File draupnir.changes of Package draupnir
-------------------------------------------------------------------
Fri Aug 15 22:23:43 UTC 2025 - Flann van der Eik <fl4nn@opensuse.org>
- Update to version 2.6.1
* Policy room creation is now possible on servers where
room version 12 is the default
* Calculation of protection permissions has been fixed in V12 rooms
-------------------------------------------------------------------
Tue Aug 12 20:38:47 UTC 2025 - Flann van der Eik <fl4nn@opensuse.org>
- Update to version 2.6.0
* Draupnir can now join and interact with V12 rooms.
* If you are a Draupnir for all / appservice administrator and your
homesever sets the default room version to 12, new Draupnir will
be able to be provisioned.
* The error logging when the config for `acceptInvitesFromSpace`
is incorrect has been improved.
* Replacement rooms will automatically be protected when protected
rooms are upgraded.
* V12 room identifiers can now be used in commands.
* Room discovery has been made a synchronous part of the takedown
command. This would happen in background before which could cause
confusion if it failed.
-------------------------------------------------------------------
Sat Jul 12 12:28:17 UTC 2025 - Flann van der Eik <fl4nn@opensuse.org>
- Update to version 2.5.0
* There is a new protection enabled by default called the
InvalidEventProtection. This protection redacts events that contain
malformed mixins that are likely to trip up other Matrix clients,
or potentially represent an attempt to bypass Draupnir protections.
For Matrix developers, what qualifies as a malformed mixin is very
conservative, and we only focus on the core properties of a given
mixin.
* The WordListProtection, and MentionLimitProtection are updated to
use a new method of parsing Matrix events by extracting mixins
that is provided by the matrix-protection-suite. This will allow
these protections to continue to function should extensible events
ever make it into a release of the Matrix specification.
And generally this is a more robust way of parsing Matrix events.
* Draupnir deployed in appservice mode were not being disposed of
correctly when being placed into or restarting from safe mode.
This could be a root cause a variety of issues.
* The JSON reviver used by Draupnir for handling http requests and
responses has been modified to cover more property names found on
the Object.prototype, in addition to the existing restrictions
preventing prototype pollution. This adds redundancy to code
handling objects parsed from untrusted sources.
-------------------------------------------------------------------
Mon Jun 23 20:58:04 UTC 2025 - Flann van der Eik <fl4nn@opensuse.org>
- Update to version 2.4.1
* Fixed an issue where protection config values were not validated
or substituted with default values when protections were loaded.
This effected the RoomTakedownProtection as described in
gh#the-draupnir-project/Draupnir#911
-------------------------------------------------------------------
Mon Jun 23 16:05:17 UTC 2025 - Flann van der Eik <fl4nn@opensuse.org>
- Update to version 2.4.0
* Implemented /ping for synapse-http-antispam. It is now possible to
check if synapse is misconfigured by searching for "Successfully
pinged antispam server with request ID in any worker log.
* It is now possible to configure the symbol prefix (by default !)
used for Draupnir commands.
* The RoomTakedownProtection now sources rooms from the Synapse
admin API aswell as synapse-http-antispam.
* Room discovery notifications are now disabled by default. This is
because if enabled initially, they are likely to flood your
management room with room details that you will never go through.
* Bringing Draupnir into safe mode would not disable and dispose of
enabled protections.
-------------------------------------------------------------------
Tue Jun 3 10:59:04 UTC 2025 - Flann van der Eik <fl4nn@opensuse.org>
- Update to version 2.3.1
* Support for synapse-http-antispam to replace the legacy
Mjolnir antispam module.
* Autosuspension for resident users matching watched policy rules.
* Takedowns as an alternative to conventional bans. takedown marks
users, rooms, or servers with a policy that means any content
associated with the entity should be removed and taken down.
This is a much stronger consequence than ban and is reserved for
illegal or intolerable content. See MSC4204 for details.
This command works in conjunction with the new
Room Takedown Protection
* The mention limit protection has been stabilised.
* --http-antispam-authorization-path option to allow loading the
synapse-http-antispam authorization token from a file on systems
using systemd credentials.
* Booleans and quoted strings are now supported by the command reader.
* A policy remove command has been added to remove policies by
literal without unbanning users or any other consequences.
* The MentionLimitProtection has been stabilised and configuration
settings have been added. The old experimental version of the
protection was using a file based configuration that is no longer
used. The protection will now warn users and the ban.
* The shutdown room command has been improved so that the content
violation notification can be toggled with a new --notify option.
The command also now uses V1 of the delete rooms API rather than
V2 simply because for unknown reasons clients are not getting the
leave events propagated to them properly with V2.
* The room discovery notifications from the RoomTakedownProtection
have been moved to their own room.
* The ServerBanSynchronisation is smarter about applying ACL's when
there are lots of policy changes.
* Negative integers can now be entered into the markdown reader.
* Fixed an issue where draupnir would write MSC4205 hashed entities
without the proper namespacing.
* Stopped content violation notifications appearing on room takedown.
* RoomTakedownProtection would fail to creat a notification room if
the homeserver at any point failed to invite remote users.
We invite users to the room separately.
* RoomTakedownProtection would invite non joined members of the
mangagement room to the newly created notification room.
Including left and banned users.
-------------------------------------------------------------------
Sat May 24 21:51:55 UTC 2025 - Georg Pfuetzenreuter <mail+rpm@georg-pfuetzenreuter.net>
- Update to version 2.3.0-beta.2
-------------------------------------------------------------------
Tue Mar 4 11:07:52 UTC 2025 - Flann van der Eik <fl4nn@opensuse.org>
- Update to version 2.2.0
* The unban command no longer accepts a list argument
* The unban command no longer reinvites users by default.
