Merge branch 'develop' into dependabot/pip/twisted-24.10.0

2024-12-03 16:33:30 +03:00 · 2024-11-12 16:45:01 +00:00 · 2024-11-12 16:45:01 +00:00 · d95af91ab9
commit d95af91ab9
parent e9d94a22b7 bfb197c596
53 changed files with 281 additions and 105 deletions
--- a/.github/workflows/release-artifacts.yml
+++ b/.github/workflows/release-artifacts.yml
@ -91,10 +91,19 @@ jobs:
          rm -rf /tmp/.buildx-cache
          mv /tmp/.buildx-cache-new /tmp/.buildx-cache

+      - name: Artifact name
+        id: artifact-name
+        # We can't have colons in the upload name of the artifact, so we convert
+        # e.g. `debian:sid` to `sid`.
+        env:
+          DISTRO: ${{ matrix.distro }}
+        run: |
+          echo "ARTIFACT_NAME=${DISTRO#*:}" >> "$GITHUB_OUTPUT"
+
      - name: Upload debs as artifacts
        uses: actions/upload-artifact@v4
        with:
-          name: debs
+          name: debs-${{ steps.artifact-name.outputs.ARTIFACT_NAME }}
          path: debs/*

  build-wheels:
@ -196,7 +205,12 @@ jobs:
      - name: Download all workflow run artifacts
        uses: actions/download-artifact@v4
      - name: Build a tarball for the debs
-        run: tar -cvJf debs.tar.xz debs
+        # We need to merge all the debs uploads into one folder, then compress
+        # that.
+        run: |
+          mkdir debs
+          mv debs*/* debs/
+          tar -cvJf debs.tar.xz debs
      - name: Attach to release
        uses: softprops/action-gh-release@a929a66f232c1b11af63782948aa2210f981808a  # PR#109
        env:
@ -204,7 +218,7 @@ jobs:
        with:
          files: |
            Sdist/*
-            Wheel/*
+            Wheel*/*
            debs.tar.xz
          # if it's not already published, keep the release as a draft.
          draft: true
--- a/CHANGES.md
+++ b/CHANGES.md
@ -1,3 +1,62 @@
+# Synapse 1.119.0rc2 (2024-11-11)
+
+Note that due to packaging issues there was no v1.119.0rc1.
+
+### Python 3.8 support dropped
+
+Python 3.8 is [end-of-life](https://devguide.python.org/versions/) and is no longer supported by Synapse. The minimum supported Python version is now 3.9.
+
+If you are running Synapse with Python 3.8, please upgrade to Python 3.9 (or greater) before upgrading Synapse.
+
+### Features
+
+- Support [MSC4151](https://github.com/matrix-org/matrix-spec-proposals/pull/4151)'s stable report room API. ([\#17374](https://github.com/element-hq/synapse/issues/17374))
+- Add experimental support for [MSC4222](https://github.com/matrix-org/matrix-spec-proposals/pull/4222) (Adding `state_after` to sync v2). ([\#17888](https://github.com/element-hq/synapse/issues/17888))
+
+### Bugfixes
+
+- Fix bug with sliding sync where `$LAZY`-loading room members would not return `required_state` membership in incremental syncs. ([\#17809](https://github.com/element-hq/synapse/issues/17809))
+- Check if user has membership in a room before tagging it. Contributed by Lama Alosaimi. ([\#17839](https://github.com/element-hq/synapse/issues/17839))
+- Fix a bug in the admin redact endpoint where the background task would not run if a worker was specified in
+  the config option `run_background_tasks_on`. ([\#17847](https://github.com/element-hq/synapse/issues/17847))
+- Fix bug where some presence and typing timeouts can expire early. ([\#17850](https://github.com/element-hq/synapse/issues/17850))
+- Fix detection when the built Rust library was outdated when using source installations. ([\#17861](https://github.com/element-hq/synapse/issues/17861))
+- Fix a long-standing bug in Synapse which could cause one-time keys to be issued in the incorrect order, causing message decryption failures. ([\#17903](https://github.com/element-hq/synapse/pull/17903))
+- Fix experimental support for [MSC4222](https://github.com/matrix-org/matrix-spec-proposals/pull/4222) (Adding `state_after` to sync v2) where we would return the full state on incremental syncs when using lazy loaded members and there were no new events in the timeline. ([\#17915](https://github.com/element-hq/synapse/pull/17915))
+
+### Internal Changes
+
+- Remove support for python 3.8. ([\#17908](https://github.com/element-hq/synapse/issues/17908))
+- Add a test for downloading and thumbnailing a CMYK JPEG. ([\#17786](https://github.com/element-hq/synapse/issues/17786))
+- Refactor database calls to remove `Generator` usage. ([\#17813](https://github.com/element-hq/synapse/issues/17813), [\#17814](https://github.com/element-hq/synapse/issues/17814), [\#17815](https://github.com/element-hq/synapse/issues/17815), [\#17816](https://github.com/element-hq/synapse/issues/17816), [\#17817](https://github.com/element-hq/synapse/issues/17817), [\#17818](https://github.com/element-hq/synapse/issues/17818), [\#17890](https://github.com/element-hq/synapse/issues/17890))
+- Include the destination in the error of 'Destination mismatch' on federation requests. ([\#17830](https://github.com/element-hq/synapse/issues/17830))
+- The nix flake inside the repository no longer tracks nixpkgs/master to not catch the latest bugs from a PR merged 5 minutes ago. ([\#17852](https://github.com/element-hq/synapse/issues/17852))
