Commit Graph

309 Commits (8d90e5f2006c4b9bad4b7b4bc164103480886da2)

Author SHA1 Message Date
Erik Johnston 320e8c8064 Synapse 1.23.1 (2020-12-09)
===========================
 
 Due to the two security issues highlighted below, server administrators are
 encouraged to update Synapse. We are not aware of these vulnerabilities being
 exploited in the wild.
 
 Security advisory
 -----------------
 
 The following issues are fixed in v1.23.1 and v1.24.0.
 
 - There is a denial of service attack
   ([CVE-2020-26257](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26257))
   against the federation APIs in which future events will not be correctly sent
   to other servers over federation. This affects all servers that participate in
   open federation. (Fixed in [#8776](https://github.com/matrix-org/synapse/pull/8776)).
 
 - Synapse may be affected by OpenSSL
   [CVE-2020-1971](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1971).
   Synapse administrators should ensure that they have the latest versions of
   the cryptography Python package installed.
 
 To upgrade Synapse along with the cryptography package:
 
 * Administrators using the [`matrix.org` Docker
   image](https://hub.docker.com/r/matrixdotorg/synapse/) or the [Debian/Ubuntu
   packages from
   `matrix.org`](https://github.com/matrix-org/synapse/blob/master/INSTALL.md#matrixorg-packages)
   should ensure that they have version 1.24.0 or 1.23.1 installed: these images include
   the updated packages.
 * Administrators who have [installed Synapse from
   source](https://github.com/matrix-org/synapse/blob/master/INSTALL.md#installing-from-source)
   should upgrade the cryptography package within their virtualenv by running:
   ```sh
   <path_to_virtualenv>/bin/pip install 'cryptography>=3.3'
   ```
 * Administrators who have installed Synapse from distribution packages should
   consult the information from their distributions.
 
 Bugfixes
 --------
 
 - Fix a bug in some federation APIs which could lead to unexpected behaviour if different parameters were set in the URI and the request body. ([\#8776](https://github.com/matrix-org/synapse/issues/8776))
 
 Internal Changes
 ----------------
 
 - Add a maximum version for pysaml2 on Python 3.5. ([\#8898](https://github.com/matrix-org/synapse/issues/8898))
 -----BEGIN PGP SIGNATURE-----
 
 iQFEBAABCgAuFiEEBTGR3/RnAzBGUif3pULk7RsPrAkFAl/QsOYQHGVyaWtAbWF0
 cml4Lm9yZwAKCRClQuTtGw+sCZTkCACEDbyMY/UCqJaUILxtYeBE7K4GvOqPPHyo
 2VLjyitI7XWVzB/paUOPxAtOtiwXS0GOrL+UsW6Lky2HIjafjLe1Z3LHzATQwF2I
 J2bZWTY1Y4v3y8B7noPmp7+QFIBIey++09BY+MwzT3EQYnXt6lvoHmEvPH/htzjg
 LfdZpSj4WrJr4S2/W0rVlkGSuIShN0Tnv6pTgbGRZMt1N4JH2mo65mCGt3xrMS7E
 us+xqStGh5Q+9g3F913iIJ8noUMeCvTT7hbr1eonhZ3MIKWG30z+zcXwmGb0t3B8
 zvTFXqdbZPSw+ZZdxaZwZuJzNCnYOu6t0JuzXqDoE0xsHb8RVUe9
 =Z9US
 -----END PGP SIGNATURE-----

Merge tag 'v1.23.1'

Synapse 1.23.1 (2020-12-09)
===========================

Due to the two security issues highlighted below, server administrators are
encouraged to update Synapse. We are not aware of these vulnerabilities being
exploited in the wild.

Security advisory
-----------------

The following issues are fixed in v1.23.1 and v1.24.0.

- There is a denial of service attack
  ([CVE-2020-26257](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26257))
  against the federation APIs in which future events will not be correctly sent
  to other servers over federation. This affects all servers that participate in
  open federation. (Fixed in [#8776](https://github.com/matrix-org/synapse/pull/8776)).

