matrix-synapse (1.128.0-1) unstable; urgency=medium
[ Antonio Russo ]
* New upstream release.
* Refresh the default homeserver.yaml.
* Refresh patches.
* Vendor un-Debianized Rust dependencies.
[ Andrej Shadura ]
* Add Antonio Enrico Russo to Uploaders
-- Antonio Russo <aerusso@aerusso.net> Sat, 10 May 2025 23:11:27 +0200
matrix-synapse (1.121.0-6) unstable; urgency=high
* SECURITY ISSUE: CVE-2025-30355 / GHSA-v56r-hwv5-mxg6 — Federation denial.
-- Andrej Shadura <andrewsh@debian.org> Wed, 26 Mar 2025 23:01:52 +0100
matrix-synapse (1.121.0-5) unstable; urgency=medium
* Add Italian debconf translation.
* Add Spanish debconf translation.
-- Andrej Shadura <andrewsh@debian.org> Tue, 07 Jan 2025 19:20:19 +0100
matrix-synapse (1.121.0-4) unstable; urgency=medium
* Fix typo in Belarusian debconf template translation.
-- Andrej Shadura <andrewsh@debian.org> Sat, 21 Dec 2024 13:56:27 +0100
matrix-synapse (1.121.0-3) unstable; urgency=medium
[ Remus-Gabriel Chelu ]
* Add Romanian debconf template translation (Closes: #1090925)
[ Andrej Shadura ]
* Add Belarusian debconf template translation.
* Add Slovak debconf template translation.
-- Andrej Shadura <andrewsh@debian.org> Sat, 21 Dec 2024 13:54:24 +0100
matrix-synapse (1.121.0-2) unstable; urgency=medium
[ Colin Watson ]
* Handle python3-multipart → python3-python-multipart renaming.
-- Andrej Shadura <andrewsh@debian.org> Fri, 13 Dec 2024 08:30:54 +0100
matrix-synapse (1.121.0-1) unstable; urgency=medium
* New upstream release.
* Refresh patches.
* Temporarily revert pyo3 version bump
* Apply patches from the Twisted 24.11 compatibility upstream MR.
-- Antonio Russo <aerusso@aerusso.net> Thu, 12 Dec 2024 10:15:24 +0100
matrix-synapse (1.116.0-4) unstable; urgency=medium
* Require python3-typing-extensions >= 4.1.
* Regenerate the patch series.
* Apply upstream patch for Twisted 24.10.0 compatibility:
- Remove usage of internal header encoding API
Closes: #1087239
* Temporarily skip test failures.
-- Andrej Shadura <andrewsh@debian.org> Sun, 10 Nov 2024 20:57:58 +0100
matrix-synapse (1.116.0-3) unstable; urgency=medium
[ Peter Michael Green ]
* Fix build process so vendored sources are actually used
(Closes: #1084037).
* Relax cargo dependency and Debian build-dependency on base64 crate.
* Fix clean target.
[ Antonio Russo ]
* python3-cryptography is now available.
* Clean up old, removed dependencies.
-- Andrej Shadura <andrewsh@debian.org> Tue, 08 Oct 2024 13:11:26 +0200
matrix-synapse (1.116.0-2) unstable; urgency=medium
* Removing myself as uploader,
with sincere apology for total lack of coordination
* Revert to again build-depend on dh-cargo (not dh-rust)
-- Jonas Smedegaard <dr@jones.dk> Thu, 03 Oct 2024 23:13:22 +0200
matrix-synapse (1.116.0-1) unstable; urgency=medium
[ Upstream ]
* New release(s)
+ Bump twisted to 24.7.0;
closes: bug#1079083, thanks to Colin Watson
[ Jonas Smedegaard ]
* Update and unfuzz patches
* Add patch to accept older releases/branches
of crates bytes, headers and http
* Update copyright info:
+ Update source URI
+ Add Upstream-Contact URI
+ Update coverage
+ Sort license sections alphabetically;
+ Use reference field for license section Apache-2.0
* Update build-dependencies and dh-builtusing hints
* Simplify rules;
build-depend on dh-rust (not dh-cargo);
add X-Cargo-Crates hint;
drop patch debian-rust
* Add unofficial rule get-vendorlibs,
to embed crates listed in TODO
* Embed crates pyo3, while Debian-packaged crates are too new;
closes: bug#1080392, thanks to Santiago Vila
* Embed crate ulid, until separately packaged in Debian
(see bug#1083195)
* Add source helper script copyright-check
* Add myself as uploader
* Enable hardening build options
* Use upstream optimization level
-- Jonas Smedegaard <dr@jones.dk> Thu, 03 Oct 2024 19:02:50 +0200
matrix-synapse (1.103.0-5) unstable; urgency=medium
[ Emmanuel Arias ]
* Remove python3-distutils from Dependency, it was already removed by upstream
(Closes: #1065900)
-- Andrej Shadura <andrewsh@debian.org> Sat, 13 Jul 2024 22:51:08 +0200
matrix-synapse (1.103.0-4) unstable; urgency=medium
* Ignore test failures on 32-bit architectures.
-- Andrej Shadura <andrewsh@debian.org> Wed, 29 May 2024 10:29:25 +0200
matrix-synapse (1.103.0-3) unstable; urgency=high
* Add a patch CVE-2024-31208 depends on and a regression fix for it.
