Hello community, here is the log from the commit of package matrix-synapse for openSUSE:Factory checked in at 2020-10-16 16:13:39 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/matrix-synapse (Old) and /work/SRC/openSUSE:Factory/.matrix-synapse.new.3486 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "matrix-synapse" Fri Oct 16 16:13:39 2020 rev:22 rq:841979 version:1.21.2 Changes: -------- --- /work/SRC/openSUSE:Factory/matrix-synapse/matrix-synapse.changes 2020-09-25 16:37:23.620202394 +0200 +++ /work/SRC/openSUSE:Factory/.matrix-synapse.new.3486/matrix-synapse.changes 2020-10-16 16:13:51.128682831 +0200 @@ -1,0 +2,193 @@ +Thu Oct 15 17:16:29 UTC 2020 - Marcus Rueckert <mrueck...@suse.de> + +- prepare to support more optional features in the buildrequires + (oidc/redis). failing atm due to missing libraries + +------------------------------------------------------------------- +Thu Oct 15 16:45:55 UTC 2020 - Marcus Rueckert <mrueck...@suse.de> + +- Update to 1.21.2 + - Security advisory + - HTML pages served via Synapse were vulnerable to cross-site + scripting (XSS) attacks. All server administrators are + encouraged to upgrade. (#8444) (CVE-2020-26891) + - This fix was originally included in v1.21.0 but was missing a + security advisory. This was reported by Denis Kasak. + - Bugfixes + - Fix rare bug where sending an event would fail due to a racey + assertion. (#8530) + - An updated version of the authlib dependency is included in + the Docker and Debian images to fix an issue using OpenID + Connect. See #8534 for details. + +------------------------------------------------------------------- +Wed Oct 14 16:09:43 UTC 2020 - Marcus Rueckert <mrueck...@suse.de> + +- Update to 1.21.1 + This release fixes a regression in v1.21.0 that prevented debian + packages from being built. It is otherwise identical to v1.21.0. + +------------------------------------------------------------------- +Mon Oct 12 17:08:13 UTC 2020 - Marcus Rueckert <mrueck...@suse.de> + +- Update to 1.21.0 + - Features + - Convert additional templates from inline HTML to Jinja2 + templates. (#8444) + - Require the user to confirm that their password should be + reset after clicking the email confirmation link. (#8004) + - Add an admin API GET /_synapse/admin/v1/event_reports to read + entries of table event_reports. Contributed by @dklimpel. + (#8217) + - Consolidate the SSO error template across all configuration. + (#8248, #8405) + - Add a configuration option to specify a whitelist of domains + that a user can be redirected to after validating their email + or phone number. (#8275, #8417) + - Add experimental support for sharding event persister. + (#8294, #8387, #8396, #8419) + - Add the room topic and avatar to the room details admin API. + (#8305) + - Add an admin API for querying rooms where a user is a member. + Contributed by @dklimpel. (#8306) + - Add uk.half-shot.msc2778.login.application_service login type + to allow appservices to login. (#8320) + - Add a configuration option that allows existing users to log + in with OpenID Connect. Contributed by @BBBSnowball and + @OmmyZhang. (#8345) + - Add prometheus metrics for replication requests. (#8406) + - Support passing additional single sign-on parameters to the + client. (#8413) + - Add experimental reporting of metrics on expensive rooms for + state-resolution. (#8420) + - Add experimental prometheus metric to track numbers of + "large" rooms for state resolutiom. (#8425) + - Add prometheus metrics to track federation delays. (#8430) + - Bugfixes + - Fix duplication of events on high traffic servers, caused by + PostgreSQL could not serialize access due to concurrent + update errors. (#8456) + - Fix a regression in v1.21.0rc1 which broke thumbnails of + remote media. (#8438) + - Do not expose the experimental + uk.half-shot.msc2778.login.application_service flow in the + login API, which caused a compatibility problem with Element + iOS. (#8440) + - Fix malformed log line in new federation "catch up" logic. + (#8442) + - Fix DB query on startup for negative streams which caused + long start up times. Introduced in #8374. (#8447) + - Fix a bug in the media repository where remote thumbnails + with the