Security fixes for CVE-2025-4517, CVE-2025-4330, CVE-2025-4138, CVE-2024-12718, CVE-2025-4435
Resolves: RHEL-98030, RHEL-97987, RHEL-98232, RHEL-98065, RHEL-98189
This commit is contained in:
		
							parent
							
								
									39fce6de3f
								
							
						
					
					
						commit
						6e9b200e35
					
				
							
								
								
									
										1783
									
								
								00465-tarfile-cves.patch
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										1783
									
								
								00465-tarfile-cves.patch
									
									
									
									
									
										Normal file
									
								
							
										
											
												File diff suppressed because it is too large
												Load Diff
											
										
									
								
							
							
								
								
									
										24
									
								
								python3.spec
									
									
									
									
									
								
							
							
						
						
									
										24
									
								
								python3.spec
									
									
									
									
									
								
							| @ -14,7 +14,7 @@ URL: https://www.python.org/ | |||||||
| #  WARNING  When rebasing to a new Python version, | #  WARNING  When rebasing to a new Python version, | ||||||
| #           remember to update the python3-docs package as well | #           remember to update the python3-docs package as well | ||||||
| Version: %{pybasever}.8 | Version: %{pybasever}.8 | ||||||
| Release: 69%{?dist} | Release: 70%{?dist} | ||||||
| License: Python | License: Python | ||||||
| 
 | 
 | ||||||
| 
 | 
 | ||||||
| @ -918,6 +918,23 @@ Patch443: 00443-gh-124651-quote-template-strings-in-venv-activation-scripts.patc | |||||||
| # Tests are adjusted because Python <3.9 don't support scoped IPv6 addresses. | # Tests are adjusted because Python <3.9 don't support scoped IPv6 addresses. | ||||||
| Patch444: 00444-security-fix-for-cve-2024-11168.patch | Patch444: 00444-security-fix-for-cve-2024-11168.patch | ||||||
| 
 | 
 | ||||||
|  | # 00465 # | ||||||
|  | # Security fixes for CVE-2025-4517, CVE-2025-4330, CVE-2025-4138, CVE-2024-12718, CVE-2025-4435 on tarfile | ||||||
|  | # | ||||||
|  | # The backported fixes do not contain changes for ntpath.py and related tests, | ||||||
|  | # because the support for symlinks and junctions were added later in Python 3.9, | ||||||
|  | # and it does not make sense to backport them to 3.6 here. | ||||||
|  | # | ||||||
|  | # The patch consist of the following commits: | ||||||
|  | # - https://github.com/python/cpython/commit/9d2c2a8e3b8fe18ee1568bfa4a419847b3e78575 | ||||||
|  | #   fixes handling of existing files/symlinks in tarfile | ||||||
|  | # - https://github.com/python/cpython/commit/00af9794dd118f7b835dd844b2b609a503ad951e | ||||||
|  | #   adds a new "strict" argument to realpath() | ||||||
|  | # - https://github.com/python/cpython/commit/dd8f187d0746da151e0025c51680979ac5b4cfb1 | ||||||
|  | #   fixes multiple CVE fixes in the tarfile module | ||||||
|  | # - downstream only patch that makes the changes work and compatible with Python 3.6 | ||||||
|  | Patch465: 00465-tarfile-cves.patch | ||||||
|  | 
 | ||||||
| # (New patches go here ^^^) | # (New patches go here ^^^) | ||||||
| # | # | ||||||
| # When adding new patches to "python" and "python3" in Fedora, EL, etc., | # When adding new patches to "python" and "python3" in Fedora, EL, etc., | ||||||
| @ -1287,6 +1304,7 @@ GIT_DIR=$PWD git apply %{PATCH351} | |||||||
| %patch437 -p1 | %patch437 -p1 | ||||||
| %patch443 -p1 | %patch443 -p1 | ||||||
| %patch444 -p1 | %patch444 -p1 | ||||||
|  | %patch465 -p1 | ||||||
| 
 | 
 | ||||||
| # Remove files that should be generated by the build | # Remove files that should be generated by the build | ||||||
| # (This is after patching, so that we can use patches directly from upstream) | # (This is after patching, so that we can use patches directly from upstream) | ||||||
| @ -2218,6 +2236,10 @@ fi | |||||||
| # ====================================================== | # ====================================================== | ||||||
| 
 | 
 | ||||||
| %changelog | %changelog | ||||||
|  | * Tue Jun 24 2025 Lumír Balhar <lbalhar@redhat.com> - 3.6.8-70 | ||||||
|  | - Security fixes for CVE-2025-4517, CVE-2025-4330, CVE-2025-4138, CVE-2024-12718, CVE-2025-4435 | ||||||
|  | Resolves: RHEL-98030, RHEL-97987, RHEL-98232, RHEL-98065, RHEL-98189 | ||||||
|  | 
 | ||||||
| * Thu Nov 14 2024 Lumír Balhar <lbalhar@redhat.com> - 3.6.8-69 | * Thu Nov 14 2024 Lumír Balhar <lbalhar@redhat.com> - 3.6.8-69 | ||||||
| - Security fix for CVE-2024-11168 | - Security fix for CVE-2024-11168 | ||||||
| Resolves: RHEL-67252 | Resolves: RHEL-67252 | ||||||
|  | |||||||
		Loading…
	
		Reference in New Issue
	
	Block a user