diff --git a/_service b/_service
index 2ddf006..b5e0339 100644
--- a/_service
+++ b/_service
@@ -4,11 +4,11 @@
@PARENT_TAG@
https://github.com/matrix-org/synapse.git
git
- v1.61.1
+ v1.62.0
v(.*)
\1
diff --git a/bump-dependencies.patch b/bump-dependencies.patch
index 6325541..5e36814 100644
--- a/bump-dependencies.patch
+++ b/bump-dependencies.patch
@@ -2,7 +2,7 @@ Index: synapse/pyproject.toml
===================================================================
--- synapse.orig/pyproject.toml
+++ synapse/pyproject.toml
-@@ -132,7 +132,7 @@ pymacaroons = ">=0.13.0"
+@@ -131,7 +131,7 @@ pymacaroons = ">=0.13.0"
msgpack = ">=0.5.2"
phonenumbers = ">=8.2.0"
# we use GaugeHistogramMetric, which was added in prom-client 0.4.0.
diff --git a/matrix-synapse-1.4.1-paths.patch b/matrix-synapse-1.4.1-paths.patch
index 1481950..272ff3f 100644
--- a/matrix-synapse-1.4.1-paths.patch
+++ b/matrix-synapse-1.4.1-paths.patch
@@ -24,20 +24,20 @@ Index: synapse/synapse/config/key.py
)
self.signing_key = self.read_signing_keys(signing_key_path, "signing_key")
-@@ -181,7 +181,7 @@ class KeyConfig(Config):
+@@ -183,7 +183,7 @@ class KeyConfig(Config):
generate_secrets: bool = False,
**kwargs: Any,
) -> str:
- base_key_name = os.path.join(config_dir_path, server_name)
+ base_key_name = os.path.join('/etc/matrix-synapse/keys.d', server_name)
+ macaroon_secret_key = ""
+ form_secret = ""
- if generate_secrets:
- macaroon_secret_key = 'macaroon_secret_key: "%s"' % (
Index: synapse/synapse/config/logger.py
===================================================================
--- synapse.orig/synapse/config/logger.py
+++ synapse/synapse/config/logger.py
-@@ -157,7 +157,7 @@ class LoggingConfig(Config):
+@@ -150,7 +150,7 @@ class LoggingConfig(Config):
def generate_config_section(
self, config_dir_path: str, server_name: str, **kwargs: Any
) -> str:
@@ -45,30 +45,17 @@ Index: synapse/synapse/config/logger.py
+ log_config = os.path.join('/etc/matrix-synapse/', server_name + ".log.config")
return (
"""\
- ## Logging ##
+ log_config: "%(log_config)s"
Index: synapse/synapse/config/server.py
===================================================================
--- synapse.orig/synapse/config/server.py
+++ synapse/synapse/config/server.py
-@@ -707,7 +707,7 @@ class ServerConfig(Config):
+@@ -729,7 +729,7 @@ class ServerConfig(Config):
bind_port = 8448
unsecure_port = 8008
- pid_file = os.path.join(data_dir_path, "homeserver.pid")
+ pid_file = os.path.join("/run/matrix-synapse", "homeserver.pid")
- # Bring DEFAULT_ROOM_VERSION into the local-scope for use in the
- # default config string
-Index: synapse/synapse/config/tls.py
-===================================================================
---- synapse.orig/synapse/config/tls.py
-+++ synapse/synapse/config/tls.py
-@@ -153,7 +153,7 @@ class TlsConfig(Config):
- """If the TLS paths are not specified the default will be certs in the
- config directory"""
-
-- base_key_name = os.path.join(config_dir_path, server_name)
-+ base_key_name = os.path.join('/etc/matrix-synapse/keys.d', server_name)
-
- if bool(tls_certificate_path) != bool(tls_private_key_path):
- raise ConfigError(
+ secure_listeners = []
+ unsecure_listeners = []
diff --git a/matrix-synapse-1.61.1.obscpio b/matrix-synapse-1.61.1.obscpio
deleted file mode 100644
index eabd736..0000000
--- a/matrix-synapse-1.61.1.obscpio
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:8ab462f59d05c7dd2d034318c1902447df78b4f4cec516ecfca1734e586a51bd
-size 33015821
diff --git a/matrix-synapse-1.62.0.obscpio b/matrix-synapse-1.62.0.obscpio
new file mode 100644
index 0000000..3ba7544
--- /dev/null
+++ b/matrix-synapse-1.62.0.obscpio
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:2c054c415ac1d89d57b29772ef1a5a4e2bed660c51c44a8361645e9d5c812ce2
+size 32921101
diff --git a/matrix-synapse-test.spec b/matrix-synapse-test.spec
index 933484f..abb3011 100644
--- a/matrix-synapse-test.spec
+++ b/matrix-synapse-test.spec
@@ -27,7 +27,7 @@
%define pkgname matrix-synapse
Name: %{pkgname}-test
-Version: 1.61.1
+Version: 1.62.0
Release: 0
Summary: Test package for %{pkgname}
License: Apache-2.0
diff --git a/matrix-synapse.changes b/matrix-synapse.changes
index bcdce6b..3cfc18a 100644
--- a/matrix-synapse.changes
+++ b/matrix-synapse.changes
@@ -1,7 +1,171 @@
+-------------------------------------------------------------------
+Tue Jul 5 12:48:31 UTC 2022 - Marcus Rueckert
+
+- Update to 1.62.0
+ Authors of spam-checker plugins should consult the upgrade notes
+ to learn about the enriched signatures for spam checker
+ callbacks, which are supported with this release of Synapse.
+
+ - Features
+ - Port the spam-checker API callbacks to a new, richer API.
+ This is part of an ongoing change to let spam-checker modules
+ inform users of the reason their event or operation is
+ rejected. (#12857, #13047)
+ - Allow server admins to customise the response of the
+ /.well-known/matrix/client endpoint. (#13035)
+ - Add metrics measuring the CPU and DB time spent in state
+ resolution. (#13036)
+ - Speed up fetching of device list changes in /sync and
+ /keys/changes. (#13045, #13098)
+ - Improve URL previews for sites which only provide Twitter
+ Card metadata, e.g. LWN.net. (#13056)
+ - Bugfixes
+ - Update the version of the ldap3 plugin included in the
+ matrixdotorg/synapse DockerHub images and the Debian packages
+ hosted on packages.matrix.org to 0.2.1. This fixes a bug with
+ usernames containing uppercase characters. (#13156)
+ - Fix a bug introduced in Synapse 1.62.0rc1 affecting unread
+ counts for users on small servers. (#13168)
+ - Fix unread counts for users on large servers. Introduced in
+ v1.62.0rc1. (#13140)
+ - Fix DB performance when deleting old push notifications.
+ Introduced in v1.62.0rc1. (#13141)
+ - Update MSC3786 implementation to check state_key. (#12939)
+ - Fix a bug introduced in Synapse 1.58 where Synapse would not
+ report full version information when installed from a git
+ checkout. This is a best-effort affair and not guaranteed to
+ be stable. (#12973)
+ - Fix a bug introduced in Synapse 1.60 where Synapse would fail
+ to start if the sqlite3 module was not available. (#12979)
+ - Fix a bug where non-standard information was required when
+ requesting the /hierarchy API over federation. Introduced in
+ Synapse v1.41.0. (#12991)
+ - Fix a long-standing bug which meant that rate limiting was
+ not restrictive enough in some cases. (#13018)
+ - Fix a bug introduced in Synapse 1.58 where profile requests
+ for a malformed user ID would ccause an internal error.
+ Synapse now returns 400 Bad Request in this situation.
+ (#13041)
+ - Fix some inconsistencies in the event authentication code.
