forked from pool/python311
Fix seven CVEs
CVE-2025-11468: preserving parens when folding comments in email headers (bsc#1257029, gh#python/cpython#143935). CVE-2025-11468-email-hdr-fold-comment.patch CVE-2026-0672: rejects control characters in http cookies. (bsc#1257031, gh#python/cpython#143919) CVE-2026-0672-http-hdr-inject-cookie-Morsel.patch CVE-2026-0865: rejecting control characters in wsgiref.headers.Headers, which could be abused for injecting false HTTP headers. (bsc#1257042, gh#python/cpython#143916) CVE-2026-0865-wsgiref-ctrl-chars.patch CVE-2025-15366: basically the same as the previous patch for IMAP protocol. (bsc#1257044, gh#python/cpython#143921) CVE-2025-15366-imap-ctrl-chars.patch CVE-2025-15282: basically the same as the previous patch for urllib library. (bsc#1257046, gh#python/cpython#143925) CVE-2025-15282-urllib-ctrl-chars.patch CVE-2025-15367: basically the same as the previous patch for poplib library. (bsc#1257041, gh#python/cpython#143923) CVE-2025-15367-poplib-ctrl-chars.patch CVE-2025-12781: fix decoding with non-standard Base64 alphabet (bsc#1257108, gh#python/cpython#125346) CVE-2025-12781-b64decode-alt-chars.patch
This commit is contained in:
@@ -200,6 +200,28 @@ Patch28: CVE-2025-12084-minidom-quad-search.patch
|
||||
# PATCH-FIX-UPSTREAM CVE-2025-13837-plistlib-mailicious-length.patch bsc#1254401 mcepl@suse.com
|
||||
# protect against OOM when loading malicious content
|
||||
Patch29: CVE-2025-13837-plistlib-mailicious-length.patch
|
||||
# PATCH-FIX-UPSTREAM CVE-2025-11468-email-hdr-fold-comment.patch bsc#1257029 mcepl@suse.com
|
||||
# this patch makes things totally awesome
|
||||
Patch30: CVE-2025-11468-email-hdr-fold-comment.patch
|
||||
# PATCH-FIX-UPSTREAM CVE-2026-0672-http-hdr-inject-cookie-Morsel.patch bsc#1257031 mcepl@suse.com
|
||||
# rejects control characters in http cookies.
|
||||
Patch31: CVE-2026-0672-http-hdr-inject-cookie-Morsel.patch
|
||||
# PATCH-FIX-UPSTREAM CVE-2026-0865-wsgiref-ctrl-chars.patch bsc#1257042 mcepl@suse.com
|
||||
# Reject control characters in wsgiref.headers.Headers
|
||||
Patch32: CVE-2026-0865-wsgiref-ctrl-chars.patch
|
||||
# PATCH-FIX-UPSTREAM CVE-2025-15366-imap-ctrl-chars.patch bsc#1257044 mcepl@suse.com
|
||||
# Reject control characters in wsgiref.headers.Headers
|
||||
Patch33: CVE-2025-15366-imap-ctrl-chars.patch
|
||||
# PATCH-FIX-UPSTREAM CVE-2025-15282-urllib-ctrl-chars.patch bsc#1257046 mcepl@suse.com
|
||||
# Reject control characters in urllib
|
||||
Patch34: CVE-2025-15282-urllib-ctrl-chars.patch
|
||||
# PATCH-FIX-UPSTREAM CVE-2025-15367-poplib-ctrl-chars.patch bsc#1257041 mcepl@suse.com
|
||||
# Reject control characters in poplib
|
||||
Patch35: CVE-2025-15367-poplib-ctrl-chars.patch
|
||||
# PATCH-FIX-UPSTREAM CVE-2025-12781-b64decode-alt-chars.patch bsc#1257108 mcepl@suse.com
|
||||
# Fix decoding with non-standard Base64 alphabet gh#python/cpython#125346
|
||||
Patch36: CVE-2025-12781-b64decode-alt-chars.patch
|
||||
### END OF PATCHES
|
||||
BuildRequires: autoconf-archive
|
||||
BuildRequires: automake
|
||||
BuildRequires: crypto-policies-scripts
|
||||
@@ -555,6 +577,9 @@ LD_LIBRARY_PATH=.:$LD_LIBRARY_PATH \
|
||||
%check
|
||||
export SUSE_VERSION="0%{?suse_version}"
|
||||
export SLE_VERSION="0%{?sle_version}"
|
||||
echo "Show the openssl version"
|
||||
openssl version -a
|
||||
echo ""
|
||||
%if %{with general}
|
||||
# exclude test_gdb -- it doesn't run in buildservice anyway, and fails on missing debuginfos
|
||||
# when you install gdb into your test env
|
||||
|
||||
Reference in New Issue
Block a user