Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package matrix-synapse for openSUSE:Factory checked in at 2022-06-29 16:01:34 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/matrix-synapse (Old) and /work/SRC/openSUSE:Factory/.matrix-synapse.new.1548 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "matrix-synapse" Wed Jun 29 16:01:34 2022 rev:65 rq:985628 version:1.61.1 Changes: -------- --- /work/SRC/openSUSE:Factory/matrix-synapse/matrix-synapse.changes 2022-06-24 09:45:14.317674009 +0200 +++ /work/SRC/openSUSE:Factory/.matrix-synapse.new.1548/matrix-synapse.changes 2022-06-29 16:02:50.348740976 +0200 @@ -1,0 +2,39 @@ +Tue Jun 28 15:55:03 UTC 2022 - Marcus Rueckert <mrueck...@suse.de> + +- Update to 1.61.1 + This patch release fixes a security issue regarding URL previews, + affecting all prior versions of Synapse. Server administrators + are encouraged to update Synapse as soon as possible. We are not + aware of these vulnerabilities being exploited in the wild. + + Server administrators who are unable to update Synapse may use + the workarounds described in the linked GitHub Security Advisory + below. + + The following issue is fixed in 1.61.1. + + GHSA-22p3-qrh9-cx32 / CVE-2022-31052 + + Synapse instances with the url_preview_enabled homeserver config + option set to true are affected. URL previews of some web pages + can lead to unbounded recursion, causing the request to either + fail, or in some cases crash the running Synapse process. + + Requesting URL previews requires authentication. Nevertheless, it + is possible to exploit this maliciously, either by malicious + users on the homeserver, or by remote users sending URLs that a + local user's client may automatically request a URL preview for. + + Homeservers with the url_preview_enabled configuration option set + to false (the default) are unaffected. Instances with the + enable_media_repo configuration option set to false are also + unaffected, as this also disables URL preview functionality. + + Fixed by fa1308061802ac7b7d20e954ba7372c5ac292333. + +------------------------------------------------------------------- +Fri Jun 17 10:00:40 UTC 2022 - Marcus Rueckert <mrueck...@suse.de> + +- force python 3.10 on TW + +------------------------------------------------------------------- Old: ---- matrix-synapse-1.61.0.obscpio New: ---- matrix-synapse-1.61.1.obscpio ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ matrix-synapse-test.spec ++++++ --- /var/tmp/diff_new_pack.ymBriS/_old 2022-06-29 16:02:51.012741861 +0200 +++ /var/tmp/diff_new_pack.ymBriS/_new 2022-06-29 16:02:51.016741866 +0200 @@ -27,7 +27,7 @@ %define pkgname matrix-synapse Name: %{pkgname}-test -Version: 1.61.0 +Version: 1.61.1 Release: 0 Summary: Test package for %{pkgname} License: Apache-2.0 ++++++ matrix-synapse.spec ++++++ --- /var/tmp/diff_new_pack.ymBriS/_old 2022-06-29 16:02:51.036741893 +0200 +++ /var/tmp/diff_new_pack.ymBriS/_new 2022-06-29 16:02:51.040741898 +0200 @@ -140,14 +140,14 @@ #define use_python python38 #define __python3 #{_bindir}/python3 #else -%define use_python python3 +%define use_python python310 #endif %define modname synapse %define pkgname matrix-synapse %define eggname matrix_synapse Name: %{pkgname} -Version: 1.61.0 +Version: 1.61.1 Release: 0 Summary: Matrix protocol reference homeserver License: Apache-2.0 ++++++ _service ++++++ --- /var/tmp/diff_new_pack.ymBriS/_old 2022-06-29 16:02:51.080741951 +0200 +++ /var/tmp/diff_new_pack.ymBriS/_new 2022-06-29 16:02:51.084741956 +0200 @@ -4,7 +4,7 @@ <param name="versionformat">@PARENT_TAG@</param> <param name="url">https://github.com/matrix-org/synapse.git</param> <param name="scm">git</param> - <param name="revision">v1.61.0</param> + <param name="revision">v1.61.1</param> <param name="versionrewrite-pattern">v(.*)</param> <param name="versionrewrite-replacement">\1</param> <!-- ++++++ matrix-synapse-1.61.0.obscpio -> matrix-synapse-1.61.1.obscpio ++++++ /work/SRC/openSUSE:Factory/matrix-synapse/matrix-synapse-1.61.0.obscpio /work/SRC/openSUSE:Factory/.matrix-synapse.new.1548/matrix-synapse-1.61.1.obscpio differ: char 49, line 1 ++++++ matrix-synapse.obsinfo ++++++ --- /var/tmp/diff_new_pack.ymBriS/_old 2022-06-29 16:02:51.136742026 +0200 +++ /var/tmp/diff_new_pack.ymBriS/_new 2022-06-29 16:02:51.136742026 +0200 @@ -1,5 +1,5 @@ name: matrix-synapse -version: 1.61.0 -mtime: 1655204205 -commit: b8bf61230c0d51231429b2d15973a8fd1cd76906 +version: 1.61.1 +mtime: 1656423666 +commit: 09d89ddc1f875bb1ea835a7614980787d4ebd043