Wednesday, November 01, 2023

[security] net/synapse 1.95.1

Index: Makefile
===================================================================
RCS file: /cvs/ports/net/synapse/Makefile,v
retrieving revision 1.64
diff -u -p -r1.64 Makefile
--- Makefile 11 Oct 2023 14:23:19 -0000 1.64
+++ Makefile 1 Nov 2023 08:33:35 -0000
@@ -1,6 +1,6 @@
COMMENT = open network for secure, decentralized communication

-MODPY_EGG_VERSION = 1.94.0
+MODPY_EGG_VERSION = 1.95.1

GH_ACCOUNT = matrix-org
GH_PROJECT = synapse
Index: distinfo
===================================================================
RCS file: /cvs/ports/net/synapse/distinfo,v
retrieving revision 1.48
diff -u -p -r1.48 distinfo
--- distinfo 11 Oct 2023 14:23:19 -0000 1.48
+++ distinfo 1 Nov 2023 08:33:35 -0000
@@ -17,18 +17,18 @@ SHA256 (cargo/libc-0.2.135.tar.gz) = aHg
SHA256 (cargo/lock_api-0.4.9.tar.gz) = Q1ARNm/lZYOxbPlW+d8AlbQFuC12QlvImBwOIuYOxN8=
SHA256 (cargo/log-0.4.20.tar.gz) = teYWPLjEkIjCw29Xh15YzNjIfHQn9/vVDqZxCy8/Lo8=
SHA256 (cargo/memchr-2.6.3.tar.gz) = jyMtbvcH4ZVqQzQmk9KjHnKYlVTVgpnXqIc4zJWw01w=
-SHA256 (cargo/memoffset-0.6.5.tar.gz) = WqNh1Prqk2AwZKAnQV8HvY4dXIjJ+/aL9WooVCj9ec4=
+SHA256 (cargo/memoffset-0.9.0.tar.gz) = WmNLHGGpVYW9FWB8arDE5bIm5pX/KAC6DNzN3yCMQGw=
SHA256 (cargo/once_cell-1.15.0.tar.gz) = 6C2tBBObcakMCAyEY/4Nx5AttRktk5vQlQ8HTQFDOeE=
SHA256 (cargo/parking_lot-0.12.1.tar.gz) = N0KywQO58GvJ//Cjf/SRKTWFG+5tNvPAK8x1W8/sIo8=
SHA256 (cargo/parking_lot_core-0.9.3.tar.gz) = CaJ5y/JcsHV4EDlPvB41mUm1njSBRcZDqTmlJWkuaSk=
SHA256 (cargo/proc-macro2-1.0.64.tar.gz) = eIA7Ysvx9G/egNfA6AMRFSS5h3GEz+fDAzZZSQrHp9o=
-SHA256 (cargo/pyo3-0.17.3.tar.gz) = JovgxzWDwYPysUBSM3RldowHcmk2omD0gPCFfLlbpUM=
-SHA256 (cargo/pyo3-build-config-0.17.3.tar.gz) = KPzR5z8G7IW/MoDEjGfnMdgpCtPXMPi+ncB5RpIwBcg=
-SHA256 (cargo/pyo3-ffi-0.17.3.tar.gz) = D2yxNuIi5JEVs8UcMnkoht77+wrerSamiBQrNGoLn/w=
-SHA256 (cargo/pyo3-log-0.8.3.tar.gz) = 9HsHd/6xf2Hup4Zn1hEDdYskOoce3AmneGUApQRntgU=
-SHA256 (cargo/pyo3-macros-0.17.3.tar.gz) = lBRKEmbiNrHJMmghNtw1qd7o01iXKPaBMMfDhh75ayg=
-SHA256 (cargo/pyo3-macros-backend-0.17.3.tar.gz) = yN+b6Xii0vDN66uwMgbtc7ETFHAaW/5xsNdTuBmXd38=
-SHA256 (cargo/pythonize-0.17.0.tar.gz) = D38ME29fvAGGgYXu9GKADkllnrI6zKg7nohDZ6AGrLY=
+SHA256 (cargo/pyo3-0.19.2.tar.gz) = 5oGmz9xK3Mk7TTz5k3SaRVIBjuCptl/AzPrXQ1LHKjg=
+SHA256 (cargo/pyo3-build-config-0.19.2.tar.gz) = B2xz0LxDj3pO9v3Qw7tHMhSRNqvZUrEQrJPk7bE6a6U=
+SHA256 (cargo/pyo3-ffi-0.19.2.tar.gz) = 5TzuQud+viVgZrqKp37/cis7uR80GRd89M0PME0yhNk=
+SHA256 (cargo/pyo3-log-0.8.4.tar.gz) = wJwrNJtlONinPUNspgbats4KqrTa2ea3vdV6T1VsO8M=
