[Bug 281824] devel/py-twisted: Update to 24.7.0, fix security issue

2024-10-02 Thread bugzilla-noreply 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=281824

Bug ID: 281824
   Summary: devel/py-twisted: Update to 24.7.0, fix security issue
   Product: Ports & Packages
   Version: Latest
  Hardware: Any
   URL: https://github.com/twisted/twisted/releases/tag/twiste
d-24.7.0
OS: Any
Status: New
  Severity: Affects Only Me
  Priority: ---
 Component: Individual Port(s)
  Assignee: python@FreeBSD.org
  Reporter: po...@skyforge.at
 Flags: maintainer-feedback?(python@FreeBSD.org)
  Assignee: python@FreeBSD.org

Created attachment 253967
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=253967&action=edit
devel/py-twisted: Update to 24.7.0

This patch updates devel/py-twisted to 24.7.0, which fixes a vulnerability
present in previous versions (see [1] and [2] as well as [5]). The patch also
removes a post-patch hack used as a workaround with ancient py-cryptography
versions, which is no longer necessary as recent versions of py-cryptography
have been readily available in ports for quite a while, thereby addressing the
problems discussed in bug #268043, see [3]. It also removes the artificial
downgrade of the py-incremental dependency, instead opting to upgrade the
py-incremental port, see [4].

The port builds fine for me. Running the unit tests with py-twisted report a
few failures, but that testsuite has never passed successfully on FreeBSD for
as long as I can remember. Here are the test results for completeness and
transparency:

---
Ran 11758 tests in 839.059s

FAILED (skips=872, failures=8, errors=3, successes=10876)


I've test-driven the resulting package on my py-matrix-synapse server and
things appear to work fine fwiw.

Feedback is appreciated as always. :)

Cheers,
Sascha

[1] https://github.com/twisted/twisted/security/advisories/GHSA-cf56-g6w6-pqq2
[2] https://nvd.nist.gov/vuln/detail/CVE-2024-41810
[3] https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=268043
[4] https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=281823
[5] https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=281624

-- 
You are receiving this mail because:
You are the assignee for the bug.

maintainer-feedback requested: [Bug 281824] devel/py-twisted: Update to 24.7.0, fix security issue

2024-10-02 Thread bugzilla-noreply 
Bugzilla Automation  has asked freebsd-python (Nobody)
 for maintainer-feedback:
Bug 281824: devel/py-twisted: Update to 24.7.0, fix security issue
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=281824



--- Description ---
This patch updates devel/py-twisted to 24.7.0, which fixes a vulnerability
present in previous versions (see [1] and [2] as well as [5]). The patch also
removes a post-patch hack used as a workaround with ancient py-cryptography
versions, which is no longer necessary as recent versions of py-cryptography
have been readily available in ports for quite a while, thereby addressing the
problems discussed in bug #268043, see [3]. It also removes the artificial
downgrade of the py-incremental dependency, instead opting to upgrade the
py-incremental port, see [4].

The port builds fine for me. Running the unit tests with py-twisted report a
few failures, but that testsuite has never passed successfully on FreeBSD for
as long as I can remember. Here are the test results for completeness and
transparency:

---
Ran 11758 tests in 839.059s

FAILED (skips=872, failures=8, errors=3, successes=10876)


I've test-driven the resulting package on my py-matrix-synapse server and
things appear to work fine fwiw.

Feedback is appreciated as always. :)

Cheers,
Sascha

[1] https://github.com/twisted/twisted/security/advisories/GHSA-cf56-g6w6-pqq2
[2] https://nvd.nist.gov/vuln/detail/CVE-2024-41810
[3] https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=268043
[4] https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=281823
[5] https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=281624

[Bug 281824] devel/py-twisted: Update to 24.7.0, fix security issue

2024-10-02 Thread bugzilla-noreply 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=281824

Tomasz Owczarek  changed:

   What|Removed |Added

 CC||tomasz.owcza...@proton.me

--- Comment #1 from Tomasz Owczarek  ---
*** Bug 281624 has been marked as a duplicate of this bug. ***

-- 
You are receiving this mail because:
You are the assignee for the bug.

[Bug 281824] devel/py-twisted: Update to 24.7.0, fix security issue

2024-10-02 Thread bugzilla-noreply 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=281824

Sascha Biberhofer  changed:

   What|Removed |Added

 CC||po...@skyforge.at
 Depends on||281823


Referenced Bugs:

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=281823
[Bug 281823] devel/py-incremental: Update to 24.7.2
-- 
You are receiving this mail because:
You are the assignee for the bug.

