import UBI python-pip-9.0.3-23.el8_9.1
This commit is contained in:
parent
db5b778012
commit
535bf24126
@ -14,7 +14,7 @@
|
||||
Name: python-%{srcname}
|
||||
# When updating, update the bundled libraries versions bellow!
|
||||
Version: 9.0.3
|
||||
Release: 23%{?dist}
|
||||
Release: 23%{?dist}.1
|
||||
Summary: A tool for installing and managing Python packages
|
||||
|
||||
Group: Development/Libraries
|
||||
@ -171,6 +171,9 @@ Requires: platform-python-setuptools
|
||||
|
||||
BuildRequires: ca-certificates
|
||||
Requires: ca-certificates
|
||||
# pip has to require explicit version of platform-python that provides
|
||||
# filters in tarfile module (fix for CVE-2007-4559).
|
||||
Requires: platform-python >= 3.6.8-55
|
||||
|
||||
# Virtual provides for the packages bundled by pip.
|
||||
# See the python2 list above for instructions.
|
||||
@ -223,6 +226,8 @@ A documentation for a tool for installing and managing Python packages
|
||||
%if %{without bootstrap}
|
||||
%package -n python3-%{srcname}-wheel
|
||||
Summary: The pip wheel
|
||||
# Older Python does not provide tarfile filters (fix for CVE-2007-4559).
|
||||
Conflicts: platform-python < 3.6.8-55
|
||||
|
||||
# Virtual provides for the packages bundled by pip.
|
||||
# You can find the versions in pip/_vendor/vendor.txt file.
|
||||
@ -394,6 +399,10 @@ py.test-%{python3_version} -m 'not network'
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Wed Feb 14 2024 Lumír Balhar <lbalhar@redhat.com> - 9.0.3-23.1
|
||||
- Require Python with tarfile filters
|
||||
Resolves: RHEL-25449
|
||||
|
||||
* Tue Aug 08 2023 Petr Viktorin <pviktori@redhat.com> - 9.0.3-23
|
||||
- Use tarfile.data_filter for extracting (CVE-2007-4559, PEP-721, PEP-706)
|
||||
Resolves: RHBZ#2218241
|
||||
|
Loading…
Reference in New Issue
Block a user