Security update: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26257 Other than that, we don't need patches in this port any longer: https://github.com/matrix-org/synapse/pull/8875#issuecomment-739548357 Built with poudriere and tested deployment on a couple homeservers without issues.
Created attachment 220469 [details] Update py-matrix-synapse to 1.24.0
Created attachment 220470 [details] vuxml: add entry for CVE-2020-26257 $ make validate /bin/sh /poudriere/ports/default/security/vuxml/files/tidy.sh "/poudriere/ports/default/security/vuxml/files/tidy.xsl" "/poudriere/ports/default/security/vuxml/vuln.xml" > "/poudriere/ports/default/security/vuxml/vuln.xml.tidy" >>> Validating... /usr/local/bin/xmllint --valid --noout /poudriere/ports/default/security/vuxml/vuln.xml >>> Successful. Checking if tidy differs... ... seems okay Checking for space/tab... ... seems okay /usr/local/bin/python3.7 /poudriere/ports/default/security/vuxml/files/extra-validation.py /poudriere/ports/default/security/vuxml/vuln.xml
Build and package info is available at https://gitlab.com/swills/freebsd-ports/pipelines/228747520
The patch looks fine, builds fine, tests fine (PASSED (skips=15, successes=1354)) and running it in production hasn't set my homeserver on fire. I think that's as good as it can possibly get. :D Thank you for the patch and the vuxml entry!
A commit references this bug: Author: dbaio Date: Sun Dec 13 00:28:15 UTC 2020 New revision: 557876 URL: https://svnweb.freebsd.org/changeset/ports/557876 Log: security/vuxml: Document net-im/py-matrix-synapse issue PR: 251768 Submitted by: contact@evilham.com Security: CVE-2020-26257 Changes: head/security/vuxml/vuln.xml
A commit references this bug: Author: dbaio Date: Sun Dec 13 12:43:54 UTC 2020 New revision: 557894 URL: https://svnweb.freebsd.org/changeset/ports/557894 Log: net-im/py-matrix-synapse: Update to 1.24.0, Fix security issue Changelog: https://github.com/matrix-org/synapse/blob/v1.24.0/CHANGES.md PR: 251768 Submitted by: contact@evilham.com Approved by: Sascha Biberhofer <ports@skyforge.at> (maintainer) MFH: 2020Q4 Security: cfa0be42-3cd7-11eb-9de7-641c67a117d8 Changes: head/net-im/py-matrix-synapse/Makefile head/net-im/py-matrix-synapse/distinfo head/net-im/py-matrix-synapse/files/patch-synapse_python__dependencies.py
A commit references this bug: Author: dbaio Date: Sun Dec 13 12:57:48 UTC 2020 New revision: 557895 URL: https://svnweb.freebsd.org/changeset/ports/557895 Log: MFH: r556310 r557894 net-im/py-matrix-synapse: Update to 1.23.0 Changelog: https://github.com/matrix-org/synapse/blob/v1.23.0/CHANGES.md PR: 250965 Submitted by: Sascha Biberhofer <ports@skyforge.at> (maintainer) net-im/py-matrix-synapse: Update to 1.24.0, Fix security issue Changelog: https://github.com/matrix-org/synapse/blob/v1.24.0/CHANGES.md PR: 251768 Submitted by: contact@evilham.com Approved by: Sascha Biberhofer <ports@skyforge.at> (maintainer) Security: cfa0be42-3cd7-11eb-9de7-641c67a117d8 Changes: _U branches/2020Q4/ branches/2020Q4/net-im/py-matrix-synapse/Makefile branches/2020Q4/net-im/py-matrix-synapse/distinfo branches/2020Q4/net-im/py-matrix-synapse/files/patch-synapse_python__dependencies.py
Committed, thank you both.