Hello, Here is a diff for net/synapse 1.85.0.
This release solves 2 CVE: CVE-2023-32682 — Low SeverityIt may be possible for a deactivated user to login when using uncommon configurations.
CVE-2023-32683 — Low SeverityA discovered oEmbed or image URL can bypass the url_preview_url_blacklist setting potentially allowing server side request forgery or bypassing network policies. Impact is limited to IP addresses allowed by the url_preview_ip_range_blacklist setting (by default this only allows public IPs).
Working fine on amd64. Backport to -stable works too. Best Regards
Index: Makefile =================================================================== RCS file: /cvs/ports/net/synapse/Makefile,v retrieving revision 1.53 diff -u -p -r1.53 Makefile --- Makefile 29 May 2023 17:36:29 -0000 1.53 +++ Makefile 6 Jun 2023 09:56:09 -0000 @@ -1,6 +1,6 @@ COMMENT = open network for secure, decentralized communication -MODPY_EGG_VERSION = 1.84.1 +MODPY_EGG_VERSION = 1.85.0 GH_ACCOUNT = matrix-org GH_PROJECT = synapse Index: distinfo =================================================================== RCS file: /cvs/ports/net/synapse/distinfo,v retrieving revision 1.37 diff -u -p -r1.37 distinfo --- distinfo 29 May 2023 17:36:29 -0000 1.37 +++ distinfo 6 Jun 2023 09:56:09 -0000 @@ -15,7 +15,7 @@ SHA256 (cargo/itoa-1.0.4.tar.gz) = QhetN SHA256 (cargo/lazy_static-1.4.0.tar.gz) = 4qutI/vEKzcA8vJ5hE3IMq2ysusGmy35GPRVxOGMxkY= SHA256 (cargo/libc-0.2.135.tar.gz) = aHg/68d4LGxctAH72k3lqYmL4XYjFNoLssEM7WHxiww= SHA256 (cargo/lock_api-0.4.9.tar.gz) = Q1ARNm/lZYOxbPlW+d8AlbQFuC12QlvImBwOIuYOxN8= -SHA256 (cargo/log-0.4.17.tar.gz) = q7EuaHz7RKpA9B/Dl473ZEj5tgOMrWrvQlnTwJWiOC4= +SHA256 (cargo/log-0.4.18.tar.gz) = UY73by+HNlkWsUKETBbY/v2FA5vFaZBQIQp3eO4c0d4= SHA256 (cargo/memchr-2.5.0.tar.gz) = Lf/lLs8ndy5gGQW3Uiy073kNLMIDSIu9Di/oX8t0Vm0= SHA256 (cargo/memoffset-0.6.5.tar.gz) = WqNh1Prqk2AwZKAnQV8HvY4dXIjJ+/aL9WooVCj9ec4= SHA256 (cargo/once_cell-1.15.0.tar.gz) = 6C2tBBObcakMCAyEY/4Nx5AttRktk5vQlQ8HTQFDOeE= @@ -53,7 +53,7 @@ SHA256 (cargo/windows_i686_gnu-0.36.1.ta SHA256 (cargo/windows_i686_msvc-0.36.1.tar.gz) = 4ueRcUiygS0e6vrrIql+SBPfpgo/j3jr4gS8yI8S8CQ= SHA256 (cargo/windows_x86_64_gnu-0.36.1.tar.gz) = Tc0XG4d2xBuXUh5doSei2GrSgBFIB9Cyqx5GK8dk2eE= SHA256 (cargo/windows_x86_64_msvc-0.36.1.tar.gz) = yBHKSoyFPvQgq9hZK6U927rJBBD6tpA7PnmXKmMfdoA= -SHA256 (synapse-1.84.1.tar.gz) = qd7T34u35hqHYroUFAdbSpNHeQS0g83RI9VDVjnX3OA= +SHA256 (synapse-1.85.0.tar.gz) = fskhUirZ8eQ+0z2mJYdDcdqru6mh+dM9OhE5182XqR8= SIZE (cargo/aho-corasick-0.7.19.tar.gz) = 113070 SIZE (cargo/anyhow-1.0.71.tar.gz) = 43808 SIZE (cargo/arc-swap-1.5.1.tar.gz) = 66157 @@ -71,7 +71,7 @@ SIZE (cargo/itoa-1.0.4.tar.gz) = 10601 SIZE (cargo/lazy_static-1.4.0.tar.gz) = 10443 SIZE (cargo/libc-0.2.135.tar.gz) = 604591 SIZE (cargo/lock_api-0.4.9.tar.gz) = 25685 -SIZE (cargo/log-0.4.17.tar.gz) = 38028 +SIZE (cargo/log-0.4.18.tar.gz) = 38339 SIZE (cargo/memchr-2.5.0.tar.gz) = 65812 SIZE (cargo/memoffset-0.6.5.tar.gz) = 7686 SIZE (cargo/once_cell-1.15.0.tar.gz) = 31460 @@ -109,4 +109,4 @@ SIZE (cargo/windows_i686_gnu-0.36.1.tar. SIZE (cargo/windows_i686_msvc-0.36.1.tar.gz) = 724575 SIZE (cargo/windows_x86_64_gnu-0.36.1.tar.gz) = 790934 SIZE (cargo/windows_x86_64_msvc-0.36.1.tar.gz) = 661999 -SIZE (synapse-1.84.1.tar.gz) = 8275282 +SIZE (synapse-1.85.0.tar.gz) = 8285450 Index: modules.inc =================================================================== RCS file: /cvs/ports/net/synapse/modules.inc,v retrieving revision 1.10 diff -u -p -r1.10 modules.inc --- modules.inc 24 May 2023 07:27:18 -0000 1.10 +++ modules.inc 6 Jun 2023 09:56:09 -0000 @@ -15,7 +15,7 @@ MODCARGO_CRATES += itoa 1.0.4 # MIT OR A MODCARGO_CRATES += lazy_static 1.4.0 # MIT/Apache-2.0 MODCARGO_CRATES += libc 0.2.135 # MIT OR Apache-2.0 MODCARGO_CRATES += lock_api 0.4.9 # MIT OR Apache-2.0 -MODCARGO_CRATES += log 0.4.17 # MIT OR Apache-2.0 +MODCARGO_CRATES += log 0.4.18 # MIT OR Apache-2.0 MODCARGO_CRATES += memchr 2.5.0 # Unlicense/MIT MODCARGO_CRATES += memoffset 0.6.5 # MIT MODCARGO_CRATES += once_cell 1.15.0 # MIT OR Apache-2.0
smime.p7s
Description: S/MIME Cryptographic Signature