- Synapse may be affected by OpenSSL
  [CVE-2020-1971](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1971).
  Synapse administrators should ensure that they have the latest versions of
  the cryptography Python package installed.

To upgrade Synapse along with the cryptography package:

* Administrators using the [`matrix.org` Docker
  image](https://hub.docker.com/r/matrixdotorg/synapse/) or the [Debian/Ubuntu
  packages from
  `matrix.org`](https://github.com/matrix-org/synapse/blob/master/INSTALL.md#matrixorg-packages)
  should ensure that they have version 1.24.0 or 1.23.1 installed: these images include
  the updated packages.
* Administrators who have [installed Synapse from
  source](https://github.com/matrix-org/synapse/blob/master/INSTALL.md#installing-from-source)
  should upgrade the cryptography package within their virtualenv by running:
  ```sh
  <path_to_virtualenv>/bin/pip install 'cryptography>=3.3'
  ```
* Administrators who have installed Synapse from distribution packages should
  consult the information from their distributions.

Bugfixes
--------

- Fix a bug in some federation APIs which could lead to unexpected behaviour if different parameters were set in the URI and the request body. ([\#8776](https://github.com/matrix-org/synapse/issues/8776))

Internal Changes
----------------

- Add a maximum version for pysaml2 on Python 3.5. ([\#8898](https://github.com/matrix-org/synapse/issues/8898))
2020-12-09 11:29:56 +00:00
Erik Johnston 1cec3d1457 1.23.1 2020-12-09 11:07:41 +00:00
Erik Johnston 9b26a4ac87 1.24.0 2020-12-09 11:07:24 +00:00
Erik Johnston ef366720d5 1.23.0 2020-11-18 11:41:41 +00:00
Erik Johnston b4289795ea 1.22.1 2020-10-30 15:25:44 +00:00
Erik Johnston fedfdfd750 1.22.0 2020-10-27 12:07:19 +00:00
Patrick Cloke 9991aaa49c 1.21.2 2020-10-15 09:24:10 -04:00
Andrew Morgan 58e583eac1 1.21.1 2020-10-13 10:27:16 +01:00
Andrew Morgan a06b7a5d94
Explicitly install test dependencies when building deb packages (#8523)
After https://github.com/matrix-org/synapse/pull/8377, the deb packages no longer indirectly installed the `"test"` dependencies, causing debian packages to fail to build while carrying out the unit tests.

This PR installs `test` dependencies explicitly when building debian packages.
2020-10-12 17:44:11 +01:00
Andrew Morgan f76194a021 1.21.0 2020-10-12 15:50:27 +01:00
Andrew Morgan 920dd1083e 1.20.1 2020-09-24 16:25:33 +01:00
Andrew Morgan 55bb5fda33 1.20.0 2020-09-22 15:18:31 +01:00
Patrick Cloke 88e67d1adb 1.19.3
Synapse 1.19.3 (2020-09-18)
 ===========================
 
 Bugfixes
 --------
 
 - Partially mitigate bug where newly joined servers couldn't get past
 events in a room when there is a malformed event.
 ([\#8350](https://github.com/matrix-org/synapse/issues/8350))
 -----BEGIN PGP SIGNATURE-----
 
