Commit Graph

309 Commits

Author SHA1 Message Date
Erik Johnston
320e8c8064 Synapse 1.23.1 (2020-12-09)
===========================
 
 Due to the two security issues highlighted below, server administrators are
 encouraged to update Synapse. We are not aware of these vulnerabilities being
 exploited in the wild.
 
 Security advisory
 -----------------
 
 The following issues are fixed in v1.23.1 and v1.24.0.
 
 - There is a denial of service attack
   ([CVE-2020-26257](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26257))
   against the federation APIs in which future events will not be correctly sent
   to other servers over federation. This affects all servers that participate in
   open federation. (Fixed in [#8776](https://github.com/matrix-org/synapse/pull/8776)).
 
 - Synapse may be affected by OpenSSL
   [CVE-2020-1971](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1971).
   Synapse administrators should ensure that they have the latest versions of
   the cryptography Python package installed.
 
 To upgrade Synapse along with the cryptography package:
 
 * Administrators using the [`matrix.org` Docker
   image](https://hub.docker.com/r/matrixdotorg/synapse/) or the [Debian/Ubuntu
   packages from
   `matrix.org`](https://github.com/matrix-org/synapse/blob/master/INSTALL.md#matrixorg-packages)
   should ensure that they have version 1.24.0 or 1.23.1 installed: these images include
   the updated packages.
 * Administrators who have [installed Synapse from
   source](https://github.com/matrix-org/synapse/blob/master/INSTALL.md#installing-from-source)
   should upgrade the cryptography package within their virtualenv by running:
   ```sh
   <path_to_virtualenv>/bin/pip install 'cryptography>=3.3'
   ```
 * Administrators who have installed Synapse from distribution packages should
   consult the information from their distributions.
 
 Bugfixes
 --------
 
 - Fix a bug in some federation APIs which could lead to unexpected behaviour if different parameters were set in the URI and the request body. ([\#8776](https://github.com/matrix-org/synapse/issues/8776))
 
 Internal Changes
 ----------------
 
 - Add a maximum version for pysaml2 on Python 3.5. ([\#8898](https://github.com/matrix-org/synapse/issues/8898))
 -----BEGIN PGP SIGNATURE-----
 
 iQFEBAABCgAuFiEEBTGR3/RnAzBGUif3pULk7RsPrAkFAl/QsOYQHGVyaWtAbWF0
 cml4Lm9yZwAKCRClQuTtGw+sCZTkCACEDbyMY/UCqJaUILxtYeBE7K4GvOqPPHyo
 2VLjyitI7XWVzB/paUOPxAtOtiwXS0GOrL+UsW6Lky2HIjafjLe1Z3LHzATQwF2I
 J2bZWTY1Y4v3y8B7noPmp7+QFIBIey++09BY+MwzT3EQYnXt6lvoHmEvPH/htzjg
 LfdZpSj4WrJr4S2/W0rVlkGSuIShN0Tnv6pTgbGRZMt1N4JH2mo65mCGt3xrMS7E
 us+xqStGh5Q+9g3F913iIJ8noUMeCvTT7hbr1eonhZ3MIKWG30z+zcXwmGb0t3B8
 zvTFXqdbZPSw+ZZdxaZwZuJzNCnYOu6t0JuzXqDoE0xsHb8RVUe9
 =Z9US
 -----END PGP SIGNATURE-----

Merge tag 'v1.23.1'

Synapse 1.23.1 (2020-12-09)
===========================

Due to the two security issues highlighted below, server administrators are
encouraged to update Synapse. We are not aware of these vulnerabilities being
exploited in the wild.

Security advisory
-----------------

The following issues are fixed in v1.23.1 and v1.24.0.

- There is a denial of service attack
  ([CVE-2020-26257](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26257))
  against the federation APIs in which future events will not be correctly sent
  to other servers over federation. This affects all servers that participate in
  open federation. (Fixed in [#8776](https://github.com/matrix-org/synapse/pull/8776)).

