Bug 245776
| Summary: | lang/python27: Update to 2.7.18 (Fixes vulnerability) | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| Product: | Ports & Packages | Reporter: | Vladimir Druzenko <vvd> | ||||||||
| Component: | Individual Port(s) | Assignee: | Wen Heping <wen> | ||||||||
| Status: | Closed FIXED | ||||||||||
| Severity: | Affects Many People | CC: | dbaio, lwhsu, ports-secteam, takefu, wen | ||||||||
| Priority: | Normal | Keywords: | needs-qa, security | ||||||||
| Version: | Latest | Flags: | bugzilla:
maintainer-feedback?
(python) antoine: exp-run+ |
||||||||
| Hardware: | Any | ||||||||||
| OS: | Any | ||||||||||
| URL: | https://www.python.org/downloads/release/python-2718/ | ||||||||||
| Bug Depends on: | 245819 | ||||||||||
| Bug Blocks: | |||||||||||
| Attachments: |
|
||||||||||
|
Description
Vladimir Druzenko
2020-04-20 23:09:22 UTC
Hi, Some suggestions : i) PORTREVISION=0 is not needed. ii) lang/python-doc-html should be updated iii) many ports depends on python27, so exp-run should be required I shall submit a new patch. wen Created attachment 213624 [details]
update patch for python-2.7.18
Thank you for the report and patch VVD ^Triage: Don't need an exp run tag, exp-run flag is sufficient (In reply to Kubilay Kocak from comment #3) I was told that the patch level version update doesn't strictly required a exp-run? (I'm not opposing it, of course, just want to lower the loading of portmgr. :-) If includes just a patch level, please change the vuxml entry (see ports r532610). (In reply to Li-Wen Hsu from comment #4) Clarifying: comment was regarding [exp-run] (and tags in general) in issue Summary/Title's, not whether and when experimental runs are needed Link VuXML entry issue/commit Exp-run looks fine Created attachment 213835 [details]
python27-2.7.18.patch
Fix:
OPTION DEBUG THREADS
A commit references this bug: Author: wen Date: Tue May 5 08:23:12 UTC 2020 New revision: 534040 URL: https://svnweb.freebsd.org/changeset/ports/534040 Log: - Update to 2.7.18 [1] (include security fix) - Fix build with OPTION of DEBUG THREADS [2] PR: 245776 Submitted by: vvd@unislabs.com [1], takefu@airport.fm [2] Exp-run by: antoine@ [1] MFH: 2020Q2 Security: CVE-2019-18348, CVE-2020-8492 Changes: head/lang/python-doc-html/distinfo head/lang/python27/Makefile head/lang/python27/Makefile.version head/lang/python27/distinfo head/lang/python27/pkg-plist Hi, all: CVE-2020-8492 had been documented in vuxml/vuln.xml, CVE-2019-18348 not, shall I create another entry in vuxml/vuln.xml? wen (In reply to Wen Heping from comment #11) I think it's fine, another thought is since the versions fixed them are the same (right?), we can also update the a27b0bb6-84fc-11ea-b5b4-641c67a117d8 entry to include both CVEs. A commit references this bug: Author: wen Date: Sat May 9 10:14:10 UTC 2020 New revision: 534731 URL: https://svnweb.freebsd.org/changeset/ports/534731 Log: MFH: r534040 - Update to 2.7.18 [1] (include security fix) - Fix build with OPTION of DEBUG THREADS [2] PR: 245776 Submitted by: vvd@unislabs.com [1], takefu@airport.fm [2] Exp-run by: antoine@ [1] Security: CVE-2019-18348, CVE-2020-8492 Approved by: ports-secteam@(joneum@) Changes: _U branches/2020Q2/ branches/2020Q2/lang/python-doc-html/distinfo branches/2020Q2/lang/python27/Makefile branches/2020Q2/lang/python27/Makefile.version branches/2020Q2/lang/python27/distinfo branches/2020Q2/lang/python27/pkg-plist |