Download raw body.
[security] net/synapse 1.139.2
It's probably better to upgrade to 1.139.2 iinstead of 1.139.1 as it has
a breaking bug. Here is 1.139.2
On 10/7/25 4:50 PM, Stuart Henderson wrote:
> ok for post-unlock
>
> On 2025/10/07 15:44, Renaud Allard wrote:
>> Hello,
>>
>> Here is a diff for net/synapse to 1.139.1
>> Tested on amd64
>>
>> This solves CVE-2025-61672
>> Lack of validation for device keys in Synapse before 1.139.1 allows an
>> attacker registered on the victim homeserver to degrade federation
>> functionality, unpredictably breaking outbound federation to other
>> homeservers.
>>
>> Best Regards
>
>> Index: Makefile
>> ===================================================================
>> RCS file: /cvs/ports/net/synapse/Makefile,v
>> diff -u -p -r1.110 Makefile
>> --- Makefile 18 Sep 2025 15:19:38 -0000 1.110
>> +++ Makefile 7 Oct 2025 13:42:07 -0000
>> @@ -1,7 +1,6 @@
>> COMMENT = open network for secure, decentralized communication
>>
>> -MODPY_DISTV = 1.138.0
>> -REVISION = 2
>> +MODPY_DISTV = 1.139.1
>>
>> GH_ACCOUNT = element-hq
>> GH_PROJECT = synapse
>> Index: distinfo
>> ===================================================================
>> RCS file: /cvs/ports/net/synapse/distinfo,v
>> diff -u -p -r1.83 distinfo
>> --- distinfo 10 Sep 2025 07:35:08 -0000 1.83
>> +++ distinfo 7 Oct 2025 13:42:07 -0000
>> @@ -76,7 +76,7 @@ SHA256 (cargo/lazy_static-1.5.0.tar.gz)
>> SHA256 (cargo/libc-0.2.174.tar.gz) = EXFpMpMJmZLhnN3qTouEmWTphG9KzuEbOUi8wze+h3Y=
>> SHA256 (cargo/libm-0.2.15.tar.gz) = +fu8q1EFL+EE615dNRz3KNMKW+H+FNm+ijsJdIH7l94=
>> SHA256 (cargo/litemap-0.8.0.tar.gz) = JB6u9f0SyIcFoB/BBmxIxLNuDdQ3fc3H7DlCzqemmVY=
>> -SHA256 (cargo/log-0.4.27.tar.gz) = E9wt81HjICeDof4NRDdfcpX/tASSZ7DzAYNG3BIqHZQ=
>> +SHA256 (cargo/log-0.4.28.tar.gz) = NAgFBe+o5FpLgWw0lSXr4yfOqoVZdW8DVsupfvO/dDI=
>> SHA256 (cargo/lru-slab-0.1.2.tar.gz) = ESs5zsCymLbBmZ/uPjFCf3T2duTLmHntGhIbQ2YaQVQ=
>> SHA256 (cargo/memchr-2.7.5.tar.gz) = MqKC2mX6rzgobPO+mDIT/PHS4qWHAOgI+D9OqaSAS8A=
>> SHA256 (cargo/memoffset-0.9.1.tar.gz) = SIAWv65FewNtmWCS9stEhndhHOREnpcM6vQmlSA/IYo=
>> @@ -124,9 +124,10 @@ SHA256 (cargo/ryu-1.0.20.tar.gz) = KNOys
>> SHA256 (cargo/schannel-0.1.27.tar.gz) = HynrqjRflFzsn7vFMuswfw/a2BYfKBtjaVOcjYSHaz0=
>> SHA256 (cargo/security-framework-3.2.0.tar.gz) = JxcgQD9GygT3um9V1Dj4vYeNa4ygoQRugijEFFvLsxY=
>> SHA256 (cargo/security-framework-sys-2.14.0.tar.gz) = SdsjHVahkEkctK7alSfxrUU0WvULCFFiKnrbjAOwHDI=
>> -SHA256 (cargo/serde-1.0.219.tar.gz) = Xw4sbtZgYBm04p5p26upWxGFRBDlNH1SUAJFbbu3hrY=
>> -SHA256 (cargo/serde_derive-1.0.219.tar.gz) = WwJ2z38sczZfcVfIEjwhzZpQ+72ER1evKMofWSX8KgA=
>> -SHA256 (cargo/serde_json-1.0.143.tar.gz) = 1AGr7x0Qj72cuuvD5GYR9LECH3FKBZenH0HuRj9fSlo=
>> +SHA256 (cargo/serde-1.0.224.tar.gz) = aq6x6U9TsWOEr1k8ceILCV6VjasdJpOcG3BkXFz7zAs=
>> +SHA256 (cargo/serde_core-1.0.224.tar.gz) = MvOTkPpjRuJN77zdPZVEuooZmF0K9034UB+/6aZDQas=
>> +SHA256 (cargo/serde_derive-1.0.224.tar.gz) = h/94q16FYcmmdb/BeFyweuch8O5TMppZXO/YwEwqxOA=
>> +SHA256 (cargo/serde_json-1.0.145.tar.gz) = QCpvZtjHCRFs8i9VjqshD1pQGH9wLrTX5e842afxx5w=
>> SHA256 (cargo/serde_urlencoded-0.7.1.tar.gz) = 00kcFHFcoilMTWqI8V6Ec5eIwdAw7tjBEENqr9qi8/0=
>> SHA256 (cargo/sha1-0.10.6.tar.gz) = 47+Cmi1Rq0pd3xNS2EcMFAytyDAbKuF4nbAj8Bzt1ro=
