import UBI python3-3.6.8-56.el8_9

2023-11-14 19:00:14 +00:00 · 2023-11-14 19:00:14 +00:00 · 1563e29a86
parent c3b837042b
commit 1563e29a86
2 changed files with 3637 additions and 4 deletions
--- a/SOURCES/00397-tarfile-filter.patch
+++ b/SOURCES/00397-tarfile-filter.patch
--- a/SPECS/python3.spec
+++ b/SPECS/python3.spec
@ -14,7 +14,7 @@ URL: https://www.python.org/
 #  WARNING  When rebasing to a new Python version,
 #           remember to update the python3-docs package as well
 Version: %{pybasever}.8
-Release: 51%{?dist}.2
+Release: 56%{?dist}
 License: Python


@ -765,6 +765,19 @@ Patch387: 00387-cve-2020-10735-prevent-dos-by-very-large-int.patch
 # the behavior to linear.
 Patch394: 00394-cve-2022-45061-cpu-denial-of-service-via-inefficient-idna-decoder.patch

+# 00397 #
+# Add filters for tarfile extraction (CVE-2007-4559, PEP-706)
+# The first patches in the file backport the upstream fix:
+# - https://github.com/python/cpython/pull/104583
+#   (see the linked issue for merged backports)
+# Next-to-last patch fixes determination of symlink targets, which were treated
+#   as relative to the root of the archive,
+#   rather than the directory containing the symlink.
+#   Not yet upstream as of this writing.
+# The last patch is Red Hat configuration, see KB for documentation:
+# - https://access.redhat.com/articles/7004769
+Patch397: 00397-tarfile-filter.patch
+
 # 00399 #
 # CVE-2023-24329
 #
@ -1003,6 +1016,7 @@ configuration, browsers, and other dialogs.
 %package tkinter
 Summary: A GUI toolkit for Python
 Requires: platform-python = %{version}-%{release}
+Requires: %{name}-libs%{?_isa} = %{version}-%{release}

 %description tkinter
 The Tkinter (Tk interface) library is a graphical user interface toolkit for
@ -1134,6 +1148,7 @@ git apply %{PATCH351}
 %patch386 -p1
 %patch387 -p1
 %patch394 -p1
+%patch397 -p1
 %patch399 -p1
 %patch404 -p1

@ -2067,14 +2082,26 @@ fi
 # ======================================================

 %changelog
-* Wed Sep 27 2023 Masahiro Matsuya <mmatsuya@redhat.com> - 3.6.8-51.2
+* Thu Sep 07 2023 Charalampos Stratakis <cstratak@redhat.com> - 3.6.8-56
 - Security fix for CVE-2023-40217
-Resolves: RHEL-2933
+Resolves: RHEL-3041

-* Wed May 31 2023 Charalampos Stratakis <cstratak@redhat.com> - 3.6.8-51.1
+* Wed Aug 09 2023 Petr Viktorin <pviktori@redhat.com> - 3.6.8-55
+- Fix symlink handling in the fix for CVE-2007-4559
+Resolves: rhbz#263261
+
+* Fri Jul 07 2023 Charalampos Stratakis <cstratak@redhat.com> - 3.6.8-54
+- Bump release for rebuild
+Resolves: rhbz#2173917
+
+* Fri Jun 30 2023 Charalampos Stratakis <cstratak@redhat.com> - 3.6.8-53
 - Security fix for CVE-2023-24329
 Resolves: rhbz#2173917

+* Tue Jun 06 2023 Petr Viktorin <pviktori@redhat.com> - 3.6.8-52
+- Add filters for tarfile extraction (CVE-2007-4559, PEP-706)
+Resolves: rhbz#263261
+
 * Tue Jan 24 2023 Charalampos Stratakis <cstratak@redhat.com> - 3.6.8-51
 - Properly strip the LTO bytecode from python.o
 Resolves: rhbz#2137707