import CS python-pip-21.2.3-8.el9
This commit is contained in:
parent
2ac9b32d7b
commit
3aae48cb38
@ -21,7 +21,7 @@
|
|||||||
|
|
||||||
Name: python-%{srcname}
|
Name: python-%{srcname}
|
||||||
Version: %{base_version}%{?prerel:~%{prerel}}
|
Version: %{base_version}%{?prerel:~%{prerel}}
|
||||||
Release: 7%{?dist}
|
Release: 8%{?dist}
|
||||||
Summary: A tool for installing and managing Python packages
|
Summary: A tool for installing and managing Python packages
|
||||||
|
|
||||||
# We bundle a lot of libraries with pip, which itself is under MIT license.
|
# We bundle a lot of libraries with pip, which itself is under MIT license.
|
||||||
@ -196,6 +196,10 @@ BuildRequires: python%{python3_pkgversion}-wheel
|
|||||||
BuildRequires: ca-certificates
|
BuildRequires: ca-certificates
|
||||||
Requires: ca-certificates
|
Requires: ca-certificates
|
||||||
|
|
||||||
|
# pip has to require explicit version of python3 that provides
|
||||||
|
# filters in tarfile module (fix for CVE-2007-4559).
|
||||||
|
Requires: python3 >= 3.9.17-2
|
||||||
|
|
||||||
# This was previously required and we keep it recommended because a lot of
|
# This was previously required and we keep it recommended because a lot of
|
||||||
# sdists installed via pip will try to import setuptools.
|
# sdists installed via pip will try to import setuptools.
|
||||||
# But pip doesn't actually require setuptools.
|
# But pip doesn't actually require setuptools.
|
||||||
@ -241,10 +245,11 @@ Requires: ca-certificates
|
|||||||
Provides: %{name}-wheel = %{version}-%{release}
|
Provides: %{name}-wheel = %{version}-%{release}
|
||||||
Obsoletes: %{name}-wheel < %{version}-%{release}
|
Obsoletes: %{name}-wheel < %{version}-%{release}
|
||||||
|
|
||||||
# Older versions of python3-libs expect Python wheels at the old unversioned
|
# Older versions of python3-libs (< 3.9.9-2) expect Python wheels at the old unversioned
|
||||||
# location, so we conflict with the old Python versions that wouldn't work with
|
# location, so we conflict with the old Python versions that wouldn't work with
|
||||||
# the new wheel location.
|
# the new wheel location.
|
||||||
Conflicts: python3-libs < 3.9.9-2
|
# Moreover, Python older than (3.9.16-2) does not provide tarfile filters (fix for CVE-2007-4559).
|
||||||
|
Conflicts: python3-libs < 3.9.17-2
|
||||||
|
|
||||||
# Virtual provides for the packages bundled by pip:
|
# Virtual provides for the packages bundled by pip:
|
||||||
%{bundled 3}
|
%{bundled 3}
|
||||||
@ -411,6 +416,10 @@ pytest_k='not completion and
|
|||||||
%{python_wheel_dir}/%{python_wheel_name}
|
%{python_wheel_dir}/%{python_wheel_name}
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Feb 14 2024 Lumír Balhar <lbalhar@redhat.com> - 21.2.3-8
|
||||||
|
- Require Python with tarfile filters
|
||||||
|
Resolves: RHEL-25451
|
||||||
|
|
||||||
* Tue Aug 08 2023 Petr Viktorin <pviktori@redhat.com> - 21.2.3-7
|
* Tue Aug 08 2023 Petr Viktorin <pviktori@redhat.com> - 21.2.3-7
|
||||||
- Use tarfile.data_filter for extracting (CVE-2007-4559, PEP-721, PEP-706)
|
- Use tarfile.data_filter for extracting (CVE-2007-4559, PEP-721, PEP-706)
|
||||||
Resolves: RHBZ#2207997
|
Resolves: RHBZ#2207997
|
||||||
|
Loading…
Reference in New Issue
Block a user