And if I include the patch, this mail becomes more useful
On 2/13/26 2:14 PM, Renaud Allard wrote:
Hello, Here is an update for net/synapse 1.147.1 It solves CVE-2026-24044But our port is not concerned by this vulnerability, so this is a normal update.make test as usual: skips=416, failures=3, successes=4092 Tested on amd64 Best Regards
Index: Makefile =================================================================== RCS file: /cvs/ports/net/synapse/Makefile,v diff -u -p -r1.115 Makefile --- Makefile 30 Jan 2026 11:10:15 -0000 1.115 +++ Makefile 13 Feb 2026 13:28:51 -0000 @@ -1,6 +1,6 @@ COMMENT = open network for secure, decentralized communication -MODPY_DISTV = 1.146.0 +MODPY_DISTV = 1.147.1 GH_ACCOUNT = element-hq GH_PROJECT = synapse @@ -55,8 +55,7 @@ RUN_DEPENDS = devel/py-jsonschema>=3.0.0 devel/py-matrix-common>=1.3.0,<2.0.0 \ sysutils/py-packaging \ www/py-python-multipart -# still relying on pkg_resources, see comments in -# https://github.com/matrix-org/synapse/pull/12542 + RUN_DEPENDS += devel/py-setuptools # optional section RUN_DEPENDS += textproc/py-lxml @@ -71,6 +70,10 @@ TEST_DEPENDS = ${FULLPKGNAME}:${BUILD_PK devel/py-pyrsistent \ www/py-jwt +# Cargo.lock is at workspace root, but MODCARGO_CARGOTOML points to rust/ +post-extract: + ln -sf ../Cargo.lock ${WRKSRC}/rust/Cargo.lock + # remove source synapse directory so tests use the installed package from fake pre-test: rm -rf ${WRKSRC}/synapse @@ -79,6 +82,6 @@ do-test: cd ${MODPY_TEST_DIR} && ${SETENV} ${ALL_TEST_ENV} ${MODPY_BIN} -m twisted.trial tests # to generate rust modules.inc: -# make modcargo-gen-crates and modcargo-gen-crates-licenses +# make extract && make modcargo-gen-crates && make modcargo-gen-crates-licenses .include "modules.inc" .include <bsd.port.mk> Index: distinfo =================================================================== RCS file: /cvs/ports/net/synapse/distinfo,v diff -u -p -r1.86 distinfo --- distinfo 30 Jan 2026 09:44:57 -0000 1.86 +++ distinfo 13 Feb 2026 13:28:51 -0000 @@ -86,13 +86,13 @@ SHA256 (cargo/portable-atomic-1.11.1.tar SHA256 (cargo/potential_utf-0.1.2.tar.gz) = 5afDCDcnnKE+fIZ+nkAFO8aHQPmIywf3ym30PMc0tYU= SHA256 (cargo/ppv-lite86-0.2.21.tar.gz) = herjxO0vUNz+cmQ9pL78MN6ttFiptZDXIM3i8rHpfak= SHA256 (cargo/proc-macro2-1.0.95.tar.gz) = ArPl5oo6GgKq0+xJCpgAfLwTw3y+hKPNe45AbXbn93g= -SHA256 (cargo/pyo3-0.26.0.tar.gz) = e6ARf0ISEB7mVEBE2uRavhCD0wznspxLXL36I1Tgc4M= -SHA256 (cargo/pyo3-build-config-0.26.0.tar.gz) = T8bdrySUfRKpqjGsZUMfsbhRuPQ2VCbhgpAeq/uH318= -SHA256 (cargo/pyo3-ffi-0.26.0.tar.gz) = AlR005KHOO+zisNtR0SnSkAMkBx1lhmeIORdmOsZQQU= +SHA256 (cargo/pyo3-0.27.2.tar.gz) = q1PAR/zRodKogg/oTwXWvmnpUmvkDLA7c/hrawPm2H0= +SHA256 (cargo/pyo3-build-config-0.27.2.tar.gz) = tFWTMQfehkK0SH7SbZEsLYmd7GEUiEIUoLO7O+kmHqY= +SHA256 (cargo/pyo3-ffi-0.27.2.tar.gz) = HIXJy/rd9lGxIhWUIJrtV+nlz/Y8TRHR/urVKbhyoIk= SHA256 (cargo/pyo3-log-0.13.2.tar.gz) = L4uumtW6CLCw7Su5wr267MxpyvypbXjPD7zqDUXRIrs= -SHA256 (cargo/pyo3-macros-0.26.0.tar.gz) = LmTrSJ8i/hyVkRt3xEzEHnwZ8wgvyBzOkPZXzcQv/e0= -SHA256 (cargo/pyo3-macros-backend-0.26.0.tar.gz) = EAJGwOz0ALR1NBuEVakhM0RWmvKaPIQdKScOUxAuD88= -SHA256 (cargo/pythonize-0.26.0.tar.gz) = EeBuTP+b4rvyvd8opIauYZFy6lfnl4f4VlcoeMYtz+I= +SHA256 (cargo/pyo3-macros-0.27.2.tar.gz) = ClsQyb+YiBJdkX+00sotJcjflMerWlLhMxOgfgUKOwI= +SHA256 (cargo/pyo3-macros-backend-0.27.2.tar.gz) = A7UXINMUg25TMn9YcdTAz7T7N8wsShHMcZB6hjQsQPk= +SHA256 (cargo/pythonize-0.27.0.tar.gz) = o6jynbMx4owzLGNJbPy7girKPXMgvAi2Vdf9DCnFDt4= SHA256 (cargo/quinn-0.11.8.tar.gz) = YmIUYpzaZ4G23B0xa6MHGJyFumVyE85kLZx3Zw+CAsg= SHA256 (cargo/quinn-proto-0.11.12.tar.gz) = Sd+EOpFhyFu4quVfEBvAusi8r9Y3piDZEi/X4LL3Qi4= SHA256 (cargo/quinn-udp-0.5.13.tar.gz) = /OuxIJ7idjUu8U/4cy4kzCsCu6yYbNdKTIG8svmIGXA= @@ -119,7 +119,7 @@ SHA256 (cargo/security-framework-sys-2.1 SHA256 (cargo/serde-1.0.228.tar.gz) = mo6U6n83i9Msu9NxmKSpFDYYDFu0ckEeSLXsLiEkrp4= SHA256 (cargo/serde_core-1.0.228.tar.gz) = QdOFx9TKWOWfxzKvJcOYO2eshSwaJQAK/hF13kWLZ60= SHA256 (cargo/serde_derive-1.0.228.tar.gz) = 1UDyINMYcXPaIg+IWrZmCDZ7ZXTpJQEak1Pkut2pHXk= -SHA256 (cargo/serde_json-1.0.145.tar.gz) = QCpvZtjHCRFs8i9VjqshD1pQGH9wLrTX5e842afxx5w= +SHA256 (cargo/serde_json-1.0.149.tar.gz) = g/wDlHPFWVrOhg2MT6+iIP9HSz/Gv9tCkzJ/GjfpTYY= SHA256 (cargo/serde_urlencoded-0.7.1.tar.gz) = 00kcFHFcoilMTWqI8V6Ec5eIwdAw7tjBEENqr9qi8/0= SHA256 (cargo/sha1-0.10.6.tar.gz) = 47+Cmi1Rq0pd3xNS2EcMFAytyDAbKuF4nbAj8Bzt1ro= SHA256 (cargo/sha2-0.10.9.tar.gz) = p1B9gZdp0Bo2WrcHeUpAhDksgk9Up6anhi+MPQiSsoM= @@ -194,7 +194,8 @@ SHA256 (cargo/zeroize-1.8.1.tar.gz) = zt SHA256 (cargo/zerotrie-0.2.2.tar.gz) = NvC71HhYP3ntrZeLQHkU9hspcvWvb6CJaGAWvo+a9ZU= SHA256 (cargo/zerovec-0.11.2.tar.gz) = SgXrCA4BW6OcyeI7vl5/sE1fsEA1D5nzTjONX90pRCg= SHA256 (cargo/zerovec-derive-0.11.1.tar.gz) = W5YjfvoMh4xkvYnENvZhvk5GsvPv8eu5dvfvIyHS9Y8= -SHA256 (synapse-1.146.0.tar.gz) = d5Hw7kVlnuoZwFfLmgCpvB9R1xu4zDtM+hgLjNtOBDg= +SHA256 (cargo/zmij-1.0.19.tar.gz) = P/BfjKqQOIlGN1ca5rnilGbB9Pgp0mybKPhpopy+NEU= +SHA256 (synapse-1.147.1.tar.gz) = LwAG8W7Ic4jxoysUNS/qV8YhuWbs9xUYiIpVlpY+HoY= SIZE (cargo/aho-corasick-1.1.3.tar.gz) = 183311 SIZE (cargo/anyhow-1.0.100.tar.gz) = 