-- Andrej Shadura <andrewsh@debian.org> Wed, 29 May 2024 08:49:31 +0200
matrix-synapse (1.103.0-2) unstable; urgency=medium
* Fix CVE-2024-31208 / GHSA-3h7q-rfh9-xm4v:
- Weakness in auth chain indexing allows DoS from remote room members
through disk fill and high CPU usage.
Closes: 1069763
-- Andrej Shadura <andrewsh@debian.org> Sat, 25 May 2024 16:22:51 +0200
matrix-synapse (1.103.0-1) unstable; urgency=medium
[ Antonio Russo ]
* New upstream release.
[ Andrej Shadura ]
* Remove obsolete build-dependency python3-mock (Closes: #1067236).
-- Andrej Shadura <andrewsh@debian.org> Wed, 20 Mar 2024 17:48:38 +0100
matrix-synapse (1.100.0-1) unstable; urgency=medium
* New upstream release.
-- Antonio Russo <aerusso@aerusso.net> Wed, 31 Jan 2024 17:50:11 +0100
matrix-synapse (1.99.0-3) unstable; urgency=medium
* Only run autopkgtests on the current Python.
Tests expect the temporary directory to not exist, and it only
makes sense to run tests with the default Python since that’s what
Synapse runs on.
-- Andrej Shadura <andrewsh@debian.org> Sat, 27 Jan 2024 15:06:14 +0100
matrix-synapse (1.99.0-2) unstable; urgency=medium
* Run autopkgtest-pkg-pybuild testsuite.
-- Andrej Shadura <andrewsh@debian.org> Sat, 27 Jan 2024 09:43:25 +0100
matrix-synapse (1.99.0-1) unstable; urgency=medium
[ Antonio Russo ]
* New upstream: Element.
* New upstream release.
* Update license and copyright information.
* Refresh patches.
* Update build dependencies.
[ Andrej Shadura ]
* Drop dependency on the obsolete package lsb-base.
* Update standards version to 4.6.2, no changes needed.
-- Antonio Russo <aerusso@aerusso.net> Fri, 26 Jan 2024 12:20:52 +0100
matrix-synapse (1.97.0-1) unstable; urgency=medium
* New upstream release.
-- Andrej Shadura <andrewsh@debian.org> Wed, 29 Nov 2023 09:30:19 +0100
matrix-synapse (1.95.1-1) unstable; urgency=high
* New upstream release (CVE-2023-43796, Closes: #1055255).
-- Andrej Shadura <andrew.shadura@collabora.co.uk> Sat, 04 Nov 2023 21:12:29 +0100
matrix-synapse (1.95.0-1) unstable; urgency=medium
* New upstream release.
* Relax upstream pyo3 0.19 dependency.
* Drop patch for pyo3 applied upstream.
-- Antonio Russo <aerusso@aerusso.net> Tue, 24 Oct 2023 17:59:40 -0600
matrix-synapse (1.94.0-1) unstable; urgency=high
* New upstream release (CVE-2023-45129).
-- Antonio Russo <aerusso@aerusso.net> Wed, 11 Oct 2023 14:04:46 +0100
matrix-synapse (1.93.0-1) unstable; urgency=medium
[ Antonio Russo ]
* New upstream release (Closes: #1053283, CVE-2023-42453, CVE-2023-41335).
* Refresh patches.
* Revert pillow version bump.
-- Andrej Shadura <andrewsh@debian.org> Sun, 01 Oct 2023 09:41:18 +0200
matrix-synapse (1.92.0-3) unstable; urgency=medium
* Add the missing dh-cargo build-dependency.
-- Andrej Shadura <andrewsh@debian.org> Tue, 26 Sep 2023 08:31:13 +0200
matrix-synapse (1.92.0-2) unstable; urgency=medium
[ Antonio Russo ]
* Run tests.
[ Andrej Shadura ]
* Don’t require test dependencies in nocheck mode.
* Simplify dependencies on Rust crates by using semver virtual packages.
* Generate Build-Using and Static-Built-Using.
-- Andrej Shadura <andrewsh@debian.org> Mon, 25 Sep 2023 22:58:29 +0200
matrix-synapse (1.92.0-1) unstable; urgency=medium
* New upstream release.
* Remove vendored sources and related infrastructure.
* Use Rust crates from Debian.
* Bump pyo3 dependency.
-- Antonio Russo <aerusso@aerusso.net> Mon, 18 Sep 2023 22:49:51 +0200
matrix-synapse (1.91.2-2) unstable; urgency=medium
* Revert upstream Cargo.lock changes.
-- Andrej Shadura <andrewsh@debian.org> Sun, 10 Sep 2023 13:34:33 +0200
matrix-synapse (1.91.2-1) unstable; urgency=medium
* New upstream release.
[ Antonio Russo ]
* Replace frozendict dependency by immutabledict.
-- Andrej Shadura <andrewsh@debian.org> Sun, 10 Sep 2023 12:56:47 +0200
matrix-synapse (1.90.0-1) unstable; urgency=medium
[ Andrej Shadura ]
* New upstream release (Closes: #1037207, CVE-2023-32682, CVE-2023-32683).
