Add CVE-2025-8291-consistency-zip64.patch

Checks consistency of the zip64 end of central directory record, and preventing obfuscation of the payload, i.e., you scanning for malicious content in a ZIP file with one ZIP parser (let's say a Rust one) then unpack it in production with another (e.g., the Python one) and get malicious content that the other parser did not see (CVE-2025-8291, bsc#1251305) Readjust patches while synchronizing between openSUSE and SLE trees: - F00251-change-user-install-location.patch - doc-py38-to-py36.patch - gh126985-mv-pyvenv.cfg2getpath.patch
2025-11-04 17:47:42 +01:00
parent 1b4b152007
commit 02c7c3ac57
7 changed files with 398 additions and 320 deletions
--- a/doc-py38-to-py36.patch
+++ b/doc-py38-to-py36.patch
@@ -27,10 +27,10 @@
 Doc/tools/extensions/pydoc_topics.py          |   22 +++++-----
 18 files changed, 159 insertions(+), 130 deletions(-)

-Index: Python-3.13.5/Doc/Makefile
+Index: Python-3.13.9/Doc/Makefile
 ===================================================================
--- Python-3.13.5.orig/Doc/Makefile	2025-06-12 21:37:37.257659788 +0200
-+++ Python-3.13.5/Doc/Makefile	2025-06-12 21:38:04.908380762 +0200
+--- Python-3.13.9.orig/Doc/Makefile	2025-10-14 15:52:31.000000000 +0200
+++ Python-3.13.9/Doc/Makefile	2025-11-20 01:09:35.814292408 +0100
@@ -14,15 +14,15 @@
 SOURCES      =
 DISTVERSION  = $(shell $(PYTHON) tools/extensions/patchlevel.py)
@@ -51,10 +51,10 @@ Index: Python-3.13.5/Doc/Makefile
                 $(PAPEROPT_$(PAPER)) \
                 $(SPHINXOPTS) $(SPHINXERRORHANDLING) \
                 . build/$(BUILDER) $(SOURCES)
-Index: Python-3.13.5/Doc/c-api/arg.rst
+Index: Python-3.13.9/Doc/c-api/arg.rst
 ===================================================================
--- Python-3.13.5.orig/Doc/c-api/arg.rst	2025-06-12 21:37:37.257659788 +0200
-+++ Python-3.13.5/Doc/c-api/arg.rst	2025-06-12 21:38:04.908705133 +0200
+--- Python-3.13.9.orig/Doc/c-api/arg.rst	2025-10-14 15:52:31.000000000 +0200
+++ Python-3.13.9/Doc/c-api/arg.rst	2025-11-20 01:07:59.902914275 +0100
@@ -334,7 +334,6 @@
    should raise an exception and leave the content of *address* unmodified.
 
@@ -63,10 +63,10 @@ Index: Python-3.13.5/Doc/c-api/arg.rst
 
    If the *converter* returns :c:macro:`!Py_CLEANUP_SUPPORTED`, it may get called a
    second time if the argument parsing eventually fails, giving the converter a
-Index: Python-3.13.5/Doc/c-api/typeobj.rst
+Index: Python-3.13.9/Doc/c-api/typeobj.rst
 ===================================================================
--- Python-3.13.5.orig/Doc/c-api/typeobj.rst	2025-06-12 21:37:37.257659788 +0200
-+++ Python-3.13.5/Doc/c-api/typeobj.rst	2025-06-12 21:38:04.908874058 +0200
+--- Python-3.13.9.orig/Doc/c-api/typeobj.rst	2025-10-14 15:52:31.000000000 +0200
+++ Python-3.13.9/Doc/c-api/typeobj.rst	2025-11-20 01:07:59.903382829 +0100
@@ -610,7 +610,7 @@
    Functions like :c:func:`PyObject_NewVar` will take the value of N as an
    argument, and store in the instance's :c:member:`~PyVarObject.ob_size` field.
@@ -97,10 +97,10 @@ Index: Python-3.13.5/Doc/c-api/typeobj.rst
    include :c:type:`PyObject` or :c:type:`PyVarObject` (depending on
    whether :c:member:`~PyVarObject.ob_size` should be included). These are
    usually defined by the macro :c:macro:`PyObject_HEAD` or
-Index: Python-3.13.5/Doc/conf.py
+Index: Python-3.13.9/Doc/conf.py
 ===================================================================
--- Python-3.13.5.orig/Doc/conf.py	2025-06-12 21:37:37.257659788 +0200
-+++ Python-3.13.5/Doc/conf.py	2025-06-12 21:38:04.909609597 +0200
+--- Python-3.13.9.orig/Doc/conf.py	2025-11-20 01:07:14.944126757 +0100
+++ Python-3.13.9/Doc/conf.py	2025-11-20 01:07:59.903974303 +0100
@@ -11,6 +11,8 @@
 from importlib import import_module
 from importlib.util import find_spec
@@ -136,7 +136,7 @@ Index: Python-3.13.5/Doc/conf.py
 
 # Create table of contents entries for domain objects (e.g. functions, classes,
 # attributes, etc.). Default is True.
-@@ -323,6 +325,9 @@
+@@ -257,6 +259,9 @@
 # Avoid a warning with Sphinx >= 4.0
 root_doc = 'contents'
 
@@ -146,7 +146,7 @@ Index: Python-3.13.5/Doc/conf.py
 # Allow translation of index directives
 gettext_additional_targets = [
     'index',
-@@ -362,7 +367,7 @@
+@@ -296,7 +301,7 @@
 # (See .readthedocs.yml and https://docs.readthedocs.io/en/stable/reference/environment-variables.html)
 is_deployment_preview = os.getenv("READTHEDOCS_VERSION_TYPE") == "external"
 repository_url = os.getenv("READTHEDOCS_GIT_CLONE_URL", "")
@@ -172,22 +172,22 @@ Index: Python-3.13.5/Doc/conf.py
 # Options for c_annotations extension
 # -----------------------------------
 
-Index: Python-3.13.5/Doc/library/doctest.rst
+Index: Python-3.13.9/Doc/library/doctest.rst
 ===================================================================
--- Python-3.13.5.orig/Doc/library/doctest.rst	2025-06-12 21:37:37.257659788 +0200
-+++ Python-3.13.5/Doc/library/doctest.rst	2025-06-12 21:38:04.909944989 +0200
-@@ -308,7 +308,6 @@
- searched.  Objects imported into the module are not searched.
+--- Python-3.13.9.orig/Doc/library/doctest.rst	2025-10-14 15:52:31.000000000 +0200
+++ Python-3.13.9/Doc/library/doctest.rst	2025-11-20 01:07:59.904511686 +0100
+@@ -310,7 +310,6 @@
+ .. currentmodule:: None
 
 .. attribute:: module.__test__
 -   :no-typesetting:
 
- In addition, there are cases when you want tests to be part of a module but not part
- of the help text, which requires that the tests not be included in the docstring.
-Index: Python-3.13.5/Doc/library/email.compat32-message.rst
+ .. currentmodule:: doctest
+ 
+Index: Python-3.13.9/Doc/library/email.compat32-message.rst
 ===================================================================
--- Python-3.13.5.orig/Doc/library/email.compat32-message.rst	2025-06-12 21:37:37.257659788 +0200
-+++ Python-3.13.5/Doc/library/email.compat32-message.rst	2025-06-12 21:38:04.910320877 +0200
+--- Python-3.13.9.orig/Doc/library/email.compat32-message.rst	2025-10-14 15:52:31.000000000 +0200
+++ Python-3.13.9/Doc/library/email.compat32-message.rst	2025-11-20 01:07:59.905009154 +0100
@@ -7,7 +7,6 @@
    :synopsis: The base class representing email messages in a fashion
               backward compatible with Python 3.2
@@ -196,11 +196,11 @@ Index: Python-3.13.5/Doc/library/email.compat32-message.rst
 
