reeBSD.org
MIME-Version: 1.0

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D281824

            Bug ID: 281824
           Summary: devel/py-twisted: Update to 24.7.0, fix security issue
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
               URL: https://github.com/twisted/twisted/releases/tag/twiste
                    d-24.7.0
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: Individual Port(s)
          Assignee: python@FreeBSD.org
          Reporter: ports@skyforge.at
             Flags: maintainer-feedback?(python@FreeBSD.org)
          Assignee: python@FreeBSD.org

Created attachment 253967
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D253967&action=
=3Dedit
devel/py-twisted: Update to 24.7.0

This patch updates devel/py-twisted to 24.7.0, which fixes a vulnerability
present in previous versions (see [1] and [2] as well as [5]). The patch al=
so
removes a post-patch hack used as a workaround with ancient py-cryptography
versions, which is no longer necessary as recent versions of py-cryptography
have been readily available in ports for quite a while, thereby addressing =
the
problems discussed in bug #268043, see [3]. It also removes the artificial
downgrade of the py-incremental dependency, instead opting to upgrade the
py-incremental port, see [4].

The port builds fine for me. Running the unit tests with py-twisted report a
few failures, but that testsuite has never passed successfully on FreeBSD f=
or
as long as I can remember. Here are the test results for completeness and
transparency:

---------------------------------------------------------------------------=
----
Ran 11758 tests in 839.059s

FAILED (skips=3D872, failures=3D8, errors=3D3, successes=3D10876)


I've test-driven the resulting package on my py-matrix-synapse server and
things appear to work fine fwiw.

Feedback is appreciated as always. :)

Cheers,
Sascha

[1] https://github.com/twisted/twisted/security/advisories/GHSA-cf56-g6w6-p=
qq2
[2] https://nvd.nist.gov/vuln/detail/CVE-2024-41810
[3] https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D268043
[4] https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D281823
[5] https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D281624

--=20
You are receiving this mail because:
You are the assignee for the bug.=