• Re: Status of Python 3.11

    From =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?=@des@FreeBSD.org to muc.lists.freebsd.ports on Fri Jun 19 19:37:34 2026
    From Newsgroup: muc.lists.freebsd.ports

    Xavier Humbert <xavier@groumpf.org> writes:
    There are known vulnerabilities in Python 3.11, however I can't see in UPDATING an entry for changing the current version. [...] What is
    the current recommended version?
    The recommended version is still 3.11. Although upstream has not yet
    patched any of the four recent issues, we have backported patches for
    two of them (CVE-2025-15366 and CVE-2025-15367) and an upstream patch is
    in progress for a third (CVE-2026-1502). There is no 3.11 patch yet for
    the fourth (upstream bug #146333, no CVE assigned).
    The oldest version that has patches for all known issues is 3.13. Unfortunately, changing the default is highly non-trivial as it tends to
    break a ton of dependents, but if you build your own packages, you can
    try adding this line to make.conf:
    DEFAULT_VERSIONS+=python=3.13 python3=3.13
    I do not recommend trying 3.14 or 3.15 at this point, as the risk of
    breakage increases the further you move from the recommended default.
    The procedure outlined in UPDATING is only necessary for leaf packages,
    i.e. if the following command produces any output:
    pkg query -e '%a == 0 || %#r == 0' -g %n 'py311-*'
    In which case you should run the following on affected systems before
    `pkg upgrade` (assuming you chose 3.13 as your new default):
    for p in $(pkg query -g %n 'py311-*'); do
    pkg set -yn "${p}:py313-${p#py311-}";
    done
    Otherwise, package dependencies will take care of everything.
    DES
    --
    Dag-Erling Sm|+rgrav - des@FreeBSD.org
    --
    Posted automagically by a mail2news gateway at muc.de e.V.
    Please direct questions, flames, donations, etc. to news-admin@muc.de
    --- Synchronet 3.22a-Linux NewsLink 1.2
  • From =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?=@des@FreeBSD.org to muc.lists.freebsd.ports on Fri Jun 19 19:51:27 2026
    From Newsgroup: muc.lists.freebsd.ports

    Xavier Humbert <xavier@groumpf.org> writes:
    (I'm using portugrade directly in the ports tree)
    I really recommend using poudriere instead, especially if you have more
    than one system to maintain. It's not that hard to set up.
    DES
    --
    Dag-Erling Sm|+rgrav - des@FreeBSD.org
    --
    Posted automagically by a mail2news gateway at muc.de e.V.
    Please direct questions, flames, donations, etc. to news-admin@muc.de
    --- Synchronet 3.22a-Linux NewsLink 1.2
  • From The Doctor@doctor@doctor.nl2k.ab.ca to muc.lists.freebsd.ports on Fri Jun 19 14:11:17 2026
    From Newsgroup: muc.lists.freebsd.ports

    On Fri, Jun 19, 2026 at 06:46:57PM +0200, Xavier Humbert wrote:
    Hi,

    There are known vulnerabilities in Python 3.11, however I can't see in UPDATING an entry for changing the current version. The only entry is

    20240529:
    ?? AFFECTS: users of python
    ?? AUTHOR: rm@FreeBSD.org

    ?? The default version of python3 and python was switched to 3.11.


    What is the current recommended version ? Does the tips in this entry still apply ?

    Regards,

    Xavier


    REcoomend we move to Python 3.14 . 3.15 is in beta!

    --
    Xavier HUMBERT - Unix/Win/MacOSX Sysadmin/Network Engineer https://www.amdh.fr


    --
    Member - Liberal International This is doctor@nk.ca Ici doctor@nk.ca
    Yahweh, King & country!Never Satan President Republic!Beware AntiChrist rising! Look at Psalms 14 and 53 on Atheism ; 31 years in the ISP business!


