Index: Makefile
===================================================================
RCS file: /cvs/ports/net/synapse/Makefile,v
diff -u -p -r1.115 Makefile
--- Makefile 30 Jan 2026 11:10:15 -0000 1.115
+++ Makefile 13 Feb 2026 13:28:51 -0000
@@ -1,6 +1,6 @@
COMMENT = open network for secure, decentralized communication
-MODPY_DISTV = 1.146.0
+MODPY_DISTV = 1.147.1
GH_ACCOUNT = element-hq
GH_PROJECT = synapse
@@ -55,8 +55,7 @@ RUN_DEPENDS = devel/py-jsonschema>=3.0.0
devel/py-matrix-common>=1.3.0,<2.0.0 \
sysutils/py-packaging \
www/py-python-multipart
-# still relying on pkg_resources, see comments in
-# https://github.com/matrix-org/synapse/pull/12542
+
RUN_DEPENDS += devel/py-setuptools
# optional section
RUN_DEPENDS += textproc/py-lxml
@@ -71,6 +70,10 @@ TEST_DEPENDS = ${FULLPKGNAME}:${BUILD_PK
devel/py-pyrsistent \
www/py-jwt
+# Cargo.lock is at workspace root, but MODCARGO_CARGOTOML points to rust/
+post-extract:
+ ln -sf ../Cargo.lock ${WRKSRC}/rust/Cargo.lock
+
# remove source synapse directory so tests use the installed package from fake
pre-test:
rm -rf ${WRKSRC}/synapse
@@ -79,6 +82,6 @@ do-test:
cd ${MODPY_TEST_DIR} && ${SETENV} ${ALL_TEST_ENV} ${MODPY_BIN} -m twisted.trial tests
# to generate rust modules.inc:
-# make modcargo-gen-crates and modcargo-gen-crates-licenses
+# make extract && make modcargo-gen-crates && make modcargo-gen-crates-licenses
.include "modules.inc"
.include <bsd.port.mk>
Index: distinfo
===================================================================
RCS file: /cvs/ports/net/synapse/distinfo,v
diff -u -p -r1.86 distinfo
--- distinfo 30 Jan 2026 09:44:57 -0000 1.86
+++ distinfo 13 Feb 2026 13:28:51 -0000
@@ -86,13 +86,13 @@ SHA256 (cargo/portable-atomic-1.11.1.tar
SHA256 (cargo/potential_utf-0.1.2.tar.gz) = 5afDCDcnnKE+fIZ+nkAFO8aHQPmIywf3ym30PMc0tYU=
SHA256 (cargo/ppv-lite86-0.2.21.tar.gz) = herjxO0vUNz+cmQ9pL78MN6ttFiptZDXIM3i8rHpfak=
SHA256 (cargo/proc-macro2-1.0.95.tar.gz) = ArPl5oo6GgKq0+xJCpgAfLwTw3y+hKPNe45AbXbn93g=
-SHA256 (cargo/pyo3-0.26.0.tar.gz) = e6ARf0ISEB7mVEBE2uRavhCD0wznspxLXL36I1Tgc4M=
-SHA256 (cargo/pyo3-build-config-0.26.0.tar.gz) = T8bdrySUfRKpqjGsZUMfsbhRuPQ2VCbhgpAeq/uH318=
-SHA256 (cargo/pyo3-ffi-0.26.0.tar.gz) = AlR005KHOO+zisNtR0SnSkAMkBx1lhmeIORdmOsZQQU=
