Date: Thu, 02 Jul 2020 17:29:39 +0000 From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 247720] net-im/py-matrix-synapse: Security update to 1.15.2 Message-ID: <bug-247720-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D247720 Bug ID: 247720 Summary: net-im/py-matrix-synapse: Security update to 1.15.2 Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Some People Priority: --- Component: Individual Port(s) Assignee: ports-bugs@FreeBSD.org Reporter: ports@skyforge.at Created attachment 216148 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D216148&action= =3Dedit net-im/py-matrix-synapse: 1.14.0 to 1.15.2 The matrix developers have just released synapse 1.15.2 (see [1]), containi= ng security fixes for two vulnerabilities: - A malicious homeserver could force Synapse to reset the state in a room t= o a small subset of the correct state. This affects all Synapse deployments whi= ch federate with untrusted servers. (96e9afe6) - HTML pages served via Synapse were vulnerable to clickjacking attacks. Th= is predominantly affects homeservers with single-sign-on enabled, but all serv= er administrators are encouraged to upgrade. (ea26e9a9) This patch bumps the port to the aforementioned version. It also adds www/py-pyjwt to the test dependencies, which is necessary to make the tests= uite pass successfully. portlint: "OK" (4 Warnings, none new) testport: OK (poudriere: 121amd64) do-test: OK (Ran 1063 tests in 327.652s, PASSED (skips=3D5, successes=3D105= 8)) The resulting port also runs fine on my server. Cheers, Sascha [1] https://github.com/matrix-org/synapse/releases/tag/v1.15.2 --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-247720-7788>