>> SHA256 (cargo/sha2-0.10.9.tar.gz) = p1B9gZdp0Bo2WrcHeUpAhDksgk9Up6anhi+MPQiSsoM=
>> @@ -199,7 +200,7 @@ SHA256 (cargo/zeroize-1.8.1.tar.gz) = zt
>> SHA256 (cargo/zerotrie-0.2.2.tar.gz) = NvC71HhYP3ntrZeLQHkU9hspcvWvb6CJaGAWvo+a9ZU=
>> SHA256 (cargo/zerovec-0.11.2.tar.gz) = SgXrCA4BW6OcyeI7vl5/sE1fsEA1D5nzTjONX90pRCg=
>> SHA256 (cargo/zerovec-derive-0.11.1.tar.gz) = W5YjfvoMh4xkvYnENvZhvk5GsvPv8eu5dvfvIyHS9Y8=
>> -SHA256 (synapse-1.138.0.tar.gz) = HvSgLweNcUWzxPoGsvBCzZtSiKSmY7LQlbRYYPOShX8=
>> +SHA256 (synapse-1.139.1.tar.gz) = q/k6/JKTTVjzuUhwKqqtw5irtwVqYmz3ji1XqmvPbeg=
>> SIZE (cargo/addr2line-0.24.2.tar.gz) = 39015
>> SIZE (cargo/adler2-2.0.1.tar.gz) = 13366
>> SIZE (cargo/aho-corasick-1.1.3.tar.gz) = 183311
>> @@ -278,7 +279,7 @@ SIZE (cargo/lazy_static-1.5.0.tar.gz) =
>> SIZE (cargo/libc-0.2.174.tar.gz) = 779933
>> SIZE (cargo/libm-0.2.15.tar.gz) = 156108
>> SIZE (cargo/litemap-0.8.0.tar.gz) = 34344
>> -SIZE (cargo/log-0.4.27.tar.gz) = 48120
>> +SIZE (cargo/log-0.4.28.tar.gz) = 51131
>> SIZE (cargo/lru-slab-0.1.2.tar.gz) = 9090
>> SIZE (cargo/memchr-2.7.5.tar.gz) = 97603
>> SIZE (cargo/memoffset-0.9.1.tar.gz) = 9032
>> @@ -326,9 +327,10 @@ SIZE (cargo/ryu-1.0.20.tar.gz) = 48738
>> SIZE (cargo/schannel-0.1.27.tar.gz) = 42772
>> SIZE (cargo/security-framework-3.2.0.tar.gz) = 86095
>> SIZE (cargo/security-framework-sys-2.14.0.tar.gz) = 20537
>> -SIZE (cargo/serde-1.0.219.tar.gz) = 78983
>> -SIZE (cargo/serde_derive-1.0.219.tar.gz) = 57798
>> -SIZE (cargo/serde_json-1.0.143.tar.gz) = 155342
>> +SIZE (cargo/serde-1.0.224.tar.gz) = 28268
>> +SIZE (cargo/serde_core-1.0.224.tar.gz) = 62766
>> +SIZE (cargo/serde_derive-1.0.224.tar.gz) = 57909
>> +SIZE (cargo/serde_json-1.0.145.tar.gz) = 155748
>> SIZE (cargo/serde_urlencoded-0.7.1.tar.gz) = 12822
>> SIZE (cargo/sha1-0.10.6.tar.gz) = 13517
>> SIZE (cargo/sha2-0.10.9.tar.gz) = 29271
>> @@ -401,4 +403,4 @@ SIZE (cargo/zeroize-1.8.1.tar.gz) = 2002
>> SIZE (cargo/zerotrie-0.2.2.tar.gz) = 74423
>> SIZE (cargo/zerovec-0.11.2.tar.gz) = 124500
>> SIZE (cargo/zerovec-derive-0.11.1.tar.gz) = 21294
>> -SIZE (synapse-1.138.0.tar.gz) = 9114217
>> +SIZE (synapse-1.139.1.tar.gz) = 9141608
>> Index: modules.inc
>> ===================================================================
>> RCS file: /cvs/ports/net/synapse/modules.inc,v
>> diff -u -p -r1.46 modules.inc
>> --- modules.inc 10 Sep 2025 07:35:08 -0000 1.46
>> +++ modules.inc 7 Oct 2025 13:42:07 -0000
>> @@ -76,7 +76,7 @@ MODCARGO_CRATES += lazy_static 1.5.0 # M
>> MODCARGO_CRATES += libc 0.2.174 # MIT OR Apache-2.0
>> MODCARGO_CRATES += libm 0.2.15 # MIT
>> MODCARGO_CRATES += litemap 0.8.0 # Unicode-3.0
>> -MODCARGO_CRATES += log 0.4.27 # MIT OR Apache-2.0
>> +MODCARGO_CRATES += log 0.4.28 # MIT OR Apache-2.0
>> MODCARGO_CRATES += lru-slab 0.1.2 # MIT OR Apache-2.0 OR Zlib
>> MODCARGO_CRATES += memchr 2.7.5 # Unlicense OR MIT
>> MODCARGO_CRATES += memoffset 0.9.1 # MIT
>> @@ -124,9 +124,10 @@ MODCARGO_CRATES += ryu 1.0.20 # Apache-2
>> MODCARGO_CRATES += schannel 0.1.27 # MIT
>> MODCARGO_CRATES += security-framework 3.2.0 # MIT OR Apache-2.0
>> MODCARGO_CRATES += security-framework-sys 2.14.0 # MIT OR Apache-2.0
>> -MODCARGO_CRATES += serde 1.0.219 # MIT OR Apache-2.0
>> -MODCARGO_CRATES += serde_derive 1.0.219 # MIT OR Apache-2.0
