Hello community, here is the log from the commit of package matrix-synapse for openSUSE:Factory checked in at 2020-12-09 22:12:36 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/matrix-synapse (Old) and /work/SRC/openSUSE:Factory/.matrix-synapse.new.2328 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "matrix-synapse" Wed Dec 9 22:12:36 2020 rev:25 rq:854270 version:1.24.0 Changes: -------- --- /work/SRC/openSUSE:Factory/matrix-synapse/matrix-synapse.changes 2020-11-02 09:43:15.797775155 +0100 +++ /work/SRC/openSUSE:Factory/.matrix-synapse.new.2328/matrix-synapse.changes 2020-12-09 22:12:39.159141931 +0100 @@ -1,0 +2,261 @@ +Wed Dec 9 11:34:37 UTC 2020 - Marcus Rueckert <[email protected]> + +- Update to 1.24.0 + + Due to the two security issues highlighted below, server + administrators are encouraged to update Synapse. We are not aware + of these vulnerabilities being exploited in the wild. + + - Security + - There is a denial of service attack (CVE-2020-26257) against + the federation APIs in which future events will not be + correctly sent to other servers over federation. This affects + all servers that participate in open federation. (Fixed in + #8776). + - Synapse may be affected by OpenSSL CVE-2020-1971. + Synapse administrators should ensure that they have the + latest versions of the cryptography Python package installed. + - Features + - Add admin API for logging in as a user. (#8617) + - Allow specification of the SAML IdP if the metadata returns + multiple IdPs. (#8630) + - Add support for re-trying generation of a localpart for + OpenID Connect mapping providers. (#8801, #8855) + - Allow the Date header through CORS. Contributed by Nicolas + Chamo. (#8804) + - Add a config option, push.group_by_unread_count, which + controls whether unread message counts in push notifications + are defined as "the number of rooms with unread messages" or + "total unread messages". (#8820) + - Add force_purge option to delete-room admin api. (#8843) + - Bugfixes + - Fix a regression in v1.24.0rc1 which failed to allow SAML + mapping providers which were unable to redirect users to an + additional page. (#8878) + - Fix a bug where appservices may be sent an excessive amount + of read receipts and presence. Broke in v1.22.0. (#8744) + - Fix a bug in some federation APIs which could lead to + unexpected behaviour if different parameters were set in the + URI and the request body. (#8776) + - Fix a bug where synctl could spawn duplicate copies of a + worker. Contributed by Waylon Cude. (#8798) + - Allow per-room profiles to be used for the server notice + user. (#8799) + - Fix a bug where logging could break after a call to SIGHUP. + (#8817) + - Fix register_new_matrix_user failing with "Bad Request" when + trailing slash is included in server URL. Contributed by + @angdraug. (#8823) + - Fix a minor long-standing bug in login, where we would offer + the password login type if a custom auth provider supported + it, even if password login was disabled. (#8835) + - Fix a long-standing bug which caused Synapse to require + unspecified parameters during user-interactive + authentication. (#8848) + - Fix a bug introduced in v1.20.0 where the user-agent and IP + address reported during user registration for CAS, OpenID + Connect, and SAML were of the wrong form. (#8784) + - Improved Documentation + - Clarify the usecase for a msisdn delegate. Contributed by + Adrian Wannenmacher. (#8734) + - Remove extraneous comma from JSON example in User Admin API + docs. (#8771) + - Update turn-howto.md with troubleshooting notes. (#8779) + - Fix the example on how to set the Content-Type header in + nginx for the Client Well-Known URI. (#8793) + - Improve the documentation for the admin API to list all media + in a room with respect to encrypted events. (#8795) + - Update the formatting of the push section of the homeserver + config file to better align with the code style guidelines. + (#8818) + - Improve documentation how to configure prometheus for + workers. (#8822) + - Update example prometheus console. (#8824) + - Deprecations and Removals + - Remove old /_matrix/client/*/admin endpoints which were + deprecated since Synapse 1.20.0. (#8785) + - Disable pretty printing JSON responses for curl. Users who + want pretty-printed