 
 The :class:`Message` class is very similar to the
-Index: Python-3.13.5/Doc/library/xml.etree.elementtree.rst
+Index: Python-3.13.9/Doc/library/xml.etree.elementtree.rst
 ===================================================================
--- Python-3.13.5.orig/Doc/library/xml.etree.elementtree.rst	2025-06-12 21:37:37.257659788 +0200
-+++ Python-3.13.5/Doc/library/xml.etree.elementtree.rst	2025-06-12 21:38:04.910594893 +0200
-@@ -874,7 +874,6 @@
+--- Python-3.13.9.orig/Doc/library/xml.etree.elementtree.rst	2025-10-14 15:52:31.000000000 +0200
+++ Python-3.13.9/Doc/library/xml.etree.elementtree.rst	2025-11-20 01:07:59.905273001 +0100
+@@ -873,7 +873,6 @@
 
 .. module:: xml.etree.ElementTree
    :noindex:
@@ -208,10 +208,10 @@ Index: Python-3.13.5/Doc/library/xml.etree.elementtree.rst
 
 .. class:: Element(tag, attrib={}, **extra)
 
-Index: Python-3.13.5/Doc/tools/check-warnings.py
+Index: Python-3.13.9/Doc/tools/check-warnings.py
 ===================================================================
--- Python-3.13.5.orig/Doc/tools/check-warnings.py	2025-06-12 21:37:37.257659788 +0200
-+++ Python-3.13.5/Doc/tools/check-warnings.py	2025-06-12 21:38:04.910896050 +0200
+--- Python-3.13.9.orig/Doc/tools/check-warnings.py	2025-10-14 15:52:31.000000000 +0200
+++ Python-3.13.9/Doc/tools/check-warnings.py	2025-11-20 01:07:59.905613002 +0100
@@ -228,7 +228,8 @@
             print(filename)
             for warning in warnings:
@@ -231,10 +231,10 @@ Index: Python-3.13.5/Doc/tools/check-warnings.py
         for warning in warnings
         if "Doc/" in warning
     }
-Index: Python-3.13.5/Doc/tools/extensions/audit_events.py
+Index: Python-3.13.9/Doc/tools/extensions/audit_events.py
 ===================================================================
--- Python-3.13.5.orig/Doc/tools/extensions/audit_events.py	2025-06-12 21:37:37.257659788 +0200
-+++ Python-3.13.5/Doc/tools/extensions/audit_events.py	2025-06-12 21:38:04.911151491 +0200
+--- Python-3.13.9.orig/Doc/tools/extensions/audit_events.py	2025-10-14 15:52:31.000000000 +0200
+++ Python-3.13.9/Doc/tools/extensions/audit_events.py	2025-11-20 01:08:35.819222654 +0100
@@ -1,9 +1,6 @@
 """Support for documenting audit events."""
 
@@ -370,10 +370,10 @@ Index: Python-3.13.5/Doc/tools/extensions/audit_events.py
     ) -> nodes.row:
         row = nodes.row()
         name_node = nodes.paragraph("", nodes.Text(name))
-Index: Python-3.13.5/Doc/tools/extensions/availability.py
+Index: Python-3.13.9/Doc/tools/extensions/availability.py
 ===================================================================
--- Python-3.13.5.orig/Doc/tools/extensions/availability.py	2025-06-12 21:37:37.257659788 +0200
-+++ Python-3.13.5/Doc/tools/extensions/availability.py	2025-06-12 21:38:04.911376735 +0200
+--- Python-3.13.9.orig/Doc/tools/extensions/availability.py	2025-10-14 15:52:31.000000000 +0200
+++ Python-3.13.9/Doc/tools/extensions/availability.py	2025-11-20 01:07:59.906156697 +0100
@@ -1,8 +1,6 @@
 """Support for documenting platform availability"""
 