>> -MODCARGO_CRATES += serde_json 1.0.143 # MIT OR Apache-2.0
>> +MODCARGO_CRATES += serde 1.0.224 # MIT OR Apache-2.0
>> +MODCARGO_CRATES += serde_core 1.0.224 # MIT OR Apache-2.0
>> +MODCARGO_CRATES += serde_derive 1.0.224 # MIT OR Apache-2.0
>> +MODCARGO_CRATES += serde_json 1.0.145 # MIT OR Apache-2.0
>> MODCARGO_CRATES += serde_urlencoded 0.7.1 # MIT/Apache-2.0
>> MODCARGO_CRATES += sha1 0.10.6 # MIT OR Apache-2.0
>> MODCARGO_CRATES += sha2 0.10.9 # MIT OR Apache-2.0
>> Index: pkg/PLIST
>> ===================================================================
>> RCS file: /cvs/ports/net/synapse/pkg/PLIST,v
>> diff -u -p -r1.70 PLIST
>> --- pkg/PLIST 18 Sep 2025 15:19:38 -0000 1.70
>> +++ pkg/PLIST 7 Oct 2025 13:42:07 -0000
>> @@ -14,14 +14,13 @@ bin/synapse_worker
>> bin/synctl
>> bin/update_synapse_database
>> lib/python${MODPY_VERSION}/site-packages/matrix_synapse-${MODPY_DISTV}.dist-info/
>> +lib/python${MODPY_VERSION}/site-packages/matrix_synapse-${MODPY_DISTV}.dist-info/AUTHORS.rst
>> +lib/python${MODPY_VERSION}/site-packages/matrix_synapse-${MODPY_DISTV}.dist-info/LICENSE-AGPL-3.0
>> +lib/python${MODPY_VERSION}/site-packages/matrix_synapse-${MODPY_DISTV}.dist-info/LICENSE-COMMERCIAL
>> lib/python${MODPY_VERSION}/site-packages/matrix_synapse-${MODPY_DISTV}.dist-info/METADATA
>> lib/python${MODPY_VERSION}/site-packages/matrix_synapse-${MODPY_DISTV}.dist-info/RECORD
>> lib/python${MODPY_VERSION}/site-packages/matrix_synapse-${MODPY_DISTV}.dist-info/WHEEL
>> lib/python${MODPY_VERSION}/site-packages/matrix_synapse-${MODPY_DISTV}.dist-info/entry_points.txt
>> -lib/python${MODPY_VERSION}/site-packages/matrix_synapse-${MODPY_DISTV}.dist-info/licenses/
>> -lib/python${MODPY_VERSION}/site-packages/matrix_synapse-${MODPY_DISTV}.dist-info/licenses/AUTHORS.rst
>> -lib/python${MODPY_VERSION}/site-packages/matrix_synapse-${MODPY_DISTV}.dist-info/licenses/LICENSE-AGPL-3.0
>> -lib/python${MODPY_VERSION}/site-packages/matrix_synapse-${MODPY_DISTV}.dist-info/licenses/LICENSE-COMMERCIAL
>> lib/python${MODPY_VERSION}/site-packages/synapse/
>> lib/python${MODPY_VERSION}/site-packages/synapse/__init__.py
>> ${MODPY_COMMENT}lib/python${MODPY_VERSION}/site-packages/synapse/${MODPY_PYCACHE}/
>> @@ -2200,6 +2199,7 @@ lib/python${MODPY_VERSION}/site-packages
>> lib/python${MODPY_VERSION}/site-packages/synapse/storage/schema/main/delta/92/07_add_user_reports.sql
>> lib/python${MODPY_VERSION}/site-packages/synapse/storage/schema/main/delta/92/07_event_txn_id_device_id_txn_id2.sql
>> lib/python${MODPY_VERSION}/site-packages/synapse/storage/schema/main/delta/92/08_room_ban_redactions.sql
>> +lib/python${MODPY_VERSION}/site-packages/synapse/storage/schema/main/delta/92/08_thread_subscriptions_seq_fixup.sql.postgres
>> lib/python${MODPY_VERSION}/site-packages/synapse/storage/schema/main/delta/92/09_thread_subscriptions_update.sql
>> lib/python${MODPY_VERSION}/site-packages/synapse/storage/schema/main/delta/92/09_thread_subscriptions_update.sql.postgres
>> lib/python${MODPY_VERSION}/site-packages/synapse/storage/schema/main/full_schemas/
>> @@ -2318,6 +2318,8 @@ lib/python${MODPY_VERSION}/site-packages
>> lib/python${MODPY_VERSION}/site-packages/synapse/util/${MODPY_PYCACHE}cancellation.${MODPY_PYC_MAGIC_TAG}pyc