 iQJHBAABCAAxFiEEgQG31Z317NrSMt0QiISIDS7+X/QFAl9kxN4THGFuZHJld0Bh
 bW9yZ2FuLnh5egAKCRCIhIgNLv5f9LznEACSm7ZL0GjVDcDjGEu+QjKIi3KUiFq3
 i8EXEZWT3w5NNNER0Jey5BHxaBKtnPsvon0k3U4bp5KKOA6BGa9L4NDGZYJa3p0k
 A1uc3DCgGG1aVazpIzfhWRA0va13T+zRKdz52GdjzksH0WGl6w3UoJhloWOmHyxz
 K4UxGwOqJMSBxseBHOFcXdomPtsNYUqsrOcZYWjh3hWN0GMV6H+WrcbKVYl49V0F
 6aVHuaxit35iAGYER41mnTA34ZNuC1Qkp83mAaE+Z8i39qBWPMRErUNAyZQ/mCKz
 QrF98p7F2kFgSzDagtZiUPZj3w3XwfZf05bqnyd9cxBEQdIYFLAL0lokEXcoY1os
 q7gKwGuwicuvYEQrt+gSFlkoUaSvy7/b4cmFqvT0NGnBNZoYl6MX4MXP2CNHuaFk
 yljZoTecKEmhInY10S4uy+Hp0JNHuZWEOYGKy7CrQaqRo8MhBLk5LWBPjUOayPLP
 uvDNv6MShQ8SpCiKvsoCBiX9G3LEo1yHPo5oX57nOr+IHawH0PPkXVKL3b+K+7s0
 eXah/9n/wQYO5K+ReqTFd9ZCegN0/hW/NAT9aX/gEYASkS4ANvGALWwXbZSOG5IG
 2glXiewbJSOaVutPRpIVI3XGDSdm3/8VpO+cAKotZ+pR1V6nsxtVwLRmAhxqhNFD
 3AULCLMt2yKzDw==
 =a9VC
 -----END PGP SIGNATURE-----

Merge tag 'v1.19.3' into release-v1.20.0

1.19.3

Synapse 1.19.3 (2020-09-18)
===========================

Bugfixes
--------

- Partially mitigate bug where newly joined servers couldn't get past
events in a room when there is a malformed event.
([\#8350](https://github.com/matrix-org/synapse/issues/8350))
2020-09-18 10:53:01 -04:00
Andrew Morgan 5b70acb44c 1.19.3 2020-09-18 15:00:07 +01:00
Patrick Cloke ab165994db Merge remote-tracking branch 'origin/master' into release-v1.20.0 2020-09-16 08:52:21 -04:00
Erik Johnston 5ffd68dca1 1.19.2 2020-09-16 13:37:03 +01:00
Brendan Abolivier 9cfc120233
Merge branch 'master' into develop 2020-08-27 11:01:21 +01:00
Brendan Abolivier eadfda3ebc 1.19.1 2020-08-27 10:50:39 +01:00
Dexter Chua cf2f6c3d22
Update debian systemd service to use Type=notify (#8169)
This ensures systemctl start matrix-synapse returns only after synapse
is actually started, which is very useful for automated deployments.

Fixes #5761

Signed-off-by: Dexter Chua <dec41@srcf.net>
2020-08-27 10:39:13 +01:00
Olivier Wilkinson (reivilibre) ea4e4d2f0b 1.19.0 2020-08-17 14:12:46 +01:00
Olivier Wilkinson (reivilibre) 3aa36b782c Merge branch 'master' into develop 2020-07-30 15:18:36 +01:00
Olivier Wilkinson (reivilibre) a9631b7b4b 1.18.0 2020-07-30 10:56:54 +01:00
Aaron Raimist 2184f61fae
Various improvements to the docs (#7899) 2020-07-29 10:35:44 -04:00
Richard van der Hoff 29df3d0e9f 1.17.0 2020-07-13 10:20:36 +01:00
Richard van der Hoff 8ccb7f08d9 Merge branch 'master' into release-v1.17.0 2020-07-10 18:38:18 +01:00
Richard van der Hoff c9f7c683ae 1.16.1 2020-07-10 12:11:12 +01:00
Richard van der Hoff 43726783e4 1.17.0rc1 2020-07-09 16:53:19 +01:00
Richard van der Hoff 98894341e7 1.16.0 2020-07-08 11:03:55 +01:00
Patrick Cloke e8c36e527d 1.15.2 2020-07-02 10:35:59 -04:00
Brendan Abolivier 65eb078498
1.15.1 2020-06-16 10:28:58 +01:00
Brendan Abolivier 3b3f327a0d 1.15.0 2020-06-11 13:27:27 +01:00
Brendan Abolivier 76261fc59d
Update debian changelog 2020-05-28 12:39:09 +02:00
Brendan Abolivier b3b2038b6a
Remove the changes to the debian changelog
Since this is not a full release yet
2020-05-26 17:22:46 +02:00
Brendan Abolivier 3b19c17247 1.14.0 2020-05-26 16:45:37 +02:00
Patrick Cloke ac3264bf1e 1.13.0 2020-05-19 09:19:09 -04:00
Richard van der Hoff 1fc8914f76
update dh-virtualenv (#7526) 2020-05-19 13:48:41 +01:00
Patrick Cloke 68384d96fd Merge branch 'master' into develop 2020-04-23 12:04:50 -04:00
Patrick Cloke ce9b62e13f 1.12.4 2020-04-23 10:59:10 -04:00
Patrick Cloke 71953139d1
Add information about .well-known to Debian installation. (#7227) 2020-04-06 17:02:44 -04:00
Richard van der Hoff 29ce90358c 1.12.3 2020-04-03 10:57:07 +01:00
Richard van der Hoff 6d7cec7a57
Fix the debian build in a better way. (#7212) 2020-04-03 10:23:36 +01:00
Andrew Morgan 08edefe694 1.12.2 2020-04-02 19:02:45 +01:00
Andrew Morgan b730480abb 1.12.1 2020-04-02 18:57:31 +01:00
Richard van der Hoff 2fa55c0cc6 1.12.0 2020-03-23 12:13:09 +00:00
Brendan Abolivier 6b0ef34706
Update debian changelog 2020-03-03 15:01:43 +00:00
Richard van der Hoff 9c1b83b007 1.11.0 2020-02-21 08:56:04 +00:00
Richard van der Hoff fd6d83ed96 1.10.1 2020-02-17 16:27:33 +00:00
Brendan Abolivier fdb816713a 1.10.0 2020-02-12 12:19:19 +00:00
Erik Johnston 77d9357226 1.9.1 2020-01-28 13:09:36 +00:00
Brendan Abolivier f3eac2b3e9 1.9.0 2020-01-23 12:57:55 +00:00
Erik Johnston 24b2c940fb 1.8.0 2020-01-09 11:39:29 +00:00
Richard van der Hoff 08815566bc
Automate generation of the sample and debian log configs (#6627) 2020-01-03 17:14:00 +00:00
Richard van der Hoff 77661ce81a 1.7.3 2019-12-31 10:45:12 +00:00
Richard van der Hoff 29794c6bc8 1.7.2 2019-12-20 10:58:07 +00:00
Richard van der Hoff d656e91fc2 1.7.1 2019-12-18 09:38:08 +00:00
Erik Johnston f5aeea9e89 1.7.0 2019-12-13 10:19:53 +00:00
Andrew Morgan e7777f3668 1.6.1 2019-11-28 11:29:50 +00:00
Andrew Morgan b98971e8a4 1.6.0 2019-11-26 13:28:40 +00:00
Richard van der Hoff feafd98aca 1.5.1 2019-11-06 10:02:23 +00:00
Richard van der Hoff 9ffcf0f7ba 1.5.0 2019-10-29 14:28:54 +00:00
Brendan Abolivier 41b9faed16 1.4.1 2019-10-18 10:15:12 +01:00
Andrew Morgan ecb69d824a 1.4.0 2019-10-03 13:22:44 +01:00
Richard van der Hoff 74fb729213 1.3.1 2019-08-17 09:16:17 +01:00
Brendan Abolivier fb5acd7039 1.3.0 2019-08-15 12:05:24 +01:00
Andrew Morgan 8cf7fbbce0 Remove libsqlite3-dev from required build dependencies. (#5766) 2019-08-15 11:32:23 +01:00
Richard van der Hoff dde6ea7ff6 1.2.1 2019-07-26 11:33:16 +01:00
Andrew Morgan c0a1301ccd 1.2.0 2019-07-25 14:10:32 +01:00
Richard van der Hoff 1def298119
Improve `Depends` specs in debian package. (#5675)
This is basically a contrived way of adding a `Recommends` on `libpq5`, to fix #5653.

The way this is supposed to happen in debhelper is to run
`dh_shlibdeps`, which in turn runs `dpkg-shlibdeps`, which spits things out
into `debian/<package>.substvars` whence they can later be included by
`control`.

Previously, we had disabled `dh_shlibdeps`, mostly because `dpkg-shlibdeps`
gets confused about PIL's interdependent objects, but that's not really the
right thing to do and there is another way to work around that.

Since we don't always use postgres, we don't necessarily want a hard Depends on
libpq5, so I've actually ended up adding an explicit invocation of
`dpkg-shlibdeps` for `psycopg2`.

I've also updated the build-depends list for the package, which was missing a
couple of entries.
2019-07-17 17:47:07 +01:00
Erik Johnston 822a0f0435 Merge branch 'master' of github.com:matrix-org/synapse into develop 2019-07-04 14:00:27 +01:00
Erik Johnston 20332b278d 1.1.0 2019-07-04 11:44:09 +01:00
Amber Brown 463b072b12
Move logging utilities out of the side drawer of util/ and into logging/ (#5606) 2019-07-04 00:07:04 +10:00
Silke Hofstra 457b8e4c4d Include systemd-python in Debian package to allow logging to journal (#5261)
Signed-off-by: Silke Hofstra <silke@slxh.eu>
2019-06-27 18:26:41 +01:00
Erik Johnston 97174780ce 1.0.0 2019-06-11 17:10:01 +01:00
Erik Johnston c831748f4d 0.99.5.2 2019-05-30 16:29:47 +01:00
Neil Johnson 3d5bba581b 0.99.5.1 2019-05-22 17:52:44 +01:00
Neil Johnson 006bd8f4f6 Revert "0.99.5"
This reverts commit c31e375ade.
2019-05-22 17:49:53 +01:00
Neil Johnson c31e375ade 0.99.5 2019-05-22 17:45:44 +01:00
Neil Johnson 8031a6f3d5 0.99.5 2019-05-22 15:40:28 +01:00
Richard van der Hoff afb463fb7a Some vagrant hackery for testing the debs 2019-05-17 12:56:46 +01:00
Richard van der Hoff 4a926f528e 0.99.4 2019-05-15 13:58:45 +01:00
Christoph Müller ee90c06e38 Set syslog identifiers in systemd units (#5023) 2019-05-10 09:09:25 +01:00
Richard van der Hoff fa21455e08 0.99.3.2 2019-05-03 18:56:24 +01:00
Richard van der Hoff 863ec09622 0.99.3.1 2019-05-03 16:03:24 +01:00
Neil Johnson 35442efb75 0.99.3 2019-04-01 12:49:03 +00:00
Richard van der Hoff 6e4931aa19 Debian package: fix warning during preconfiguration. 2019-03-07 07:18:06 +00:00
Richard van der Hoff 9ac72d9543 0.99.2 2019-03-01 10:55:44 +00:00
Richard van der Hoff 44a4d65586 0.99.2rc1 2019-02-27 10:48:34 +00:00
Richard van der Hoff 0969d688e3
Debian: fix overwriting of config settings on upgrade (#4696)
Make sure that users' changes to the config files are preserved.

Fixes #4440.
2019-02-22 15:02:39 +00:00
Richard van der Hoff f595d6ac57 0.99.1.1 2019-02-14 17:20:02 +00:00
Richard van der Hoff 06cd757ae7 0.99.1 2019-02-14 14:24:24 +00:00
Дамјан Георгиевски a214ba93e0 implement `reload` by sending the HUP signal (#4622)
* implement `reload` by sending the HUP signal

According to the 0.99 release info* synapse now uses the HUP signal to reload certificates:

> Synapse will now reload TLS certificates from disk upon SIGHUP. (#4495, #4524)

So the matrix-synapse.service unit file should include a reload directive.

