Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package matrix-synapse for openSUSE:Factory
checked in at 2024-07-31 13:30:11
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/matrix-synapse (Old)
and /work/SRC/openSUSE:Factory/.matrix-synapse.new.7232 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "matrix-synapse"
Wed Jul 31 13:30:11 2024 rev:105 rq:1190513 version:1.112.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/matrix-synapse/matrix-synapse.changes
2024-07-17 15:15:09.898098228 +0200
+++ /work/SRC/openSUSE:Factory/.matrix-synapse.new.7232/matrix-synapse.changes
2024-07-31 13:30:38.239113801 +0200
@@ -1,0 +2,115 @@
+Tue Jul 30 17:07:03 UTC 2024 - Marcus Rueckert <mrueck...@suse.de>
+
+- Update to 1.112.0 (boo#1228596)
+
+ The actual security fix will be in the python3x-Twisted package:
+
+ This security release is to update our locked dependency on
+ Twisted to 24.7.0rc1, which includes a security fix for
+ CVE-2024-41671 / GHSA-c8m8-j448-xjx7: Disordered HTTP pipeline
+ response in twisted.web, again.
+
+ Note that this security fix is also available as Synapse 1.111.1,
+ which does not include the rest of the changes in Synapse
+ 1.112.0.
+
+ This issue means that, if multiple HTTP requests are pipelined in
+ the same TCP connection, Synapse can send responses to the wrong
+ HTTP request. If a reverse proxy was configured to use HTTP
+ pipelining, this could result in responses being sent to the
+ wrong user, severely harming confidentiality.
+
+ With that said, despite being a high severity issue, we consider
+ it unlikely that Synapse installations will be affected. The use
+ of HTTP pipelining in this fashion would cause worse performance
+ for clients (request-response latencies would be increased as
+ users' responses would be artificially blocked behind other
+ users' slow requests). Further, Nginx and Haproxy, two common
+ reverse proxies, do not appear to support configuring their
+ upstreams to use HTTP pipelining and thus would not be affected.
+ For both of these reasons, we consider it unlikely that a Synapse
+ deployment would be set up in such a configuration.
+
+ Despite that, we cannot rule out that some installations may
+ exist with this unusual setup and so we are releasing this
+ security update today.
+
+ pip users: Note that by default, upgrading Synapse using pip will
+ not automatically upgrade Twisted. Please manually install the
+ new version of Twisted using pip install Twisted==24.7.0rc1. Note
+ also that even the --upgrade-strategy=eager flag to pip install
+ -U matrix-synapse will not upgrade Twisted to a patched version
+ because it is only a release candidate at this time.
+
+ - Features
+ - Add to-device extension support to experimental MSC3575
+ Sliding Sync /sync endpoint. (#17416)
+ - Populate name/avatar fields in experimental MSC3575 Sliding
+ Sync /sync endpoint. (#17418)
+ - Populate heroes and room summary fields (joined_count,
+ invited_count) in experimental MSC3575 Sliding Sync /sync
+ endpoint. (#17419)
+ - Populate is_dm room field in experimental MSC3575 Sliding
+ Sync /sync endpoint. (#17429)
+ - Add room subscriptions to experimental MSC3575 Sliding Sync
+ /sync endpoint. (#17432)
+ - Prepare for authenticated media freeze. (#17433)
+ - Add E2EE extension support to experimental MSC3575 Sliding
+ Sync /sync endpoint. (#17454)
+ - Bugfixes
+ - Add configurable option to always include offline users in
+ presence sync results. Contributed by @Michael-Hollister.
+ (#17231)
+ - Fix bug in experimental MSC3575 Sliding Sync /sync endpoint
+ when using room type filters and the user has one or more
+ remote invites. (#17434)
+ - Order heroes by stream_ordering as the Matrix specification
+ states (applies to /sync). (#17435)
+ - Fix rare bug where /sync would break for a user when using
+ workers with multiple stream writers. (#17438)
+ - Improved Documentation
+ - Update the readme image to have a white background, so that
+ it is readable in dark mode. (#17387)
+ - Add Red Hat Enterprise Linux and Rocky Linux 8 and 9
+ installation instructions. (#17423)
+ - Improve documentation for the
+ default_power_level_content_override config option. (#17451)
+ - Internal Changes
+ - Make sure we always use the right logic for enabling the
+ media repo. (#17424)
+ - Fix argument documentation for method
+ RateLimiter.record_action. (#17426)
+ - Reduce volume of 'Waiting for current token' logs, which were
+ introduced in v1.109.0. (#17428)
+ - Limit concurrent remote downloads to 6 per IP address, and
+ decrement remote downloads without a content-length from the
+ ratelimiter after the download is complete. (#17439)
+ - Remove unnecessary call to resume producing in fake channel.
+ (#17449)
+ - Update experimental MSC3575 Sliding Sync /sync endpoint to
+ bump room when it is created. (#17453)
+ - Speed up generating sliding sync responses. (#17458)
+ - Add cache to get_rooms_for_local_user_where_membership_is to
+ speed up sliding sync. (#17460)
+ - Speed up fetching room keys from backup. (#17461)
+ - Speed up sorting of the room list in sliding sync. (#17468)
+ - Implement handling of $ME as a state key in sliding sync.
