community/synapse: fix build

2 files changed, 19 insertions, 0 deletions

diff --git a/community/synapse/APKBUILD b/community/synapse/APKBUILD
index aa2c8a00919..dc9af70c117 100644
--- a/community/synapse/APKBUILD
+++ b/community/synapse/APKBUILD
@@ -53,6 +53,7 @@ subpackages="$pkgname-openrc"
 source="$pkgname-$pkgver.tar.gz::https://github.com/matrix-org/synapse/archive/v$pkgver.tar.gz
 	synapse.initd
 	synapse.confd
+	relax-crypto-dep.patch
 	"
 
 # secfixes:
@@ -93,4 +94,5 @@ sha512sums="
 3b67725ac6ebc4b3b42bd46228f49d400eb41a71fd8b9dbbc8b1efad05e04c38ba6b51758c43d3d3c56df136ff91b59c22283d5766f4774d8d8e10ba8c5fa986  synapse-1.34.0.tar.gz
 4fa4a7bdd80e3b1af0f546723a64cec3b6014c5d52cfb296c41e831f73f72489bd90a3938831c0fd25cdcb03b6e27b54dfd222e325fb30525c39f5c6996687ff  synapse.initd
 7c022f0e00c8ac363d6d2e003b6389fb06a3934f68390ebac156cb46bc1366585e6b6cda07b15176bc62a00f5bf21bfda153ff5418b07331257a7075102a6f83  synapse.confd
+15c17c21fb11f536c6c8307751c5836ac9377dd71af2284d06586abe7776d4d3decb8d04baec019a3f06ac08bd89e510e4c42a619679f20150daaf005a5e0369  relax-crypto-dep.patch
 "
diff --git a/community/synapse/relax-crypto-dep.patch b/community/synapse/relax-crypto-dep.patch
new file mode 100644
index 00000000000..6d0e3c78caf
--- /dev/null
+++ b/community/synapse/relax-crypto-dep.patch
@@ -0,0 +1,17 @@
+Upstream: Not applicable
+Reason: relax dependency requirements as our version of cryptography
+ even if it is old does not bundle a vulnerable 'openssl'
+
+diff --git a/synapse/python_dependencies.py b/synapse/python_dependencies.py
+index 989523c..19a4167 100644
+--- a/synapse/python_dependencies.py
++++ b/synapse/python_dependencies.py
+@@ -86,7 +86,7 @@ REQUIREMENTS = [
+     "typing-extensions>=3.7.4",
+     # We enforce that we have a `cryptography` version that bundles an `openssl`
+     # with the latest security patches.
+-    "cryptography>=3.4.7",
++    "cryptography",
+ ]
+ 
+ CONDITIONAL_REQUIREMENTS = {