forked from pool/python312
extraction filters (filter="data" and filter="tar")
to be bypassed using crafted symlinks and hard links.
CVE-2025-4517 (bsc#1244032). Also addresses CVE-2025-4435
(gh#135034, bsc#1244061).
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=149
This commit is contained in:
Git OBS Bridge
13
python-3.3.0b1-localpath.patch
Normal file
13
python-3.3.0b1-localpath.patch
Normal file
@@ -0,0 +1,13 @@
|
||||
Index: Python-3.12.2/Lib/site.py
|
||||
===================================================================
|
||||
--- Python-3.12.2.orig/Lib/site.py
|
||||
+++ Python-3.12.2/Lib/site.py
|
||||
@@ -77,7 +77,7 @@ import io
|
||||
import stat
|
||||
|
||||
# Prefixes for site-packages; add additional prefixes like /usr/local here
|
||||
-PREFIXES = [sys.prefix, sys.exec_prefix]
|
||||
+PREFIXES = [sys.prefix, sys.exec_prefix, '/usr/local']
|
||||
# Enable per user site-packages directory
|
||||
# set it to False to disable the feature or True to force the feature
|
||||
ENABLE_USER_SITE = None
|
||||
Reference in New Issue
Block a user