[Bug 281824] devel/py-twisted: Update to 24.7.0, fix security issue

2024-10-02 Thread bugzilla-noreply 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=281824

Sascha Biberhofer  changed:

   What|Removed |Added

 Blocks||268043


Referenced Bugs:

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=268043
[Bug 268043] devel/py-twisted: Consumer ports fail to run: module 'OpenSSL.SSL'
has no attribute 'TLS_METHOD' after 22.10.0 update
-- 
You are receiving this mail because:
You are the assignee for the bug.

[Bug 268043] devel/py-twisted: Consumer ports fail to run: module 'OpenSSL.SSL' has no attribute 'TLS_METHOD' after 22.10.0 update

2024-10-02 Thread bugzilla-noreply 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=268043

Sascha Biberhofer  changed:

   What|Removed |Added

 Depends on||281824


Referenced Bugs:

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=281824
[Bug 281824] devel/py-twisted: Update to 24.7.0, fix security issue
-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug 268043] devel/py-twisted: Consumer ports fail to run: module 'OpenSSL.SSL' has no attribute 'TLS_METHOD' after 22.10.0 update

2024-10-02 Thread bugzilla-noreply 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=268043

Sascha Biberhofer  changed:

   What|Removed |Added

 CC||po...@skyforge.at

--- Comment #13 from Sascha Biberhofer  ---
Hardcoding the TLS_METHOD in py-twisted should no longer be necessary. I've
addresses this issue in the proposed update of twisted to 24.7.0, see bug
#281824 ([1]). Once this update has been merged, this issue should be resolved.

[1] https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=281824

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug 281824] devel/py-twisted: Update to 24.7.0, fix security issue

2024-10-02 Thread bugzilla-noreply 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=281824
Bug 281824 depends on bug 281823, which changed state.

Bug 281823 Summary: devel/py-incremental: Update to 24.7.2
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=281823

   What|Removed |Added

 Status|New |Closed
 Resolution|--- |FIXED

-- 
You are receiving this mail because:
You are the assignee for the bug.

[package - 141i386-default][devel/py-twisted] Failed for py311-twisted-23.8.0_1 in build

2024-10-02 Thread pkg-fallout 
You are receiving this mail as a port that you maintain
is failing to build on the FreeBSD package build server.
Please investigate the failure and submit a PR to fix
build.

Maintainer: python@FreeBSD.org
Log URL:
https://pkg-status.freebsd.org/beefy21/data/141i386-default/0722280bce7a/logs/py311-twisted-23.8.0_1.log
Build URL:  
https://pkg-status.freebsd.org/beefy21/build.html?mastername=141i386-default&build=0722280bce7a
Log:

=>> Building devel/py-twisted
build started at Thu Oct  3 01:06:58 UTC 2024
port directory: /usr/ports/devel/py-twisted
package name: py311-twisted-23.8.0_1
building for: FreeBSD 141i386-default-job-27 14.1-RELEASE-p5 FreeBSD 
14.1-RELEASE-p5 i386
maintained by: python@FreeBSD.org
Makefile datestamp: -rw-r--r--  1 root wheel 2903 May 21 01:01 
/usr/ports/devel/py-twisted/Makefile
Ports top last git commit: 0722280bce
Ports top unclean checkout: no
Port dir last git commit: a40e262549
Port dir unclean checkout: no
Poudriere version: poudriere-git-3.4.2
Host OSVERSION: 1500023
Jail OSVERSION: 1401000
Job Id: 27

---Begin Environment---
SHELL=/bin/sh
BLOCKSIZE=K
MAIL=/var/mail/root
MM_CHARSET=UTF-8
LANG=C.UTF-8
OSVERSION=1401000
STATUS=1
HOME=/root
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/root/bin
MAKE_OBJDIR_CHECK_WRITABLE=0
UNAME_m=i386
UNAME_p=i386
UNAME_r=14.1-RELEASE-p5
LOCALBASE=/usr/local
UNAME_v=FreeBSD 14.1-RELEASE-p5
USER=root
POUDRIERE_NAME=poudriere-git
LIBEXECPREFIX=/usr/local/libexec/poudriere
POUDRIERE_VERSION=3.4.2
MASTERMNT=/usr/local/poudriere/data/.m/141i386-default/ref
LC_COLLATE=C
POUDRIERE_BUILD_TYPE=bulk
PACKAGE_BUILDING=yes
SAVED_TERM=
OUTPUT_REDIRECTED_STDERR=4
OUTPUT_REDIRECTED=1
PWD=/usr/local/poudriere/data/.m/141i386-default/27/.p
OUTPUT_REDIRECTED_STDOUT=3
P_PORTS_FEATURES=FLAVORS SUBPACKAGES SELECTED_OPTIONS
MASTERNAME=141i386-default
SCRIPTPREFIX=/usr/local/share/poudriere
SCRIPTNAME=bulk.sh
OLDPWD=/usr/local/poudriere/data/.m/141i386-default/ref/.p/pool
POUDRIERE_PKGNAME=poudriere-git-3.4.2
SCRIPTPATH=/usr/local/share/poudriere/bulk.sh
POUDRIEREPATH=/usr/local/bin/poudriere
---End Environment---

