Require Python with tarfile filters

Resolves: RHEL-25459
This commit is contained in:
Tomáš Hrnčiar 2024-02-16 12:06:35 +01:00
parent 5299110293
commit a8f075a72e

View File

@ -19,7 +19,7 @@
Name: python3x-%{srcname}
Version: %{base_version}%{?prerel:~%{prerel}}
Release: 8%{?dist}
Release: 8%{?dist}.1
Summary: A tool for installing and managing Python packages
# We bundle a lot of libraries with pip, which itself is under MIT license.
@ -231,7 +231,9 @@ Recommends: python%{python3_pkgversion}-setuptools
# Require alternatives version that implements the --keep-foreign flag
Requires(postun): alternatives >= 1.19.1-1
# python39 installs the alternatives master symlink to which we attach a slave
Requires: python%{python3_pkgversion}
# pip has to require explicit version of python that provides
# filters in tarfile module (fix for CVE-2007-4559).
Requires: python%{python3_pkgversion} >= 3.9.17-2
Requires(post): python%{python3_pkgversion}
Requires(postun): python%{python3_pkgversion}
@ -260,6 +262,7 @@ A documentation for a tool for installing and managing Python packages
%package -n python%{python3_pkgversion}-%{srcname}-wheel
Summary: The pip wheel
Requires: ca-certificates
Conflicts: python%{python3_pkgversion} < 3.9.17-2
# Virtual provides for the packages bundled by pip:
%{bundled %{python3_version}}
@ -467,6 +470,10 @@ fi
%{python_wheeldir}/%{python_wheelname}
%changelog
* Fri Feb 16 2024 Tomáš Hrnčiar <thrnciar@redhat.com> - 20.2.4-8.1
- Require Python with tarfile filters
Resolves: RHEL-25459
* Tue Aug 08 2023 Petr Viktorin <pviktori@redhat.com> - 20.2.4-8
- Use tarfile.data_filter for extracting (CVE-2007-4559, PEP-721, PEP-706)
Resolves: RHBZ#2218275