- Synapse may be affected by OpenSSL
  [CVE-2020-1971](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1971).
  Synapse administrators should ensure that they have the latest versions of
  the cryptography Python package installed.

To upgrade Synapse along with the cryptography package:

* Administrators using the [`matrix.org` Docker
  image](https://hub.docker.com/r/matrixdotorg/synapse/) or the [Debian/Ubuntu
  packages from
  `matrix.org`](https://github.com/matrix-org/synapse/blob/master/INSTALL.md#matrixorg-packages)
  should ensure that they have version 1.24.0 or 1.23.1 installed: these images include
  the updated packages.
* Administrators who have [installed Synapse from
  source](https://github.com/matrix-org/synapse/blob/master/INSTALL.md#installing-from-source)
  should upgrade the cryptography package within their virtualenv by running:
  ```sh
  <path_to_virtualenv>/bin/pip install 'cryptography>=3.3'
  ```
* Administrators who have installed Synapse from distribution packages should
  consult the information from their distributions.

Bugfixes
--------

- Fix a bug in some federation APIs which could lead to unexpected behaviour if different parameters were set in the URI and the request body. ([\#8776](https://github.com/matrix-org/synapse/issues/8776))

Internal Changes
----------------

- Add a maximum version for pysaml2 on Python 3.5. ([\#8898](https://github.com/matrix-org/synapse/issues/8898))
2020-12-09 11:29:56 +00:00
Erik Johnston
1cec3d1457 1.23.1 2020-12-09 11:07:41 +00:00
Erik Johnston
9b26a4ac87 1.24.0 2020-12-09 11:07:24 +00:00
Erik Johnston
ef366720d5 1.23.0 2020-11-18 11:41:41 +00:00
Erik Johnston
b4289795ea 1.22.1 2020-10-30 15:25:44 +00:00
Erik Johnston
fedfdfd750 1.22.0 2020-10-27 12:07:19 +00:00
Patrick Cloke
9991aaa49c 1.21.2 2020-10-15 09:24:10 -04:00
Andrew Morgan
58e583eac1 1.21.1 2020-10-13 10:27:16 +01:00
Andrew Morgan
a06b7a5d94
Explicitly install test dependencies when building deb packages (#8523)
After https://github.com/matrix-org/synapse/pull/8377, the deb packages no longer indirectly installed the `"test"` dependencies, causing debian packages to fail to build while carrying out the unit tests.

This PR installs `test` dependencies explicitly when building debian packages.
2020-10-12 17:44:11 +01:00
Andrew Morgan
f76194a021 1.21.0 2020-10-12 15:50:27 +01:00
Andrew Morgan
920dd1083e 1.20.1 2020-09-24 16:25:33 +01:00
Andrew Morgan
55bb5fda33 1.20.0 2020-09-22 15:18:31 +01:00
Patrick Cloke
88e67d1adb 1.19.3
Synapse 1.19.3 (2020-09-18)
 ===========================
 
 Bugfixes
 --------
 
 - Partially mitigate bug where newly joined servers couldn't get past
 events in a room when there is a malformed event.
 ([\#8350](https://github.com/matrix-org/synapse/issues/8350))
 -----BEGIN PGP SIGNATURE-----
 
