[Bug 281824] devel/py-twisted: Update to 24.7.0, fix security issue

Reply: bugzilla-noreply_a_freebsd.org: "maintainer-feedback requested: [Bug 281824] devel/py-twisted: Update to 24.7.0, fix security issue"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 281824] devel/py-twisted: Update to 24.7.0, fix security issue"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 281824] devel/py-twisted: Update to 24.7.0, fix security issue"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 281824] devel/py-twisted: Update to 24.7.0, fix security issue"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 281824] devel/py-twisted: Update to 24.7.0, fix security issue"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 281824] devel/py-twisted: Update to 24.7.0, fix security issue"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 281824] devel/py-twisted: Update to 24.7.0, fix security issue"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 281824] devel/py-twisted: Update to 24.7.0, fix security issue"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Wed, 02 Oct 2024 19:05:53 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=281824

            Bug ID: 281824
           Summary: devel/py-twisted: Update to 24.7.0, fix security issue
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
               URL: https://github.com/twisted/twisted/releases/tag/twiste
                    d-24.7.0
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: Individual Port(s)
          Assignee: python@FreeBSD.org
          Reporter: ports@skyforge.at
             Flags: maintainer-feedback?(python@FreeBSD.org)
          Assignee: python@FreeBSD.org

Created attachment 253967
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=253967&action=edit
devel/py-twisted: Update to 24.7.0

This patch updates devel/py-twisted to 24.7.0, which fixes a vulnerability
present in previous versions (see [1] and [2] as well as [5]). The patch also
removes a post-patch hack used as a workaround with ancient py-cryptography
versions, which is no longer necessary as recent versions of py-cryptography
have been readily available in ports for quite a while, thereby addressing the
problems discussed in bug #268043, see [3]. It also removes the artificial
downgrade of the py-incremental dependency, instead opting to upgrade the
py-incremental port, see [4].

The port builds fine for me. Running the unit tests with py-twisted report a
few failures, but that testsuite has never passed successfully on FreeBSD for
as long as I can remember. Here are the test results for completeness and
transparency:

-------------------------------------------------------------------------------
Ran 11758 tests in 839.059s

FAILED (skips=872, failures=8, errors=3, successes=10876)


I've test-driven the resulting package on my py-matrix-synapse server and
things appear to work fine fwiw.

Feedback is appreciated as always. :)

Cheers,
Sascha

[1] https://github.com/twisted/twisted/security/advisories/GHSA-cf56-g6w6-pqq2
[2] https://nvd.nist.gov/vuln/detail/CVE-2024-41810
[3] https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=268043
[4] https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=281823
[5] https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=281624

-- 
You are receiving this mail because:
You are the assignee for the bug.