On Tue, Dec 13, 2022 at 06:54:02PM +0000, Stuart Henderson wrote: > The new versions don't need REVISION in 7.2-stable because the > upstream versions are already higher than the existing 7.1-stable and > 7.2-stable packages.
> However in -current, REVISION for all subpackages of both python-3.9 > and python-3.10 needs to be higher than in 7.2-stable otherwise we'll > have problems when 7.2 users update to -current or 7.3. > So for 3.9.16/3.10.9 I would go with REVISION=0 in -current (which > sets it for all subpackages in one go), and no REVISION or > REVISION-anything for 7.2-stable. > I've not yet tested build/run but not expecting problems there and > there's nothing that concerns me in changelogs, other than REVISION > it all LGTM. (I'll try to test, but not sure I will get to it this > evening). That makes sense. This is an updated patch taking that into account and ditching the entry in CHANGES.OpenBSD mentioning the now-discarded SHA3 patch. --Kurt Index: Makefile =================================================================== RCS file: /cvs/ports/lang/python/3.10/Makefile,v retrieving revision 1.29 diff -u -p -r1.29 Makefile --- Makefile 6 Dec 2022 15:55:58 -0000 1.29 +++ Makefile 16 Dec 2022 00:08:50 -0000 @@ -3,18 +3,12 @@ # requirement of the PSF license, if it constitutes a change to # Python itself. -FULL_VERSION = 3.10.8 +FULL_VERSION = 3.10.9 SHARED_LIBS = python3.10 0.0 VERSION_SPEC = >=3.10,<3.11 PORTROACH = limit:^3\.10 -REVISION = 3 -REVISION-main = 4 -REVISION-tests = 4 -# -tkinter in 7.2-stable must be kept a higher version than 7.1-stable -# due to dep changes (Tcl/Tk 8.5 -> 8.6); 7.2-current must be kept at same -# or higher version than 7.2-stable. -REVISION-tkinter = 3 +REVISION = 0 # This is the MODPY_DEFAULT_VERSION_3 version of Python: # - override "@comment" setting so that bin/python3 etc are installed Index: distinfo =================================================================== RCS file: /cvs/ports/lang/python/3.10/distinfo,v retrieving revision 1.7 diff -u -p -r1.7 distinfo --- distinfo 14 Oct 2022 15:11:26 -0000 1.7 +++ distinfo 16 Dec 2022 00:08:50 -0000 @@ -1,2 +1,2 @@ -SHA256 (Python-3.10.8.tgz) = 9ADD+zlLi+8SkvbcEpLF+tw1MwOaW8DD6IXz4Wc4Apo= -SIZE (Python-3.10.8.tgz) = 26015299 +SHA256 (Python-3.10.9.tgz) = TM1+RsiJj0x4YpEKFwOqDmNSWROlGauy9V4mIgqRTYg= +SIZE (Python-3.10.9.tgz) = 26044345 Index: files/CHANGES.OpenBSD =================================================================== RCS file: /cvs/ports/lang/python/3.10/files/CHANGES.OpenBSD,v retrieving revision 1.11 diff -u -p -r1.11 CHANGES.OpenBSD --- files/CHANGES.OpenBSD 5 Nov 2022 20:46:24 -0000 1.11 +++ files/CHANGES.OpenBSD 16 Dec 2022 00:08:50 -0000 @@ -19,8 +19,5 @@ compiler as passed to ports builds is /u 6. Use closefrom(2) instead of looping through all the file descriptors and calling close(2) on them. -7. Fix broken keccak implementation by pulling in the applicable part -of the fix of CVE-2022-37454. - These changes are available in the OpenBSD CVS repository <http://www.openbsd.org/anoncvs.html> in ports/lang/python/3.10. Index: patches/patch-Modules__sha3_kcp_KeccakSponge_inc =================================================================== RCS file: patches/patch-Modules__sha3_kcp_KeccakSponge_inc