output should use jq in combination with + curl. Contributed by @tulir. (#8833) + - Internal Changes + - Add a maximum version for pysaml2 on Python 3.5. (#8898) + - Add support for the prometheus_client newer than 0.9.0. + Contributed by Jordan Bancino. (#8875) + - Simplify the way the HomeServer object caches its internal + attributes. (#8565, #8851) + - Add an example and documentation for clock skew to the SAML2 + sample configuration to allow for clock/time difference + between the homserver and IdP. Contributed by @localguru. + (#8731) + - Generalise RoomMemberHandler._locally_reject_invite to apply + to more flows than just invite. (#8751) + - Generalise RoomStore.maybe_store_room_on_invite to handle + other, non-invite membership events. (#8754) + - Refactor test utilities for injecting HTTP requests. (#8757, + #8758, #8759, #8760, #8761, #8777) + - Consolidate logic between the OpenID Connect and SAML code. + (#8765) + - Use TYPE_CHECKING instead of magic MYPY variable. (#8770) + - Add a commandline script to sign arbitrary json objects. + (#8772) + - Minor log line improvements for the SSO mapping code used to + generate Matrix IDs from SSO IDs. (#8773) + - Add additional error checking for OpenID Connect and SAML + mapping providers. (#8774, #8800) + - Add type hints to HTTP abstractions. (#8806, #8812) + - Remove unnecessary function arguments and add typing to + several membership replication classes. (#8809) + - Optimise the lookup for an invite from another homeserver + when trying to reject it. (#8815) + - Add tests for password_auth_providers. (#8819) + - Drop redundant database index on event_json. (#8845) + - Simplify uk.half-shot.msc2778.login.application_service login + handler. (#8847) + - Refactor password_auth_provider support code. (#8849) + - Add missing ordering to background database updates. (#8850) + - Allow for specifying a room version when creating a room in + unit tests via RestHelper.create_room_as. (#8854) + +------------------------------------------------------------------- +Wed Nov 18 13:59:26 UTC 2020 - Marcus Rueckert <[email protected]> + +- Update to 1.23.0 + This release changes the way structured logging is configured. + See the [upgrade notes](UPGRADE.rst#upgrading-to-v1230) for details. + + Note: We are aware of a trivially exploitable denial of service + vulnerability in versions of Synapse prior to 1.20.0. Complete + details will be disclosed on Monday, November 23rd. If you have + not upgraded recently, please do so. + + - Features + - Add a push rule that highlights when a jitsi conference is + created in a room. (#8286) + - Add an admin api to delete a single file or files that were + not used for a defined time from server. Contributed by + @dklimpel. (#8519) + - Split admin API for reported events (GET + /_synapse/admin/v1/event_reports) into detail and list + endpoints. This is a breaking change to #8217 which was + introduced in Synapse v1.21.0. Those who already use this API + should check their scripts. Contributed by @dklimpel. (#8539) + - Support generating structured logs via the standard logging + configuration. (#8607, #8685) + - Add an admin API to allow server admins to list users' + pushers. Contributed by @dklimpel. (#8610, #8689) + - Add an admin API GET /_synapse/admin/v1/users/<user_id>/media + to get information about uploaded media. Contributed by + @dklimpel. (#8647) + - Add an admin API for local user media statistics. Contributed + by @dklimpel. (#8700) + - Add displayname to Shared-Secret Registration for admins. + (#8722) + - Bugfixes + - Fix fetching of E2E cross signing keys over federation when + only one of the master key and device signing key is cached + already. (#8455) + - Fix a bug where Synapse would blindly forward bad responses + from federation to clients when retrieving profile + information. (#8580) + - Fix a bug where the account validity endpoint would silently + fail if the user ID did not have an expiration time. It now + returns a 400 error. (#8620) + - Fix email notifications for invites without local state. + (#8627) + - Fix handling of invalid group IDs to return a 400 rather than + log an exception and return a 500. (#8628) + - Fix handling of User-Agent headers that are invalid UTF-8, + which caused user agents of users