Significant security vulnerability discovered in Log4j

[Jason Liu]

In case everyone hadn't heard the news. If anyone is running Log4j for
logging on any of your web servers, you might want to read this.

WIRED: 'The Internet Is On Fire'

A vulnerability in the Log4j logging framework has security teams
scrambling to put in a fix.

-- 
Jason Liu

Re: Sandbox issues with Swift Package Manager

[Mark Anderson]

Ah ok , that's above my paygrade right now - I had no idea we were doing
that. I've copied the dev list - I think the response will be better over
there.

—Mark
___
Mark E. Anderson 
MacPorts Trac WikiPage 
GitHub Profile 



On Fri, Dec 10, 2021 at 5:12 PM Andrew Udvare  wrote:

>
> > On 2021-12-10, at 13:01, Mark Anderson  wrote:
> >
> > SPM and Workspace builds need to be added to the XCode portgroup - it's
> something that I've been working on for a while.
> >
> > I'm a little surprised the sandbox is involved at all. Is it XCode's
> sandbox complaining? Or is it Terminal? Make sure the terminal has full
> disk access.
>
> This is sandbox-exec(1) complaining. When I run the same xcodebuild
> command without MacPorts the build works fine in the same terminal.
>
>
> https://github.com/macports/macports-base/blob/master/src/port1.0/portsandbox.tcl

Question about `platforms` and `${os.platform}`

[Jason Liu]

Hi everyone,

A conversation in one of my PRs has brought up an interesting question that
I've been wondering about for a long time. In Portfiles, whenever I've had
a test for `${os.major} <= xx`, I've typically always added an additional
check for darwin in the front, i.e.:

if {${os.platform} eq "darwin" && ${os.major} <= xx} {

I've done it that way because I basically copied what I saw from other
Portfiles, and because I get gently admonished by the committers when I
forget to. But I've also always wondered why it's necessary. I was under
the impression that the `platforms darwin` line means that the entire
Portfile is supposed to be valid only for `${os.platform} eq "darwin"`, no?
(In other words, my understanding is that a line such as `platforms darwin
freebsd openbsd` is meant to signify that "this Portfile is supposed to be
valid for the listed platforms".) If that's not the case, then what is the
purpose of `platforms darwin`?

-- 
Jason Liu

Re: Review of PR 12966 - qt-qtwebkit

[John Hoyt]

Hi I'd like to once again request a review of PR12966
 (qt5-qtwebkitI) .

It's been sitting in the queue for a while now and I'm not sure what else
needs to be done to get it accepted (or if I should just close the PR and
let the issues languish).

I am certainly more than happy to make any corrections to the portfile
and/or commit messages, but I need some guidance from the team as to what
needs to be done.

On Sun, Nov 21, 2021 at 8:11 AM John Hoyt  wrote:

> I'd like to request a review for PR12966
>  (qt5-qtwebkitI) which
> fixes the compile issues on Monterey (and closes track ticket 63877
> ).
>
> I've tested the fix to work on both Arm/x86_64 on Monterey and x86_64 on
> High Sierra.
>
> The buildbot failures are of two varieties unrelated to the fix: timeout
> issues and failure to build an unrelated qt5 subport.
>

Re: DevOps Azure will not support macOS 10.14 as of December 10

[Vadim-Valdis Yudaev]

This day seems to have come.

See 
https://dev.azure.com/macports/macports-ports/_build/results?buildId=18866=logs=ca395085-040a-526b-2ce8-bdc85f692774

{{{
##[warning]An image label with the label macOS-10.14 does not exist.
##[error]The remote provider was unable to process the request.

Started: Just now
Duration: 18s
}}}

> On Nov 25, 2021, at 04:52, Joshua Root  wrote:
> 
> On 2021-11-25 12:31 , Vadim-Valdis Yudaev wrote:
>> Hi here,
>> Since that DevOps Azure will not support macOS 10.14 as of December 10, it's
>> worth considering bump the version to 10.15. Otherwise, we may get a broken
>> check again for PRs.
>>> The macOS-10.14 environment is deprecated and will be removed on December 
>>> 10,
>>> 2021. For more details see
>>> https://devblogs.microsoft.com/devops/hosted-pipelines-image-deprecation/
> 
> We already have GitHub Actions for 10.15, so we might as well just drop Azure 
> as of that date.
> 
> - Josh