 iQJHBAABCAAxFiEEgQG31Z317NrSMt0QiISIDS7+X/QFAl9kxN4THGFuZHJld0Bh
 bW9yZ2FuLnh5egAKCRCIhIgNLv5f9LznEACSm7ZL0GjVDcDjGEu+QjKIi3KUiFq3
 i8EXEZWT3w5NNNER0Jey5BHxaBKtnPsvon0k3U4bp5KKOA6BGa9L4NDGZYJa3p0k
 A1uc3DCgGG1aVazpIzfhWRA0va13T+zRKdz52GdjzksH0WGl6w3UoJhloWOmHyxz
 K4UxGwOqJMSBxseBHOFcXdomPtsNYUqsrOcZYWjh3hWN0GMV6H+WrcbKVYl49V0F
 6aVHuaxit35iAGYER41mnTA34ZNuC1Qkp83mAaE+Z8i39qBWPMRErUNAyZQ/mCKz
 QrF98p7F2kFgSzDagtZiUPZj3w3XwfZf05bqnyd9cxBEQdIYFLAL0lokEXcoY1os
 q7gKwGuwicuvYEQrt+gSFlkoUaSvy7/b4cmFqvT0NGnBNZoYl6MX4MXP2CNHuaFk
 yljZoTecKEmhInY10S4uy+Hp0JNHuZWEOYGKy7CrQaqRo8MhBLk5LWBPjUOayPLP
 uvDNv6MShQ8SpCiKvsoCBiX9G3LEo1yHPo5oX57nOr+IHawH0PPkXVKL3b+K+7s0
 eXah/9n/wQYO5K+ReqTFd9ZCegN0/hW/NAT9aX/gEYASkS4ANvGALWwXbZSOG5IG
 2glXiewbJSOaVutPRpIVI3XGDSdm3/8VpO+cAKotZ+pR1V6nsxtVwLRmAhxqhNFD
 3AULCLMt2yKzDw==
 =a9VC
 -----END PGP SIGNATURE-----

Merge tag 'v1.19.3' into release-v1.20.0

1.19.3

Synapse 1.19.3 (2020-09-18)
===========================

Bugfixes
--------

- Partially mitigate bug where newly joined servers couldn't get past
events in a room when there is a malformed event.
([\#8350](https://github.com/matrix-org/synapse/issues/8350))
2020-09-18 10:53:01 -04:00
Andrew Morgan
5b70acb44c 1.19.3 2020-09-18 15:00:07 +01:00
Patrick Cloke
ab165994db Merge remote-tracking branch 'origin/master' into release-v1.20.0 2020-09-16 08:52:21 -04:00
Erik Johnston
5ffd68dca1 1.19.2 2020-09-16 13:37:03 +01:00
Brendan Abolivier
9cfc120233
Merge branch 'master' into develop 2020-08-27 11:01:21 +01:00
Brendan Abolivier
eadfda3ebc 1.19.1 2020-08-27 10:50:39 +01:00
Dexter Chua
cf2f6c3d22
Update debian systemd service to use Type=notify (#8169)
This ensures systemctl start matrix-synapse returns only after synapse
is actually started, which is very useful for automated deployments.