>> lib/python${MODPY_VERSION}/site-packages/synapse/util/${MODPY_PYCACHE}check_dependencies.${MODPY_PYC_MAGIC_TAG}${MODPY_PYOEXTENSION}
>> lib/python${MODPY_VERSION}/site-packages/synapse/util/${MODPY_PYCACHE}check_dependencies.${MODPY_PYC_MAGIC_TAG}pyc
>> +lib/python${MODPY_VERSION}/site-packages/synapse/util/${MODPY_PYCACHE}clock.${MODPY_PYC_MAGIC_TAG}${MODPY_PYOEXTENSION}
>> +lib/python${MODPY_VERSION}/site-packages/synapse/util/${MODPY_PYCACHE}clock.${MODPY_PYC_MAGIC_TAG}pyc
>> lib/python${MODPY_VERSION}/site-packages/synapse/util/${MODPY_PYCACHE}constants.${MODPY_PYC_MAGIC_TAG}${MODPY_PYOEXTENSION}
>> lib/python${MODPY_VERSION}/site-packages/synapse/util/${MODPY_PYCACHE}constants.${MODPY_PYC_MAGIC_TAG}pyc
>> lib/python${MODPY_VERSION}/site-packages/synapse/util/${MODPY_PYCACHE}daemonize.${MODPY_PYC_MAGIC_TAG}${MODPY_PYOEXTENSION}
>> @@ -2338,6 +2340,8 @@ lib/python${MODPY_VERSION}/site-packages
>> lib/python${MODPY_VERSION}/site-packages/synapse/util/${MODPY_PYCACHE}httpresourcetree.${MODPY_PYC_MAGIC_TAG}pyc
>> lib/python${MODPY_VERSION}/site-packages/synapse/util/${MODPY_PYCACHE}iterutils.${MODPY_PYC_MAGIC_TAG}${MODPY_PYOEXTENSION}
>> lib/python${MODPY_VERSION}/site-packages/synapse/util/${MODPY_PYCACHE}iterutils.${MODPY_PYC_MAGIC_TAG}pyc
>> +lib/python${MODPY_VERSION}/site-packages/synapse/util/${MODPY_PYCACHE}json.${MODPY_PYC_MAGIC_TAG}${MODPY_PYOEXTENSION}
>> +lib/python${MODPY_VERSION}/site-packages/synapse/util/${MODPY_PYCACHE}json.${MODPY_PYC_MAGIC_TAG}pyc
>> lib/python${MODPY_VERSION}/site-packages/synapse/util/${MODPY_PYCACHE}linked_list.${MODPY_PYC_MAGIC_TAG}${MODPY_PYOEXTENSION}
>> lib/python${MODPY_VERSION}/site-packages/synapse/util/${MODPY_PYCACHE}linked_list.${MODPY_PYC_MAGIC_TAG}pyc
>> lib/python${MODPY_VERSION}/site-packages/synapse/util/${MODPY_PYCACHE}logcontext.${MODPY_PYC_MAGIC_TAG}${MODPY_PYOEXTENSION}
>> @@ -2366,6 +2370,8 @@ lib/python${MODPY_VERSION}/site-packages
>> lib/python${MODPY_VERSION}/site-packages/synapse/util/${MODPY_PYCACHE}rlimit.${MODPY_PYC_MAGIC_TAG}pyc
>> lib/python${MODPY_VERSION}/site-packages/synapse/util/${MODPY_PYCACHE}rust.${MODPY_PYC_MAGIC_TAG}${MODPY_PYOEXTENSION}
>> lib/python${MODPY_VERSION}/site-packages/synapse/util/${MODPY_PYCACHE}rust.${MODPY_PYC_MAGIC_TAG}pyc
>> +lib/python${MODPY_VERSION}/site-packages/synapse/util/${MODPY_PYCACHE}sentinel.${MODPY_PYC_MAGIC_TAG}${MODPY_PYOEXTENSION}
>> +lib/python${MODPY_VERSION}/site-packages/synapse/util/${MODPY_PYCACHE}sentinel.${MODPY_PYC_MAGIC_TAG}pyc
>> lib/python${MODPY_VERSION}/site-packages/synapse/util/${MODPY_PYCACHE}stringutils.${MODPY_PYC_MAGIC_TAG}${MODPY_PYOEXTENSION}
>> lib/python${MODPY_VERSION}/site-packages/synapse/util/${MODPY_PYCACHE}stringutils.${MODPY_PYC_MAGIC_TAG}pyc
>> lib/python${MODPY_VERSION}/site-packages/synapse/util/${MODPY_PYCACHE}task_scheduler.${MODPY_PYC_MAGIC_TAG}${MODPY_PYOEXTENSION}
>> @@ -2415,6 +2421,7 @@ lib/python${MODPY_VERSION}/site-packages
>> lib/python${MODPY_VERSION}/site-packages/synapse/util/caches/ttlcache.py
>> lib/python${MODPY_VERSION}/site-packages/synapse/util/cancellation.py
>> lib/python${MODPY_VERSION}/site-packages/synapse/util/check_dependencies.py
>> +lib/python${MODPY_VERSION}/site-packages/synapse/util/clock.py
