From 535bf24126c59c455db26b57d681a03300d5884b Mon Sep 17 00:00:00 2001
From: eabdullin <ed.abdullin.1@gmail.com>
Date: Tue, 2 Apr 2024 17:19:39 +0000
Subject: [PATCH] import UBI python-pip-9.0.3-23.el8_9.1

---
 SPECS/python-pip.spec | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/SPECS/python-pip.spec b/SPECS/python-pip.spec
index bd4a082..53e4299 100644
--- a/SPECS/python-pip.spec
+++ b/SPECS/python-pip.spec
@@ -14,7 +14,7 @@
 Name:           python-%{srcname}
 # When updating, update the bundled libraries versions bellow!
 Version:        9.0.3
-Release:        23%{?dist}
+Release:        23%{?dist}.1
 Summary:        A tool for installing and managing Python packages
 
 Group:          Development/Libraries
@@ -171,6 +171,9 @@ Requires:  platform-python-setuptools
 
 BuildRequires:  ca-certificates
 Requires:       ca-certificates
+# pip has to require explicit version of platform-python that provides
+# filters in tarfile module (fix for CVE-2007-4559).
+Requires:       platform-python >= 3.6.8-55
 
 # Virtual provides for the packages bundled by pip.
 # See the python2 list above for instructions.
@@ -223,6 +226,8 @@ A documentation for a tool for installing and managing Python packages
 %if %{without bootstrap}
 %package -n python3-%{srcname}-wheel
 Summary:        The pip wheel
+# Older Python does not provide tarfile filters (fix for CVE-2007-4559).
+Conflicts:      platform-python < 3.6.8-55
 
 # Virtual provides for the packages bundled by pip.
 # You can find the versions in pip/_vendor/vendor.txt file.
@@ -394,6 +399,10 @@ py.test-%{python3_version} -m 'not network'
 %endif
 
 %changelog
+* Wed Feb 14 2024 Lumír Balhar <lbalhar@redhat.com> - 9.0.3-23.1
+- Require Python with tarfile filters
+Resolves: RHEL-25449
+
 * Tue Aug 08 2023 Petr Viktorin <pviktori@redhat.com> - 9.0.3-23
 - Use tarfile.data_filter for extracting (CVE-2007-4559, PEP-721, PEP-706)
 Resolves: RHBZ#2218241