python-interpreters/python310
SHA256
6
0
Fork 0
forked from pool/python310
Code Pull Requests Activity

- Add CVE-2024-9287-venv_path_unquoted.patch to properly quote

Browse Source 
path names provided when creating a virtual environment
  (bsc#1232241, CVE-2024-9287)

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python310?expand=0&rev=152
This commit is contained in:
Matej Cepl
2024-10-24 20:33:27 +00:00
committed by Git OBS Bridge
parent 1a37b48cb7
commit d14501d6b2
3 changed files with 279 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
python310.spec
View File

@@ -204,6 +204,9 @@ Patch27: gh120226-fix-sendfile-test-kernel-610.patch
# PATCH-FIX-UPSTREAM sphinx-802.patch mcepl@suse.com
# status_iterator method moved between the Sphinx versions
Patch28: sphinx-802.patch
# PATCH-FIX-UPSTREAM CVE-2024-9287-venv_path_unquoted.patch gh#python/cpython#124651 mcepl@suse.com
# venv should properly quote path names provided when creating a venv
Patch29: CVE-2024-9287-venv_path_unquoted.patch
BuildRequires: autoconf-archive
BuildRequires: automake
BuildRequires: fdupes
@@ -483,6 +486,7 @@ other applications.
%patch -p1 -P 24
%patch -p1 -P 27
%patch -p1 -P 28
%patch -p1 -P 29
# drop Autoconf version requirement
sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac