python3: Address CVE-2024-11168 (#11099)

Signed-off-by: ankita <[email protected]>
Co-authored-by: ankita <[email protected]>
Co-authored-by: jslobodzian <[email protected]>

Author: Ankita13-code

SPECS/python3/CVE-2024-11168.patch

@@ -12,7 +12,7 @@
 Summary:        A high-level scripting language
 Name:           python3
 Version:        3.9.19
-Release:        6%{?dist}
+Release:        7%{?dist}
 License:        PSF
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
@@ -27,6 +27,7 @@ Patch3:         CVE-2024-7592.patch
 Patch4:         CVE-2024-6232.patch
 Patch5:         CVE-2024-8088.patch
 Patch6:         CVE-2024-4032.patch
+Patch7:         CVE-2024-11168.patch
 # Patch for setuptools, resolved in 65.5.1
 Patch1000:      CVE-2022-40897.patch
 Patch1001:      CVE-2024-6345.patch
@@ -171,6 +172,7 @@ The test package contains all regression tests for Python as well as the modules
 %patch4 -p1
 %patch5 -p1
 %patch6 -p1
+%patch7 -p1
 
 %build
 # Remove GCC specs and build environment linker scripts
@@ -326,6 +328,9 @@ rm -rf %{buildroot}%{_bindir}/__pycache__
 %{_libdir}/python%{majmin}/test/*
 
 %changelog
+* Fri Nov 15 2024 Ankita Pareek <[email protected]> - 3.9.19-7
+- Address CVE-2024-11168
+
 * Tue Oct 01 2024 Ankita Pareek <[email protected]> - 3.9.19-6
 - Patch for CVE-2024-4032
 

SPECS/python3/python3.spec

@@ -237,10 +237,10 @@ ca-certificates-base-2.0.0-18.cm2.noarch.rpm
 ca-certificates-2.0.0-18.cm2.noarch.rpm
 dwz-0.14-2.cm2.aarch64.rpm
 unzip-6.0-20.cm2.aarch64.rpm
-python3-3.9.19-6.cm2.aarch64.rpm
-python3-devel-3.9.19-6.cm2.aarch64.rpm
-python3-libs-3.9.19-6.cm2.aarch64.rpm
-python3-setuptools-3.9.19-6.cm2.noarch.rpm
+python3-3.9.19-7.cm2.aarch64.rpm
+python3-devel-3.9.19-7.cm2.aarch64.rpm
+python3-libs-3.9.19-7.cm2.aarch64.rpm
+python3-setuptools-3.9.19-7.cm2.noarch.rpm
 python3-pygments-2.4.2-7.cm2.noarch.rpm
 which-2.21-8.cm2.aarch64.rpm
 libselinux-3.2-1.cm2.aarch64.rpm

toolkit/resources/manifests/package/pkggen_core_aarch64.txt

@@ -237,10 +237,10 @@ ca-certificates-base-2.0.0-18.cm2.noarch.rpm
 ca-certificates-2.0.0-18.cm2.noarch.rpm
 dwz-0.14-2.cm2.x86_64.rpm
 unzip-6.0-20.cm2.x86_64.rpm
-python3-3.9.19-6.cm2.x86_64.rpm
-python3-devel-3.9.19-6.cm2.x86_64.rpm
-python3-libs-3.9.19-6.cm2.x86_64.rpm
-python3-setuptools-3.9.19-6.cm2.noarch.rpm
+python3-3.9.19-7.cm2.x86_64.rpm
+python3-devel-3.9.19-7.cm2.x86_64.rpm
+python3-libs-3.9.19-7.cm2.x86_64.rpm
+python3-setuptools-3.9.19-7.cm2.noarch.rpm
 python3-pygments-2.4.2-7.cm2.noarch.rpm
 which-2.21-8.cm2.x86_64.rpm
 libselinux-3.2-1.cm2.x86_64.rpm

