From ffbd97a39229bf2bb4d8210ce4af02f3ade9c36e Mon Sep 17 00:00:00 2001 From: MSVSphere Packaging Team Date: Wed, 3 Apr 2024 03:08:02 +0300 Subject: [PATCH] import python3x-pip-20.2.4-8.module+el8.9.0+21344+82807453.1 --- SPECS/python3x-pip.spec | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/SPECS/python3x-pip.spec b/SPECS/python3x-pip.spec index 7b6ca5b..7e38ca6 100644 --- a/SPECS/python3x-pip.spec +++ b/SPECS/python3x-pip.spec @@ -19,7 +19,7 @@ Name: python3x-%{srcname} Version: %{base_version}%{?prerel:~%{prerel}} -Release: 8%{?dist} +Release: 8%{?dist}.1 Summary: A tool for installing and managing Python packages # We bundle a lot of libraries with pip, which itself is under MIT license. @@ -231,7 +231,9 @@ Recommends: python%{python3_pkgversion}-setuptools # Require alternatives version that implements the --keep-foreign flag Requires(postun): alternatives >= 1.19.1-1 # python39 installs the alternatives master symlink to which we attach a slave -Requires: python%{python3_pkgversion} +# pip has to require explicit version of python that provides +# filters in tarfile module (fix for CVE-2007-4559). +Requires: python%{python3_pkgversion} >= 3.9.17-2 Requires(post): python%{python3_pkgversion} Requires(postun): python%{python3_pkgversion} @@ -260,6 +262,7 @@ A documentation for a tool for installing and managing Python packages %package -n python%{python3_pkgversion}-%{srcname}-wheel Summary: The pip wheel Requires: ca-certificates +Conflicts: python%{python3_pkgversion} < 3.9.17-2 # Virtual provides for the packages bundled by pip: %{bundled %{python3_version}} @@ -467,6 +470,10 @@ fi %{python_wheeldir}/%{python_wheelname} %changelog +* Fri Feb 16 2024 Tomáš Hrnčiar - 20.2.4-8.1 +- Require Python with tarfile filters +Resolves: RHEL-25459 + * Tue Dec 12 2023 MSVSphere Packaging Team - 20.2.4-8 - Rebuilt for MSVSphere 8.8