Date: Thu, 10 Jan 2019 17:07:24 +0000 From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 234828] update net-im/py-matrix-synapse to 0.34.1.1, fix CVE-2019-5885 Message-ID: <bug-234828-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D234828 Bug ID: 234828 Summary: update net-im/py-matrix-synapse to 0.34.1.1, fix CVE-2019-5885 Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Some People Priority: --- Component: Individual Port(s) Assignee: ports-bugs@FreeBSD.org Reporter: ports@skyforge.at Created attachment 200991 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D200991&action= =3Dedit patch to update net-im/py-matrix-synapse to 0.34.1.1 The synapse team just released 0.34.1.1, fixing CVE-2019-5885, see [1]. I've bumped the version, and some minor dependencies. I had to patch python_dependencies.py to avoid a version check against the prometheus libr= ary, as the version shipped w/ FreeBSD is more recent than the one officially supported by synapse. As a consequence, this update may break monitoring w/ prometheus as it rena= mes some metrics exported by synapse w/ the old version, see [2]. This seems unavoidable however, as our synapse package is either broken or exports different metric names, hence I chose the lesser evil.=20 In any case, the new version seems to work fine. We should probably update = this asap and push it to the quarterly repos too. Cheers, Sascha [1] https://github.com/matrix-org/synapse/releases/tag/v0.34.1.1 [2] https://github.com/matrix-org/synapse/issues/4221 --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-234828-7788>