Re: git: 3dda704910d4 - main - devel/py-setuptools: fix CVE-2022-40897 backporting a patch

In reply to: Charlie Li : "Re: git: 3dda704910d4 - main - devel/py-setuptools: fix CVE-2022-40897 backporting a patch"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Eugene Grosbein <eugen_at_freebsd.org>
Date: Thu, 22 Jun 2023 13:49:07 UTC

22.06.2023 20:28, Charlie Li wrote:

> Eugene Grosbein wrote:
>> The branch main has been updated by eugen:
>>
>> URL: https://cgit.FreeBSD.org/ports/commit/?id=3dda704910d48411e072f7c58b8530dcd56bc5a9
>>
>> commit 3dda704910d48411e072f7c58b8530dcd56bc5a9
>> Author:     Eugene Grosbein <eugen@FreeBSD.org>
>> AuthorDate: 2023-06-22 13:13:03 +0000
>> Commit:     Eugene Grosbein <eugen@FreeBSD.org>
>> CommitDate: 2023-06-22 13:24:12 +0000
>>
>>      devel/py-setuptools: fix CVE-2022-40897 backporting a patch
>>           This commit integrates one-line upstream fix for the problem:
>>      https://github.com/pypa/setuptools/commit/43a9c9bfa6aa626ec2a22540bea28d2ca77964be.diff
>>           Our port has not been fixed for several months making users unhappy.
>>      It's upto the maintainer to update the port, this commit does not update it.
>>           Bump PORTREVISION and adjust VuXML entry.
>>      Due to the nature of the problem and fix there is no need in updating consumers.
> Thanks for beating me to it. Both setuptools{58,44} will also need the backport given that they apply.

They do. Committed.