- Add CVE-2007-4559-filter-tarfile_extractall.patch to fix

CVE-2007-4559 (bsc#1203750) by adding the filter for tarfile.extractall (PEP 706). OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python310?expand=0&rev=84
2023-04-27 21:21:50 +00:00 · 2023-04-27 21:21:50 +00:00 · 0a6bd2edcb
commit 0a6bd2edcb
parent f5edaf893f
3 changed files with 2600 additions and 0 deletions
--- a/CVE-2007-4559-filter-tarfile_extractall.patch
+++ b/CVE-2007-4559-filter-tarfile_extractall.patch
--- a/python310.changes
+++ b/python310.changes
@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Thu Apr 27 21:19:52 UTC 2023 - Matej Cepl <mcepl@suse.com>
+
+- Add CVE-2007-4559-filter-tarfile_extractall.patch to fix
+  CVE-2007-4559 (bsc#1203750) by adding the filter for
+  tarfile.extractall (PEP 706).
+
 -------------------------------------------------------------------
 Mon Mar 13 08:39:53 UTC 2023 - Matej Cepl <mcepl@suse.com>

--- a/python310.spec
+++ b/python310.spec
@ -173,6 +173,9 @@ Patch37:        CVE-2023-24329-blank-URL-bypass.patch
 # PATCH-FIX-UPSTREAM invalid-json.patch gh#python/cpython#102582 mcepl@suse.com
 # We require valid JSON in documentation
 Patch38:        invalid-json.patch
+# PATCH-FIX-UPSTREAM CVE-2007-4559-filter-tarfile_extractall.patch bsc#1203750 mcepl@suse.com
+# PEP 706 – Filter for tarfile.extractall
+Patch39:        CVE-2007-4559-filter-tarfile_extractall.patch
 BuildRequires:  autoconf-archive
 BuildRequires:  automake
 BuildRequires:  fdupes
@ -447,6 +450,7 @@ other applications.
 %patch36 -p1
 %patch37 -p1
 %patch38 -p1
+%patch39 -p1

 # drop Autoconf version requirement
 sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac