CVE-2007-4559, PEP-706: Add filters for tarfile extraction
This commit is contained in:
parent
068ab3b947
commit
970efeb292
2713
00397-tarfile-filter.patch
Normal file
2713
00397-tarfile-filter.patch
Normal file
File diff suppressed because it is too large
Load Diff
@ -17,7 +17,7 @@ URL: https://www.python.org/
|
||||
#global prerel ...
|
||||
%global upstream_version %{general_version}%{?prerel}
|
||||
Version: %{general_version}%{?prerel:~%{prerel}}
|
||||
Release: 1%{?dist}
|
||||
Release: 2%{?dist}
|
||||
License: Python
|
||||
|
||||
# Exclude i686 arch. Due to a modularity issue it's being added to the
|
||||
@ -415,6 +415,14 @@ Patch353: 00353-architecture-names-upstream-downstream.patch
|
||||
# Upstream: https://bugs.python.org/issue46811
|
||||
Patch378: 00378-support-expat-2-4-5.patch
|
||||
|
||||
# 00397 #
|
||||
# Add filters for tarfile extraction (CVE-2007-4559, PEP-706)
|
||||
# The first patch backports the upstream fix:
|
||||
# - https://github.com/python/cpython/pull/104382
|
||||
# The second patch is Red Hat configuration, see KB for documentation:
|
||||
# - https://access.redhat.com/articles/7004769
|
||||
Patch397: 00397-tarfile-filter.patch
|
||||
|
||||
# (New patches go here ^^^)
|
||||
#
|
||||
# When adding new patches to "python" and "python3" in Fedora, EL, etc.,
|
||||
@ -826,6 +834,7 @@ rm Lib/ensurepip/_bundled/*.whl
|
||||
%apply_patch -q %{PATCH329}
|
||||
%apply_patch -q %{PATCH353}
|
||||
%apply_patch -q %{PATCH378}
|
||||
%apply_patch -q %{PATCH397}
|
||||
|
||||
# Remove all exe files to ensure we are not shipping prebuilt binaries
|
||||
# note that those are only used to create Microsoft Windows installers
|
||||
@ -1992,6 +2001,10 @@ fi
|
||||
# ======================================================
|
||||
|
||||
%changelog
|
||||
* Mon Jun 19 2023 Petr Viktorin <pviktori@redhat.com> - 3.9.16-2
|
||||
- Add filters for tarfile extraction (CVE-2007-4559, PEP-706)
|
||||
Resolves: rhbz#263261
|
||||
|
||||
* Tue Dec 13 2022 Charalampos Stratakis <cstratak@redhat.com> - 3.9.16-1
|
||||
- Update to 3.9.16
|
||||
- Security fix for CVE-2022-45061
|
||||
|
Loading…
Reference in New Issue
Block a user