[Bug 234828] update net-im/py-matrix-synapse to 0.34.1.1, fix CVE-2019-5885
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Thu Jan 10 17:07:27 UTC 2019
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=234828
Bug ID: 234828
Summary: update net-im/py-matrix-synapse to 0.34.1.1, fix
CVE-2019-5885
Product: Ports & Packages
Version: Latest
Hardware: Any
OS: Any
Status: New
Severity: Affects Some People
Priority: ---
Component: Individual Port(s)
Assignee: ports-bugs at FreeBSD.org
Reporter: ports at skyforge.at
Created attachment 200991
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=200991&action=edit
patch to update net-im/py-matrix-synapse to 0.34.1.1
The synapse team just released 0.34.1.1, fixing CVE-2019-5885, see [1].
I've bumped the version, and some minor dependencies. I had to patch
python_dependencies.py to avoid a version check against the prometheus library,
as the version shipped w/ FreeBSD is more recent than the one officially
supported by synapse.
As a consequence, this update may break monitoring w/ prometheus as it renames
some metrics exported by synapse w/ the old version, see [2]. This seems
unavoidable however, as our synapse package is either broken or exports
different metric names, hence I chose the lesser evil.
In any case, the new version seems to work fine. We should probably update this
asap and push it to the quarterly repos too.
Cheers,
Sascha
[1] https://github.com/matrix-org/synapse/releases/tag/v0.34.1.1
[2] https://github.com/matrix-org/synapse/issues/4221
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-ports-bugs
mailing list