>> lib/python${MODPY_VERSION}/site-packages/synapse/util/constants.py
>> lib/python${MODPY_VERSION}/site-packages/synapse/util/daemonize.py
>> lib/python${MODPY_VERSION}/site-packages/synapse/util/distributor.py
>> @@ -2425,6 +2432,7 @@ lib/python${MODPY_VERSION}/site-packages
>> lib/python${MODPY_VERSION}/site-packages/synapse/util/hash.py
>> lib/python${MODPY_VERSION}/site-packages/synapse/util/httpresourcetree.py
>> lib/python${MODPY_VERSION}/site-packages/synapse/util/iterutils.py
>> +lib/python${MODPY_VERSION}/site-packages/synapse/util/json.py
>> lib/python${MODPY_VERSION}/site-packages/synapse/util/linked_list.py
>> lib/python${MODPY_VERSION}/site-packages/synapse/util/logcontext.py
>> lib/python${MODPY_VERSION}/site-packages/synapse/util/logformatter.py
>> @@ -2439,6 +2447,7 @@ lib/python${MODPY_VERSION}/site-packages
>> lib/python${MODPY_VERSION}/site-packages/synapse/util/retryutils.py
>> lib/python${MODPY_VERSION}/site-packages/synapse/util/rlimit.py
>> lib/python${MODPY_VERSION}/site-packages/synapse/util/rust.py
>> +lib/python${MODPY_VERSION}/site-packages/synapse/util/sentinel.py
>> lib/python${MODPY_VERSION}/site-packages/synapse/util/stringutils.py
>> lib/python${MODPY_VERSION}/site-packages/synapse/util/task_scheduler.py
>> lib/python${MODPY_VERSION}/site-packages/synapse/util/templates.py
>
>
>
Index: Makefile
===================================================================
RCS file: /cvs/ports/net/synapse/Makefile,v
diff -u -p -r1.110 Makefile
--- Makefile 18 Sep 2025 15:19:38 -0000 1.110
+++ Makefile 8 Oct 2025 12:03:15 -0000
@@ -1,7 +1,6 @@
COMMENT = open network for secure, decentralized communication
-MODPY_DISTV = 1.138.0
-REVISION = 2
+MODPY_DISTV = 1.139.2
GH_ACCOUNT = element-hq
GH_PROJECT = synapse
Index: distinfo
===================================================================
RCS file: /cvs/ports/net/synapse/distinfo,v
diff -u -p -r1.83 distinfo
--- distinfo 10 Sep 2025 07:35:08 -0000 1.83
+++ distinfo 8 Oct 2025 12:03:15 -0000
@@ -76,7 +76,7 @@ SHA256 (cargo/lazy_static-1.5.0.tar.gz)
SHA256 (cargo/libc-0.2.174.tar.gz) = EXFpMpMJmZLhnN3qTouEmWTphG9KzuEbOUi8wze+h3Y=
SHA256 (cargo/libm-0.2.15.tar.gz) = +fu8q1EFL+EE615dNRz3KNMKW+H+FNm+ijsJdIH7l94=
SHA256 (cargo/litemap-0.8.0.tar.gz) = JB6u9f0SyIcFoB/BBmxIxLNuDdQ3fc3H7DlCzqemmVY=
-SHA256 (cargo/log-0.4.27.tar.gz) = E9wt81HjICeDof4NRDdfcpX/tASSZ7DzAYNG3BIqHZQ=
+SHA256 (cargo/log-0.4.28.tar.gz) = NAgFBe+o5FpLgWw0lSXr4yfOqoVZdW8DVsupfvO/dDI=
SHA256 (cargo/lru-slab-0.1.2.tar.gz) = ESs5zsCymLbBmZ/uPjFCf3T2duTLmHntGhIbQ2YaQVQ=
SHA256 (cargo/memchr-2.7.5.tar.gz) = MqKC2mX6rzgobPO+mDIT/PHS4qWHAOgI+D9OqaSAS8A=
SHA256 (cargo/memoffset-0.9.1.tar.gz) = SIAWv65FewNtmWCS9stEhndhHOREnpcM6vQmlSA/IYo=
@@ -124,9 +124,10 @@ SHA256 (cargo/ryu-1.0.20.tar.gz) = KNOys
SHA256 (cargo/schannel-0.1.27.tar.gz) = HynrqjRflFzsn7vFMuswfw/a2BYfKBtjaVOcjYSHaz0=
SHA256 (cargo/security-framework-3.2.0.tar.gz) = JxcgQD9GygT3um9V1Dj4vYeNa4ygoQRugijEFFvLsxY=
SHA256 (cargo/security-framework-sys-2.14.0.tar.gz) = SdsjHVahkEkctK7alSfxrUU0WvULCFFiKnrbjAOwHDI=
-SHA256 (cargo/serde-1.0.219.tar.gz) = Xw4sbtZgYBm04p5p26upWxGFRBDlNH1SUAJFbbu3hrY=
-SHA256 (cargo/serde_derive-1.0.219.tar.gz) = WwJ2z38sczZfcVfIEjwhzZpQ+72ER1evKMofWSX8KgA=
-SHA256 (cargo/serde_json-1.0.143.tar.gz) = 1AGr7x0Qj72cuuvD5GYR9LECH3FKBZenH0HuRj9fSlo=
