fix patch

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=417

CVE-2024-0450-zipfile-avoid-quoted-overlap-zipbomb.patch

@@ -11,23 +11,15 @@ From-PR: gh#python/cpython!110016
 Fixes: gh#python/cpython#109858
 Patch: CVE-2024-0450-zipfile-avoid-quoted-overlap-zipbomb.patch
 ---
- Lib/test/test_zipfile.py                                                |   61 ++++++++++
- Lib/zipfile.py                                                          |   12 +
+ Lib/test/test_zipfile.py                                                |   60 ++++++++++
+ Lib/zipfile.py                                                          |   12 ++
  Misc/NEWS.d/next/Library/2023-09-28-13-15-51.gh-issue-109858.43e2dg.rst |    3 
- 3 files changed, 76 insertions(+)
+ 3 files changed, 75 insertions(+)
  create mode 100644 Misc/NEWS.d/next/Library/2023-09-28-13-15-51.gh-issue-109858.43e2dg.rst
 
 --- a/Lib/test/test_zipfile.py
 +++ b/Lib/test/test_zipfile.py
-@@ -11,6 +11,7 @@ import unittest
- 
- from tempfile import TemporaryFile
- from random import randint, random, getrandbits
-+from unittest import mock
- 
- from test.support import (TESTFN, findfile, unlink, rmtree,
-                           requires_zlib, requires_bz2, requires_lzma,
-@@ -1556,6 +1557,66 @@ class AbstractTestsWithRandomBinaryFiles
+@@ -1377,6 +1377,66 @@ class TestsWithRandomBinaryFiles(unittes
          with open(TESTFN, "wb") as fp:
              fp.write(self.data)
  
@@ -96,15 +88,15 @@ Patch: CVE-2024-0450-zipfile-avoid-quoted-overlap-zipbomb.patch
          unlink(TESTFN2)
 --- a/Lib/zipfile.py
 +++ b/Lib/zipfile.py
-@@ -311,6 +311,7 @@ class ZipInfo (object):
-         'compress_size',
-         'file_size',
-         '_raw_time',
-+        '_end_offset',
-     )
+@@ -305,6 +305,7 @@ class ZipInfo (object):
+             'compress_size',
+             'file_size',
+             '_raw_time',
++            '_end_offset',
+         )
  
      def __init__(self, filename="NoName", date_time=(1980,1,1,0,0,0)):
-@@ -349,6 +350,7 @@ class ZipInfo (object):
+@@ -343,6 +344,7 @@ class ZipInfo (object):
          self.volume = 0                 # Volume number of file header
          self.internal_attr = 0          # Internal attributes
          self.external_attr = 0          # External file attributes
@@ -112,9 +104,9 @@ Patch: CVE-2024-0450-zipfile-avoid-quoted-overlap-zipbomb.patch
          # Other attributes are set by class ZipFile:
          # header_offset         Byte offset to the file header
          # CRC                   CRC-32 of the uncompressed file
-@@ -1044,6 +1046,12 @@ class ZipFile:
+@@ -891,6 +893,12 @@ class ZipFile(object):
              if self.debug > 2:
-                 print("total", total)
+                 print "total", total
  
 +        end_offset = self.start_dir
 +        for zinfo in sorted(self.filelist,
@@ -125,9 +117,9 @@ Patch: CVE-2024-0450-zipfile-avoid-quoted-overlap-zipbomb.patch
  
      def namelist(self):
          """Return a list of file names in the archive."""
-@@ -1179,6 +1187,10 @@ class ZipFile:
-                     'File name in directory %r and header %r differ.'
-                     % (zinfo.orig_filename, fname))
+@@ -1002,6 +1010,10 @@ class ZipFile(object):
+                         'File name in directory "%s" and header "%s" differ.' % (
+                             zinfo.orig_filename, fname)
  
 +            if (zinfo._end_offset is not None and
 +                zef_file.tell() + zinfo.compress_size > zinfo._end_offset):