toolkit/resources/manifests/package/pkggen_core_x86_64.txt

@@ -510,28 +510,28 @@ procps-ng-devel-3.3.17-2.cm2.aarch64.rpm
 procps-ng-lang-3.3.17-2.cm2.aarch64.rpm
 pyproject-rpm-macros-1.0.0~rc1-4.cm2.noarch.rpm
 python-markupsafe-debuginfo-2.1.0-1.cm2.aarch64.rpm
-python3-3.9.19-6.cm2.aarch64.rpm
+python3-3.9.19-7.cm2.aarch64.rpm
 python3-audit-3.0.6-8.cm2.aarch64.rpm
 python3-cracklib-2.9.7-5.cm2.aarch64.rpm
-python3-curses-3.9.19-6.cm2.aarch64.rpm
+python3-curses-3.9.19-7.cm2.aarch64.rpm
 python3-Cython-0.29.33-2.cm2.aarch64.rpm
-python3-debuginfo-3.9.19-6.cm2.aarch64.rpm
-python3-devel-3.9.19-6.cm2.aarch64.rpm
+python3-debuginfo-3.9.19-7.cm2.aarch64.rpm
+python3-devel-3.9.19-7.cm2.aarch64.rpm
 python3-gpg-1.16.0-2.cm2.aarch64.rpm
 python3-jinja2-3.0.3-4.cm2.noarch.rpm
 python3-libcap-ng-0.8.2-2.cm2.aarch64.rpm
-python3-libs-3.9.19-6.cm2.aarch64.rpm
+python3-libs-3.9.19-7.cm2.aarch64.rpm
 python3-libxml2-2.10.4-4.cm2.aarch64.rpm
 python3-lxml-4.9.1-1.cm2.aarch64.rpm
 python3-magic-5.40-2.cm2.noarch.rpm
 python3-markupsafe-2.1.0-1.cm2.aarch64.rpm
 python3-newt-0.52.21-5.cm2.aarch64.rpm
-python3-pip-3.9.19-6.cm2.noarch.rpm
+python3-pip-3.9.19-7.cm2.noarch.rpm
 python3-pygments-2.4.2-7.cm2.noarch.rpm
 python3-rpm-4.18.0-4.cm2.aarch64.rpm
-python3-setuptools-3.9.19-6.cm2.noarch.rpm
-python3-test-3.9.19-6.cm2.aarch64.rpm
-python3-tools-3.9.19-6.cm2.aarch64.rpm
+python3-setuptools-3.9.19-7.cm2.noarch.rpm
+python3-test-3.9.19-7.cm2.aarch64.rpm
+python3-tools-3.9.19-7.cm2.aarch64.rpm
 readline-8.1-1.cm2.aarch64.rpm
 readline-debuginfo-8.1-1.cm2.aarch64.rpm
 readline-devel-8.1-1.cm2.aarch64.rpm

toolkit/resources/manifests/package/toolchain_aarch64.txt

@@ -516,28 +516,28 @@ procps-ng-devel-3.3.17-2.cm2.x86_64.rpm
 procps-ng-lang-3.3.17-2.cm2.x86_64.rpm
 pyproject-rpm-macros-1.0.0~rc1-4.cm2.noarch.rpm
 python-markupsafe-debuginfo-2.1.0-1.cm2.x86_64.rpm
-python3-3.9.19-6.cm2.x86_64.rpm
+python3-3.9.19-7.cm2.x86_64.rpm
 python3-audit-3.0.6-8.cm2.x86_64.rpm
 python3-cracklib-2.9.7-5.cm2.x86_64.rpm
-python3-curses-3.9.19-6.cm2.x86_64.rpm
+python3-curses-3.9.19-7.cm2.x86_64.rpm
 python3-Cython-0.29.33-2.cm2.x86_64.rpm
-python3-debuginfo-3.9.19-6.cm2.x86_64.rpm
-python3-devel-3.9.19-6.cm2.x86_64.rpm
+python3-debuginfo-3.9.19-7.cm2.x86_64.rpm
+python3-devel-3.9.19-7.cm2.x86_64.rpm
 python3-gpg-1.16.0-2.cm2.x86_64.rpm
 python3-jinja2-3.0.3-4.cm2.noarch.rpm
 python3-libcap-ng-0.8.2-2.cm2.x86_64.rpm
-python3-libs-3.9.19-6.cm2.x86_64.rpm
+python3-libs-3.9.19-7.cm2.x86_64.rpm
 python3-libxml2-2.10.4-4.cm2.x86_64.rpm
 python3-lxml-4.9.1-1.cm2.x86_64.rpm
 python3-magic-5.40-2.cm2.noarch.rpm
 python3-markupsafe-2.1.0-1.cm2.x86_64.rpm
 python3-newt-0.52.21-5.cm2.x86_64.rpm
-python3-pip-3.9.19-6.cm2.noarch.rpm
+python3-pip-3.9.19-7.cm2.noarch.rpm
 python3-pygments-2.4.2-7.cm2.noarch.rpm
 python3-rpm-4.18.0-4.cm2.x86_64.rpm
-python3-setuptools-3.9.19-6.cm2.noarch.rpm
-python3-test-3.9.19-6.cm2.x86_64.rpm
-python3-tools-3.9.19-6.cm2.x86_64.rpm
+python3-setuptools-3.9.19-7.cm2.noarch.rpm
+python3-test-3.9.19-7.cm2.x86_64.rpm
+python3-tools-3.9.19-7.cm2.x86_64.rpm
 readline-8.1-1.cm2.x86_64.rpm
 readline-debuginfo-8.1-1.cm2.x86_64.rpm
 readline-devel-8.1-1.cm2.x86_64.rpm