Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

python3: Address CVE-2024-11168 #11099

Merged
merged 3 commits into from
Nov 15, 2024
Merged

python3: Address CVE-2024-11168 #11099

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
1c1e906
python3: Address CVE-2024-11168
Nov 15, 2024
dc081c9
Update the patch to remove offsets while building
Nov 15, 2024
f3e2b5a
Merge branch 'fasttrack/2.0' into ankitapareek/2.0-python3-CVE-fix
jslobodzian Nov 15, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2,718 changes: 2,718 additions & 0 deletions SPECS/python3/CVE-2024-11168.patch
View file
Open in desktop

Large diffs are not rendered by default.

7 changes: 6 additions & 1 deletion SPECS/python3/python3.spec
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@
Summary: A high-level scripting language
Name: python3
Version: 3.9.19
Release: 6%{?dist}
Release: 7%{?dist}
License: PSF
Vendor: Microsoft Corporation
Distribution: Mariner
Expand All @@ -27,6 +27,7 @@ Patch3: CVE-2024-7592.patch
Patch4: CVE-2024-6232.patch
Patch5: CVE-2024-8088.patch
Patch6: CVE-2024-4032.patch
Patch7: CVE-2024-11168.patch
# Patch for setuptools, resolved in 65.5.1
Patch1000: CVE-2022-40897.patch
Patch1001: CVE-2024-6345.patch
Expand Down Expand Up @@ -171,6 +172,7 @@ The test package contains all regression tests for Python as well as the modules
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1

%build
# Remove GCC specs and build environment linker scripts
Expand Down Expand Up @@ -326,6 +328,9 @@ rm -rf %{buildroot}%{_bindir}/__pycache__
%{_libdir}/python%{majmin}/test/*

%changelog
* Fri Nov 15 2024 Ankita Pareek <[email protected]> - 3.9.19-7
- Address CVE-2024-11168

* Tue Oct 01 2024 Ankita Pareek <[email protected]> - 3.9.19-6
- Patch for CVE-2024-4032

