forked from pool/python312
Matej Cepl
f9e1cf1836
to be bypassed using crafted symlinks and hard links.
CVE-2025-4517 (bsc#1244032). Also addresses CVE-2025-4435
(gh#135034, bsc#1244061).
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=149
14 lines
522 B
Diff
14 lines
522 B
Diff
Index: Python-3.12.2/Lib/site.py
|
|
===================================================================
|
|
--- Python-3.12.2.orig/Lib/site.py
|
|
+++ Python-3.12.2/Lib/site.py
|
|
@@ -77,7 +77,7 @@ import io
|
|
import stat
|
|
|
|
# Prefixes for site-packages; add additional prefixes like /usr/local here
|
|
-PREFIXES = [sys.prefix, sys.exec_prefix]
|
|
+PREFIXES = [sys.prefix, sys.exec_prefix, '/usr/local']
|
|
# Enable per user site-packages directory
|
|
# set it to False to disable the feature or True to force the feature
|
|
ENABLE_USER_SITE = None
|