!196 [sync] PR-193: fix CVE-2020-10735

From: @openeuler-sync-bot Reviewed-by: @xiezhipeng1 Signed-off-by: @xiezhipeng1
2022-09-08 08:58:55 +00:00 · 2022-09-08 08:58:55 +00:00 · 7b6e5d6ec2
commit 7b6e5d6ec2
parent 0096faa0f0 8519773ad2
2 changed files with 1505 additions and 1 deletions
--- a/backport-CVE-2020-10735.patch
+++ b/backport-CVE-2020-10735.patch
--- a/python3.spec
+++ b/python3.spec
@ -3,7 +3,7 @@ Summary: Interpreter of the Python3 programming language
 URL: https://www.python.org/
 Version: 3.9.9
-Release: 13
+Release: 14
 License: Python-2.0
 %global branchversion 3.9
@ -93,6 +93,7 @@ Patch6001: backport-bpo-46811-Make-test-suite-support-Expat-2.4.5.patch
 Patch6002: backport-bpo-20369-concurrent.futures.wait-now-deduplicates-f.patch
 Patch6003: Make-mailcap-refuse-to-match-unsafe-filenam.patch
 Patch6004: backport-CVE-2021-28861.patch
 Patch6005: backport-CVE-2020-10735.patch
 Patch9000: add-the-sm3-method-for-obtaining-the-salt-value.patch
@ -183,6 +184,7 @@ rm -r Modules/expat
 %patch6002 -p1
 %patch6003 -p1
 %patch6004 -p1
 %patch6005 -p1
 %patch9000 -p1
@ -799,6 +801,12 @@ export BEP_GTDLIST="$BEP_GTDLIST_TMP"
 %{_mandir}/*/*
 %changelog
 * Thu Sep 08 shixuantong <shixuantong@h-partners.com> - 3.9.9-14
 - Type:CVE
 - CVE:CVE-2020-10735
 - SUG:NA
 - DESC:fix CVE-2020-10735
 * Thu Aug 25 2022 shixuantong <shixuantong@h-partners.com> - 3.9.9-13
 - Type:CVE
 - CVE:CVE-2021-28861