+SHA256 (cargo/pyo3-0.27.2.tar.gz) = q1PAR/zRodKogg/oTwXWvmnpUmvkDLA7c/hrawPm2H0=
+SHA256 (cargo/pyo3-build-config-0.27.2.tar.gz) = tFWTMQfehkK0SH7SbZEsLYmd7GEUiEIUoLO7O+kmHqY=
+SHA256 (cargo/pyo3-ffi-0.27.2.tar.gz) = HIXJy/rd9lGxIhWUIJrtV+nlz/Y8TRHR/urVKbhyoIk=
SHA256 (cargo/pyo3-log-0.13.2.tar.gz) = L4uumtW6CLCw7Su5wr267MxpyvypbXjPD7zqDUXRIrs=
-SHA256 (cargo/pyo3-macros-0.26.0.tar.gz) = LmTrSJ8i/hyVkRt3xEzEHnwZ8wgvyBzOkPZXzcQv/e0=
-SHA256 (cargo/pyo3-macros-backend-0.26.0.tar.gz) = EAJGwOz0ALR1NBuEVakhM0RWmvKaPIQdKScOUxAuD88=
-SHA256 (cargo/pythonize-0.26.0.tar.gz) = EeBuTP+b4rvyvd8opIauYZFy6lfnl4f4VlcoeMYtz+I=
+SHA256 (cargo/pyo3-macros-0.27.2.tar.gz) = ClsQyb+YiBJdkX+00sotJcjflMerWlLhMxOgfgUKOwI=
+SHA256 (cargo/pyo3-macros-backend-0.27.2.tar.gz) = A7UXINMUg25TMn9YcdTAz7T7N8wsShHMcZB6hjQsQPk=
+SHA256 (cargo/pythonize-0.27.0.tar.gz) = o6jynbMx4owzLGNJbPy7girKPXMgvAi2Vdf9DCnFDt4=
SHA256 (cargo/quinn-0.11.8.tar.gz) = YmIUYpzaZ4G23B0xa6MHGJyFumVyE85kLZx3Zw+CAsg=
SHA256 (cargo/quinn-proto-0.11.12.tar.gz) = Sd+EOpFhyFu4quVfEBvAusi8r9Y3piDZEi/X4LL3Qi4=
SHA256 (cargo/quinn-udp-0.5.13.tar.gz) = /OuxIJ7idjUu8U/4cy4kzCsCu6yYbNdKTIG8svmIGXA=
@@ -119,7 +119,7 @@ SHA256 (cargo/security-framework-sys-2.1
SHA256 (cargo/serde-1.0.228.tar.gz) = mo6U6n83i9Msu9NxmKSpFDYYDFu0ckEeSLXsLiEkrp4=
SHA256 (cargo/serde_core-1.0.228.tar.gz) = QdOFx9TKWOWfxzKvJcOYO2eshSwaJQAK/hF13kWLZ60=
SHA256 (cargo/serde_derive-1.0.228.tar.gz) = 1UDyINMYcXPaIg+IWrZmCDZ7ZXTpJQEak1Pkut2pHXk=
-SHA256 (cargo/serde_json-1.0.145.tar.gz) = QCpvZtjHCRFs8i9VjqshD1pQGH9wLrTX5e842afxx5w=
+SHA256 (cargo/serde_json-1.0.149.tar.gz) = g/wDlHPFWVrOhg2MT6+iIP9HSz/Gv9tCkzJ/GjfpTYY=
SHA256 (cargo/serde_urlencoded-0.7.1.tar.gz) = 00kcFHFcoilMTWqI8V6Ec5eIwdAw7tjBEENqr9qi8/0=
SHA256 (cargo/sha1-0.10.6.tar.gz) = 47+Cmi1Rq0pd3xNS2EcMFAytyDAbKuF4nbAj8Bzt1ro=
SHA256 (cargo/sha2-0.10.9.tar.gz) = p1B9gZdp0Bo2WrcHeUpAhDksgk9Up6anhi+MPQiSsoM=
@@ -194,7 +194,8 @@ SHA256 (cargo/zeroize-1.8.1.tar.gz) = zt
SHA256 (cargo/zerotrie-0.2.2.tar.gz) = NvC71HhYP3ntrZeLQHkU9hspcvWvb6CJaGAWvo+a9ZU=
SHA256 (cargo/zerovec-0.11.2.tar.gz) = SgXrCA4BW6OcyeI7vl5/sE1fsEA1D5nzTjONX90pRCg=
SHA256 (cargo/zerovec-derive-0.11.1.tar.gz) = W5YjfvoMh4xkvYnENvZhvk5GsvPv8eu5dvfvIyHS9Y8=
-SHA256 (synapse-1.146.0.tar.gz) = d5Hw7kVlnuoZwFfLmgCpvB9R1xu4zDtM+hgLjNtOBDg=