54059 SIZE (cargo/arc-swap-1.7.1.tar.gz) = 68512 @@ -283,13 +284,13 @@ SIZE (cargo/portable-atomic-1.11.1.tar.g SIZE (cargo/potential_utf-0.1.2.tar.gz) = 9613 SIZE (cargo/ppv-lite86-0.2.21.tar.gz) = 22522 SIZE (cargo/proc-macro2-1.0.95.tar.gz) = 51820 -SIZE (cargo/pyo3-0.26.0.tar.gz) = 1151579 -SIZE (cargo/pyo3-build-config-0.26.0.tar.gz) = 34309 -SIZE (cargo/pyo3-ffi-0.26.0.tar.gz) = 78247 +SIZE (cargo/pyo3-0.27.2.tar.gz) = 1171342 +SIZE (cargo/pyo3-build-config-0.27.2.tar.gz) = 35564 +SIZE (cargo/pyo3-ffi-0.27.2.tar.gz) = 78552 SIZE (cargo/pyo3-log-0.13.2.tar.gz) = 17331 -SIZE (cargo/pyo3-macros-0.26.0.tar.gz) = 8906 -SIZE (cargo/pyo3-macros-backend-0.26.0.tar.gz) = 81809 -SIZE (cargo/pythonize-0.26.0.tar.gz) = 18628 +SIZE (cargo/pyo3-macros-0.27.2.tar.gz) = 8913 +SIZE (cargo/pyo3-macros-backend-0.27.2.tar.gz) = 82513 +SIZE (cargo/pythonize-0.27.0.tar.gz) = 18708 SIZE (cargo/quinn-0.11.8.tar.gz) = 79949 SIZE (cargo/quinn-proto-0.11.12.tar.gz) = 235821 SIZE (cargo/quinn-udp-0.5.13.tar.gz) = 32621 @@ -316,7 +317,7 @@ SIZE (cargo/security-framework-sys-2.14. SIZE (cargo/serde-1.0.228.tar.gz) = 83652 SIZE (cargo/serde_core-1.0.228.tar.gz) = 63111 SIZE (cargo/serde_derive-1.0.228.tar.gz) = 59605 -SIZE (cargo/serde_json-1.0.145.tar.gz) = 155748 +SIZE (cargo/serde_json-1.0.149.tar.gz) = 155994 SIZE (cargo/serde_urlencoded-0.7.1.tar.gz) = 12822 SIZE (cargo/sha1-0.10.6.tar.gz) = 13517 SIZE (cargo/sha2-0.10.9.tar.gz) = 29271 @@ -391,4 +392,5 @@ SIZE (cargo/zeroize-1.8.1.tar.gz) = 2002 SIZE (cargo/zerotrie-0.2.2.tar.gz) = 74423 SIZE (cargo/zerovec-0.11.2.tar.gz) = 124500 SIZE (cargo/zerovec-derive-0.11.1.tar.gz) = 21294 -SIZE (synapse-1.146.0.tar.gz) = 9234403 +SIZE (cargo/zmij-1.0.19.tar.gz) = 23948 +SIZE (synapse-1.147.1.tar.gz) = 9237915 Index: modules.inc =================================================================== RCS file: /cvs/ports/net/synapse/modules.inc,v diff -u -p -r1.49 modules.inc --- modules.inc 30 Jan 2026 09:44:57 -0000 1.49 +++ modules.inc 13 Feb 2026 13:28:51 -0000 @@ -86,13 +86,13 @@ MODCARGO_CRATES += portable-atomic 1.11. MODCARGO_CRATES += potential_utf 0.1.2 # Unicode-3.0 MODCARGO_CRATES += ppv-lite86 0.2.21 # MIT OR Apache-2.0 MODCARGO_CRATES += proc-macro2 1.0.95 # MIT OR Apache-2.0 -MODCARGO_CRATES += pyo3 0.26.0 # MIT OR Apache-2.0 -MODCARGO_CRATES += pyo3-build-config 0.26.0 # MIT OR Apache-2.0 -MODCARGO_CRATES += pyo3-ffi 0.26.0 # MIT OR Apache-2.0 +MODCARGO_CRATES += pyo3 0.27.2 # MIT OR Apache-2.0 +MODCARGO_CRATES += pyo3-build-config 0.27.2 # MIT OR Apache-2.0 +MODCARGO_CRATES += pyo3-ffi 0.27.2 # MIT OR Apache-2.0 MODCARGO_CRATES += pyo3-log 0.13.2 # Apache-2.0 OR MIT -MODCARGO_CRATES += pyo3-macros 0.26.0 # MIT OR Apache-2.0 -MODCARGO_CRATES += pyo3-macros-backend 0.26.0 # MIT OR Apache-2.0 -MODCARGO_CRATES += pythonize 0.26.0 # MIT +MODCARGO_CRATES += pyo3-macros 0.27.2 # MIT OR Apache-2.0 +MODCARGO_CRATES += pyo3-macros-backend 0.27.2 # MIT OR Apache-2.0 +MODCARGO_CRATES += pythonize 0.27.0 # MIT MODCARGO_CRATES += quinn 0.11.8 # MIT OR Apache-2.0 MODCARGO_CRATES += quinn-proto 0.11.12 # MIT OR Apache-2.0 MODCARGO_CRATES += quinn-udp 0.5.13 # MIT OR Apache-2.0 @@ -119,7 +119,7 @@ MODCARGO_CRATES += security-framework-sy MODCARGO_CRATES += serde 1.0.228 # MIT OR Apache-2.0 MODCARGO_CRATES += serde_core 1.0.228 # MIT OR Apache-2.0 MODCARGO_CRATES += serde_derive 1.0.228 # MIT OR Apache-2.0 -MODCARGO_CRATES += serde_json 1.0.145 # MIT OR Apache-2.0 +MODCARGO_CRATES += serde_json 1.0.149 # MIT OR Apache-2.0 MODCARGO_CRATES += serde_urlencoded 0.7.1 # MIT/Apache-2.0 MODCARGO_CRATES += sha1 0.10.6 # MIT OR Apache-2.0 MODCARGO_CRATES += sha2 0.10.9 # MIT OR Apache-2.0 @@ -194,3 +194,4 @@ MODCARGO_CRATES += zeroize 1.8.1 # Apach MODCARGO_CRATES += zerotrie 0.2.2 # Unicode-3.0 MODCARGO_CRATES += zerovec 0.11.2 # Unicode-3.0 MODCARGO_CRATES += zerovec-derive 0.11.1 # Unicode-3.0 +MODCARGO_CRATES += zmij 1.0.19 # MIT Index: patches/patch-synapse_util_check_dependencies_py =================================================================== RCS file: patches/patch-synapse_util_check_dependencies_py diff -N patches/patch-synapse_util_check_dependencies_py --- patches/patch-synapse_util_check_dependencies_py 30 Jan 2026 09:44:57 -0000 1.1 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,20 +0,0 @@ -Fix setuptools-rust name comparison. - -The requirement name from METADATA is "setuptools-rust" (with hyphen), -but the code compared against "setuptools_rust" (with underscore), -so the skip logic never triggered. - -https://github.com/element-hq/synapse/pull/19417 - -Index: synapse/util/check_dependencies.py ---- synapse/util/check_dependencies.py.orig -+++ synapse/util/check_dependencies.py -@@ -96,7 +96,7 @@ def _should_ignore_runtime_requirement(req: Requiremen - # In any case, workaround this by ignoring setuptools_rust here. (It might be - # slightly cleaner to put `setuptools_rust` in a `build` extra or similar, but for - # now let's do something quick and dirty. -- if req.name == "setuptools_rust": -+ if req.name == "setuptools-rust": - return True - return False -
smime.p7s
Description: S/MIME Cryptographic Signature