Signed-off-by: Дамјан Георгиевски <gdamjan@gmail.com>
2019-02-14 13:44:22 +00:00
Richard van der Hoff 3bd9daf4b8 v0.99.0 2019-02-05 18:33:02 +00:00
Richard van der Hoff 8c58c10697
Generate the debian config during build (#4444)
Rather than hardcoding a config which we always forget to update, generate it
from the default config.
2019-01-24 13:39:01 +00:00
Richard van der Hoff 2f88881c93
debian package: symlink to python-3.X (#4433)
In the debian package, make the virtualenv symlink python to /usr/bin/python3.X
rather than /usr/bin/python3. Also make sure we depend on the right python3.x
package.

This might help a bit with subtle failures when people install a package from
the wrong distro (https://github.com/matrix-org/synapse/issues/4431).
2019-01-23 11:43:04 +00:00
Amber Brown 23b0813599
Require ECDH key exchange & remove dh_params (#4429)
* remove dh_params and set better cipher string
2019-01-22 21:58:50 +11:00
Richard van der Hoff 4fd051f9c3 moar plusses!
turns out that 0.34.1.1+1 comes before 0.34.1.1+bionic (etc).

The version may only contain "~ 0-9 A-Z a-z + - ." (sorting in that order).

Option 1: replace "+" with something that sorts after +. Options are "-" (but
dpkg-source complains about that) or "." (but that would mean we couldn't
distinguish packaging-only changes from real changes).

Option 2: stick with + and just find something that sorts after 'xenial'. The
only options there are "-", "." (same problems as before), "z", and "+".

Hence, ++1. Sorry.
2019-01-12 13:08:32 +00:00
Richard van der Hoff 91fa34b3fa s/Breaks/Conflicts/ in debian/control
Otherwise people can't upgrade from matrix-synapse without removing it first
2019-01-11 17:05:45 +00:00
Amber Brown c0dba73aa0 changelog, for debian 2019-01-11 02:20:29 +11:00
Richard van der Hoff 2394e832a8 debian: Remove Breaks: matrix-synapse-ldap3 2019-01-09 15:35:11 +00:00
Richard van der Hoff 998f5225c1 0.34.1 2019-01-09 14:53:54 +00:00
Richard van der Hoff 29f20a8a1a
Update debian Conflicts specifications (#4349)
...  to allow installation alongside our matrix-synapse transitional package.
2019-01-04 17:24:13 +00:00
Richard van der Hoff e9cdfedff3
Avoid packaging _trial_temp directory (#4326)
Make sure we don't put the _trial_temp directory in the package target
directory.

Fixes https://github.com/matrix-org/synapse/issues/4322
2019-01-02 07:30:31 +00:00
Richard van der Hoff 7134832c01
Install the optional dependencies into the debian package (#4325)
since #4298, the optional dependencies are no longer installed with a simple
`pip install .`, which meant that they were not being included in the debian
package.

The easy fix to that is dh_virtualenv --extras, but that needs dh_virtualenv
1.1...
2019-01-02 07:17:39 +00:00
Richard van der Hoff ad1c68ad94 Mention updating extensions 2018-12-20 23:32:59 +00:00
Richard van der Hoff a7aca672df
clarify that installing -py3 removes the old pkg 2018-12-20 22:05:27 +00:00
Richard van der Hoff d731b75c7b Clarify that py2 packages will continue to exist 2018-12-20 14:55:41 +00:00
Richard van der Hoff 8957a11979 Update log config for debian packages
Better follow our own release notes.
2018-12-20 12:06:31 +00:00
Richard van der Hoff 1a6d5bfa08 Debian packaging via dh_virtualenv (#4285) 2018-12-20 11:33:29 +00:00
Amber Brown fd4070a85d import from package-debian-synapse 2018-12-20 11:15:52 +00:00