same size but different crop methods would overwrite + each other. Contributed by @deepbluev7. (#7124) + - Fix inconsistent handling of non-existent push rules, and + stop tracking the enabled state of removed push rules. + (#7796) + - Fix a longstanding bug when storing a media file with an + empty upload_name. (#7905) + - Fix messages not being sent over federation until an event is + sent into the same room. (#8230, #8247, #8258, #8272, #8322) + - Fix a longstanding bug where files that could not be + thumbnailed would result in an Internal Server Error. (#8236, + #8435) + - Upgrade minimum version of canonicaljson to version 1.4.0, to + fix an unicode encoding issue. (#8262) + - Fix longstanding bug which could lead to incomplete database + upgrades on SQLite. (#8265) + - Fix stack overflow when stderr is redirected to the logging + system, and the logging system encounters an error. (#8268) + - Fix a bug which cause the logging system to report errors, if + DEBUG was enabled and no context filter was applied. (#8278) + - Fix edge case where push could get delayed for a user until a + later event was pushed. (#8287) + - Fix fetching malformed events from remote servers. (#8324) + - Fix UnboundLocalError from occuring when appservices send a + malformed register request. (#8329) + - Don't send push notifications to expired user accounts. + (#8353) + - Fix a regression in v1.19.0 with reactivating users through + the admin API. (#8362) + - Fix a bug where during device registration the length of the + device name wasn't limited. (#8364) + - Include guest_access in the fields that are checked for null + bytes when updating room_stats_state. Broke in v1.7.2. + (#8373) + - Fix theoretical race condition where events are not sent down + /sync if the synchrotron worker is restarted without + restarting other workers. (#8374) + - Fix a bug which could cause errors in rooms with malformed + membership events, on servers using sqlite. (#8385) + - Fix "Re-starting finished log context" warning when receiving + an event we already had over federation. (#8398) + - Fix incorrect handling of timeouts on outgoing HTTP requests. + (#8400) + - Fix a regression in v1.20.0 in the synapse_port_db script + regarding the ui_auth_sessions_ips table. (#8410) + - Remove unnecessary 3PID registration check when resetting + password via an email address. Bug introduced in v0.34.0rc2. + (#8414) + - Improved Documentation + - Add /_synapse/client to the reverse proxy documentation. + (#8227) + - Add note to the reverse proxy settings documentation about + disabling Apache's mod_security2. Contributed by Julian + Fietkau (@jfietkau). (#8375) + - Improve description of server_name config option in + homserver.yaml. (#8415) + - Deprecations and Removals + - Drop support for prometheus_client older than 0.4.0. (#8426) + - Internal Changes + - Fix tests on distros which disable TLSv1.0. Contributed by + @danc86. (#8208) + - Simplify the distributor code to avoid unnecessary work. + (#8216) + - Remove the populate_stats_process_rooms_2 background job and + restore functionality to populate_stats_process_rooms. + (#8243) + - Clean up type hints for PaginationConfig. (#8250, #8282) + - Track the latest event for every destination and room for + catch-up after federation outage. (#8256) + - Fix non-user visible bug in implementation of + MultiWriterIdGenerator.get_current_token_for_writer. (#8257) + - Switch to the JSON implementation from the standard library. + (#8259) + - Add type hints to synapse.util.async_helpers. (#8260) + - Simplify tests that mock asynchronous functions. (#8261) + - Add type hints to StreamToken and RoomStreamToken classes. + (#8279) + - Change StreamToken.room_key to be a RoomStreamToken instance. + (#8281) + - Refactor notifier code to correctly use the max event stream + position. (#8288) + - Use slotted classes where possible. (#8296) + - Support testing the local Synapse checkout against the + Complement homeserver test suite. (#8317) + - Update outdated usages of metaclass to python 3 syntax. + (#8326) + - Move lint-related dependencies to package-extra field, update + CONTRIBUTING.md to utilise this. (#8330, #8377) + - Use the admin_patterns helper