import CS python-pip-9.0.3-24.el8

This commit is contained in:
eabdullin 2024-03-27 20:19:24 +00:00
parent 90d2ee0aa1
commit ac9a107a3b

View File

@ -14,7 +14,7 @@
Name: python-%{srcname} Name: python-%{srcname}
# When updating, update the bundled libraries versions bellow! # When updating, update the bundled libraries versions bellow!
Version: 9.0.3 Version: 9.0.3
Release: 23%{?dist} Release: 24%{?dist}
Summary: A tool for installing and managing Python packages Summary: A tool for installing and managing Python packages
Group: Development/Libraries Group: Development/Libraries
@ -171,6 +171,9 @@ Requires: platform-python-setuptools
BuildRequires: ca-certificates BuildRequires: ca-certificates
Requires: ca-certificates Requires: ca-certificates
# pip has to require explicit version of platform-python that provides
# filters in tarfile module (fix for CVE-2007-4559).
Requires: platform-python >= 3.6.8-55
# Virtual provides for the packages bundled by pip. # Virtual provides for the packages bundled by pip.
# See the python2 list above for instructions. # See the python2 list above for instructions.
@ -223,6 +226,8 @@ A documentation for a tool for installing and managing Python packages
%if %{without bootstrap} %if %{without bootstrap}
%package -n python3-%{srcname}-wheel %package -n python3-%{srcname}-wheel
Summary: The pip wheel Summary: The pip wheel
# Older Python does not provide tarfile filters (fix for CVE-2007-4559).
Conflicts: platform-python < 3.6.8-55
# Virtual provides for the packages bundled by pip. # Virtual provides for the packages bundled by pip.
# You can find the versions in pip/_vendor/vendor.txt file. # You can find the versions in pip/_vendor/vendor.txt file.
@ -394,6 +399,10 @@ py.test-%{python3_version} -m 'not network'
%endif %endif
%changelog %changelog
* Wed Feb 14 2024 Lumír Balhar <lbalhar@redhat.com> - 9.0.3-24
- Require Python with tarfile filters
Resolves: RHEL-25446
* Tue Aug 08 2023 Petr Viktorin <pviktori@redhat.com> - 9.0.3-23 * Tue Aug 08 2023 Petr Viktorin <pviktori@redhat.com> - 9.0.3-23
- Use tarfile.data_filter for extracting (CVE-2007-4559, PEP-721, PEP-706) - Use tarfile.data_filter for extracting (CVE-2007-4559, PEP-721, PEP-706)
Resolves: RHBZ#2218241 Resolves: RHBZ#2218241