From a4d601d4edf1d12a488da82cc8209f041f7ebd913a3d46d4e25aba6d60ab31fa Mon Sep 17 00:00:00 2001
From: Matej Cepl <mcepl@suse.com>
Date: Mon, 23 Sep 2024 20:01:27 +0000
Subject: [PATCH] Updated patch

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=427
---
 CVE-2024-6232-ReDOS-backtrack-tarfile.patch | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/CVE-2024-6232-ReDOS-backtrack-tarfile.patch b/CVE-2024-6232-ReDOS-backtrack-tarfile.patch
index 6155ad4..47b0a3f 100644
--- a/CVE-2024-6232-ReDOS-backtrack-tarfile.patch
+++ b/CVE-2024-6232-ReDOS-backtrack-tarfile.patch
@@ -19,9 +19,9 @@ From-PR: gh#python/cpython!123642
 Patch: CVE-2024-6232-ReDOS-backtrack-tarfile.patch
 ---
  Lib/tarfile.py                                                           |  169 ++++++++--
- Lib/test/test_tarfile.py                                                 |   42 ++
+ Lib/test/test_tarfile.py                                                 |   44 ++
  Misc/NEWS.d/next/Security/2024-07-02-13-39-20.gh-issue-121285.hrl-yI.rst |    2 
- 3 files changed, 186 insertions(+), 27 deletions(-)
+ 3 files changed, 187 insertions(+), 28 deletions(-)
  create mode 100644 Misc/NEWS.d/next/Security/2024-07-02-13-39-20.gh-issue-121285.hrl-yI.rst
 
 --- a/Lib/tarfile.py
@@ -248,6 +248,15 @@ Patch: CVE-2024-6232-ReDOS-backtrack-tarfile.patch
  # class TarInfo
 --- a/Lib/test/test_tarfile.py
 +++ b/Lib/test/test_tarfile.py
+@@ -324,7 +324,7 @@ class CommonReadTest(ReadTest):
+     def test_length_zero_header(self):
+         # bpo-39017 (CVE-2019-20907): reading a zero-length header should fail
+         # with an exception
+-        with self.assertRaisesRegex(tarfile.ReadError, "file could not be opened successfully"):
++        with self.assertRaisesRegexp(tarfile.ReadError, "file could not be opened successfully"):
+             with tarfile.open(support.findfile('recursion.tar')) as tar:
+                 pass
+ 
 @@ -804,6 +804,48 @@ class WriteTestBase(unittest.TestCase):
          self.assertFalse(fobj.closed)
          self.assertEqual(data, fobj.getvalue())
@@ -291,7 +300,7 @@ Patch: CVE-2024-6232-ReDOS-backtrack-tarfile.patch
 +                    f.truncate()
 +                    f.write(data)
 +
-+                with self.assertRaisesRegex(tarfile.ReadError, r"file could not be opened successfully"):
++                with self.assertRaisesRegexp(tarfile.ReadError, r"file could not be opened successfully"):
 +                    tarfile.open(tmpname, encoding="iso8859-1")
 +