Bug 273563

Summary: net-im/py-matrix-synapse: update to 1.93.0
Product: Ports & Packages Reporter: Li-Wen Hsu <lwhsu>
Component: Individual Port(s)Assignee: Li-Wen Hsu <lwhsu>
Status: Closed FIXED    
Severity: Affects Many People CC: grahamperrin, ports-secteam, ports
Priority: Normal Keywords: security
Version: LatestFlags: ports: maintainer-feedback+
grahamperrin: merge-quarterly?
Hardware: Any   
OS: Any   
URL: https://github.com/matrix-org/synapse/compare/v1.91.0...v1.93.0
Attachments:
Description Flags
v1
none
Update to 1.91.2
none
Update to 1.92.2
none
Update to 1.92.3
none
Update to 1.93.0 none

Description Li-Wen Hsu freebsd_committer freebsd_triage 2023-09-04 16:01:25 UTC 
Created attachment 244631 [details]
v1
Comment 1 Li-Wen Hsu freebsd_committer freebsd_triage 2023-09-07 13:42:53 UTC 
Created attachment 244695 [details]
Update to 1.91.2
Comment 2 Li-Wen Hsu freebsd_committer freebsd_triage 2023-09-16 00:26:05 UTC 
Created attachment 244911 [details]
Update to 1.92.2
Comment 3 Li-Wen Hsu freebsd_committer freebsd_triage 2023-09-19 00:31:09 UTC 
Created attachment 245011 [details]
Update to 1.92.3
Comment 4 Li-Wen Hsu freebsd_committer freebsd_triage 2023-09-27 04:26:43 UTC 
Created attachment 245265 [details]
Update to 1.93.0
Comment 5 Sascha Biberhofer 2023-10-03 19:11:31 UTC 
Patch looks good to me, passes all tests with flying colors and the resulting package is well behaved when run in production. 10/10 from my pov, let's get this merged. :)

(By the way, I also tested this with the updated py-treq proposed in #255708 and things work nicely)
Comment 6 Graham Perrin 2023-10-04 08:20:57 UTC 
Hi, and thanks to lwhsu@ for reporting and patching.

As far as I can tell, six sets of release notes apply (and should be referenced in a commit). Excluding notes for release candidates: 

<https://github.com/matrix-org/synapse/releases/tag/v1.91.1>
<https://github.com/matrix-org/synapse/releases/tag/v1.91.2>
<https://github.com/matrix-org/synapse/releases/tag/v1.92.0>
<https://github.com/matrix-org/synapse/releases/tag/v1.92.1>
<https://github.com/matrix-org/synapse/releases/tag/v1.92.2>
<https://github.com/matrix-org/synapse/releases/tag/v1.93.0>

At a glance, these include (low severity): 

* GHSA-4f74-84v3-j9q5 / CVE-2023-41335
* GHSA-7565-cq32-vx2x / CVE-2023-42453. 

<https://www.freshports.org/net-im/py-matrix-synapse/>
<https://matrix-org.github.io/synapse>
Comment 7 commit-hook freebsd_committer freebsd_triage 2023-10-27 17:19:54 UTC 
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=f2e69e923045efe557445772fc898235873722ee

commit f2e69e923045efe557445772fc898235873722ee
Author:     Li-Wen Hsu <lwhsu@FreeBSD.org>
AuthorDate: 2023-10-27 17:14:59 +0000
Commit:     Li-Wen Hsu <lwhsu@FreeBSD.org>
CommitDate: 2023-10-27 17:14:59 +0000

    net-im/py-matrix-synapse: Update to 1.93.0

    Release notes:

     - https://github.com/matrix-org/synapse/releases/tag/v1.91.1
     - https://github.com/matrix-org/synapse/releases/tag/v1.91.2
     - https://github.com/matrix-org/synapse/releases/tag/v1.92.0
     - https://github.com/matrix-org/synapse/releases/tag/v1.92.1
     - https://github.com/matrix-org/synapse/releases/tag/v1.92.2
     - https://github.com/matrix-org/synapse/releases/tag/v1.93.0

    PR:             273563
    Approved by:    Sascha Biberhofer <ports@skyforge.at> (maintainer)

 net-im/py-matrix-synapse/Makefile                  |  3 +-
 net-im/py-matrix-synapse/Makefile.crates           | 16 ++++-----
 net-im/py-matrix-synapse/distinfo                  | 38 +++++++++++-----------
 .../py-matrix-synapse/files/patch-pyproject.toml   | 15 ++-------
 4 files changed, 31 insertions(+), 41 deletions(-)