FreeBSD - メンテナンス・トラブルシュート - Python - py39-setuptools 63.1.0 → 63.1.0_1

 クラウディア
1. 概要
2. 状況
3. 試行錯誤
4. 一時しのぎ
5. 唐突に解決

1. 概要

 2023年6月23日のこと。

$ pkg version -vl "<"
py39-setuptools-63.1.0             <   needs updating (index has 63.1.0_1)
 となっていました。

2. 状況

 まぁ、いつものことなので、アップグレードしようとします、

portupgrade -rR py39-setuptools
 すると

[Reading data from pkg(8) ... - 587 packages found - done]
[Gathering depends for devel/py-setuptools ......................... done]

・・・	略	・・・

 for textproc/py-sphinxcontrib-applehelp .. done]
[Exclude up-to-date packages ................................................................................................... done]
--->  Upgrading 'py39-setuptools-63.1.0' to 'py39-setuptools-63.1.0_1' (devel/py-setuptools)
--->  Building '/usr/ports/devel/py-setuptools'
===>  Cleaning for py39-setuptools-63.1.0_1
===>  Cleaning for py38-setuptools-63.1.0_1
===>  Cleaning for py37-setuptools-63.1.0_1
===>  Cleaning for py310-setuptools-63.1.0_1
===>  Cleaning for py311-setuptools-63.1.0_1
===>  py39-setuptools-63.1.0_1 has known vulnerabilities:
py39-setuptools-63.1.0_1 is vulnerable:
  py39-setuptools -- denial of service vulnerability
  CVE: CVE-2022-40897
  WWW: https://vuxml.FreeBSD.org/freebsd/1b38aec4-4149-4c7d-851c-3c4de3a1fbd0.html

1 problem(s) in 1 installed package(s) found.
=> Please update your ports tree and try again.
=> Note: Vulnerable ports are marked as such even if there is no update available.
=> If you wish to ignore this vulnerability rebuild with 'make DISABLE_VULNERABILITIES=yes'
*** Error code 1

Stop.
make: stopped in /usr/ports/devel/py-setuptools
egrep: empty (sub)expression
** Command failed [exit code 1]: /usr/bin/script -qa /tmp/portupgrade20230623-88697-dfooyc env UPGRADE_TOOL=portupgrade UPGRADE_PORT=py39-setuptools-63.1.0 UPGRADE_PORT_VER=63.1.0 make
** Fix the problem and try again.
** Listing the failed packages (-:ignored / *:skipped / !:failed)
        ! devel/py-setuptools (py39-setuptools-63.1.0)  (security vulnerabilities)
 正直にいうと、なんやようわからんのであります。

3. 試行錯誤

 よくある、競合かなと思って。

cd /usr/ports/devel/py-setuptools
make deinstall clean
make
 すると

===>  py39-setuptools-63.1.0_1 has known vulnerabilities:
py39-setuptools-63.1.0_1 is vulnerable:
  py39-setuptools -- denial of service vulnerability
  CVE: CVE-2022-40897
  WWW: https://vuxml.FreeBSD.org/freebsd/1b38aec4-4149-4c7d-851c-3c4de3a1fbd0.html

1 problem(s) in 1 installed package(s) found.
=> Please update your ports tree and try again.
=> Note: Vulnerable ports are marked as such even if there is no update available.
=> If you wish to ignore this vulnerability rebuild with 'make DISABLE_VULNERABILITIES=yes'
*** Error code 1

Stop.
make: stopped in /usr/ports/devel/py-setuptools
 げげ、悪化。  インストールすら、できないではないか。

4. 一時しのぎ

 とりあえず、「ports」の方は、次のバージョンを待つとして、「pkg」で一時しのぎします。

$ pkg install py39-setuptools
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 5 package(s) will be affected (of 0 checked):

Installed packages to be REMOVED:
        mono: 5.10.1.57_4

New packages to be INSTALLED:
        perl5.34: 5.34.1_2
        py39-setuptools: 63.1.0

Installed packages to be DOWNGRADED:
        perl5: 5.34.1_2 -> 5.32.1_3

Installed packages to be REINSTALLED:
        http-parser-2.9.4

Number of packages to be removed: 1
Number of packages to be installed: 2
Number of packages to be reinstalled: 1
Number of packages to be downgraded: 1

The operation will free 172 MiB.
1 MiB to be downloaded.

Proceed with this action? [y/N]:
 あぁ、また、「perl」がダウングレードしちゃうんだな。  仕方ないので、y で進めます。

[1/2] Fetching py39-setuptools-63.1.0.pkg: 100%    1 MiB   1.1MB/s    00:01
[2/2] Fetching http-parser-2.9.4.pkg: 100%   18 KiB  18.6kB/s    00:01
Checking integrity... done (1 conflicting)
  - perl5.34-5.34.1_2 conflicts with perl5-5.34.1_2 on /usr/local/bin/perl5.34.1
Checking integrity... done (0 conflicting)
Conflicts with the existing packages have been found.
One more solver iteration is needed to resolve them.
The following 6 package(s) will be affected (of 0 checked):

Installed packages to be REMOVED:
        mono: 5.10.1.57_4

New packages to be INSTALLED:
        perl5.34: 5.34.1_2
        py39-setuptools: 63.1.0

Installed packages to be REINSTALLED:
        http-parser-2.9.4

Number of packages to be removed: 1
Number of packages to be installed: 2
Number of packages to be reinstalled: 1

The operation will free 171 MiB.

Proceed with this action? [y/N]:
 あれ?結局、「perl」は、元に戻るんかいな。  y。  実際んとこ、「perl」は元に戻らなかったので。  上記が終わった後で。

portupgrade -rRf perl5.34

5. 唐突に解決

 2023年6月27日、唐突に解決しました。  う~ん、「pkg」がアップグレードされていたがなぁ。  「pkg」アップグレード後に、

portupgrade -rR py39-setuptools
 が、とおっちゃいました。  ただし、アップグレードと言われていない、「rust」や「cargo」の更新が、一連の「portupgrade」の中で動いたので、ほぼ丸一日、かかりましたが。
ハイスピードプランマイニングベース