+ (#17469)
+ - Updates to locked dependencies
+ - Bump bytes from 1.6.0 to 1.6.1. (#17441)
+ - Bump hiredis from 2.3.2 to 3.0.0. (#17464)
+ - Bump jsonschema from 4.22.0 to 4.23.0. (#17444)
+ - Bump matrix-org/done-action from 2 to 3. (#17440)
+ - Bump mypy from 1.9.0 to 1.10.1. (#17445)
+ - Bump pyopenssl from 24.1.0 to 24.2.1. (#17465)
+ - Bump ruff from 0.5.0 to 0.5.4. (#17466)
+ - Bump sentry-sdk from 2.6.0 to 2.8.0. (#17456)
+ - Bump sentry-sdk from 2.8.0 to 2.10.0. (#17467)
+ - Bump setuptools from 67.6.0 to 70.0.0. (#17448)
+ - Bump twine from 5.1.0 to 5.1.1. (#17443)
+ - Bump types-jsonschema from 4.22.0.20240610 to
+ 4.23.0.20240712. (#17446)
+ - Bump ulid from 1.1.2 to 1.1.3. (#17442)
+ - Bump zipp from 3.15.0 to 3.19.1. (#17427)
+
+-------------------------------------------------------------------
Old:
----
matrix-synapse-1.111.0.obscpio
New:
----
matrix-synapse-1.112.0.obscpio
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ matrix-synapse-test.spec ++++++
--- /var/tmp/diff_new_pack.yVH2W3/_old 2024-07-31 13:30:39.531166863 +0200
+++ /var/tmp/diff_new_pack.yVH2W3/_new 2024-07-31 13:30:39.531166863 +0200
@@ -27,7 +27,7 @@
%define pkgname matrix-synapse
Name: %{pkgname}-test
-Version: 1.111.0
+Version: 1.112.0
Release: 0
Summary: Test package for %{pkgname}
License: AGPL-3.0-or-later
++++++ matrix-synapse.spec ++++++
--- /var/tmp/diff_new_pack.yVH2W3/_old 2024-07-31 13:30:39.559168012 +0200
+++ /var/tmp/diff_new_pack.yVH2W3/_new 2024-07-31 13:30:39.559168012 +0200
@@ -21,8 +21,7 @@
# NOTE: Keep this is in the same order as pyproject.toml.
%if %{with use_poetry_for_dependencies}
%global Jinja2_version 3.1.4
-# TODO: 10.4.0
-%global Pillow_version 10.3.0
+%global Pillow_version 10.4.0
%global PyYAML_version 6.0.1
%global attrs_version 23.2.0
%global bcrypt_version 4.1.3
@@ -42,6 +41,7 @@
%global phonenumbers_version 8.13.39
%global prometheus_client_version 0.20.0
%global psutil_version 2.0.0
+# todo: 24.2.1
%global pyOpenSSL_version 24.1.0
%global pyasn1_version 0.6.0
%global pyasn1_modules_version 0.3.0
@@ -60,10 +60,11 @@
%global pysaml2_version 7.3.1
%global Authlib_version 1.3.1
%global lxml_version 5.2.2
-%global sentry_sdk_version 2.6.0
+%global sentry_sdk_version 2.10.0
%global PyJWT_version 2.6.0
%global jaeger_client_version 4.8.0
%global opentracing_version 2.4.0
+# todo: 3.0.0
%global hiredis_version 2.3.2
%global txredisapi_version 1.4.10
%global Pympler_version 1.0.1
@@ -153,7 +154,7 @@
%define pkgname matrix-synapse
%define eggname matrix_synapse
Name: %{pkgname}
-Version: 1.111.0
+Version: 1.112.0
Release: 0
Summary: Matrix protocol reference homeserver
License: AGPL-3.0-or-later
++++++ _service ++++++
--- /var/tmp/diff_new_pack.yVH2W3/_old 2024-07-31 13:30:39.615170312 +0200
+++ /var/tmp/diff_new_pack.yVH2W3/_new 2024-07-31 13:30:39.619170477 +0200
@@ -4,11 +4,11 @@
<param name="versionformat">@PARENT_TAG@</param>
<param name="url">https://github.com/element-hq/synapse.git</param>
<param name="scm">git</param>
- <param name="revision">v1.111.0</param>
+ <param name="revision">v1.112.0</param>
<param name="versionrewrite-pattern">v(.*)</param>
<param name="versionrewrite-replacement">\1</param>
<!--
- <param name="revision">v1.112.0rc1</param>
+ <param name="revision">v1.113.0rc1</param>
<param name="versionrewrite-pattern">v([\.\d]+)(rc.*)</param>
<param name="versionrewrite-replacement">\1~\2</param>
-->
++++++ matrix-synapse-1.111.0.obscpio -> matrix-synapse-1.112.0.obscpio ++++++
/work/SRC/openSUSE:Factory/matrix-synapse/matrix-synapse-1.111.0.obscpio
/work/SRC/openSUSE:Factory/.matrix-synapse.new.7232/matrix-synapse-1.112.0.obscpio
differ: char 49, line 1
++++++ matrix-synapse.obsinfo ++++++
--- /var/tmp/diff_new_pack.yVH2W3/_old 2024-07-31 13:30:39.671172612 +0200
+++ /var/tmp/diff_new_pack.yVH2W3/_new 2024-07-31 13:30:39.675172777 +0200
@@ -1,5 +1,5 @@
name: matrix-synapse
-version: 1.111.0
-mtime: 1721127326
-commit: 574aa53126c238148189f80b37b2ad14052cc429
+version: 1.112.0
+mtime: 1722356649
+commit: 37f9876ccfdd9963cda4ff802882b9eec037877a
++++++ vendor.tar.zst ++++++
/work/SRC/openSUSE:Factory/matrix-synapse/vendor.tar.zst
/work/SRC/openSUSE:Factory/.matrix-synapse.new.7232/vendor.tar.zst differ: char
425562, line 1803
