pool/python
SHA256
11
0
Fork 1
Code Issues Pull Requests Activity

- bsc#1221854 (CVE-2024-0450) Add

Browse Source 
CVE-2024-0450-zipfile-avoid-quoted-overlap-zipbomb.patch
  detecting the vulnerability of the "quoted-overlap" zipbomb
  (from gh#python/cpython!110016).

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=416
This commit is contained in:
Matej Cepl
2024-05-18 16:51:08 +00:00
committed by Git OBS Bridge
parent 773b5da2c2
commit 3b6fb6241d
7 changed files with 180 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
python.spec
View File

@@ -161,6 +161,9 @@ Patch79: CVE-2023-40217-avoid-ssl-pre-close.patch
# PATCH-FIX-UPSTREAM CVE-2022-48566-compare_digest-more-constant.patch bsc#1214691 mcepl@suse.com
# Make compare_digest more constant-time
Patch80: CVE-2022-48566-compare_digest-more-constant.patch
# PATCH-FIX-UPSTREAM CVE-2024-0450-zipfile-avoid-quoted-overlap-zipbomb.patch bsc#1221854 mcepl@suse.com
# detecting the vulnerability of the "quoted-overlap" zipbomb (from gh#python/cpython!110016).
Patch81: CVE-2024-0450-zipfile-avoid-quoted-overlap-zipbomb.patch
# COMMON-PATCH-END
BuildRequires: automake
BuildRequires: db-devel
@@ -372,6 +375,7 @@ that rely on earlier non-verification behavior.
%patch -P 78 -p1
%patch -P 79 -p1
%patch -P 80 -p1
%patch -P 81 -p1
# For patch 66
cp -v %{SOURCE66} Lib/test/recursion.tar