rpms/python3.6
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Security fixes for CVE-2025-4517, CVE-2025-4330, CVE-2025-4138, CVE-2024-12718, CVE-2025-4435

Browse source
This commit is contained in:
Lumir Balhar 2025-06-26 21:58:58 +02:00
commit 47fdac4069
2 changed files with 1816 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

1791
00465-tarfile-cves.patch Normal file
View file

File diff suppressed because it is too large Load diff

26
python3.6.spec
View file

@ -17,7 +17,7 @@ URL: https://www.python.org/
#global prerel ...
%global upstream_version %{general_version}%{?prerel}
Version: %{general_version}%{?prerel:~%{prerel}}
Release: 46%{?dist}
Release: 47%{?dist}
# Python is Python
# pip MIT is and bundles:
# appdirs: MIT
@ -827,6 +827,27 @@ Patch452: 00452-properly-apply-exported-cflags-for-dtrace-systemtap-builds.patch
# https://github.com/python/cpython/pull/127361
Patch457: 00457-ssl-raise-oserror-for-err_lib_sys.patch
# 00465 # 2224c823bcc1b62b85f516883151459ae51cdb7d
# tarfile cves
#
# Security fixes for CVE-2025-4517, CVE-2025-4330, CVE-2025-4138, CVE-2024-12718, CVE-2025-4435 on tarfile
#
# The backported fixes do not contain changes for ntpath.py and related tests,
# because the support for symlinks and junctions were added later in Python 3.9,
# and it does not make sense to backport them to 3.6 here.
#
# The patch is contains the following changes:
# - https://github.com/python/cpython/commit/42deeab5b2efc2930d4eb73416e1dde9cf790dd2
# fixes symlink handling for tarfile.data_filter
# - https://github.com/python/cpython/commit/9d2c2a8e3b8fe18ee1568bfa4a419847b3e78575
# fixes handling of existing files/symlinks in tarfile
# - https://github.com/python/cpython/commit/00af9794dd118f7b835dd844b2b609a503ad951e
# adds a new "strict" argument to realpath()
# - https://github.com/python/cpython/commit/dd8f187d0746da151e0025c51680979ac5b4cfb1
# fixes mulriple CVE fixes in the tarfile module
# - downstream only fixes that makes the changes work and compatible with Python 3.6
Patch465: 00465-tarfile-cves.patch
# (New patches go here ^^^)
#
# When adding new patches to "python" and "python3" in Fedora, EL, etc.,
@ -2106,6 +2127,9 @@ CheckPython optimized
# ======================================================
%changelog
* Thu Jun 26 2025 Lumír Balhar <lbalhar@redhat.com> - 3.6.15-47
- Security fixes for CVE-2025-4517, CVE-2025-4330, CVE-2025-4138, CVE-2024-12718, CVE-2025-4435
* Wed Apr 23 2025 Miro Hrončok <mhroncok@redhat.com> - 3.6.15-46
- Add RPM Provides for python3.6-libs, python3.6-devel, python3.6-idle, python3.6-tkinter, python3.6-test