+ (#13087, #13088)
+ - Fix a long-standing bug where room directory requests would
+ cause an internal server error if given a malformed room
+ alias. (#13106)
+ - Improved Documentation
+ - Add documentation for how to configure Synapse with Workers
+ using Docker Compose. Includes example worker config and
+ docker-compose.yaml. Contributed by @Thumbscrew. (#12737)
+ - Ensure the Poetry cheat sheet is available in the online
+ documentation. (#13022)
+ - Mention removed community/group worker endpoints in
+ upgrade.md. Contributed by @olmari. (#13023)
+ - Add instructions for running Complement with
+ gotestfmt-formatted output locally. (#13073)
+ - Update OpenTracing docs to reference the configuration manual
+ rather than the configuration file. (#13076)
+ - Update information on downstream Debian packages. (#13095)
+ - Remove documentation for the Delete Group Admin API which no
+ longer exists. (#13112)
+ - Deprecations and Removals
+ - Remove the unspecced DELETE /directory/list/room/{roomId}
+ endpoint, which hid rooms from the public room directory.
+ Instead, PUT to the same URL with a visibility of "private".
+ (#13123)
+ - Internal Changes
+ - Add tests for cancellation of GET /rooms/$room_id/members and
+ GET /rooms/$room_id/state requests. (#12674)
+ - Report login failures due to unknown third party identifiers
+ in the same way as failures due to invalid passwords. This
+ prevents an attacker from using the error response to
+ determine if the identifier exists. Contributed by Daniel
+ Aloni. (#12738)
+ - Merge the Complement testing Docker images into a single,
+ multi-purpose image. (#12881, #13075)
+ - Simplify the database schema for event_edges. (#12893)
+ - Clean up the test code for client disconnection. (#12929)
+ - Remove code generating comments in configuration. (#12941)
+ - Add Cross-Origin-Resource-Policy: cross-origin header to
+ content repository's thumbnail and download endpoints.
+ (#12944)
+ - Replace noop background updates with DELETE delta. (#12954,
+ #13050)
+ - Use lower isolation level when inserting read receipts to
+ avoid serialization errors. Contributed by Nick @ Beeper.
+ (#12957)
+ - Reduce the amount of state we pull from the DB. (#12963)
+ - Enable testing against PostgreSQL databases in Complement CI.
+ (#12965, #13034)
+ - Fix an inaccurate comment. (#12969)
+ - Remove the delete_device method and always call
+ delete_devices. (#12970)
+ - Use a GitHub form for issues rather than a hard-to-read,
+ easy-to-ignore template. (#12982)
+ - Move MSC3715 behind an experimental config flag. (#12984)
+ - Add type hints to tests. (#12985, #13099)
+ - Refactor macaroon tokens generation and move the unsubscribe
+ link in notification emails to /_synapse/client/unsubscribe.
+ (#12986)
+ - Fix documentation for running complement tests. (#12990)
+ - Faster joins: add issue links to the TODO comments in the
+ code. (#13004)
+ - Reduce DB usage of /sync when a large number of unread
+ messages have recently been sent in a room. (#13005, #13096,
+ #13118)
+ - Replaced usage of PyJWT with methods from Authlib in
+ org.matrix.login.jwt. Contributed by Hannes Lerchl. (#13011)
+ - Modernize the contrib/graph/ scripts. (#13013)
+ - Remove redundant room_version parameters from event auth
+ functions. (#13017)
+ - Decouple synapse.api.auth_blocking.AuthBlocking from
+ synapse.api.auth.Auth. (#13021)
+ - Add type annotations to
+ synapse.storage.databases.main.devices. (#13025)
+ - Set default sync_response_cache_duration to two minutes.
+ (#13042)
+ - Rename CI test runs. (#13046)
+ - Increase timeout of complement CI test runs. (#13048)
+ - Refactor entry points so that they all have a main function.
+ (#13052)
+ - Refactor the Dockerfile-workers configuration script to use
+ Jinja2 templates in Synapse workers' Supervisord blocks.
