From 89e9323f9ad75d8decfb4d36f23da49d2be68a17185590a3f0d37c24cb06380b Mon Sep 17 00:00:00 2001
From: Matej Cepl <mcepl@suse.com>
Date: Sat, 2 Aug 2025 15:54:24 +0000
Subject: [PATCH] Upstream patch depended unnecessarily on archiver_tests
 module, which is not in 3.10.*

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python310?expand=0&rev=190
---
 CVE-2025-8194-tarfile-no-neg-offsets.patch | 48 ++++------------------
 1 file changed, 8 insertions(+), 40 deletions(-)

diff --git a/CVE-2025-8194-tarfile-no-neg-offsets.patch b/CVE-2025-8194-tarfile-no-neg-offsets.patch
index e4f7f0f..fea1b69 100644
--- a/CVE-2025-8194-tarfile-no-neg-offsets.patch
+++ b/CVE-2025-8194-tarfile-no-neg-offsets.patch
@@ -9,15 +9,15 @@ Co-authored-by: Alexander Urieles <aeurielesn@users.noreply.github.com>
 Co-authored-by: Gregory P. Smith <greg@krypto.org>
 ---
  Lib/tarfile.py                                                          |    3 
- Lib/test/test_tarfile.py                                                |  188 ++++++++++
+ Lib/test/test_tarfile.py                                                |  156 ++++++++++
  Misc/NEWS.d/next/Library/2025-07-23-00-35-29.gh-issue-130577.c7EITy.rst |    3 
- 3 files changed, 194 insertions(+)
+ 3 files changed, 162 insertions(+)
  create mode 100644 Misc/NEWS.d/next/Library/2025-07-23-00-35-29.gh-issue-130577.c7EITy.rst
 
 Index: Python-3.10.18/Lib/tarfile.py
 ===================================================================
---- Python-3.10.18.orig/Lib/tarfile.py	2025-08-01 22:22:33.661509420 +0200
-+++ Python-3.10.18/Lib/tarfile.py	2025-08-01 22:22:37.753515863 +0200
+--- Python-3.10.18.orig/Lib/tarfile.py	2025-08-02 17:52:24.521273582 +0200
++++ Python-3.10.18/Lib/tarfile.py	2025-08-02 17:52:28.444044748 +0200
 @@ -1612,6 +1612,9 @@
          """Round up a byte count by BLOCKSIZE and return it,
             e.g. _block(834) => 1024.
@@ -30,8 +30,8 @@ Index: Python-3.10.18/Lib/tarfile.py
              blocks += 1
 Index: Python-3.10.18/Lib/test/test_tarfile.py
 ===================================================================
---- Python-3.10.18.orig/Lib/test/test_tarfile.py	2025-08-01 22:22:34.991018210 +0200
-+++ Python-3.10.18/Lib/test/test_tarfile.py	2025-08-01 22:22:37.754065449 +0200
+--- Python-3.10.18.orig/Lib/test/test_tarfile.py	2025-08-02 17:52:25.849390293 +0200
++++ Python-3.10.18/Lib/test/test_tarfile.py	2025-08-02 17:52:39.623989523 +0200
 @@ -49,6 +49,7 @@
  xzname = os.path.join(TEMPDIR, "testtar.tar.xz")
  tmpname = os.path.join(TEMPDIR, "tmp.tar")
@@ -40,42 +40,10 @@ Index: Python-3.10.18/Lib/test/test_tarfile.py
  
  sha256_regtype = (
      "e09e4bc8b3c9d9177e77256353b36c159f5f040531bbd4b024a8f9b9196c71ce"
-@@ -4273,6 +4274,193 @@
+@@ -4273,6 +4274,161 @@
              self.expect_exception(TypeError)  # errorlevel is not int
  
  
-+class OverwriteTests(archiver_tests.OverwriteTests, unittest.TestCase):
-+    testdir = os.path.join(TEMPDIR, "testoverwrite")
-+
-+    @classmethod
-+    def setUpClass(cls):
-+        p = cls.ar_with_file = os.path.join(TEMPDIR, 'tar-with-file.tar')
-+        cls.addClassCleanup(os_helper.unlink, p)
-+        with tarfile.open(p, 'w') as tar:
-+            t = tarfile.TarInfo('test')
-+            t.size = 10
-+            tar.addfile(t, io.BytesIO(b'newcontent'))
-+
-+        p = cls.ar_with_dir = os.path.join(TEMPDIR, 'tar-with-dir.tar')
-+        cls.addClassCleanup(os_helper.unlink, p)
-+        with tarfile.open(p, 'w') as tar:
-+            tar.addfile(tar.gettarinfo(os.curdir, 'test'))
-+
-+        p = os.path.join(TEMPDIR, 'tar-with-implicit-dir.tar')
-+        cls.ar_with_implicit_dir = p
-+        cls.addClassCleanup(os_helper.unlink, p)
-+        with tarfile.open(p, 'w') as tar:
-+            t = tarfile.TarInfo('test/file')
-+            t.size = 10
-+            tar.addfile(t, io.BytesIO(b'newcontent'))
-+
-+    def open(self, path):
-+        return tarfile.open(path, 'r')
-+
-+    def extractall(self, ar):
-+        ar.extractall(self.testdir, filter='fully_trusted')
-+
-+
 +class OffsetValidationTests(unittest.TestCase):
 +    tarname = tmpname
 +    invalid_posix_header = (
@@ -237,7 +205,7 @@ Index: Python-3.10.18/Lib/test/test_tarfile.py
 Index: Python-3.10.18/Misc/NEWS.d/next/Library/2025-07-23-00-35-29.gh-issue-130577.c7EITy.rst
 ===================================================================
 --- /dev/null	1970-01-01 00:00:00.000000000 +0000
-+++ Python-3.10.18/Misc/NEWS.d/next/Library/2025-07-23-00-35-29.gh-issue-130577.c7EITy.rst	2025-08-01 22:22:37.754445878 +0200
++++ Python-3.10.18/Misc/NEWS.d/next/Library/2025-07-23-00-35-29.gh-issue-130577.c7EITy.rst	2025-08-02 17:52:28.446021271 +0200
 @@ -0,0 +1,3 @@
 +:mod:`tarfile` now validates archives to ensure member offsets are
 +non-negative.  (Contributed by Alexander Enrique Urieles Nieto in