commit matrix-synapse for openSUSE:Factory

Source-Sync Wed, 29 Jun 2022 07:03:02 -0700

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package matrix-synapse for openSUSE:Factory 
checked in at 2022-06-29 16:01:34
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/matrix-synapse (Old)
 and      /work/SRC/openSUSE:Factory/.matrix-synapse.new.1548 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "matrix-synapse"

Wed Jun 29 16:01:34 2022 rev:65 rq:985628 version:1.61.1

Changes:
--------
--- /work/SRC/openSUSE:Factory/matrix-synapse/matrix-synapse.changes    
2022-06-24 09:45:14.317674009 +0200
+++ /work/SRC/openSUSE:Factory/.matrix-synapse.new.1548/matrix-synapse.changes  
2022-06-29 16:02:50.348740976 +0200
@@ -1,0 +2,39 @@
+Tue Jun 28 15:55:03 UTC 2022 - Marcus Rueckert <mrueck...@suse.de>
+
+- Update to 1.61.1
+  This patch release fixes a security issue regarding URL previews,
+  affecting all prior versions of Synapse. Server administrators
+  are encouraged to update Synapse as soon as possible. We are not
+  aware of these vulnerabilities being exploited in the wild.
+
+  Server administrators who are unable to update Synapse may use
+  the workarounds described in the linked GitHub Security Advisory
+  below.
+
+  The following issue is fixed in 1.61.1.
+
+  GHSA-22p3-qrh9-cx32 / CVE-2022-31052
+
+  Synapse instances with the url_preview_enabled homeserver config
+  option set to true are affected. URL previews of some web pages
+  can lead to unbounded recursion, causing the request to either
+  fail, or in some cases crash the running Synapse process.
+
+  Requesting URL previews requires authentication. Nevertheless, it
+  is possible to exploit this maliciously, either by malicious
+  users on the homeserver, or by remote users sending URLs that a
+  local user's client may automatically request a URL preview for.
+
+  Homeservers with the url_preview_enabled configuration option set
+  to false (the default) are unaffected. Instances with the
+  enable_media_repo configuration option set to false are also
+  unaffected, as this also disables URL preview functionality.
+
+  Fixed by fa1308061802ac7b7d20e954ba7372c5ac292333.
+
+-------------------------------------------------------------------
+Fri Jun 17 10:00:40 UTC 2022 - Marcus Rueckert <mrueck...@suse.de>
+
+- force python 3.10 on TW
+
+-------------------------------------------------------------------

Old:
----
  matrix-synapse-1.61.0.obscpio

New:
----
  matrix-synapse-1.61.1.obscpio

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ matrix-synapse-test.spec ++++++
--- /var/tmp/diff_new_pack.ymBriS/_old  2022-06-29 16:02:51.012741861 +0200
+++ /var/tmp/diff_new_pack.ymBriS/_new  2022-06-29 16:02:51.016741866 +0200
@@ -27,7 +27,7 @@
 
 %define         pkgname matrix-synapse
 Name:           %{pkgname}-test
-Version:        1.61.0
+Version:        1.61.1
 Release:        0
 Summary:        Test package for %{pkgname}
 License:        Apache-2.0

++++++ matrix-synapse.spec ++++++
--- /var/tmp/diff_new_pack.ymBriS/_old  2022-06-29 16:02:51.036741893 +0200
+++ /var/tmp/diff_new_pack.ymBriS/_new  2022-06-29 16:02:51.040741898 +0200
@@ -140,14 +140,14 @@
 #define use_python python38
 #define __python3 #{_bindir}/python3
 #else
-%define use_python python3
+%define use_python python310
 #endif
 
 %define         modname synapse
 %define         pkgname matrix-synapse
 %define         eggname matrix_synapse
 Name:           %{pkgname}
-Version:        1.61.0
+Version:        1.61.1
 Release:        0
 Summary:        Matrix protocol reference homeserver
 License:        Apache-2.0

++++++ _service ++++++
--- /var/tmp/diff_new_pack.ymBriS/_old  2022-06-29 16:02:51.080741951 +0200
+++ /var/tmp/diff_new_pack.ymBriS/_new  2022-06-29 16:02:51.084741956 +0200
@@ -4,7 +4,7 @@
     <param name="versionformat">@PARENT_TAG@</param>
     <param name="url">https://github.com/matrix-org/synapse.git</param>
     <param name="scm">git</param>
-    <param name="revision">v1.61.0</param>
+    <param name="revision">v1.61.1</param>
     <param name="versionrewrite-pattern">v(.*)</param>
     <param name="versionrewrite-replacement">\1</param>
     <!--

++++++ matrix-synapse-1.61.0.obscpio -> matrix-synapse-1.61.1.obscpio ++++++
/work/SRC/openSUSE:Factory/matrix-synapse/matrix-synapse-1.61.0.obscpio 
/work/SRC/openSUSE:Factory/.matrix-synapse.new.1548/matrix-synapse-1.61.1.obscpio
 differ: char 49, line 1

++++++ matrix-synapse.obsinfo ++++++
--- /var/tmp/diff_new_pack.ymBriS/_old  2022-06-29 16:02:51.136742026 +0200
+++ /var/tmp/diff_new_pack.ymBriS/_new  2022-06-29 16:02:51.136742026 +0200
@@ -1,5 +1,5 @@
 name: matrix-synapse
-version: 1.61.0
-mtime: 1655204205
-commit: b8bf61230c0d51231429b2d15973a8fd1cd76906
+version: 1.61.1
+mtime: 1656423666
+commit: 09d89ddc1f875bb1ea835a7614980787d4ebd043

commit matrix-synapse for openSUSE:Factory

Reply via email to