+SHA256 (cargo/zmij-1.0.19.tar.gz) = P/BfjKqQOIlGN1ca5rnilGbB9Pgp0mybKPhpopy+NEU=
+SHA256 (synapse-1.147.1.tar.gz) = LwAG8W7Ic4jxoysUNS/qV8YhuWbs9xUYiIpVlpY+HoY=
SIZE (cargo/aho-corasick-1.1.3.tar.gz) = 183311
SIZE (cargo/anyhow-1.0.100.tar.gz) = 54059
SIZE (cargo/arc-swap-1.7.1.tar.gz) = 68512
@@ -283,13 +284,13 @@ SIZE (cargo/portable-atomic-1.11.1.tar.g
SIZE (cargo/potential_utf-0.1.2.tar.gz) = 9613
SIZE (cargo/ppv-lite86-0.2.21.tar.gz) = 22522
SIZE (cargo/proc-macro2-1.0.95.tar.gz) = 51820
-SIZE (cargo/pyo3-0.26.0.tar.gz) = 1151579
-SIZE (cargo/pyo3-build-config-0.26.0.tar.gz) = 34309
-SIZE (cargo/pyo3-ffi-0.26.0.tar.gz) = 78247
+SIZE (cargo/pyo3-0.27.2.tar.gz) = 1171342
+SIZE (cargo/pyo3-build-config-0.27.2.tar.gz) = 35564
+SIZE (cargo/pyo3-ffi-0.27.2.tar.gz) = 78552
SIZE (cargo/pyo3-log-0.13.2.tar.gz) = 17331
-SIZE (cargo/pyo3-macros-0.26.0.tar.gz) = 8906
-SIZE (cargo/pyo3-macros-backend-0.26.0.tar.gz) = 81809
-SIZE (cargo/pythonize-0.26.0.tar.gz) = 18628
+SIZE (cargo/pyo3-macros-0.27.2.tar.gz) = 8913
+SIZE (cargo/pyo3-macros-backend-0.27.2.tar.gz) = 82513
+SIZE (cargo/pythonize-0.27.0.tar.gz) = 18708
SIZE (cargo/quinn-0.11.8.tar.gz) = 79949
SIZE (cargo/quinn-proto-0.11.12.tar.gz) = 235821
SIZE (cargo/quinn-udp-0.5.13.tar.gz) = 32621
@@ -316,7 +317,7 @@ SIZE (cargo/security-framework-sys-2.14.
SIZE (cargo/serde-1.0.228.tar.gz) = 83652
SIZE (cargo/serde_core-1.0.228.tar.gz) = 63111
SIZE (cargo/serde_derive-1.0.228.tar.gz) = 59605
-SIZE (cargo/serde_json-1.0.145.tar.gz) = 155748
+SIZE (cargo/serde_json-1.0.149.tar.gz) = 155994
SIZE (cargo/serde_urlencoded-0.7.1.tar.gz) = 12822
SIZE (cargo/sha1-0.10.6.tar.gz) = 13517
SIZE (cargo/sha2-0.10.9.tar.gz) = 29271
@@ -391,4 +392,5 @@ SIZE (cargo/zeroize-1.8.1.tar.gz) = 2002
SIZE (cargo/zerotrie-0.2.2.tar.gz) = 74423
SIZE (cargo/zerovec-0.11.2.tar.gz) = 124500
SIZE (cargo/zerovec-derive-0.11.1.tar.gz) = 21294
-SIZE (synapse-1.146.0.tar.gz) = 9234403
+SIZE (cargo/zmij-1.0.19.tar.gz) = 23948
+SIZE (synapse-1.147.1.tar.gz) = 9237915
Index: modules.inc
===================================================================
RCS file: /cvs/ports/net/synapse/modules.inc,v
diff -u -p -r1.49 modules.inc
--- modules.inc 30 Jan 2026 09:44:57 -0000 1.49
+++ modules.inc 13 Feb 2026 13:28:51 -0000
@@ -86,13 +86,13 @@ MODCARGO_CRATES += portable-atomic 1.11.