    --
    Posted automagically by a mail2news gateway at muc.de e.V.
    Please direct questions, flames, donations, etc. to news-admin@muc.de
    --- Synchronet 3.22a-Linux NewsLink 1.2
  • From =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?=@des@FreeBSD.org to muc.lists.freebsd.ports on Sat Jun 20 01:06:59 2026
    From Newsgroup: muc.lists.freebsd.ports

    Dag-Erling Sm|+rgrav <des@FreeBSD.org> writes:
    The oldest version that has patches for all known issues is 3.13. Unfortunately, changing the default is highly non-trivial as it tends to break a ton of dependents, but if you build your own packages, you can
    try adding this line to make.conf:

    DEFAULT_VERSIONS+=python=3.13 python3=3.13
    Correction, setting python3 has no effect, all you need is:
    DEFAULT_VERSIONS+=python=3.13
    Beware that net/samba416 and www/py-django60 are pinned to 3.11-3.12 and
    will refuse to build if you set the default to anything higher. You can _probably_ edit their Makefiles and change the upper bound if you want
    to use them with Python 3.13.
    DES
    --
    Dag-Erling Sm|+rgrav - des@FreeBSD.org
    --
    Posted automagically by a mail2news gateway at muc.de e.V.
    Please direct questions, flames, donations, etc. to news-admin@muc.de
    --- Synchronet 3.22a-Linux NewsLink 1.2
  • From =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?=@des@FreeBSD.org to muc.lists.freebsd.ports on Sat Jun 20 19:01:13 2026
    From Newsgroup: muc.lists.freebsd.ports

    Dag-Erling Sm|+rgrav <des@FreeBSD.org> writes:
    Beware that net/samba416 and www/py-django60 are pinned to 3.11-3.12 and
    will refuse to build if you set the default to anything higher.
    I have posted reviews net/samba416 and www/py-django60:
    https://reviews.freebsd.org/D57713
    https://reviews.freebsd.org/D57714
    DES
    --
    Dag-Erling Sm|+rgrav - des@FreeBSD.org
    --
    Posted automagically by a mail2news gateway at muc.de e.V.
    Please direct questions, flames, donations, etc. to news-admin@muc.de
    --- Synchronet 3.22a-Linux NewsLink 1.2
  • From Dan Mahoney \(ports\)@freebsd@gushi.org to muc.lists.freebsd.ports on Sun Jun 21 11:17:41 2026
    From Newsgroup: muc.lists.freebsd.ports


    On Jun 19, 2026, at 12:46rC>PM, Xavier Humbert <xavier@groumpf.org> wrote:

    Hi,

    There are known vulnerabilities in Python 3.11, however I can't see in UPDATING an entry for changing the current version. The only entry is

    20240529:
    AFFECTS: users of python
    AUTHOR: rm@FreeBSD.org

    The default version of python3 and python was switched to 3.11.


    What is the current recommended version ? Does the tips in this entry still apply ?
    There are cherry-pickable patches for most of the post 3.11.15 CVEs, (python foundation has pushed back if some will be pushed into 3.11, but other OSes have locally patched) but I don't think the port has applied them locally.
    -Dan
    --
    Posted automagically by a mail2news gateway at muc.de e.V.
    Please direct questions, flames, donations, etc. to news-admin@muc.de
    --- Synchronet 3.22a-Linux NewsLink 1.2
  • From =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?=@des@FreeBSD.org to muc.lists.freebsd.ports on Tue Jun 23 16:26:02 2026
    From Newsgroup: muc.lists.freebsd.ports

    Matthias Fechner <idefix@fechner.net> writes:
    I tested python 3.14.
    We already know 3.14 doesn't work. For instance, the entire py-sphinx ecosystem is currently stuck at the newest version that still supports
    3.11, and that version does not support 3.14. We need to switch the
    default Python version first, preferably to 3.13, then update py-sphinx,
    before we can consider Python 3.14.
    DES
    --
    Dag-Erling Sm|+rgrav - des@FreeBSD.org
    --
    Posted automagically by a mail2news gateway at muc.de e.V.
    Please direct questions, flames, donations, etc. to news-admin@muc.de
    --- Synchronet 3.22a-Linux NewsLink 1.2
  • From Nuno Teixeira@eduardo@freebsd.org to muc.lists.freebsd.ports on Tue Jun 23 19:49:53 2026
    From Newsgroup: muc.lists.freebsd.ports

    --0000000000002cc4810654f03a9b
    Content-Type: text/plain; charset="UTF-8"
    Content-Transfer-Encoding: quoted-printable

    Hello all,

    I see that https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D285957 is staled.

    I'm unsure if it is the right time to start doing local builds with 3.13.

    Thanks,

    Matthias Fechner <idefix@fechner.net> escreveu (ter=C3=A7a, 23/06/2026 =C3= =A0(s)
    15:30):

    Am 23.06.26 um 16:26 schrieb Dag-Erling Sm=C3=B8rgrav:
    We already know 3.14 doesn't work. For instance, the entire py-sphinx ecosystem is currently stuck at the newest version that still supports 3.11, and that version does not support 3.14. We need to switch the default Python version first, preferably to 3.13, then update py-sphinx=
    ,
    before we can consider Python 3.14.

    thanks for this, will give 3.13 now a try ;)

    Matthias




    --=20
    Nuno Teixeira
    FreeBSD UNIX: <eduardo@FreeBSD.org> Web: https://FreeBSD.org

    --0000000000002cc4810654f03a9b
    Content-Type: text/html; charset="UTF-8"
    Content-Transfer-Encoding: quoted-printable

    <div dir=3D"ltr"><div><div>Hello all,</div><div><br>I see that=C2=A0<a href= =3D"https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D285957">https://bug= s.freebsd.org/bugzilla/show_bug.cgi?id=3D285957</a> is staled.<br><br></div= >I&#39;m unsure if it is the right time to start doing local builds with 3.= 13.<br><br></div>Thanks,</div><br><div class=3D"gmail_quote gmail_quote_con= tainer"><div dir=3D"ltr" class=3D"gmail_attr">Matthias Fechner &lt;<a href= =3D"mailto:idefix@fechner.net">idefix@fechner.net</a>&gt; escreveu (ter=C3= =A7a, 23/06/2026 =C3=A0(s) 15:30):<br></div><blockquote class=3D"gmail_quot=
    e" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204)= ;padding-left:1ex">Am 23.06.26 um 16:26 schrieb Dag-Erling Sm=C3=B8rgrav:<b=

    &gt; We already know 3.14 doesn&#39;t work.=C2=A0 For instance, the entire = py-sphinx<br>
    &gt; ecosystem is currently stuck at the newest version that still supports=

    &gt; 3.11, and that version does not support 3.14.=C2=A0 We need to switch = the<br>
    &gt; default Python version first, preferably to 3.13, then update py-sphin= x,<br>
    &gt; before we can consider Python 3.14.<br>

    thanks for this, will give 3.13 now a try ;)<br>

    Matthias<br>


    </blockquote></div><div><br clear=3D"all"></div><br><span class=3D"gmail_si= gnature_prefix">-- </span><br><div dir=3D"ltr" class=3D"gmail_signature"><d=
    iv dir=3D"ltr"><div><font color=3D"#888888">Nuno Teixeira</font></div><div>= <div><font color=3D"#888888">
    FreeBSD UNIX:=C2=A0 &lt;eduardo@FreeBSD.org&gt;=C2=A0 =C2=A0Web:=C2=A0 <a h= ref=3D"https://FreeBSD.org" rel=3D"noreferrer" target=3D"_blank">https://Fr= eeBSD.org</a><br></font></div></div></div></div>

    --0000000000002cc4810654f03a9b--


    --
    Posted automagically by a mail2news gateway at muc.de e.V.
    Please direct questions, flames, donations, etc. to news-admin@muc.de
    --- Synchronet 3.22a-Linux NewsLink 1.2
  • From Matthias Fechner@idefix@fechner.net to muc.lists.freebsd.ports on Wed Jun 24 06:45:28 2026
    From Newsgroup: muc.lists.freebsd.ports

    Hi,

    Am 23.06.26 um 20:49 schrieb Nuno Teixeira:
    I see that https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=285957 is staled.

    I'm unsure if it is the right time to start doing local builds with 3.13.


    I switched now to 3.13 and all seems at first to run fine.
    Will test it the next days.

    Matthias



    --
    Posted automagically by a mail2news gateway at muc.de e.V.
    Please direct questions, flames, donations, etc. to news-admin@muc.de
    --- Synchronet 3.22a-Linux NewsLink 1.2