Accepting request 881504 from home:darix:apps

- Update to 1.30.1 This release is identical to Synapse 1.30.0, with the exception of explicitly setting a minimum version of Python's Cryptography library to ensure that users of Synapse are protected from the recent OpenSSL security advisories, especially CVE-2021-3449. - Internal Changes - Enforce that `cryptography` dependency is up to date to ensure it has the most recent openssl patches. (#9697) - Note: we do not bump the cryptography dependency in our package as we use the system OpenSSL which gets the fix. Add dont-bump-cryptography-with-system-openssl.patch to comment out the dependency because otherwise the newer version requirement is enforced on startup OBS-URL: https://build.opensuse.org/request/show/881504 OBS-URL: https://build.opensuse.org/package/show/network:messaging:matrix/matrix-synapse?expand=0&rev=165
2021-03-27 03:03:37 +00:00 · 2021-03-27 03:03:37 +00:00 · 8df71c82d8
commit 8df71c82d8
parent 3c508255da
8 changed files with 43 additions and 10 deletions
--- a/2
+++ b/2
@ -4,7 +4,7 @@
    <param name="versionformat">@PARENT_TAG@</param>
    <param name="url">https://github.com/matrix-org/synapse.git</param>
    <param name="scm">git</param>
-    <param name="revision">v1.30.0</param>
+    <param name="revision">v1.30.1</param>
    <param name="versionrewrite-pattern">v(.*)</param>
    <param name="versionrewrite-replacement">\1</param>
    <!--
--- a/dont-bump-cryptography-with-system-openssl.patch
+++ b/dont-bump-cryptography-with-system-openssl.patch
@ -0,0 +1,13 @@
+diff --git a/synapse/python_dependencies.py b/synapse/python_dependencies.py
+index 14ddaed02..eb2137c93 100644
+--- a/synapse/python_dependencies.py
+++ b/synapse/python_dependencies.py
+@@ -84,7 +84,7 @@ REQUIREMENTS = [
+     "typing-extensions>=3.7.4",
+     # We enforce that we have a `cryptography` version that bundles an `openssl`
+     # with the latest security patches.
+-    "cryptography>=3.4.7;python_version>='3.6'",
+    # "cryptography>=3.4.7;python_version>='3.6'",
+ ]
+ 
+ CONDITIONAL_REQUIREMENTS = {
--- a/matrix-synapse-1.30.0.obscpio
+++ b/matrix-synapse-1.30.0.obscpio
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:9892ed6611e724133439b9d68e414af184ed64916b19f0ef401c14a15287f369
-size 29780493
--- a/matrix-synapse-1.30.1.obscpio
+++ b/matrix-synapse-1.30.1.obscpio
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:ec26fa01b940639e8c85c9ac02afe17ae204f624db3c38fe79fba3fc2c9dd575
+size 29782029
--- a/matrix-synapse-test.spec
+++ b/matrix-synapse-test.spec
@ -27,7 +27,7 @@

 %define         pkgname matrix-synapse
 Name:           %{pkgname}-test
-Version:        1.30.0
+Version:        1.30.1
 Release:        0
 Summary:        Test package for %{pkgname}
 License:        Apache-2.0
--- a/matrix-synapse.changes
+++ b/matrix-synapse.changes
@ -1,3 +1,22 @@
+-------------------------------------------------------------------
+Fri Mar 26 12:39:34 UTC 2021 - Marcus Rueckert <mrueckert@suse.de>
+
+- Update to 1.30.1
+  This release is identical to Synapse 1.30.0, with the exception
+  of explicitly setting a minimum version of Python's Cryptography
+  library to ensure that users of Synapse are protected from the
+  recent OpenSSL security advisories, especially CVE-2021-3449.
+  - Internal Changes
+    - Enforce that `cryptography` dependency is up to date to
+      ensure it has the most recent openssl patches. (#9697)
+  
+- Note: we do not bump the cryptography dependency in our package
+  as we use the system OpenSSL which gets the fix.
+  
+  Add dont-bump-cryptography-with-system-openssl.patch to comment
+  out the dependency because otherwise the newer version
+  requirement is enforced on startup
+
 -------------------------------------------------------------------
 Mon Mar 22 14:02:31 UTC 2021 - Marcus Rueckert <mrueckert@suse.de>

--- a/matrix-synapse.obsinfo
+++ b/matrix-synapse.obsinfo
@ -1,5 +1,5 @@
 name: matrix-synapse
-version: 1.30.0
-mtime: 1616418955
-commit: e2904f720da42c47813d441a44f52eedb35f4850
+version: 1.30.1
+mtime: 1616761264
+commit: 262ed05f5b4bb1c489119129065babb29be7f3f1

--- a/matrix-synapse.spec
+++ b/matrix-synapse.spec
@ -45,7 +45,7 @@
 %define         pkgname matrix-synapse
 %define         eggname matrix_synapse
 Name:           %{pkgname}
-Version:        1.30.0
+Version:        1.30.1
 Release:        0
 Summary:        Matrix protocol reference homeserver
 License:        Apache-2.0
@ -61,6 +61,7 @@ Source51:       matrix-synapse-generate-config.sh
 # to clean up your working copy afterwards: git reset --hard ; rm -rv .pc patches
 Source99:       series
 Patch:          matrix-synapse-1.4.1-paths.patch
+Patch1:         dont-bump-cryptography-with-system-openssl.patch
 BuildRequires:  fdupes
 BuildRequires:  python-rpm-macros
 BuildRequires:  python3-base
@ -83,7 +84,7 @@ BuildRequires:  python3-Twisted >= 20.3.0
 %requires_eq    python3-Twisted
 BuildRequires:  python3-attrs >= 17.4.0
 %requires_eq    python3-attrs
-BuildRequires:  python3-bcrypt >= 3.1.0
+BuildRequires:  python3-bcrypt >= 3.2.0
 %requires_eq    python3-bcrypt
 BuildRequires:  python3-bleach >= 1.4.3
 %requires_eq    python3-bleach