+ (#13054)
+ - Add headers to individual options in config documentation to
+ allow for linking. (#13055)
+ - Make Complement CI logs easier to read. (#13057, #13058,
+ #13069)
+ - Don't instantiate modules with keyword arguments. (#13060)
+ - Fix type checking errors against Twisted trunk. (#13061)
+ - Allow MSC3030 timestamp_to_event calls from anyone on
+ world-readable rooms. (#13062)
+ - Add a CI job to check that schema deltas are in the correct
+ folder. (#13063)
+ - Avoid rechecking event auth rules which are independent of
+ room state. (#13065)
+ - Reduce the duplication of code that invokes the rate limiter.
+ (#13070)
+ - Add a Subject Alternative Name to the certificate generated
+ for Complement tests. (#13071)
+ - Add more tests for room upgrades. (#13074)
+ - Pin dependencies maintained by matrix.org to semantic version
+ bounds. (#13082)
+ - Correctly report prometheus DB stats for
+ get_earliest_token_for_stats. (#13085)
+ - Fix a long-standing bug where a finished logging context
+ would be re-started when Synapse failed to persist an event
+ from federation. (#13089)
+ - Simplify the alias deletion logic as an application service.
+ (#13093)
+ - Add type annotations to tests.test_server. (#13124)
+- Drop PyJWT dependency. Replaced by Authlib
+- Implement upper version limits to match pyproject.toml
+- Refreshed patches for new code:
+ bump-dependencies.patch
+ matrix-synapse-1.4.1-paths.patch
+
-------------------------------------------------------------------
Tue Jun 28 15:55:03 UTC 2022 - Marcus Rueckert
-- Update to 1.61.1
+- Update to 1.61.1 (boo#1201229)
This patch release fixes a security issue regarding URL previews,
affecting all prior versions of Synapse. Server administrators
are encouraged to update Synapse as soon as possible. We are not
diff --git a/matrix-synapse.obsinfo b/matrix-synapse.obsinfo
index 6d0ca38..74c7a12 100644
--- a/matrix-synapse.obsinfo
+++ b/matrix-synapse.obsinfo
@@ -1,4 +1,4 @@
name: matrix-synapse
-version: 1.61.1
-mtime: 1656423666
-commit: 09d89ddc1f875bb1ea835a7614980787d4ebd043
+version: 1.62.0
+mtime: 1657016394
+commit: b51a0f4be0287f88a747952fb3cc8132d29df4c8
diff --git a/matrix-synapse.spec b/matrix-synapse.spec
index 203bf41..cd8b297 100644
--- a/matrix-synapse.spec
+++ b/matrix-synapse.spec
@@ -28,12 +28,14 @@
%global bcrypt_version 3.2.0
%global bleach_version 3.3.0
%global canonicaljson_version 1.6.0
+%global canonicaljson_max_version 2
%global cryptography_version 36.0.1
%global frozendict_version 2.3.0
%global idna_version 3.3
%global ijson_version 3.1.4
%global jsonschema_version 4.4.6
-%global matrix_common_version 1.1.0
+%global matrix_common_version 1.2.1
+%global matrix_common_max_version 2
%global msgpack_version 1.0.3
%global netaddr_version 0.8.0
%global phonenumbers_version 8.12.44
@@ -45,13 +47,14 @@
%global pymacaroons_version 0.13.0
%global service_identity_version 21.1.0
%global signedjson_version 1.1.4
+%global signedjson_max_version 2
%global six_version 1.16.0
%global sortedcontainers_version 2.4.0
%global systemd_version 234
%global typing_extensions_version 4.1.1
%global treq_version 22.2.0
%global unpaddedbase64_version 2.1.0
-%global matrix_synapse_ldap3_version 0.2.0
+%global matrix_synapse_ldap3_version 0.2.1
%global packaging_version 21.3
%global psycopg2_version 2.9.3
%global pysaml2_version 7.1.2