MODCARGO_CRATES += potential_utf 0.1.2 # Unicode-3.0
MODCARGO_CRATES += ppv-lite86 0.2.21 # MIT OR Apache-2.0
MODCARGO_CRATES += proc-macro2 1.0.95 # MIT OR Apache-2.0
-MODCARGO_CRATES += pyo3 0.26.0 # MIT OR Apache-2.0
-MODCARGO_CRATES += pyo3-build-config 0.26.0 # MIT OR Apache-2.0
-MODCARGO_CRATES += pyo3-ffi 0.26.0 # MIT OR Apache-2.0
+MODCARGO_CRATES += pyo3 0.27.2 # MIT OR Apache-2.0
+MODCARGO_CRATES += pyo3-build-config 0.27.2 # MIT OR Apache-2.0
+MODCARGO_CRATES += pyo3-ffi 0.27.2 # MIT OR Apache-2.0
MODCARGO_CRATES += pyo3-log 0.13.2 # Apache-2.0 OR MIT
-MODCARGO_CRATES += pyo3-macros 0.26.0 # MIT OR Apache-2.0
-MODCARGO_CRATES += pyo3-macros-backend 0.26.0 # MIT OR Apache-2.0
-MODCARGO_CRATES += pythonize 0.26.0 # MIT
+MODCARGO_CRATES += pyo3-macros 0.27.2 # MIT OR Apache-2.0
+MODCARGO_CRATES += pyo3-macros-backend 0.27.2 # MIT OR Apache-2.0
+MODCARGO_CRATES += pythonize 0.27.0 # MIT
MODCARGO_CRATES += quinn 0.11.8 # MIT OR Apache-2.0
MODCARGO_CRATES += quinn-proto 0.11.12 # MIT OR Apache-2.0
MODCARGO_CRATES += quinn-udp 0.5.13 # MIT OR Apache-2.0
@@ -119,7 +119,7 @@ MODCARGO_CRATES += security-framework-sy
MODCARGO_CRATES += serde 1.0.228 # MIT OR Apache-2.0
MODCARGO_CRATES += serde_core 1.0.228 # MIT OR Apache-2.0
MODCARGO_CRATES += serde_derive 1.0.228 # MIT OR Apache-2.0
-MODCARGO_CRATES += serde_json 1.0.145 # MIT OR Apache-2.0
+MODCARGO_CRATES += serde_json 1.0.149 # MIT OR Apache-2.0
MODCARGO_CRATES += serde_urlencoded 0.7.1 # MIT/Apache-2.0
MODCARGO_CRATES += sha1 0.10.6 # MIT OR Apache-2.0
MODCARGO_CRATES += sha2 0.10.9 # MIT OR Apache-2.0
@@ -194,3 +194,4 @@ MODCARGO_CRATES += zeroize 1.8.1 # Apach
MODCARGO_CRATES += zerotrie 0.2.2 # Unicode-3.0
MODCARGO_CRATES += zerovec 0.11.2 # Unicode-3.0
MODCARGO_CRATES += zerovec-derive 0.11.1 # Unicode-3.0
+MODCARGO_CRATES += zmij 1.0.19 # MIT
Index: patches/patch-synapse_util_check_dependencies_py
===================================================================
RCS file: patches/patch-synapse_util_check_dependencies_py
diff -N patches/patch-synapse_util_check_dependencies_py
--- patches/patch-synapse_util_check_dependencies_py 30 Jan 2026 09:44:57 -0000 1.1
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,20 +0,0 @@
-Fix setuptools-rust name comparison.
-
-The requirement name from METADATA is "setuptools-rust" (with hyphen),
-but the code compared against "setuptools_rust" (with underscore),
-so the skip logic never triggered.
-
-https://github.com/element-hq/synapse/pull/19417
-
-Index: synapse/util/check_dependencies.py
---- synapse/util/check_dependencies.py.orig
-+++ synapse/util/check_dependencies.py
-@@ -96,7 +96,7 @@ def _should_ignore_runtime_requirement(req: Requiremen
- # In any case, workaround this by ignoring setuptools_rust here. (It might be
- # slightly cleaner to put `setuptools_rust` in a `build` extra or similar, but for
- # now let's do something quick and dirty.
-- if req.name == "setuptools_rust":
-+ if req.name == "setuptools-rust":
- return True
- return False
-
And if I include the patch, this mail becomes more useful
On 2/13/26 2:14 PM, Renaud Allard wrote:
> Hello,
>
> Here is an update for net/synapse 1.147.1
>
> It solves CVE-2026-24044
> But our port is not concerned by this vulnerability, so this is a normal
> update.
>
> make test as usual: skips=416, failures=3, successes=4092
> Tested on amd64
>
>
> Best Regards
>
No comments:
Post a Comment