diff -N patches/patch-Modules__sha3_kcp_KeccakSponge_inc --- patches/patch-Modules__sha3_kcp_KeccakSponge_inc 21 Oct 2022 16:04:46 -0000 1.1 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,52 +0,0 @@ -SHA-3 buffer overflows (CVE-2022-37454) -https://github.com/XKCP/XKCP/commit/fdc6fef075f4e81d6b1bc38364248975e08e340a -https://github.com/python/cpython/pull/98519 - -Index: Modules/_sha3/kcp/KeccakSponge.inc ---- Modules/_sha3/kcp/KeccakSponge.inc.orig -+++ Modules/_sha3/kcp/KeccakSponge.inc -@@ -171,7 +171,7 @@ int SpongeAbsorb(SpongeInstance *instance, const unsig - i = 0; - curData = data; - while(i < dataByteLen) { -- if ((instance->byteIOIndex == 0) && (dataByteLen >= (i + rateInBytes))) { -+ if ((instance->byteIOIndex == 0) && (dataByteLen-i >= rateInBytes)) { - #ifdef SnP_FastLoop_Absorb - /* processing full blocks first */ - -@@ -199,10 +199,10 @@ int SpongeAbsorb(SpongeInstance *instance, const unsig - } - else { - /* normal lane: using the message queue */ -- -- partialBlock = (unsigned int)(dataByteLen - i); -- if (partialBlock+instance->byteIOIndex > rateInBytes) -+ if (dataByteLen-i > rateInBytes-instance->byteIOIndex) - partialBlock = rateInBytes-instance->byteIOIndex; -+ else -+ partialBlock = (unsigned int)(dataByteLen - i); - #ifdef KeccakReference - displayBytes(1, "Block to be absorbed (part)", curData, partialBlock); - #endif -@@ -281,7 +281,7 @@ int SpongeSqueeze(SpongeInstance *instance, unsigned c - i = 0; - curData = data; - while(i < dataByteLen) { -- if ((instance->byteIOIndex == rateInBytes) && (dataByteLen >= (i + rateInBytes))) { -+ if ((instance->byteIOIndex == rateInBytes) && (dataByteLen-i >= rateInBytes)) { - for(j=dataByteLen-i; j>=rateInBytes; j-=rateInBytes) { - SnP_Permute(instance->state); - SnP_ExtractBytes(instance->state, curData, 0, rateInBytes); -@@ -299,9 +299,10 @@ int SpongeSqueeze(SpongeInstance *instance, unsigned c - SnP_Permute(instance->state); - instance->byteIOIndex = 0; - } -- partialBlock = (unsigned int)(dataByteLen - i); -- if (partialBlock+instance->byteIOIndex > rateInBytes) -+ if (dataByteLen-i > rateInBytes-instance->byteIOIndex) - partialBlock = rateInBytes-instance->byteIOIndex; -+ else -+ partialBlock = (unsigned int)(dataByteLen - i); - i += partialBlock; - - SnP_ExtractBytes(instance->state, curData, instance->byteIOIndex, partialBlock); Index: pkg/PLIST-main =================================================================== RCS file: /cvs/ports/lang/python/3.10/pkg/PLIST-main,v retrieving revision 1.13 diff -u -p -r1.13 PLIST-main --- pkg/PLIST-main 13 Nov 2022 15:26:02 -0000 1.13 +++ pkg/PLIST-main 16 Dec 2022 00:08:50 -0000 @@ -1848,8 +1848,8 @@ lib/python3.10/ensurepip/_bundled/__pyca lib/python3.10/ensurepip/_bundled/__pycache__/__init__.cpython-310.opt-1.pyc lib/python3.10/ensurepip/_bundled/__pycache__/__init__.cpython-310.opt-2.pyc lib/python3.10/ensurepip/_bundled/__pycache__/__init__.cpython-310.pyc -lib/python3.10/ensurepip/_bundled/pip-22.2.2-py3-none-any.whl -lib/python3.10/ensurepip/_bundled/setuptools-63.2.0-py3-none-any.whl +lib/python3.10/ensurepip/_bundled/pip-22.3.1-py3-none-any.whl +lib/python3.10/ensurepip/_bundled/setuptools-65.5.0-py3-none-any.whl lib/python3.10/ensurepip/_uninstall.py