Date: Tue, 9 Jun 2026 04:23:10 +0200 From: Matthias Andree <matthias.andree@tu-dortmund.de> To: python@FreeBSD.org Cc: ports-secteam <ports-secteam@FreeBSD.org>, Gleb Popov <arrowd@FreeBSD.org> Subject: Python 3.14/3.15 maintenance on short notice Message-ID: <7b4a06c3-1117-4b50-821d-a464f8cd2f35@tu-dortmund.de>
index | next in thread | raw e-mail
[resend, first didn't reach python@ team because I botched the To: address] Greetings, mat@ assigned my python ports 3.14 and 3.15 and assigned them to you. This wasn't authorized, there is no reason other than bullying, I don't recognize it, isn't in the project's best interest or portmgr@ charter, so this is on core.14@'s agenda. Still the focus is on our ports users, and now CVE-2026-9669 was just out (bzip2 compressor smashes stack when reused after error). I have a fix for the bzip2 stack smasher ready for 3.14 [1] albeit without reference to some VuXML entry, the pending medium CVE available in upstream PRs are not cherry-picked into the port - not sure if upstream will issue an extraordinary 3.14.6 or just pursue usual schedule. 3.15 not yet started to fix the CVE stuff, beta2 just landed, but the upstream pull request is available so we could have it, too. 1. So, until core@ decides on the unhelpful portmgr@ incursions (see below), how do we co-ordinate in the interim to get fixes to ports users quickly, which includes MFH 2026Q2? Proposals? 2. Who's having the VuXML? Please respond within 24h. Speak soon. Matthias [1] https://github.com/mandree/freebsd-ports/commit/5fed4d57a3b786583ad5572f22349998bced1654 P.S. Still you will have noticed I have been working on making Python 3.14 and 3.15b1/b2 smooth rides for our ports users, with swift updates, and arrowd@ already knows that something's cooking with upstream on 3.15 self-test failures, see <https://github.com/python/cpython/issues?q=is%3Aissue%20author%3Amandree%20FreeBSD%20state%3Aopen>; what's on the burner. Some will trickle down to 3.14, some we should re-test and nudge there.home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?7b4a06c3-1117-4b50-821d-a464f8cd2f35>