- Add CVE-2007-4559-filter-tarfile_extractall.patch to fix

CVE-2007-4559 (bsc#1203750) by adding the filter for
  tarfile.extractall (PEP 706).

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python39?expand=0&rev=141

python39.changes

@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Wed May  3 14:09:37 UTC 2023 - Matej Cepl <mcepl@suse.com>
+
+- Add CVE-2007-4559-filter-tarfile_extractall.patch to fix
+  CVE-2007-4559 (bsc#1203750) by adding the filter for
+  tarfile.extractall (PEP 706).
+
 -------------------------------------------------------------------
 Sun Apr 30 18:16:37 UTC 2023 - Matej Cepl <mcepl@suse.com>
 

python39.spec

@@ -165,6 +165,9 @@ Patch37:        98437-sphinx.locale._-as-gettext-in-pyspecific.patch
 # blocklist bypass via the urllib.parse component when supplying
 # a URL that starts with blank characters
 Patch38:        CVE-2023-24329-blank-URL-bypass.patch
+# PATCH-FIX-UPSTREAM CVE-2007-4559-filter-tarfile_extractall.patch bsc#1203750 mcepl@suse.com
+# Implement PEP-706 to filter outcome of the tarball extracing
+Patch39:        CVE-2007-4559-filter-tarfile_extractall.patch
 BuildRequires:  autoconf-archive
 BuildRequires:  automake
 BuildRequires:  fdupes
@@ -424,6 +427,7 @@ other applications.
 %patch35 -p1
 %patch37 -p1
 %patch38 -p1
+%patch39 -p1
 
 # drop Autoconf version requirement
 sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac