- Update to v1.32.1
This release fixes a regression in Synapse 1.32.0 that caused
connected Prometheus instances to become unstable. If you ran
Synapse 1.32.0 with Prometheus metrics, first upgrade to Synapse
1.32.1 and follow these instructions to clean up any excess
writeahead logs.
- Bugfixes
- Fix a regression in Synapse 1.32.0 which caused Synapse to
report large numbers of Prometheus time series, potentially
overwhelming Prometheus instances. (#9854)
OBS-URL: https://build.opensuse.org/request/show/887327
OBS-URL: https://build.opensuse.org/package/show/network:messaging:matrix/matrix-synapse?expand=0&rev=171
- Update to 1.30.1
This release is identical to Synapse 1.30.0, with the exception
of explicitly setting a minimum version of Python's Cryptography
library to ensure that users of Synapse are protected from the
recent OpenSSL security advisories, especially CVE-2021-3449.
- Internal Changes
- Enforce that `cryptography` dependency is up to date to
ensure it has the most recent openssl patches. (#9697)
- Note: we do not bump the cryptography dependency in our package
as we use the system OpenSSL which gets the fix.
Add dont-bump-cryptography-with-system-openssl.patch to comment
out the dependency because otherwise the newer version
requirement is enforced on startup
OBS-URL: https://build.opensuse.org/request/show/881504
OBS-URL: https://build.opensuse.org/package/show/network:messaging:matrix/matrix-synapse?expand=0&rev=165
- prepare to support more optional features in the buildrequires
(oidc/redis). failing atm due to missing libraries
- Update to 1.21.2
- Security advisory
- HTML pages served via Synapse were vulnerable to cross-site
scripting (XSS) attacks. All server administrators are
encouraged to upgrade. (#8444) (CVE-2020-26891)
- This fix was originally included in v1.21.0 but was missing a
security advisory. This was reported by Denis Kasak.
- Bugfixes
- Fix rare bug where sending an event would fail due to a racey
assertion. (#8530)
- An updated version of the authlib dependency is included in
the Docker and Debian images to fix an issue using OpenID
Connect. See #8534 for details.
OBS-URL: https://build.opensuse.org/request/show/841978
OBS-URL: https://build.opensuse.org/package/show/network:messaging:matrix/matrix-synapse?expand=0&rev=147
- Update to 1.15.2
- Security
- A malicious homeserver could force Synapse to reset the state
in a room to a small subset of the correct state. This
affects all Synapse deployments which federate with untrusted
servers. (96e9afe6)
- HTML pages served via Synapse were vulnerable to clickjacking
attacks. This predominantly affects homeservers with
single-sign-on enabled, but all server administrators are
encouraged to upgrade. (ea26e9a9)
OBS-URL: https://build.opensuse.org/request/show/818369
OBS-URL: https://build.opensuse.org/package/show/network:messaging:matrix/matrix-synapse?expand=0&rev=130
- Update to 1.13.0
This release brings some potential changes necessary for certain
configurations of Synapse:
- If your Synapse is configured to use SSO and have a custom
sso_redirect_confirm_template_dir configuration option set, you
will need to duplicate the new sso_auth_confirm.html,
sso_auth_success.html and sso_account_deactivated.html
templates into that directory.
- Synapse plugins using the complete_sso_login method of
synapse.module_api.ModuleApi should instead switch to the
async/await version, complete_sso_login_async, which includes
additional checks. The former version is now deprecated.
- A bug was introduced in Synapse 1.4.0 which could cause the
room directory to be incomplete or empty if Synapse was
upgraded directly from v1.2.1 or earlier, to versions between
v1.4.0 and v1.12.x.
Please review UPGRADE.rst for more details on these changes and
for general upgrade guidance.
For the complete list of changes please refer to
https://github.com/matrix-org/synapse/releases/tag/v1.13.0
OBS-URL: https://build.opensuse.org/request/show/807359
OBS-URL: https://build.opensuse.org/package/show/network:messaging:matrix/matrix-synapse?expand=0&rev=124
- Update to 1.11.0.
* Limit the number of events that can be requested by the backfill federation
API to 100.
* Reject device display names over 100 characters in length to prevent abuse.
* Implement new aliases endpoint as per MSC2432.
* Stop sending m.room.alias events wheng adding / removing aliases. Check
alt_aliases in the latest m.room.canonical_alias event when deleting an
alias.
* Change the default power levels of invites, tombstones and server ACLs for
new rooms.
The full changelog is included in
/usr/share/doc/packages/matrix-synapse/CHANGES.md.
OBS-URL: https://build.opensuse.org/request/show/777958
OBS-URL: https://build.opensuse.org/package/show/network:messaging:matrix/matrix-synapse?expand=0&rev=117
- Update to 1.10.0.
WARNING to client developers: As of this release Synapse validates
client_secret parameters in the Client-Server API as per the spec. See #6766
for details.
+ Add experimental support for updated authorization rules for aliases
events, from MSC2260.
+ Variety of E2EE improvements, most notably:
* Fix bug where querying a remote user's device keys that weren't cached
resulted in only returning a single device.
* Fix bug where Synapse didn't invalidate cache of remote users' devices
when Synapse left a room.
* Detect unknown remote devices and mark cache as stale.
* Attempt to resync remote users' devices when detected as stale.
* When a client asks for a remote user's device keys check if the local
cache for that user has been marked as potentially stale.
* Detect unexpected sender keys on remote encrypted events and resync
device lists.
* Fix an issue with cross-signing where device signatures were not sent to
remote servers.
The full changelog is included in
/usr/share/doc/packages/matrix-synapse/CHANGES.md.
OBS-URL: https://build.opensuse.org/request/show/773720
OBS-URL: https://build.opensuse.org/package/show/network:messaging:matrix/matrix-synapse?expand=0&rev=114
- update to 1.9.1
Fix bug where setting mau_limit_reserved_threepids config would
cause Synapse to refuse to start. (#6793)
- package cleanup
- make sure we have all libraries to actually install the package:
- buildrequires all runtime requirements
- (build)require python3-typing_extensions
- having it use the python package name is not really useful here.
- refreshed and renamed better-paths.patch to
matrix-synapse-1.4.1-paths.patch
- also fix existing synapse user
- group to synapse instead of nogroup
- home directory to /var/lib/matrix-synapse
- shell to /bin/false (which actually exists)
- improvements to the logging configuration:
- install copy of the current /etc/matrix-synapse/log.yaml as
/etc/matrix-synapse/log.systemd.yaml
- install /etc/matrix-synapse/log.file.yaml which logs to
/var/log/matrix-synapse/homeserver.log
- add the log directory /var/log/matrix-synapse/
- added README.SUSE
- better way to bootstrap a new config:
1. ExecStartPre would have never worked anyway
2. added %{_sbindir}/matrix-synapse-generate-config
Usage:
%{_sbindir}/matrix-synapse-generate-config servername
- fix group and shell for the synapse user
- added better-paths.patch
- put the pid file into /run/matrix-synapse/
- use a default logging config in /etc/matrix-synapse/log.yaml
to have systemd logging by default
- use full path in the service file
- actually use source 50 instead of the service file in the tarball
- make permissions tighter on the config files as it contains
passwords and other secrets:
root:synapse u=rwX,g=rX,o=
OBS-URL: https://build.opensuse.org/request/show/768057
OBS-URL: https://build.opensuse.org/package/show/network:messaging:matrix/matrix-synapse?expand=0&rev=111
- Update to 1.9.0.
WARNING: As of this release, Synapse no longer supports versions of SQLite
before 3.11, and will refuse to start when configured to use an older
version. Administrators are recommended to migrate their database to Postgres
(see instructions here).
WARNING: If your Synapse deployment uses workers, note that the reverse-proxy
configurations for the synapse.app.media_repository,
synapse.app.federation_reader and synapse.app.event_creator workers have
changed, with the addition of a few paths (see the updated configurations
here). Existing configurations will continue to work.
+ Allow admin to create or modify a user.
+ Add new quarantine media admin APIs to quarantine by media ID or by user
who uploaded the media.
+ Add a new admin API to list and filter rooms on the server.
+ Add org.matrix.e2e_cross_signing to unstable_features in /versions.
The full changelog is included in
/usr/share/doc/packages/matrix-synapse/CHANGES.md.
OBS-URL: https://build.opensuse.org/request/show/766606
OBS-URL: https://build.opensuse.org/package/show/network:messaging:matrix/matrix-synapse?expand=0&rev=109