* The unban command now features a preview and confirmation prompt
* !draupnir protections show now merges protection setting
documentation and current values into one section.
* Compatible capability providers are shown for the capability set
in the !draupnir protections show command.
* !draupnir rooms now shows a date alongside each room for when
the room state revision was last updated.
* Simulated capabilities for all available protection capabilities.
These allow protections to run without effects.
* A command !draupnir protections capability reset
<protection name> to restore the default capability set.
* A !draupnir rules matching members command has been added to show
all policy rules that match members to protected rooms.
* Fixed a bug where Draupnir would reply with a very hard to
understand error message to commands that had provided an
extra argument.
-------------------------------------------------------------------
Sun Feb 2 14:51:33 UTC 2025 - Flann van der Eik <fl4nn@opensuse.org>
- Update to version 2.1.0
* config.protectAllJoinedRooms was unimplemented in versions
v2.0.2 and below. This went under the radar in the beta programme
because it would have only been detectable for first time testers
migrating over.
* Draupnir will now automatically unprotect rooms when the bot
is kicked, and send an alert to the management room.
* config.commands.allowNoPrefix will include the full
command arguments again.
* Fixed an issue where the ProtectedRoomsSet would not be disposed
on entering safe mode via the !draupnir safe mode command. This
would cause duplicate protections to apply out of date policies
to protected rooms.
* An issue where sometimes Draupnir would crash if it were unable
to fetch its own profile from the homeserver. We just fallback to
nothing if this was the case.
* RoomSetBehaviourProtection to add the
config.protectAllJoinedRoomsFunctionality.
This is also responsible for unprotecting rooms as the bot is
removed from them.
* The !draupnir rooms command will now distinguish between joined
and protected rooms, joined but unprotected rooms, and protected
but parted rooms.
-------------------------------------------------------------------
Mon Jan 27 12:59:30 UTC 2025 - Flann van der Eik <fl4nn@opensuse.org>
- AppArmor: Include abstractions/user-tmp
This appears necessary for the background refresh of the
room state cache.
-------------------------------------------------------------------
Fri Jan 24 17:11:54 UTC 2025 - Flann van der Eik <fl4nn@opensuse.org>
- Update to 2.0.2
* The unban command now has an --invite option to re-invite any users
that are unbanned by the command
* Draupnir will now refresh the room state cache in the background
after startup when the backing store is in use
* Fixed issues where the bot wouldn't respond to pings from some clients
* Fixed an issue where Draupnir would ignore the Retry-After http header
and so not rate limit Draupnir properly
* Draupnir will respond when the allowNoPrefix config option is used
* Draupnir will now ignore newlines in secret files
-------------------------------------------------------------------
Mon Jan 20 17:47:05 UTC 2025 - Flann van der Eik <fl4nn@opensuse.org>
- Update to 2.0.1
- Make update.sh exit early if dependencies are missing
- Use `--draupnir-config`, running without it is deprecated
- Adapt AppArmor config to allow reading production.yaml
-------------------------------------------------------------------
Thu Jan 16 20:37:46 UTC 2025 - Georg Pfuetzenreuter <mail+rpm@georg-pfuetzenreuter.net>
- Update to 2.0.0
-------------------------------------------------------------------
Tue Jan 7 11:10:17 UTC 2025 - Georg Pfuetzenreuter <mail+rpm@georg-pfuetzenreuter.net>
- Allow io_uring_enter (426) and io_uring_setup (425) syscalls
(could not find what changed to make them needed now, but deemed low risk)
-------------------------------------------------------------------
Thu Oct 3 20:45:58 UTC 2024 - Georg Pfuetzenreuter <mail+rpm@georg-pfuetzenreuter.net>
- Update to 2.0.0-beta.7
-------------------------------------------------------------------
Thu Oct 3 19:57:58 UTC 2024 - Georg Pfuetzenreuter <mail+rpm@georg-pfuetzenreuter.net>
- Try restarts on failure more often
-------------------------------------------------------------------
Thu Sep 26 23:15:41 UTC 2024 - Georg Pfuetzenreuter <mail+rpm@georg-pfuetzenreuter.net>
- Pin node version
-------------------------------------------------------------------
Tue Sep 24 19:48:09 UTC 2024 - Georg Pfuetzenreuter <mail+rpm@georg-pfuetzenreuter.net>
- Read access token from file
-------------------------------------------------------------------
Wed Sep 18 00:19:16 UTC 2024 - Georg Pfuetzenreuter <mail+rpm@georg-pfuetzenreuter.net>
- Set SyslogIdentifier
-------------------------------------------------------------------
Wed Sep 18 00:14:29 UTC 2024 - Georg Pfuetzenreuter <mail+rpm@georg-pfuetzenreuter.net>
- Add AppArmor profile
-------------------------------------------------------------------
Tue Sep 17 23:42:35 UTC 2024 - Georg Pfuetzenreuter <mail+rpm@georg-pfuetzenreuter.net>
- Enable SQLite support for roomStateBackingStore
-------------------------------------------------------------------
Tue Sep 17 22:24:15 UTC 2024 - Georg Pfuetzenreuter <mail+rpm@georg-pfuetzenreuter.net>
- Update 2.0.0-beta.6
-------------------------------------------------------------------
Tue Sep 17 14:30:13 UTC 2024 - Georg Pfuetzenreuter <mail+rpm@georg-pfuetzenreuter.net>
- Initial package
