Bugzilla Automation <bugzi...@freebsd.org> has asked freebsd-python (Nobody) <python@FreeBSD.org> for maintainer-feedback: Bug 281824: devel/py-twisted: Update to 24.7.0, fix security issue https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=281824
--- Description --- This patch updates devel/py-twisted to 24.7.0, which fixes a vulnerability present in previous versions (see [1] and [2] as well as [5]). The patch also removes a post-patch hack used as a workaround with ancient py-cryptography versions, which is no longer necessary as recent versions of py-cryptography have been readily available in ports for quite a while, thereby addressing the problems discussed in bug #268043, see [3]. It also removes the artificial downgrade of the py-incremental dependency, instead opting to upgrade the py-incremental port, see [4]. The port builds fine for me. Running the unit tests with py-twisted report a few failures, but that testsuite has never passed successfully on FreeBSD for as long as I can remember. Here are the test results for completeness and transparency: ------------------------------------------------------------------------------- Ran 11758 tests in 839.059s FAILED (skips=872, failures=8, errors=3, successes=10876) I've test-driven the resulting package on my py-matrix-synapse server and things appear to work fine fwiw. Feedback is appreciated as always. :) Cheers, Sascha [1] https://github.com/twisted/twisted/security/advisories/GHSA-cf56-g6w6-pqq2 [2] https://nvd.nist.gov/vuln/detail/CVE-2024-41810 [3] https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=268043 [4] https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=281823 [5] https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=281624