* Update licenses.
* Build Rust extension reproducibly.
[ Antonio Russo ]
* Refresh patches.
* Refresh canonicaljson dependency.
-- Andrej Shadura <andrewsh@debian.org> Thu, 31 Aug 2023 14:46:27 +0200
matrix-synapse (1.78.0-1) unstable; urgency=medium
* New upstream release.
-- Andrej Shadura <andrewsh@debian.org> Wed, 01 Mar 2023 22:49:36 +0100
matrix-synapse (1.77.0-1) unstable; urgency=medium
* New upstream release.
* Refresh patches.
* Add optional dependency on python3-icu.
* Drop obsolete dependencies.
-- Andrej Shadura <andrewsh@debian.org> Sun, 19 Feb 2023 09:32:02 +0100
matrix-synapse (1.74.0-1) unstable; urgency=medium
* New upstream release (Closes: #1025662).
* Refresh Cargo.lock patch.
-- Andrej Shadura <andrewsh@debian.org> Sat, 24 Dec 2022 15:32:05 +0100
matrix-synapse (1.73.0-1) unstable; urgency=medium
* New upstream release.
* Refresh the Cargo.lock patch.
-- Andrej Shadura <andrewsh@debian.org> Fri, 16 Dec 2022 17:55:33 +0100
matrix-synapse (1.72.0-1) unstable; urgency=medium
* New upstream release.
* Refresh Cargo.lock patch.
-- Andrej Shadura <andrewsh@debian.org> Wed, 23 Nov 2022 15:08:37 +0100
matrix-synapse (1.71.0-2) unstable; urgency=medium
* Unbreak the build by reverting Cargo.toml changes.
-- Andrej Shadura <andrewsh@debian.org> Wed, 09 Nov 2022 10:52:11 +0100
matrix-synapse (1.71.0-1) unstable; urgency=medium
* New upstream release.
-- Andrej Shadura <andrewsh@debian.org> Wed, 09 Nov 2022 09:05:11 +0100
matrix-synapse (1.70.1-1) unstable; urgency=medium
* New upstream release.
* Revert Cargo.lock changes.
-- Andrej Shadura <andrewsh@debian.org> Sun, 30 Oct 2022 12:29:46 +0100
matrix-synapse (1.69.0-1) unstable; urgency=medium
* New upstream release.
- Refresh vendored crates
- Update license and copyright information.
- Add rescan-licenses script.
-- Andrej Shadura <andrewsh@debian.org> Tue, 18 Oct 2022 15:45:33 +0100
matrix-synapse (1.68.0-1) unstable; urgency=medium
* New upstream release.
* Add new build dependencies.
* Vendor Rust crates used by the new Rust module.
* Document copyrights of the vendored crates.
* Mark the package as Architecture: any.
* Refresh patches.
-- Andrej Shadura <andrewsh@debian.org> Thu, 13 Oct 2022 00:31:58 +0100
matrix-synapse (1.66.0-2) unstable; urgency=medium
* Update the pip dependency patch to work with Python 3.9.
-- Andrej Shadura <andrewsh@debian.org> Tue, 06 Sep 2022 21:36:42 +0200
matrix-synapse (1.66.0-1) unstable; urgency=medium
* New upstream release.
* Warn users about packages installed from pip.
* Reinstate and refresh a patch to replace pip instructions with apt.
* Add new dependency on pydantic.
-- Andrej Shadura <andrewsh@debian.org> Thu, 01 Sep 2022 14:26:33 +0200
matrix-synapse (1.65.0-1) unstable; urgency=medium
* New upstream release.
-- Andrej Shadura <andrewsh@debian.org> Wed, 31 Aug 2022 13:21:30 +0200
matrix-synapse (1.64.0-3) unstable; urgency=medium
* Fix canonicaljson dependency (Closes: #1017008).
-- Andrej Shadura <andrewsh@debian.org> Thu, 11 Aug 2022 12:35:29 +0200
matrix-synapse (1.64.0-2) unstable; urgency=medium
[ Dagfinn Ilmari Mannsåker ]
* Set Type=notify in systemd service file.
-- Andrej Shadura <andrewsh@debian.org> Tue, 09 Aug 2022 15:43:07 +0200
matrix-synapse (1.64.0-1) unstable; urgency=medium
* New upstream release.
-- Andrej Shadura <andrewsh@debian.org> Tue, 09 Aug 2022 15:12:35 +0200
matrix-synapse (1.63.0-1) unstable; urgency=medium
* New upstream release.
* Bump the matrix-common dependency.
* Refresh patches.
-- Andrej Shadura <andrewsh@debian.org> Wed, 20 Jul 2022 14:24:20 +0200
matrix-synapse (1.61.1-1) unstable; urgency=medium
* New upstream release.
* SECURITY ISSUE: GHSA-22p3-qrh9-cx32 / CVE-2022-31052.
Synapse instances with the url_preview_enabled homeserver config option
set to true are affected. URL previews of some web pages can lead to
unbounded recursion, causing the request to either fail, or in some
cases crash the running Synapse process.
-- Andrej Shadura <andrewsh@debian.org> Tue, 28 Jun 2022 19:13:32 +0200
matrix-synapse (1.61.0-3) unstable; urgency=medium
* Use execute_after_*.
