From 8df71c82d8e37844b40ec0b5f7726aaa0052553245a6d8b502e70809da8bf9a6 Mon Sep 17 00:00:00 2001
From: Aleksa Sarai <asarai@suse.com>
Date: Sat, 27 Mar 2021 03:03:37 +0000
Subject: [PATCH] Accepting request 881504 from home:darix:apps

- Update to 1.30.1
  This release is identical to Synapse 1.30.0, with the exception
  of explicitly setting a minimum version of Python's Cryptography
  library to ensure that users of Synapse are protected from the
  recent OpenSSL security advisories, especially CVE-2021-3449.
  - Internal Changes
    - Enforce that `cryptography` dependency is up to date to
      ensure it has the most recent openssl patches. (#9697)

- Note: we do not bump the cryptography dependency in our package
  as we use the system OpenSSL which gets the fix.

  Add dont-bump-cryptography-with-system-openssl.patch to comment
  out the dependency because otherwise the newer version
  requirement is enforced on startup

OBS-URL: https://build.opensuse.org/request/show/881504
OBS-URL: https://build.opensuse.org/package/show/network:messaging:matrix/matrix-synapse?expand=0&rev=165
---
 _service                                      |  2 +-
 ...ump-cryptography-with-system-openssl.patch | 13 +++++++++++++
 matrix-synapse-1.30.0.obscpio                 |  3 ---
 matrix-synapse-1.30.1.obscpio                 |  3 +++
 matrix-synapse-test.spec                      |  2 +-
 matrix-synapse.changes                        | 19 +++++++++++++++++++
 matrix-synapse.obsinfo                        |  6 +++---
 matrix-synapse.spec                           |  5 +++--
 8 files changed, 43 insertions(+), 10 deletions(-)
 create mode 100644 dont-bump-cryptography-with-system-openssl.patch
 delete mode 100644 matrix-synapse-1.30.0.obscpio
 create mode 100644 matrix-synapse-1.30.1.obscpio

diff --git a/_service b/_service
index 9ef73f0..20962d2 100644
--- a/_service
+++ b/_service
@@ -4,7 +4,7 @@
     <param name="versionformat">@PARENT_TAG@</param>
     <param name="url">https://github.com/matrix-org/synapse.git</param>
     <param name="scm">git</param>
-    <param name="revision">v1.30.0</param>
+    <param name="revision">v1.30.1</param>
     <param name="versionrewrite-pattern">v(.*)</param>
     <param name="versionrewrite-replacement">\1</param>
     <!--
diff --git a/dont-bump-cryptography-with-system-openssl.patch b/dont-bump-cryptography-with-system-openssl.patch
new file mode 100644
index 0000000..cbba2ad
--- /dev/null
+++ b/dont-bump-cryptography-with-system-openssl.patch
@@ -0,0 +1,13 @@
+diff --git a/synapse/python_dependencies.py b/synapse/python_dependencies.py
+index 14ddaed02..eb2137c93 100644
+--- a/synapse/python_dependencies.py
++++ b/synapse/python_dependencies.py
+@@ -84,7 +84,7 @@ REQUIREMENTS = [
+     "typing-extensions>=3.7.4",
+     # We enforce that we have a `cryptography` version that bundles an `openssl`
+     # with the latest security patches.
+-    "cryptography>=3.4.7;python_version>='3.6'",
++    # "cryptography>=3.4.7;python_version>='3.6'",
+ ]
+ 
+ CONDITIONAL_REQUIREMENTS = {
diff --git a/matrix-synapse-1.30.0.obscpio b/matrix-synapse-1.30.0.obscpio
deleted file mode 100644
index a52fbb6..0000000
--- a/matrix-synapse-1.30.0.obscpio
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:9892ed6611e724133439b9d68e414af184ed64916b19f0ef401c14a15287f369
-size 29780493
diff --git a/matrix-synapse-1.30.1.obscpio b/matrix-synapse-1.30.1.obscpio
new file mode 100644
index 0000000..ec9862e
--- /dev/null
+++ b/matrix-synapse-1.30.1.obscpio
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:ec26fa01b940639e8c85c9ac02afe17ae204f624db3c38fe79fba3fc2c9dd575
+size 29782029
diff --git a/matrix-synapse-test.spec b/matrix-synapse-test.spec
index cadad60..2e823a4 100644
--- a/matrix-synapse-test.spec
+++ b/matrix-synapse-test.spec
@@ -27,7 +27,7 @@
 
 %define         pkgname matrix-synapse
 Name:           %{pkgname}-test
-Version:        1.30.0
+Version:        1.30.1
 Release:        0
 Summary:        Test package for %{pkgname}
 License:        Apache-2.0
diff --git a/matrix-synapse.changes b/matrix-synapse.changes
index 5118747..e3c6e9c 100644
--- a/matrix-synapse.changes
+++ b/matrix-synapse.changes
@@ -1,3 +1,22 @@
+-------------------------------------------------------------------
+Fri Mar 26 12:39:34 UTC 2021 - Marcus Rueckert <mrueckert@suse.de>
+
+- Update to 1.30.1
+  This release is identical to Synapse 1.30.0, with the exception
+  of explicitly setting a minimum version of Python's Cryptography
+  library to ensure that users of Synapse are protected from the
+  recent OpenSSL security advisories, especially CVE-2021-3449.
+  - Internal Changes
+    - Enforce that `cryptography` dependency is up to date to
+      ensure it has the most recent openssl patches. (#9697)
+  
+- Note: we do not bump the cryptography dependency in our package
+  as we use the system OpenSSL which gets the fix.
+  
+  Add dont-bump-cryptography-with-system-openssl.patch to comment
+  out the dependency because otherwise the newer version
+  requirement is enforced on startup
+
 -------------------------------------------------------------------
 Mon Mar 22 14:02:31 UTC 2021 - Marcus Rueckert <mrueckert@suse.de>
 
diff --git a/matrix-synapse.obsinfo b/matrix-synapse.obsinfo
index e76aa91..8ef95a2 100644
--- a/matrix-synapse.obsinfo
+++ b/matrix-synapse.obsinfo
@@ -1,5 +1,5 @@
 name: matrix-synapse
-version: 1.30.0
-mtime: 1616418955
-commit: e2904f720da42c47813d441a44f52eedb35f4850
+version: 1.30.1
+mtime: 1616761264
+commit: 262ed05f5b4bb1c489119129065babb29be7f3f1
 
diff --git a/matrix-synapse.spec b/matrix-synapse.spec
index 2f4854a..eef40b9 100644
--- a/matrix-synapse.spec
+++ b/matrix-synapse.spec
@@ -45,7 +45,7 @@
 %define         pkgname matrix-synapse
 %define         eggname matrix_synapse
 Name:           %{pkgname}
-Version:        1.30.0
+Version:        1.30.1
 Release:        0
 Summary:        Matrix protocol reference homeserver
 License:        Apache-2.0
@@ -61,6 +61,7 @@ Source51:       matrix-synapse-generate-config.sh
 # to clean up your working copy afterwards: git reset --hard ; rm -rv .pc patches
 Source99:       series
 Patch:          matrix-synapse-1.4.1-paths.patch
+Patch1:         dont-bump-cryptography-with-system-openssl.patch
 BuildRequires:  fdupes
 BuildRequires:  python-rpm-macros
 BuildRequires:  python3-base
@@ -83,7 +84,7 @@ BuildRequires:  python3-Twisted >= 20.3.0
 %requires_eq    python3-Twisted
 BuildRequires:  python3-attrs >= 17.4.0
 %requires_eq    python3-attrs
-BuildRequires:  python3-bcrypt >= 3.1.0
+BuildRequires:  python3-bcrypt >= 3.2.0
 %requires_eq    python3-bcrypt
 BuildRequires:  python3-bleach >= 1.4.3
 %requires_eq    python3-bleach