kpriv/pkgsrc
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
pkgsrc/chat
History
gdt 5c3e3145f9 chat/matrix-synapse: Update to 1.60.1 
Synapse 1.61.1 (2022-06-28)
===========================

This patch release fixes a security issue regarding URL previews,
affecting all prior versions of Synapse. Server administrators are
encouraged to update Synapse as soon as possible. We are not aware of
these vulnerabilities being exploited in the wild.

Server administrators who are unable to update Synapse may use the
workarounds described in the linked GitHub Security Advisory below.

## Security advisory

The following issue is fixed in 1.61.1.

* [GHSA-22p3-qrh9-cx32](https://github.com/matrix-org/synapse/security/advisories/GHSA-22p3-qrh9-cx32)
  / [CVE-2022-31052](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31052)

  Synapse instances with the
  [`url_preview_enabled`](https://matrix-org.github.io/synapse/v1.61/usage/configuration/config_documentation.html#media-store)
  homeserver config option set to `true` are affected. URL previews of
  some web pages can lead to unbounded recursion, causing the request
  to either fail, or in some cases crash the running Synapse process.

  Requesting URL previews requires authentication. Nevertheless, it is
  possible to exploit this maliciously, either by malicious users on
  the homeserver, or by remote users sending URLs that a local user's
  client may automatically request a URL preview for.

  Homeservers with the `url_preview_enabled` configuration option set
  to `false` (the default) are unaffected. Instances with the
  `enable_media_repo` configuration option set to `false` are also
  unaffected, as this also disables URL preview functionality.