+SHA256 (cargo/serde-1.0.224.tar.gz) = aq6x6U9TsWOEr1k8ceILCV6VjasdJpOcG3BkXFz7zAs=
+SHA256 (cargo/serde_core-1.0.224.tar.gz) = MvOTkPpjRuJN77zdPZVEuooZmF0K9034UB+/6aZDQas=
+SHA256 (cargo/serde_derive-1.0.224.tar.gz) = h/94q16FYcmmdb/BeFyweuch8O5TMppZXO/YwEwqxOA=
+SHA256 (cargo/serde_json-1.0.145.tar.gz) = QCpvZtjHCRFs8i9VjqshD1pQGH9wLrTX5e842afxx5w=
SHA256 (cargo/serde_urlencoded-0.7.1.tar.gz) = 00kcFHFcoilMTWqI8V6Ec5eIwdAw7tjBEENqr9qi8/0=
SHA256 (cargo/sha1-0.10.6.tar.gz) = 47+Cmi1Rq0pd3xNS2EcMFAytyDAbKuF4nbAj8Bzt1ro=
SHA256 (cargo/sha2-0.10.9.tar.gz) = p1B9gZdp0Bo2WrcHeUpAhDksgk9Up6anhi+MPQiSsoM=
@@ -199,7 +200,7 @@ SHA256 (cargo/zeroize-1.8.1.tar.gz) = zt
SHA256 (cargo/zerotrie-0.2.2.tar.gz) = NvC71HhYP3ntrZeLQHkU9hspcvWvb6CJaGAWvo+a9ZU=
SHA256 (cargo/zerovec-0.11.2.tar.gz) = SgXrCA4BW6OcyeI7vl5/sE1fsEA1D5nzTjONX90pRCg=
SHA256 (cargo/zerovec-derive-0.11.1.tar.gz) = W5YjfvoMh4xkvYnENvZhvk5GsvPv8eu5dvfvIyHS9Y8=
-SHA256 (synapse-1.138.0.tar.gz) = HvSgLweNcUWzxPoGsvBCzZtSiKSmY7LQlbRYYPOShX8=
+SHA256 (synapse-1.139.2.tar.gz) = 4pEvj+G47cJjBekrRY6ZvjAeot0WEozbgANkILEjmTI=
SIZE (cargo/addr2line-0.24.2.tar.gz) = 39015
SIZE (cargo/adler2-2.0.1.tar.gz) = 13366
SIZE (cargo/aho-corasick-1.1.3.tar.gz) = 183311
@@ -278,7 +279,7 @@ SIZE (cargo/lazy_static-1.5.0.tar.gz) =
SIZE (cargo/libc-0.2.174.tar.gz) = 779933
SIZE (cargo/libm-0.2.15.tar.gz) = 156108
SIZE (cargo/litemap-0.8.0.tar.gz) = 34344
-SIZE (cargo/log-0.4.27.tar.gz) = 48120
+SIZE (cargo/log-0.4.28.tar.gz) = 51131
SIZE (cargo/lru-slab-0.1.2.tar.gz) = 9090
SIZE (cargo/memchr-2.7.5.tar.gz) = 97603
SIZE (cargo/memoffset-0.9.1.tar.gz) = 9032
@@ -326,9 +327,10 @@ SIZE (cargo/ryu-1.0.20.tar.gz) = 48738
SIZE (cargo/schannel-0.1.27.tar.gz) = 42772
SIZE (cargo/security-framework-3.2.0.tar.gz) = 86095
SIZE (cargo/security-framework-sys-2.14.0.tar.gz) = 20537
-SIZE (cargo/serde-1.0.219.tar.gz) = 78983
-SIZE (cargo/serde_derive-1.0.219.tar.gz) = 57798
-SIZE (cargo/serde_json-1.0.143.tar.gz) = 155342
+SIZE (cargo/serde-1.0.224.tar.gz) = 28268
+SIZE (cargo/serde_core-1.0.224.tar.gz) = 62766
+SIZE (cargo/serde_derive-1.0.224.tar.gz) = 57909
+SIZE (cargo/serde_json-1.0.145.tar.gz) = 155748
SIZE (cargo/serde_urlencoded-0.7.1.tar.gz) = 12822
SIZE (cargo/sha1-0.10.6.tar.gz) = 13517
SIZE (cargo/sha2-0.10.9.tar.gz) = 29271
@@ -401,4 +403,4 @@ SIZE (cargo/zeroize-1.8.1.tar.gz) = 2002
SIZE (cargo/zerotrie-0.2.2.tar.gz) = 74423
SIZE (cargo/zerovec-0.11.2.tar.gz) = 124500
SIZE (cargo/zerovec-derive-0.11.1.tar.gz) = 21294
-SIZE (synapse-1.138.0.tar.gz) = 9114217
+SIZE (synapse-1.139.2.tar.gz) = 9143758
Index: modules.inc
===================================================================
RCS file: /cvs/ports/net/synapse/modules.inc,v
diff -u -p -r1.46 modules.inc
--- modules.inc 10 Sep 2025 07:35:08 -0000 1.46
+++ modules.inc 8 Oct 2025 12:03:15 -0000
@@ -76,7 +76,7 @@ MODCARGO_CRATES += lazy_static 1.5.0 # M
MODCARGO_CRATES += libc 0.2.174 # MIT OR Apache-2.0
MODCARGO_CRATES += libm 0.2.15 # MIT
MODCARGO_CRATES += litemap 0.8.0 # Unicode-3.0
-MODCARGO_CRATES += log 0.4.27 # MIT OR Apache-2.0
+MODCARGO_CRATES += log 0.4.28 # MIT OR Apache-2.0
MODCARGO_CRATES += lru-slab 0.1.2 # MIT OR Apache-2.0 OR Zlib
MODCARGO_CRATES += memchr 2.7.5 # Unlicense OR MIT