Fixes #5761

Signed-off-by: Dexter Chua <dec41@srcf.net>
2020-08-27 10:39:13 +01:00
Olivier Wilkinson (reivilibre)
ea4e4d2f0b 1.19.0 2020-08-17 14:12:46 +01:00
Olivier Wilkinson (reivilibre)
3aa36b782c Merge branch 'master' into develop 2020-07-30 15:18:36 +01:00
Olivier Wilkinson (reivilibre)
a9631b7b4b 1.18.0 2020-07-30 10:56:54 +01:00
Aaron Raimist
2184f61fae
Various improvements to the docs (#7899) 2020-07-29 10:35:44 -04:00
Richard van der Hoff
29df3d0e9f 1.17.0 2020-07-13 10:20:36 +01:00
Richard van der Hoff
8ccb7f08d9 Merge branch 'master' into release-v1.17.0 2020-07-10 18:38:18 +01:00
Richard van der Hoff
c9f7c683ae 1.16.1 2020-07-10 12:11:12 +01:00
Richard van der Hoff
43726783e4 1.17.0rc1 2020-07-09 16:53:19 +01:00
Richard van der Hoff
98894341e7 1.16.0 2020-07-08 11:03:55 +01:00
Patrick Cloke
e8c36e527d 1.15.2 2020-07-02 10:35:59 -04:00
Brendan Abolivier
65eb078498
1.15.1 2020-06-16 10:28:58 +01:00
Brendan Abolivier
3b3f327a0d 1.15.0 2020-06-11 13:27:27 +01:00
Brendan Abolivier
76261fc59d
Update debian changelog 2020-05-28 12:39:09 +02:00
Brendan Abolivier
b3b2038b6a
Remove the changes to the debian changelog
Since this is not a full release yet
2020-05-26 17:22:46 +02:00
Brendan Abolivier
3b19c17247 1.14.0 2020-05-26 16:45:37 +02:00
Patrick Cloke
ac3264bf1e 1.13.0 2020-05-19 09:19:09 -04:00
Richard van der Hoff
1fc8914f76
update dh-virtualenv (#7526) 2020-05-19 13:48:41 +01:00
Patrick Cloke
68384d96fd Merge branch 'master' into develop 2020-04-23 12:04:50 -04:00
Patrick Cloke
ce9b62e13f 1.12.4 2020-04-23 10:59:10 -04:00
Patrick Cloke
71953139d1
Add information about .well-known to Debian installation. (#7227) 2020-04-06 17:02:44 -04:00
Richard van der Hoff
29ce90358c 1.12.3 2020-04-03 10:57:07 +01:00
Richard van der Hoff
6d7cec7a57
Fix the debian build in a better way. (#7212) 2020-04-03 10:23:36 +01:00
Andrew Morgan
08edefe694 1.12.2 2020-04-02 19:02:45 +01:00
Andrew Morgan
b730480abb 1.12.1 2020-04-02 18:57:31 +01:00
Richard van der Hoff
2fa55c0cc6 1.12.0 2020-03-23 12:13:09 +00:00
Brendan Abolivier
6b0ef34706
Update debian changelog 2020-03-03 15:01:43 +00:00
Richard van der Hoff
9c1b83b007 1.11.0 2020-02-21 08:56:04 +00:00
Richard van der Hoff
fd6d83ed96 1.10.1 2020-02-17 16:27:33 +00:00
Brendan Abolivier
fdb816713a 1.10.0 2020-02-12 12:19:19 +00:00
Erik Johnston
77d9357226 1.9.1 2020-01-28 13:09:36 +00:00
Brendan Abolivier
f3eac2b3e9 1.9.0 2020-01-23 12:57:55 +00:00
Erik Johnston
24b2c940fb 1.8.0 2020-01-09 11:39:29 +00:00
Richard van der Hoff
08815566bc
Automate generation of the sample and debian log configs (#6627) 2020-01-03 17:14:00 +00:00
Richard van der Hoff
77661ce81a 1.7.3 2019-12-31 10:45:12 +00:00
Richard van der Hoff
29794c6bc8 1.7.2 2019-12-20 10:58:07 +00:00
Richard van der Hoff
d656e91fc2 1.7.1 2019-12-18 09:38:08 +00:00
Erik Johnston
f5aeea9e89 1.7.0 2019-12-13 10:19:53 +00:00
Andrew Morgan
e7777f3668 1.6.1 2019-11-28 11:29:50 +00:00
Andrew Morgan
b98971e8a4 1.6.0 2019-11-26 13:28:40 +00:00
Richard van der Hoff
feafd98aca 1.5.1 2019-11-06 10:02:23 +00:00
Richard van der Hoff
9ffcf0f7ba 1.5.0 2019-10-29 14:28:54 +00:00
Brendan Abolivier
41b9faed16 1.4.1 2019-10-18 10:15:12 +01:00
Andrew Morgan
ecb69d824a 1.4.0 2019-10-03 13:22:44 +01:00
Richard van der Hoff
74fb729213 1.3.1 2019-08-17 09:16:17 +01:00
Brendan Abolivier
fb5acd7039 1.3.0 2019-08-15 12:05:24 +01:00
Andrew Morgan
8cf7fbbce0 Remove libsqlite3-dev from required build dependencies. (#5766) 2019-08-15 11:32:23 +01:00
Richard van der Hoff
dde6ea7ff6 1.2.1 2019-07-26 11:33:16 +01:00
Andrew Morgan
c0a1301ccd 1.2.0 2019-07-25 14:10:32 +01:00
Richard van der Hoff
1def298119
Improve Depends specs in debian package. (#5675)
This is basically a contrived way of adding a `Recommends` on `libpq5`, to fix #5653.

