Bug 251768 - net-im/py-matrix-synapse: Update to 1.24.0
Summary: net-im/py-matrix-synapse: Update to 1.24.0
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Danilo G. Baio
URL: https://github.com/matrix-org/synapse...
Keywords: buildisok, patch, security
Depends on:
Blocks:
 
Reported: 2020-12-11 23:00 UTC by Evilham
Modified: 2020-12-13 12:59 UTC (History)
2 users (show)

See Also:
ports: maintainer-feedback+


Attachments
Update py-matrix-synapse to 1.24.0 (2.07 KB, patch)
2020-12-11 23:09 UTC, Evilham
contact: maintainer-approval+
Details | Diff
vuxml: add entry for CVE-2020-26257 (1.86 KB, patch)
2020-12-11 23:34 UTC, Evilham
contact: maintainer-approval+
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Evilham 2020-12-11 23:00:42 UTC
Security update: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26257

Other than that, we don't need patches in this port any longer:
https://github.com/matrix-org/synapse/pull/8875#issuecomment-739548357

Built with poudriere and tested deployment on a couple homeservers without issues.
Comment 1 Evilham 2020-12-11 23:09:55 UTC
Created attachment 220469 [details]
Update py-matrix-synapse to 1.24.0
Comment 2 Evilham 2020-12-11 23:34:17 UTC
Created attachment 220470 [details]
vuxml: add entry for CVE-2020-26257

$ make validate
/bin/sh /poudriere/ports/default/security/vuxml/files/tidy.sh "/poudriere/ports/default/security/vuxml/files/tidy.xsl" "/poudriere/ports/default/security/vuxml/vuln.xml" > "/poudriere/ports/default/security/vuxml/vuln.xml.tidy"
>>> Validating...
/usr/local/bin/xmllint --valid --noout /poudriere/ports/default/security/vuxml/vuln.xml
>>> Successful.
Checking if tidy differs...
... seems okay
Checking for space/tab...
... seems okay
/usr/local/bin/python3.7 /poudriere/ports/default/security/vuxml/files/extra-validation.py /poudriere/ports/default/security/vuxml/vuln.xml
Comment 3 Automation User 2020-12-11 23:41:03 UTC
Build and package info is available at https://gitlab.com/swills/freebsd-ports/pipelines/228747520
Comment 4 Sascha Biberhofer 2020-12-12 00:18:41 UTC
The patch looks fine, builds fine, tests fine (PASSED (skips=15, successes=1354)) and running it in production hasn't set my homeserver on fire. I think that's as good as it can possibly get. :D

Thank you for the patch and the vuxml entry!
Comment 5 commit-hook freebsd_committer freebsd_triage 2020-12-13 00:28:43 UTC
A commit references this bug:

Author: dbaio
Date: Sun Dec 13 00:28:15 UTC 2020
New revision: 557876
URL: https://svnweb.freebsd.org/changeset/ports/557876

Log:
  security/vuxml: Document net-im/py-matrix-synapse issue

  PR:		251768
  Submitted by:	contact@evilham.com
  Security:	CVE-2020-26257

Changes:
  head/security/vuxml/vuln.xml
Comment 6 commit-hook freebsd_committer freebsd_triage 2020-12-13 12:44:03 UTC
A commit references this bug:

Author: dbaio
Date: Sun Dec 13 12:43:54 UTC 2020
New revision: 557894
URL: https://svnweb.freebsd.org/changeset/ports/557894

Log:
  net-im/py-matrix-synapse: Update to 1.24.0, Fix security issue

  Changelog:	https://github.com/matrix-org/synapse/blob/v1.24.0/CHANGES.md

  PR:		251768
  Submitted by:	contact@evilham.com
  Approved by:	Sascha Biberhofer <ports@skyforge.at> (maintainer)
  MFH:		2020Q4
  Security:	cfa0be42-3cd7-11eb-9de7-641c67a117d8

Changes:
  head/net-im/py-matrix-synapse/Makefile
  head/net-im/py-matrix-synapse/distinfo
  head/net-im/py-matrix-synapse/files/patch-synapse_python__dependencies.py
Comment 7 commit-hook freebsd_committer freebsd_triage 2020-12-13 12:58:06 UTC
A commit references this bug:

Author: dbaio
Date: Sun Dec 13 12:57:48 UTC 2020
New revision: 557895
URL: https://svnweb.freebsd.org/changeset/ports/557895

Log:
  MFH: r556310 r557894

  net-im/py-matrix-synapse: Update to 1.23.0

  Changelog:	https://github.com/matrix-org/synapse/blob/v1.23.0/CHANGES.md

  PR:		250965
  Submitted by:	Sascha Biberhofer <ports@skyforge.at> (maintainer)

  net-im/py-matrix-synapse: Update to 1.24.0, Fix security issue

  Changelog:	https://github.com/matrix-org/synapse/blob/v1.24.0/CHANGES.md

  PR:		251768
  Submitted by:	contact@evilham.com
  Approved by:	Sascha Biberhofer <ports@skyforge.at> (maintainer)
  Security:	cfa0be42-3cd7-11eb-9de7-641c67a117d8

Changes:
_U  branches/2020Q4/
  branches/2020Q4/net-im/py-matrix-synapse/Makefile
  branches/2020Q4/net-im/py-matrix-synapse/distinfo
  branches/2020Q4/net-im/py-matrix-synapse/files/patch-synapse_python__dependencies.py
Comment 8 Danilo G. Baio freebsd_committer freebsd_triage 2020-12-13 12:59:36 UTC
Committed, thank you both.