Accepting request 818369 from home:darix:apps

- Update to 1.15.2
  - Security
    - A malicious homeserver could force Synapse to reset the state
      in a room to a small subset of the correct state. This
      affects all Synapse deployments which federate with untrusted
      servers. (96e9afe6)
    - HTML pages served via Synapse were vulnerable to clickjacking
      attacks. This predominantly affects homeservers with
      single-sign-on enabled, but all server administrators are
      encouraged to upgrade. (ea26e9a9)

OBS-URL: https://build.opensuse.org/request/show/818369
OBS-URL: https://build.opensuse.org/package/show/network:messaging:matrix/matrix-synapse?expand=0&rev=130
This commit is contained in:
Oliver Kurz 2020-07-02 16:30:31 +00:00 committed by Git OBS Bridge
parent 9417020078
commit a9e23b56df
7 changed files with 23 additions and 9 deletions

View File

@ -4,7 +4,7 @@
<param name="versionformat">@PARENT_TAG@</param> <param name="versionformat">@PARENT_TAG@</param>
<param name="url">https://github.com/matrix-org/synapse.git</param> <param name="url">https://github.com/matrix-org/synapse.git</param>
<param name="scm">git</param> <param name="scm">git</param>
<param name="revision">v1.15.1</param> <param name="revision">v1.15.2</param>
<param name="versionrewrite-pattern">v(.*)</param> <param name="versionrewrite-pattern">v(.*)</param>
<param name="versionrewrite-replacement">\1</param> <param name="versionrewrite-replacement">\1</param>
<!-- <!--

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:2d7eb4f8142ea3d29115c72880cf0d367ae77ddb14378b071da5d6e78133b059
size 27418125

View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:56aa02bcc986ce3c236b7bae433331576bbedeba89bb223b6c89df3815d69a7c
size 27419149

View File

@ -32,7 +32,7 @@
%define pkgname matrix-synapse %define pkgname matrix-synapse
Name: %{pkgname}-test Name: %{pkgname}-test
Version: 1.15.1 Version: 1.15.2
Release: 0 Release: 0
Summary: Test package for %{pkgname} Summary: Test package for %{pkgname}
License: Apache-2.0 License: Apache-2.0

View File

@ -1,3 +1,17 @@
-------------------------------------------------------------------
Thu Jul 2 15:34:54 UTC 2020 - Marcus Rueckert <mrueckert@suse.de>
- Update to 1.15.2
- Security
- A malicious homeserver could force Synapse to reset the state
in a room to a small subset of the correct state. This
affects all Synapse deployments which federate with untrusted
servers. (96e9afe6)
- HTML pages served via Synapse were vulnerable to clickjacking
attacks. This predominantly affects homeservers with
single-sign-on enabled, but all server administrators are
encouraged to upgrade. (ea26e9a9)
------------------------------------------------------------------- -------------------------------------------------------------------
Tue Jun 16 18:36:01 UTC 2020 - Marcus Rueckert <mrueckert@suse.de> Tue Jun 16 18:36:01 UTC 2020 - Marcus Rueckert <mrueckert@suse.de>

View File

@ -1,5 +1,5 @@
name: matrix-synapse name: matrix-synapse
version: 1.15.1 version: 1.15.2
mtime: 1592299864 mtime: 1593701594
commit: 0fc5575c5b7cfed8263db91bc1f1335a52b9d62e commit: 244649b7d514165e038d45506c33915f19f5a50d

View File

@ -46,7 +46,7 @@
%define modname synapse %define modname synapse
%define pkgname matrix-synapse %define pkgname matrix-synapse
Name: %{pkgname} Name: %{pkgname}
Version: 1.15.1 Version: 1.15.2
Release: 0 Release: 0
Summary: Matrix protocol reference homeserver Summary: Matrix protocol reference homeserver
License: Apache-2.0 License: Apache-2.0