import CS python-pip-21.2.3-8.el9

This commit is contained in:
eabdullin 2024-03-28 11:29:32 +00:00
parent 2ac9b32d7b
commit 3aae48cb38

View File

@ -21,7 +21,7 @@
Name: python-%{srcname} Name: python-%{srcname}
Version: %{base_version}%{?prerel:~%{prerel}} Version: %{base_version}%{?prerel:~%{prerel}}
Release: 7%{?dist} Release: 8%{?dist}
Summary: A tool for installing and managing Python packages Summary: A tool for installing and managing Python packages
# We bundle a lot of libraries with pip, which itself is under MIT license. # We bundle a lot of libraries with pip, which itself is under MIT license.
@ -196,6 +196,10 @@ BuildRequires: python%{python3_pkgversion}-wheel
BuildRequires: ca-certificates BuildRequires: ca-certificates
Requires: ca-certificates Requires: ca-certificates
# pip has to require explicit version of python3 that provides
# filters in tarfile module (fix for CVE-2007-4559).
Requires: python3 >= 3.9.17-2
# This was previously required and we keep it recommended because a lot of # This was previously required and we keep it recommended because a lot of
# sdists installed via pip will try to import setuptools. # sdists installed via pip will try to import setuptools.
# But pip doesn't actually require setuptools. # But pip doesn't actually require setuptools.
@ -241,10 +245,11 @@ Requires: ca-certificates
Provides: %{name}-wheel = %{version}-%{release} Provides: %{name}-wheel = %{version}-%{release}
Obsoletes: %{name}-wheel < %{version}-%{release} Obsoletes: %{name}-wheel < %{version}-%{release}
# Older versions of python3-libs expect Python wheels at the old unversioned # Older versions of python3-libs (< 3.9.9-2) expect Python wheels at the old unversioned
# location, so we conflict with the old Python versions that wouldn't work with # location, so we conflict with the old Python versions that wouldn't work with
# the new wheel location. # the new wheel location.
Conflicts: python3-libs < 3.9.9-2 # Moreover, Python older than (3.9.16-2) does not provide tarfile filters (fix for CVE-2007-4559).
Conflicts: python3-libs < 3.9.17-2
# Virtual provides for the packages bundled by pip: # Virtual provides for the packages bundled by pip:
%{bundled 3} %{bundled 3}
@ -411,6 +416,10 @@ pytest_k='not completion and
%{python_wheel_dir}/%{python_wheel_name} %{python_wheel_dir}/%{python_wheel_name}
%changelog %changelog
* Wed Feb 14 2024 Lumír Balhar <lbalhar@redhat.com> - 21.2.3-8
- Require Python with tarfile filters
Resolves: RHEL-25451
* Tue Aug 08 2023 Petr Viktorin <pviktori@redhat.com> - 21.2.3-7 * Tue Aug 08 2023 Petr Viktorin <pviktori@redhat.com> - 21.2.3-7
- Use tarfile.data_filter for extracting (CVE-2007-4559, PEP-721, PEP-706) - Use tarfile.data_filter for extracting (CVE-2007-4559, PEP-721, PEP-706)
Resolves: RHBZ#2207997 Resolves: RHBZ#2207997