+SHA256 (cargo/pyo3-macros-0.19.2.tar.gz) = 3+tMmVl+E2Uoxt19Xj3lQ00c6vSHQ2o/A7LVa2/J79E=
+SHA256 (cargo/pyo3-macros-backend-0.19.2.tar.gz) = lH3BIXXCVIie3AwC45lHbC9lK0uevRI6plXCJN4llTY=
+SHA256 (cargo/pythonize-0.19.0.tar.gz) = jjW3FtQwrOV+LRtK+1HJ5bfEbSvOcpJuB/m+apjO0D4=
SHA256 (cargo/quote-1.0.29.tar.gz) = VzAV6KsnZhZ4NX8n3CZGBzj9K2yG5G84b96Uy12RMQU=
SHA256 (cargo/redox_syscall-0.2.16.tar.gz) = +1pYwYVbS2gZ1ZASFVYD8LIq0wytdSYAqt/LaVJlUZo=
SHA256 (cargo/regex-1.9.6.tar.gz) = 6+4gFAVAbb9Si4tnIQSubW1j5tEYyxDk1Rq7x7WARP8=
@@ -36,8 +36,8 @@ SHA256 (cargo/regex-automata-0.3.9.tar.g
SHA256 (cargo/regex-syntax-0.7.5.tar.gz) = 27X7Gs2KGhiz3VvmLSVIXrdw4Fr7QIqWJ9FNRRuuEto=
SHA256 (cargo/ryu-1.0.11.tar.gz) = RQGr3/OugqHBtHehclLrac7p5m65FcGrqk9E2HPfnwk=
SHA256 (cargo/scopeguard-1.1.0.tar.gz) = 0pqwxtP8Dukv5m4tmfcA6rF6jVfRwdO3SDgPsguqeM0=
-SHA256 (cargo/serde-1.0.188.tar.gz) = z54Py6aaNw7tYbzytyhXX3JrULVcungGR1PXCN3HVJ4=
-SHA256 (cargo/serde_derive-1.0.188.tar.gz) = Tsp6xkLYKqNbYASabsy0vmvnXlmb0umttfh1pzdlSvI=
+SHA256 (cargo/serde-1.0.189.tar.gz) = jkIqROdK1AAb3I7t6aRXCrUvcRkOnAdtFDafOLkgBTc=
+SHA256 (cargo/serde_derive-1.0.189.tar.gz) = HkjR+RgAnOMUVRE3jPaNYT47PZE31nJyViCA1oorMtU=
SHA256 (cargo/serde_json-1.0.107.tar.gz) = a0IM5uPYvYgumyQ8bu0128mmEQyXaedLWE4NaNHyDGU=
SHA256 (cargo/smallvec-1.10.0.tar.gz) = pQe+/nlUBEVjQd+rEM72bq1MBB9iuLEbu5K//l0JU+A=
SHA256 (cargo/subtle-2.4.1.tar.gz) = a97zLoFQwqCBEQtCdy/+fXyQMrYGvCJsgmD9l+CXZgE=
@@ -54,7 +54,7 @@ SHA256 (cargo/windows_i686_gnu-0.36.1.ta
SHA256 (cargo/windows_i686_msvc-0.36.1.tar.gz) = 4ueRcUiygS0e6vrrIql+SBPfpgo/j3jr4gS8yI8S8CQ=
SHA256 (cargo/windows_x86_64_gnu-0.36.1.tar.gz) = Tc0XG4d2xBuXUh5doSei2GrSgBFIB9Cyqx5GK8dk2eE=
SHA256 (cargo/windows_x86_64_msvc-0.36.1.tar.gz) = yBHKSoyFPvQgq9hZK6U927rJBBD6tpA7PnmXKmMfdoA=
-SHA256 (synapse-1.94.0.tar.gz) = ebWN7Xe2tv20gsdNwxXYE6G6Qj9Jb79HG7nhzaZ25dk=
+SHA256 (synapse-1.95.1.tar.gz) = cus37alOTa0nb4HVogwxeCuhIPraDWrE0+/g6N/mQr4=
SIZE (cargo/aho-corasick-1.0.2.tar.gz) = 167694
SIZE (cargo/anyhow-1.0.75.tar.gz) = 43901
SIZE (cargo/arc-swap-1.5.1.tar.gz) = 66157
@@ -74,18 +74,18 @@ SIZE (cargo/libc-0.2.135.tar.gz) = 60459
SIZE (cargo/lock_api-0.4.9.tar.gz) = 25685
SIZE (cargo/log-0.4.20.tar.gz) = 38307
SIZE (cargo/memchr-2.6.3.tar.gz) = 94377
-SIZE (cargo/memoffset-0.6.5.tar.gz) = 7686
+SIZE (cargo/memoffset-0.9.0.tar.gz) = 9033
SIZE (cargo/once_cell-1.15.0.tar.gz) = 31460
SIZE (cargo/parking_lot-0.12.1.tar.gz) = 40967
SIZE (cargo/parking_lot_core-0.9.3.tar.gz) = 32256
SIZE (cargo/proc-macro2-1.0.64.tar.gz) = 44848
-SIZE (cargo/pyo3-0.17.3.tar.gz) = 408939
-SIZE (cargo/pyo3-build-config-0.17.3.tar.gz) = 29230