* Patch the matrix-common dependency to >= (Closes: #1013745).
-- Andrej Shadura <andrewsh@debian.org> Sat, 25 Jun 2022 12:19:57 +0200
matrix-synapse (1.61.0-2) unstable; urgency=medium
* Bump matrix-common dependency.
-- Andrej Shadura <andrewsh@debian.org> Fri, 24 Jun 2022 09:39:24 +0200
matrix-synapse (1.61.0-1) unstable; urgency=medium
* New upstream release.
* Set field Upstream-Name in debian/copyright.
* Update standards version to 4.6.0, no changes needed.
* Set Rules-Requires-Root: no.
-- Andrej Shadura <andrewsh@debian.org> Sun, 19 Jun 2022 15:22:34 +0200
matrix-synapse (1.59.1-2) unstable; urgency=medium
* Depend on Poetry core.
-- Andrej Shadura <andrewsh@debian.org> Wed, 18 May 2022 14:16:55 +0200
matrix-synapse (1.59.1-1) unstable; urgency=medium
* New upstream release.
* Refresh patches.
* Bump the unpaddedbase64 dependency.
-- Andrej Shadura <andrewsh@debian.org> Wed, 18 May 2022 13:49:56 +0200
matrix-synapse (1.57.1-1) unstable; urgency=medium
* New upstream release.
* Refresh patches.
* Use pyproject.toml during the build.
* Explicitly opt-in to dh-sequence-single-binary.
-- Andrej Shadura <andrewsh@debian.org> Fri, 22 Apr 2022 20:44:20 +0200
matrix-synapse (1.56.0-1) unstable; urgency=medium
* New upstream release.
* Drop Jinja upper version limit.
-- Andrej Shadura <andrewsh@debian.org> Wed, 06 Apr 2022 12:23:28 +0200
matrix-synapse (1.55.0-2) unstable; urgency=medium
* Limit the Jinja version to 3.0 (3.1 breaks compatibility, 2.x is
old and the upstream plans to force 3.x anyway).
-- Andrej Shadura <andrewsh@debian.org> Tue, 29 Mar 2022 10:47:21 +0200
matrix-synapse (1.55.0-1) unstable; urgency=medium
* New upstream release.
* Refresh patches.
* Update build dependencies.
* Use dh compat 13 and dh-sequence-python3.
* Rename binaries installed in /usr/bin to have less generic names.
Move scripts with original names to /usr/libexec/matrix-synapse
(Closes: #925543)
-- Andrej Shadura <andrewsh@debian.org> Tue, 22 Mar 2022 18:50:28 +0100
matrix-synapse (1.53.0-1) unstable; urgency=medium
* New upstream release.
* Bump python3-matrix-common dependency.
-- Andrej Shadura <andrewsh@debian.org> Thu, 24 Feb 2022 11:50:20 +0100
matrix-synapse (1.52.0-1) unstable; urgency=medium
* New upstream release.
* Update dependency constraints.
* Refresh patches.
-- Andrej Shadura <andrewsh@debian.org> Tue, 08 Feb 2022 23:20:40 +0100
matrix-synapse (1.51.0-1) unstable; urgency=high
* New upstream release.
* Sort entries in debian/copyright.
-- Andrej Shadura <andrewsh@debian.org> Tue, 25 Jan 2022 17:20:03 +0100
matrix-synapse (1.50.2-1) unstable; urgency=medium
* New upstream release.
-- Andrej Shadura <andrewsh@debian.org> Mon, 24 Jan 2022 18:16:50 +0100
matrix-synapse (1.50.1-1) unstable; urgency=medium
* New upstream release.
-- Andrej Shadura <andrewsh@debian.org> Tue, 18 Jan 2022 19:46:48 +0100
matrix-synapse (1.50.0-1) unstable; urgency=medium
* New upstream release.
* Depend on python3-matrix-common.
-- Andrej Shadura <andrewsh@debian.org> Tue, 18 Jan 2022 15:29:33 +0100
matrix-synapse (1.49.2-1) unstable; urgency=medium
* New upstream release.
-- Andrej Shadura <andrewsh@debian.org> Tue, 21 Dec 2021 20:46:08 +0100
matrix-synapse (1.49.0-1) unstable; urgency=medium
* New upstream release.
* Bump ijson dependency.
-- Andrej Shadura <andrewsh@debian.org> Tue, 14 Dec 2021 17:39:09 +0100
matrix-synapse (1.48.0-1) unstable; urgency=medium
* New upstream release.
* Update copyrights.
-- Andrej Shadura <andrewsh@debian.org> Tue, 30 Nov 2021 15:36:01 +0100
matrix-synapse (1.47.1-1) unstable; urgency=high
* New upstream security release.
* CVE-2021-41281: Path traversal when downloading remote media:
Synapse instances with the media repository enabled can be tricked
into downloading a file from a remote server into an arbitrary
directory, potentially outside the media store directory.
Homeservers with the media repository disabled or configured with a
federation whitelist are unaffected.
(GHSA-3hfw-x7gx-437c)
-- Andrej Shadura <andrewsh@debian.org> Tue, 23 Nov 2021 13:17:43 +0100
matrix-synapse (1.47.0-2) unstable; urgency=medium
* Require a Python 3.10-compatible version of frozendict.
