extraction filters (filter="data" and filter="tar")

to be bypassed using crafted symlinks and hard links. CVE-2025-4517 (bsc#1244032). Also addresses CVE-2025-4435 (gh#135034, bsc#1244061). OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=149
2025-06-25 19:47:39 +00:00
commit f9e1cf1836
42 changed files with 10795 additions and 0 deletions
--- a/fix_configure_rst.patch
+++ b/fix_configure_rst.patch
@@ -0,0 +1,32 @@
+---
+ Doc/using/configure.rst |    2 --
+ Misc/NEWS               |    2 +-
+ 2 files changed, 1 insertion(+), 3 deletions(-)
+
+--- a/Doc/using/configure.rst
+++ b/Doc/using/configure.rst
+@@ -640,13 +640,11 @@ macOS Options
+ 
+ See ``Mac/README.rst``.
+ 
+-.. option:: --enable-universalsdk
+ .. option:: --enable-universalsdk=SDKDIR
+ 
+    Create a universal binary build. *SDKDIR* specifies which macOS SDK should
+    be used to perform the build (default is no).
+ 
+-.. option:: --enable-framework
+ .. option:: --enable-framework=INSTALLDIR
+ 
+    Create a Python.framework rather than a traditional Unix install. Optional
+--- a/Misc/NEWS
+++ b/Misc/NEWS
+@@ -15146,7 +15146,7 @@ C API
+ - bpo-40939: Removed documentation for the removed ``PyParser_*`` C API.
+ 
+ - bpo-43795: The list in :ref:`limited-api-list` now shows the public name
+-  :c:struct:`PyFrameObject` rather than ``_frame``. The non-existing entry
+  :c:type:`PyFrameObject` rather than ``_frame``. The non-existing entry
+   ``_node`` no longer appears in the list.
+ 
+ - bpo-44378: :c:func:`Py_IS_TYPE` no longer uses :c:func:`Py_TYPE` to avoid