-SIZE (cargo/pyo3-ffi-0.17.3.tar.gz) = 62854
-SIZE (cargo/pyo3-log-0.8.3.tar.gz) = 14324
-SIZE (cargo/pyo3-macros-0.17.3.tar.gz) = 7257
-SIZE (cargo/pyo3-macros-backend-0.17.3.tar.gz) = 49992
-SIZE (cargo/pythonize-0.17.0.tar.gz) = 10949
+SIZE (cargo/pyo3-0.19.2.tar.gz) = 418228
+SIZE (cargo/pyo3-build-config-0.19.2.tar.gz) = 29206
+SIZE (cargo/pyo3-ffi-0.19.2.tar.gz) = 66500
+SIZE (cargo/pyo3-log-0.8.4.tar.gz) = 14329
+SIZE (cargo/pyo3-macros-0.19.2.tar.gz) = 7173
+SIZE (cargo/pyo3-macros-backend-0.19.2.tar.gz) = 49962
+SIZE (cargo/pythonize-0.19.0.tar.gz) = 11647
SIZE (cargo/quote-1.0.29.tar.gz) = 28345
SIZE (cargo/redox_syscall-0.2.16.tar.gz) = 24012
SIZE (cargo/regex-1.9.6.tar.gz) = 254981
@@ -93,8 +93,8 @@ SIZE (cargo/regex-automata-0.3.9.tar.gz)
SIZE (cargo/regex-syntax-0.7.5.tar.gz) = 343366
SIZE (cargo/ryu-1.0.11.tar.gz) = 47007
SIZE (cargo/scopeguard-1.1.0.tar.gz) = 11470
-SIZE (cargo/serde-1.0.188.tar.gz) = 76230
-SIZE (cargo/serde_derive-1.0.188.tar.gz) = 55563
+SIZE (cargo/serde-1.0.189.tar.gz) = 76276
+SIZE (cargo/serde_derive-1.0.189.tar.gz) = 55708
SIZE (cargo/serde_json-1.0.107.tar.gz) = 146458
SIZE (cargo/smallvec-1.10.0.tar.gz) = 31564
SIZE (cargo/subtle-2.4.1.tar.gz) = 12630
@@ -111,4 +111,4 @@ SIZE (cargo/windows_i686_gnu-0.36.1.tar.
SIZE (cargo/windows_i686_msvc-0.36.1.tar.gz) = 724575
SIZE (cargo/windows_x86_64_gnu-0.36.1.tar.gz) = 790934
SIZE (cargo/windows_x86_64_msvc-0.36.1.tar.gz) = 661999
-SIZE (synapse-1.94.0.tar.gz) = 8397651
+SIZE (synapse-1.95.1.tar.gz) = 8404523
Index: modules.inc
===================================================================
RCS file: /cvs/ports/net/synapse/modules.inc,v
retrieving revision 1.16
diff -u -p -r1.16 modules.inc
--- modules.inc 11 Oct 2023 14:23:19 -0000 1.16
+++ modules.inc 1 Nov 2023 08:33:35 -0000
@@ -17,18 +17,18 @@ MODCARGO_CRATES += libc 0.2.135 # MIT OR
MODCARGO_CRATES += lock_api 0.4.9 # MIT OR Apache-2.0
MODCARGO_CRATES += log 0.4.20 # MIT OR Apache-2.0
MODCARGO_CRATES += memchr 2.6.3 # Unlicense OR MIT
-MODCARGO_CRATES += memoffset 0.6.5 # MIT
+MODCARGO_CRATES += memoffset 0.9.0 # MIT
MODCARGO_CRATES += once_cell 1.15.0 # MIT OR Apache-2.0
MODCARGO_CRATES += parking_lot 0.12.1 # MIT OR Apache-2.0
MODCARGO_CRATES += parking_lot_core 0.9.3 # MIT OR Apache-2.0
MODCARGO_CRATES += proc-macro2 1.0.64 # MIT OR Apache-2.0
-MODCARGO_CRATES += pyo3 0.17.3 # Apache-2.0
-MODCARGO_CRATES += pyo3-build-config 0.17.3 # Apache-2.0
-MODCARGO_CRATES += pyo3-ffi 0.17.3 # Apache-2.0
-MODCARGO_CRATES += pyo3-log 0.8.3 # Apache-2.0/MIT
-MODCARGO_CRATES += pyo3-macros 0.17.3 # Apache-2.0