+- Minor speed-up of sliding sync by computing extensions results in parallel. ([\#17884](https://github.com/element-hq/synapse/issues/17884))
+- Bump the default Python version in the Synapse Dockerfile from 3.11 -> 3.12. ([\#17887](https://github.com/element-hq/synapse/issues/17887))
+- Remove usage of internal header encoding API. ([\#17894](https://github.com/element-hq/synapse/issues/17894))
+- Use unique name for each os.arch variant when uploading Wheel artifacts. ([\#17905](https://github.com/element-hq/synapse/issues/17905))
+- Fix tests to run with latest Twisted. ([\#17906](https://github.com/element-hq/synapse/pull/17906), [\#17907](https://github.com/element-hq/synapse/pull/17907), [\#17911](https://github.com/element-hq/synapse/pull/17911))
+- Update version constraint to allow the latest poetry-core 1.9.1. ([\#17902](https://github.com/element-hq/synapse/pull/17902))
+- Update the portdb CI to use Python 3.13 and Postgres 17 as latest dependencies. ([\#17909](https://github.com/element-hq/synapse/pull/17909))
+- Add an index to `current_state_delta_stream` table. ([\#17912](https://github.com/element-hq/synapse/issues/17912))
+- Fix building and attaching release artifacts during the release process. ([\#17921](https://github.com/element-hq/synapse/issues/17921))
+
+### Updates to locked dependencies
+
+* Bump actions/download-artifact & actions/upload-artifact from 3 to 4 in /.github/workflows. ([\#17657](https://github.com/element-hq/synapse/issues/17657))
+* Bump anyhow from 1.0.89 to 1.0.92. ([\#17858](https://github.com/element-hq/synapse/issues/17858), [\#17876](https://github.com/element-hq/synapse/issues/17876), [\#17901](https://github.com/element-hq/synapse/issues/17901))
+* Bump bytes from 1.7.2 to 1.8.0. ([\#17877](https://github.com/element-hq/synapse/issues/17877))
+* Bump cryptography from 43.0.1 to 43.0.3. ([\#17853](https://github.com/element-hq/synapse/issues/17853))
+* Bump mypy-zope from 1.0.7 to 1.0.8. ([\#17898](https://github.com/element-hq/synapse/issues/17898))
+* Bump phonenumbers from 8.13.47 to 8.13.49. ([\#17880](https://github.com/element-hq/synapse/issues/17880), [\#17899](https://github.com/element-hq/synapse/issues/17899))
+* Bump python-multipart from 0.0.12 to 0.0.16. ([\#17879](https://github.com/element-hq/synapse/issues/17879))
+* Bump regex from 1.11.0 to 1.11.1. ([\#17874](https://github.com/element-hq/synapse/issues/17874))
+* Bump ruff from 0.6.9 to 0.7.2. ([\#17868](https://github.com/element-hq/synapse/issues/17868), [\#17897](https://github.com/element-hq/synapse/issues/17897))
+* Bump serde from 1.0.210 to 1.0.214. ([\#17875](https://github.com/element-hq/synapse/issues/17875), [\#17900](https://github.com/element-hq/synapse/issues/17900))
+* Bump serde_json from 1.0.128 to 1.0.132. ([\#17857](https://github.com/element-hq/synapse/issues/17857))
+* Bump types-psycopg2 from 2.9.21.20240819 to 2.9.21.20241019. ([\#17855](https://github.com/element-hq/synapse/issues/17855))
+* Bump types-setuptools from 75.1.0.20241014 to 75.2.0.20241019. ([\#17856](https://github.com/element-hq/synapse/issues/17856))
+
 # Synapse 1.118.0 (2024-10-29)

 No significant changes since 1.118.0rc1.
--- a/Cargo.lock
+++ b/Cargo.lock
@ -13,9 +13,9 @@ dependencies = [

 [[package]]
 name = "anyhow"
-version = "1.0.92"
+version = "1.0.93"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "74f37166d7d48a0284b99dd824694c26119c700b53bf0d1540cdb147dbdaaf13"
+checksum = "4c95c10ba0b00a02636238b814946408b1322d5ac4760326e6fb8ec956d85775"

 [[package]]
 name = "arc-swap"
--- a/changelog.d/17374.feature
+++ b/changelog.d/17374.feature
@ -1 +0,0 @@
-Support [MSC4151](https://github.com/matrix-org/matrix-spec-proposals/pull/4151)'s stable report room API.
--- a/changelog.d/17657.misc
+++ b/changelog.d/17657.misc
@ -1 +0,0 @@
-Bump actions/download-artifact and actions/upload-artifact from v3 -> v4.
--- a/changelog.d/17786.misc
+++ b/changelog.d/17786.misc
@ -1 +0,0 @@
-Add a test for downloading and thumbnailing a CMYK JPEG.
--- a/changelog.d/17809.bugfix
+++ b/changelog.d/17809.bugfix
@ -1 +0,0 @@
-Fix bug with sliding sync where `$LAZY`-loading room members would not return `required_state` membership in incremental syncs.
--- a/changelog.d/17813.misc
+++ b/changelog.d/17813.misc
@ -1 +0,0 @@
-Refactor database calls to remove `Generator` usage.
--- a/changelog.d/17814.misc
+++ b/changelog.d/17814.misc
@ -1 +0,0 @@
-Refactor database calls to remove `Generator` usage.
--- a/changelog.d/17815.misc
+++ b/changelog.d/17815.misc
@ -1 +0,0 @@
-Refactor database calls to remove `Generator` usage.
--- a/changelog.d/17816.misc
+++ b/changelog.d/17816.misc
@ -1 +0,0 @@
-Refactor database calls to remove `Generator` usage.
--- a/changelog.d/17817.misc
+++ b/changelog.d/17817.misc
@ -1 +0,0 @@
-Refactor database calls to remove `Generator` usage.
--- a/changelog.d/17818.misc
+++ b/changelog.d/17818.misc
@ -1 +0,0 @@
-Refactor database calls to remove `Generator` usage.
--- a/changelog.d/17830.misc
+++ b/changelog.d/17830.misc
@ -1 +0,0 @@
-Include the destination in the error of 'Destination mismatch' on federation requests.
--- a/changelog.d/17839.bugfix
+++ b/changelog.d/17839.bugfix
@ -1 +0,0 @@
-Check if user has membership in a room before tagging it. Contributed by Lama Alosaimi.
--- a/changelog.d/17847.bugfix
+++ b/changelog.d/17847.bugfix
@ -1,2 +0,0 @@
-Fix a bug in the admin redact endpoint where the background task would not run if a worker was specified in
-the config option `run_background_tasks_on`.
--- a/changelog.d/17850.bugfix
+++ b/changelog.d/17850.bugfix
@ -1 +0,0 @@
-Fix bug when some presence and typing timeouts can expire early.
--- a/changelog.d/17852.misc
+++ b/changelog.d/17852.misc
@ -1 +0,0 @@
-The nix flake inside the repository no longer tracks nixpkgs/master to not catch the latest bugs from a PR merged 5 minutes ago.
--- a/changelog.d/17861.bugfix
+++ b/changelog.d/17861.bugfix
@ -1 +0,0 @@
-Fix detection when the built Rust library was outdated when using source installations.
--- a/changelog.d/17865.misc
+++ b/changelog.d/17865.misc
@ -0,0 +1 @@
+Addressed some typos in docs and returned error message for unknown MXC ID.
--- a/changelog.d/17884.misc
+++ b/changelog.d/17884.misc
@ -1 +0,0 @@
-Minor speed-up of sliding sync by computing extensions results in parallel.
--- a/changelog.d/17887.misc
+++ b/changelog.d/17887.misc
@ -1 +0,0 @@
-Bump the default Python version in the Synapse Dockerfile from 3.11 -> 3.12.
--- a/changelog.d/17888.feature
+++ b/changelog.d/17888.feature
@ -1 +0,0 @@
-Add experimental support for [MSC4222](https://github.com/matrix-org/matrix-spec-proposals/pull/4222).
--- a/changelog.d/17890.misc
+++ b/changelog.d/17890.misc
@ -1 +0,0 @@
-Refactor database calls to remove `Generator` usage.
--- a/changelog.d/17894.misc
+++ b/changelog.d/17894.misc
@ -1 +0,0 @@
-Remove usage of internal header encoding API.
--- a/changelog.d/17902.misc
+++ b/changelog.d/17902.misc
@ -1 +0,0 @@
-Update version constraint to allow the latest poetry-core 1.9.1.
--- a/changelog.d/17903.bugfix
+++ b/changelog.d/17903.bugfix
@ -1 +0,0 @@
-Fix a long-standing bug in Synapse which could cause one-time keys to be issued in the incorrect order, causing message decryption failures.
--- a/changelog.d/17905.misc
+++ b/changelog.d/17905.misc
@ -1 +0,0 @@
-Use unique name for each os.arch variant when uploading Wheel artifacts.
--- a/changelog.d/17906.bugfix
+++ b/changelog.d/17906.bugfix
@ -1 +0,0 @@
-Fix tests to run with latest Twisted.
--- a/changelog.d/17907.bugfix
+++ b/changelog.d/17907.bugfix
@ -1 +0,0 @@
-Fix tests to run with latest Twisted.
--- a/changelog.d/17908.misc
+++ b/changelog.d/17908.misc
@ -1 +0,0 @@
-Remove support for python 3.8.
--- a/changelog.d/17909.misc
+++ b/changelog.d/17909.misc
@ -1 +0,0 @@
-Update the portdb CI to use Python 3.13 and Postgres 17 as latest dependencies.
--- a/changelog.d/17911.bugfix
+++ b/changelog.d/17911.bugfix
@ -1 +0,0 @@
-Fix tests to run with latest Twisted.
--- a/changelog.d/17913.doc
+++ b/changelog.d/17913.doc
@ -0,0 +1 @@
+Clarify the semantics of the `enable_authenticated_media` configuration option.
--- a/debian/changelog
+++ b/debian/changelog
@ -1,3 +1,15 @@
+matrix-synapse-py3 (1.119.0~rc2) stable; urgency=medium
+
+  * New Synapse release 1.119.0rc2.
+
+ -- Synapse Packaging team <packages@matrix.org>  Mon, 11 Nov 2024 14:33:02 +0000
+
+matrix-synapse-py3 (1.119.0~rc1) stable; urgency=medium
+
+  * New Synapse release 1.119.0rc1.
+
+ -- Synapse Packaging team <packages@matrix.org>  Wed, 06 Nov 2024 08:59:43 -0700
+
 matrix-synapse-py3 (1.118.0) stable; urgency=medium

  * New Synapse release 1.118.0.
--- a/docs/usage/configuration/config_documentation.md
+++ b/docs/usage/configuration/config_documentation.md
@ -1890,6 +1890,26 @@ unauthenticated media endpoints (`/_matrix/media/(r0|v3|v1)/download` and `/_mat
 after enabling, media marked as authenticated will be available over legacy endpoints. Defaults to false, but
 this will change to true in a future Synapse release.

+In all cases, authenticated requests to download media will succeed, but for unauthenticated requests, this
+case-by-case breakdown describes whether media downloads are permitted:
+
+* `enable_authenticated_media = False`:
+  * unauthenticated client or homeserver requesting local media: allowed
+  * unauthenticated client or homeserver requesting remote media: allowed as long as the media is in the cache,
+    or as long as the remote homeserver does not require authentication to retrieve the media
+* `enable_authenticated_media = True`:
+  * unauthenticated client or homeserver requesting local media:
+    allowed if the media was stored on the server whilst `enable_authenticated_media` was `False` (or in a previous Synapse version where this option did not exist);
+    otherwise denied.
