[update] net/synapse 1.152.1

Hello, Here is an update for net/synapse 1.152.1 Tested on amd64 and arm64 Security Fixes - Prevent CPU starvation (Denial of Service) under worker lock contention, additionally capping the WorkerLock time out interval to a maximum of 60 seconds. Contributed by Famedly. (#19394, ELEMENTSEC-2026-1706, GHSA-8q93-326v-3m7g, CVE pending) - Prevent pagination ending when a page is full of rejected events. (ELEMENTSEC-2025-1636, GHSA-6qf2-7x63-mm6v, CVE pending) Backport to 7.8 is tested and works make test as usual skips=423, failures=3, successes=4239 Best Regards Index: Makefile =================================================================== RCS file: /cvs/ports/net/synapse/Makefile,v diff -u -p -r1.119 Makefile --- Makefile 8 Apr 2026 06:14:28 -0000 1.119 +++ Makefile 8 May 2026 06:11:04 -0000 @@ -1,6 +1,6 @@ COMMENT = open network for secure, decentralized communication -MODPY_DISTV = 1.151.0 +MODPY_DISTV = 1.152.1 GH_ACCOUNT = element-hq GH_PROJECT = synapse Index: distinfo =================================================================== RCS file: /cvs/ports/net/synapse/distinfo,v diff -u -p -r1.90 distinfo --- distinfo 8 Apr 2026 06:14:28 -0000 1.90 +++ distinfo 8 May 2026 06:11:04 -0000 @@ -106,6 +106,7 @@ SHA256 (cargo/regex-syntax-0.8.5.tar.gz) SHA256 (cargo/reqwest-0.12.28.tar.gz) = 7d08pVkgMYCjB/EtEUwmir9YP1mwPLkG/Qs/+GRsEUc= SHA256 (cargo/ring-0.17.14.tar.gz) = pGiebCKU2B6I3GJhx2i2O8T824Ur5tE1JJixFPYTg7c= SHA256 (cargo/rustc-hash-2.1.1.tar.gz) = NXcD1BNltLJ8WQ4+2R6rsbZj8HxMCECV5gy+1DYt/w0= +SHA256 (cargo/rustc_version-0.4.1.tar.gz) = z8s6Iu9G6FtF3m7n550GMxnrtllPqvzxwiXqkqtum5I= SHA256 (cargo/rustls-0.23.31.tar.gz) = wOvL0vA94PwRIq2bsksSelps1R1yYEo/PFCsRZditsw= SHA256 (cargo/rustls-native-certs-0.8.1.tar.gz) = f8/y3VK1io2YpwJDZjoNI0xOK3kjVjeEnRWRM5SiR9M= SHA256 (cargo/rustls-pki-types-1.12.0.tar.gz) = IppKTCIQE+fh8aBDZ4xcw5/lFxQ3yI+0cVGiHm9bXHk= @@ -115,6 +116,7 @@ SHA256 (cargo/ryu-1.0.20.tar.gz) = KNOys SHA256 (cargo/schannel-0.1.27.tar.gz) = HynrqjRflFzsn7vFMuswfw/a2BYfKBtjaVOcjYSHaz0= SHA256 (cargo/security-framework-3.2.0.tar.gz) = JxcgQD9GygT3um9V1Dj4vYeNa4ygoQRugijEFFvLsxY= SHA256 (cargo/security-framework-sys-2.14.0.tar.gz) = SdsjHVahkEkctK7alSfxrUU0WvULCFFiKnrbjAOwHDI= +SHA256 (cargo/semver-1.0.27.tar.gz) = 12frCqvIgLKZVsNXNBcPJu1VGoWdvTYdFAzb7KYaseI= SHA256 (cargo/serde-1.0.228.tar.gz) = mo6U6n83i9Msu9NxmKSpFDYYDFu0ckEeSLXsLiEkrp4= SHA256 (cargo/serde_core-1.0.228.tar.gz) = QdOFx9TKWOWfxzKvJcOYO2eshSwaJQAK/hF13kWLZ60= SHA256 (cargo/serde_derive-1.0.228.tar.gz) = 1UDyINMYcXPaIg+IWrZmCDZ7ZXTpJQEak1Pkut2pHXk= @@ -194,7 +196,7 @@ SHA256 (cargo/zerotrie-0.2.2.tar.gz) = N SHA256 (cargo/zerovec-0.11.2.tar.gz) = SgXrCA4BW6OcyeI7vl5/sE1fsEA1D5nzTjONX90pRCg= SHA256 (cargo/zerovec-derive-0.11.1.tar.gz) = W5YjfvoMh4xkvYnENvZhvk5GsvPv8eu5dvfvIyHS9Y8= SHA256 (cargo/zmij-1.0.19.tar.gz) = P/BfjKqQOIlGN1ca5rnilGbB9Pgp0mybKPhpopy+NEU= -SHA256 (synapse-1.151.0.tar.gz) = r9iWYYeJVRGhzV/VrcR3yOvpAOj9XdXhAq/R9HpnNto= +SHA256 (synapse-1.152.1.tar.gz) = LE1oe9tZsVOYgsSgpT0q2lcDprv+VD2zxF38daf6/78= SIZE (cargo/aho-corasick-1.1.3.tar.gz) = 183311 SIZE (cargo/anyhow-1.0.102.tar.gz) = 48658 SIZE (cargo/arc-swap-1.7.1.tar.gz) = 68512 @@ -303,6 +305,7 @@ SIZE (cargo/regex-syntax-0.8.5.tar.gz) = SIZE (cargo/reqwest-0.12.28.tar.gz) = 157031 SIZE (cargo/ring-0.17.14.tar.gz) = 1502610 SIZE (cargo/rustc-hash-2.1.1.tar.gz) = 14154 +SIZE (cargo/rustc_version-0.4.1.tar.gz) = 12245 SIZE (cargo/rustls-0.23.31.tar.gz) = 371259 SIZE (cargo/rustls-native-certs-0.8.1.tar.gz) = 31129 SIZE (cargo/rustls-pki-types-1.12.0.tar.gz) = 64740 @@ -312,6 +315,7 @@ SIZE (cargo/ryu-1.0.20.tar.gz) = 48738 SIZE (cargo/schannel-0.1.27.tar.gz) = 42772 SIZE (cargo/security-framework-3.2.0.tar.gz) = 86095 SIZE (cargo/security-framework-sys-2.14.0.tar.gz) = 20537 +SIZE (cargo/semver-1.0.27.tar.gz) = 30081 SIZE (cargo/serde-1.0.228.tar.gz) = 83652 SIZE (cargo/serde_core-1.0.228.tar.gz) = 63111 SIZE (cargo/serde_derive-1.0.228.tar.gz) = 59605 @@ -391,4 +395,4 @@ SIZE (cargo/zerotrie-0.2.2.tar.gz) = 744 SIZE (cargo/zerovec-0.11.2.tar.gz) = 124500 SIZE (cargo/zerovec-derive-0.11.1.tar.gz) = 21294 SIZE (cargo/zmij-1.0.19.tar.gz) = 23948 -SIZE (synapse-1.151.0.tar.gz) = 9307465 +SIZE (synapse-1.152.1.tar.gz) = 9356251 Index: modules.inc =================================================================== RCS file: /cvs/ports/net/synapse/modules.inc,v diff -u -p -r1.53 modules.inc --- modules.inc 8 Apr 2026 06:14:28 -0000 1.53 +++ modules.inc 8 May 2026 06:11:04 -0000 @@ -106,6 +106,7 @@ MODCARGO_CRATES += regex-syntax 0.8.5 # MODCARGO_CRATES += reqwest 0.12.28 # MIT OR Apache-2.0 MODCARGO_CRATES += ring 0.17.14 # Apache-2.0 AND ISC MODCARGO_CRATES += rustc-hash 2.1.1 # Apache-2.0 OR MIT +MODCARGO_CRATES += rustc_version 0.4.1 # MIT OR Apache-2.0 MODCARGO_CRATES += rustls 0.23.31 # Apache-2.0 OR ISC OR MIT MODCARGO_CRATES += rustls-native-certs 0.8.1 # Apache-2.0 OR ISC OR MIT MODCARGO_CRATES += rustls-pki-types 1.12.0 # MIT OR Apache-2.0 @@ -115,6 +116,7 @@ MODCARGO_CRATES += ryu 1.0.20 # Apache-2 MODCARGO_CRATES += schannel 0.1.27 # MIT MODCARGO_CRATES += security-framework 3.2.0 # MIT OR Apache-2.0 MODCARGO_CRATES += security-framework-sys 2.14.0 # MIT OR Apache-2.0 +MODCARGO_CRATES += semver 1.0.27 # MIT OR Apache-2.0 MODCARGO_CRATES += serde 1.0.228 # MIT OR Apache-2.0 MODCARGO_CRATES += serde_core 1.0.228 # MIT OR Apache-2.0 MODCARGO_CRATES += serde_derive 1.0.228 # MIT OR Apache-2.0 Index: pkg/PLIST =================================================================== RCS file: /cvs/ports/net/synapse/pkg/PLIST,v diff -u -p -r1.76 PLIST --- pkg/PLIST 8 Apr 2026 06:14:28 -0000 1.76 +++ pkg/PLIST 8 May 2026 06:11:04 -0000 @@ -1007,6 +1007,8 @@ lib/python${MODPY_VERSION}/site-packages lib/python${MODPY_VERSION}/site-packages/synapse/rest/admin/${MODPY_PYCACHE}server_notice_servlet.