-MODCARGO_CRATES += pyo3-macros-backend 0.17.3 # Apache-2.0
-MODCARGO_CRATES += pythonize 0.17.0 # MIT
+MODCARGO_CRATES += pyo3 0.19.2 # Apache-2.0
+MODCARGO_CRATES += pyo3-build-config 0.19.2 # Apache-2.0
+MODCARGO_CRATES += pyo3-ffi 0.19.2 # Apache-2.0
+MODCARGO_CRATES += pyo3-log 0.8.4 # Apache-2.0/MIT
+MODCARGO_CRATES += pyo3-macros 0.19.2 # Apache-2.0
+MODCARGO_CRATES += pyo3-macros-backend 0.19.2 # Apache-2.0
+MODCARGO_CRATES += pythonize 0.19.0 # MIT
MODCARGO_CRATES += quote 1.0.29 # MIT OR Apache-2.0
MODCARGO_CRATES += redox_syscall 0.2.16 # MIT
MODCARGO_CRATES += regex 1.9.6 # MIT OR Apache-2.0
@@ -36,8 +36,8 @@ MODCARGO_CRATES += regex-automata 0.3.9
MODCARGO_CRATES += regex-syntax 0.7.5 # MIT OR Apache-2.0
MODCARGO_CRATES += ryu 1.0.11 # Apache-2.0 OR BSL-1.0
MODCARGO_CRATES += scopeguard 1.1.0 # MIT/Apache-2.0
-MODCARGO_CRATES += serde 1.0.188 # MIT OR Apache-2.0
-MODCARGO_CRATES += serde_derive 1.0.188 # MIT OR Apache-2.0
+MODCARGO_CRATES += serde 1.0.189 # MIT OR Apache-2.0
+MODCARGO_CRATES += serde_derive 1.0.189 # MIT OR Apache-2.0
MODCARGO_CRATES += serde_json 1.0.107 # MIT OR Apache-2.0
MODCARGO_CRATES += smallvec 1.10.0 # MIT OR Apache-2.0
MODCARGO_CRATES += subtle 2.4.1 # BSD-3-Clause
Index: pkg/PLIST
===================================================================
RCS file: /cvs/ports/net/synapse/pkg/PLIST,v
retrieving revision 1.42
diff -u -p -r1.42 PLIST
--- pkg/PLIST 11 Oct 2023 14:23:19 -0000 1.42
+++ pkg/PLIST 1 Nov 2023 08:33:35 -0000
@@ -2044,6 +2044,7 @@ lib/python${MODPY_VERSION}/site-packages
lib/python${MODPY_VERSION}/site-packages/synapse/storage/schema/main/delta/80/04_read_write_locks_deadlock.sql.postgres
lib/python${MODPY_VERSION}/site-packages/synapse/storage/schema/main/delta/82/
lib/python${MODPY_VERSION}/site-packages/synapse/storage/schema/main/delta/82/02_scheduled_tasks_index.sql
+lib/python${MODPY_VERSION}/site-packages/synapse/storage/schema/main/delta/82/04_add_indices_for_purging_rooms.sql
lib/python${MODPY_VERSION}/site-packages/synapse/storage/schema/main/full_schemas/
lib/python${MODPY_VERSION}/site-packages/synapse/storage/schema/main/full_schemas/16/
lib/python${MODPY_VERSION}/site-packages/synapse/storage/schema/main/full_schemas/16/application_services.sql
Hello,

Here is a diff for net/synapse 1.95.1

The following issue is fixed in 1.95.1.

GHSA-mp92-3jfm-3575 / CVE-2023-43796 — Moderate Severity

Cached device information of remote users can be queried from
Synapse. This can be used to enumerate the remote users known to a
homeserver.


Best Regards

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)