-- Andrej Shadura <andrewsh@debian.org> Thu, 18 Nov 2021 01:13:53 +0100
matrix-synapse (1.47.0-1) unstable; urgency=medium
* New upstream release.
-- Andrej Shadura <andrewsh@debian.org> Wed, 17 Nov 2021 21:12:33 +0100
matrix-synapse (1.46.0-1) unstable; urgency=medium
* New upstream release.
-- Andrej Shadura <andrewsh@debian.org> Mon, 08 Nov 2021 14:54:14 +0100
matrix-synapse (1.45.1-1) unstable; urgency=high
* New upstream release.
-- Andrej Shadura <andrewsh@debian.org> Wed, 20 Oct 2021 20:25:01 +0200
matrix-synapse (1.45.0-1) unstable; urgency=medium
* New upstream release.
-- Andrej Shadura <andrewsh@debian.org> Tue, 19 Oct 2021 19:02:47 +0200
matrix-synapse (1.44.0-2) unstable; urgency=medium
* Drop unused dependency on blist.
-- Andrej Shadura <andrewsh@debian.org> Tue, 12 Oct 2021 10:06:50 +0200
matrix-synapse (1.44.0-1) unstable; urgency=medium
* New upstream release.
-- Andrej Shadura <andrewsh@debian.org> Tue, 05 Oct 2021 19:23:38 +0200
matrix-synapse (1.43.0-1) unstable; urgency=medium
* New upstream release.
-- Andrej Shadura <andrewsh@debian.org> Wed, 22 Sep 2021 09:26:18 +0100
matrix-synapse (1.42.0-1) unstable; urgency=medium
* New upstream release.
* Update jsonschema dependency to 3.0.0.
-- Andrej Shadura <andrewsh@debian.org> Tue, 14 Sep 2021 21:39:56 +0100
matrix-synapse (1.41.1-1) unstable; urgency=high
* New upstream release.
* SECURITY UPDATE:
- Unauthorised users could enumerate a private room's list of
members and their display names (CVE-2021-39164, GHSA-3x4c-pq33-4w3q).
- Unauthorised users could disclose a private room's name, avatar,
topic, and number of members (CVE-2021-39163, GHSA-jj53-8fmw-f2w2).
-- Andrej Shadura <andrewsh@debian.org> Tue, 31 Aug 2021 16:22:39 +0100
matrix-synapse (1.40.0-1) unstable; urgency=medium
* New upstream release.
-- Andrej Shadura <andrewsh@debian.org> Sun, 15 Aug 2021 10:52:45 +0100
matrix-synapse (1.39.0-1) unstable; urgency=medium
* New upstream release.
-- Andrej Shadura <andrewsh@debian.org> Fri, 30 Jul 2021 10:06:05 +0200
matrix-synapse (1.38.1-1) unstable; urgency=medium
* New upstream release.
-- Andrej Shadura <andrewsh@debian.org> Thu, 22 Jul 2021 18:42:29 +0200
matrix-synapse (1.38.0-1) unstable; urgency=medium
* New upstream release.
* Install renamed documents under the old names.
-- Andrej Shadura <andrewsh@debian.org> Wed, 14 Jul 2021 09:00:51 +0200
matrix-synapse (1.37.1-1) unstable; urgency=medium
* New upstream release.
-- Andrej Shadura <andrewsh@debian.org> Wed, 30 Jun 2021 22:18:16 +0200
matrix-synapse (1.37.0-1) unstable; urgency=medium
* New upstream release.
* Update the dependencies.
-- Andrej Shadura <andrewsh@debian.org> Tue, 29 Jun 2021 15:22:07 +0200
matrix-synapse (1.36.0-1) unstable; urgency=medium
* New upstream release.
-- Andrej Shadura <andrewsh@debian.org> Wed, 16 Jun 2021 10:28:46 +0200
matrix-synapse (1.35.1-1) unstable; urgency=medium
* New upstream release.
* d/watch: Skip pre-releases.
-- Andrej Shadura <andrewsh@debian.org> Mon, 14 Jun 2021 18:46:03 +0200
matrix-synapse (1.35.0-1) unstable; urgency=medium
* New upstream release.
* Depend on python3-ijson (>= 3.0).
-- Andrej Shadura <andrewsh@debian.org> Wed, 02 Jun 2021 08:19:14 +0200
matrix-synapse (1.34.0-1) unstable; urgency=medium
* New upstream release.
* Recommend pympler required for caches.track_memory_usage setting.
-- Andrej Shadura <andrewsh@debian.org> Mon, 17 May 2021 16:19:40 +0200
matrix-synapse (1.33.2-1) unstable; urgency=high
* New upstream release.
* Explicitly depend on python3-cryptography.
* Refresh patch.
* SECURITY UPDATE (CVE-2021-29471, GHSA-x345-32rc-8h85):
- Denial of service attack via push rule patterns:
"Push rules" can specify conditions under which they will match,
including event_match, which matches event content against a
pattern including wildcards. Certain patterns can cause very poor
performance in the matching engine, leading to a denial-of-service
when processing moderate-length events.
-- Andrej Shadura <andrewsh@debian.org> Tue, 11 May 2021 16:47:19 +0200
matrix-synapse (1.31.0-2) unstable; urgency=medium
* Stop using a deprecated dpkg-statoverride option (Closes: #927837).
* Remove dpkg-statoverride on purge (Closes: #927838).
* Properly escape variables in scripts.
* Only log warnings and above to the journal (Closes: #919347).
-- Andrej Shadura <andrewsh@debian.org> Tue, 13 Apr 2021 20:12:22 +0200
matrix-synapse (1.31.0-1) unstable; urgency=medium
* New upstream release.
* Revert upstream bump of python3-cryptography.
-- Andrej Shadura <andrewsh@debian.org> Wed, 07 Apr 2021 13:51:56 +0200
matrix-synapse (1.30.0-1) unstable; urgency=medium
* New upstream release.
* Update the watch URL.
-- Andrej Shadura <andrewsh@debian.org> Mon, 22 Mar 2021 18:36:56 +0100
matrix-synapse (1.29.0-1) unstable; urgency=medium
* New upstream release.
-- Andrej Shadura <andrewsh@debian.org> Fri, 12 Mar 2021 08:46:16 +0100
matrix-synapse (1.28.0-1) unstable; urgency=medium
* New upstream release.
-- Andrej Shadura <andrewsh@debian.org> Mon, 01 Mar 2021 15:22:17 +0100
matrix-synapse (1.27.0-1) unstable; urgency=medium
* New upstream release.
-- Andrej Shadura <andrewsh@debian.org> Wed, 17 Feb 2021 17:36:17 +0100
matrix-synapse (1.26.0-3) unstable; urgency=medium
* Downgrade the level of sandboxing to prevent confusion.
Strict sandboxing enabled by default caused issues for users running
appservices: https://github.com/matrix-org/synapse/issues/9327
It’s best to leave it enabled but relax a bit and let users opt in
for stricter protection if they wish.
-- Andrej Shadura <andrewsh@debian.org> Tue, 09 Feb 2021 23:25:50 +0100
matrix-synapse (1.26.0-2) unstable; urgency=medium
* Make psycopg2 a dependency.
-- Andrej Shadura <andrewsh@debian.org> Thu, 04 Feb 2021 11:21:55 +0100
matrix-synapse (1.26.0-1) unstable; urgency=medium
* New upstream release.
* Recommend matrix-synapse-ldap3.
* Put txacme into Recommends, add jwt and authlib into Suggests.
-- Andrej Shadura <andrewsh@debian.org> Thu, 28 Jan 2021 13:05:02 +0100
matrix-synapse (1.25.0-2) unstable; urgency=medium
* Don’t compress README.
* Increase max_upload_size to 100M (Closes: #955974)
* Stop the debconf interface when done debconfing (Correctly closes:
#935654).
* Fixes for the systemd unit files:
- Add SELinux support to the systemd unit file (Closes: #977430).
- Fix up service files for workers to point to the right Python
location
- Add sandboxing options (Closes: #955254).
- Add Documentation option.
* Replace the generic perl hashbang in a script with the real one.
-- Andrej Shadura <andrewsh@debian.org> Wed, 27 Jan 2021 10:11:11 +0100
matrix-synapse (1.25.0-1) unstable; urgency=medium
* New upstream release.
* initscript: Add a service description.
-- Andrej Shadura <andrewsh@debian.org> Wed, 13 Jan 2021 14:01:17 +0100
matrix-synapse (1.24.0-2) unstable; urgency=medium
[ Lars Kruse ]
* Fix the initscript:
- Make sure the uploads directory exists.
- Force start-stop-daemon to create a pidfile (Closes: #935654)
- Remove the check for certifacte/key files (Closes: #960276).
-- Andrej Shadura <andrewsh@debian.org> Sun, 10 Jan 2021 21:50:32 +0100
matrix-synapse (1.24.0-1) unstable; urgency=high
* New upstream release.
* SECURITY UPDATE: GHSA-hxmp-pqch-c8mm / CVE-2020-26257:
- A malicious homeserver could send malformed events into
a room which would then break federation of that room.
* BREAKING CHANGE:
- Removal historical Synapse Admin API.
See /usr/share/doc/matrix-synapse/UPGRADE.rst.gz for more details.
-- Andrej Shadura <andrewsh@debian.org> Thu, 10 Dec 2020 11:20:19 +0100
matrix-synapse (1.23.0-1) unstable; urgency=medium
* New upstream release.
-- Andrej Shadura <andrewsh@debian.org> Thu, 19 Nov 2020 09:38:22 +0100
matrix-synapse (1.22.1-2) unstable; urgency=medium
* Provide a get-config-key script to finally unbreak the init script
(Closes: #939069, #945759).
* Add Pre-Depends and extend Depends with more substvars.
-- Andrej Shadura <andrewsh@debian.org> Sat, 31 Oct 2020 10:47:26 +0100
matrix-synapse (1.22.1-1) unstable; urgency=medium
* New upstream release.
-- Andrej Shadura <andrewsh@debian.org> Sat, 31 Oct 2020 10:04:42 +0100
matrix-synapse (1.21.2-1) unstable; urgency=high
* New upstream bugfix release.