MODCARGO_CRATES += memoffset 0.9.1 # MIT
@@ -124,9 +124,10 @@ MODCARGO_CRATES += ryu 1.0.20 # Apache-2
MODCARGO_CRATES += schannel 0.1.27 # MIT
MODCARGO_CRATES += security-framework 3.2.0 # MIT OR Apache-2.0
MODCARGO_CRATES += security-framework-sys 2.14.0 # MIT OR Apache-2.0
-MODCARGO_CRATES += serde 1.0.219 # MIT OR Apache-2.0
-MODCARGO_CRATES += serde_derive 1.0.219 # MIT OR Apache-2.0
-MODCARGO_CRATES += serde_json 1.0.143 # MIT OR Apache-2.0
+MODCARGO_CRATES += serde 1.0.224 # MIT OR Apache-2.0
+MODCARGO_CRATES += serde_core 1.0.224 # MIT OR Apache-2.0
+MODCARGO_CRATES += serde_derive 1.0.224 # MIT OR Apache-2.0
+MODCARGO_CRATES += serde_json 1.0.145 # MIT OR Apache-2.0
MODCARGO_CRATES += serde_urlencoded 0.7.1 # MIT/Apache-2.0
MODCARGO_CRATES += sha1 0.10.6 # MIT OR Apache-2.0
MODCARGO_CRATES += sha2 0.10.9 # MIT OR Apache-2.0
Index: pkg/PLIST
===================================================================
RCS file: /cvs/ports/net/synapse/pkg/PLIST,v
diff -u -p -r1.70 PLIST
--- pkg/PLIST 18 Sep 2025 15:19:38 -0000 1.70
+++ pkg/PLIST 8 Oct 2025 12:03:15 -0000
@@ -2200,6 +2200,7 @@ lib/python${MODPY_VERSION}/site-packages
lib/python${MODPY_VERSION}/site-packages/synapse/storage/schema/main/delta/92/07_add_user_reports.sql
lib/python${MODPY_VERSION}/site-packages/synapse/storage/schema/main/delta/92/07_event_txn_id_device_id_txn_id2.sql
lib/python${MODPY_VERSION}/site-packages/synapse/storage/schema/main/delta/92/08_room_ban_redactions.sql
+lib/python${MODPY_VERSION}/site-packages/synapse/storage/schema/main/delta/92/08_thread_subscriptions_seq_fixup.sql.postgres
lib/python${MODPY_VERSION}/site-packages/synapse/storage/schema/main/delta/92/09_thread_subscriptions_update.sql
lib/python${MODPY_VERSION}/site-packages/synapse/storage/schema/main/delta/92/09_thread_subscriptions_update.sql.postgres
lib/python${MODPY_VERSION}/site-packages/synapse/storage/schema/main/full_schemas/
@@ -2318,6 +2319,8 @@ lib/python${MODPY_VERSION}/site-packages
lib/python${MODPY_VERSION}/site-packages/synapse/util/${MODPY_PYCACHE}cancellation.${MODPY_PYC_MAGIC_TAG}pyc
lib/python${MODPY_VERSION}/site-packages/synapse/util/${MODPY_PYCACHE}check_dependencies.${MODPY_PYC_MAGIC_TAG}${MODPY_PYOEXTENSION}
lib/python${MODPY_VERSION}/site-packages/synapse/util/${MODPY_PYCACHE}check_dependencies.${MODPY_PYC_MAGIC_TAG}pyc
+lib/python${MODPY_VERSION}/site-packages/synapse/util/${MODPY_PYCACHE}clock.${MODPY_PYC_MAGIC_TAG}${MODPY_PYOEXTENSION}
+lib/python${MODPY_VERSION}/site-packages/synapse/util/${MODPY_PYCACHE}clock.${MODPY_PYC_MAGIC_TAG}pyc
lib/python${MODPY_VERSION}/site-packages/synapse/util/${MODPY_PYCACHE}constants.${MODPY_PYC_MAGIC_TAG}${MODPY_PYOEXTENSION}
lib/python${MODPY_VERSION}/site-packages/synapse/util/${MODPY_PYCACHE}constants.${MODPY_PYC_MAGIC_TAG}pyc
lib/python${MODPY_VERSION}/site-packages/synapse/util/${MODPY_PYCACHE}daemonize.${MODPY_PYC_MAGIC_TAG}${MODPY_PYOEXTENSION}
@@ -2338,6 +2341,8 @@ lib/python${MODPY_VERSION}/site-packages
lib/python${MODPY_VERSION}/site-packages/synapse/util/${MODPY_PYCACHE}httpresourcetree.${MODPY_PYC_MAGIC_TAG}pyc
lib/python${MODPY_VERSION}/site-packages/synapse/util/${MODPY_PYCACHE}iterutils.${MODPY_PYC_MAGIC_TAG}${MODPY_PYOEXTENSION}