@@ -74,12 +77,14 @@
%global bcrypt_version 3.1.0
%global bleach_version 1.4.3
%global canonicaljson_version 1.4.0
+%global canonicaljson_max_version 2
%global cryptography_version 3.4.7
%global frozendict_version 2.1.3
%global idna_version 2.5
%global ijson_version 3.1.4
%global jsonschema_version 3.0.0
-%global matrix_common_version 1.1.0
+%global matrix_common_version 1.2.1
+%global matrix_common_max_version 2
%global msgpack_version 0.5.2
%global netaddr_version 0.7.18
%global phonenumbers_version 8.2.0
@@ -91,13 +96,14 @@
%global pymacaroons_version 0.13.0
%global service_identity_version 18.1.0
%global signedjson_version 1.1.0
+%global signedjson_max_version 2
%global six_version 1.16.0
%global sortedcontainers_version 1.4.4
%global systemd_version 231
%global typing_extensions_version 3.10.0
%global treq_version 15.1
%global unpaddedbase64_version 2.1.0
-%global matrix_synapse_ldap3_version 0.1.0
+%global matrix_synapse_ldap3_version 0.2.1
%global packaging_version 16.1
%global psycopg2_version 2.8
%global pysaml2_version 4.5.0
@@ -147,7 +153,7 @@
%define pkgname matrix-synapse
%define eggname matrix_synapse
Name: %{pkgname}
-Version: 1.61.1
+Version: 1.62.0
Release: 0
Summary: Matrix protocol reference homeserver
License: Apache-2.0
@@ -198,7 +204,7 @@ BuildRequires: %{use_python}-bcrypt >= %{bcrypt_version}
%requires_peq %{use_python}-bcrypt
BuildRequires: %{use_python}-bleach >= %{bleach_version}
%requires_peq %{use_python}-bleach
-BuildRequires: %{use_python}-canonicaljson >= %{canonicaljson_version}
+BuildRequires: (%{use_python}-canonicaljson >= %{canonicaljson_version} with %{use_python}-canonicaljson < %{canonicaljson_max_version})
%requires_peq %{use_python}-canonicaljson
BuildRequires: %{use_python}-cryptography >= %{cryptography_version}
%requires_peq %{use_python}-cryptography
@@ -210,7 +216,7 @@ BuildRequires: %{use_python}-ijson >= %{ijson_version}
%requires_peq %{use_python}-ijson
BuildRequires: %{use_python}-jsonschema >= %{jsonschema_version}
%requires_peq %{use_python}-jsonschema
-BuildRequires: %{use_python}-matrix_common >= %{matrix_common_version}
+BuildRequires: (%{use_python}-matrix_common >= %{matrix_common_version} with %{use_python}-matrix_common < %{matrix_common_max_version})
%requires_peq %{use_python}-matrix_common
BuildRequires: %{use_python}-msgpack >= %{msgpack_version}
%requires_peq %{use_python}-msgpack
@@ -232,7 +238,7 @@ BuildRequires: %{use_python}-pymacaroons >= %{pymacaroons_version}
%requires_peq %{use_python}-pymacaroons
BuildRequires: %{use_python}-service_identity >= %{service_identity_version}
%requires_peq %{use_python}-service_identity
-BuildRequires: %{use_python}-signedjson >= %{signedjson_version}
+BuildRequires: (%{use_python}-signedjson >= %{signedjson_version} with %{use_python}-signedjson < %{signedjson_max_version})
%requires_peq %{use_python}-signedjson
BuildRequires: %{use_python}-six >= %{six_version}
%requires_peq %{use_python}-six
@@ -268,8 +274,6 @@ BuildRequires: %{use_python}-lxml >= %{lxml_version}
BuildRequires: %{use_python}-sentry-sdk >= %{sentry_sdk_version}
%requires_peq %{use_python}-sentry-sdk
%endif
-BuildRequires: %{use_python}-PyJWT >= %{PyJWT_version}
-%requires_peq %{use_python}-PyJWT
%if %{with synapse_opentracing}
BuildRequires: %{use_python}-jaeger-client >= %{jaeger_client_version}
%requires_peq %{use_python}-jaeger-client