From da98f93b43bc7d8d1c8ea792008b5ff6db052339 Mon Sep 17 00:00:00 2001
From: eabdullin <ed.abdullin.1@gmail.com>
Date: Thu, 30 May 2024 06:20:23 +0000
Subject: [PATCH] Import from AlmaLinux stable repository

---
 .python3x-pip.metadata  |  1 -
 SPECS/python3x-pip.spec | 11 +++++++++--
 2 files changed, 9 insertions(+), 3 deletions(-)
 delete mode 100644 .python3x-pip.metadata

diff --git a/.python3x-pip.metadata b/.python3x-pip.metadata
deleted file mode 100644
index 79dce90..0000000
--- a/.python3x-pip.metadata
+++ /dev/null
@@ -1 +0,0 @@
-f39bdc0bfa08f81b4fdeb4474df08e4a7d89b0fe SOURCES/pip-20.2.4.tar.gz
diff --git a/SPECS/python3x-pip.spec b/SPECS/python3x-pip.spec
index 7de5463..a7061d4 100644
--- a/SPECS/python3x-pip.spec
+++ b/SPECS/python3x-pip.spec
@@ -19,7 +19,7 @@
 
 Name:           python3x-%{srcname}
 Version:        %{base_version}%{?prerel:~%{prerel}}
-Release:        8%{?dist}
+Release:        9%{?dist}
 Summary:        A tool for installing and managing Python packages
 
 # We bundle a lot of libraries with pip, which itself is under MIT license.
@@ -231,7 +231,9 @@ Recommends:     python%{python3_pkgversion}-setuptools
 # Require alternatives version that implements the --keep-foreign flag
 Requires(postun): alternatives >= 1.19.1-1
 # python39 installs the alternatives master symlink to which we attach a slave
-Requires: python%{python3_pkgversion}
+# pip has to require explicit version of python that provides
+# filters in tarfile module (fix for CVE-2007-4559).
+Requires: python%{python3_pkgversion} >= 3.9.17-2
 Requires(post): python%{python3_pkgversion}
 Requires(postun): python%{python3_pkgversion}
 
@@ -260,6 +262,7 @@ A documentation for a tool for installing and managing Python packages
 %package -n python%{python3_pkgversion}-%{srcname}-wheel
 Summary:        The pip wheel
 Requires:       ca-certificates
+Conflicts:      python%{python3_pkgversion} < 3.9.17-2
 
 # Virtual provides for the packages bundled by pip:
 %{bundled %{python3_version}}
@@ -467,6 +470,10 @@ fi
 %{python_wheeldir}/%{python_wheelname}
 
 %changelog
+* Wed Feb 14 2024 Tomáš Hrnčiar <thrnciar@redhat.com> - 20.2.4-9
+- Require Python with tarfile filters
+Resolves: RHEL-25457
+
 * Tue Aug 08 2023 Petr Viktorin <pviktori@redhat.com> - 20.2.4-8
 - Use tarfile.data_filter for extracting (CVE-2007-4559, PEP-721, PEP-706)
 Resolves: RHBZ#2218275