28 Mar 2021 |
| rez0sk joined the room. | 15:27:15 |
| AndreasAC left the room. | 15:42:27 |
29 Mar 2021 |
| Mark left the room. | 02:51:44 |
30 Mar 2021 |
RSS Bot [@hubert:uhoreg.ca] | Debian package news for matrix-synapse: A new upstream version is available: <a href="https://github.com/matrix-org/synapse/archive/refs/tags/v1.30.1.tar.gz">1.30.1</a> | 06:13:24 |
| jonas joined the room. | 12:57:41 |
1 Apr 2021 |
| @b342 joined the room. | 06:27:03 |
2 Apr 2021 |
| Calaad joined the room. | 12:38:45 |
| Calaad set a profile picture. | 17:24:03 |
| Calaad changed their profile picture. | 18:31:11 |
4 Apr 2021 |
RSS Bot [@hubert:uhoreg.ca] | Debian package news for matrix-synapse: matrix-synapse REMOVED from testing | 04:43:53 |
5 Apr 2021 |
| Scott Sweeny left the room. | 16:03:27 |
6 Apr 2021 |
| Stefan changed their profile picture. | 09:24:31 |
7 Apr 2021 |
RSS Bot [@hubert:uhoreg.ca] | Debian package news for matrix-synapse: Accepted matrix-synapse 1.31.0-1 (source) into unstable | 12:04:48 |
| jan changed their profile picture. | 12:22:23 |
RSS Bot [@hubert:uhoreg.ca] | Debian package news for matrix-synapse: <a href="https://qa.debian.org/cgi-bin/vcswatch?package=matrix-synapse">version in VCS is newer</a> than in repository, is it time to upload? | 13:39:48 |
| project1enigma joined the room. | 20:05:39 |
9 Apr 2021 |
| Booster changed their profile picture. | 15:19:31 |
10 Apr 2021 |
| Yannick joined the room. | 16:35:10 |
| James Valleroy joined the room. | 16:42:50 |
Yannick | Hi folks! when synapse 1.30.1 with the security fix for OpenSSL will be available? I'm usinf fastrack on debian buster and latest is 1.30.0. | 16:43:20 |
11 Apr 2021 |
davo | In reply to @yannick:bistre.fr Hi folks! when synapse 1.30.1 with the security fix for OpenSSL will be available? I'm usinf fastrack on debian buster and latest is 1.30.0. I'm confused by this question. Is your libssl1.1 not up to date? | 02:09:26 |
| @wusuoweiju:matrix.org joined the room. | 10:17:31 |
| @wusuoweiju:matrix.org left the room. | 10:18:46 |
RSS Bot [@hubert:uhoreg.ca] | Debian package news for matrix-synapse: lintian reports <a href="https://lintian.debian.net/sources/matrix-synapse">3 errors and 31 warnings</a> | 10:22:34 |
Yannick | In reply to @david:vovo.id.au I'm confused by this question. Is your libssl1.1 not up to date? Yes, it is up to date. But I'm not sure if that's enough. It all started with this release : https://matrix.org/blog/2021/03/26/synapse-1-30-1-released | 11:35:09 |
Yannick |
"This release is identical to Synapse 1.30.0, with the exception of explicitly setting a minimum version of the Python Cryptography library to ensure that users of Synapse are protected from yesterday's OpenSSL security advisories, especially CVE-2021-3449. ../.. Note that Cryptography defaults to bundling its own statically linked copy of OpenSSL, which means that you may not be protected by your operating system's security updates."
| 11:35:36 |
Yannick | Thus the question is: does Python Cryptography library has this fix released in debian? Either by using libssl1.1 dynamically linked and patched, or by using a patched version of statically linked libssl. | 11:36:32 |
Yannick | The OpenSSL advisory (CVE-2021-3450) state: | 11:37:28 |
Yannick |
"OpenSSL versions 1.1.1h and newer are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k.",
| 11:38:45 |
Yannick | (CVE-2021-3449) state: | 11:39:59 |