in additional locations. + (#8331) + - Fix test logging to allow braces in log output. (#8335) + - Remove __future__ imports related to Python 2 compatibility. + (#8337) + - Simplify super() calls to Python 3 syntax. (#8344) + - Fix bad merge from release-v1.20.0 branch to develop. (#8354) + - Factor out a _send_dummy_event_for_room method. (#8370) + - Improve logging of state resolution. (#8371) + - Add type annotations to SimpleHttpClient. (#8372) + - Refactor ID generators to use async with syntax. (#8383) + - Add EventStreamPosition type. (#8388) + - Create a mechanism for marking tests "logcontext clean". + (#8399) + - A pair of tiny cleanups in the federation request code. + (#8401) + - Add checks on startup that PostgreSQL sequences are + consistent with their associated tables. (#8402) + - Do not include appservice users when calculating the total + MAU for a server. (#8404) + - Typing fixes for synapse.handlers.federation. (#8422) + - Various refactors to simplify stream token handling. (#8423) + - Make stream token serializing/deserializing async. (#8427) + +------------------------------------------------------------------- Old: ---- matrix-synapse-1.20.1.obscpio New: ---- matrix-synapse-1.21.2.obscpio ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ matrix-synapse-test.spec ++++++ --- /var/tmp/diff_new_pack.fDIyRE/_old 2020-10-16 16:13:53.744683633 +0200 +++ /var/tmp/diff_new_pack.fDIyRE/_new 2020-10-16 16:13:53.748683634 +0200 @@ -32,7 +32,7 @@ %define pkgname matrix-synapse Name: %{pkgname}-test -Version: 1.20.1 +Version: 1.21.2 Release: 0 Summary: Test package for %{pkgname} License: Apache-2.0 ++++++ matrix-synapse.spec ++++++ --- /var/tmp/diff_new_pack.fDIyRE/_old 2020-10-16 16:13:53.788683647 +0200 +++ /var/tmp/diff_new_pack.fDIyRE/_new 2020-10-16 16:13:53.792683647 +0200 @@ -19,9 +19,11 @@ # These come from matrix-synapse's CONDITIONAL_REQUIREMENTS. %bcond_without email_notifs %bcond_without postgres +%bcond_with oidc %bcond_without saml %bcond_without url_preview %bcond_without jwt +%bcond_with redis # missing deps %bcond_with opentracing # matrix-synapse-ldap isn't packaged on openSUSE. @@ -46,7 +48,7 @@ %define modname synapse %define pkgname matrix-synapse Name: %{pkgname} -Version: 1.20.1 +Version: 1.21.2 Release: 0 Summary: Matrix protocol reference homeserver License: Apache-2.0 @@ -154,6 +156,10 @@ BuildRequires: python3-pysaml2 >= 4.5.0 %requires_eq python3-pysaml2 %endif +%if %{with oidc} +BuildRequires: python3-authlib >= 0.15.1 +%requires_eq python3-authlib +%endif %if %{with url_preview} BuildRequires: python3-lxml >= 3.5.0 %requires_eq python3-lxml @@ -172,6 +178,12 @@ BuildRequires: python3-opentracing >= 2.2.0 %requires_eq python3-opentracing %endif +%if %{with redis} +BuildRequires: python3-txredisapi >= 1.4.7 +%requires_eq python3-txredisapi +BuildRequires: python3-hiredis +%requires_eq python3-hiredis +%endif BuildArch: noarch # We only provide/obsolete python2 to ensure that users upgrade. Obsoletes: python2-matrix-synapse < %{version}-%{release} ++++++ _service ++++++ --- /var/tmp/diff_new_pack.fDIyRE/_old 2020-10-16 16:13:53.840683662 +0200 +++ /var/tmp/diff_new_pack.fDIyRE/_new 2020-10-16 16:13:53.844683664 +0200 @@ -4,7 +4,7 @@ <param name="versionformat">@PARENT_TAG@</param> <param name="url">https://github.com/matrix-org/synapse.git</param> <param name="scm">git</param> - <param name="revision">v1.20.1</param> + <param name="revision">v1.21.2</param> <param name="versionrewrite-pattern">v(.*)</param> <param name="versionrewrite-replacement">\1</param> <!-- ++++++ matrix-synapse-1.20.1.obscpio -> matrix-synapse-1.21.2.obscpio ++++++ /work/SRC/openSUSE:Factory/matrix-synapse/matrix-synapse-1.20.1.obscpio /work/SRC/openSUSE:Factory/.matrix-synapse.new.3486/matrix-synapse-1.21.2.obscpio differ: char 49, line 1 ++++++ matrix-synapse.obsinfo ++++++ --- /var/tmp/diff_new_pack.fDIyRE/_old 2020-10-16 16:13:53.896683679 +0200 +++ /var/tmp/diff_new_pack.fDIyRE/_new 2020-10-16 16:13:53.896683679 +0200 @@ -1,5 +1,5 @@ name: matrix-synapse -version: 1.20.1 -mtime: 1600961731 -commit: ab903e7337f6c2c7cfcdac69b13dedf67e56d801 +version: 1.21.2 +mtime: 1602772423 +commit: 9b8a53c7b9e1a3ca5f46e417b9fa705f8bacb494