-- Andrej Shadura <andrewsh@debian.org> Thu, 15 Oct 2020 20:02:37 +0200
matrix-synapse (1.21.1-1) unstable; urgency=medium
* New upstream release.
* Bump canonicaljson dependency.
* Set upstream metadata fields: Bug-Database, Bug-Submit, Repository,
Repository-Browse.
* Use debhelper-compat 12 instead of debian/compat.
* Bump Standards-Version to 4.5.0.
* Update Vcs-Git.
-- Andrej Shadura <andrewsh@debian.org> Wed, 14 Oct 2020 14:59:25 +0200
matrix-synapse (1.20.1-1) unstable; urgency=medium
* New upstream release.
-- Andrej Shadura <andrewsh@debian.org> Fri, 25 Sep 2020 18:06:35 +0200
matrix-synapse (1.20.0-1) unstable; urgency=medium
* New upstream release.
* Bump python3-canonicaljson version.
-- Andrej Shadura <andrewsh@debian.org> Wed, 23 Sep 2020 10:03:06 +0200
matrix-synapse (1.19.3-1) unstable; urgency=high
* New upstream release.
-- Andrej Shadura <andrewsh@debian.org> Sat, 19 Sep 2020 14:22:15 +0300
matrix-synapse (1.19.2-1) unstable; urgency=high
* New upstream release.
-- Andrej Shadura <andrewsh@debian.org> Wed, 16 Sep 2020 17:44:26 +0300
matrix-synapse (1.19.1-1) unstable; urgency=high
* New upstream release.
-- Andrej Shadura <andrewsh@debian.org> Thu, 27 Aug 2020 17:35:49 +0200
matrix-synapse (1.19.0-1) unstable; urgency=medium
[ Andrej Shadura ]
* New upstream release.
* Bump python3-canonicaljson dependency.
[ Aaron Raimist ]
* Fix outdated documentation for SYNAPSE_CACHE_FACTOR.
-- Andrej Shadura <andrewsh@debian.org> Wed, 19 Aug 2020 21:34:43 +0200
matrix-synapse (1.18.0-1) unstable; urgency=medium
* New upstream release.
-- Andrej Shadura <andrewsh@debian.org> Wed, 12 Aug 2020 09:05:45 +0200
matrix-synapse (1.17.0-1) unstable; urgency=medium
* New upstream release.
* Update the jQuery missing source and the copyrights.
-- Andrej Shadura <andrewsh@debian.org> Tue, 14 Jul 2020 17:41:36 +0200
matrix-synapse (1.16.0-1) unstable; urgency=medium
* New upstream release.
* Update dependencies.
-- Andrej Shadura <andrewsh@debian.org> Thu, 09 Jul 2020 08:40:47 +0200
matrix-synapse (1.15.2-1) unstable; urgency=medium
* New upstream release.
-- Andrej Shadura <andrewsh@debian.org> Thu, 02 Jul 2020 21:52:42 +0200
matrix-synapse (1.15.1-1) unstable; urgency=medium
* New upstream bugfix release.
-- Andrej Shadura <andrewsh@debian.org> Tue, 16 Jun 2020 11:56:35 +0200
matrix-synapse (1.15.0-1) unstable; urgency=medium
* New upstream release.
* Refresh the default configuration.
-- Andrej Shadura <andrewsh@debian.org> Sun, 14 Jun 2020 20:32:44 +0200
matrix-synapse (1.13.0-1) unstable; urgency=medium
* New upstream release.
-- Andrej Shadura <andrewsh@debian.org> Mon, 25 May 2020 11:54:15 +0200
matrix-synapse (1.12.4-1) unstable; urgency=medium
* New upstream release.
-- Andrej Shadura <andrewsh@debian.org> Mon, 04 May 2020 10:31:40 +0200
matrix-synapse (1.12.3-1) unstable; urgency=medium
* New upstream release.
-- Andrej Shadura <andrewsh@debian.org> Tue, 07 Apr 2020 10:09:42 +0200
matrix-synapse (1.12.0-1) unstable; urgency=medium
* New upstream release.
* Pin Twisted to the version where the security issues have been fixed.
-- Andrej Shadura <andrewsh@debian.org> Tue, 24 Mar 2020 09:51:23 +0100
matrix-synapse (1.11.1-1) unstable; urgency=high
* New upstream release.
-- Andrej Shadura <andrewsh@debian.org> Tue, 03 Mar 2020 18:22:46 +0100
matrix-synapse (1.11.0-1) unstable; urgency=medium
* New upstream release.
-- Andrej Shadura <andrewsh@debian.org> Sat, 22 Feb 2020 11:04:00 +0300
matrix-synapse (1.10.0-2) unstable; urgency=medium
* Depend on python3-signedjson (>= 1.1.0) (Closes: #951378).
-- Andrej Shadura <andrewsh@debian.org> Sat, 15 Feb 2020 18:20:49 +0100
matrix-synapse (1.10.0-1) unstable; urgency=medium
* New upstream release.
* Drop synapse.federation.transport.server log level downgrade
since the upstream has fixed log levels in the source code.
-- Andrej Shadura <andrewsh@debian.org> Fri, 14 Feb 2020 15:03:45 +0100
matrix-synapse (1.9.1-1) unstable; urgency=high
* New upstream bugfix release.
