Require Python with tarfile filters

Resolves: RHEL-25453
This commit is contained in:
Tomáš Hrnčiar 2024-02-14 15:42:59 +01:00
parent 4de1f9de0e
commit 91d2bf596c

View File

@ -12,7 +12,7 @@
Name: python%{python3_pkgversion}-%{srcname} Name: python%{python3_pkgversion}-%{srcname}
Version: %{base_version}%{?prerel:~%{prerel}} Version: %{base_version}%{?prerel:~%{prerel}}
Release: 4%{?dist} Release: 5%{?dist}
Summary: A tool for installing and managing Python packages Summary: A tool for installing and managing Python packages
# We bundle a lot of libraries with pip, which itself is under MIT license. # We bundle a lot of libraries with pip, which itself is under MIT license.
@ -207,7 +207,9 @@ Recommends: python%{python3_pkgversion}-setuptools
Requires(postun): alternatives >= 1.19.1-1 Requires(postun): alternatives >= 1.19.1-1
# python3.11 installs the alternatives master symlink to which we attach a slave # python3.11 installs the alternatives master symlink to which we attach a slave
Requires: python%{python3_pkgversion} # pip has to require explicit version of python that provides
# filters in tarfile module (fix for CVE-2007-4559).
Requires: python%{python3_pkgversion} >= 3.11.4-3
Requires(post): python%{python3_pkgversion} Requires(post): python%{python3_pkgversion}
Requires(postun): python%{python3_pkgversion} Requires(postun): python%{python3_pkgversion}
@ -225,6 +227,8 @@ Packages" or "Pip Installs Python".
%package -n %{python_wheel_pkg_prefix}-%{srcname}-wheel %package -n %{python_wheel_pkg_prefix}-%{srcname}-wheel
Summary: The pip wheel Summary: The pip wheel
Requires: ca-certificates Requires: ca-certificates
# Older Python does not provide tarfile filters (fix for CVE-2007-4559).
Conflicts: python%{python3_pkgversion} < 3.11.4-3
# Virtual provides for the packages bundled by pip: # Virtual provides for the packages bundled by pip:
%{bundled %{python3_pkgversion}} %{bundled %{python3_pkgversion}}
@ -397,6 +401,10 @@ fi
%{python_wheel_dir}/%{python_wheel_name} %{python_wheel_dir}/%{python_wheel_name}
%changelog %changelog
* Wed Feb 14 2024 Tomáš Hrnčiar <thrnciar@redhat.com> - 22.3.1-5
- Require Python with tarfile filters
Resolves: RHEL-25453
* Tue Aug 08 2023 Petr Viktorin <pviktori@redhat.com> - 22.3.1-4 * Tue Aug 08 2023 Petr Viktorin <pviktori@redhat.com> - 22.3.1-4
- Use tarfile.data_filter for extracting (CVE-2007-4559, PEP-721, PEP-706) - Use tarfile.data_filter for extracting (CVE-2007-4559, PEP-721, PEP-706)
Resolves: RHBZ#2218249 Resolves: RHBZ#2218249