From nobody Sun Dec 15 15:48:37 2024
X-Original-To: ports-bugs@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YB6tZ0fLmz5h01m
	for <ports-bugs@mlmmj.nyi.freebsd.org>; Sun, 15 Dec 2024 15:48:38 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4YB6tY4mwsz43t2
	for <ports-bugs@FreeBSD.org>; Sun, 15 Dec 2024 15:48:37 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1734277717;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=DFBxgqXixxSPu9GYmOiclaarPkYXVAxa2rtr14iaU5E=;
	b=jGstsm7dGuod0uMdNyZ3H59GGDGeb57Epv0pLyXs8cf6pRs4S52lDrMyWXNjsVQ9tR98AQ
	iyJUxSsK1+pi7xJgf8cG47s3qF7aFGk3Xq11em5S0q3h8Dvdiw6cg1RyzDaphr9tQ9ppQP
	JiAuk309ExLr0ww407UctzGOrkra9Ae+vBVXxEeVryPowtj365pvQeDTxY4FAD6BO/7Qc9
	qMGV1KFaNKifn3xU30a/sVMaur8nNL4zFITmzTrcCHnTqNqJwOrRPFQMOlh0cCg+Jclz7K
	awFP+0nbpL0XUwCqGpbiq8CCaizYP+NWXyy3bDsZrn5ZUqcHq+GwQEp7dVMBxA==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734277717; a=rsa-sha256; cv=none;
	b=moQLmCB+hVamVlmFKQ2CT/yNaCP0/vc0MYTsO7t0m4H8EeMImje6JOy6G9hCrd25xGbtzx
	aul3F7pNtqo+5Ewq87PWiEaqurtPvVGMEZdCVYpVTZn8MPGt85PbV06a8WyBnu3sWmArPT
	AbA/SfzRDa5tWOQ3NXRUDBRY7WoAw0LHUNCkW7KrCIFcncQT3qDddT9WapFzbpl6UIfgxI
	2u+KZOfAMVGRMlLquiWA82DrGNSqujWnmjEE99higB273mb5JtY36iredkNA/563Mf6NOe
	eHWtsMqTk0rfxI7dG/u4kOnO67VuAiafrdgV9Iar4e8bv/ZTJhshAY4Hi5KX/A==
Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YB6tY4NspzF2d
	for <ports-bugs@FreeBSD.org>; Sun, 15 Dec 2024 15:48:37 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org ([127.0.1.5])
	by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 4BFFmbmW047494
	for <ports-bugs@FreeBSD.org>; Sun, 15 Dec 2024 15:48:37 GMT
	(envelope-from bugzilla-noreply@freebsd.org)
Received: (from www@localhost)
	by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 4BFFmbS2047493
	for ports-bugs@FreeBSD.org; Sun, 15 Dec 2024 15:48:37 GMT
	(envelope-from bugzilla-noreply@freebsd.org)
X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f
From: bugzilla-noreply@freebsd.org
To: ports-bugs@FreeBSD.org
Subject: [Bug 283350] net-im/py-matrix-synapse: Update to 1.120.2, fix
 multiple CVEs
Date: Sun, 15 Dec 2024 15:48:37 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: new
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Ports & Packages
X-Bugzilla-Component: Individual Port(s)
X-Bugzilla-Version: Latest
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: ports@skyforge.at
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: ports-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform
 bug_file_loc op_sys bug_status bug_severity priority component assigned_to
 reporter attachments.created
Message-ID: <bug-283350-7788@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
List-Id: Ports bug reports <freebsd-ports-bugs.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-ports-bugs
List-Help: <mailto:ports-bugs+help@freebsd.org>
List-Post: <mailto:ports-bugs@freebsd.org>
List-Subscribe: <mailto:ports-bugs+subscribe@freebsd.org>
List-Unsubscribe: <mailto:ports-bugs+unsubscribe@freebsd.org>
X-BeenThere: freebsd-ports-bugs@freebsd.org
Sender: owner-freebsd-ports-bugs@FreeBSD.org
MIME-Version: 1.0

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D283350

            Bug ID: 283350
           Summary: net-im/py-matrix-synapse: Update to 1.120.2, fix
                    multiple CVEs
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
               URL: https://github.com/element-hq/synapse/releases/tag/v1.
                    120.2
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: Individual Port(s)
          Assignee: ports-bugs@FreeBSD.org
          Reporter: ports@skyforge.at

Created attachment 255878
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D255878&action=
=3Dedit
net-im/py-matrix-synapse: Update to 1.120.2

This patch updates the synapse port from 1.118.0 to 1.120.2 to fix multiple
CVEs present in prior synapse versions:

* [1] CVE-2024-52805 (high)=E3=80=80
* [2] CVE-2024-52815 (high)
* [3] CVE-2024-53863 (high)
* [4] CVE-2024-53867 (moderate)
* [5] CVE-2024-37302 (high)
* [6] CVE-2024-37303 (moderate)


>From a ports perspective, the update includes some minor dependency changes=
 and
a version bump. The updated port builds fine on my setup and passes the usu=
al
testuite:

Ran 3887 tests in 134.485s, PASSED (skips=3D177, successes=3D3710)

The resulting package has been running fine on my server for the last 48h, =
so I
don't expect any breakage for users upgrading from the prior version.

As always, feedback is much appreciated. :)

Kind regards,
Sascha


[1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2024-52805
[2] https://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2024-52815
[3] https://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2024-53863
[4] https://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2024-53867
[5] https://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2024-37302
[6] https://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2024-37303

--=20
You are receiving this mail because:
You are the assignee for the bug.=