---Begin Poudriere Port Flags/Env---
PORT_FLAGS=
PKGENV=
FLAVOR=py311
MAKE_ARGS= FLAVOR=py311
---End Poudriere Port Flags/Env---

---Begin OPTIONS List---
===> The following configuration options are available for 
py311-twisted-23.8.0_1:
 CONCH=on: Conch secure shell SSH
 HTTP2=on: HTTP protocol version 2.0 support
 SERIAL=on: Serial port extension
 TLS=on: Secure network connection support via TLS
===> Use 'make config' to modify these settings
---End OPTIONS List---

--MAINTAINER--
python@FreeBSD.org
--End MAINTAINER--

--CONFIGURE_ARGS--

--End CONFIGURE_ARGS--

--CONFIGURE_ENV--
PYTHON="/usr/local/bin/python3.11" 
XDG_DATA_HOME=/wrkdirs/usr/ports/devel/py-twisted/work-py311  
XDG_CONFIG_HOME=/wrkdirs/usr/ports/devel/py-twisted/work-py311  
XDG_CACHE_HOME=/wrkdirs/usr/ports/devel/py-twisted/work-py311/.cache  
HOME=/wrkdirs/usr/ports/devel/py-twisted/work-py311 TMPDIR="/tmp" 
PATH=/wrkdirs/usr/ports/devel/py-twisted/work-py311/.bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/root/bin
 
PKG_CONFIG_LIBDIR=/wrkdirs/usr/ports/devel/py-twisted/work-py311/.pkgconfig:/usr/local/libdata/pkgconfig:/usr/local/share/pkgconfig:/usr/libdata/pkgconfig
 SHELL=/bin/sh CONFIG_SHELL=/bin/sh
--End CONFIGURE_ENV--

--MAKE_ENV--
XDG_DATA_HOME=/wrkdirs/usr/ports/devel/py-twisted/work-py311  
XDG_CONFIG_HOME=/wrkdirs/usr/ports/devel/py-twisted/work-py311  
XDG_CACHE_HOME=/wrkdirs/usr/ports/devel/py-twisted/work-py311/.cache  
HOME=/wrkdirs/usr/ports/devel/py-twisted/work-py311 TMPDIR="/tmp" 
PATH=/wrkdirs/usr/ports/devel/py-twisted/work-py311/.bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/root/bin
 
PKG_CONFIG_LIBDIR=/wrkdirs/usr/ports/devel/py-twisted/work-py311/.pkgconfig:/usr/local/libdata/pkgconfig:/usr/local/share/pkgconfig:/usr/libdata/pkgconfig
 MK_DEBUG_FILES=no MK_KERNEL_SYMBOLS=no SHELL=/bin/sh NO_LINT=YES 
PREFIX=/usr/local  LOCALBASE=/usr/local  CC="cc" CFLAGS="-O2 -pipe  
-fstack-protector-strong -fno-strict-aliasing "  CPP="cpp" CPPFLAGS=""  
LDFLAGS=" -fstack-protector-strong " LIBS=""  CXX="c++" CXXFLAGS="-O2 -pipe 
-fstack-protector-strong -fno-strict-aliasing  " BSD_INSTALL_PROGRAM="install  
-s -m 555"  BSD_INSTALL_LIB="install  -s -m 0644"  BSD_INSTALL_SCRIPT="install  
-m 5
55"  BSD_INSTALL_DATA="install  -m 0644"  BSD_INSTALL_MAN="install  -m 444"
--End MAKE_ENV--

--PLIST_SUB--
 PYTHON_INCLUDEDIR=include/python3.11  PYTHON_LIBDIR=lib/python3.11  
PYTHON_PLATFORM=freebsd14  PYTHON_SITELIBDIR=lib/python3.11/site-packages  
PYTHON_SUFFIX=311  PYTHON_EXT_SUFFIX=.cpython-311  PYTHON_VER=3.11  
PYTHON_VERSION=python3.11 PYTHON2="@comment " PYTHON3="" OSREL=14.1 PREFIX=%D 
LOCALBASE=/usr/local  RESETPREFIX=/usr/local LIB32DIR=lib 
DOCSDIR="share/doc/py311-twisted"  EXAMPLESDIR="share/examples/py311-twisted"  
DATADIR="share/py311-twisted"  WWWDIR="www/py311-twisted"

[Bug 271673] lang/python312: New port, update to 3.12.5

2024-10-02 Thread bugzilla-noreply 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=271673

Wen Heping  changed:

   What|Removed |Added

 Attachment #252600|0   |1
is obsolete||

--- Comment #30 from Wen Heping  ---
Created attachment 253972
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=253972&action=edit
Update to 3.12.7

Update to 3.12.7

-- 
You are receiving this mail because:
You are the assignee for the bug.

[Bug 274671] lang/python313: New port, 3.13.0 RC1

2024-10-02 Thread bugzilla-noreply 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=274671

Wen Heping  changed:

   What|Removed |Added

 Attachment #252441|0   |1
is obsolete||

--- Comment #8 from Wen Heping  ---
Created attachment 253973
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=253973&action=edit
Update to 3.13.0rc3

Update to 3.13.0rc3

-- 
You are receiving this mail because:
You are the assignee for the bug.

[Bug 274671] lang/python313: New port, 3.13.0 RC3

2024-10-02 Thread bugzilla-noreply 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=274671

Wen Heping  changed:

   What|Removed |Added

Summary|lang/python313: New port,   |lang/python313: New port,
   |3.13.0 RC1  |3.13.0 RC3

-- 
You are receiving this mail because:
You are the assignee for the bug.

[Bug 271673] lang/python312: New port, update to 3.12.7

2024-10-02 Thread bugzilla-noreply 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=271673

Wen Heping  changed:

   What|Removed |Added

Summary|lang/python312: New port,   |lang/python312: New port,
   |update to 3.12.5|update to 3.12.7

-- 
You are receiving this mail because:
You are the assignee for the bug.

[Bug 281824] devel/py-twisted: Update to 24.7.0, fix security issue

2024-10-02 Thread bugzilla-noreply 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=281824

--- Comment #2 from commit-h...@freebsd.org ---
A commit in branch main references this bug:

URL:
https://cgit.FreeBSD.org/ports/commit/?id=020ab85a0ee56477048e5402b5577745dcead362

commit 020ab85a0ee56477048e5402b5577745dcead362
Author: Wen Heping 
AuthorDate: 2024-10-03 02:40:16 +
Commit: Wen Heping 
CommitDate: 2024-10-03 02:40:16 +

devel/py-twisted: Update to 24.7.0

PR: 281824
Reported by:po...@skyforge.at

 devel/py-twisted/Makefile  | 14 +-
 devel/py-twisted/distinfo  |  6 +++---
 devel/py-twisted/files/patch-pyproject.toml (gone) | 20 
 3 files changed, 8 insertions(+), 32 deletions(-)

-- 
You are receiving this mail because:
You are the assignee for the bug.

[Bug 268043] devel/py-twisted: Consumer ports fail to run: module 'OpenSSL.SSL' has no attribute 'TLS_METHOD' after 22.10.0 update

2024-10-02 Thread bugzilla-noreply 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=268043
Bug 268043 depends on bug 281824, which changed state.

Bug 281824 Summary: devel/py-twisted: Update to 24.7.0, fix security issue
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=281824

   What|Removed |Added

 Status|New |Closed
 Resolution|--- |FIXED

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug 281824] devel/py-twisted: Update to 24.7.0, fix security issue

2024-10-02 Thread bugzilla-noreply 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=281824

Wen Heping  changed:

   What|Removed |Added

 CC||w...@freebsd.org

--- Comment #3 from Wen Heping  ---
I committed this patch with minor change: add py-setuptools as build depends.
Thank you !

-- 
You are receiving this mail because:
You are the assignee for the bug.

[Bug 281824] devel/py-twisted: Update to 24.7.0, fix security issue

2024-10-02 Thread bugzilla-noreply 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=281824

Wen Heping  changed:

   What|Removed |Added

 Resolution|--- |FIXED
 Status|New |Closed

-- 
You are receiving this mail because:
You are the assignee for the bug.