[update] net/synapse 1.92.3

[Renaud Allard]

Hello,

Here is a diff to update net/synapse to 1.92.3

This is a security update targeted at mitigating CVE-2023-4863.

libwebp package at the OS level.

Best Regards
Index: Makefile
===================================================================
RCS file: /cvs/ports/net/synapse/Makefile,v
retrieving revision 1.61
diff -u -p -r1.61 Makefile
--- Makefile	12 Sep 2023 13:27:09 -0000	1.61
+++ Makefile	19 Sep 2023 06:31:34 -0000
@@ -1,6 +1,6 @@
 COMMENT =	open network for secure, decentralized communication
 
-MODPY_EGG_VERSION =	1.92.1
+MODPY_EGG_VERSION =	1.92.3
 
 GH_ACCOUNT =	matrix-org
 GH_PROJECT =	synapse
@@ -43,7 +43,7 @@ RUN_DEPENDS =	devel/py-jsonschema${MODPY
 		devel/py-asn1${MODPY_FLAVOR} \
 		devel/py-asn1-modules${MODPY_FLAVOR} \
 		security/py-bcrypt${MODPY_FLAVOR} \
-		graphics/py-Pillow${MODPY_FLAVOR} \
+		graphics/py-Pillow${MODPY_FLAVOR}>=10.0.1 \
 		devel/py-sortedcontainers${MODPY_FLAVOR} \
 		devel/py-pydantic${MODPY_FLAVOR} \
 		www/py-macaroons${MODPY_FLAVOR} \
Index: distinfo
===================================================================
RCS file: /cvs/ports/net/synapse/distinfo,v
retrieving revision 1.45
diff -u -p -r1.45 distinfo
--- distinfo	12 Sep 2023 13:27:09 -0000	1.45
+++ distinfo	19 Sep 2023 06:31:34 -0000
@@ -54,7 +54,7 @@ SHA256 (cargo/windows_i686_gnu-0.36.1.ta
 SHA256 (cargo/windows_i686_msvc-0.36.1.tar.gz) = 4ueRcUiygS0e6vrrIql+SBPfpgo/j3jr4gS8yI8S8CQ=
 SHA256 (cargo/windows_x86_64_gnu-0.36.1.tar.gz) = Tc0XG4d2xBuXUh5doSei2GrSgBFIB9Cyqx5GK8dk2eE=
 SHA256 (cargo/windows_x86_64_msvc-0.36.1.tar.gz) = yBHKSoyFPvQgq9hZK6U927rJBBD6tpA7PnmXKmMfdoA=
-SHA256 (synapse-1.92.1.tar.gz) = dSAtlEj3E+8Gg15S/clXJMIpLlSoqkp9DOFwVSvIlYs=
+SHA256 (synapse-1.92.3.tar.gz) = DnkHiJT43vjaToKwu9My7o2AT9+MhFRZyvsSo2wXn6Y=
 SIZE (cargo/aho-corasick-1.0.2.tar.gz) = 167694
 SIZE (cargo/anyhow-1.0.75.tar.gz) = 43901
 SIZE (cargo/arc-swap-1.5.1.tar.gz) = 66157
@@ -111,4 +111,4 @@ SIZE (cargo/windows_i686_gnu-0.36.1.tar.
 SIZE (cargo/windows_i686_msvc-0.36.1.tar.gz) = 724575
 SIZE (cargo/windows_x86_64_gnu-0.36.1.tar.gz) = 790934
 SIZE (cargo/windows_x86_64_msvc-0.36.1.tar.gz) = 661999
-SIZE (synapse-1.92.1.tar.gz) = 8371162
+SIZE (synapse-1.92.3.tar.gz) = 8371910

It turns out that libwebp is bundled statically in Pillow wheels so we need to update this dependency instead of

smime.p7s
Description: S/MIME Cryptographic Signature