The way this is supposed to happen in debhelper is to run
`dh_shlibdeps`, which in turn runs `dpkg-shlibdeps`, which spits things out
into `debian/<package>.substvars` whence they can later be included by
`control`.

Previously, we had disabled `dh_shlibdeps`, mostly because `dpkg-shlibdeps`
gets confused about PIL's interdependent objects, but that's not really the
right thing to do and there is another way to work around that.

Since we don't always use postgres, we don't necessarily want a hard Depends on
libpq5, so I've actually ended up adding an explicit invocation of
`dpkg-shlibdeps` for `psycopg2`.

I've also updated the build-depends list for the package, which was missing a
couple of entries.
2019-07-17 17:47:07 +01:00
Erik Johnston
822a0f0435 Merge branch 'master' of github.com:matrix-org/synapse into develop 2019-07-04 14:00:27 +01:00
Erik Johnston
20332b278d 1.1.0 2019-07-04 11:44:09 +01:00
Amber Brown
463b072b12
Move logging utilities out of the side drawer of util/ and into logging/ (#5606) 2019-07-04 00:07:04 +10:00
Silke Hofstra
457b8e4c4d Include systemd-python in Debian package to allow logging to journal (#5261)
Signed-off-by: Silke Hofstra <silke@slxh.eu>
2019-06-27 18:26:41 +01:00
Erik Johnston
97174780ce 1.0.0 2019-06-11 17:10:01 +01:00
Erik Johnston
c831748f4d 0.99.5.2 2019-05-30 16:29:47 +01:00
Neil Johnson
3d5bba581b 0.99.5.1 2019-05-22 17:52:44 +01:00
Neil Johnson
006bd8f4f6 Revert "0.99.5"
This reverts commit c31e375ade.
2019-05-22 17:49:53 +01:00
Neil Johnson
c31e375ade 0.99.5 2019-05-22 17:45:44 +01:00
Neil Johnson
8031a6f3d5 0.99.5 2019-05-22 15:40:28 +01:00
Richard van der Hoff
afb463fb7a Some vagrant hackery for testing the debs 2019-05-17 12:56:46 +01:00
Richard van der Hoff
4a926f528e 0.99.4 2019-05-15 13:58:45 +01:00
Christoph Müller
ee90c06e38 Set syslog identifiers in systemd units (#5023) 2019-05-10 09:09:25 +01:00
Richard van der Hoff
fa21455e08 0.99.3.2 2019-05-03 18:56:24 +01:00
Richard van der Hoff
863ec09622 0.99.3.1 2019-05-03 16:03:24 +01:00
Neil Johnson
35442efb75 0.99.3 2019-04-01 12:49:03 +00:00
Richard van der Hoff
6e4931aa19 Debian package: fix warning during preconfiguration. 2019-03-07 07:18:06 +00:00
Richard van der Hoff
9ac72d9543 0.99.2 2019-03-01 10:55:44 +00:00
Richard van der Hoff
44a4d65586 0.99.2rc1 2019-02-27 10:48:34 +00:00
Richard van der Hoff
0969d688e3
Debian: fix overwriting of config settings on upgrade (#4696)
Make sure that users' changes to the config files are preserved.

Fixes #4440.
2019-02-22 15:02:39 +00:00
Richard van der Hoff
f595d6ac57 0.99.1.1 2019-02-14 17:20:02 +00:00
Richard van der Hoff
06cd757ae7 0.99.1 2019-02-14 14:24:24 +00:00
Дамјан Георгиевски
a214ba93e0 implement reload by sending the HUP signal (#4622)
* implement `reload` by sending the HUP signal

According to the 0.99 release info* synapse now uses the HUP signal to reload certificates:

> Synapse will now reload TLS certificates from disk upon SIGHUP. (#4495, #4524)

So the matrix-synapse.service unit file should include a reload directive.