${MODPY_PYC_MAGIC_TAG}pyc lib/python${MODPY_VERSION}/site-packages/synapse/rest/admin/${MODPY_PYCACHE}statistics.${MODPY_PYC_MAGIC_TAG}${MODPY_PYOEXTENSION} lib/python${MODPY_VERSION}/site-packages/synapse/rest/admin/${MODPY_PYCACHE}statistics.${MODPY_PYC_MAGIC_TAG}pyc +lib/python${MODPY_VERSION}/site-packages/synapse/rest/admin/${MODPY_PYCACHE}user_reports.${MODPY_PYC_MAGIC_TAG}${MODPY_PYOEXTENSION} +lib/python${MODPY_VERSION}/site-packages/synapse/rest/admin/${MODPY_PYCACHE}user_reports.${MODPY_PYC_MAGIC_TAG}pyc lib/python${MODPY_VERSION}/site-packages/synapse/rest/admin/${MODPY_PYCACHE}username_available.${MODPY_PYC_MAGIC_TAG}${MODPY_PYOEXTENSION} lib/python${MODPY_VERSION}/site-packages/synapse/rest/admin/${MODPY_PYCACHE}username_available.${MODPY_PYC_MAGIC_TAG}pyc lib/python${MODPY_VERSION}/site-packages/synapse/rest/admin/${MODPY_PYCACHE}users.${MODPY_PYC_MAGIC_TAG}${MODPY_PYOEXTENSION} @@ -1024,6 +1026,7 @@ lib/python${MODPY_VERSION}/site-packages lib/python${MODPY_VERSION}/site-packages/synapse/rest/admin/scheduled_tasks.py lib/python${MODPY_VERSION}/site-packages/synapse/rest/admin/server_notice_servlet.py lib/python${MODPY_VERSION}/site-packages/synapse/rest/admin/statistics.py +lib/python${MODPY_VERSION}/site-packages/synapse/rest/admin/user_reports.py lib/python${MODPY_VERSION}/site-packages/synapse/rest/admin/username_available.py lib/python${MODPY_VERSION}/site-packages/synapse/rest/admin/users.py lib/python${MODPY_VERSION}/site-packages/synapse/rest/client/ @@ -2228,6 +2231,11 @@ lib/python${MODPY_VERSION}/site-packages lib/python${MODPY_VERSION}/site-packages/synapse/storage/schema/main/delta/94/ lib/python${MODPY_VERSION}/site-packages/synapse/storage/schema/main/delta/94/01_redactions_recheck.sql lib/python${MODPY_VERSION}/site-packages/synapse/storage/schema/main/delta/94/02_redactions_recheck_bg_update.sql +lib/python${MODPY_VERSION}/site-packages/synapse/storage/schema/main/delta/94/03_device_lists_room_timestamp.sql +lib/python${MODPY_VERSION}/site-packages/synapse/storage/schema/main/delta/94/03_quarantined_media_tracking.sql +lib/python${MODPY_VERSION}/site-packages/synapse/storage/schema/main/delta/94/03_quarantined_media_tracking_seq.sql.postgres +lib/python${MODPY_VERSION}/site-packages/synapse/storage/schema/main/delta/94/03_state_dag_fwd_extrems.sql +lib/python${MODPY_VERSION}/site-packages/synapse/storage/schema/main/delta/94/04_device_lists_changes_max_pruned.sql lib/python${MODPY_VERSION}/site-packages/synapse/storage/schema/main/full_schemas/ lib/python${MODPY_VERSION}/site-packages/synapse/storage/schema/main/full_schemas/72/ lib/python${MODPY_VERSION}/site-packages/synapse/storage/schema/main/full_schemas/72/full.sql.postgres