security advisories, especially CVE-2021-3449.
+ - Internal Changes
+ - Enforce that `cryptography` dependency is up to date to
+ ensure it has the most recent openssl patches. (#9697)
+
+- Note: we do not bump the cryptography dependency in our package
+ as we use the system OpenSSL which gets the fix.
+
+ Add dont-bump-cryptography-with-system-openssl.patch to comment
+ out the dependency because otherwise the newer version
+ requirement is enforced on startup
+
+-------------------------------------------------------------------
+Mon Mar 22 14:02:31 UTC 2021 - Marcus Rueckert
+
+- Update to 1.30.0
+ Note that this release deprecates the ability for appservices to
+ call POST /_matrix/client/r0/register without the body parameter
+ type. Appservice developers should use a type value of
+ m.login.application_service as per the spec. In future releases,
+ calling this endpoint with an access token - but without a
+ m.login.application_service type - will fail.
+
+ - Features
+ - Add prometheus metrics for number of users successfully
+ registering and logging in. (#9510, #9511, #9573)
+ - Add synapse_federation_last_sent_pdu_time and
+ synapse_federation_last_received_pdu_time prometheus metrics,
+ which monitor federation delays by reporting the timestamps
+ of messages sent and received to a set of remote servers.
+ (#9540)
+ - Add support for generating JSON Web Tokens dynamically for
+ use as OIDC client secrets. (#9549)
+ - Optimise handling of incomplete room history for incoming
+ federation. (#9601)
+ - Finalise support for allowing clients to pick an SSO Identity
+ Provider (MSC2858). (#9617)
+ - Tell spam checker modules about the SSO IdP a user registered
+ through if one was used. (#9626)
+ - Bugfixes
+ - Fix long-standing bug when generating thumbnails for some
+ images with transparency: TypeError: cannot unpack
+ non-iterable int object. (#9473)
+ - Purge chain cover indexes for events that were purged prior
+ to Synapse v1.29.0. (#9542, #9583)
+ - Fix bug where federation requests were not correctly retried
+ on 5xx responses. (#9567)
+ - Fix re-activating an account via the admin API when local
+ passwords are disabled. (#9587)
+ - Fix a bug introduced in Synapse 1.20 which caused incoming
+ federation transactions to stack up, causing slow recovery
+ from outages. (#9597)
+ - Fix a bug introduced in v1.28.0 where the OpenID Connect
+ callback endpoint could error with a MacaroonInitException.
+ (#9620)
+ - Fix Internal Server Error on GET
+ /_synapse/client/saml2/authn_response request. (#9623)
+ - Updates to the Docker image
+ - Use jemalloc if available in docker. (#8553)
+ - Improved Documentation
+ - Add relayd entry to reverse proxy example configurations.
+ (#9508)
+ - Improve the SAML2 upgrade notes for 1.27.0. (#9550)
+ - Link to the "List user's media" admin API from the media
+ admin API docs. (#9571)
+ - Clarify the spam checker modules documentation example to
+ mention that parse_config is a required method. (#9580)
+ - Clarify the sample configuration for stats settings. (#9604)
+ - Deprecations and Removals
+ - The synapse_federation_last_sent_pdu_age and
+ synapse_federation_last_received_pdu_age prometheus metrics
+ have been removed. They are replaced by
+ synapse_federation_last_sent_pdu_time and
+ synapse_federation_last_received_pdu_time. (#9540)
+ - Registering an Application Service user without using the
+ m.login.application_service login type will be unsupported in
+ an upcoming Synapse release. (#9559)
+ - Internal Changes
+ - Add tests to ResponseCache. (#9458)
+ - Add type hints to purge room and server notice admin API.
+ (#9520)
+ - Add extra logging to ObservableDeferred when callbacks throw
+ exceptions. (#9523)
+ - Fix incorrect type hints. (#9528, #9543, #9591, #9608, #9618)
+ - Add an additional test for purging a room. (#9541)
+ - Add a .git-blame-ignore-revs file with the hashes of
+ auto-formatting. (#9560)
+ - Increase the threshold before which outbound federation to a
+ server goes into "catch up" mode, which is expensive for the
+ remote server to handle. (#9561)
+ - Fix spurious errors reported by the config-lint.sh script.
+ (#9562)
+ - Fix type hints and tests for BlacklistingAgentWrapper and
+ BlacklistingReactorWrapper. (#9563)
+ - Do not have mypy ignore type hints from unpaddedbase64.
+ (#9568)
+ - Improve efficiency of calculating the auth chain in large
+ rooms. (#9576)
+ - Convert synapse.types.Requester to an attrs class. (#9586)
+ - Add logging for redis connection setup. (#9590)
+ - Improve logging when processing incoming transactions.
+ (#9596)
+ - Remove unused stats.retention setting, and emit a warning if
+ stats are disabled. (#9604)
+ - Prevent attempting to bundle aggregations for state events in
+ /context APIs. (#9619)
+
+-------------------------------------------------------------------
+Mon Mar 8 21:27:57 UTC 2021 - Marcus Rueckert
+
+- Update to 1.29.0
+ Note that synapse now expects an X-Forwarded-Proto header when
+ used with a reverse proxy. Please see UPGRADE.rst for more
+ details on this change.
+
+ - Features
+ - Add rate limiters to cross-user key sharing requests. (#8957)
+ - Add order_by to the admin API GET
+ /_synapse/admin/v1/users//media. Contributed by
+ @dklimpel. (#8978)
+ - Add some configuration settings to make users' profile data
+ more private. (#9203)
+ - The no_proxy and NO_PROXY environment variables are now
+ respected in proxied HTTP clients with the lowercase form
+ taking precedence if both are present. Additionally, the
+ lowercase https_proxy environment variable is now respected
+ in proxied HTTP clients on top of existing support for the
+ uppercase HTTPS_PROXY form and takes precedence if both are
+ present. Contributed by Timothy Leung. (#9372)
+ - Add a configuration option,
+ user_directory.prefer_local_users, which when enabled will
+ make it more likely for users on the same server as you to
+ appear above other users. (#9383, #9385)
+ - Add support for regenerating thumbnails if they have been
+ deleted but the original image is still stored. (#9438)
+ - Add support for X-Forwarded-Proto header when using a reverse
+ proxy. (#9472, #9501, #9512, #9539)
+ - Bugfixes
+ - Fix a bug where users' pushers were not all deleted when they
+ deactivated their account. (#9285, #9516)
+ - Fix a bug where a lot of unnecessary presence updates were
+ sent when joining a room. (#9402)
+ - Fix a bug that caused multiple calls to the experimental
+ shared_rooms endpoint to return stale results. (#9416)
+ - Fix a bug in single sign-on which could cause a "No session
+ cookie found" error. (#9436)
+ - Fix bug introduced in v1.27.0 where allowing a user to choose
+ their own username when logging in via single sign-on did not
+ work unless an idp_icon was defined. (#9440)
+ - Fix a bug introduced in v1.26.0 where some sequences were not
+ properly configured when running synapse_port_db. (#9449)
+ - Fix deleting pushers when using sharded pushers. (#9465,
+ #9466, #9479, #9536)
+ - Fix missing startup checks for the consistency of certain
+ PostgreSQL sequences. (#9470)
+ - Fix a long-standing bug where the media repository could leak
+ file descriptors while previewing media. (#9497)
+ - Properly purge the event chain cover index when purging
+ history. (#9498)
+ - Fix missing chain cover index due to a schema delta not being
+ applied correctly. Only affected servers that ran development
+ versions. (#9503)
+ - Fix a bug introduced in v1.25.0 where /_synapse/admin/join/
+ would fail when given a room alias. (#9506)
+ - Prevent presence background jobs from running when presence
+ is disabled. (#9530)
+ - Fix rare edge case that caused a background update to fail if
+ the server had rejected an event that had duplicate auth
+ events. (#9537)
+ - Improved Documentation
+ - Update the example systemd config to propagate reloads to
+ individual units. (#9463)
+ - Internal Changes
+ - Add documentation and type hints to parse_duration. (#9432)
+ - Remove vestiges of uploads_path configuration setting.
+ (#9462)
+ - Add a comment about systemd-python. (#9464)
+ - Test that we require validated email for email pushers.
+ (#9496)
+ - Allow python to generate bytecode for synapse. (#9502)
+ - Fix incorrect type hints. (#9515, #9518)
+ - Add type hints to device and event report admin API. (#9519)
+ - Add type hints to user admin API. (#9521)
+ - Bump the versions of mypy and mypy-zope used for static type
+ checking. (#9529)
+
-------------------------------------------------------------------
Thu Feb 25 22:00:48 UTC 2021 - Marcus Rueckert
diff --git a/matrix-synapse.obsinfo b/matrix-synapse.obsinfo
index 83d204c..8ef95a2 100644
--- a/matrix-synapse.obsinfo
+++ b/matrix-synapse.obsinfo
@@ -1,5 +1,5 @@
name: matrix-synapse
-version: 1.28.0
-mtime: 1614250039
-commit: 2756517f7a6e17d2403de44981569dc18329315b
+version: 1.30.1
+mtime: 1616761264
+commit: 262ed05f5b4bb1c489119129065babb29be7f3f1
diff --git a/matrix-synapse.spec b/matrix-synapse.spec
index 11a4442..eef40b9 100644
--- a/matrix-synapse.spec
+++ b/matrix-synapse.spec
@@ -45,7 +45,7 @@
%define pkgname matrix-synapse
%define eggname matrix_synapse
Name: %{pkgname}
-Version: 1.28.0
+Version: 1.30.1
Release: 0
Summary: Matrix protocol reference homeserver
License: Apache-2.0
@@ -61,6 +61,7 @@ Source51: matrix-synapse-generate-config.sh
# to clean up your working copy afterwards: git reset --hard ; rm -rv .pc patches
Source99: series
Patch: matrix-synapse-1.4.1-paths.patch
+Patch1: dont-bump-cryptography-with-system-openssl.patch
BuildRequires: fdupes
BuildRequires: python-rpm-macros
BuildRequires: python3-base
@@ -83,7 +84,7 @@ BuildRequires: python3-Twisted >= 20.3.0
%requires_eq python3-Twisted
BuildRequires: python3-attrs >= 17.4.0
%requires_eq python3-attrs
-BuildRequires: python3-bcrypt >= 3.1.0
+BuildRequires: python3-bcrypt >= 3.2.0
%requires_eq python3-bcrypt
BuildRequires: python3-bleach >= 1.4.3
%requires_eq python3-bleach