kpriv/pkgsrc
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
pkgsrc/chat
History
gdt 223e48bcec chat/matrix-synapse: Update to 1.47.1 (security) 
Synapse 1.47.1 (2021-11-23)
===========================

This release fixes a security issue in the media store, affecting all prior releases of Synapse. Server administrators are encouraged to update Synapse as soon as possible. We are not aware of these vulnerabilities being exploited in the wild.

Server administrators who are unable to update Synapse may use the workarounds described in the linked GitHub Security Advisory below.

Security advisory
-----------------

The following issue is fixed in 1.47.1.

- **[GHSA-3hfw-x7gx-437c](https://github.com/matrix-org/synapse/security/advisories/GHSA-3hfw-x7gx-437c) / [CVE-2021-41281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41281): Path traversal when downloading remote media.**

  Synapse instances with the media repository enabled can be tricked into downloading a file from a remote server into an arbitrary directory, potentially outside the media store directory.

  The last two directories and file name of the path are chosen randomly by Synapse and cannot be controlled by an attacker, which limits the impact.

  Homeservers with the media repository disabled are unaffected. Homeservers configured with a federation whitelist are also unaffected.

  Fixed by [91f2bd090](https://github.com/matrix-org/synapse/commit/91f2bd090).
2021-11-23 12:47:51 +00:00
..
anope chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
atheme chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
bitchbot chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
bitchx chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
bitlbee chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
bitlbee-discord chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
bitlbee-facebook chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
bitlbee-mastodon chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
bitlbee-steam chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
bnc chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
carbons-purple *: recursive bump for gstreamer 1.18.5 2021-11-15 22:53:55 +00:00
centerim chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
centerim5 *: recursive bump for gstreamer 1.18.5 2021-11-15 22:53:55 +00:00
cgiirc chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
coyim Revbump all Go packages after go117 update 2021-11-05 20:02:39 +00:00
ctrlproxy chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
dccserver chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
dino dino: update to 0.2.2 2021-11-03 21:52:13 +00:00
eggdrop chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
ejabberd chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
ekg *: Revbump for protobuf-3.19.0 2021-11-11 12:02:46 +00:00
element-web Update chat/element-web to 1.9.3 2021-10-29 08:35:56 +00:00
emacs-jabber chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
emech chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
epic4 chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
epic4-doc chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
farstream *: recursive bump for gstreamer 1.18.5 2021-11-15 22:53:55 +00:00
finch *: recursive bump for gstreamer 1.18.5 2021-11-15 22:53:55 +00:00
fisg chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
gajim chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
gajim-plugin-omemo chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
gloox chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
gomuks Revbump all Go packages after go117 update 2021-11-05 20:02:39 +00:00
goofey chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
hexchat chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
i2cb chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
i2cbd chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
icb chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
icbirc chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
ii chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
ircd-hybrid chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
irchat-pj chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
ircII chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
ircu chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
iroffer chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
irssi chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
irssi-icb chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
irssi-xmpp chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
jabberd2 chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
kgb-bot chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
konversation chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
ktp-accounts-kcm chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
ktp-approver chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
ktp-auth-handler chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
ktp-common-internals chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
ktp-contact-list chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
ktp-contact-runner chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
ktp-desktop-applets chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
ktp-filetransfer-handler chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
ktp-kded-integration-module chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
ktp-send-file chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
ktp-text-ui chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
libfolks chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
libgadu *: Revbump for protobuf-3.19.0 2021-11-11 12:02:46 +00:00
libmesode chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
libmsn chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
libotr chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
libpurple *: recursive bump for gstreamer 1.18.5 2021-11-15 22:53:55 +00:00
libsignal-protocol-c chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
libtelepathy chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
libtlen chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
loudmouth chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
lurch-purple *: recursive bump for gstreamer 1.18.5 2021-11-15 22:53:55 +00:00
matrix-synapse chat/matrix-synapse: Update to 1.47.1 (security) 2021-11-23 12:47:51 +00:00
matterircd Revbump all Go packages after go117 update 2021-11-05 20:02:39 +00:00
maubot chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
mautrix-hangouts chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
mautrix-telegram chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
mcabber chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
meanwhile chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
miniircd chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
mumble *: Revbump for protobuf-3.19.0 2021-11-11 12:02:46 +00:00
ninja chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
p5-IRC-Utils chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
p5-Net-Goofey chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
p5-Net-Jabber chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
p5-POE-Component-IRC chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
p5-POE-Filter-IRCD chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
phone chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
pidgin *: recursive bump for gstreamer 1.18.5 2021-11-15 22:53:55 +00:00
pidgin-facebookchat *: recursive bump for gstreamer 1.18.5 2021-11-15 22:53:55 +00:00
pidgin-icb *: recursive bump for gstreamer 1.18.5 2021-11-15 22:53:55 +00:00
pidgin-latex *: recursive bump for gstreamer 1.18.5 2021-11-15 22:53:55 +00:00
pidgin-libnotify *: recursive bump for gstreamer 1.18.5 2021-11-15 22:53:55 +00:00
pidgin-otr *: recursive bump for gstreamer 1.18.5 2021-11-15 22:53:55 +00:00
pidgin-sametime *: recursive bump for gstreamer 1.18.5 2021-11-15 22:53:55 +00:00
pidgin-silc *: recursive bump for gstreamer 1.18.5 2021-11-15 22:53:55 +00:00
pircbot chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
profanity chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
prosody chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
psi *: recursive bump for gstreamer 1.18.5 2021-11-15 22:53:55 +00:00
psybnc chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
py-axolotl chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
py-axolotl-curve25519 chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
py-hangups chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
py-mastodon chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
py-mautrix chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
py-nbxmpp chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
py-telethon chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
py-telethon-session-sqlalchemy chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
py-xmpppy chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
quassel *: recursive bump for gstreamer 1.18.5 2021-11-15 22:53:55 +00:00
quirc chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
riece chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
roxirc chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
ruby-net-irc chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
scrollz chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
silc-client chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
silc-client-icb chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
silc-server chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
sirc chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
skypeweb-purple *: recursive bump for gstreamer 1.18.5 2021-11-15 22:53:55 +00:00
spectrum *: recursive bump for gstreamer 1.18.5 2021-11-15 22:53:55 +00:00
srain chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
swift *: recursive bump for gstreamer 1.18.5 2021-11-15 22:53:55 +00:00
telegram-purple *: recursive bump for gstreamer 1.18.5 2021-11-15 22:53:55 +00:00
telepathy-farstream *: recursive bump for gstreamer 1.18.5 2021-11-15 22:53:55 +00:00
telepathy-gabble chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
telepathy-glib chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
telepathy-haze *: recursive bump for gstreamer 1.18.5 2021-11-15 22:53:55 +00:00
telepathy-idle chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
telepathy-logger chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
telepathy-mission-control5 chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
telepathy-qt *: recursive bump for gstreamer 1.18.5 2021-11-15 22:53:55 +00:00
telepathy-qt5 *: recursive bump for gstreamer 1.18.5 2021-11-15 22:53:55 +00:00
tik chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
tirc chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
tkabber chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
tkirc chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
tkirc2 chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
tootstream chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
toxcore chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
unrealircd chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
weechat chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
xaric chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
ysm chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
zenicb chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
zenirc chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
zircon chat: Replace RMD160 checksums with BLAKE2s checksums 2021-10-26 10:05:10 +00:00
znc znc: Use =' instead of +=' in the (now) only assignment to SUBST_SED.man 2021-10-31 08:15:20 +00:00
Makefile Add a package for gomuks, from pkgsrc-wip. 2021-05-21 15:04:16 +00:00