rpms/python39
6
0
Fork 0
Code Issues Pull Requests Releases Activity

CVE-2007-4559, PEP-706: Add filters for tarfile extraction

Browse Source
This commit is contained in:
pviktori 2023-05-31 12:30:23 +00:00 committed by Petr Viktorin
parent 068ab3b947
commit 970efeb292
2 changed files with 2727 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2713
00397-tarfile-filter.patch Normal file
View File

File diff suppressed because it is too large Load Diff

15
python39.spec
View File

@ -17,7 +17,7 @@ URL: https://www.python.org/
#global prerel ... #global prerel ...
%global upstream_version %{general_version}%{?prerel} %global upstream_version %{general_version}%{?prerel}
Version: %{general_version}%{?prerel:~%{prerel}} Version: %{general_version}%{?prerel:~%{prerel}}
Release: 1%{?dist} Release: 2%{?dist}
License: Python License: Python
# Exclude i686 arch. Due to a modularity issue it's being added to the # Exclude i686 arch. Due to a modularity issue it's being added to the
@ -415,6 +415,14 @@ Patch353: 00353-architecture-names-upstream-downstream.patch
# Upstream: https://bugs.python.org/issue46811 # Upstream: https://bugs.python.org/issue46811
Patch378: 00378-support-expat-2-4-5.patch Patch378: 00378-support-expat-2-4-5.patch
# 00397 #
# Add filters for tarfile extraction (CVE-2007-4559, PEP-706)
# The first patch backports the upstream fix:
# - https://github.com/python/cpython/pull/104382
# The second patch is Red Hat configuration, see KB for documentation:
# - https://access.redhat.com/articles/7004769
Patch397: 00397-tarfile-filter.patch
# (New patches go here ^^^) # (New patches go here ^^^)
# #
# When adding new patches to "python" and "python3" in Fedora, EL, etc., # When adding new patches to "python" and "python3" in Fedora, EL, etc.,
@ -826,6 +834,7 @@ rm Lib/ensurepip/_bundled/*.whl
%apply_patch -q %{PATCH329} %apply_patch -q %{PATCH329}
%apply_patch -q %{PATCH353} %apply_patch -q %{PATCH353}
%apply_patch -q %{PATCH378} %apply_patch -q %{PATCH378}
%apply_patch -q %{PATCH397}
# Remove all exe files to ensure we are not shipping prebuilt binaries # Remove all exe files to ensure we are not shipping prebuilt binaries
# note that those are only used to create Microsoft Windows installers # note that those are only used to create Microsoft Windows installers
@ -1992,6 +2001,10 @@ fi
# ====================================================== # ======================================================
%changelog %changelog
* Mon Jun 19 2023 Petr Viktorin <pviktori@redhat.com> - 3.9.16-2
- Add filters for tarfile extraction (CVE-2007-4559, PEP-706)
Resolves: rhbz#263261
* Tue Dec 13 2022 Charalampos Stratakis <cstratak@redhat.com> - 3.9.16-1 * Tue Dec 13 2022 Charalampos Stratakis <cstratak@redhat.com> - 3.9.16-1
- Update to 3.9.16 - Update to 3.9.16
- Security fix for CVE-2022-45061 - Security fix for CVE-2022-45061