e-from bugzilla-noreply@freebsd.org)
X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f
From: bugzilla-noreply@freebsd.org
To: python@FreeBSD.org
Subject: [Bug 296068] lang/python311: fails to build with poudriere
Date: Mon, 15 Jun 2026 09:01:09 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: new
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Ports & Packages
X-Bugzilla-Component: Individual Port(s)
X-Bugzilla-Version: Latest
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Some People
X-Bugzilla-Who: develuke@gmx.de
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: python@FreeBSD.org
X-Bugzilla-Flags: maintainer-feedback?
X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform
 op_sys bug_status bug_severity priority component assigned_to reporter
 flagtypes.name attachments.created
Message-ID: <bug-296068-21822@https.bugs.freebsd.org/bugzilla/>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="UTF-8"
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
List-Id: FreeBSD-specific Python issues <freebsd-python.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-python
List-Help: <mailto:python+help@freebsd.org>
List-Post: <mailto:python@freebsd.org>
List-Subscribe: <mailto:python+subscribe@freebsd.org>
List-Unsubscribe: <mailto:python+unsubscribe@freebsd.org>
X-BeenThere: freebsd-python@freebsd.org
Sender: owner-freebsd-python@FreeBSD.org
List-Id: <freebsd-python.FreeBSD.org>
List-Post: <mailto:freebsd-python@FreeBSD.org>
List-Help: <mailto:freebsd-python+help@FreeBSD.org>
List-Subscribe: <mailto:freebsd-python+subscribe@FreeBSD.org>
List-Unsubscribe: <mailto:freebsd-python+unsubscribe@FreeBSD.org>
List-Owner: <mailto:postmaster@FreeBSD.org>
Precedence: list
MIME-Version: 1.0

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D296068

            Bug ID: 296068
           Summary: lang/python311: fails to build with poudriere
           Product: Ports & Packages
           Version: Latest
          Hardware: amd64
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: Individual Port(s)
          Assignee: python@FreeBSD.org
          Reporter: develuke@gmx.de
             Flags: maintainer-feedback?(python@FreeBSD.org)
          Assignee: python@FreeBSD.org

Created attachment 271814
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D271814&action=
=3Dedit
poudriere log failed port

Good Morning,
after the latest commit for python 3.11.15_3 my poudriere setup won't build
python any more. This affects latest (main) and quarterly (2026Q2 Branch),
tested on FreeBSD 14.3 and 15.0.

Poudriere Error Message (full log attached):

```
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D<phase=
: checksum       >=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=3D=3D=3D=3D env: FETCH_REGET=3D0 NO_DEPENDS=3Dyes USER=3Droot UID=3D0 G=
ID=3D0
=3D=3D=3D> Fetching all distfiles required by python311-3.11.15_3 for build=
ing
=3D> SHA256 Checksum OK for python/Python-3.11.15.tar.xz.
=3D> SHA256 Checksum mismatch for
python/ceac1efc66516ac387eef2c9a0ce671895b44f03.patch.
=3D> SHA256 Checksum mismatch for
python/96fc5048605863c7b6fd6289643feb0e97edd96c.patch.
=3D=3D=3D>  Giving up on fetching files:=20
python/ceac1efc66516ac387eef2c9a0ce671895b44f03.patch=20
python/96fc5048605863c7b6fd6289643feb0e97edd96c.patch=20
Make sure the Makefile and distinfo file (/usr/ports/lang/python311/distinf=
o)
are up to date.  If you are absolutely sure you want to override this
check, type "make NO_CHECKSUM=3Dyes [other args]".
*** Error code 1
```

make makesum fails with=20

```
=3D=3D=3D>  python311-3.11.15_3 has known vulnerabilities:
python311-3.11.15_3 is vulnerable:
  Python -- poplib module, when passed a user-controlled command, can have
additional commands injected using newlines
  CVE: CVE-2025-15367
  WWW:
https://vuxml.FreeBSD.org/freebsd/6d3488ae-2e0f-11f1-88c7-00a098b42aeb.html

  Python -- configparser vulnerable to excessive CPU use
  WWW:
https://vuxml.FreeBSD.org/freebsd/5ec4dcf6-3588-11f1-b51c-6dd25bec137b.html

  python -- more webbrowser.open() command injection vulnerabilities
  CVE: CVE-2026-4786
  WWW:
https://vuxml.FreeBSD.org/freebsd/cf75f572-378a-11f1-a119-e36228bfe7d4.html

  Python -- use-after-free vulnerability in decompressors under memory pres=
sure
  CVE: CVE-2026-6100
  WWW:
https://vuxml.FreeBSD.org/freebsd/b8e9f33c-375d-11f1-a119-e36228bfe7d4.html

  Python -- imaplib module, when passed a user-controlled command, can have
additional commands injected using newlines
  CVE: CVE-2025-15366
  WWW:
https://vuxml.FreeBSD.org/freebsd/0be929a5-2e0f-11f1-88c7-00a098b42aeb.html

  Python -- HTTP proxy CONNECT tunnel does not sanitize CR/LF
  CVE: CVE-2026-1502
  WWW:
https://vuxml.FreeBSD.org/freebsd/30bda1c3-369b-11f1-b51c-6dd25bec137b.html

6 problem(s) in 1 package(s) found.
=3D> Please update your ports tree and try again.
=3D> Note: Vulnerable ports are marked as such even if there is no update
available.
=3D> If you wish to ignore this vulnerability rebuild with 'make
DISABLE_VULNERABILITIES=3Dyes'
*** Error code 1

Stop.
make: stopped making "makesum" in
/usr/local/poudriere/ports/bsdcan26/lang/python311
```

I suspect that might be the problem when using poudriere.

I tried setting DISABLE_VULNERABILITIES=3Dyes in the make.conf, but the che=
cksum
error stays.=20
If i run `make DISABLE_VULNERABILITIES=3Dyes makesum` the distfile does not
change.

Am i doing something wrong or is there a general problem with building
python311 on FreeBSD 14 and 15 (i tried 14.3p15 and 15.0p10 jails).

Thanks.

Lukas

--=20
You are receiving this mail because:
You are the assignee for the bug.=