  Fixed by [fa1308061802ac7b7d20e954ba7372c5ac292333](fa13080618).
2022-07-01 14:22:34 +00:00
..
anope revbump for textproc/icu update 2022-04-18 19:09:40 +00:00
atheme atheme: update to 7.2.12 2022-03-04 07:59:38 +00:00
bitchbot *: recursive bump for perl 5.36 2022-06-28 11:30:51 +00:00
bitchx chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
bitlbee revbump for icu and libffi 2021-12-08 16:01:42 +00:00
bitlbee-discord revbump for icu and libffi 2021-12-08 16:01:42 +00:00
bitlbee-facebook revbump for icu and libffi 2021-12-08 16:01:42 +00:00
bitlbee-mastodon revbump for icu and libffi 2021-12-08 16:01:42 +00:00
bitlbee-steam revbump for icu and libffi 2021-12-08 16:01:42 +00:00
bnc chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
carbons-purple revbump for textproc/icu update 2022-04-18 19:09:40 +00:00
catgirl add chat/catgirl 2022-03-04 10:09:14 +00:00
centerim *: Revbump packages that use Python at runtime without a PKGNAME prefix 2022-06-30 11:18:01 +00:00
centerim5 *: Revbump packages that use Python at runtime without a PKGNAME prefix 2022-06-30 11:18:01 +00:00
cgiirc *: recursive bump for perl 5.36 2022-06-28 11:30:51 +00:00
coyim Revbump all Go packages after go118 update 2022-06-02 18:51:56 +00:00
ctrlproxy revbump for icu and libffi 2021-12-08 16:01:42 +00:00
dccserver *: recursive bump for perl 5.36 2022-06-28 11:30:51 +00:00
dino revbump for textproc/icu update 2022-04-18 19:09:40 +00:00
eggdrop eggdrop: update to 1.9.2 2022-03-07 07:28:45 +00:00
ejabberd chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
ekg revbump for devel/protobuf 2022-04-03 18:50:16 +00:00
element-web chat/element-web: Update to 1.10.15 2022-06-28 13:01:48 +00:00
emacs-jabber Bump all elisp packages for the CONFLICTS change. 2022-05-14 22:25:32 +00:00
emech chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
epic4 *: recursive bump for perl 5.36 2022-06-28 11:30:51 +00:00
epic4-doc chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
farstream revbump for textproc/icu update 2022-04-18 19:09:40 +00:00
finch *: recursive bump for perl 5.36 2022-06-28 11:30:51 +00:00
fisg chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
gajim *: Revbump packages that use Python at runtime without a PKGNAME prefix 2022-06-30 11:18:01 +00:00
gajim-plugin-omemo *: Revbump packages that use Python at runtime without a PKGNAME prefix 2022-06-30 11:18:01 +00:00
gloox revbump for icu and libffi 2021-12-08 16:01:42 +00:00
gomuks Revbump all Go packages after go118 update 2022-06-02 18:51:56 +00:00
goofey chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
hexchat *: recursive bump for perl 5.36 2022-06-28 11:30:51 +00:00
i2cb chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
i2cbd chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
icb chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
icbirc chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
ii chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
ircd-hybrid revbump for icu and libffi 2021-12-08 16:01:42 +00:00
irchat-pj Bump all elisp packages for the CONFLICTS change. 2022-05-14 22:25:32 +00:00
ircII chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
ircu chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
iroffer chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
irssi *: recursive bump for perl 5.36 2022-06-28 11:30:51 +00:00
irssi-icb revbump for icu and libffi 2021-12-08 16:01:42 +00:00
irssi-xmpp revbump for icu and libffi 2021-12-08 16:01:42 +00:00
jabberd2 *: recursive bump for perl 5.36 2022-06-28 11:30:51 +00:00
kgb-bot *: recursive bump for perl 5.36 2022-06-28 11:30:51 +00:00
konversation *: Revbump packages that use Python at runtime without a PKGNAME prefix 2022-06-30 11:18:01 +00:00
ktp-accounts-kcm revbump for textproc/icu update 2022-04-18 19:09:40 +00:00
ktp-approver revbump for textproc/icu update 2022-04-18 19:09:40 +00:00
ktp-auth-handler revbump for textproc/icu update 2022-04-18 19:09:40 +00:00
ktp-common-internals *: recursive bump for perl 5.36 2022-06-28 11:30:51 +00:00
ktp-contact-list revbump for textproc/icu update 2022-04-18 19:09:40 +00:00
ktp-contact-runner revbump for textproc/icu update 2022-04-18 19:09:40 +00:00
ktp-desktop-applets revbump for textproc/icu update 2022-04-18 19:09:40 +00:00
ktp-filetransfer-handler revbump for textproc/icu update 2022-04-18 19:09:40 +00:00
ktp-kded-integration-module revbump for textproc/icu update 2022-04-18 19:09:40 +00:00
ktp-send-file revbump for textproc/icu update 2022-04-18 19:09:40 +00:00
ktp-text-ui revbump for textproc/icu update 2022-04-18 19:09:40 +00:00
libfolks revbump for textproc/icu update 2022-04-18 19:09:40 +00:00
libgadu *: recursive bump for perl 5.36 2022-06-28 11:30:51 +00:00
libmesode libmesode: remove patch that is not (active) in distinfo 2022-03-10 06:56:41 +00:00
libmsn chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
libotr chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
libpurple *: recursive bump for perl 5.36 2022-06-28 11:30:51 +00:00
libsignal-protocol-c chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
libstrophe libstrophe: add PLIST (fix build) 2022-05-22 21:06:40 +00:00
libtelepathy *: Revbump packages that use Python at runtime without a PKGNAME prefix 2022-06-30 11:18:01 +00:00
libtlen chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
loudmouth revbump for icu and libffi 2021-12-08 16:01:42 +00:00
lurch-purple revbump for textproc/icu update 2022-04-18 19:09:40 +00:00
matrix-synapse chat/matrix-synapse: Update to 1.60.1 2022-07-01 14:22:34 +00:00
matterircd Revbump all Go packages after go118 update 2022-06-02 18:51:56 +00:00
mautrix-telegram *: Revbump packages that use Python at runtime without a PKGNAME prefix 2022-06-30 11:18:01 +00:00
