Hello, Here is a security update for net/synapse to 1.24.0
It solves the 2 following CVE
There is a denial of service attack
(CVE-2020-26257)
against the federation APIs in which future events will not be
correctly sent
to other servers over federation. This affects all servers that
participate in
open federation. (Fixed in #8776).
Synapse may be affected by OpenSSL
CVE-2020-1971.
Synapse administrators should ensure that they have the latest
versions of
the cryptography Python package installed.
Regards
? patch
Index: Makefile
===================================================================
RCS file: /cvs/ports/net/synapse/Makefile,v
retrieving revision 1.14
diff -u -p -r1.14 Makefile
--- Makefile 23 Oct 2020 16:49:48 -0000 1.14
+++ Makefile 9 Dec 2020 12:39:06 -0000
@@ -2,7 +2,7 @@
COMMENT = open network for secure, decentralized communication
-MODPY_EGG_VERSION = 1.21.2
+MODPY_EGG_VERSION = 1.24.0
GH_ACCOUNT = matrix-org
GH_PROJECT = synapse
Index: distinfo
===================================================================
RCS file: /cvs/ports/net/synapse/distinfo,v
retrieving revision 1.12
diff -u -p -r1.12 distinfo
--- distinfo 23 Oct 2020 16:49:48 -0000 1.12
+++ distinfo 9 Dec 2020 12:39:06 -0000
@@ -1,2 +1,2 @@
-SHA256 (synapse-1.21.2.tar.gz) = 7HBzvvzaaXQoxNY0x6hjfqfRsBY5s6lD1yghuoEQoL8=
-SIZE (synapse-1.21.2.tar.gz) = 6930190
+SHA256 (synapse-1.24.0.tar.gz) = 1VqbQUMuPKNIsT2OSz7OZRWz52oPQGLoA27hIEhC9To=
+SIZE (synapse-1.24.0.tar.gz) = 7008162
Index: pkg/PLIST
===================================================================
RCS file: /cvs/ports/net/synapse/pkg/PLIST,v
retrieving revision 1.11
diff -u -p -r1.11 PLIST
--- pkg/PLIST 23 Oct 2020 16:49:48 -0000 1.11
+++ pkg/PLIST 9 Dec 2020 12:39:06 -0000
@@ -63,6 +63,7 @@ lib/python${MODPY_VERSION}/site-packages
lib/python${MODPY_VERSION}/site-packages/synapse/app/${MODPY_PYCACHE}generic_worker.${MODPY_PYC_MAGIC_TAG}pyc
lib/python${MODPY_VERSION}/site-packages/synapse/app/${MODPY_PYCACHE}homeserver.${MODPY_PYC_MAGIC_TAG}pyc
lib/python${MODPY_VERSION}/site-packages/synapse/app/${MODPY_PYCACHE}media_repository.${MODPY_PYC_MAGIC_TAG}pyc
+lib/python${MODPY_VERSION}/site-packages/synapse/app/${MODPY_PYCACHE}phone_stats_home.${MODPY_PYC_MAGIC_TAG}pyc
lib/python${MODPY_VERSION}/site-packages/synapse/app/${MODPY_PYCACHE}pusher.${MODPY_PYC_MAGIC_TAG}pyc
lib/python${MODPY_VERSION}/site-packages/synapse/app/${MODPY_PYCACHE}synchrotron.${MODPY_PYC_MAGIC_TAG}pyc
lib/python${MODPY_VERSION}/site-packages/synapse/app/${MODPY_PYCACHE}user_dir.${MODPY_PYC_MAGIC_TAG}pyc
@@ -77,6 +78,7 @@ lib/python${MODPY_VERSION}/site-packages
lib/python${MODPY_VERSION}/site-packages/synapse/app/generic_worker.py
lib/python${MODPY_VERSION}/site-packages/synapse/app/homeserver.py
lib/python${MODPY_VERSION}/site-packages/synapse/app/media_repository.py
+lib/python${MODPY_VERSION}/site-packages/synapse/app/phone_stats_home.py
lib/python${MODPY_VERSION}/site-packages/synapse/app/pusher.py
lib/python${MODPY_VERSION}/site-packages/synapse/app/synchrotron.py
lib/python${MODPY_VERSION}/site-packages/synapse/app/user_dir.py
@@ -280,6 +282,7 @@ lib/python${MODPY_VERSION}/site-packages
lib/python${MODPY_VERSION}/site-packages/synapse/handlers/${MODPY_PYCACHE}saml_handler.${MODPY_PYC_MAGIC_TAG}pyc
lib/python${MODPY_VERSION}/site-packages/synapse/handlers/${MODPY_PYCACHE}search.${MODPY_PYC_MAGIC_TAG}pyc
lib/python${MODPY_VERSION}/site-packages/synapse/handlers/${MODPY_PYCACHE}set_password.${MODPY_PYC_MAGIC_TAG}pyc
+lib/python${MODPY_VERSION}/site-packages/synapse/handlers/${MODPY_PYCACHE}sso.${MODPY_PYC_MAGIC_TAG}pyc
lib/python${MODPY_VERSION}/site-packages/synapse/handlers/${MODPY_PYCACHE}state_deltas.${MODPY_PYC_MAGIC_TAG}pyc
lib/python${MODPY_VERSION}/site-packages/synapse/handlers/${MODPY_PYCACHE}stats.${MODPY_PYC_MAGIC_TAG}pyc
lib/python${MODPY_VERSION}/site-packages/synapse/handlers/${MODPY_PYCACHE}sync.${MODPY_PYC_MAGIC_TAG}pyc
@@ -321,6 +324,7 @@ lib/python${MODPY_VERSION}/site-packages
lib/python${MODPY_VERSION}/site-packages/synapse/handlers/saml_handler.py
lib/python${MODPY_VERSION}/site-packages/synapse/handlers/search.py
lib/python${MODPY_VERSION}/site-packages/synapse/handlers/set_password.py
+lib/python${MODPY_VERSION}/site-packages/synapse/handlers/sso.py
lib/python${MODPY_VERSION}/site-packages/synapse/handlers/state_deltas.py
lib/python${MODPY_VERSION}/site-packages/synapse/handlers/stats.py
lib/python${MODPY_VERSION}/site-packages/synapse/handlers/sync.py
@@ -370,16 +374,20 @@ lib/python${MODPY_VERSION}/site-packages
lib/python${MODPY_VERSION}/site-packages/synapse/logging/__init__.py
${MODPY_COMMENT}lib/python${MODPY_VERSION}/site-packages/synapse/logging/${MODPY_PYCACHE}/
lib/python${MODPY_VERSION}/site-packages/synapse/logging/${MODPY_PYCACHE}__init__.${MODPY_PYC_MAGIC_TAG}pyc
+lib/python${MODPY_VERSION}/site-packages/synapse/logging/${MODPY_PYCACHE}_remote.${MODPY_PYC_MAGIC_TAG}pyc
lib/python${MODPY_VERSION}/site-packages/synapse/logging/${MODPY_PYCACHE}_structured.${MODPY_PYC_MAGIC_TAG}pyc
lib/python${MODPY_VERSION}/site-packages/synapse/logging/${MODPY_PYCACHE}_terse_json.${MODPY_PYC_MAGIC_TAG}pyc
lib/python${MODPY_VERSION}/site-packages/synapse/logging/${MODPY_PYCACHE}context.${MODPY_PYC_MAGIC_TAG}pyc
+lib/python${MODPY_VERSION}/site-packages/synapse/logging/${MODPY_PYCACHE}filter.${MODPY_PYC_MAGIC_TAG}pyc
lib/python${MODPY_VERSION}/site-packages/synapse/logging/${MODPY_PYCACHE}formatter.${MODPY_PYC_MAGIC_TAG}pyc
lib/python${MODPY_VERSION}/site-packages/synapse/logging/${MODPY_PYCACHE}opentracing.${MODPY_PYC_MAGIC_TAG}pyc
lib/python${MODPY_VERSION}/site-packages/synapse/logging/${MODPY_PYCACHE}scopecontextmanager.${MODPY_PYC_MAGIC_TAG}pyc
lib/python${MODPY_VERSION}/site-packages/synapse/logging/${MODPY_PYCACHE}utils.${MODPY_PYC_MAGIC_TAG}pyc
+lib/python${MODPY_VERSION}/site-packages/synapse/logging/_remote.py
lib/python${MODPY_VERSION}/site-packages/synapse/logging/_structured.py
lib/python${MODPY_VERSION}/site-packages/synapse/logging/_terse_json.py
lib/python${MODPY_VERSION}/site-packages/synapse/logging/context.py
+lib/python${MODPY_VERSION}/site-packages/synapse/logging/filter.py
lib/python${MODPY_VERSION}/site-packages/synapse/logging/formatter.py
lib/python${MODPY_VERSION}/site-packages/synapse/logging/opentracing.py
lib/python${MODPY_VERSION}/site-packages/synapse/logging/scopecontextmanager.py
@@ -585,6 +593,7 @@ lib/python${MODPY_VERSION}/site-packages
lib/python${MODPY_VERSION}/site-packages/synapse/rest/admin/${MODPY_PYCACHE}purge_room_servlet.${MODPY_PYC_MAGIC_TAG}pyc
lib/python${MODPY_VERSION}/site-packages/synapse/rest/admin/${MODPY_PYCACHE}rooms.${MODPY_PYC_MAGIC_TAG}pyc
lib/python${MODPY_VERSION}/site-packages/synapse/rest/admin/${MODPY_PYCACHE}server_notice_servlet.${MODPY_PYC_MAGIC_TAG}pyc
+lib/python${MODPY_VERSION}/site-packages/synapse/rest/admin/${MODPY_PYCACHE}statistics.${MODPY_PYC_MAGIC_TAG}pyc
lib/python${MODPY_VERSION}/site-packages/synapse/rest/admin/${MODPY_PYCACHE}users.${MODPY_PYC_MAGIC_TAG}pyc
lib/python${MODPY_VERSION}/site-packages/synapse/rest/admin/_base.py
lib/python${MODPY_VERSION}/site-packages/synapse/rest/admin/devices.py
@@ -594,6 +603,7 @@ lib/python${MODPY_VERSION}/site-packages
lib/python${MODPY_VERSION}/site-packages/synapse/rest/admin/purge_room_servlet.py
lib/python${MODPY_VERSION}/site-packages/synapse/rest/admin/rooms.py
lib/python${MODPY_VERSION}/site-packages/synapse/rest/admin/server_notice_servlet.py
+lib/python${MODPY_VERSION}/site-packages/synapse/rest/admin/statistics.py
lib/python${MODPY_VERSION}/site-packages/synapse/rest/admin/users.py
lib/python${MODPY_VERSION}/site-packages/synapse/rest/client/
lib/python${MODPY_VERSION}/site-packages/synapse/rest/client/__init__.py
@@ -1187,6 +1197,8 @@ lib/python${MODPY_VERSION}/site-packages
lib/python${MODPY_VERSION}/site-packages/synapse/storage/databases/main/schema/delta/58/10_pushrules_enabled_delete_obsolete.sql
lib/python${MODPY_VERSION}/site-packages/synapse/storage/databases/main/schema/delta/58/10drop_local_rejections_stream.sql
lib/python${MODPY_VERSION}/site-packages/synapse/storage/databases/main/schema/delta/58/10federation_pos_instance_name.sql
+lib/python${MODPY_VERSION}/site-packages/synapse/storage/databases/main/schema/delta/58/11dehydration.sql
+lib/python${MODPY_VERSION}/site-packages/synapse/storage/databases/main/schema/delta/58/11fallback.sql
lib/python${MODPY_VERSION}/site-packages/synapse/storage/databases/main/schema/delta/58/11user_id_seq.py
lib/python${MODPY_VERSION}/site-packages/synapse/storage/databases/main/schema/delta/58/12room_stats.sql
lib/python${MODPY_VERSION}/site-packages/synapse/storage/databases/main/schema/delta/58/13remove_presence_allow_inbound.sql
@@ -1197,6 +1209,16 @@ lib/python${MODPY_VERSION}/site-packages
lib/python${MODPY_VERSION}/site-packages/synapse/storage/databases/main/schema/delta/58/16populate_stats_process_rooms_fix.sql
lib/python${MODPY_VERSION}/site-packages/synapse/storage/databases/main/schema/delta/58/17_catchup_last_successful.sql
lib/python${MODPY_VERSION}/site-packages/synapse/storage/databases/main/schema/delta/58/18stream_positions.sql
+lib/python${MODPY_VERSION}/site-packages/synapse/storage/databases/main/schema/delta/58/19instance_map.sql.postgres
+lib/python${MODPY_VERSION}/site-packages/synapse/storage/databases/main/schema/delta/58/19txn_id.sql
+lib/python${MODPY_VERSION}/site-packages/synapse/storage/databases/main/schema/delta/58/20instance_name_event_tables.sql
+lib/python${MODPY_VERSION}/site-packages/synapse/storage/databases/main/schema/delta/58/20user_daily_visits.sql
+lib/python${MODPY_VERSION}/site-packages/synapse/storage/databases/main/schema/delta/58/21as_device_stream.sql
+lib/python${MODPY_VERSION}/site-packages/synapse/storage/databases/main/schema/delta/58/21drop_device_max_stream_id.sql
+lib/python${MODPY_VERSION}/site-packages/synapse/storage/databases/main/schema/delta/58/22puppet_token.sql
+lib/python${MODPY_VERSION}/site-packages/synapse/storage/databases/main/schema/delta/58/22users_have_local_media.sql
+lib/python${MODPY_VERSION}/site-packages/synapse/storage/databases/main/schema/delta/58/23e2e_cross_signing_keys_idx.sql
+lib/python${MODPY_VERSION}/site-packages/synapse/storage/databases/main/schema/delta/58/24drop_event_json_index.sql
${MODPY_COMMENT}lib/python${MODPY_VERSION}/site-packages/synapse/storage/databases/main/schema/delta/58/${MODPY_PYCACHE}/
lib/python${MODPY_VERSION}/site-packages/synapse/storage/databases/main/schema/delta/58/${MODPY_PYCACHE}06dlols_unique_idx.${MODPY_PYC_MAGIC_TAG}pyc
lib/python${MODPY_VERSION}/site-packages/synapse/storage/databases/main/schema/delta/58/${MODPY_PYCACHE}11user_id_seq.${MODPY_PYC_MAGIC_TAG}pyc
@@ -1342,6 +1364,7 @@ lib/python${MODPY_VERSION}/site-packages
lib/python${MODPY_VERSION}/site-packages/synapse/util/caches/__init__.py
${MODPY_COMMENT}lib/python${MODPY_VERSION}/site-packages/synapse/util/caches/${MODPY_PYCACHE}/
lib/python${MODPY_VERSION}/site-packages/synapse/util/caches/${MODPY_PYCACHE}__init__.${MODPY_PYC_MAGIC_TAG}pyc
+lib/python${MODPY_VERSION}/site-packages/synapse/util/caches/${MODPY_PYCACHE}deferred_cache.${MODPY_PYC_MAGIC_TAG}pyc
lib/python${MODPY_VERSION}/site-packages/synapse/util/caches/${MODPY_PYCACHE}descriptors.${MODPY_PYC_MAGIC_TAG}pyc
lib/python${MODPY_VERSION}/site-packages/synapse/util/caches/${MODPY_PYCACHE}dictionary_cache.${MODPY_PYC_MAGIC_TAG}pyc
lib/python${MODPY_VERSION}/site-packages/synapse/util/caches/${MODPY_PYCACHE}expiringcache.${MODPY_PYC_MAGIC_TAG}pyc
@@ -1350,6 +1373,7 @@ lib/python${MODPY_VERSION}/site-packages
lib/python${MODPY_VERSION}/site-packages/synapse/util/caches/${MODPY_PYCACHE}stream_change_cache.${MODPY_PYC_MAGIC_TAG}pyc
lib/python${MODPY_VERSION}/site-packages/synapse/util/caches/${MODPY_PYCACHE}treecache.${MODPY_PYC_MAGIC_TAG}pyc
lib/python${MODPY_VERSION}/site-packages/synapse/util/caches/${MODPY_PYCACHE}ttlcache.${MODPY_PYC_MAGIC_TAG}pyc
+lib/python${MODPY_VERSION}/site-packages/synapse/util/caches/deferred_cache.py
lib/python${MODPY_VERSION}/site-packages/synapse/util/caches/descriptors.py
lib/python${MODPY_VERSION}/site-packages/synapse/util/caches/dictionary_cache.py
lib/python${MODPY_VERSION}/site-packages/synapse/util/caches/expiringcache.py
smime.p7s
Description: S/MIME Cryptographic Signature
