- Add CVE-2021-4189-ftplib-trust-PASV-resp.patch (bsc#1194146,

bpo#43285, CVE-2021-4189, gh#python/cpython#24838) make ftplib not trust the PASV response. - build against openssl 1.1.x (incompatible with openssl 3.0x) for now. - on sle12, python2 modules will still be called python-xxxx until EOL, for newer SLE versions they will be python2-xxxx OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=310
2022-02-06 07:47:48 +00:00
parent 556d0713a6
commit 68c3ceb48d
7 changed files with 177 additions and 4 deletions
--- a/python-doc.spec
+++ b/python-doc.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package python-doc
 #
-# Copyright (c) 2021 SUSE LLC
+# Copyright (c) 2022 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -121,6 +121,9 @@ Patch66:        CVE-2019-20907_tarfile-inf-loop.patch
 # Fixes httplib to disallow control characters in method to avoid header
 # injection
 Patch67:        CVE-2020-26116-httplib-header-injection.patch
+# PATCH-FIX-UPSTREAM CVE-2021-4189-ftplib-trust-PASV-resp.patch bsc#1194146 mcepl@suse.com
+# Make ftplib not trust the PASV response. (gh#python/cpython#24838)
+Patch68:        CVE-2021-4189-ftplib-trust-PASV-resp.patch
 # COMMON-PATCH-END
 Provides:       pyth_doc = %{version}
 Provides:       pyth_ps = %{version}
@@ -195,6 +198,7 @@ Python, and Macintosh Module Reference in PDF format.
 %patch65 -p1
 %patch66 -p1
 %patch67 -p1
+%patch68 -p1

 # For patch 66
 cp -v %{SOURCE66} Lib/test/recursion.tar