@@ -427,10 +427,10 @@ Index: Python-3.13.5/Doc/tools/extensions/availability.py
     app.add_directive("availability", Availability)
 
     return {
-Index: Python-3.13.5/Doc/tools/extensions/c_annotations.py
+Index: Python-3.13.9/Doc/tools/extensions/c_annotations.py
 ===================================================================
--- Python-3.13.5.orig/Doc/tools/extensions/c_annotations.py	2025-06-12 21:37:37.257659788 +0200
-+++ Python-3.13.5/Doc/tools/extensions/c_annotations.py	2025-06-12 21:38:04.911575881 +0200
+--- Python-3.13.9.orig/Doc/tools/extensions/c_annotations.py	2025-10-14 15:52:31.000000000 +0200
+++ Python-3.13.9/Doc/tools/extensions/c_annotations.py	2025-11-20 01:07:59.906354780 +0100
@@ -9,22 +9,26 @@
 * Set ``stable_abi_file`` to the path to stable ABI list.
 """
@@ -568,10 +568,10 @@ Index: Python-3.13.5/Doc/tools/extensions/c_annotations.py
     return {
         "version": "1.0",
         "parallel_read_safe": True,
-Index: Python-3.13.5/Doc/tools/extensions/changes.py
+Index: Python-3.13.9/Doc/tools/extensions/changes.py
 ===================================================================
--- Python-3.13.5.orig/Doc/tools/extensions/changes.py	2025-06-12 21:37:37.257659788 +0200
-+++ Python-3.13.5/Doc/tools/extensions/changes.py	2025-06-12 21:38:04.911758715 +0200
+--- Python-3.13.9.orig/Doc/tools/extensions/changes.py	2025-10-14 15:52:31.000000000 +0200
+++ Python-3.13.9/Doc/tools/extensions/changes.py	2025-11-20 01:07:59.906539198 +0100
@@ -1,7 +1,5 @@
 """Support for documenting version of changes, additions, deprecations."""
 
@@ -607,10 +607,10 @@ Index: Python-3.13.5/Doc/tools/extensions/changes.py
     # Override Sphinx's directives with support for 'next'
     app.add_directive("versionadded", PyVersionChange, override=True)
     app.add_directive("versionchanged", PyVersionChange, override=True)
-Index: Python-3.13.5/Doc/tools/extensions/glossary_search.py
+Index: Python-3.13.9/Doc/tools/extensions/glossary_search.py
 ===================================================================
--- Python-3.13.5.orig/Doc/tools/extensions/glossary_search.py	2025-06-12 21:37:37.257659788 +0200
-+++ Python-3.13.5/Doc/tools/extensions/glossary_search.py	2025-06-12 21:38:04.911907976 +0200
+--- Python-3.13.9.orig/Doc/tools/extensions/glossary_search.py	2025-10-14 15:52:31.000000000 +0200
+++ Python-3.13.9/Doc/tools/extensions/glossary_search.py	2025-11-20 01:07:59.906696224 +0100
@@ -1,21 +1,27 @@
 """Feature search results for glossary items prominently."""
 
@@ -654,10 +654,10 @@ Index: Python-3.13.5/Doc/tools/extensions/glossary_search.py
     app.connect('doctree-resolved', process_glossary_nodes)
     app.connect('build-finished', write_glossary_json)
 
-Index: Python-3.13.5/Doc/tools/extensions/implementation_detail.py
+Index: Python-3.13.9/Doc/tools/extensions/implementation_detail.py
 ===================================================================
--- Python-3.13.5.orig/Doc/tools/extensions/implementation_detail.py	2025-06-12 21:37:37.257659788 +0200
-+++ Python-3.13.5/Doc/tools/extensions/implementation_detail.py	2025-06-12 21:38:04.912061736 +0200
+--- Python-3.13.9.orig/Doc/tools/extensions/implementation_detail.py	2025-10-14 15:52:31.000000000 +0200
+++ Python-3.13.9/Doc/tools/extensions/implementation_detail.py	2025-11-20 01:07:59.906853200 +0100
@@ -1,17 +1,10 @@
 """Support for marking up implementation details."""
 
@@ -708,10 +708,10 @@ Index: Python-3.13.5/Doc/tools/extensions/implementation_detail.py
     app.add_directive("impl-detail", ImplementationDetail)
 
     return {
-Index: Python-3.13.5/Doc/tools/extensions/issue_role.py
+Index: Python-3.13.9/Doc/tools/extensions/issue_role.py
 ===================================================================
--- Python-3.13.5.orig/Doc/tools/extensions/issue_role.py	2025-06-12 21:37:37.257659788 +0200
-+++ Python-3.13.5/Doc/tools/extensions/issue_role.py	2025-06-12 21:38:04.912236134 +0200
+--- Python-3.13.9.orig/Doc/tools/extensions/issue_role.py	2025-10-14 15:52:31.000000000 +0200
+++ Python-3.13.9/Doc/tools/extensions/issue_role.py	2025-11-20 01:07:59.907010386 +0100
@@ -1,22 +1,18 @@
 """Support for referencing issues in the tracker."""
 
@@ -757,10 +757,10 @@ Index: Python-3.13.5/Doc/tools/extensions/issue_role.py
     app.add_role("issue", BPOIssue())
     app.add_role("gh", GitHubIssue())
 
-Index: Python-3.13.5/Doc/tools/extensions/misc_news.py
+Index: Python-3.13.9/Doc/tools/extensions/misc_news.py
 ===================================================================
--- Python-3.13.5.orig/Doc/tools/extensions/misc_news.py	2025-06-12 21:37:37.257659788 +0200
-+++ Python-3.13.5/Doc/tools/extensions/misc_news.py	2025-06-12 21:38:04.912390144 +0200
+--- Python-3.13.9.orig/Doc/tools/extensions/misc_news.py	2025-10-14 15:52:31.000000000 +0200
+++ Python-3.13.9/Doc/tools/extensions/misc_news.py	2025-11-20 01:07:59.907170899 +0100
@@ -1,7 +1,5 @@
 """Support for including Misc/NEWS."""
 
@@ -813,10 +813,10 @@ Index: Python-3.13.5/Doc/tools/extensions/misc_news.py
     app.add_directive("miscnews", MiscNews)
 
     return {
-Index: Python-3.13.5/Doc/tools/extensions/patchlevel.py
+Index: Python-3.13.9/Doc/tools/extensions/patchlevel.py
 ===================================================================
--- Python-3.13.5.orig/Doc/tools/extensions/patchlevel.py	2025-06-12 21:37:37.257659788 +0200
-+++ Python-3.13.5/Doc/tools/extensions/patchlevel.py	2025-06-12 21:38:04.912563631 +0200
+--- Python-3.13.9.orig/Doc/tools/extensions/patchlevel.py	2025-10-14 15:52:31.000000000 +0200
+++ Python-3.13.9/Doc/tools/extensions/patchlevel.py	2025-11-20 01:07:59.907494228 +0100
@@ -3,7 +3,7 @@
 import re
 import sys
@@ -854,10 +854,10 @@ Index: Python-3.13.5/Doc/tools/extensions/patchlevel.py
     version = f"{info.major}.{info.minor}"
     release = f"{info.major}.{info.minor}.{info.micro}"
     if info.releaselevel != "final":
-Index: Python-3.13.5/Doc/tools/extensions/pydoc_topics.py
+Index: Python-3.13.9/Doc/tools/extensions/pydoc_topics.py
 ===================================================================
--- Python-3.13.5.orig/Doc/tools/extensions/pydoc_topics.py	2025-06-12 21:37:37.257659788 +0200
-+++ Python-3.13.5/Doc/tools/extensions/pydoc_topics.py	2025-06-12 21:38:04.912726688 +0200
+--- Python-3.13.9.orig/Doc/tools/extensions/pydoc_topics.py	2025-10-14 15:52:31.000000000 +0200
+++ Python-3.13.9/Doc/tools/extensions/pydoc_topics.py	2025-11-20 01:07:59.907684617 +0100
@@ -1,21 +1,23 @@
 """Support for building "topic help" for pydoc."""