lib/python3.10/enum.py lib/python3.10/filecmp.py Index: pkg/PLIST-tests =================================================================== RCS file: /cvs/ports/lang/python/3.10/pkg/PLIST-tests,v retrieving revision 1.8 diff -u -p -r1.8 PLIST-tests --- pkg/PLIST-tests 26 Nov 2022 20:04:23 -0000 1.8 +++ pkg/PLIST-tests 16 Dec 2022 00:08:51 -0000 @@ -845,9 +845,6 @@ lib/python3.10/test/__pycache__/test_cal lib/python3.10/test/__pycache__/test_call.cpython-310.opt-1.pyc lib/python3.10/test/__pycache__/test_call.cpython-310.opt-2.pyc lib/python3.10/test/__pycache__/test_call.cpython-310.pyc -lib/python3.10/test/__pycache__/test_capi.cpython-310.opt-1.pyc -lib/python3.10/test/__pycache__/test_capi.cpython-310.opt-2.pyc -lib/python3.10/test/__pycache__/test_capi.cpython-310.pyc lib/python3.10/test/__pycache__/test_cgi.cpython-310.opt-1.pyc lib/python3.10/test/__pycache__/test_cgi.cpython-310.opt-2.pyc lib/python3.10/test/__pycache__/test_cgi.cpython-310.pyc @@ -1199,9 +1196,6 @@ lib/python3.10/test/__pycache__/test_gen lib/python3.10/test/__pycache__/test_genexps.cpython-310.opt-1.pyc lib/python3.10/test/__pycache__/test_genexps.cpython-310.opt-2.pyc lib/python3.10/test/__pycache__/test_genexps.cpython-310.pyc -lib/python3.10/test/__pycache__/test_getargs2.cpython-310.opt-1.pyc -lib/python3.10/test/__pycache__/test_getargs2.cpython-310.opt-2.pyc -lib/python3.10/test/__pycache__/test_getargs2.cpython-310.pyc lib/python3.10/test/__pycache__/test_getopt.cpython-310.opt-1.pyc lib/python3.10/test/__pycache__/test_getopt.cpython-310.opt-2.pyc lib/python3.10/test/__pycache__/test_getopt.cpython-310.pyc @@ -1694,9 +1688,6 @@ lib/python3.10/test/__pycache__/test_str lib/python3.10/test/__pycache__/test_struct.cpython-310.opt-1.pyc lib/python3.10/test/__pycache__/test_struct.cpython-310.opt-2.pyc lib/python3.10/test/__pycache__/test_struct.cpython-310.pyc -lib/python3.10/test/__pycache__/test_structmembers.cpython-310.opt-1.pyc -lib/python3.10/test/__pycache__/test_structmembers.cpython-310.opt-2.pyc -lib/python3.10/test/__pycache__/test_structmembers.cpython-310.pyc lib/python3.10/test/__pycache__/test_structseq.cpython-310.opt-1.pyc lib/python3.10/test/__pycache__/test_structseq.cpython-310.opt-2.pyc lib/python3.10/test/__pycache__/test_structseq.cpython-310.pyc @@ -2687,7 +2678,6 @@ lib/python3.10/test/test_bz2.py lib/python3.10/test/test_c_locale_coercion.py lib/python3.10/test/test_calendar.py lib/python3.10/test/test_call.py -lib/python3.10/test/test_capi.py lib/python3.10/test/test_cgi.py lib/python3.10/test/test_cgitb.py lib/python3.10/test/test_charmapcodec.py @@ -2930,7 +2920,6 @@ lib/python3.10/test/test_genericalias.py lib/python3.10/test/test_genericclass.py lib/python3.10/test/test_genericpath.py lib/python3.10/test/test_genexps.py -lib/python3.10/test/test_getargs2.py lib/python3.10/test/test_getopt.py lib/python3.10/test/test_getpass.py lib/python3.10/test/test_gettext.py @@ -3716,7 +3705,6 @@ lib/python3.10/test/test_stringprep.py lib/python3.10/test/test_strptime.py lib/python3.10/test/test_strtod.py lib/python3.10/test/test_struct.py -lib/python3.10/test/test_structmembers.py lib/python3.10/test/test_structseq.py lib/python3.10/test/test_subclassinit.py lib/python3.10/test/test_subprocess.py
