Log message:
chat/matrix-synapse: Update to 1.98.0

Synapse 1.98.0 (2023-12-12)

Synapse 1.98.0 will be the last Synapse release in 2023; the regular
release cadence will resume in January 2024.

Synapse will soon be forked by Element under an AGPLv3.0 licence (with CLA, for
proprietary dual licensing). You can read more about this here:

    https://matrix.org/blog/2023/11/06/future-of-synapse-dendrite/
    https://element.io/blog/element-to-adopt-agplv3/

The Matrix.org Foundation copy of the project will be archived. Any changes needed
by server administrators will be communicated via our usual announcements channels,
but we are striving to make this as seamless as possible.

Features

  - Synapse now declares support for Matrix v1.7, v1.8, and
    v1.9. (#16707)

  - Add on_user_login module API callback for when a user logs
    in. (#15207)

  - Support MSC4069: Inhibit profile propagation. (#16636)

  - Restore tracking of requests and monthly active users when
    delegating authentication via MSC3861 to an OIDC
    provider. (#16672)

  - Add an autojoin setting for server notices rooms, so users may be
    joined directly instead of receiving an invite. (#16699)

  - Follow redirects when downloading media over federation (per
    MSC3860). (#16701)

Log message:
cargo.mk: centralize Darwin -install_name workaround.

Log message:
chat/matrix-synapse: Update to 1.95.1

The following issue is fixed in 1.95.1.

- \ 
[GHSA-mp92-3jfm-3575](https://github.com/matrix-org/synapse/security/advisories/GHSA-mp92-3jfm-3575) \ 
/ \ 
[CVE-2023-43796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43796) \ 
- Moderate Severity

  Cached device information of remote users can be queried from Synapse. This \ 
can be used to enumerate the remote users known to a homeserver.

Log message:
python/wheel.mk: simplify a lot, and switch to 'installer' for installation

This follows the recommended bootstrap method (flit_core, build, installer).

However, installer installs different files than pip, so update PLISTs
for all packages using wheel.mk and bump their PKGREVISIONs.

Log message:
chat/matrix-synapse: Minor pkglint cleanups

  Convert USE_LANGUAGES=c99 to USE_CC_FEATURES
  Whitespace

Log message:
chat/matrix-synapse: Update to 1.95.0

Upstream NEWS content less bugfixes, minor improvements, improved
documentation, etc.

1.95.0:

  none

1.94.0:

* Security

  The following issue is fixed in 1.94.0 (and RC).

    GHSA-5chr-wjw5-3gq4 / CVE-2023-45129 — Moderate Severity

    A malicious server ACL event can impact performance temporarily or \ 
permanently leading to a persistent denial of service.

    Homeservers running on a closed federation (which presumably do not need to \ 
use server ACLs) are not affected.

* Features

    Render plain, CSS, CSV, JSON and common image formats in the browser \ 
(inline) when requested through the /download endpoint. (#15988)
    Add experimental support for MSC4028 to push all encrypted events to \ 
clients. (#16361)
    Minor performance improvement when sending presence to federated servers. \ 
(#16385)
    Minor performance improvement by caching server ACL checking. (#16360)

1.93.0:

* Security

  The following issues are fixed in 1.93.0 (and RCs).

    GHSA-4f74-84v3-j9q5 / CVE-2023-41335 — Low Severity

    Temporary storage of plaintext passwords during password changes.

    GHSA-7565-cq32-vx2x / CVE-2023-42453 — Low Severity

    Improper validation of receipts allows forged read receipts.

* Features

    Add automatic purge after all users have forgotten a room. (#15488)
    Restore room purge/shutdown after a Synapse restart. (#15488)
    Support resolving homeservers using matrix-fed DNS SRV records from MSC4040. \ 
(#16137)
    Add the ability to use G (GiB) and T (TiB) suffixes in configuration options \ 
that refer to numbers of bytes. (#16219)
    Add span information to requests sent to appservices. Contributed by \ 
MTRNord. (#16227)
    Add the ability to enable/disable registrations when using CAS. Contributed \ 
by Aurélien Grimpard. (#16262)
    Allow the /notifications endpoint to be routed to workers. (#16265)
    Enable users to easily unsubscribe to notifications emails via the \ 
List-Unsubscribe header. (#16274)
    Report whether a user is locked in the List Accounts admin API, and exclude \ 
locked users by default. (#16328)

1.92.x:

* Security

    Pillow requirement in 10.0.1, not because it's actually required,
    but because other packaging systems don't handle updates correctly
    (libwebp).

