- Add CVE-2025-8194-tarfile-no-neg-offsets.patch which now

validates archives to ensure member offsets are non-negative (gh#python/cpython#130577, CVE-2025-8194, bsc#1247249). OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=155
2025-08-01 20:16:22 +00:00
parent 77f76833e3
commit da0b04baf2
3 changed files with 222 additions and 0 deletions
--- a/python312.spec
+++ b/python312.spec
@@ -190,6 +190,9 @@ Patch45:        bsc1243155-sphinx-non-determinism.patch
 # PATCH-FIX-UPSTREAM CVE-2025-6069-quad-complex-HTMLParser.patch bsc#1244705 mcepl@suse.com
 # avoid quadratic complexity when processing malformed inputs with HTMLParser
 Patch46:        CVE-2025-6069-quad-complex-HTMLParser.patch
+# PATCH-FIX-UPSTREAM CVE-2025-8194-tarfile-no-neg-offsets.patch bsc#1247249 mcepl@suse.com
+# tarfile now validates archives to ensure member offsets are non-negative
+Patch47:        CVE-2025-8194-tarfile-no-neg-offsets.patch
 BuildRequires:  autoconf-archive
 BuildRequires:  automake
 BuildRequires:  fdupes