Date: Mon, 15 Jun 2026 09:01:09 +0000 From: bugzilla-noreply@freebsd.org To: python@FreeBSD.org Subject: [Bug 296068] lang/python311: fails to build with poudriere Message-ID: <bug-296068-21822@https.bugs.freebsd.org/bugzilla/>
index | next in thread | raw e-mail
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=296068 Bug ID: 296068 Summary: lang/python311: fails to build with poudriere Product: Ports & Packages Version: Latest Hardware: amd64 OS: Any Status: New Severity: Affects Some People Priority: --- Component: Individual Port(s) Assignee: python@FreeBSD.org Reporter: develuke@gmx.de Flags: maintainer-feedback?(python@FreeBSD.org) Assignee: python@FreeBSD.org Created attachment 271814 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=271814&action=edit poudriere log failed port Good Morning, after the latest commit for python 3.11.15_3 my poudriere setup won't build python any more. This affects latest (main) and quarterly (2026Q2 Branch), tested on FreeBSD 14.3 and 15.0. Poudriere Error Message (full log attached): ``` =======================<phase: checksum >============================ ===== env: FETCH_REGET=0 NO_DEPENDS=yes USER=root UID=0 GID=0 ===> Fetching all distfiles required by python311-3.11.15_3 for building => SHA256 Checksum OK for python/Python-3.11.15.tar.xz. => SHA256 Checksum mismatch for python/ceac1efc66516ac387eef2c9a0ce671895b44f03.patch. => SHA256 Checksum mismatch for python/96fc5048605863c7b6fd6289643feb0e97edd96c.patch. ===> Giving up on fetching files: python/ceac1efc66516ac387eef2c9a0ce671895b44f03.patch python/96fc5048605863c7b6fd6289643feb0e97edd96c.patch Make sure the Makefile and distinfo file (/usr/ports/lang/python311/distinfo) are up to date. If you are absolutely sure you want to override this check, type "make NO_CHECKSUM=yes [other args]". *** Error code 1 ``` make makesum fails with ``` ===> python311-3.11.15_3 has known vulnerabilities: python311-3.11.15_3 is vulnerable: Python -- poplib module, when passed a user-controlled command, can have additional commands injected using newlines CVE: CVE-2025-15367 WWW: https://vuxml.FreeBSD.org/freebsd/6d3488ae-2e0f-11f1-88c7-00a098b42aeb.html Python -- configparser vulnerable to excessive CPU use WWW: https://vuxml.FreeBSD.org/freebsd/5ec4dcf6-3588-11f1-b51c-6dd25bec137b.html python -- more webbrowser.open() command injection vulnerabilities CVE: CVE-2026-4786 WWW: https://vuxml.FreeBSD.org/freebsd/cf75f572-378a-11f1-a119-e36228bfe7d4.html Python -- use-after-free vulnerability in decompressors under memory pressure CVE: CVE-2026-6100 WWW: https://vuxml.FreeBSD.org/freebsd/b8e9f33c-375d-11f1-a119-e36228bfe7d4.html Python -- imaplib module, when passed a user-controlled command, can have additional commands injected using newlines CVE: CVE-2025-15366 WWW: https://vuxml.FreeBSD.org/freebsd/0be929a5-2e0f-11f1-88c7-00a098b42aeb.html Python -- HTTP proxy CONNECT tunnel does not sanitize CR/LF CVE: CVE-2026-1502 WWW: https://vuxml.FreeBSD.org/freebsd/30bda1c3-369b-11f1-b51c-6dd25bec137b.html 6 problem(s) in 1 package(s) found. => Please update your ports tree and try again. => Note: Vulnerable ports are marked as such even if there is no update available. => If you wish to ignore this vulnerability rebuild with 'make DISABLE_VULNERABILITIES=yes' *** Error code 1 Stop. make: stopped making "makesum" in /usr/local/poudriere/ports/bsdcan26/lang/python311 ``` I suspect that might be the problem when using poudriere. I tried setting DISABLE_VULNERABILITIES=yes in the make.conf, but the checksum error stays. If i run `make DISABLE_VULNERABILITIES=yes makesum` the distfile does not change. Am i doing something wrong or is there a general problem with building python311 on FreeBSD 14 and 15 (i tried 14.3p15 and 15.0p10 jails). Thanks. Lukas -- You are receiving this mail because: You are the assignee for the bug.home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-296068-21822>