Accepting request 818369 from home:darix:apps

- Update to 1.15.2 - Security - A malicious homeserver could force Synapse to reset the state in a room to a small subset of the correct state. This affects all Synapse deployments which federate with untrusted servers. (96e9afe6) - HTML pages served via Synapse were vulnerable to clickjacking attacks. This predominantly affects homeservers with single-sign-on enabled, but all server administrators are encouraged to upgrade. (ea26e9a9) OBS-URL: https://build.opensuse.org/request/show/818369 OBS-URL: https://build.opensuse.org/package/show/network:messaging:matrix/matrix-synapse?expand=0&rev=130
2020-07-02 16:30:31 +00:00 · 2020-07-02 16:30:31 +00:00 · a9e23b56df
commit a9e23b56df
parent 9417020078
7 changed files with 23 additions and 9 deletions
--- a/2
+++ b/2
@ -4,7 +4,7 @@
    <param name="versionformat">@PARENT_TAG@</param>
    <param name="url">https://github.com/matrix-org/synapse.git</param>
    <param name="scm">git</param>
-    <param name="revision">v1.15.1</param>
+    <param name="revision">v1.15.2</param>
    <param name="versionrewrite-pattern">v(.*)</param>
    <param name="versionrewrite-replacement">\1</param>
    <!--
--- a/matrix-synapse-1.15.1.obscpio
+++ b/matrix-synapse-1.15.1.obscpio
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:2d7eb4f8142ea3d29115c72880cf0d367ae77ddb14378b071da5d6e78133b059
-size 27418125
--- a/matrix-synapse-1.15.2.obscpio
+++ b/matrix-synapse-1.15.2.obscpio
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:56aa02bcc986ce3c236b7bae433331576bbedeba89bb223b6c89df3815d69a7c
+size 27419149
--- a/matrix-synapse-test.spec
+++ b/matrix-synapse-test.spec
@ -32,7 +32,7 @@

 %define         pkgname matrix-synapse
 Name:           %{pkgname}-test
-Version:        1.15.1
+Version:        1.15.2
 Release:        0
 Summary:        Test package for %{pkgname}
 License:        Apache-2.0
--- a/matrix-synapse.changes
+++ b/matrix-synapse.changes
@ -1,3 +1,17 @@
+-------------------------------------------------------------------
+Thu Jul  2 15:34:54 UTC 2020 - Marcus Rueckert <mrueckert@suse.de>
+
+- Update to 1.15.2
+  - Security
+    - A malicious homeserver could force Synapse to reset the state
+      in a room to a small subset of the correct state. This
+      affects all Synapse deployments which federate with untrusted
+      servers. (96e9afe6)
+    - HTML pages served via Synapse were vulnerable to clickjacking
+      attacks. This predominantly affects homeservers with
+      single-sign-on enabled, but all server administrators are
+      encouraged to upgrade. (ea26e9a9)
+
 -------------------------------------------------------------------
 Tue Jun 16 18:36:01 UTC 2020 - Marcus Rueckert <mrueckert@suse.de>

--- a/matrix-synapse.obsinfo
+++ b/matrix-synapse.obsinfo
@ -1,5 +1,5 @@
 name: matrix-synapse
-version: 1.15.1
-mtime: 1592299864
-commit: 0fc5575c5b7cfed8263db91bc1f1335a52b9d62e
+version: 1.15.2
+mtime: 1593701594
+commit: 244649b7d514165e038d45506c33915f19f5a50d

--- a/matrix-synapse.spec
+++ b/matrix-synapse.spec
@ -46,7 +46,7 @@
 %define         modname synapse
 %define         pkgname matrix-synapse
 Name:           %{pkgname}
-Version:        1.15.1
+Version:        1.15.2
 Release:        0
 Summary:        Matrix protocol reference homeserver
 License:        Apache-2.0