228072 – net-im/py-matrix-synapse update to 0.28.1 to guarantee compatibility to server already updated and it's security relevant

Bug 228072 - net-im/py-matrix-synapse update to 0.28.1 to guarantee compatibility to server already updated and it's security relevant

Summary: net-im/py-matrix-synapse update to 0.28.1 to guarantee compatibility to serve...

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	--- Affects Many People
Assignee:	Mark Felder

URL:
Keywords:	security

Depends on:
Blocks:

Reported:	2018-05-08 15:40 UTC by CTS - FreeBSD Team
Modified:	2018-06-06 16:49 UTC (History)
CC List:	3 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description CTS - FreeBSD Team 2018-05-08 15:40:22 UTC

A collegue of mine made a patch to update net-im/py-matrix-synapse to the current version 0.28.1

Here is the patch:

---------8<----------8<---------
--- py-matrix-synapse.orig/distinfo     2018-04-16 23:24:24.000000000 +0200
+++ py-matrix-synapse/distinfo  2018-05-08 16:54:29.929080000 +0200
@@ -1,3 +1,3 @@
-TIMESTAMP = 1523908627
-SHA256 (matrix-org-synapse-v0.27.4_GH0.tar.gz) = afdead01189d5bd97c47a8bccd88d973b811241d889298fdacb8384d97707db8
-SIZE (matrix-org-synapse-v0.27.4_GH0.tar.gz) = 939200
+TIMESTAMP = 1525761095
+SHA256 (matrix-org-synapse-v0.28.1_GH0.tar.gz) = 3f2238172341506614a1b6ba5275bee79b418fee639a7fef3917b1188c515e70
+SIZE (matrix-org-synapse-v0.28.1_GH0.tar.gz) = 944101
diff -ru py-matrix-synapse.orig/Makefile py-matrix-synapse/Makefile
--- py-matrix-synapse.orig/Makefile     2018-04-24 21:47:31.000000000 +0200
+++ py-matrix-synapse/Makefile  2018-05-08 17:35:10.671997000 +0200
@@ -1,10 +1,11 @@
 # Created by: Brendan Molloy <brendan+freebsd@bbqsrc.net>
+# Updated by: Karl M. Joch <k.joch@cts.at>
 # $FreeBSD: head/net-im/py-matrix-synapse/Makefile 468236 2018-04-24 19:47:31Z sunpoet $
 
 PORTNAME=      matrix-synapse
 DISTVERSIONPREFIX=     v
-DISTVERSION=   0.27.4
-PORTREVISION=  2
+DISTVERSION=   0.28.1
+PORTREVISION=  1
 CATEGORIES=    net-im python
 PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX}
 
---------8<----------8<---------

Comment 1 Christian Schwarz 2018-05-13 10:04:43 UTC

Please set the 'security' keyword to make port secteam (https://wiki.freebsd.org/ports-secteam) aware of this bug.

Comment 2 Mark Felder freebsd_committer

2018-05-25 17:49:06 UTC

taking this as I used to maintain the port

Comment 3 Mark Felder freebsd_committer

2018-05-25 17:55:13 UTC

HEAD: r470859

2018Q2: r470860

Comment 4 Christian Schwarz 2018-05-28 09:00:40 UTC

The MFH (ports r470860 ) in 2018Q2 should have bumped the py-canonicaljson dependency (and maybe others?)

When updating py27-matrix-synapse on 2018Q2 and then restarting the service, I get the following error:

$ service synapse restart                                                                                                                                                                                 
Stopping synapse.                                                                                                                                                                                               
Waiting for PIDS: 64121.                                                                                                                                                                                                     
Starting synapse.                                                                                                                                                                                                  
Missing Requirement: Version of 'canonicaljson>=1.1.3' in '/usr/local/lib/python2.7/site-packages/canonicaljson.pyc' is too old. '1.0.0' < '1.1.3'                                                                                 
To install run:                                                                                                                                                                                                          
    pip install --upgrade --force "canonicaljson>=1.1.3"                                                                                                                                                                       
/usr/local/etc/rc.d/synapse: WARNING: failed to start synapse

Comment 5 commit-hook freebsd_committer

2018-06-06 16:49:17 UTC

A commit references this bug:

Author: feld
Date: Wed Jun  6 16:48:13 UTC 2018
New revision: 471859
URL: https://svnweb.freebsd.org/changeset/ports/471859

Log:
  MFH: r467535 r471795

  Update to 1.1.4

  - Change MASTER_SITES to CHEESESHOP
  - Add missing RUN_DEPENDS

  Changes:	https://github.com/matrix-org/python-canonicaljson/blob/master/CHANGES.md
  PR:		228072

Changes:
_U  branches/2018Q2/
  branches/2018Q2/devel/py-canonicaljson/Makefile
  branches/2018Q2/devel/py-canonicaljson/distinfo
  branches/2018Q2/devel/py-canonicaljson/pkg-descr