python-interpreters/python312
SHA256
7
0
Fork 0
forked from pool/python312
Code Pull Requests Activity

update the patch

Browse Source 
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=156
This commit is contained in:
Matej Cepl
2025-08-01 20:21:08 +00:00
committed by Git OBS Bridge
parent e5e0410f4d
commit 1a38434b32
1 changed files with 6 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
CVE-2025-8194-tarfile-no-neg-offsets.patch
View File

@@ -1,4 +1,4 @@
From 28d130238bfb5604eef4b594d597f7b5ec951eba Mon Sep 17 00:00:00 2001
From 8f381056d7364b6771b3dce3ebe54dd9f675811b Mon Sep 17 00:00:00 2001
From: Alexander Urieles <aeurielesn@users.noreply.github.com>
Date: Mon, 28 Jul 2025 17:37:26 +0200
Subject: [PATCH] gh-130577: tarfile now validates archives to ensure member
@@ -16,8 +16,8 @@ Co-authored-by: Gregory P. Smith <greg@krypto.org>
Index: Python-3.12.11/Lib/tarfile.py
===================================================================
--- Python-3.12.11.orig/Lib/tarfile.py 2025-08-01 22:15:41.880478642 +0200
+++ Python-3.12.11/Lib/tarfile.py 2025-08-01 22:15:46.019433577 +0200
--- Python-3.12.11.orig/Lib/tarfile.py 2025-08-01 22:20:38.061933888 +0200
+++ Python-3.12.11/Lib/tarfile.py 2025-08-01 22:20:42.185990406 +0200
@@ -1614,6 +1614,9 @@
"""Round up a byte count by BLOCKSIZE and return it,
e.g. _block(834) => 1024.
@@ -30,8 +30,8 @@ Index: Python-3.12.11/Lib/tarfile.py
blocks += 1
Index: Python-3.12.11/Lib/test/test_tarfile.py
===================================================================
--- Python-3.12.11.orig/Lib/test/test_tarfile.py 2025-08-01 22:15:43.627892675 +0200
+++ Python-3.12.11/Lib/test/test_tarfile.py 2025-08-01 22:15:46.020296822 +0200
--- Python-3.12.11.orig/Lib/test/test_tarfile.py 2025-08-01 22:20:39.792514772 +0200
+++ Python-3.12.11/Lib/test/test_tarfile.py 2025-08-01 22:20:42.187347433 +0200
@@ -50,6 +50,7 @@
xzname = os.path.join(TEMPDIR, "testtar.tar.xz")
tmpname = os.path.join(TEMPDIR, "tmp.tar")
@@ -205,7 +205,7 @@ Index: Python-3.12.11/Lib/test/test_tarfile.py
Index: Python-3.12.11/Misc/NEWS.d/next/Library/2025-07-23-00-35-29.gh-issue-130577.c7EITy.rst
===================================================================
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
+++ Python-3.12.11/Misc/NEWS.d/next/Library/2025-07-23-00-35-29.gh-issue-130577.c7EITy.rst 2025-08-01 22:15:46.020814210 +0200
+++ Python-3.12.11/Misc/NEWS.d/next/Library/2025-07-23-00-35-29.gh-issue-130577.c7EITy.rst 2025-08-01 22:20:42.187819145 +0200
@@ -0,0 +1,3 @@
+:mod:`tarfile` now validates archives to ensure member offsets are
+non-negative. (Contributed by Alexander Enrique Urieles Nieto in