[Bug 261791] devel/py-twisted: Update to 22.1.0 (includes a security update)

In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 261791] devel/py-twisted: Update to 22.1.0 (includes a security update)"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Wed, 09 Feb 2022 21:57:34 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=261791

--- Comment #4 from Sascha Biberhofer <ports@skyforge.at> ---
(In reply to Kubilay Kocak from comment #2)

I've done poudriere testbuilds of all consumers with the exception of
multimedia/syncplay, which pulls in rust and llvm and my build system simply
didn't have the RAM to make that work. All of them build just fine (which is
rather unsurprising). I then ran all the available testsuites with the
following results:

www/py-treq: PASS
www/py-autobahn: PASS
databases/py-txredisapi: PASS
net-im/py-matrix-synapse: PASS

The following ports fail, but the failures appear unrelated to twisted, I
think. I've added the twisted version they depend on/pin:

net/irrd: FAIL, test only dep, requirements.txt twisted==21.7.0 
devel/py-pytest: FAIL, test only dep, no info
devel/py-txaio: FAIL, 'twisted>=12.1.0'
devel/py-buildbot: FAIL, twisted_ver = ">= 17.9.0"
www/py-spyne: FAIL, no info
www/py-txrequests: FAIL, 'twisted>=9.0.0'


The following ports depend on twisted in some way but provide no testsuite:

security/cowrie: NOOP, setup.py: 'twisted>=17.1.0', requirements.txt:
'twisted==20.3.0'
security/py-txtorcon: NOOP, Twisted[tls]>=15.5.0
mail/py-alot: NOOP, 'twisted>=18.4.0',
sysutils/py-python-consul2: NOOP, 'twisted'
net/py-txamqp: NOOP, 'Twisted'
net/py-magic-wormhole: NOOP, "twisted[tls] >= 17.5.0"
net/py-tofu: NOOP, no info (404 timeout)
net/kippo: NOOP, no info (no setup.cfg/setup.py/whatever, last release 2014)
net/py-matrix-synapse-ldap3: NOOP, Twisted>=15.1.0
net/py-msrplib: NOOP, no info (source archive 404?)
multimedia/syncplay: NOOP, twisted[tls]>=16.4.0
devel/py-epsilon: NOOP, twisted[tls] >= 13.2.0
devel/py-xcaplib: NOOP, no info (source archive unavailable)
devel/py-Automat: NOOP,  "Twisted>=16.1.1"
devel/py-testoob: NOOP, no info
finance/py-python-obelisk: NOOP, 'twisted'
www/py-nevow: NOOP, MINIMUM_TWISTED_VERSION = "13.0"
net-im/py-punjab: NOOP, no info
net-im/py-unmessage: NOOP,  'Twisted[tls]>=16.6.0',
net-p2p/deluge-cli: NOOP, 'twisted[tls]>=17.1',
net-p2p/py-vertex: NOOP, 'Twisted>=13.1.0'
net-mgmt/py-prometheus-client: NOOP, 'twisted'
databases/py-carbon: NOOP, 'Twisted'
audio/py-python-mpd2: NOOP, 'Twisted'



As far as backporting the change is concerned: From a quick glance the security
"fix" appears to be a simple removal of the affected parts of the code, as they
were marked as deprecated, see [1]. Because of this I'm not sure the impact of
backporting this is going to be any less than merging the new version, but if
that works better then I could prepare such a patch for the quarterly port.

Please let me know if there's any other way I can help with this.

Cheers,
Sascha


[1] https://github.com/twisted/twisted/pull/1683

-- 
You are receiving this mail because:
You are the assignee for the bug.