python-interpreters/python310
SHA256
6
0
Fork 0
Code Pull Requests Activity

- Add CVE-2022-42919-loc-priv-mulitproc-forksrv.patch to avoid

Browse Source 
CVE-2022-42919 (bsc#1204886) avoiding Linux specific local
  privilege escalation via the multiprocessing forkserver start
  method.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python310?expand=0&rev=64
This commit is contained in:
Matej Cepl
2022-11-04 14:58:28 +00:00
committed by Git OBS Bridge
parent 87c3616141
commit 7c8b7412f2
3 changed files with 71 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
python310.spec
View File

@@ -172,6 +172,9 @@ Patch37: CVE-2015-20107-mailcap-unsafe-filenames.patch
# PATCH-FIX-UPSTREAM 98437-sphinx.locale._-as-gettext-in-pyspecific.patch gh#python/cpython#98366 mcepl@suse.com
# this patch makes things totally awesome
Patch38: 98437-sphinx.locale._-as-gettext-in-pyspecific.patch
# PATCH-FIX-UPSTREAM CVE-2022-42919-loc-priv-mulitproc-forksrv.patch bsc#1204886 mcepl@suse.com
# Avoid Linux specific local privilege escalation via the multiprocessing forkserver start method
Patch39: CVE-2022-42919-loc-priv-mulitproc-forksrv.patch
BuildRequires: autoconf-archive
BuildRequires: automake
BuildRequires: fdupes
@@ -442,6 +445,7 @@ other applications.
%patch36 -p1
%patch37 -p1
%patch38 -p1
%patch39 -p1
# drop Autoconf version requirement
sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac