- Add CVE-2025-8194-tarfile-no-neg-offsets.patch which now

validates archives to ensure member offsets are non-negative (gh#python/cpython#130577, CVE-2025-8194, bsc#1247249). OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=191
2025-08-01 20:18:10 +00:00
commit 0c195902dd
50 changed files with 10244 additions and 0 deletions
--- a/python-3.3.0b1-fix_date_time_compiler.patch
+++ b/python-3.3.0b1-fix_date_time_compiler.patch
@@ -0,0 +1,27 @@
+---
+ Makefile.pre.in |    7 +++++++
+ 1 file changed, 7 insertions(+)
+
+Index: Python-3.11.8/Makefile.pre.in
+===================================================================
+--- Python-3.11.8.orig/Makefile.pre.in
+++ Python-3.11.8/Makefile.pre.in
+@@ -1240,11 +1240,18 @@ Modules/getbuildinfo.o: $(PARSER_OBJS) \
+ 		$(DTRACE_OBJS) \
+ 		$(srcdir)/Modules/getbuildinfo.c
+ 	$(CC) -c $(PY_CORE_CFLAGS) \
+	      -DDATE="\"`date -u -r Makefile.pre.in +"%b %d %Y"`\"" \
+	      -DTIME="\"`date -u -r Makefile.pre.in +"%T"`\"" \
+ 	      -DGITVERSION="\"`LC_ALL=C $(GITVERSION)`\"" \
+ 	      -DGITTAG="\"`LC_ALL=C $(GITTAG)`\"" \
+ 	      -DGITBRANCH="\"`LC_ALL=C $(GITBRANCH)`\"" \
+ 	      -o $@ $(srcdir)/Modules/getbuildinfo.c
+ 
+Python/getcompiler.o: $(srcdir)/Python/getcompiler.c Makefile
+	$(CC) -c $(PY_CORE_CFLAGS) \
+		-DCOMPILER='"[GCC]"' \
+		-o $@ $(srcdir)/Python/getcompiler.c
+
+ Modules/getpath.o: $(srcdir)/Modules/getpath.c Python/frozen_modules/getpath.h Makefile $(PYTHON_HEADERS)
+ 	$(CC) -c $(PY_CORE_CFLAGS) -DPYTHONPATH='"$(PYTHONPATH)"' \
+ 		-DPREFIX='"$(prefix)"' \