[Bug 260549] devel/py-opengrok-tools: Possible security issue: Update to 1.6.9 (>1.6.7?)

2022-04-26 Thread bugzilla-noreply 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=260549
Bug 260549 depends on bug 260534, which changed state.

Bug 260534 Summary: devel/opengrok: Update to 1.6.9 (>1.6.7), fixes security 
vulnerability (CVE-2021-2322)
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=260534

   What|Removed |Added

 Status|Open|Closed
 Resolution|--- |FIXED

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug 263580] net/py-pyzmq: Builds with Cython when it is installed

2022-04-26 Thread bugzilla-noreply 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=263580

Kubilay Kocak  changed:

   What|Removed |Added

Summary|net/py-pyzmq: add   |net/py-pyzmq: Builds with
   |dependency on cython|Cython when it is installed
 CC||python@FreeBSD.org
 Status|New |Open

--- Comment #2 from Kubilay Kocak  ---
The upstream sdist (PyPI tarball creation) process has a process for checking
and ensuring cython files are compiled to C files prior to upload:

class CheckSDist(sdist):
"""Custom sdist that ensures Cython has compiled all pyx files to c."""

Unfortunately the check for Cython is not made conditional:

try:
import Cython

However later in the setup.py, the following only adds (registers) and actual
cython dependency if socket.c doesnt exist (indicating cython sources havent
been compiled)

if not os.path.exists(os.path.join("zmq", "backend", "cython", "socket.c")):
# this generally means pip install from git
# which requires Cython
setup_args.setdefault("setup_requires", []).append(
f"cython>={min_cython_version}

Adding a cython dependency to the port is spurious, and a better approach is
either:

1) merge/move the import line to within the source file check, so both the try
import and the registration are conditional, and send upstream, OR

2) hack: remove the try/import/exception block.

As far as Python version support goes, the standard is to declare version
support against the versions upstream CI's and passes tests against. If they
are testing with Cython builds, that means their sdist pipeline is untested,
which is problematic and should be reported too.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug 263353] lang/python3*: Fails to link with LTO: Python includes unconditionally adds -g to --with-lto

2022-04-26 Thread bugzilla-noreply 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=263353

Kubilay Kocak  changed:

   What|Removed |Added

 Attachment #233259|maintainer-approval?(python |maintainer-approval-
  Flags|@FreeBSD.org)   |

--- Comment #13 from Kubilay Kocak  ---
Comment on attachment 233259
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=233259
remove -g from the CFLAGS/LDFLAGS unless WITH_DEBUG is set not empty and not
"no".

(In reply to Matthias Andree from comment #12)

Please provide a patch against all Python port versions for your original
proposal, for all affected Python versions (except python311), and, (if you
would like), a patch against all Python versions removing LTO from
OPTIONS_DEFAULT, resolving this issue as reported, until a correct and complete
change/resolution can be addressed by the team.

-- 
You are receiving this mail because:
You are the assignee for the bug.
You are on the CC list for the bug.