python-interpreters/python312
SHA256
7
0
Fork 0
forked from pool/python312
Code Pull Requests Activity

Add CVE-2025-6075-expandvars-perf-degrad.patch avoid simple

Browse Source 
quadratic complexity vulnerabilities of os.path.expandvars()
  (CVE-2025-6075, bsc#1252974).
Reapply patches:
  - bsc1243155-sphinx-non-determinism.patch
  - doc-py38-to-py36.patch
  - fix_configure_rst.patch
This commit is contained in:
Matej Cepl
2025-11-15 19:02:49 +01:00
parent a6fa7f608e
commit 3c05b2426b
6 changed files with 449 additions and 53 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
python312.spec
View File

@@ -189,6 +189,9 @@ Patch44: doc-py38-to-py36.patch
Patch45: bsc1243155-sphinx-non-determinism.patch
# PATCH-FIX-OPENSUSE gh139257-Support-docutils-0.22.patch gh#python/cpython#139257 daniel.garcia@suse.com
Patch46: gh139257-Support-docutils-0.22.patch
# PATCH-FIX-UPSTREAM CVE-2025-6075-expandvars-perf-degrad.patch bsc#1252974 mcepl@suse.com
# Avoid potential quadratic complexity vulnerabilities in path modules
Patch47: CVE-2025-6075-expandvars-perf-degrad.patch
BuildRequires: autoconf-archive
BuildRequires: automake
BuildRequires: fdupes
@@ -479,10 +482,6 @@ rm Lib/site-packages/README.txt
# Add vendored bluez-devel files
tar xvf %{SOURCE21}
# Don't fail on warnings when building documentation
sed -i -e '/^SPHINXERRORHANDLING/s/--fail-on-warning//' Doc/Makefile
sed -i -e '/^SPHINXERRORHANDLING/s/-W//' Doc/Makefile
%build
%if %{with doc}
TODAY_DATE=`date -r %{SOURCE0} "+%%B %%d, %%Y"`