to not get correctly + recorded. (#8632) + - Fix a bug in the joined_rooms admin API if the user has never + joined any rooms. The bug was introduced, along with the API, + in v1.21.0. (#8643) + - Fix exception during handling multiple concurrent requests + for remote media when using multiple media repositories. + (#8682) + - Fix bug that prevented Synapse from recovering after losing + connection to the database. (#8726) + - Fix bug where the /_synapse/admin/v1/send_server_notice API + could send notices to non-notice rooms. (#8728) + - Fix PostgreSQL port script fails when DB has no backfilled + events. Broke in v1.21.0. (#8729) + - Fix PostgreSQL port script to correctly handle foreign key + constraints. Broke in v1.21.0. (#8730) + - Fix PostgreSQL port script so that it can be run again after + a failure. Broke in v1.21.0. (#8755) + - Improved Documentation + - Instructions for Azure AD in the OpenID Connect + documentation. Contributed by peterk. (#8582) + - Improve the sample configuration for single sign-on + providers. (#8635) + - Fix the filepath of Dex's example config and the link to + Dex's Getting Started guide in the OpenID Connect docs. + (#8657) + - Note support for Python 3.9. (#8665) + - Minor updates to docs on running tests. (#8666) + - Interlink prometheus/grafana documentation. (#8667) + - Notes on SSO logins and media_repository worker. (#8701) ++++ 64 more lines (skipped) ++++ between /work/SRC/openSUSE:Factory/matrix-synapse/matrix-synapse.changes ++++ and /work/SRC/openSUSE:Factory/.matrix-synapse.new.2328/matrix-synapse.changes Old: ---- matrix-synapse-1.22.1.obscpio New: ---- matrix-synapse-1.24.0.obscpio ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ matrix-synapse-test.spec ++++++ --- /var/tmp/diff_new_pack.zsVOkb/_old 2020-12-09 22:12:40.475143264 +0100 +++ /var/tmp/diff_new_pack.zsVOkb/_new 2020-12-09 22:12:40.475143264 +0100 @@ -32,7 +32,7 @@ %define pkgname matrix-synapse Name: %{pkgname}-test -Version: 1.22.1 +Version: 1.24.0 Release: 0 Summary: Test package for %{pkgname} License: Apache-2.0 ++++++ matrix-synapse.spec ++++++ --- /var/tmp/diff_new_pack.zsVOkb/_old 2020-12-09 22:12:40.503143293 +0100 +++ /var/tmp/diff_new_pack.zsVOkb/_new 2020-12-09 22:12:40.507143297 +0100 @@ -48,7 +48,7 @@ %define modname synapse %define pkgname matrix-synapse Name: %{pkgname} -Version: 1.22.1 +Version: 1.24.0 Release: 0 Summary: Matrix protocol reference homeserver License: Apache-2.0 @@ -106,7 +106,7 @@ %requires_eq python3-netaddr BuildRequires: python3-phonenumbers >= 8.2.0 %requires_eq python3-phonenumbers -BuildRequires: (python3-prometheus_client >= 0.4.0 with python3-prometheus_client < 0.9.0) +BuildRequires: python3-prometheus_client >= 0.4.0 %requires_eq python3-prometheus_client BuildRequires: python3-psutil >= 2.0.0 %requires_eq python3-psutil ++++++ _service ++++++ --- /var/tmp/diff_new_pack.zsVOkb/_old 2020-12-09 22:12:40.551143342 +0100 +++ /var/tmp/diff_new_pack.zsVOkb/_new 2020-12-09 22:12:40.555143345 +0100 @@ -4,7 +4,7 @@ <param name="versionformat">@PARENT_TAG@</param> <param name="url">https://github.com/matrix-org/synapse.git</param> <param name="scm">git</param> - <param name="revision">v1.22.1</param> + <param name="revision">v1.24.0</param> <param name="versionrewrite-pattern">v(.*)</param> <param name="versionrewrite-replacement">\1</param> <!-- ++++++ matrix-synapse-1.22.1.obscpio -> matrix-synapse-1.24.0.obscpio ++++++ /work/SRC/openSUSE:Factory/matrix-synapse/matrix-synapse-1.22.1.obscpio /work/SRC/openSUSE:Factory/.matrix-synapse.new.2328/matrix-synapse-1.24.0.obscpio differ: char 49, line 1 ++++++ matrix-synapse.obsinfo ++++++ --- /var/tmp/diff_new_pack.zsVOkb/_old 2020-12-09 22:12:40.607143399 +0100 +++ /var/tmp/diff_new_pack.zsVOkb/_new 2020-12-09 22:12:40.611143402 +0100 @@ -1,5 +1,5 @@ name: matrix-synapse -version: 1.22.1 -mtime: 1604072013 -commit: b176f1036a247959f64378f3f3fa4b5175b3b5e9 +version: 1.24.0 +mtime: 1607512044 +commit: 9b26a4ac87cead4846c5bada73927cc2a6353a90 _______________________________________________ openSUSE Commits mailing list -- [email protected] To unsubscribe, email [email protected] List Netiquette: https://en.opensuse.org/openSUSE:Mailing_list_netiquette List Archives: https://lists.opensuse.org/archives/list/[email protected]
