Created attachment 259183 [details] net-im/py-matrix-synapse: Update to 1.127.1 The synapse developers have recentely released version 1.127.1 of net-im/py-matrix-synapse, which fixes a high severity CVE [1], that affects all prior versions of synapse. This patch updates synapse to 1.127.1 to fix this issue. From a ports perspective, this is little more than a version/dependency bump. The port builds fine on my machine and passes the testsuite as usual: Ran 4000 tests in 144.321s PASSED (skips=177, successes=3823) I've tested the resulting package on my own synapse server for the past 12 hours and noticed no regressions or other issues with the upgrade. Feedback is, of course, very welcome. :) Cheers, Sascha [1] https://github.com/element-hq/synapse/security/advisories/GHSA-v56r-hwv5-mxg6
Created attachment 259184 [details] security/vuxml: Add CVE-2025-30355 Here's a vuxml entry for CVE-2025-30355 associated to this issue.
Hi, the patch works fine for out deployment. Thanks! Kinds regards, Manuel
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=a4075c2abe89ee6f23eb046c24f2a11b77c76f7d commit a4075c2abe89ee6f23eb046c24f2a11b77c76f7d Author: Sascha Biberhofer <sascha.biberhofer@skyforge.at> AuthorDate: 2025-04-14 07:47:03 +0000 Commit: Ashish SHUKLA <ashish@FreeBSD.org> CommitDate: 2025-04-14 08:08:36 +0000 net-im/py-matrix-synapse: Update to 1.127.1 Signed-off-by: Sascha Biberhofer <sascha.biberhofer@skyforge.at> PR: 285773 MFH: 2025Q2 Security: CVE-2025-30355 Security: e9b8e519-0d50-11f0-86d8-901b0e934d69 net-im/py-matrix-synapse/Makefile | 3 +- net-im/py-matrix-synapse/Makefile.crates | 28 +++++++-------- net-im/py-matrix-synapse/distinfo | 62 ++++++++++++++++---------------- 3 files changed, 46 insertions(+), 47 deletions(-)
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=3f76937a51d1541b3caa300ced1ed4aac14264e1 commit 3f76937a51d1541b3caa300ced1ed4aac14264e1 Author: Sascha Biberhofer <sascha.biberhofer@skyforge.at> AuthorDate: 2025-04-14 08:02:14 +0000 Commit: Ashish SHUKLA <ashish@FreeBSD.org> CommitDate: 2025-04-14 08:08:35 +0000 security/vuxml: Document net-im/py-matrix-synapse vulnerability PR: 285773 security/vuxml/vuln/2025.xml | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+)
A commit in branch 2025Q2 references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=f898e523674691c33bf6deb295f5a2fe688efc0b commit f898e523674691c33bf6deb295f5a2fe688efc0b Author: Sascha Biberhofer <sascha.biberhofer@skyforge.at> AuthorDate: 2025-04-14 07:47:03 +0000 Commit: Ashish SHUKLA <ashish@FreeBSD.org> CommitDate: 2025-04-14 08:10:59 +0000 net-im/py-matrix-synapse: Update to 1.127.1 Signed-off-by: Sascha Biberhofer <sascha.biberhofer@skyforge.at> PR: 285773 MFH: 2025Q2 Security: CVE-2025-30355 Security: e9b8e519-0d50-11f0-86d8-901b0e934d69 (cherry picked from commit a4075c2abe89ee6f23eb046c24f2a11b77c76f7d) net-im/py-matrix-synapse/Makefile | 2 +- net-im/py-matrix-synapse/Makefile.crates | 28 +++++++-------- net-im/py-matrix-synapse/distinfo | 62 ++++++++++++++++---------------- 3 files changed, 46 insertions(+), 46 deletions(-)
Committed, sorry for the delay. Thanks!