commit matrix-synapse for openSUSE:Factory

Source-Sync Tue, 31 Aug 2021 10:57:18 -0700

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package matrix-synapse for openSUSE:Factory 
checked in at 2021-08-31 19:55:52
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/matrix-synapse (Old)
 and      /work/SRC/openSUSE:Factory/.matrix-synapse.new.1899 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "matrix-synapse"

Tue Aug 31 19:55:52 2021 rev:42 rq:915283 version:1.41.1

Changes:
--------
--- /work/SRC/openSUSE:Factory/matrix-synapse/matrix-synapse.changes    
2021-08-25 20:59:30.601058648 +0200
+++ /work/SRC/openSUSE:Factory/.matrix-synapse.new.1899/matrix-synapse.changes  
2021-08-31 19:56:57.770060865 +0200
@@ -1,0 +2,44 @@
+Tue Aug 31 14:21:51 UTC 2021 - Marcus Rueckert <mrueck...@suse.de>
+
+- Update to 1.41.1
+  Due to the two security issues highlighted below, server
+  administrators are encouraged to update Synapse. We are not aware
+  of these vulnerabilities being exploited in the wild.
+
+  - Security advisory
+    The following issues are fixed in v1.41.1.
+
+    - GHSA-3x4c-pq33-4w3q / CVE-2021-39164: Enumerating a private
+      room's list of members and their display names.
+
+      If an unauthorized user both knows the Room ID of a private
+      room and that room's history visibility is set to shared,
+      then they may be able to enumerate the room's members,
+      including their display names.
+
+      The unauthorized user must be on the same homeserver as a
+      user who is a member of the target room.
+
+      Fixed by 52c7a51cf.
+
+    - GHSA-jj53-8fmw-f2w2 / CVE-2021-39163: Disclosing a private
+      room's name, avatar, topic, and number of members.
+
+      If an unauthorized user knows the Room ID of a private room,
+      then its name, avatar, topic, and number of members may be
+      disclosed through Group / Community features.
+
+      The unauthorized user must be on the same homeserver as a
+      user who is a member of the target room, and their homeserver
+      must allow non-administrators to create groups
+      (enable_group_creation in the Synapse configuration; off by
+      default).
+
+      Fixed by cb35df940a, #10723.
+
+  - Bugfixes
+    - Fix a regression introduced in Synapse 1.41 which broke email
+      transmission on systems using older versions of the Twisted
+      library. (#10713)
+
+-------------------------------------------------------------------

Old:
----
  matrix-synapse-1.41.0.obscpio

New:
----
  matrix-synapse-1.41.1.obscpio

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ matrix-synapse-test.spec ++++++
--- /var/tmp/diff_new_pack.vIAbYq/_old  2021-08-31 19:56:58.522061906 +0200
+++ /var/tmp/diff_new_pack.vIAbYq/_new  2021-08-31 19:56:58.530061917 +0200
@@ -27,7 +27,7 @@
 
 %define         pkgname matrix-synapse
 Name:           %{pkgname}-test
-Version:        1.41.0
+Version:        1.41.1
 Release:        0
 Summary:        Test package for %{pkgname}
 License:        Apache-2.0

++++++ matrix-synapse.spec ++++++
--- /var/tmp/diff_new_pack.vIAbYq/_old  2021-08-31 19:56:58.562061961 +0200
+++ /var/tmp/diff_new_pack.vIAbYq/_new  2021-08-31 19:56:58.566061967 +0200
@@ -47,7 +47,7 @@
 %define         pkgname matrix-synapse
 %define         eggname matrix_synapse
 Name:           %{pkgname}
-Version:        1.41.0
+Version:        1.41.1
 Release:        0
 Summary:        Matrix protocol reference homeserver
 License:        Apache-2.0

++++++ _service ++++++
--- /var/tmp/diff_new_pack.vIAbYq/_old  2021-08-31 19:56:58.626062050 +0200
+++ /var/tmp/diff_new_pack.vIAbYq/_new  2021-08-31 19:56:58.630062055 +0200
@@ -4,7 +4,7 @@
     <param name="versionformat">@PARENT_TAG@</param>
     <param name="url">https://github.com/matrix-org/synapse.git</param>
     <param name="scm">git</param>
-    <param name="revision">v1.41.0</param>
+    <param name="revision">v1.41.1</param>
     <param name="versionrewrite-pattern">v(.*)</param>
     <param name="versionrewrite-replacement">\1</param>
     <!--

++++++ matrix-synapse-1.41.0.obscpio -> matrix-synapse-1.41.1.obscpio ++++++
/work/SRC/openSUSE:Factory/matrix-synapse/matrix-synapse-1.41.0.obscpio 
/work/SRC/openSUSE:Factory/.matrix-synapse.new.1899/matrix-synapse-1.41.1.obscpio
 differ: char 50, line 1

++++++ matrix-synapse.obsinfo ++++++
--- /var/tmp/diff_new_pack.vIAbYq/_old  2021-08-31 19:56:58.710062166 +0200
+++ /var/tmp/diff_new_pack.vIAbYq/_new  2021-08-31 19:56:58.714062172 +0200
@@ -1,5 +1,5 @@
 name: matrix-synapse
-version: 1.41.0
-mtime: 1629817593
-commit: f03cafb50c49a1569f1f99485f9cc42abfdc7b21
+version: 1.41.1
+mtime: 1630413808
+commit: a4c8a2f08b735266fbbe2f259e640f00dc5e3a00

commit matrix-synapse for openSUSE:Factory

Reply via email to