python-interpreters/python39
SHA256
7
0
Fork 0
forked from pool/python39
Code Pull Requests Activity

- Add CVE-2023-24329-blank-URL-bypass.patch (CVE-2023-24329,

Browse Source 
bsc#1208471) blocklists bypass via the urllib.parse component
  when supplying a URL that starts with blank characters

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python39?expand=0&rev=136
This commit is contained in:
Matej Cepl
2023-03-01 21:31:34 +00:00
committed by Git OBS Bridge
parent 2163aded52
commit 5247938501
3 changed files with 67 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
python39.spec
View File

@@ -161,6 +161,10 @@ Patch35: support-expat-CVE-2022-25236-patched.patch
# PATCH-FIX-UPSTREAM 98437-sphinx.locale._-as-gettext-in-pyspecific.patch gh#python/cpython#98366 mcepl@suse.com
# this patch makes things totally awesome
Patch37: 98437-sphinx.locale._-as-gettext-in-pyspecific.patch
# PATCH-FIX-UPSTREAM CVE-2023-24329-blank-URL-bypass.patch bsc#1208471 mcepl@suse.com
# blocklist bypass via the urllib.parse component when supplying
# a URL that starts with blank characters
Patch38: CVE-2023-24329-blank-URL-bypass.patch
BuildRequires: autoconf-archive
BuildRequires: automake
BuildRequires: fdupes
@@ -424,6 +428,7 @@ other applications.
%endif
%patch35 -p1
%patch37 -p1
%patch38 -p1
# drop Autoconf version requirement
sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac