rpms/python3
6
0
Fork 0
Code Issues Pull Requests Releases Activity

import UBI python3-3.6.8-70.el8_10

Browse Source
This commit is contained in:
eabdullin 2025-07-01 20:58:19 +00:00
parent 5eaed3078e
commit 04bc006f97
2 changed files with 1807 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1783
SOURCES/00465-tarfile-cves.patch Normal file
View File

File diff suppressed because it is too large Load Diff

26
SPECS/python3.spec
View File

@ -14,7 +14,7 @@ URL: https://www.python.org/
# WARNING When rebasing to a new Python version, # WARNING When rebasing to a new Python version,
# remember to update the python3-docs package as well # remember to update the python3-docs package as well
Version: %{pybasever}.8 Version: %{pybasever}.8
Release: 69%{?dist} Release: 70%{?dist}
License: Python License: Python
@ -918,6 +918,23 @@ Patch443: 00443-gh-124651-quote-template-strings-in-venv-activation-scripts.patc
# Tests are adjusted because Python <3.9 don't support scoped IPv6 addresses. # Tests are adjusted because Python <3.9 don't support scoped IPv6 addresses.
Patch444: 00444-security-fix-for-cve-2024-11168.patch Patch444: 00444-security-fix-for-cve-2024-11168.patch
# 00465 #
# Security fixes for CVE-2025-4517, CVE-2025-4330, CVE-2025-4138, CVE-2024-12718, CVE-2025-4435 on tarfile
#
# The backported fixes do not contain changes for ntpath.py and related tests,
# because the support for symlinks and junctions were added later in Python 3.9,
# and it does not make sense to backport them to 3.6 here.
#
# The patch consist of the following commits:
# - https://github.com/python/cpython/commit/9d2c2a8e3b8fe18ee1568bfa4a419847b3e78575
# fixes handling of existing files/symlinks in tarfile
# - https://github.com/python/cpython/commit/00af9794dd118f7b835dd844b2b609a503ad951e
# adds a new "strict" argument to realpath()
# - https://github.com/python/cpython/commit/dd8f187d0746da151e0025c51680979ac5b4cfb1
# fixes multiple CVE fixes in the tarfile module
# - downstream only patch that makes the changes work and compatible with Python 3.6
Patch465: 00465-tarfile-cves.patch
# (New patches go here ^^^) # (New patches go here ^^^)
# #
# When adding new patches to "python" and "python3" in Fedora, EL, etc., # When adding new patches to "python" and "python3" in Fedora, EL, etc.,
@ -1249,7 +1266,7 @@ rm Lib/ensurepip/_bundled/*.whl
%patch346 -p1 %patch346 -p1
# Patch 351 adds binary file for testing. We need to apply it using Git. # Patch 351 adds binary file for testing. We need to apply it using Git.
git apply %{PATCH351} GIT_DIR=$PWD git apply %{PATCH351}
%patch352 -p1 %patch352 -p1
%patch353 -p1 %patch353 -p1
@ -1287,6 +1304,7 @@ git apply %{PATCH351}
%patch437 -p1 %patch437 -p1
%patch443 -p1 %patch443 -p1
%patch444 -p1 %patch444 -p1
%patch465 -p1
# Remove files that should be generated by the build # Remove files that should be generated by the build
# (This is after patching, so that we can use patches directly from upstream) # (This is after patching, so that we can use patches directly from upstream)
@ -2218,6 +2236,10 @@ fi
# ====================================================== # ======================================================
%changelog %changelog
* Tue Jun 24 2025 Lumír Balhar <lbalhar@redhat.com> - 3.6.8-70
- Security fixes for CVE-2025-4517, CVE-2025-4330, CVE-2025-4138, CVE-2024-12718, CVE-2025-4435
Resolves: RHEL-98030, RHEL-97987, RHEL-98232, RHEL-98065, RHEL-98189
* Thu Nov 14 2024 Lumír Balhar <lbalhar@redhat.com> - 3.6.8-69 * Thu Nov 14 2024 Lumír Balhar <lbalhar@redhat.com> - 3.6.8-69
- Security fix for CVE-2024-11168 - Security fix for CVE-2024-11168
Resolves: RHEL-67252 Resolves: RHEL-67252