+  * unauthenticated client or homeserver requesting remote media: the same as for local media;
+    allowed if the media was stored on the server whilst `enable_authenticated_media` was `False` (or in a previous Synapse version where this option did not exist);
+    otherwise denied.
+
+It is especially notable that media downloaded before this option existed (in older Synapse versions), or whilst this option was set to `False`,
+will perpetually be available over the legacy, unauthenticated endpoint, even after this option is set to `True`.
+This is for backwards compatibility with older clients and homeservers that do not yet support requesting authenticated media;
+those older clients or homeservers will not be cut off from media they can already see.
+
 Example configuration:
 ```yaml
 enable_authenticated_media: true
--- a/poetry.lock
+++ b/poetry.lock
@ -103,21 +103,20 @@ typecheck = ["mypy"]

 [[package]]
 name = "bleach"
-version = "6.1.0"
+version = "6.2.0"
 description = "An easy safelist-based HTML-sanitizing tool."
 optional = false
-python-versions = ">=3.8"
+python-versions = ">=3.9"
 files = [
-    {file = "bleach-6.1.0-py3-none-any.whl", hash = "sha256:3225f354cfc436b9789c66c4ee030194bee0568fbf9cbdad3bc8b5c26c5f12b6"},
-    {file = "bleach-6.1.0.tar.gz", hash = "sha256:0a31f1837963c41d46bbf1331b8778e1308ea0791db03cc4e7357b97cf42a8fe"},
+    {file = "bleach-6.2.0-py3-none-any.whl", hash = "sha256:117d9c6097a7c3d22fd578fcd8d35ff1e125df6736f554da4e432fdd63f31e5e"},
+    {file = "bleach-6.2.0.tar.gz", hash = "sha256:123e894118b8a599fd80d3ec1a6d4cc7ce4e5882b1317a7e1ba69b56e95f991f"},
 ]

 [package.dependencies]
-six = ">=1.9.0"
 webencodings = "*"

 [package.extras]
-css = ["tinycss2 (>=1.1.0,<1.3)"]
+css = ["tinycss2 (>=1.1.0,<1.5)"]

 [[package]]
 name = "canonicaljson"
@ -1784,13 +1783,13 @@ typing-extensions = ">=4.6.0,<4.7.0 || >4.7.0"

 [[package]]
 name = "pygithub"
-version = "2.4.0"
+version = "2.5.0"
 description = "Use the full Github API v3"
 optional = false
 python-versions = ">=3.8"
 files = [
-    {file = "PyGithub-2.4.0-py3-none-any.whl", hash = "sha256:81935aa4bdc939fba98fee1cb47422c09157c56a27966476ff92775602b9ee24"},
-    {file = "pygithub-2.4.0.tar.gz", hash = "sha256:6601e22627e87bac192f1e2e39c6e6f69a43152cfb8f307cee575879320b3051"},
+    {file = "PyGithub-2.5.0-py3-none-any.whl", hash = "sha256:b0b635999a658ab8e08720bdd3318893ff20e2275f6446fcf35bf3f44f2c0fd2"},
+    {file = "pygithub-2.5.0.tar.gz", hash = "sha256:e1613ac508a9be710920d26eb18b1905ebd9926aa49398e88151c1b526aad3cf"},
 ]

 [package.dependencies]
@ -2256,29 +2255,29 @@ files = [

 [[package]]
 name = "ruff"
-version = "0.7.2"
+version = "0.7.3"
 description = "An extremely fast Python linter and code formatter, written in Rust."
 optional = false
 python-versions = ">=3.7"
 files = [
-    {file = "ruff-0.7.2-py3-none-linux_armv6l.whl", hash = "sha256:b73f873b5f52092e63ed540adefc3c36f1f803790ecf2590e1df8bf0a9f72cb8"},
-    {file = "ruff-0.7.2-py3-none-macosx_10_12_x86_64.whl", hash = "sha256:5b813ef26db1015953daf476202585512afd6a6862a02cde63f3bafb53d0b2d4"},
-    {file = "ruff-0.7.2-py3-none-macosx_11_0_arm64.whl", hash = "sha256:853277dbd9675810c6826dad7a428d52a11760744508340e66bf46f8be9701d9"},
-    {file = "ruff-0.7.2-py3-none-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:21aae53ab1490a52bf4e3bf520c10ce120987b047c494cacf4edad0ba0888da2"},
-    {file = "ruff-0.7.2-py3-none-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:ccc7e0fc6e0cb3168443eeadb6445285abaae75142ee22b2b72c27d790ab60ba"},
-    {file = "ruff-0.7.2-py3-none-manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:fd77877a4e43b3a98e5ef4715ba3862105e299af0c48942cc6d51ba3d97dc859"},
-    {file = "ruff-0.7.2-py3-none-manylinux_2_17_ppc64.manylinux2014_ppc64.whl", hash = "sha256:e00163fb897d35523c70d71a46fbaa43bf7bf9af0f4534c53ea5b96b2e03397b"},
-    {file = "ruff-0.7.2-py3-none-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:f3c54b538633482dc342e9b634d91168fe8cc56b30a4b4f99287f4e339103e88"},
-    {file = "ruff-0.7.2-py3-none-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:7b792468e9804a204be221b14257566669d1db5c00d6bb335996e5cd7004ba80"},
-    {file = "ruff-0.7.2-py3-none-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:dba53ed84ac19ae4bfb4ea4bf0172550a2285fa27fbb13e3746f04c80f7fa088"},
-    {file = "ruff-0.7.2-py3-none-musllinux_1_2_aarch64.whl", hash = "sha256:b19fafe261bf741bca2764c14cbb4ee1819b67adb63ebc2db6401dcd652e3748"},
-    {file = "ruff-0.7.2-py3-none-musllinux_1_2_armv7l.whl", hash = "sha256:28bd8220f4d8f79d590db9e2f6a0674f75ddbc3847277dd44ac1f8d30684b828"},
