- Add CVE-2024-9287-venv_path_unquoted.patch to properly quote

path names provided when creating a virtual environment (bsc#1232241, CVE-2024-9287) OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python313?expand=0&rev=61
2024-10-25 14:01:31 +00:00
parent 994d248383
commit 9fd773a946
3 changed files with 313 additions and 0 deletions
--- a/python313.spec
+++ b/python313.spec
@@ -211,6 +211,9 @@ Patch39:        CVE-2023-52425-libexpat-2.6.0-backport-15.6.patch
 # PATCH-FIX-OPENSUSE fix-test-recursion-limit-15.6.patch gh#python/cpython#115083
 # Skip some failing tests in test_compile for i586 arch in 15.6.
 Patch40:        fix-test-recursion-limit-15.6.patch
+# PATCH-FIX-UPSTREAM CVE-2024-9287-venv_path_unquoted.patch gh#python/cpython#124651 mcepl@suse.com
+# venv should properly quote path names provided when creating a venv
+Patch41:        CVE-2024-9287-venv_path_unquoted.patch
 BuildRequires:  autoconf-archive
 BuildRequires:  automake
 BuildRequires:  fdupes