From 3c508255da6db691e66eb425a6c70aa6e6ec1e74c09f77c28140710de3fe7fda Mon Sep 17 00:00:00 2001
From: Marcus Rueckert <mrueckert@suse.com>
Date: Mon, 22 Mar 2021 14:04:17 +0000
Subject: [PATCH 1/2] Accepting request 880523 from home:darix:apps

- Update to 1.30.0

OBS-URL: https://build.opensuse.org/request/show/880523
OBS-URL: https://build.opensuse.org/package/show/network:messaging:matrix/matrix-synapse?expand=0&rev=164
---
 _service                      |   4 +-
 matrix-synapse-1.28.0.obscpio |   3 -
 matrix-synapse-1.30.0.obscpio |   3 +
 matrix-synapse-test.spec      |   5 +-
 matrix-synapse.changes        | 174 ++++++++++++++++++++++++++++++++++
 matrix-synapse.obsinfo        |   6 +-
 matrix-synapse.spec           |   2 +-
 7 files changed, 186 insertions(+), 11 deletions(-)
 delete mode 100644 matrix-synapse-1.28.0.obscpio
 create mode 100644 matrix-synapse-1.30.0.obscpio

diff --git a/_service b/_service
index de46536..9ef73f0 100644
--- a/_service
+++ b/_service
@@ -4,11 +4,11 @@
     <param name="versionformat">@PARENT_TAG@</param>
     <param name="url">https://github.com/matrix-org/synapse.git</param>
     <param name="scm">git</param>
-    <param name="revision">v1.28.0</param>
+    <param name="revision">v1.30.0</param>
     <param name="versionrewrite-pattern">v(.*)</param>
     <param name="versionrewrite-replacement">\1</param>
     <!--
-    <param name="revision">v1.28.0rc1</param>
+    <param name="revision">v1.30.0rc1</param>
     <param name="versionrewrite-pattern">v([\.\d]+)(rc.*)</param>
     <param name="versionrewrite-replacement">\1~\2</param>
     -->
diff --git a/matrix-synapse-1.28.0.obscpio b/matrix-synapse-1.28.0.obscpio
deleted file mode 100644
index eede7ff..0000000
--- a/matrix-synapse-1.28.0.obscpio
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:41f784e39c907130ad877dae57497af924ebfeea8d8e2c05b4b20fab15b16f28
-size 29639181
diff --git a/matrix-synapse-1.30.0.obscpio b/matrix-synapse-1.30.0.obscpio
new file mode 100644
index 0000000..a52fbb6
--- /dev/null
+++ b/matrix-synapse-1.30.0.obscpio
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:9892ed6611e724133439b9d68e414af184ed64916b19f0ef401c14a15287f369
+size 29780493
diff --git a/matrix-synapse-test.spec b/matrix-synapse-test.spec
index a5abc96..cadad60 100644
--- a/matrix-synapse-test.spec
+++ b/matrix-synapse-test.spec
@@ -19,7 +19,7 @@
 # synapse only supports python >= 3.5, which is not available on pre-15 Leap.
 # However, future versions of matrix-synapse will no longer support python2 and
 # continued use of python2 is not recommended, so we only use the primary
-# python3 flavor. As a result, at no point do we have two versions of the 
+# python3 flavor. As a result, at no point do we have two versions of the
 # matrix-synapse package.
 
 # Disable debug packages since we're not installing anything.
@@ -27,7 +27,7 @@
 
 %define         pkgname matrix-synapse
 Name:           %{pkgname}-test
-Version:        1.28.0
+Version:        1.30.0
 Release:        0
 Summary:        Test package for %{pkgname}
 License:        Apache-2.0
@@ -40,6 +40,7 @@ BuildRequires:  %{pkgname} == %{version}
 touch %{_sourcedir}/%{pkgname}
 
 %build
+
 %install
 
 %check
diff --git a/matrix-synapse.changes b/matrix-synapse.changes
index 9433930..5118747 100644
--- a/matrix-synapse.changes
+++ b/matrix-synapse.changes
@@ -1,3 +1,177 @@
+-------------------------------------------------------------------
+Mon Mar 22 14:02:31 UTC 2021 - Marcus Rueckert <mrueckert@suse.de>
+
+- Update to 1.30.0
+  Note that this release deprecates the ability for appservices to
+  call POST /_matrix/client/r0/register without the body parameter
+  type. Appservice developers should use a type value of
+  m.login.application_service as per the spec. In future releases,
+  calling this endpoint with an access token - but without a
+  m.login.application_service type - will fail.
+
+  - Features
+    - Add prometheus metrics for number of users successfully
+      registering and logging in. (#9510, #9511, #9573)
+    - Add synapse_federation_last_sent_pdu_time and
+      synapse_federation_last_received_pdu_time prometheus metrics,
+      which monitor federation delays by reporting the timestamps
+      of messages sent and received to a set of remote servers.
+      (#9540)
+    - Add support for generating JSON Web Tokens dynamically for
+      use as OIDC client secrets. (#9549)
+    - Optimise handling of incomplete room history for incoming
+      federation. (#9601)
+    - Finalise support for allowing clients to pick an SSO Identity
+      Provider (MSC2858). (#9617)
+    - Tell spam checker modules about the SSO IdP a user registered
+      through if one was used. (#9626)
+  - Bugfixes
+    - Fix long-standing bug when generating thumbnails for some
+      images with transparency: TypeError: cannot unpack
+      non-iterable int object. (#9473)
+    - Purge chain cover indexes for events that were purged prior
+      to Synapse v1.29.0. (#9542, #9583)
+    - Fix bug where federation requests were not correctly retried
+      on 5xx responses. (#9567)
+    - Fix re-activating an account via the admin API when local
+      passwords are disabled. (#9587)
+    - Fix a bug introduced in Synapse 1.20 which caused incoming
+      federation transactions to stack up, causing slow recovery
+      from outages. (#9597)
+    - Fix a bug introduced in v1.28.0 where the OpenID Connect
+      callback endpoint could error with a MacaroonInitException.
+      (#9620)
+    - Fix Internal Server Error on GET
+      /_synapse/client/saml2/authn_response request. (#9623)
+  - Updates to the Docker image
+    - Use jemalloc if available in docker. (#8553)
+  - Improved Documentation
+    - Add relayd entry to reverse proxy example configurations.
+      (#9508)
+    - Improve the SAML2 upgrade notes for 1.27.0. (#9550)
+    - Link to the "List user's media" admin API from the media
+      admin API docs. (#9571)
+    - Clarify the spam checker modules documentation example to
+      mention that parse_config is a required method. (#9580)
+    - Clarify the sample configuration for stats settings. (#9604)
+    - Deprecations and Removals
+    - The synapse_federation_last_sent_pdu_age and
+      synapse_federation_last_received_pdu_age prometheus metrics
+      have been removed. They are replaced by
+      synapse_federation_last_sent_pdu_time and
+      synapse_federation_last_received_pdu_time. (#9540)
+    - Registering an Application Service user without using the
+      m.login.application_service login type will be unsupported in
+      an upcoming Synapse release. (#9559)
+  - Internal Changes
+    - Add tests to ResponseCache. (#9458)
+    - Add type hints to purge room and server notice admin API.
+      (#9520)
+    - Add extra logging to ObservableDeferred when callbacks throw
+      exceptions. (#9523)
+    - Fix incorrect type hints. (#9528, #9543, #9591, #9608, #9618)
+    - Add an additional test for purging a room. (#9541)
+    - Add a .git-blame-ignore-revs file with the hashes of
+      auto-formatting. (#9560)
+    - Increase the threshold before which outbound federation to a
+      server goes into "catch up" mode, which is expensive for the
+      remote server to handle. (#9561)
+    - Fix spurious errors reported by the config-lint.sh script.
+      (#9562)
+    - Fix type hints and tests for BlacklistingAgentWrapper and
+      BlacklistingReactorWrapper. (#9563)
+    - Do not have mypy ignore type hints from unpaddedbase64.
+      (#9568)
+    - Improve efficiency of calculating the auth chain in large
+      rooms. (#9576)
+    - Convert synapse.types.Requester to an attrs class. (#9586)
+    - Add logging for redis connection setup. (#9590)
+    - Improve logging when processing incoming transactions.
+      (#9596)
+    - Remove unused stats.retention setting, and emit a warning if
+      stats are disabled. (#9604)
+    - Prevent attempting to bundle aggregations for state events in
+      /context APIs. (#9619)
+
+-------------------------------------------------------------------
+Mon Mar  8 21:27:57 UTC 2021 - Marcus Rueckert <mrueckert@suse.de>
+
+- Update to 1.29.0
+  Note that synapse now expects an X-Forwarded-Proto header when
+  used with a reverse proxy. Please see UPGRADE.rst for more
+  details on this change.
+
+  - Features
+    - Add rate limiters to cross-user key sharing requests. (#8957)
+    - Add order_by to the admin API GET
+      /_synapse/admin/v1/users/<user_id>/media. Contributed by
+      @dklimpel. (#8978)
+    - Add some configuration settings to make users' profile data
+      more private. (#9203)
+    - The no_proxy and NO_PROXY environment variables are now
+      respected in proxied HTTP clients with the lowercase form
+      taking precedence if both are present. Additionally, the
+      lowercase https_proxy environment variable is now respected
+      in proxied HTTP clients on top of existing support for the
+      uppercase HTTPS_PROXY form and takes precedence if both are
+      present. Contributed by Timothy Leung. (#9372)
+    - Add a configuration option,
+      user_directory.prefer_local_users, which when enabled will
+      make it more likely for users on the same server as you to
+      appear above other users. (#9383, #9385)
+    - Add support for regenerating thumbnails if they have been
+      deleted but the original image is still stored. (#9438)
+    - Add support for X-Forwarded-Proto header when using a reverse
+      proxy. (#9472, #9501, #9512, #9539)
+  - Bugfixes
+    - Fix a bug where users' pushers were not all deleted when they
+      deactivated their account. (#9285, #9516)
+    - Fix a bug where a lot of unnecessary presence updates were
+      sent when joining a room. (#9402)
+    - Fix a bug that caused multiple calls to the experimental
+      shared_rooms endpoint to return stale results. (#9416)
+    - Fix a bug in single sign-on which could cause a "No session
+      cookie found" error. (#9436)
+    - Fix bug introduced in v1.27.0 where allowing a user to choose
+      their own username when logging in via single sign-on did not
+      work unless an idp_icon was defined. (#9440)
+    - Fix a bug introduced in v1.26.0 where some sequences were not
+      properly configured when running synapse_port_db. (#9449)
+    - Fix deleting pushers when using sharded pushers. (#9465,
+      #9466, #9479, #9536)
+    - Fix missing startup checks for the consistency of certain
+      PostgreSQL sequences. (#9470)
+    - Fix a long-standing bug where the media repository could leak
+      file descriptors while previewing media. (#9497)
+    - Properly purge the event chain cover index when purging
+      history. (#9498)
+    - Fix missing chain cover index due to a schema delta not being
+      applied correctly. Only affected servers that ran development
+      versions. (#9503)
+    - Fix a bug introduced in v1.25.0 where /_synapse/admin/join/
+      would fail when given a room alias. (#9506)
+    - Prevent presence background jobs from running when presence
+      is disabled. (#9530)
+    - Fix rare edge case that caused a background update to fail if
+      the server had rejected an event that had duplicate auth
+      events. (#9537)
+  - Improved Documentation
+    - Update the example systemd config to propagate reloads to
+      individual units. (#9463)
+  - Internal Changes
+    - Add documentation and type hints to parse_duration. (#9432)
+    - Remove vestiges of uploads_path configuration setting.
+      (#9462)
+    - Add a comment about systemd-python. (#9464)
+    - Test that we require validated email for email pushers.
+      (#9496)
+    - Allow python to generate bytecode for synapse. (#9502)
+    - Fix incorrect type hints. (#9515, #9518)
+    - Add type hints to device and event report admin API. (#9519)
+    - Add type hints to user admin API. (#9521)
+    - Bump the versions of mypy and mypy-zope used for static type
+      checking. (#9529)
+
 -------------------------------------------------------------------
 Thu Feb 25 22:00:48 UTC 2021 - Marcus Rueckert <mrueckert@suse.de>
 
diff --git a/matrix-synapse.obsinfo b/matrix-synapse.obsinfo
index 83d204c..e76aa91 100644
--- a/matrix-synapse.obsinfo
+++ b/matrix-synapse.obsinfo
@@ -1,5 +1,5 @@
 name: matrix-synapse
-version: 1.28.0
-mtime: 1614250039
-commit: 2756517f7a6e17d2403de44981569dc18329315b
+version: 1.30.0
+mtime: 1616418955
+commit: e2904f720da42c47813d441a44f52eedb35f4850
 
diff --git a/matrix-synapse.spec b/matrix-synapse.spec
index 11a4442..2f4854a 100644
--- a/matrix-synapse.spec
+++ b/matrix-synapse.spec
@@ -45,7 +45,7 @@
 %define         pkgname matrix-synapse
 %define         eggname matrix_synapse
 Name:           %{pkgname}
-Version:        1.28.0
+Version:        1.30.0
 Release:        0
 Summary:        Matrix protocol reference homeserver
 License:        Apache-2.0

From 8df71c82d8e37844b40ec0b5f7726aaa0052553245a6d8b502e70809da8bf9a6 Mon Sep 17 00:00:00 2001
From: Aleksa Sarai <asarai@suse.com>
Date: Sat, 27 Mar 2021 03:03:37 +0000
Subject: [PATCH 2/2] Accepting request 881504 from home:darix:apps

- Update to 1.30.1
  This release is identical to Synapse 1.30.0, with the exception
  of explicitly setting a minimum version of Python's Cryptography
  library to ensure that users of Synapse are protected from the
  recent OpenSSL security advisories, especially CVE-2021-3449.
  - Internal Changes
    - Enforce that `cryptography` dependency is up to date to
      ensure it has the most recent openssl patches. (#9697)

- Note: we do not bump the cryptography dependency in our package
  as we use the system OpenSSL which gets the fix.

  Add dont-bump-cryptography-with-system-openssl.patch to comment
  out the dependency because otherwise the newer version
  requirement is enforced on startup

OBS-URL: https://build.opensuse.org/request/show/881504
OBS-URL: https://build.opensuse.org/package/show/network:messaging:matrix/matrix-synapse?expand=0&rev=165
---
 _service                                      |  2 +-
 ...ump-cryptography-with-system-openssl.patch | 13 +++++++++++++
 matrix-synapse-1.30.0.obscpio                 |  3 ---
 matrix-synapse-1.30.1.obscpio                 |  3 +++
 matrix-synapse-test.spec                      |  2 +-
 matrix-synapse.changes                        | 19 +++++++++++++++++++
 matrix-synapse.obsinfo                        |  6 +++---
 matrix-synapse.spec                           |  5 +++--
 8 files changed, 43 insertions(+), 10 deletions(-)
 create mode 100644 dont-bump-cryptography-with-system-openssl.patch
 delete mode 100644 matrix-synapse-1.30.0.obscpio
 create mode 100644 matrix-synapse-1.30.1.obscpio

diff --git a/_service b/_service
index 9ef73f0..20962d2 100644
--- a/_service
+++ b/_service
@@ -4,7 +4,7 @@
     <param name="versionformat">@PARENT_TAG@</param>
     <param name="url">https://github.com/matrix-org/synapse.git</param>
     <param name="scm">git</param>
-    <param name="revision">v1.30.0</param>
+    <param name="revision">v1.30.1</param>
     <param name="versionrewrite-pattern">v(.*)</param>
     <param name="versionrewrite-replacement">\1</param>
     <!--
diff --git a/dont-bump-cryptography-with-system-openssl.patch b/dont-bump-cryptography-with-system-openssl.patch
new file mode 100644
index 0000000..cbba2ad
--- /dev/null
+++ b/dont-bump-cryptography-with-system-openssl.patch
@@ -0,0 +1,13 @@
+diff --git a/synapse/python_dependencies.py b/synapse/python_dependencies.py
+index 14ddaed02..eb2137c93 100644
+--- a/synapse/python_dependencies.py
++++ b/synapse/python_dependencies.py
+@@ -84,7 +84,7 @@ REQUIREMENTS = [
+     "typing-extensions>=3.7.4",
+     # We enforce that we have a `cryptography` version that bundles an `openssl`
+     # with the latest security patches.
+-    "cryptography>=3.4.7;python_version>='3.6'",
++    # "cryptography>=3.4.7;python_version>='3.6'",
+ ]
+ 
+ CONDITIONAL_REQUIREMENTS = {
diff --git a/matrix-synapse-1.30.0.obscpio b/matrix-synapse-1.30.0.obscpio
deleted file mode 100644
index a52fbb6..0000000
--- a/matrix-synapse-1.30.0.obscpio
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:9892ed6611e724133439b9d68e414af184ed64916b19f0ef401c14a15287f369
-size 29780493
diff --git a/matrix-synapse-1.30.1.obscpio b/matrix-synapse-1.30.1.obscpio
new file mode 100644
index 0000000..ec9862e
--- /dev/null
+++ b/matrix-synapse-1.30.1.obscpio
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:ec26fa01b940639e8c85c9ac02afe17ae204f624db3c38fe79fba3fc2c9dd575
+size 29782029
diff --git a/matrix-synapse-test.spec b/matrix-synapse-test.spec
index cadad60..2e823a4 100644
--- a/matrix-synapse-test.spec
+++ b/matrix-synapse-test.spec
@@ -27,7 +27,7 @@
 
