Created attachment 218369 [details] net-im/py-matrix-synapse: Update to 1.20.1 This patch updates the net-im/py-matrix-synapse port to version 1.20.1. From a ports perspective, the update bumps the DISTVERSION and syncs the dependencies with upstream dependency requirements, see [1]. The subsequent bump of the py-canonicaljson dependency from >=1.2.0 to >=1.3.0 requires a refresh of the patch we apply to the upstream dependency file, which is included in the submitted update. A full changelog of all the updates of synapse itself is available at [2] and [3]. portlint: "OK" (3 Warnings, none new) testport: OK (poudriere: 121amd64) do-test: OK (Ran 1174 tests in 388.935s, PASSED (skips=9, successes=1165)) Also runs fine in production. :) Cheers, Sascha [1] https://github.com/matrix-org/synapse/blob/v1.20.1/synapse/python_dependencies.py [2] https://github.com/matrix-org/synapse/releases/tag/v1.20.0 [3] https://github.com/matrix-org/synapse/releases/tag/v1.20.1
^Triage: If there is a changelog or release notes URL available for this version, please add it to the URL field. Thanks!
Created attachment 218809 [details] net-im/py-matrix-synapse: update to 1.21.2 The synapse developers have released 1.21.0 and the subsequent minor updates 1.21.1 and 1.21.2 yesterday. This update includes a security update for an XSS vulnerability, see [1] and [2]. I've updates the patch to bump the version of the port to 1.21.2 and synced the dependencies with those required by upstream. portlint: "OK" (3 Warnings, none new) testport: OK (poudriere: 121amd64) do-test: OK (Ran 1241 tests in 459.405s, PASSED (skips=13, successes=1228)) I've been testing the resulting package on my server and things seem to be running fine. I will also provide a vuxml entry for this issue. Cheers, Sascha [1] https://github.com/matrix-org/synapse/releases/tag/v1.21.2 [2] https://github.com/matrix-org/synapse/security/advisories/GHSA-3x8c-fmpc-5rmq
Created attachment 218811 [details] vuxml: Add entry for py-matrix-synapse XSS vulnerability The aforementioned vuxml entry. Passes `make validate`.
A commit references this bug: Author: dbaio Date: Sat Oct 17 13:50:27 UTC 2020 New revision: 552574 URL: https://svnweb.freebsd.org/changeset/ports/552574 Log: security/vuxml: Document net-im/py-matrix-synapse issue PR: 249948 Submitted by: Sascha Biberhofer <ports@skyforge.at> Security: CVE-2020-26891 Changes: head/security/vuxml/vuln.xml
A commit references this bug: Author: dbaio Date: Sat Oct 17 14:34:51 UTC 2020 New revision: 552582 URL: https://svnweb.freebsd.org/changeset/ports/552582 Log: net-im/py-matrix-synapse: Update to 1.21.2, Fix security issue Changelog: https://github.com/matrix-org/synapse/blob/v1.21.2/CHANGES.md PR: 249948 Submitted by: Sascha Biberhofer <ports@skyforge.at> (maintainer) MFH: 2020Q4 Security: 5f39d80f-107c-11eb-8b47-641c67a117d8 Changes: head/net-im/py-matrix-synapse/Makefile head/net-im/py-matrix-synapse/distinfo head/net-im/py-matrix-synapse/files/patch-synapse_python__dependencies.py
A commit references this bug: Author: dbaio Date: Sat Oct 17 17:29:05 UTC 2020 New revision: 552601 URL: https://svnweb.freebsd.org/changeset/ports/552601 Log: MFH: r552582 net-im/py-matrix-synapse: Update to 1.21.2, Fix security issue Changelog: https://github.com/matrix-org/synapse/blob/v1.21.2/CHANGES.md PR: 249948 Submitted by: Sascha Biberhofer <ports@skyforge.at> (maintainer) Security: 5f39d80f-107c-11eb-8b47-641c67a117d8 Approved by: ports-secteam (joneum) Changes: _U branches/2020Q4/ branches/2020Q4/net-im/py-matrix-synapse/Makefile branches/2020Q4/net-im/py-matrix-synapse/distinfo branches/2020Q4/net-im/py-matrix-synapse/files/patch-synapse_python__dependencies.py
Committed, thanks!