[Bug 247720] net-im/py-matrix-synapse: Security update to 1.15.2

[bugzilla-noreply at freebsd.org]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=247720

            Bug ID: 247720
           Summary: net-im/py-matrix-synapse: Security update to 1.15.2
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: Individual Port(s)
          Assignee: ports-bugs at FreeBSD.org
          Reporter: ports at skyforge.at

Created attachment 216148
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=216148&action=edit
net-im/py-matrix-synapse: 1.14.0 to 1.15.2

The matrix developers have just released synapse 1.15.2 (see [1]), containing
security fixes for two vulnerabilities:

- A malicious homeserver could force Synapse to reset the state in a room to a
small subset of the correct state. This affects all Synapse deployments which
federate with untrusted servers. (96e9afe6)

- HTML pages served via Synapse were vulnerable to clickjacking attacks. This
predominantly affects homeservers with single-sign-on enabled, but all server
administrators are encouraged to upgrade. (ea26e9a9)

This patch bumps the port to the aforementioned version. It also adds
www/py-pyjwt to the test dependencies, which is necessary to make the testsuite
pass successfully.

portlint: "OK" (4 Warnings, none new)
testport: OK (poudriere: 121amd64)
do-test: OK (Ran 1063 tests in 327.652s, PASSED (skips=5, successes=1058))

The resulting port also runs fine on my server.

Cheers,
Sascha

[1] https://github.com/matrix-org/synapse/releases/tag/v1.15.2

-- 
You are receiving this mail because:
You are the assignee for the bug.