Expand Down
8 changes: 4 additions & 4 deletions toolkit/resources/manifests/package/pkggen_core_aarch64.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -237,10 +237,10 @@ ca-certificates-base-2.0.0-18.cm2.noarch.rpm
ca-certificates-2.0.0-18.cm2.noarch.rpm
dwz-0.14-2.cm2.aarch64.rpm
unzip-6.0-20.cm2.aarch64.rpm
python3-3.9.19-6.cm2.aarch64.rpm
python3-devel-3.9.19-6.cm2.aarch64.rpm
python3-libs-3.9.19-6.cm2.aarch64.rpm
python3-setuptools-3.9.19-6.cm2.noarch.rpm
python3-3.9.19-7.cm2.aarch64.rpm
python3-devel-3.9.19-7.cm2.aarch64.rpm
python3-libs-3.9.19-7.cm2.aarch64.rpm
python3-setuptools-3.9.19-7.cm2.noarch.rpm
python3-pygments-2.4.2-7.cm2.noarch.rpm
which-2.21-8.cm2.aarch64.rpm
libselinux-3.2-1.cm2.aarch64.rpm
Expand Down
8 changes: 4 additions & 4 deletions toolkit/resources/manifests/package/pkggen_core_x86_64.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -237,10 +237,10 @@ ca-certificates-base-2.0.0-18.cm2.noarch.rpm
ca-certificates-2.0.0-18.cm2.noarch.rpm
dwz-0.14-2.cm2.x86_64.rpm
unzip-6.0-20.cm2.x86_64.rpm
python3-3.9.19-6.cm2.x86_64.rpm
python3-devel-3.9.19-6.cm2.x86_64.rpm
python3-libs-3.9.19-6.cm2.x86_64.rpm
python3-setuptools-3.9.19-6.cm2.noarch.rpm
python3-3.9.19-7.cm2.x86_64.rpm
python3-devel-3.9.19-7.cm2.x86_64.rpm
python3-libs-3.9.19-7.cm2.x86_64.rpm
python3-setuptools-3.9.19-7.cm2.noarch.rpm
python3-pygments-2.4.2-7.cm2.noarch.rpm
which-2.21-8.cm2.x86_64.rpm
libselinux-3.2-1.cm2.x86_64.rpm
Expand Down
18 changes: 9 additions & 9 deletions toolkit/resources/manifests/package/toolchain_aarch64.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -510,28 +510,28 @@ procps-ng-devel-3.3.17-2.cm2.aarch64.rpm
procps-ng-lang-3.3.17-2.cm2.aarch64.rpm
pyproject-rpm-macros-1.0.0~rc1-4.cm2.noarch.rpm
python-markupsafe-debuginfo-2.1.0-1.cm2.aarch64.rpm
python3-3.9.19-6.cm2.aarch64.rpm
python3-3.9.19-7.cm2.aarch64.rpm
python3-audit-3.0.6-8.cm2.aarch64.rpm
python3-cracklib-2.9.7-5.cm2.aarch64.rpm
python3-curses-3.9.19-6.cm2.aarch64.rpm
python3-curses-3.9.19-7.cm2.aarch64.rpm
python3-Cython-0.29.33-2.cm2.aarch64.rpm
python3-debuginfo-3.9.19-6.cm2.aarch64.rpm
python3-devel-3.9.19-6.cm2.aarch64.rpm
python3-debuginfo-3.9.19-7.cm2.aarch64.rpm
python3-devel-3.9.19-7.cm2.aarch64.rpm
python3-gpg-1.16.0-2.cm2.aarch64.rpm
python3-jinja2-3.0.3-4.cm2.noarch.rpm
python3-libcap-ng-0.8.2-2.cm2.aarch64.rpm
python3-libs-3.9.19-6.cm2.aarch64.rpm
python3-libs-3.9.19-7.cm2.aarch64.rpm
python3-libxml2-2.10.4-4.cm2.aarch64.rpm
python3-lxml-4.9.1-1.cm2.aarch64.rpm
python3-magic-5.40-2.cm2.noarch.rpm
python3-markupsafe-2.1.0-1.cm2.aarch64.rpm
python3-newt-0.52.21-5.cm2.aarch64.rpm
python3-pip-3.9.19-6.cm2.noarch.rpm
python3-pip-3.9.19-7.cm2.noarch.rpm
python3-pygments-2.4.2-7.cm2.noarch.rpm
python3-rpm-4.18.0-4.cm2.aarch64.rpm
python3-setuptools-3.9.19-6.cm2.noarch.rpm
python3-test-3.9.19-6.cm2.aarch64.rpm
python3-tools-3.9.19-6.cm2.aarch64.rpm
python3-setuptools-3.9.19-7.cm2.noarch.rpm
python3-test-3.9.19-7.cm2.aarch64.rpm
python3-tools-3.9.19-7.cm2.aarch64.rpm
readline-8.1-1.cm2.aarch64.rpm
readline-debuginfo-8.1-1.cm2.aarch64.rpm
readline-devel-8.1-1.cm2.aarch64.rpm
Expand Down
18 changes: 9 additions & 9 deletions toolkit/resources/manifests/package/toolchain_x86_64.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -516,28 +516,28 @@ procps-ng-devel-3.3.17-2.cm2.x86_64.rpm
procps-ng-lang-3.3.17-2.cm2.x86_64.rpm
pyproject-rpm-macros-1.0.0~rc1-4.cm2.noarch.rpm
python-markupsafe-debuginfo-2.1.0-1.cm2.x86_64.rpm
python3-3.9.19-6.cm2.x86_64.rpm
python3-3.9.19-7.cm2.x86_64.rpm
python3-audit-3.0.6-8.cm2.x86_64.rpm
python3-cracklib-2.9.7-5.cm2.x86_64.rpm
python3-curses-3.9.19-6.cm2.x86_64.rpm
python3-curses-3.9.19-7.cm2.x86_64.rpm
python3-Cython-0.29.33-2.cm2.x86_64.rpm
python3-debuginfo-3.9.19-6.cm2.x86_64.rpm
python3-devel-3.9.19-6.cm2.x86_64.rpm
python3-debuginfo-3.9.19-7.cm2.x86_64.rpm
python3-devel-3.9.19-7.cm2.x86_64.rpm
python3-gpg-1.16.0-2.cm2.x86_64.rpm
python3-jinja2-3.0.3-4.cm2.noarch.rpm
python3-libcap-ng-0.8.2-2.cm2.x86_64.rpm
python3-libs-3.9.19-6.cm2.x86_64.rpm
python3-libs-3.9.19-7.cm2.x86_64.rpm
python3-libxml2-2.10.4-4.cm2.x86_64.rpm
python3-lxml-4.9.1-1.cm2.x86_64.rpm
python3-magic-5.40-2.cm2.noarch.rpm
python3-markupsafe-2.1.0-1.cm2.x86_64.rpm
python3-newt-0.52.21-5.cm2.x86_64.rpm
python3-pip-3.9.19-6.cm2.noarch.rpm
python3-pip-3.9.19-7.cm2.noarch.rpm
python3-pygments-2.4.2-7.cm2.noarch.rpm
python3-rpm-4.18.0-4.cm2.x86_64.rpm
python3-setuptools-3.9.19-6.cm2.noarch.rpm
python3-test-3.9.19-6.cm2.x86_64.rpm
python3-tools-3.9.19-6.cm2.x86_64.rpm
python3-setuptools-3.9.19-7.cm2.noarch.rpm
python3-test-3.9.19-7.cm2.x86_64.rpm
python3-tools-3.9.19-7.cm2.x86_64.rpm
readline-8.1-1.cm2.x86_64.rpm
readline-debuginfo-8.1-1.cm2.x86_64.rpm
readline-devel-8.1-1.cm2.x86_64.rpm
Expand Down
Loading