1.91.x:

    Revert MSC3861 introspection cache, admin impersonation and
    account lock. (Labeled bugfix, but written in a way that makes it
    seem far more important.

* Features

    Add configuration setting for CAS protocol version. Contributed by Aurélien \ 
Grimpard. (#15816)
    Suppress notifications from message edits per MSC3958. (#16113)
    Return a Retry-After with M_LIMIT_EXCEEDED error responses. (#16136)
    Add last_seen_ts to the admin users API. (#16218)
    Improve resource usage when sending data to a large number of remote hosts \ 
that are marked as "down". (#16223)

Log message:
Ouch. Actually correct PLIST this time.

Log message:
Previous commit was incomplete and lacked PLIST

Log message:
Update chat/matrix-synapse to 1.91.2

# Synapse 1.91.2 (2023-09-06)

### Bugfixes

- Revert \ 
[MSC3861](https://github.com/matrix-org/matrix-spec-proposals/pull/3861) \ 
introspection cache, admin impersonation and account lock. \ 
([\#16258](https://github.com/matrix-org/synapse/issues/16258))

# Synapse 1.91.1 (2023-09-04)

### Bugfixes

- Fix a performance regression introduced in Synapse 1.91.0 where event \ 
persistence would cause an excessive linear growth in CPU usage. \ 
([\#16220](https://github.com/matrix-org/synapse/issues/16220))

Log message:
chat/matrix-synapse: Update to 1.91.0

packaging changes

  - avoid pydantic 2, as upstream has not yet coped with pydantic upstream \ 
instability
  - upstream dropped 3.7 after pkgsrc, so no action required

Upstream news

* 1.91.1

Features

    Implements an admin API to lock an user without deactivating them. Based on \ 
MSC3939. (#15870)
    Allow specifying client_secret_path as alternative to client_secret for OIDC \ 
providers. This avoids leaking the client secret in the homeserver config. \ 
Contributed by @Ma27. (#16030)
    Allow customising the IdP display name, icon, and brand for SAML and CAS \ 
providers (in addition to OIDC provider). (#16094)
    Add an admins query parameter to the List Accounts admin API, to include \ 
only admins or to exclude admins in user queries. (#16114)

Bugfixes

    [most omitted but the next line is very serious]
    Fix a bug introduced in 1.87 where synapse would send an excessive amount of \ 
federation requests to servers which have been offline for a long time. \ 
Contributed by Nico. (#16156, #16164)

* 1.90.0

Features

    Scope transaction IDs to devices (implement MSC3970). (#15629)
    Remove old rows from the cache_invalidation_stream_by_instance table \ 
automatically (this table is unused in SQLite). (#15868)

Deprecations and Removals

    Remove support for legacy application service paths. (#15964)
    Move support for application service query parameter authorization behind a \ 
configuration option. (#16017)

* 1.89.0

Features

    Add Unix Socket support for HTTP Replication Listeners. Document and provide \ 
usage instructions for utilizing Unix sockets in Synapse. Contributed by Jason \ 
Little. (#15708, #15924)
    Allow + in Matrix IDs, per MSC4009. (#15911)
    Support room version 11 from MSC3820. (#15912)
    Allow configuring the set of workers to proxy outbound federation traffic \ 
through via outbound_federation_restricted_to. (#15913, #15969)
    Implement MSC3814, dehydrated devices v2/shrivelled sessions and move \ 
MSC2697 behind a config flag. Contributed by Nico from Famedly, H-Shay and \ 
poljar. (#15929)

Deprecations and Removals

    Remove support for calling the /register endpoint with an unspecced user \ 
property for application services. (#15928)

* 1.88.0

Breaking Changes

    raises the minimum supported version of Python to 3.8, as Python 3.7 is now \ 
end-of-life, and
    removes deprecated config options related to worker deployment.

Features

    Add not_user_type param to the list accounts admin API. (#15844)

Deprecations and Removals

    Remove deprecated worker_replication_host, worker_replication_http_port and \ 
worker_replication_http_tls configuration options. See the upgrade notes for \ 
more details. (#15860)
    Remove support for Python 3.7 and hence for Debian Buster. (#15851, #15892, \ 
#15893, #15917)

* 1.87.0

Features

    Improve /messages response time by avoiding backfill when we already have \ 
messages to return. (#15737)
    Add spam checker module API for logins. (#15838)

Deprecations and Removals

    Remove experimental MSC2716 implementation to incrementally import history \ 
into existing rooms. (#15748)