-    {file = "ruff-0.7.2-py3-none-musllinux_1_2_i686.whl", hash = "sha256:9fd67094e77efbea932e62b5d2483006154794040abb3a5072e659096415ae1e"},
-    {file = "ruff-0.7.2-py3-none-musllinux_1_2_x86_64.whl", hash = "sha256:576305393998b7bd6c46018f8104ea3a9cb3fa7908c21d8580e3274a3b04b691"},
-    {file = "ruff-0.7.2-py3-none-win32.whl", hash = "sha256:fa993cfc9f0ff11187e82de874dfc3611df80852540331bc85c75809c93253a8"},
-    {file = "ruff-0.7.2-py3-none-win_amd64.whl", hash = "sha256:dd8800cbe0254e06b8fec585e97554047fb82c894973f7ff18558eee33d1cb88"},
-    {file = "ruff-0.7.2-py3-none-win_arm64.whl", hash = "sha256:bb8368cd45bba3f57bb29cbb8d64b4a33f8415d0149d2655c5c8539452ce7760"},
-    {file = "ruff-0.7.2.tar.gz", hash = "sha256:2b14e77293380e475b4e3a7a368e14549288ed2931fce259a6f99978669e844f"},
+    {file = "ruff-0.7.3-py3-none-linux_armv6l.whl", hash = "sha256:34f2339dc22687ec7e7002792d1f50712bf84a13d5152e75712ac08be565d344"},
+    {file = "ruff-0.7.3-py3-none-macosx_10_12_x86_64.whl", hash = "sha256:fb397332a1879b9764a3455a0bb1087bda876c2db8aca3a3cbb67b3dbce8cda0"},
+    {file = "ruff-0.7.3-py3-none-macosx_11_0_arm64.whl", hash = "sha256:37d0b619546103274e7f62643d14e1adcbccb242efda4e4bdb9544d7764782e9"},
+    {file = "ruff-0.7.3-py3-none-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:5d59f0c3ee4d1a6787614e7135b72e21024875266101142a09a61439cb6e38a5"},
+    {file = "ruff-0.7.3-py3-none-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:44eb93c2499a169d49fafd07bc62ac89b1bc800b197e50ff4633aed212569299"},
+    {file = "ruff-0.7.3-py3-none-manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:6d0242ce53f3a576c35ee32d907475a8d569944c0407f91d207c8af5be5dae4e"},
+    {file = "ruff-0.7.3-py3-none-manylinux_2_17_ppc64.manylinux2014_ppc64.whl", hash = "sha256:6b6224af8b5e09772c2ecb8dc9f3f344c1aa48201c7f07e7315367f6dd90ac29"},
+    {file = "ruff-0.7.3-py3-none-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:c50f95a82b94421c964fae4c27c0242890a20fe67d203d127e84fbb8013855f5"},
+    {file = "ruff-0.7.3-py3-none-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:7f3eff9961b5d2644bcf1616c606e93baa2d6b349e8aa8b035f654df252c8c67"},
+    {file = "ruff-0.7.3-py3-none-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:b8963cab06d130c4df2fd52c84e9f10d297826d2e8169ae0c798b6221be1d1d2"},
+    {file = "ruff-0.7.3-py3-none-musllinux_1_2_aarch64.whl", hash = "sha256:61b46049d6edc0e4317fb14b33bd693245281a3007288b68a3f5b74a22a0746d"},
+    {file = "ruff-0.7.3-py3-none-musllinux_1_2_armv7l.whl", hash = "sha256:10ebce7696afe4644e8c1a23b3cf8c0f2193a310c18387c06e583ae9ef284de2"},
+    {file = "ruff-0.7.3-py3-none-musllinux_1_2_i686.whl", hash = "sha256:3f36d56326b3aef8eeee150b700e519880d1aab92f471eefdef656fd57492aa2"},
+    {file = "ruff-0.7.3-py3-none-musllinux_1_2_x86_64.whl", hash = "sha256:5d024301109a0007b78d57ab0ba190087b43dce852e552734ebf0b0b85e4fb16"},
+    {file = "ruff-0.7.3-py3-none-win32.whl", hash = "sha256:4ba81a5f0c5478aa61674c5a2194de8b02652f17addf8dfc40c8937e6e7d79fc"},
+    {file = "ruff-0.7.3-py3-none-win_amd64.whl", hash = "sha256:588a9ff2fecf01025ed065fe28809cd5a53b43505f48b69a1ac7707b1b7e4088"},
+    {file = "ruff-0.7.3-py3-none-win_arm64.whl", hash = "sha256:1713e2c5545863cdbfe2cbce21f69ffaf37b813bfd1fb3b90dc9a6f1963f5a8c"},
+    {file = "ruff-0.7.3.tar.gz", hash = "sha256:e1d1ba2e40b6e71a61b063354d04be669ab0d39c352461f3d789cac68b54a313"},
 ]

 [[package]]
@ -3101,4 +3100,4 @@ user-search = ["pyicu"]
 [metadata]
 lock-version = "2.0"
 python-versions = "^3.9.0"
-content-hash = "0cd942a5193d01cbcef135a0bebd3fa0f12f7dbc63899d6f1c301e0649e9d902"
+content-hash = "d71159b19349fdc0b7cd8e06e8c8778b603fc37b941c6df34ddc31746783d94d"
--- a/pyproject.toml
+++ b/pyproject.toml
@ -97,7 +97,7 @@ module-name = "synapse.synapse_rust"

 [tool.poetry]
 name = "matrix-synapse"
-version = "1.118.0"
+version = "1.119.0rc2"
 description = "Homeserver for the Matrix decentralised comms protocol"
 authors = ["Matrix.org Team and Contributors <packages@matrix.org>"]
 license = "AGPL-3.0-or-later"
@ -320,7 +320,7 @@ all = [
 # failing on new releases. Keeping lower bounds loose here means that dependabot
 # can bump versions without having to update the content-hash in the lockfile.
 # This helps prevents merge conflicts when running a batch of dependabot updates.
-ruff = "0.7.2"
+ruff = "0.7.3"
 # Type checking only works with the pydantic.v1 compat module from pydantic v2
 pydantic = "^2"

--- a/synapse/handlers/message.py
+++ b/synapse/handlers/message.py
@ -196,7 +196,9 @@ class MessageHandler:
            AuthError (403) if the user doesn't have permission to view
            members of this room.