Signed-off-by: Дамјан Георгиевски <gdamjan@gmail.com>
2019-02-14 13:44:22 +00:00
Richard van der Hoff
3bd9daf4b8 v0.99.0 2019-02-05 18:33:02 +00:00
Richard van der Hoff
8c58c10697
Generate the debian config during build (#4444)
Rather than hardcoding a config which we always forget to update, generate it
from the default config.
2019-01-24 13:39:01 +00:00
Richard van der Hoff
2f88881c93
debian package: symlink to python-3.X (#4433)
In the debian package, make the virtualenv symlink python to /usr/bin/python3.X
rather than /usr/bin/python3. Also make sure we depend on the right python3.x
package.

This might help a bit with subtle failures when people install a package from
the wrong distro (https://github.com/matrix-org/synapse/issues/4431).
2019-01-23 11:43:04 +00:00
Amber Brown
23b0813599
Require ECDH key exchange & remove dh_params (#4429)
* remove dh_params and set better cipher string
2019-01-22 21:58:50 +11:00
Richard van der Hoff
4fd051f9c3 moar plusses!
turns out that 0.34.1.1+1 comes before 0.34.1.1+bionic (etc).

The version may only contain "~ 0-9 A-Z a-z + - ." (sorting in that order).

Option 1: replace "+" with something that sorts after +. Options are "-" (but
dpkg-source complains about that) or "." (but that would mean we couldn't
distinguish packaging-only changes from real changes).

Option 2: stick with + and just find something that sorts after 'xenial'. The
only options there are "-", "." (same problems as before), "z", and "+".

Hence, ++1. Sorry.
2019-01-12 13:08:32 +00:00
Richard van der Hoff
91fa34b3fa s/Breaks/Conflicts/ in debian/control
Otherwise people can't upgrade from matrix-synapse without removing it first
2019-01-11 17:05:45 +00:00
Amber Brown
c0dba73aa0 changelog, for debian 2019-01-11 02:20:29 +11:00
Richard van der Hoff
2394e832a8 debian: Remove Breaks: matrix-synapse-ldap3 2019-01-09 15:35:11 +00:00
Richard van der Hoff
998f5225c1 0.34.1 2019-01-09 14:53:54 +00:00
Richard van der Hoff
29f20a8a1a
Update debian Conflicts specifications (#4349)
...  to allow installation alongside our matrix-synapse transitional package.
2019-01-04 17:24:13 +00:00
Richard van der Hoff
e9cdfedff3
Avoid packaging _trial_temp directory (#4326)
Make sure we don't put the _trial_temp directory in the package target
directory.

Fixes https://github.com/matrix-org/synapse/issues/4322
2019-01-02 07:30:31 +00:00
Richard van der Hoff
7134832c01
Install the optional dependencies into the debian package (#4325)
since #4298, the optional dependencies are no longer installed with a simple
`pip install .`, which meant that they were not being included in the debian
package.

The easy fix to that is dh_virtualenv --extras, but that needs dh_virtualenv
1.1...
2019-01-02 07:17:39 +00:00
Richard van der Hoff
ad1c68ad94 Mention updating extensions 2018-12-20 23:32:59 +00:00
Richard van der Hoff
a7aca672df
clarify that installing -py3 removes the old pkg 2018-12-20 22:05:27 +00:00
Richard van der Hoff
d731b75c7b Clarify that py2 packages will continue to exist 2018-12-20 14:55:41 +00:00
Richard van der Hoff
8957a11979 Update log config for debian packages
Better follow our own release notes.
2018-12-20 12:06:31 +00:00
Richard van der Hoff
1a6d5bfa08 Debian packaging via dh_virtualenv (#4285) 2018-12-20 11:33:29 +00:00
Amber Brown
fd4070a85d import from package-debian-synapse 2018-12-20 11:15:52 +00:00