Index: Makefile
===================================================================
RCS file: /cvs/ports/net/synapse/Makefile,v
retrieving revision 1.53
diff -u -p -r1.53 Makefile
--- Makefile 29 May 2023 17:36:29 -0000 1.53
+++ Makefile 6 Jun 2023 09:56:09 -0000
@@ -1,6 +1,6 @@
COMMENT = open network for secure, decentralized communication
-MODPY_EGG_VERSION = 1.84.1
+MODPY_EGG_VERSION = 1.85.0
GH_ACCOUNT = matrix-org
GH_PROJECT = synapse
Index: distinfo
===================================================================
RCS file: /cvs/ports/net/synapse/distinfo,v
retrieving revision 1.37
diff -u -p -r1.37 distinfo
--- distinfo 29 May 2023 17:36:29 -0000 1.37
+++ distinfo 6 Jun 2023 09:56:09 -0000
@@ -15,7 +15,7 @@ SHA256 (cargo/itoa-1.0.4.tar.gz) = QhetN
SHA256 (cargo/lazy_static-1.4.0.tar.gz) = 4qutI/vEKzcA8vJ5hE3IMq2ysusGmy35GPRVxOGMxkY=
SHA256 (cargo/libc-0.2.135.tar.gz) = aHg/68d4LGxctAH72k3lqYmL4XYjFNoLssEM7WHxiww=
SHA256 (cargo/lock_api-0.4.9.tar.gz) = Q1ARNm/lZYOxbPlW+d8AlbQFuC12QlvImBwOIuYOxN8=
-SHA256 (cargo/log-0.4.17.tar.gz) = q7EuaHz7RKpA9B/Dl473ZEj5tgOMrWrvQlnTwJWiOC4=
+SHA256 (cargo/log-0.4.18.tar.gz) = UY73by+HNlkWsUKETBbY/v2FA5vFaZBQIQp3eO4c0d4=
SHA256 (cargo/memchr-2.5.0.tar.gz) = Lf/lLs8ndy5gGQW3Uiy073kNLMIDSIu9Di/oX8t0Vm0=
SHA256 (cargo/memoffset-0.6.5.tar.gz) = WqNh1Prqk2AwZKAnQV8HvY4dXIjJ+/aL9WooVCj9ec4=
SHA256 (cargo/once_cell-1.15.0.tar.gz) = 6C2tBBObcakMCAyEY/4Nx5AttRktk5vQlQ8HTQFDOeE=
@@ -53,7 +53,7 @@ SHA256 (cargo/windows_i686_gnu-0.36.1.ta
SHA256 (cargo/windows_i686_msvc-0.36.1.tar.gz) = 4ueRcUiygS0e6vrrIql+SBPfpgo/j3jr4gS8yI8S8CQ=
SHA256 (cargo/windows_x86_64_gnu-0.36.1.tar.gz) = Tc0XG4d2xBuXUh5doSei2GrSgBFIB9Cyqx5GK8dk2eE=
SHA256 (cargo/windows_x86_64_msvc-0.36.1.tar.gz) = yBHKSoyFPvQgq9hZK6U927rJBBD6tpA7PnmXKmMfdoA=
-SHA256 (synapse-1.84.1.tar.gz) = qd7T34u35hqHYroUFAdbSpNHeQS0g83RI9VDVjnX3OA=
+SHA256 (synapse-1.85.0.tar.gz) = fskhUirZ8eQ+0z2mJYdDcdqru6mh+dM9OhE5182XqR8=
SIZE (cargo/aho-corasick-0.7.19.tar.gz) = 113070
SIZE (cargo/anyhow-1.0.71.tar.gz) = 43808
SIZE (cargo/arc-swap-1.5.1.tar.gz) = 66157
@@ -71,7 +71,7 @@ SIZE (cargo/itoa-1.0.4.tar.gz) = 10601
SIZE (cargo/lazy_static-1.4.0.tar.gz) = 10443
SIZE (cargo/libc-0.2.135.tar.gz) = 604591
SIZE (cargo/lock_api-0.4.9.tar.gz) = 25685
-SIZE (cargo/log-0.4.17.tar.gz) = 38028
+SIZE (cargo/log-0.4.18.tar.gz) = 38339
SIZE (cargo/memchr-2.5.0.tar.gz) = 65812
SIZE (cargo/memoffset-0.6.5.tar.gz) = 7686
SIZE (cargo/once_cell-1.15.0.tar.gz) = 31460
@@ -109,4 +109,4 @@ SIZE (cargo/windows_i686_gnu-0.36.1.tar.
SIZE (cargo/windows_i686_msvc-0.36.1.tar.gz) = 724575
SIZE (cargo/windows_x86_64_gnu-0.36.1.tar.gz) = 790934
SIZE (cargo/windows_x86_64_msvc-0.36.1.tar.gz) = 661999
-SIZE (synapse-1.84.1.tar.gz) = 8275282
+SIZE (synapse-1.85.0.tar.gz) = 8285450
Index: modules.inc
===================================================================
RCS file: /cvs/ports/net/synapse/modules.inc,v
retrieving revision 1.10
diff -u -p -r1.10 modules.inc
--- modules.inc 24 May 2023 07:27:18 -0000 1.10
+++ modules.inc 6 Jun 2023 09:56:09 -0000
@@ -15,7 +15,7 @@ MODCARGO_CRATES += itoa 1.0.4 # MIT OR A
MODCARGO_CRATES += lazy_static 1.4.0 # MIT/Apache-2.0
MODCARGO_CRATES += libc 0.2.135 # MIT OR Apache-2.0
MODCARGO_CRATES += lock_api 0.4.9 # MIT OR Apache-2.0
-MODCARGO_CRATES += log 0.4.17 # MIT OR Apache-2.0
+MODCARGO_CRATES += log 0.4.18 # MIT OR Apache-2.0
MODCARGO_CRATES += memchr 2.5.0 # Unlicense/MIT
MODCARGO_CRATES += memoffset 0.6.5 # MIT
MODCARGO_CRATES += once_cell 1.15.0 # MIT OR Apache-2.0
Hello,
Here is a diff for net/synapse 1.85.0.
This release solves 2 CVE:
CVE-2023-32682 — Low Severity
It may be possible for a deactivated user to login when using uncommon
configurations.
CVE-2023-32683 — Low Severity
A discovered oEmbed or image URL can bypass the
url_preview_url_blacklist setting potentially allowing server side
request forgery or bypassing network policies. Impact is limited to IP
addresses allowed by the url_preview_ip_range_blacklist setting (by
default this only allows public IPs).
Working fine on amd64. Backport to -stable works too.
Best Regards
No comments:
Post a Comment