 %define         pkgname matrix-synapse
 Name:           %{pkgname}-test
-Version:        1.30.0
+Version:        1.30.1
 Release:        0
 Summary:        Test package for %{pkgname}
 License:        Apache-2.0
diff --git a/matrix-synapse.changes b/matrix-synapse.changes
index 5118747..e3c6e9c 100644
--- a/matrix-synapse.changes
+++ b/matrix-synapse.changes
@@ -1,3 +1,22 @@
+-------------------------------------------------------------------
+Fri Mar 26 12:39:34 UTC 2021 - Marcus Rueckert <mrueckert@suse.de>
+
+- Update to 1.30.1
+  This release is identical to Synapse 1.30.0, with the exception
+  of explicitly setting a minimum version of Python's Cryptography
+  library to ensure that users of Synapse are protected from the
+  recent OpenSSL security advisories, especially CVE-2021-3449.
+  - Internal Changes
+    - Enforce that `cryptography` dependency is up to date to
+      ensure it has the most recent openssl patches. (#9697)
+  
+- Note: we do not bump the cryptography dependency in our package
+  as we use the system OpenSSL which gets the fix.
+  
+  Add dont-bump-cryptography-with-system-openssl.patch to comment
+  out the dependency because otherwise the newer version
+  requirement is enforced on startup
+
 -------------------------------------------------------------------
 Mon Mar 22 14:02:31 UTC 2021 - Marcus Rueckert <mrueckert@suse.de>
 
diff --git a/matrix-synapse.obsinfo b/matrix-synapse.obsinfo
index e76aa91..8ef95a2 100644
--- a/matrix-synapse.obsinfo
+++ b/matrix-synapse.obsinfo
@@ -1,5 +1,5 @@
 name: matrix-synapse
-version: 1.30.0
-mtime: 1616418955
-commit: e2904f720da42c47813d441a44f52eedb35f4850
+version: 1.30.1
+mtime: 1616761264
+commit: 262ed05f5b4bb1c489119129065babb29be7f3f1
 
diff --git a/matrix-synapse.spec b/matrix-synapse.spec
index 2f4854a..eef40b9 100644
--- a/matrix-synapse.spec
+++ b/matrix-synapse.spec
@@ -45,7 +45,7 @@
 %define         pkgname matrix-synapse
 %define         eggname matrix_synapse
 Name:           %{pkgname}
-Version:        1.30.0
+Version:        1.30.1
 Release:        0
 Summary:        Matrix protocol reference homeserver
 License:        Apache-2.0
@@ -61,6 +61,7 @@ Source51:       matrix-synapse-generate-config.sh
 # to clean up your working copy afterwards: git reset --hard ; rm -rv .pc patches
 Source99:       series
 Patch:          matrix-synapse-1.4.1-paths.patch
+Patch1:         dont-bump-cryptography-with-system-openssl.patch
 BuildRequires:  fdupes
 BuildRequires:  python-rpm-macros
 BuildRequires:  python3-base
@@ -83,7 +84,7 @@ BuildRequires:  python3-Twisted >= 20.3.0
 %requires_eq    python3-Twisted
 BuildRequires:  python3-attrs >= 17.4.0
 %requires_eq    python3-attrs
-BuildRequires:  python3-bcrypt >= 3.1.0
+BuildRequires:  python3-bcrypt >= 3.2.0
 %requires_eq    python3-bcrypt
 BuildRequires:  python3-bleach >= 1.4.3
 %requires_eq    python3-bleach