Hello community, here is the log from the commit of package matrix-synapse for openSUSE:Factory checked in at 2018-05-06 15:01:51 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/matrix-synapse (Old) and /work/SRC/openSUSE:Factory/.matrix-synapse.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "matrix-synapse" Sun May 6 15:01:51 2018 rev:7 rq:604023 version:0.28.1 Changes: -------- --- /work/SRC/openSUSE:Factory/matrix-synapse/matrix-synapse.changes 2018-04-30 22:56:33.873658889 +0200 +++ /work/SRC/openSUSE:Factory/.matrix-synapse.new/matrix-synapse.changes 2018-05-06 15:02:01.983782670 +0200 @@ -1,0 +2,52 @@ +Fri May 4 11:18:46 UTC 2018 - ok...@suse.com + +- Update to version v0.28.1: + * SECURITY UPDATE + Clamp the allowed values of event depth received over federation to be + [0, 2^63 - 1]. This mitigates an attack where malicious events + injected with depth = 2^63 - 1 render rooms unusable. Depth is used to + determine the cosmetic ordering of events within a room, and so the ordering + of events in such a room will default to using stream_ordering rather than depth + (topological_ordering). + + This is a temporary solution to mitigate abuse in the wild, whilst a long term solution + is being implemented to improve how the depth parameter is used. + + Full details at + https://docs.google.com/document/d/1I3fi2S-XnpO45qrpCsowZv8P8dHcNZ4fsBsbOW7KABI/edit# + + Pin Twisted to <18.4 until we stop using the private _OpenSSLECCurve API. + + * Bug Fixes: + * Return 401 for invalid access_token on logout (PR #2938) Thanks to @dklug! + * Return a 404 rather than a 500 on rejoining empty rooms (PR #3080) + * fix federation_domain_whitelist (PR #3099) + * Avoid creating events with huge numbers of prev_events (PR #3113) + * Reject events which have lots of prev_events (PR #3118) + * Fix quarantine media admin API and search reindex (PR #3130) + * Fix media admin APIs (PR #3134) + + * Features: + * Add metrics for event processing lag (PR #3090) + * Add metrics for ResponseCache (PR #3092) + + * Changes: + * Synapse on PyPy (PR #2760) Thanks to @Valodim! + * move handling of auto_join_rooms to RegisterHandler (PR #2996) Thanks to @krombel! + * Improve handling of SRV records for federation connections (PR #3016) Thanks to @silkeh! + * Document the behaviour of ResponseCache (PR #3059) + * Preparation for py3 (PR #3061, #3073, #3074, #3075, #3103, #3104, #3106, #3107, #3109, #3110) Thanks to @NotAFile! + * update prometheus dashboard to use new metric names (PR #3069) Thanks to @krombel! + * use python3-compatible prints (PR #3074) Thanks to @NotAFile! + * Send federation events concurrently (PR #3078) + * Limit concurrent event sends for a room (PR #3079) + * Improve R30 stat definition (PR #3086) + * Send events to ASes concurrently (PR #3088) + * Refactor ResponseCache usage (PR #3093) + * Clarify that SRV may not point to a CNAME (PR #3100) Thanks to @silkeh! + * Use str(e) instead of e.message (PR #3103) Thanks to @NotAFile! + * Use six.itervalues in some places (PR #3106) Thanks to @NotAFile! + * Refactor store.have_events (PR #3117) + + +------------------------------------------------------------------- Old: ---- matrix-synapse-v0.27.4.tar.xz New: ---- matrix-synapse-v0.28.1.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ matrix-synapse.spec ++++++ --- /var/tmp/diff_new_pack.ACHJ3i/_old 2018-05-06 15:02:02.835751399 +0200 +++ /var/tmp/diff_new_pack.ACHJ3i/_new 2018-05-06 15:02:02.839751252 +0200 @@ -18,6 +18,7 @@ ## Package updates # +# * Update version in _service and this file to the most recent released one # * Call `osc service ra` # * Update changelog manually from # * https://github.com/matrix-org/synapse/releases @@ -37,7 +38,7 @@ %define github_user matrix-org %define short_name synapse Name: matrix-%{short_name}%{?name_ext} -Version: 0.27.4 +Version: 0.28.1 Release: 0 Summary: Matrix protocol reference homeserver License: Apache-2.0 ++++++ _service ++++++ --- /var/tmp/diff_new_pack.ACHJ3i/_old 2018-05-06 15:02:02.895749197 +0200 +++ /var/tmp/diff_new_pack.ACHJ3i/_new 2018-05-06 15:02:02.895749197 +0200 @@ -4,7 +4,7 @@ <param name="versionformat">@PARENT_TAG@</param> <param name="url">git://github.com/matrix-org/synapse.git</param> <param name="scm">git</param> - <param name="revision">v0.27.4</param> + <param name="revision">v0.28.1</param> <!-- The git changelog of matrix-org/synapse does not seem to be very usable. Use the changelog provided on the github release page --> <param name="changesgenerate">disable</param> <param name="changesauthor">ok...@suse.com</param> ++++++ matrix-synapse-v0.27.4.tar.xz -> matrix-synapse-v0.28.1.tar.xz ++++++ ++++ 3122 lines of diff (skipped)