Bug 254783 - lang/python39: Update to 3.9.4
Summary: lang/python39: Update to 3.9.4
Status: In Progress
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Many People
Assignee: Wen Heping
URL: https://pythoninsider.blogspot.com/20...
Keywords: needs-qa, security
Depends on: 254780
  Show dependency treegraph
Reported: 2021-04-05 10:36 UTC by Yasuhiro Kimura
Modified: 2021-04-15 03:15 UTC (History)
3 users (show)

See Also:
koobs: maintainer-feedback+
koobs: merge-quarterly+

Patch file (27.72 KB, patch)
2021-04-05 10:36 UTC, Yasuhiro Kimura
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Yasuhiro Kimura 2021-04-05 10:36:24 UTC
Created attachment 223822 [details]
Patch file

* Update to 3.9.4, which includes security fix of CVE-2021-3426.
* Sort pkg-plist.

Release Note: https://pythoninsider.blogspot.com/2021/04/python-393-and-389-are-now-available.html

Bug #254780 describes vulnerability fixed with this release. So please commit it together.
Comment 1 Yasuhiro Kimura 2021-04-10 08:22:43 UTC
Update to 3.9.4 with commit 11cc7534e67d.
Comment 2 Kubilay Kocak freebsd_committer freebsd_triage 2021-04-13 09:32:07 UTC
^Triage: Assign to committer that resolved

@Wen, when resolving pythoN@ ports, please ensure all issues are correctly assigned and tracked.

What's happening with this security release in terms of merge?
Comment 3 Wen Heping freebsd_committer 2021-04-13 12:56:39 UTC
(In reply to Kubilay Kocak from comment #2)(In reply to Kubilay Kocak from comment #2)
Currently I am not sure how to mfh with git :(
Comment 4 Dima Panov freebsd_committer 2021-04-13 18:49:31 UTC
MFHed to 2021Q2 as commit 47ace6c612231ebfafa1fcf7adf55d54ce1f3056
Comment 5 Kubilay Kocak freebsd_committer freebsd_triage 2021-04-15 02:30:45 UTC
@Wen Was there a VuXML entry added for this update and are other python port versions affected?
Comment 6 Wen Heping freebsd_committer 2021-04-15 03:15:29 UTC
(In reply to Kubilay Kocak from comment #5)
It had been documented by riggs@ five days ago.