On 2024/05/03 08:40, Stuart Henderson wrote:
> On 2024/05/03 08:14, Antoine Jacoutot wrote:
> > On Tue, Apr 30, 2024 at 08:30:46AM -0600, Jeremy Evans wrote:
> > > CVSROOT: /cvs
> > > Module name: ports
> > > Changes by: jer...@cvs.openbsd.org 2024/04/30 08:30:46
> > >
> > > Modified files:
> > > security/suricata: Makefile distinfo
> > >
> > > Log message:
> > > Update to suricata 7.0.5
> > >
> > > Fixes CVE-2024-32663 CVE-2024-32664 CVE-2024-32867
> > >
> > > OK gonzalo@
> >
> > Making all in qa
> > Making all in coccinelle
> > Making all in rules
> > Making all in doc
> > Making all in userguide
> > RELEASE_DATE=2024-04-23 sysconfdir=/etc localstatedir=/var version=7.0.5
> > /usr/local/bin/sphinx-build -W -b man -d _build/doctrees
> > ../../doc/userguide _build/man
> > Running Sphinx v7.3.7
> >
> > Extension error:
> > Could not import extension sphinx.builders.linkcheck (exception: cannot
> > import name 'JSONDecodeError' from 'simplejson' (unknown location))
>
> We've seen this on a few things using sphinx now (from before the sphinx
> updates).
>
> I think it may be related to py-requests picking up and preferring an
> installed "py3-simplejson" over the Python built-in json module, but I
> can't replicate the problem here.
>
> (IIUC the "simplejson" module evolved into the "json" built-in in Python
> 3; simplejson used to be faster so some software preferred it for that
> reason, but it seems now the only reason to use it is for code that
> wants backwards compat with old Python).
>
> requests doesn't want to change this until a major version bump.
>
> simplejson is only listed as a dep for these ports:
>
> mail/mailparser
> net/seafile/seafile (though the code no longer uses it)
> www/woob
>
> I think it probably makes sense to patch these to use json instead of
> simplejson and then remove simplejson.
I do still think that would probably make sense, but looking again,
these are only RDEP for ports which shouldn't be installed during a
bulk, so I don't think it can be that.
Hrmmm...
> I've tested mailparser's json functionality with this change and no
> problem. I don't really know how to test woob, I have a lot of errors
> with the existing version, I managed to get useful data out of some
> backends and that didn't change after patching (and upstream already
> allows "json" as a fallback more most things anyway, so I don't expect
> problems).
>
> Would anyone else like to check these? (maintainers CC'd).
>
>
> Index: mail/mailparser/Makefile
> ===================================================================
> RCS file: /cvs/ports/mail/mailparser/Makefile,v
> diff -u -p -r1.1.1.1 Makefile
> --- mail/mailparser/Makefile 18 Apr 2024 09:28:41 -0000 1.1.1.1
> +++ mail/mailparser/Makefile 3 May 2024 07:17:17 -0000
> @@ -1,6 +1,7 @@
> COMMENT = wrapper for 'email' in Python's standard library
>
> MODPY_EGG_VERSION = 3.15.0
> +REVISION = 0
> DISTNAME = mail-parser-${MODPY_EGG_VERSION}
> PKGNAME = mailparser-${MODPY_EGG_VERSION}
>
> @@ -12,8 +13,8 @@ PERMIT_PACKAGE = Yes
> MODULES = lang/python
> MODPY_PYBUILD = setuptools
> MODPY_PI = Yes
> +NO_TEST = Yes
>
> -RUN_DEPENDS = devel/py-simplejson${MODPY_FLAVOR} \
> - devel/py-six${MODPY_FLAVOR}
> +RUN_DEPENDS = devel/py-six${MODPY_FLAVOR}
>
> .include <bsd.port.mk>
> Index: mail/mailparser/patches/patch-mailparser_mailparser_py
> ===================================================================
> RCS file: mail/mailparser/patches/patch-mailparser_mailparser_py
> diff -N mail/mailparser/patches/patch-mailparser_mailparser_py
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ mail/mailparser/patches/patch-mailparser_mailparser_py 3 May 2024
> 07:17:17 -0000
> @@ -0,0 +1,12 @@
> +Index: mailparser/mailparser.py
> +--- mailparser/mailparser.py.orig
> ++++ mailparser/mailparser.py
> +@@ -25,7 +25,7 @@ import os
> +
> + import ipaddress
> + import six
> +-import simplejson as json
> ++import json
> +
> + from .const import (
> + ADDRESSES_HEADERS,
> Index: mail/mailparser/patches/patch-mailparser_utils_py
> ===================================================================
> RCS file: mail/mailparser/patches/patch-mailparser_utils_py
> diff -N mail/mailparser/patches/patch-mailparser_utils_py
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ mail/mailparser/patches/patch-mailparser_utils_py 3 May 2024 07:17:17
> -0000
> @@ -0,0 +1,12 @@
> +Index: mailparser/utils.py
> +--- mailparser/utils.py.orig
> ++++ mailparser/utils.py
> +@@ -33,7 +33,7 @@ import logging
> + import os
> + import random
> + import re
> +-import simplejson as json
> ++import json
> + import string
> + import subprocess
> + import sys
> Index: net/seafile/seafile/Makefile
> ===================================================================
> RCS file: /cvs/ports/net/seafile/seafile/Makefile,v
> diff -u -p -r1.54 Makefile
> --- net/seafile/seafile/Makefile 4 Mar 2024 06:21:15 -0000 1.54
> +++ net/seafile/seafile/Makefile 3 May 2024 07:17:17 -0000
> @@ -5,6 +5,7 @@ GH_PROJECT = seafile
> # this commit is from the "v9.0.5" tag
> GH_COMMIT = b5c8e027ad50a1422f27d218c13f82a8f10018d2
> DISTNAME = seafile-daemon-9.0.50pl20240228
> +REVISION = 0
>
> SHARED_LIBS = seafile 4.0
>
> @@ -17,7 +18,6 @@ WANTLIB += lib/inotify/inotify
> MODULES = lang/python
> BUILD_DEPENDS = lang/vala
>
> -RUN_DEPENDS = devel/py-simplejson${MODPY_FLAVOR}
> LIB_DEPENDS = devel/libinotify \
> databases/sqlite3 \
> devel/libevent2 \
> Index: www/woob/Makefile
> ===================================================================
> RCS file: /cvs/ports/www/woob/Makefile,v
> diff -u -p -r1.10 Makefile
> --- www/woob/Makefile 3 Mar 2024 08:23:13 -0000 1.10
> +++ www/woob/Makefile 3 May 2024 07:17:17 -0000
> @@ -1,7 +1,7 @@
> COMMENT = web outside of browsers
>
> MODPY_EGG_VERSION = 3.6
> -REVISION = 0
> +REVISION = 1
> DISTNAME = woob-${MODPY_EGG_VERSION}
>
> CATEGORIES = www
> @@ -36,7 +36,6 @@ RUN_DEPENDS += textproc/py-lxml${MODPY_F
> # unlisted dependencies in woob/ and tools/
> # (dependencies for some tools, some features, ...)
> RUN_DEPENDS += devel/py-colorama${MODPY_FLAVOR} \
> - devel/py-simplejson${MODPY_FLAVOR} \
> textproc/py-feedparser${MODPY_FLAVOR} \
> textproc/py-pdfminer${MODPY_FLAVOR} \
> textproc/py-prettytable${MODPY_FLAVOR} \
> Index:
> www/woob/patches/patch-contrib_plugin_video_videoobmc_resources_lib_base_woobmc_py
> ===================================================================
> RCS file:
> www/woob/patches/patch-contrib_plugin_video_videoobmc_resources_lib_base_woobmc_py
> diff -N
> www/woob/patches/patch-contrib_plugin_video_videoobmc_resources_lib_base_woobmc_py
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++
> www/woob/patches/patch-contrib_plugin_video_videoobmc_resources_lib_base_woobmc_py
> 3 May 2024 07:17:17 -0000
> @@ -0,0 +1,12 @@
> +Index: contrib/plugin.video.videoobmc/resources/lib/base/woobmc.py
> +--- contrib/plugin.video.videoobmc/resources/lib/base/woobmc.py.orig
> ++++ contrib/plugin.video.videoobmc/resources/lib/base/woobmc.py
> +@@ -5,7 +5,7 @@ import sys
> + import os
> + import re
> + import subprocess
> +-import simplejson as json
> ++import json
> +
> + if hasattr(sys.modules["__main__"], "common_xbmc"):
> + common_xbmc = sys.modules["__main__"].common_xbmc
> Index: www/woob/patches/patch-woob_tools_json_py
> ===================================================================
> RCS file: www/woob/patches/patch-woob_tools_json_py
> diff -N www/woob/patches/patch-woob_tools_json_py
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ www/woob/patches/patch-woob_tools_json_py 3 May 2024 07:17:17 -0000
> @@ -0,0 +1,20 @@
> +Index: woob/tools/json.py
> +--- woob/tools/json.py.orig
> ++++ woob/tools/json.py
> +@@ -21,15 +21,7 @@ from datetime import datetime, date, time, timedelta
> +
> + __all__ = ['json', 'mini_jsonpath']
> +
> +-try:
> +- # try simplejson first because it is faster
> +- # However, note that simplejson has very different behaviors from the
> +- # stdlib json module. In particular, it is handling Decimal in a very
> +- # peculiar way and is not returning a string for them.
> +- import simplejson as json
> +-except ImportError:
> +- # Python 2.6+ has a module similar to simplejson
> +- import json
> ++import json
> +
> + from woob.capabilities.base import BaseObject, NotAvailable, NotLoaded
> +
>
