Require Python with tarfile filters
Resolves: RHEL-25459
This commit is contained in:
parent
5299110293
commit
a8f075a72e
@ -19,7 +19,7 @@
|
||||
|
||||
Name: python3x-%{srcname}
|
||||
Version: %{base_version}%{?prerel:~%{prerel}}
|
||||
Release: 8%{?dist}
|
||||
Release: 8%{?dist}.1
|
||||
Summary: A tool for installing and managing Python packages
|
||||
|
||||
# We bundle a lot of libraries with pip, which itself is under MIT license.
|
||||
@ -231,7 +231,9 @@ Recommends: python%{python3_pkgversion}-setuptools
|
||||
# Require alternatives version that implements the --keep-foreign flag
|
||||
Requires(postun): alternatives >= 1.19.1-1
|
||||
# python39 installs the alternatives master symlink to which we attach a slave
|
||||
Requires: python%{python3_pkgversion}
|
||||
# pip has to require explicit version of python that provides
|
||||
# filters in tarfile module (fix for CVE-2007-4559).
|
||||
Requires: python%{python3_pkgversion} >= 3.9.17-2
|
||||
Requires(post): python%{python3_pkgversion}
|
||||
Requires(postun): python%{python3_pkgversion}
|
||||
|
||||
@ -260,6 +262,7 @@ A documentation for a tool for installing and managing Python packages
|
||||
%package -n python%{python3_pkgversion}-%{srcname}-wheel
|
||||
Summary: The pip wheel
|
||||
Requires: ca-certificates
|
||||
Conflicts: python%{python3_pkgversion} < 3.9.17-2
|
||||
|
||||
# Virtual provides for the packages bundled by pip:
|
||||
%{bundled %{python3_version}}
|
||||
@ -467,6 +470,10 @@ fi
|
||||
%{python_wheeldir}/%{python_wheelname}
|
||||
|
||||
%changelog
|
||||
* Fri Feb 16 2024 Tomáš Hrnčiar <thrnciar@redhat.com> - 20.2.4-8.1
|
||||
- Require Python with tarfile filters
|
||||
Resolves: RHEL-25459
|
||||
|
||||
* Tue Aug 08 2023 Petr Viktorin <pviktori@redhat.com> - 20.2.4-8
|
||||
- Use tarfile.data_filter for extracting (CVE-2007-4559, PEP-721, PEP-706)
|
||||
Resolves: RHBZ#2218275
|
||||
|
Loading…
Reference in New Issue
Block a user