Hi, Here is a diff for synapse to upgrade to version 1.12.0
Please note that Synapse may be vulnerable to request-smuggling attacks when it is used with a reverse-proxy. The vulnerabilties are fixed in Twisted 20.3.0, and are described in CVE-2020-10108 and CVE-2020-10109.
So we might need to upgrade py-twisted too Regards
Index: Makefile =================================================================== RCS file: /cvs/ports/net/synapse/Makefile,v retrieving revision 1.1.1.1 diff -u -p -r1.1.1.1 Makefile --- Makefile 8 Mar 2020 17:03:15 -0000 1.1.1.1 +++ Makefile 23 Mar 2020 14:00:07 -0000 @@ -2,7 +2,7 @@ COMMENT = open network for secure, decentralized communication -MODPY_EGG_VERSION = 1.11.0 +MODPY_EGG_VERSION = 1.12.0 GH_ACCOUNT = matrix-org GH_PROJECT = synapse Index: distinfo =================================================================== RCS file: /cvs/ports/net/synapse/distinfo,v retrieving revision 1.1.1.1 diff -u -p -r1.1.1.1 distinfo --- distinfo 8 Mar 2020 17:03:15 -0000 1.1.1.1 +++ distinfo 23 Mar 2020 14:00:07 -0000 @@ -1,2 +1,2 @@ -SHA256 (synapse-1.11.0.tar.gz) = SqyqZHy8OY7yqERic7n0SVSLZGrsYVucjmDan5iRZSM= -SIZE (synapse-1.11.0.tar.gz) = 6363628 +SHA256 (synapse-1.12.0.tar.gz) = d56nHxnK72kBX2AIdqYXMV+KdJ/guxQ93swZe/4y4NU= +SIZE (synapse-1.12.0.tar.gz) = 6381352 Index: pkg/PLIST =================================================================== RCS file: /cvs/ports/net/synapse/pkg/PLIST,v retrieving revision 1.2 diff -u -p -r1.2 PLIST --- pkg/PLIST 9 Mar 2020 08:17:59 -0000 1.2 +++ pkg/PLIST 23 Mar 2020 14:00:08 -0000 @@ -60,6 +60,7 @@ lib/python${MODPY_VERSION}/site-packages/synapse/app/${MODPY_PYCACHE}federation_reader.${MODPY_PYC_MAGIC_TAG}pyc lib/python${MODPY_VERSION}/site-packages/synapse/app/${MODPY_PYCACHE}federation_sender.${MODPY_PYC_MAGIC_TAG}pyc lib/python${MODPY_VERSION}/site-packages/synapse/app/${MODPY_PYCACHE}frontend_proxy.${MODPY_PYC_MAGIC_TAG}pyc +lib/python${MODPY_VERSION}/site-packages/synapse/app/${MODPY_PYCACHE}generic_worker.${MODPY_PYC_MAGIC_TAG}pyc lib/python${MODPY_VERSION}/site-packages/synapse/app/${MODPY_PYCACHE}homeserver.${MODPY_PYC_MAGIC_TAG}pyc lib/python${MODPY_VERSION}/site-packages/synapse/app/${MODPY_PYCACHE}media_repository.${MODPY_PYC_MAGIC_TAG}pyc lib/python${MODPY_VERSION}/site-packages/synapse/app/${MODPY_PYCACHE}pusher.${MODPY_PYC_MAGIC_TAG}pyc @@ -73,6 +74,7 @@ lib/python${MODPY_VERSION}/site-packages/synapse/app/federation_reader.py lib/python${MODPY_VERSION}/site-packages/synapse/app/federation_sender.py lib/python${MODPY_VERSION}/site-packages/synapse/app/frontend_proxy.py +lib/python${MODPY_VERSION}/site-packages/synapse/app/generic_worker.py lib/python${MODPY_VERSION}/site-packages/synapse/app/homeserver.py lib/python${MODPY_VERSION}/site-packages/synapse/app/media_repository.py lib/python${MODPY_VERSION}/site-packages/synapse/app/pusher.py @@ -529,6 +531,7 @@ lib/python${MODPY_VERSION}/site-packages/synapse/res/templates/registration_success.html lib/python${MODPY_VERSION}/site-packages/synapse/res/templates/room.html lib/python${MODPY_VERSION}/site-packages/synapse/res/templates/room.txt +lib/python${MODPY_VERSION}/site-packages/synapse/res/templates/saml_error.html lib/python${MODPY_VERSION}/site-packages/synapse/res/templates/sso_redirect_confirm.html lib/python${MODPY_VERSION}/site-packages/synapse/rest/ lib/python${MODPY_VERSION}/site-packages/synapse/rest/__init__.py @@ -760,6 +763,7 @@ lib/python${MODPY_VERSION}/site-packages/synapse/storage/${MODPY_PYCACHE}relations.${MODPY_PYC_MAGIC_TAG}pyc lib/python${MODPY_VERSION}/site-packages/synapse/storage/${MODPY_PYCACHE}roommember.${MODPY_PYC_MAGIC_TAG}pyc lib/python${MODPY_VERSION}/site-packages/synapse/storage/${MODPY_PYCACHE}state.${MODPY_PYC_MAGIC_TAG}pyc +lib/python${MODPY_VERSION}/site-packages/synapse/storage/${MODPY_PYCACHE}types.${MODPY_PYC_MAGIC_TAG}pyc lib/python${MODPY_VERSION}/site-packages/synapse/storage/_base.py lib/python${MODPY_VERSION}/site-packages/synapse/storage/background_updates.py lib/python${MODPY_VERSION}/site-packages/synapse/storage/data_stores/ @@ -1100,6 +1104,8 @@ lib/python${MODPY_VERSION}/site-packages/synapse/storage/data_stores/main/schema/delta/57/rooms_version_column.sql lib/python${MODPY_VERSION}/site-packages/synapse/storage/data_stores/main/schema/delta/57/rooms_version_column_2.sql.postgres lib/python${MODPY_VERSION}/site-packages/synapse/storage/data_stores/main/schema/delta/57/rooms_version_column_2.sql.sqlite +lib/python${MODPY_VERSION}/site-packages/synapse/storage/data_stores/main/schema/delta/57/rooms_version_column_3.sql.postgres +lib/python${MODPY_VERSION}/site-packages/synapse/storage/data_stores/main/schema/delta/57/rooms_version_column_3.sql.sqlite lib/python${MODPY_VERSION}/site-packages/synapse/storage/data_stores/main/schema/full_schemas/ lib/python${MODPY_VERSION}/site-packages/synapse/storage/data_stores/main/schema/full_schemas/16/ lib/python${MODPY_VERSION}/site-packages/synapse/storage/data_stores/main/schema/full_schemas/16/application_services.sql @@ -1191,6 +1197,7 @@ lib/python${MODPY_VERSION}/site-packages/synapse/storage/schema/full_schemas/54/full.sql lib/python${MODPY_VERSION}/site-packages/synapse/storage/schema/schema_version.sql lib/python${MODPY_VERSION}/site-packages/synapse/storage/state.py +lib/python${MODPY_VERSION}/site-packages/synapse/storage/types.py lib/python${MODPY_VERSION}/site-packages/synapse/storage/util/ lib/python${MODPY_VERSION}/site-packages/synapse/storage/util/__init__.py ${MODPY_COMMENT}lib/python${MODPY_VERSION}/site-packages/synapse/storage/util/${MODPY_PYCACHE}/
smime.p7s
Description: S/MIME Cryptographic Signature