-- Andrej Shadura <andrewsh@debian.org> Wed, 29 Jan 2020 14:47:02 +0100
matrix-synapse (1.9.0-1) unstable; urgency=medium
* New upstream release.
* The default logging config now comes with the logging level for Synapse
itself set to INFO, but some other modules and Twisted set to WARN.
This verbosity should be fine for normal uses, but when troubleshooting,
users may want to revert all WARNs to INFO or maybe even DEBUG.
The future releases will try to align the defaults to the upstream’s
one.
-- Andrej Shadura <andrewsh@debian.org> Thu, 23 Jan 2020 18:59:21 +0100
matrix-synapse (1.8.0-1) unstable; urgency=medium
* New upstream release.
-- Andrej Shadura <andrewsh@debian.org> Thu, 09 Jan 2020 17:19:59 +0100
matrix-synapse (1.7.3-1) unstable; urgency=high
* New upstream bugfix release.
-- Andrej Shadura <andrewsh@debian.org> Wed, 01 Jan 2020 13:21:02 +0100
matrix-synapse (1.7.2-1) unstable; urgency=high
* New upstream release.
* This release fixes a regression introduced in 1.7.1.
-- Andrej Shadura <andrewsh@debian.org> Fri, 20 Dec 2019 13:23:26 +0100
matrix-synapse (1.7.1-1) unstable; urgency=high
* New upstream release.
* SECURITY UPDATE:
- Fix a bug which could cause room events to be incorrectly authorised
using events from a different room.
- Fix a bug causing responses to the /context client endpoint to not
use the pruned version of the event.
- Fix a cause of state resets in room versions 2 onwards.
* Add new options to the default homeserver.yaml.
-- Andrej Shadura <andrewsh@debian.org> Wed, 18 Dec 2019 16:56:31 +0100
matrix-synapse (1.7.0-2) unstable; urgency=medium
* Install CONTRIBUTING.md instead of .rst.
-- Andrej Shadura <andrewsh@debian.org> Fri, 13 Dec 2019 20:29:38 +0100
matrix-synapse (1.7.0-1) unstable; urgency=medium
* New upstream release.
* Update parts of the homeserver.yaml config file.
-- Andrej Shadura <andrewsh@debian.org> Fri, 13 Dec 2019 17:12:26 +0100
matrix-synapse (1.6.1-1) unstable; urgency=high
* New upstream release.
-- Andrej Shadura <andrewsh@debian.org> Fri, 29 Nov 2019 14:43:09 +0100
matrix-synapse (1.6.0-1) unstable; urgency=medium
* New upstream release.
-- Andrej Shadura <andrewsh@debian.org> Tue, 26 Nov 2019 22:19:26 +0100
matrix-synapse (1.5.1-1) unstable; urgency=high
* New upstream release.
-- Andrej Shadura <andrewsh@debian.org> Mon, 11 Nov 2019 15:27:34 +0100
matrix-synapse (1.5.0-1) unstable; urgency=medium
* New upstream release (Closes: #944355).
* SECURITY UPDATE (CVE-2019-18835):
- Matrix Synapse before 1.5.0 mishandles signature checking on some
federation APIs. Events sent over /send_join, /send_leave, and /invite
may not be correctly signed, or may not come from the expected
servers.
* Require python3-typing-extensions (>= 3.7.4).
* Use secure copyright file specification URI.
-- Andrej Shadura <andrewsh@debian.org> Fri, 08 Nov 2019 14:38:14 +0100
matrix-synapse (1.4.0-1) unstable; urgency=medium
* New upstream release.
* Bump Twisted requirement.
-- Andrej Shadura <andrewsh@debian.org> Fri, 04 Oct 2019 10:07:43 +0200
matrix-synapse (1.3.0-1) unstable; urgency=medium
* New upstream release.
-- Andrej Shadura <andrewsh@debian.org> Thu, 15 Aug 2019 17:31:05 +0200
matrix-synapse (1.2.1-2) unstable; urgency=medium
[ Axel Beckert ]
* Fix the installation process hanging (Closes: #920339).
-- Andrej Shadura <andrewsh@debian.org> Fri, 09 Aug 2019 14:14:57 +0200
matrix-synapse (1.2.1-1) unstable; urgency=high
* New upstream release.
* Drop an old patch.
* SECURITY UPDATE:
- Prevent an attack where a federated server could send redactions
for arbitrary events in v1 and v2 rooms.
- Prevent a denial-of-service attack where cycles of redaction events
would make Synapse spin infinitely.
- Prevent an attack where users could be joined or parted from public
rooms without their consent.
- Fix a vulnerability where a federated server could spoof read
receipts from users on other servers.
-- Andrej Shadura <andrewsh@debian.org> Fri, 26 Jul 2019 13:02:23 -0300
matrix-synapse (1.1.0-1) unstable; urgency=medium
* New upstream release.
* Refresh patches.
* Make most runtime dependencies mandatory.
-- Andrej Shadura <andrewsh@debian.org> Thu, 18 Jul 2019 20:33:52 -0300
# Older entries have been removed from this changelog.
# To read the complete changelog use `apt changelog matrix-synapse`.
Generated by dwww version 1.15 on Sun Aug 31 18:20:49 CEST 2025.