        """
-        state_filter = state_filter or StateFilter.all()
+        if state_filter is None:
+            state_filter = StateFilter.all()
+
        user_id = requester.user.to_string()

        if at_token:
--- a/synapse/handlers/sync.py
+++ b/synapse/handlers/sync.py
@ -1520,7 +1520,7 @@ class SyncHandler:
        if sync_config.use_state_after:
            delta_state_ids: MutableStateMap[str] = {}

-            if members_to_fetch is not None:
+            if members_to_fetch:
                # We're lazy-loading, so the client might need some more member
                # events to understand the events in this timeline. So we always
                # fish out all the member events corresponding to the timeline
--- a/synapse/media/media_repository.py
+++ b/synapse/media/media_repository.py
@ -259,7 +259,7 @@ class MediaRepository:
        """
        media = await self.store.get_local_media(media_id)
        if media is None:
-            raise SynapseError(404, "Unknow media ID", errcode=Codes.NOT_FOUND)
+            raise NotFoundError("Unknown media ID")

        if media.user_id != auth_user.to_string():
            raise SynapseError(
--- a/synapse/rest/media/upload_resource.py
+++ b/synapse/rest/media/upload_resource.py
@ -94,7 +94,7 @@ class BaseUploadServlet(RestServlet):

        # if headers.hasHeader(b"Content-Disposition"):
        #     disposition = headers.getRawHeaders(b"Content-Disposition")[0]
-        # TODO(markjh): parse content-dispostion
+        # TODO(markjh): parse content-disposition

        return content_length, upload_name, media_type

--- a/synapse/storage/controllers/state.py
+++ b/synapse/storage/controllers/state.py
@ -234,8 +234,11 @@ class StateStorageController:
            RuntimeError if we don't have a state group for one or more of the events
               (ie they are outliers or unknown)
        """
+        if state_filter is None:
+            state_filter = StateFilter.all()
+
        await_full_state = True
-        if state_filter and not state_filter.must_await_full_state(self._is_mine_id):
+        if not state_filter.must_await_full_state(self._is_mine_id):
            await_full_state = False

        event_to_groups = await self.get_state_group_for_events(
@ -244,7 +247,7 @@ class StateStorageController:

        groups = set(event_to_groups.values())
        group_to_state = await self.stores.state._get_state_for_groups(
-            groups, state_filter or StateFilter.all()
+            groups, state_filter
        )

        state_event_map = await self.stores.main.get_events(
@ -292,10 +295,11 @@ class StateStorageController:
            RuntimeError if we don't have a state group for one or more of the events
                (ie they are outliers or unknown)
        """
-        if (
-            await_full_state
-            and state_filter
-            and not state_filter.must_await_full_state(self._is_mine_id)
+        if state_filter is None:
+            state_filter = StateFilter.all()
+
+        if await_full_state and not state_filter.must_await_full_state(
+            self._is_mine_id
        ):
            # Full state is not required if the state filter is restrictive enough.
            await_full_state = False
@ -306,7 +310,7 @@ class StateStorageController:

        groups = set(event_to_groups.values())
        group_to_state = await self.stores.state._get_state_for_groups(
-            groups, state_filter or StateFilter.all()
+            groups, state_filter
        )

        event_to_state = {
@ -335,9 +339,10 @@ class StateStorageController:
            RuntimeError if we don't have a state group for the event (ie it is an
                outlier or is unknown)
        """
-        state_map = await self.get_state_for_events(
-            [event_id], state_filter or StateFilter.all()
-        )
+        if state_filter is None:
+            state_filter = StateFilter.all()
+
+        state_map = await self.get_state_for_events([event_id], state_filter)
        return state_map[event_id]

    @trace
@ -365,9 +370,12 @@ class StateStorageController:
            RuntimeError if we don't have a state group for the event (ie it is an
                outlier or is unknown)
        """
+        if state_filter is None:
+            state_filter = StateFilter.all()
+
        state_map = await self.get_state_ids_for_events(
            [event_id],
-            state_filter or StateFilter.all(),
+            state_filter,
            await_full_state=await_full_state,
        )
        return state_map[event_id]
@ -388,9 +396,12 @@ class StateStorageController:
                at the event and `state_filter` is not satisfied by partial state.
                Defaults to `True`.
        """
+        if state_filter is None:
+            state_filter = StateFilter.all()
+
        state_ids = await self.get_state_ids_for_event(
            event_id,
-            state_filter=state_filter or StateFilter.all(),
+            state_filter=state_filter,
            await_full_state=await_full_state,
        )

@ -426,6 +437,9 @@ class StateStorageController:
                at the last event in the room before `stream_position` and
                `state_filter` is not satisfied by partial state. Defaults to `True`.
