Created attachment 225502 [details] Patch (by git format-patch) against the ports tree Patch attached, please use `git am` to apply.
Maintainer informed via mail
Hi Olivier, This port has an expiration date that is due in 20 days. Are there any plans to prevent it from dying?
Hi Fernando, On my side, yes, I never considered Tauthon dead, and I've even contributed to it upstream. On portmgr's side, I don't know at all. Last information I have is portmgr public mail announcing deprecation ("Python 2.7 removal outline"). I'll just point out that python27 has an expiration date of 2020/12/31 but is still in the tree. Sure, no ports depend on Tauthon, since this was forbidden, so it's indeed technically trivial to remove it, whereas removing Python 2.7 would imply removing Chromium et alter. But I think this is irrelevant to the matter at hand. This new version of Tauthon fixes lots of security problems reported to Python 3.x, and as such should be imported before expiration, just for the fact that some people that want to use it will resurrect the port locally, so it's better they have the most recent version. And yes, this also means that Tauthon is now more secure than Python 2.7, and even has fixes not yet in 3.x.
(In reply to Olivier Certner from comment #3) > I'll just point out that python27 has an expiration date of 2020/12/31 but is still in the tree. My understanding was that this is because the FreeBSD.org infrastructure still has some dependencies on python27. In part, this is what stirred the mailing list migration -- to get rid of (one of the?) last dependencies.
Any ChangeLog we can use as a reference? I could not find one in GH. Cheers
Created attachment 225537 [details] Changes since 2.8.2 Yes, the file Misc/NEWS.d/2.8.3.rst in the repo, which I'm attaching here. It contains the list of security fixes, and an incomplete list of new module aliases (3.x compat).
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=a64c3e0ebe0c6b62e95e07d28eea2d0fad4525b8 commit a64c3e0ebe0c6b62e95e07d28eea2d0fad4525b8 Author: Fernando ApesteguÃa <fernape@FreeBSD.org> AuthorDate: 2021-06-04 09:38:47 +0000 Commit: Fernando ApesteguÃa <fernape@FreeBSD.org> CommitDate: 2021-06-04 09:38:47 +0000 security/vuxml: Add CVE-2020-8492 for lang/tauthon PR: 256387 Reported by: olivier.freebsd@free.fr security/vuxml/vuln.xml | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+)
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=7d98dad380fae35c1a1f64e1b86c3488aef24d0f commit 7d98dad380fae35c1a1f64e1b86c3488aef24d0f Author: Fernando ApesteguÃa <fernape@FreeBSD.org> AuthorDate: 2021-06-04 07:47:40 +0000 Commit: Fernando ApesteguÃa <fernape@FreeBSD.org> CommitDate: 2021-06-04 09:42:15 +0000 lang/tauthon: Update to 2.8.3 ChangeLog: https://github.com/naftaliharris/tauthon/blob/master/Misc/NEWS.d/2.8.3.rst PR: 256387 Reported by: olivier.freebsd@free.fr (maintainer) Security: CVE-2020-8492 MFH: 2021Q2 lang/tauthon/Makefile | 20 ++++---- lang/tauthon/distinfo | 6 +-- lang/tauthon/files/patch-setup.py | 2 +- lang/tauthon/files/patch-setup_metadata.py (gone) | 29 ------------ lang/tauthon/pkg-plist | 58 +++++++++++++++++++---- 5 files changed, 64 insertions(+), 51 deletions(-)
A commit in branch 2021Q2 references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=96419941bedafbce043e6a9a834f575812187652 commit 96419941bedafbce043e6a9a834f575812187652 Author: Fernando ApesteguÃa <fernape@FreeBSD.org> AuthorDate: 2021-06-04 07:47:40 +0000 Commit: Fernando ApesteguÃa <fernape@FreeBSD.org> CommitDate: 2021-06-04 10:05:35 +0000 lang/tauthon: Update to 2.8.3 ChangeLog: https://github.com/naftaliharris/tauthon/blob/master/Misc/NEWS.d/2.8.3.rst PR: 256387 Reported by: olivier.freebsd@free.fr (maintainer) Security: CVE-2020-8492 MFH: 2021Q2 (cherry picked from commit 7d98dad380fae35c1a1f64e1b86c3488aef24d0f) lang/tauthon/Makefile | 20 ++++---- lang/tauthon/distinfo | 6 +-- lang/tauthon/files/patch-setup.py | 2 +- lang/tauthon/files/patch-setup_metadata.py (gone) | 29 ------------ lang/tauthon/pkg-plist | 58 +++++++++++++++++++---- 5 files changed, 64 insertions(+), 51 deletions(-)
^Triage: Maintainer-feedback flag (+) not required unless requested (?) first Committed, Thanks!
Thanks!