lib/python${MODPY_VERSION}/site-packages/synapse/util/${MODPY_PYCACHE}iterutils.${MODPY_PYC_MAGIC_TAG}pyc
+lib/python${MODPY_VERSION}/site-packages/synapse/util/${MODPY_PYCACHE}json.${MODPY_PYC_MAGIC_TAG}${MODPY_PYOEXTENSION}
+lib/python${MODPY_VERSION}/site-packages/synapse/util/${MODPY_PYCACHE}json.${MODPY_PYC_MAGIC_TAG}pyc
lib/python${MODPY_VERSION}/site-packages/synapse/util/${MODPY_PYCACHE}linked_list.${MODPY_PYC_MAGIC_TAG}${MODPY_PYOEXTENSION}
lib/python${MODPY_VERSION}/site-packages/synapse/util/${MODPY_PYCACHE}linked_list.${MODPY_PYC_MAGIC_TAG}pyc
lib/python${MODPY_VERSION}/site-packages/synapse/util/${MODPY_PYCACHE}logcontext.${MODPY_PYC_MAGIC_TAG}${MODPY_PYOEXTENSION}
@@ -2366,6 +2371,8 @@ lib/python${MODPY_VERSION}/site-packages
lib/python${MODPY_VERSION}/site-packages/synapse/util/${MODPY_PYCACHE}rlimit.${MODPY_PYC_MAGIC_TAG}pyc
lib/python${MODPY_VERSION}/site-packages/synapse/util/${MODPY_PYCACHE}rust.${MODPY_PYC_MAGIC_TAG}${MODPY_PYOEXTENSION}
lib/python${MODPY_VERSION}/site-packages/synapse/util/${MODPY_PYCACHE}rust.${MODPY_PYC_MAGIC_TAG}pyc
+lib/python${MODPY_VERSION}/site-packages/synapse/util/${MODPY_PYCACHE}sentinel.${MODPY_PYC_MAGIC_TAG}${MODPY_PYOEXTENSION}
+lib/python${MODPY_VERSION}/site-packages/synapse/util/${MODPY_PYCACHE}sentinel.${MODPY_PYC_MAGIC_TAG}pyc
lib/python${MODPY_VERSION}/site-packages/synapse/util/${MODPY_PYCACHE}stringutils.${MODPY_PYC_MAGIC_TAG}${MODPY_PYOEXTENSION}
lib/python${MODPY_VERSION}/site-packages/synapse/util/${MODPY_PYCACHE}stringutils.${MODPY_PYC_MAGIC_TAG}pyc
lib/python${MODPY_VERSION}/site-packages/synapse/util/${MODPY_PYCACHE}task_scheduler.${MODPY_PYC_MAGIC_TAG}${MODPY_PYOEXTENSION}
@@ -2415,6 +2422,7 @@ lib/python${MODPY_VERSION}/site-packages
lib/python${MODPY_VERSION}/site-packages/synapse/util/caches/ttlcache.py
lib/python${MODPY_VERSION}/site-packages/synapse/util/cancellation.py
lib/python${MODPY_VERSION}/site-packages/synapse/util/check_dependencies.py
+lib/python${MODPY_VERSION}/site-packages/synapse/util/clock.py
lib/python${MODPY_VERSION}/site-packages/synapse/util/constants.py
lib/python${MODPY_VERSION}/site-packages/synapse/util/daemonize.py
lib/python${MODPY_VERSION}/site-packages/synapse/util/distributor.py
@@ -2425,6 +2433,7 @@ lib/python${MODPY_VERSION}/site-packages
lib/python${MODPY_VERSION}/site-packages/synapse/util/hash.py
lib/python${MODPY_VERSION}/site-packages/synapse/util/httpresourcetree.py
lib/python${MODPY_VERSION}/site-packages/synapse/util/iterutils.py
+lib/python${MODPY_VERSION}/site-packages/synapse/util/json.py
lib/python${MODPY_VERSION}/site-packages/synapse/util/linked_list.py
lib/python${MODPY_VERSION}/site-packages/synapse/util/logcontext.py
lib/python${MODPY_VERSION}/site-packages/synapse/util/logformatter.py
@@ -2439,6 +2448,7 @@ lib/python${MODPY_VERSION}/site-packages
lib/python${MODPY_VERSION}/site-packages/synapse/util/retryutils.py
lib/python${MODPY_VERSION}/site-packages/synapse/util/rlimit.py
lib/python${MODPY_VERSION}/site-packages/synapse/util/rust.py
+lib/python${MODPY_VERSION}/site-packages/synapse/util/sentinel.py
lib/python${MODPY_VERSION}/site-packages/synapse/util/stringutils.py
lib/python${MODPY_VERSION}/site-packages/synapse/util/task_scheduler.py
lib/python${MODPY_VERSION}/site-packages/synapse/util/templates.py
[security] net/synapse 1.139.2