mcabber revbump for icu and libffi 2021-12-08 16:01:42 +00:00
meanwhile revbump for icu and libffi 2021-12-08 16:01:42 +00:00
miniircd *: Revbump packages that use Python at runtime without a PKGNAME prefix 2022-06-30 11:18:01 +00:00
mumble revbump for textproc/icu update 2022-04-18 19:09:40 +00:00
ninja chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
p5-IRC-Utils *: recursive bump for perl 5.36 2022-06-28 11:30:51 +00:00
p5-Net-Goofey *: recursive bump for perl 5.36 2022-06-28 11:30:51 +00:00
p5-Net-Jabber *: recursive bump for perl 5.36 2022-06-28 11:30:51 +00:00
p5-POE-Component-IRC *: recursive bump for perl 5.36 2022-06-28 11:30:51 +00:00
p5-POE-Filter-IRCD *: recursive bump for perl 5.36 2022-06-28 11:30:51 +00:00
phone chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
pidgin revbump for textproc/icu update 2022-04-18 19:09:40 +00:00
pidgin-facebookchat revbump for textproc/icu update 2022-04-18 19:09:40 +00:00
pidgin-icb revbump for textproc/icu update 2022-04-18 19:09:40 +00:00
pidgin-latex revbump for textproc/icu update 2022-04-18 19:09:40 +00:00
pidgin-libnotify *: recursive bump for perl 5.36 2022-06-28 11:30:51 +00:00
pidgin-otr *: recursive bump for perl 5.36 2022-06-28 11:30:51 +00:00
pidgin-sametime *: recursive bump for perl 5.36 2022-06-28 11:30:51 +00:00
pidgin-silc *: recursive bump for perl 5.36 2022-06-28 11:30:51 +00:00
pircbot chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
profanity *: Revbump packages that use Python at runtime without a PKGNAME prefix 2022-06-30 11:18:01 +00:00
prosody prosody: update to 0.12.0 2022-05-08 21:24:12 +00:00
psi revbump for textproc/icu update 2022-04-18 19:09:40 +00:00
psybnc chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
py-axolotl *: bump PKGREVISION for egg.mk users 2022-01-04 20:52:30 +00:00
py-axolotl-curve25519 *: bump PKGREVISION for egg.mk users 2022-01-04 20:52:30 +00:00
py-hangups python: egg.mk: add USE_PKG_RESOURCES flag 2022-01-05 15:40:56 +00:00
py-mastodon *: bump PKGREVISION for egg.mk users 2022-01-04 20:52:30 +00:00
py-matrix-common Update chat/py-matrix-common to 1.1.0 2022-02-25 16:36:35 +00:00
py-matrix-nio py-matrix-nio: fix dependency pattern 2022-01-25 18:30:25 +00:00
py-mautrix chat/py-mautrix: Fix PKGNAME 2022-04-23 13:43:29 +00:00
py-nbxmpp py-nbxmpp: update to 2.04, gajim: update to 1.3.3 2022-03-04 09:34:29 +00:00
py-telethon Update chat/py-telethon to 1.24.0 2022-01-15 20:01:37 +00:00
py-tulir-telethon Update chat/py-tulir-telethon to 1.25.0a7 2022-04-23 12:45:09 +00:00
py-xmpppy chat/py-xmpppy: Update to 0.7.1 2022-04-10 18:49:25 +00:00
quassel *: recursive bump for perl 5.36 2022-06-28 11:30:51 +00:00
quirc chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
riece Bump all elisp packages for the CONFLICTS change. 2022-05-14 22:25:32 +00:00
roxirc chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
ruby-net-irc chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
scrollz revbump for icu and libffi 2021-12-08 16:01:42 +00:00
silc-client *: recursive bump for perl 5.36 2022-06-28 11:30:51 +00:00
silc-client-icb chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
silc-server chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
sirc *: recursive bump for perl 5.36 2022-06-28 11:30:51 +00:00
skypeweb-purple revbump for textproc/icu update 2022-04-18 19:09:40 +00:00
spectrum *: Revbump packages that use Python at runtime without a PKGNAME prefix 2022-06-30 11:18:01 +00:00
srain revbump for textproc/icu update 2022-04-18 19:09:40 +00:00
swift *: Revbump packages that use Python at runtime without a PKGNAME prefix 2022-06-30 11:18:01 +00:00
swirc *: drop maintainership for packages not related to toolchains and ELF. 2022-06-27 15:29:13 +00:00
telegram-purple revbump for textproc/icu update 2022-04-18 19:09:40 +00:00
telepathy-farstream revbump for icu and libffi 2021-12-08 16:01:42 +00:00
telepathy-gabble *: Revbump packages that use Python at runtime without a PKGNAME prefix 2022-06-30 11:18:01 +00:00
telepathy-glib revbump for textproc/icu update 2022-04-18 19:09:40 +00:00
telepathy-haze *: Revbump packages that use Python at runtime without a PKGNAME prefix 2022-06-30 11:18:01 +00:00
telepathy-idle *: Revbump packages that use Python at runtime without a PKGNAME prefix 2022-06-30 11:18:01 +00:00
telepathy-logger revbump for textproc/icu update 2022-04-18 19:09:40 +00:00
telepathy-mission-control5 *: Revbump packages that use Python at runtime without a PKGNAME prefix 2022-06-30 11:18:01 +00:00
telepathy-qt revbump for icu and libffi 2021-12-08 16:01:42 +00:00
telepathy-qt5 revbump for textproc/icu update 2022-04-18 19:09:40 +00:00
tik chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
tirc chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
tkabber chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
tkirc chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
tkirc2 chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
tootstream *: Revbump packages that use Python at runtime without a PKGNAME prefix 2022-06-30 11:18:01 +00:00
toxcore chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
unrealircd unrealircd: update to 5.2.4 2022-03-04 08:50:46 +00:00
unrealircd6 unrealircd6: update to 6.0.3 2022-04-24 13:46:58 +00:00
weechat *: recursive bump for perl 5.36 2022-06-28 11:30:51 +00:00
xaric chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
ysm chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
zenicb Bump all elisp packages for the CONFLICTS change. 2022-05-14 22:25:32 +00:00
zenirc Bump all elisp packages for the CONFLICTS change. 2022-05-14 22:25:32 +00:00
zircon chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
znc *: recursive bump for perl 5.36 2022-06-28 11:30:51 +00:00
Makefile chat: add libstrophe 2022-05-15 19:12:11 +00:00