        """
+        if state_filter is None:
+            state_filter = StateFilter.all()
+
        # FIXME: This gets the state at the latest event before the stream ordering,
        # which might not be the same as the "current state" of the room at the time
        # of the stream token if there were multiple forward extremities at the time.
@ -442,7 +456,7 @@ class StateStorageController:
        if last_event_id:
            state = await self.get_state_after_event(
                last_event_id,
-                state_filter=state_filter or StateFilter.all(),
+                state_filter=state_filter,
                await_full_state=await_full_state,
            )

@ -500,9 +514,10 @@ class StateStorageController:
        Returns:
            Dict of state group to state map.
        """
-        return await self.stores.state._get_state_for_groups(
-            groups, state_filter or StateFilter.all()
-        )
+        if state_filter is None:
+            state_filter = StateFilter.all()
+
+        return await self.stores.state._get_state_for_groups(groups, state_filter)

    @trace
    @tag_args
@ -583,12 +598,13 @@ class StateStorageController:
        Returns:
            The current state of the room.
        """
-        if await_full_state and (
-            not state_filter or state_filter.must_await_full_state(self._is_mine_id)
-        ):
+        if state_filter is None:
+            state_filter = StateFilter.all()
+
+        if await_full_state and state_filter.must_await_full_state(self._is_mine_id):
            await self._partial_state_room_tracker.await_full_state(room_id)

-        if state_filter and not state_filter.is_full():
+        if state_filter is not None and not state_filter.is_full():
            return await self.stores.main.get_partial_filtered_current_state_ids(
                room_id, state_filter
            )
--- a/synapse/storage/databases/main/state.py
+++ b/synapse/storage/databases/main/state.py
@ -572,10 +572,10 @@ class StateGroupWorkerStore(EventsWorkerStore, SQLBaseStore):
        Returns:
            Map from type/state_key to event ID.
        """
+        if state_filter is None:
+            state_filter = StateFilter.all()

-        where_clause, where_args = (
-            state_filter or StateFilter.all()
-        ).make_sql_filter_clause()
+        where_clause, where_args = (state_filter).make_sql_filter_clause()

        if not where_clause:
            # We delegate to the cached version
@ -584,7 +584,7 @@ class StateGroupWorkerStore(EventsWorkerStore, SQLBaseStore):
        def _get_filtered_current_state_ids_txn(
            txn: LoggingTransaction,
        ) -> StateMap[str]:
-            results = StateMapWrapper(state_filter=state_filter or StateFilter.all())
+            results = StateMapWrapper(state_filter=state_filter)

            sql = """
                SELECT type, state_key, event_id FROM current_state_events
--- a/synapse/storage/databases/main/state_deltas.py
+++ b/synapse/storage/databases/main/state_deltas.py
@ -20,18 +20,26 @@
 #

 import logging
-from typing import List, Optional, Tuple
+from typing import TYPE_CHECKING, List, Optional, Tuple

 import attr

 from synapse.logging.opentracing import trace
 from synapse.storage._base import SQLBaseStore
-from synapse.storage.database import LoggingTransaction, make_in_list_sql_clause
+from synapse.storage.database import (
+    DatabasePool,
+    LoggingDatabaseConnection,
+    LoggingTransaction,
+    make_in_list_sql_clause,
+)
 from synapse.storage.databases.main.stream import _filter_results_by_stream
 from synapse.types import RoomStreamToken, StrCollection
 from synapse.util.caches.stream_change_cache import StreamChangeCache
 from synapse.util.iterutils import batch_iter

+if TYPE_CHECKING:
+    from synapse.server import HomeServer
+
 logger = logging.getLogger(__name__)


@ -54,6 +62,21 @@ class StateDeltasStore(SQLBaseStore):
    # attribute. TODO: can we get static analysis to enforce this?
    _curr_state_delta_stream_cache: StreamChangeCache

+    def __init__(
+        self,
+        database: DatabasePool,
+        db_conn: LoggingDatabaseConnection,
+        hs: "HomeServer",
+    ):
+        super().__init__(database, db_conn, hs)
+
+        self.db_pool.updates.register_background_index_update(
+            update_name="current_state_delta_stream_room_index",
+            index_name="current_state_delta_stream_room_idx",
+            table="current_state_delta_stream",
+            columns=("room_id", "stream_id"),
+        )
+
    async def get_partial_current_state_deltas(
        self, prev_stream_id: int, max_stream_id: int
    ) -> Tuple[int, List[StateDelta]]:
--- a/synapse/storage/databases/state/bg_updates.py
+++ b/synapse/storage/databases/state/bg_updates.py
@ -112,8 +112,8 @@ class StateGroupBackgroundUpdateStore(SQLBaseStore):
        Returns:
            Map from state_group to a StateMap at that point.
        """
-
-        state_filter = state_filter or StateFilter.all()
+        if state_filter is None:
+            state_filter = StateFilter.all()

        results: Dict[int, MutableStateMap[str]] = {group: {} for group in groups}

--- a/synapse/storage/databases/state/store.py
+++ b/synapse/storage/databases/state/store.py
@ -284,7 +284,8 @@ class StateGroupDataStore(StateBackgroundUpdateStore, SQLBaseStore):
        Returns:
            Dict of state group to state map.
        """
-        state_filter = state_filter or StateFilter.all()
+        if state_filter is None:
+            state_filter = StateFilter.all()

        member_filter, non_member_filter = state_filter.get_member_split()

--- a/synapse/storage/schema/main/delta/88/04_current_state_delta_index.sql
+++ b/synapse/storage/schema/main/delta/88/04_current_state_delta_index.sql
@ -0,0 +1,18 @@
+--
+-- This file is licensed under the Affero General Public License (AGPL) version 3.
+--
+-- Copyright (C) 2024 New Vector, Ltd
+--
+-- This program is free software: you can redistribute it and/or modify
+-- it under the terms of the GNU Affero General Public License as
+-- published by the Free Software Foundation, either version 3 of the
+-- License, or (at your option) any later version.
+--
+-- See the GNU Affero General Public License for more details:
+-- <https://www.gnu.org/licenses/agpl-3.0.html>.
+
+
+-- Add an index on (user_id, device_id, algorithm, ts_added_ms) on e2e_one_time_keys_json, so that OTKs can
+-- efficiently be issued in the same order they were uploaded.
+INSERT INTO background_updates (ordering, update_name, progress_json) VALUES
+    (8804, 'current_state_delta_stream_room_index', '{}');
--- a/synapse/types/state.py
+++ b/synapse/types/state.py
@ -68,15 +68,23 @@ class StateFilter:
    include_others: bool = False

    def __attrs_post_init__(self) -> None:
-        # If `include_others` is set we canonicalise the filter by removing
-        # wildcards from the types dictionary
        if self.include_others:
+            # If `include_others` is set we canonicalise the filter by removing
+            # wildcards from the types dictionary
+
            # this is needed to work around the fact that StateFilter is frozen
            object.__setattr__(
                self,
                "types",
                immutabledict({k: v for k, v in self.types.items() if v is not None}),
            )
+        else:
+            # Otherwise we remove entries where the value is the empty set.
+            object.__setattr__(
+                self,
+                "types",
+                immutabledict({k: v for k, v in self.types.items() if v is None or v}),
+            )

    @staticmethod
    def all() -> "StateFilter":
--- a/tests/handlers/test_sync.py
+++ b/tests/handlers/test_sync.py
@ -1262,3 +1262,35 @@ class SyncStateAfterTestCase(tests.unittest.HomeserverTestCase):
            )
        )
        self.assertEqual(state[("m.test_event", "")], second_state["event_id"])
+
+    def test_incremental_sync_lazy_loaded_no_timeline(self) -> None:
+        """Test that lazy-loading with an empty timeline doesn't return the full
+        state.
+
+        There was a bug where an empty state filter would cause the DB to return
+        the full state, rather than an empty set.
+        """
+        user = self.register_user("user", "password")
+        tok = self.login("user", "password")
+
+        # Create a room as the user and set some custom state.
+        joined_room = self.helper.create_room_as(user, tok=tok)
+
+        since_token = self.hs.get_event_sources().get_current_token()
+        end_stream_token = self.hs.get_event_sources().get_current_token()
+
+        state = self.get_success(
+            self.sync_handler._compute_state_delta_for_incremental_sync(
+                room_id=joined_room,
+                sync_config=generate_sync_config(user, use_state_after=True),
+                batch=TimelineBatch(
+                    prev_batch=end_stream_token, events=[], limited=True
+                ),
+                since_token=since_token,
+                end_token=end_stream_token,
+                members_to_fetch=set(),
+                timeline_state={},
+            )
+        )
+
+        self.assertEqual(state, {})
--- a/tests/rest/admin/test_federation.py
+++ b/tests/rest/admin/test_federation.py
@ -96,7 +96,7 @@ class FederationTestCase(unittest.HomeserverTestCase):
        self.assertEqual(400, channel.code, msg=channel.json_body)
        self.assertEqual(Codes.INVALID_PARAM, channel.json_body["errcode"])

-        # unkown order_by
+        # unknown order_by
        channel = self.make_request(
            "GET",
            self.url + "?order_by=bar",
--- a/tests/rest/admin/test_statistics.py
+++ b/tests/rest/admin/test_statistics.py
@ -82,7 +82,7 @@ class UserMediaStatisticsTestCase(unittest.HomeserverTestCase):
        """
        If parameters are invalid, an error is returned.
        """
-        # unkown order_by
+        # unknown order_by
        channel = self.make_request(
            "GET",
            self.url + "?order_by=bar",
--- a/tests/rest/admin/test_user.py
+++ b/tests/rest/admin/test_user.py
@ -719,7 +719,7 @@ class UsersListTestCase(unittest.HomeserverTestCase):
        self.assertEqual(400, channel.code, msg=channel.json_body)
        self.assertEqual(Codes.INVALID_PARAM, channel.json_body["errcode"])

-        # unkown order_by
+        # unknown order_by
        channel = self.make_request(
            "GET",
            self.url + "?order_by=bar",
@ -3696,7 +3696,7 @@ class UserMediaRestTestCase(unittest.HomeserverTestCase):
    @parameterized.expand(["GET", "DELETE"])
    def test_invalid_parameter(self, method: str) -> None:
        """If parameters are invalid, an error is returned."""
-        # unkown order_by
+        # unknown order_by
        channel = self.make_request(
            method,
            self.url + "?order_by=bar",
				`@ -1 +0,0 @@`
				`Support [MSC4151](https://github.com/matrix-org/matrix-spec-proposals/pull/4151)'s stable report room API.`
				`@ -1 +0,0 @@`
				`Bump actions/download-artifact and actions/upload-artifact from v3 -> v4.`
				`@ -1 +0,0 @@`
				`Add a test for downloading and thumbnailing a CMYK JPEG.`
				`@ -1 +0,0 @@`
				Fix bug with sliding sync where `$LAZY`-loading room members would not return `required_state` membership in incremental syncs.
				`@ -1 +0,0 @@`
				Refactor database calls to remove `Generator` usage.
				`@ -1 +0,0 @@`
				`Include the destination in the error of 'Destination mismatch' on federation requests.`
				`@ -1 +0,0 @@`
				`Check if user has membership in a room before tagging it. Contributed by Lama Alosaimi.`
				`@ -1 +0,0 @@`
				`Fix bug when some presence and typing timeouts can expire early.`
				`@ -1 +0,0 @@`
				`The nix flake inside the repository no longer tracks nixpkgs/master to not catch the latest bugs from a PR merged 5 minutes ago.`
				`@ -1 +0,0 @@`
				`Fix detection when the built Rust library was outdated when using source installations.`