Security fix for CVE-2024-6345 (in bundled setuptools wheel)
This commit is contained in:
Miro Hrončok
parent
64480d7ccc
commit
1bb7fee2bb
2 changed files with 100 additions and 1 deletions
|
|
@ -17,7 +17,7 @@ URL: https://www.python.org/
|
|||
#global prerel ...
|
||||
%global upstream_version %{general_version}%{?prerel}
|
||||
Version: %{general_version}%{?prerel:~%{prerel}}
|
||||
Release: 29%{?dist}
|
||||
Release: 34%{?dist}
|
||||
# Python is Python
|
||||
# pip MIT is and bundles:
|
||||
# appdirs: MIT
|
||||
|
|
@ -324,6 +324,13 @@ Source11: idle3.appdata.xml
|
|||
# Patch for the bundled pip wheel for CVE-2007-4559
|
||||
Source101: pip-CVE-2007-4559.patch
|
||||
|
||||
# Patch for the bundled setuptools wheel for CVE-2024-6345
|
||||
# Remote code execution via download functions in the package_index module
|
||||
# Tracking bug: https://bugzilla.redhat.com/show_bug.cgi?id=2297771
|
||||
# Upstream solution: https://github.com/pypa/setuptools/pull/4332
|
||||
# Patch simplified because upstream doesn't support SVN anymore.
|
||||
Source102: setuptools-CVE-2024-6345.patch
|
||||
|
||||
# (Patches taken from github.com/fedora-python/cpython)
|
||||
|
||||
# 00001 # d06a8853cf4bae9e115f45e1d531d2dc152c5cc8
|
||||
|
|
@ -1057,6 +1064,12 @@ unzip -qq Lib/ensurepip/_bundled/pip-%{pip_version}-py2.py3-none-any.whl
|
|||
patch -p1 < %{SOURCE101}
|
||||
zip -rq Lib/ensurepip/_bundled/pip-%{pip_version}-py2.py3-none-any.whl pip pip-%{pip_version}.dist-info
|
||||
rm -rf pip/ pip-%{pip_version}.dist-info/
|
||||
|
||||
# Patch the bundled setuptools wheel for CVE-2024-6345
|
||||
unzip -qq Lib/ensurepip/_bundled/setuptools-%{setuptools_version}-py2.py3-none-any.whl
|
||||
patch -p1 < %{SOURCE102}
|
||||
zip -rq Lib/ensurepip/_bundled/setuptools-%{setuptools_version}-py2.py3-none-any.whl easy_install.py pkg_resources setuptools setuptools-%{setuptools_version}.dist-info
|
||||
rm -rf easy_install.py pkg_resources/ setuptools/ setuptools-%{setuptools_version}.dist-info/
|
||||
%endif
|
||||
|
||||
# Apply the remaining patches
|
||||
|
|
@ -1971,6 +1984,9 @@ CheckPython optimized
|
|||
# ======================================================
|
||||
|
||||
%changelog
|
||||
* Thu Aug 01 2024 Miro Hrončok <mhroncok@redhat.com> - 3.6.15-34
|
||||
- Security fix for CVE-2024-6345 (in bundled setuptools wheel)
|
||||
|
||||
* Tue Jul 02 2024 Lumír Balhar <lbalhar@redhat.com> - 3.6.15-29
|
||||
- Security fix for CVE-2024-4032 (rhbz#2293394)
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue