Update to 1.11.0
Created attachment 211798 [details]
Build info is available at https://gitlab.com/swills/freebsd-ports/pipelines/119937222
Hi! I think this update introduces a problem w/ the sqlite support, as is noticable when running the testsuit. According to upstream, it seems that synapse now relies on the json1 support within sqlite3.
By default, however, the packaged version of sqlite3 in FreeBSD doesn't contain this support, which probably break synapse for anyone using synapse w/ an sqlite3 backend on FreeBSD.
I'm not sure how to proceed from here. I can't, to the best of my knowledge, directly depend on a given option in a port. The only way to fix this might be to include the json1 option in sqlite3, for which I'll file a seperate bug report.
I'm also in contact with upstream to see if and how we can resolve this any other way.
Created attachment 212130 [details]
net-im/py-matrix-synapse: update to 1.11.1 (fixes security issue)
In the meantime, the matrix developers have released version 1.11.1, an update which fixes a security vulnerability in synapse (see ). One should not that this vulnerability only affects users using SSO with synapse. I will probably write a vuxml entry for this tomorrow.
The attached patch should bump our port to 1.11.1, but we still need an sqlite3 version supporting JSON1, otherwise the update breaks sqlite installations.
Created attachment 212157 [details]
vuxml entry for py-matrix-synapse versions prior to 1.11.1
Here's a vuxml entry for this issue.
A commit references this bug:
Date: Wed Mar 11 10:58:21 UTC 2020
New revision: 528227
Document py-matrix-synapse vulnerabilities
Submitted by: Sascha Biberhofer <email@example.com>