- With the previous change we would not need use_python anymore
because we also can find now the packages that provide python3-X
But i keep the conditional around for e.g. testing with python
3.10.
- Replace requires_eq with requires_peq: (boo#1195316)
The only difference between the 2 macros is that the new macro
also considers provides so we can track package names over
renames.
- Update to 1.51.0
Synapse 1.51.0 deprecates webclient listeners and non-HTTP(S)
web_client_locations. Support for these will be removed in
Synapse 1.53.0, at which point Synapse will not be capable of
directly serving a web client for Matrix. See the upgrade notes.
- Features
- Add track_puppeted_user_ips config flag to record client IP
addresses against puppeted users, and include the puppeted
users in monthly active user counts. (#11561, #11749, #11757)
- Include whether the requesting user has participated in a
thread when generating a summary for MSC3440. (#11577)
- Return an M_FORBIDDEN error code instead of M_UNKNOWN when a
spam checker module prevents a user from creating a room.
(#11672)
- Add a flag to the synapse_review_recent_signups script to
ignore and filter appservice users. (#11675, #11770)
- Bugfixes
- Fix a bug introduced in Synapse 1.40.0 that caused Synapse to
fail to process incoming federation traffic after handling a
large amount of events in a v1 room. (#11806)
OBS-URL: https://build.opensuse.org/request/show/950937
OBS-URL: https://build.opensuse.org/package/show/network:messaging:matrix/matrix-synapse?expand=0&rev=206
- Update to 1.47.1
This release fixes a security issue in the media store, affecting
all prior releases of Synapse. Server administrators are
encouraged to update Synapse as soon as possible. We are not
aware of these vulnerabilities being exploited in the wild.
Server administrators who are unable to update Synapse may use
the workarounds described in the linked GitHub Security Advisory
below.
- Security Advisory:
GHSA-3hfw-x7gx-437c / CVE-2021-41281: Path traversal when
downloading remote media.
Synapse instances with the media repository enabled can be
tricked into downloading a file from a remote server into an
arbitrary directory, potentially outside the media store
directory. The last two directories and file name of the path
are chosen randomly by Synapse and cannot be controlled by an
attacker, which limits the impact. Homeservers with the media
repository disabled are unaffected. Homeservers configured with
a federation whitelist are also unaffected. Fixed by
91f2bd090.
OBS-URL: https://build.opensuse.org/request/show/933284
OBS-URL: https://build.opensuse.org/package/show/network:messaging:matrix/matrix-synapse?expand=0&rev=198
- Update to 1.37.1
This release resolves issues (such as #9490) where one busy room
could cause head-of-line blocking, starving Synapse from
processing events in other rooms, and causing all federated
traffic to fall behind. Synapse 1.37.1 processes inbound
federation traffic asynchronously, ensuring that one busy room
won't impact others. Please upgrade to Synapse 1.37.1 as soon as
possible, in order to increase resilience to other traffic
spikes.
- Features
- Handle inbound events from federation asynchronously.
(#10269, #10272)
OBS-URL: https://build.opensuse.org/request/show/903369
OBS-URL: https://build.opensuse.org/package/show/network:messaging:matrix/matrix-synapse?expand=0&rev=185
- Update to v1.32.1
This release fixes a regression in Synapse 1.32.0 that caused
connected Prometheus instances to become unstable. If you ran
Synapse 1.32.0 with Prometheus metrics, first upgrade to Synapse
1.32.1 and follow these instructions to clean up any excess
writeahead logs.
- Bugfixes
- Fix a regression in Synapse 1.32.0 which caused Synapse to
report large numbers of Prometheus time series, potentially
overwhelming Prometheus instances. (#9854)
OBS-URL: https://build.opensuse.org/request/show/887327
OBS-URL: https://build.opensuse.org/package/show/network:messaging:matrix/matrix-synapse?expand=0&rev=171
- Update to 1.30.1
This release is identical to Synapse 1.30.0, with the exception
of explicitly setting a minimum version of Python's Cryptography
library to ensure that users of Synapse are protected from the
recent OpenSSL security advisories, especially CVE-2021-3449.
- Internal Changes
- Enforce that `cryptography` dependency is up to date to
ensure it has the most recent openssl patches. (#9697)
- Note: we do not bump the cryptography dependency in our package
as we use the system OpenSSL which gets the fix.
Add dont-bump-cryptography-with-system-openssl.patch to comment
out the dependency because otherwise the newer version
requirement is enforced on startup
OBS-URL: https://build.opensuse.org/request/show/881504
OBS-URL: https://build.opensuse.org/package/show/network:messaging:matrix/matrix-synapse?expand=0&rev=165
- prepare to support more optional features in the buildrequires
(oidc/redis). failing atm due to missing libraries
- Update to 1.21.2
- Security advisory
- HTML pages served via Synapse were vulnerable to cross-site
scripting (XSS) attacks. All server administrators are
encouraged to upgrade. (#8444) (CVE-2020-26891)
- This fix was originally included in v1.21.0 but was missing a
security advisory. This was reported by Denis Kasak.
- Bugfixes
- Fix rare bug where sending an event would fail due to a racey
assertion. (#8530)
- An updated version of the authlib dependency is included in
the Docker and Debian images to fix an issue using OpenID
Connect. See #8534 for details.
OBS-URL: https://build.opensuse.org/request/show/841978
OBS-URL: https://build.opensuse.org/package/show/network:messaging:matrix/matrix-synapse?expand=0&rev=147
