[Bug 234828] update net-im/py-matrix-synapse to 0.34.1.1, fix CVE-2019-5885

Thu Jan 10 17:07:27 UTC 2019

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=234828

            Bug ID: 234828
           Summary: update net-im/py-matrix-synapse to 0.34.1.1, fix
                    CVE-2019-5885
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: Individual Port(s)
          Assignee: ports-bugs at FreeBSD.org
          Reporter: ports at skyforge.at

Created attachment 200991
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=200991&action=edit
patch to update net-im/py-matrix-synapse to 0.34.1.1

The synapse team just released 0.34.1.1, fixing CVE-2019-5885, see [1].

I've bumped the version, and some minor dependencies. I had to patch
python_dependencies.py to avoid a version check against the prometheus library,
as the version shipped w/ FreeBSD is more recent than the one officially
supported by synapse.

As a consequence, this update may break monitoring w/ prometheus as it renames
some metrics exported by synapse w/ the old version, see [2]. This seems
unavoidable however, as our synapse package is either broken or exports
different metric names, hence I chose the lesser evil. 

In any case, the new version seems to work fine. We should probably update this
asap and push it to the quarterly repos too.

Cheers,
Sascha

[1] https://github.com/matrix-org/synapse/releases/tag/v0.34.1.1
[2] https://github.com/matrix-org/synapse/issues/4221

-- 
You are receiving this mail because:
You are the assignee for the bug.