From ed20f762713b38cf63339479321c0516a0f6d5f248448e30f67c5b8141e4bfcd Mon Sep 17 00:00:00 2001
From: Matej Cepl <mcepl@suse.com>
Date: Fri, 1 Aug 2025 20:22:03 +0000
Subject: [PATCH] update the patch

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=192
---
 CVE-2025-8194-tarfile-no-neg-offsets.patch | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/CVE-2025-8194-tarfile-no-neg-offsets.patch b/CVE-2025-8194-tarfile-no-neg-offsets.patch
index 9c71df4..be7c783 100644
--- a/CVE-2025-8194-tarfile-no-neg-offsets.patch
+++ b/CVE-2025-8194-tarfile-no-neg-offsets.patch
@@ -1,4 +1,4 @@
-From 28d130238bfb5604eef4b594d597f7b5ec951eba Mon Sep 17 00:00:00 2001
+From cb3519590c62f9b1abf7f31b92ec37d4b725ce15 Mon Sep 17 00:00:00 2001
 From: Alexander Urieles <aeurielesn@users.noreply.github.com>
 Date: Mon, 28 Jul 2025 17:37:26 +0200
 Subject: [PATCH] gh-130577: tarfile now validates archives to ensure member
@@ -16,8 +16,8 @@ Co-authored-by: Gregory P. Smith <greg@krypto.org>
 
 Index: Python-3.11.13/Lib/tarfile.py
 ===================================================================
---- Python-3.11.13.orig/Lib/tarfile.py	2025-08-01 22:17:38.141397067 +0200
-+++ Python-3.11.13/Lib/tarfile.py	2025-08-01 22:17:42.375160009 +0200
+--- Python-3.11.13.orig/Lib/tarfile.py	2025-08-01 22:21:29.158050900 +0200
++++ Python-3.11.13/Lib/tarfile.py	2025-08-01 22:21:33.121079687 +0200
 @@ -1613,6 +1613,9 @@
          """Round up a byte count by BLOCKSIZE and return it,
             e.g. _block(834) => 1024.
@@ -30,8 +30,8 @@ Index: Python-3.11.13/Lib/tarfile.py
              blocks += 1
 Index: Python-3.11.13/Lib/test/test_tarfile.py
 ===================================================================
---- Python-3.11.13.orig/Lib/test/test_tarfile.py	2025-08-01 22:17:39.582120870 +0200
-+++ Python-3.11.13/Lib/test/test_tarfile.py	2025-08-01 22:17:42.375846065 +0200
+--- Python-3.11.13.orig/Lib/test/test_tarfile.py	2025-08-01 22:21:30.644301786 +0200
++++ Python-3.11.13/Lib/test/test_tarfile.py	2025-08-01 22:21:33.121718600 +0200
 @@ -50,6 +50,7 @@
  xzname = os.path.join(TEMPDIR, "testtar.tar.xz")
  tmpname = os.path.join(TEMPDIR, "tmp.tar")
@@ -205,7 +205,7 @@ Index: Python-3.11.13/Lib/test/test_tarfile.py
 Index: Python-3.11.13/Misc/NEWS.d/next/Library/2025-07-23-00-35-29.gh-issue-130577.c7EITy.rst
 ===================================================================
 --- /dev/null	1970-01-01 00:00:00.000000000 +0000
-+++ Python-3.11.13/Misc/NEWS.d/next/Library/2025-07-23-00-35-29.gh-issue-130577.c7EITy.rst	2025-08-01 22:17:42.376340965 +0200
++++ Python-3.11.13/Misc/NEWS.d/next/Library/2025-07-23-00-35-29.gh-issue-130577.c7EITy.rst	2025-08-01 22:21:33.122108946 +0200
 @@ -0,0 +1,3 @@
 +:mod:`tarfile` now validates archives to ensure member offsets are
 +non-negative.  (Contributed by Alexander Enrique Urieles Nieto in