[resend, first didn't reach python@ team because I botched the To: address]
Greetings,
mat@ assigned my python ports 3.14 and 3.15 and assigned them to you.
This wasn't authorized, there is no reason other than bullying, I don't
recognize it, isn't in the project's best interest or portmgr@ charter,
so this is on core.14@'s agenda.
Still the focus is on our ports users, and now CVE-2026-9669 was just
out (bzip2 compressor smashes stack when reused after error).
I have a fix for the bzip2 stack smasher ready for 3.14 [1] albeit
without reference to some VuXML entry, the pending medium CVE available
in upstream PRs are not cherry-picked into the port - not sure if
upstream will issue an extraordinary 3.14.6 or just pursue usual schedule.
3.15 not yet started to fix the CVE stuff, beta2 just landed, but the
upstream pull request is available so we could have it, too.
1. So, until core@ decides on the unhelpful portmgr@ incursions (see
below), how do we co-ordinate in the interim to get fixes to ports users
quickly, which includes MFH 2026Q2? Proposals?
2. Who's having the VuXML?
Please respond within 24h.
Speak soon.
Matthias
[1]
https://github.com/mandree/freebsd-ports/commit/5fed4d57a3b786583ad5572f22349998bced1654
P.S. Still you will have noticed I have been working on making Python
3.14 and 3.15b1/b2 smooth rides for our ports users, with swift updates,
and arrowd@ already knows that something's cooking with upstream on 3.15
self-test failures,
see
<https://github.com/python/cpython/issues?q=is%3Aissue%20author%3Amandree%20FreeBSD%20state%3Aopen>
what's on the burner. Some will trickle down to 3.14, some we should
re-test and nudge there.
