Security fixes for CVE-2025-4517, CVE-2025-4330, CVE-2025-4138, CVE-2024-12718, CVE-2025-4435
Resolves: RHEL-98030, RHEL-97987, RHEL-98232, RHEL-98065, RHEL-98189
This commit is contained in:
Lumir Balhar
parent
39fce6de3f
commit
6e9b200e35
1783
00465-tarfile-cves.patch
Normal file
1783
00465-tarfile-cves.patch
Normal file
File diff suppressed because it is too large
Load Diff
24
python3.spec
24
python3.spec
@ -14,7 +14,7 @@ URL: https://www.python.org/
|
||||
# WARNING When rebasing to a new Python version,
|
||||
# remember to update the python3-docs package as well
|
||||
Version: %{pybasever}.8
|
||||
Release: 69%{?dist}
|
||||
Release: 70%{?dist}
|
||||
License: Python
|
||||
|
||||
|
||||
@ -918,6 +918,23 @@ Patch443: 00443-gh-124651-quote-template-strings-in-venv-activation-scripts.patc
|
||||
# Tests are adjusted because Python <3.9 don't support scoped IPv6 addresses.
|
||||
Patch444: 00444-security-fix-for-cve-2024-11168.patch
|
||||
|
||||
# 00465 #
|
||||
# Security fixes for CVE-2025-4517, CVE-2025-4330, CVE-2025-4138, CVE-2024-12718, CVE-2025-4435 on tarfile
|
||||
#
|
||||
# The backported fixes do not contain changes for ntpath.py and related tests,
|
||||
# because the support for symlinks and junctions were added later in Python 3.9,
|
||||
# and it does not make sense to backport them to 3.6 here.
|
||||
#
|
||||
# The patch consist of the following commits:
|
||||
# - https://github.com/python/cpython/commit/9d2c2a8e3b8fe18ee1568bfa4a419847b3e78575
|
||||
# fixes handling of existing files/symlinks in tarfile
|
||||
# - https://github.com/python/cpython/commit/00af9794dd118f7b835dd844b2b609a503ad951e
|
||||
# adds a new "strict" argument to realpath()
|
||||
# - https://github.com/python/cpython/commit/dd8f187d0746da151e0025c51680979ac5b4cfb1
|
||||
# fixes multiple CVE fixes in the tarfile module
|
||||
# - downstream only patch that makes the changes work and compatible with Python 3.6
|
||||
Patch465: 00465-tarfile-cves.patch
|
||||
|
||||
# (New patches go here ^^^)
|
||||
#
|
||||
# When adding new patches to "python" and "python3" in Fedora, EL, etc.,
|
||||
@ -1287,6 +1304,7 @@ GIT_DIR=$PWD git apply %{PATCH351}
|
||||
%patch437 -p1
|
||||
%patch443 -p1
|
||||
%patch444 -p1
|
||||
%patch465 -p1
|
||||
|
||||
# Remove files that should be generated by the build
|
||||
# (This is after patching, so that we can use patches directly from upstream)
|
||||
@ -2218,6 +2236,10 @@ fi
|
||||
# ======================================================
|
||||
|
||||
%changelog
|
||||
* Tue Jun 24 2025 Lumír Balhar <lbalhar@redhat.com> - 3.6.8-70
|
||||
- Security fixes for CVE-2025-4517, CVE-2025-4330, CVE-2025-4138, CVE-2024-12718, CVE-2025-4435
|
||||
Resolves: RHEL-98030, RHEL-97987, RHEL-98232, RHEL-98065, RHEL-98189
|
||||
|
||||
* Thu Nov 14 2024 Lumír Balhar <lbalhar@redhat.com> - 3.6.8-69
|
||||
- Security fix for CVE-2024-11168
|
||||
Resolves: RHEL-67252
|
||||
|
||||
Loading…
Reference in New Issue
Block a user