Add CVE-2025-8291-consistency-zip64.patch

Checks consistency of the zip64 end of central directory record, and preventing obfuscation of the payload, i.e., you scanning for malicious content in a ZIP file with one ZIP parser (let's say a Rust one) then unpack it in production with another (e.g., the Python one) and get malicious content that the other parser did not see (CVE-2025-8291, bsc#1251305) Readjust patches while synchronizing between openSUSE and SLE trees: - F00251-change-user-install-location.patch - doc-py38-to-py36.patch - gh126985-mv-pyvenv.cfg2getpath.patch
2025-11-04 17:47:42 +01:00
parent 6823a127f7
commit ff726ffdd5
6 changed files with 390 additions and 91 deletions
--- a/doc-py38-to-py36.patch
+++ b/doc-py38-to-py36.patch
@@ -7,7 +7,6 @@
 Doc/library/doctest.rst                       |    1
 Doc/library/email.compat32-message.rst        |    1
 Doc/library/xml.etree.elementtree.rst         |    1
- Doc/Makefile                                  |    8 +--
 Doc/c-api/arg.rst                             |    1 
 Doc/c-api/typeobj.rst                         |    8 +--
 Doc/conf.py                                   |   29 ++++++++++---
@@ -25,36 +24,12 @@
 Doc/tools/extensions/misc_news.py             |   14 ++----
 Doc/tools/extensions/patchlevel.py            |    9 ++--
 Doc/tools/extensions/pydoc_topics.py          |   22 +++++-----
- 18 files changed, 159 insertions(+), 130 deletions(-)
+ 17 files changed, 155 insertions(+), 126 deletions(-)

-Index: Python-3.13.6/Doc/Makefile
+Index: Python-3.13.9/Doc/c-api/arg.rst
 ===================================================================
--- Python-3.13.6.orig/Doc/Makefile	2025-08-06 15:05:20.000000000 +0200
-+++ Python-3.13.6/Doc/Makefile	2025-08-07 12:16:58.253706854 +0200
-@@ -14,15 +14,15 @@
- SOURCES      =
- DISTVERSION  = $(shell $(PYTHON) tools/extensions/patchlevel.py)
- REQUIREMENTS = requirements.txt
-SPHINXERRORHANDLING = --fail-on-warning
-+SPHINXERRORHANDLING =
- 
- # Internal variables.
- PAPEROPT_a4     = --define latex_elements.papersize=a4paper
- PAPEROPT_letter = --define latex_elements.papersize=letterpaper
- 
-ALLSPHINXOPTS = --builder $(BUILDER) \
-                --doctree-dir build/doctrees \
-                --jobs $(JOBS) \
-+ALLSPHINXOPTS = -b $(BUILDER) \
-+                -d build/doctrees \
-+                -j $(JOBS) \
-                 $(PAPEROPT_$(PAPER)) \
-                 $(SPHINXOPTS) $(SPHINXERRORHANDLING) \
-                 . build/$(BUILDER) $(SOURCES)
-Index: Python-3.13.6/Doc/c-api/arg.rst
-===================================================================
--- Python-3.13.6.orig/Doc/c-api/arg.rst	2025-08-06 15:05:20.000000000 +0200
-+++ Python-3.13.6/Doc/c-api/arg.rst	2025-08-07 12:16:58.254160756 +0200
+--- Python-3.13.9.orig/Doc/c-api/arg.rst	2025-10-14 15:52:31.000000000 +0200
+++ Python-3.13.9/Doc/c-api/arg.rst	2025-11-04 17:41:42.876411055 +0100
@@ -334,7 +334,6 @@
    should raise an exception and leave the content of *address* unmodified.
 
@@ -63,10 +38,10 @@ Index: Python-3.13.6/Doc/c-api/arg.rst
 
    If the *converter* returns :c:macro:`!Py_CLEANUP_SUPPORTED`, it may get called a
    second time if the argument parsing eventually fails, giving the converter a
-Index: Python-3.13.6/Doc/c-api/typeobj.rst
+Index: Python-3.13.9/Doc/c-api/typeobj.rst
 ===================================================================
--- Python-3.13.6.orig/Doc/c-api/typeobj.rst	2025-08-06 15:05:20.000000000 +0200
-+++ Python-3.13.6/Doc/c-api/typeobj.rst	2025-08-07 12:16:58.254692184 +0200
+--- Python-3.13.9.orig/Doc/c-api/typeobj.rst	2025-10-14 15:52:31.000000000 +0200
+++ Python-3.13.9/Doc/c-api/typeobj.rst	2025-11-04 17:41:42.877033887 +0100
@@ -610,7 +610,7 @@
    Functions like :c:func:`PyObject_NewVar` will take the value of N as an
    argument, and store in the instance's :c:member:`~PyVarObject.ob_size` field.
@@ -97,10 +72,10 @@ Index: Python-3.13.6/Doc/c-api/typeobj.rst
    include :c:type:`PyObject` or :c:type:`PyVarObject` (depending on
    whether :c:member:`~PyVarObject.ob_size` should be included). These are
    usually defined by the macro :c:macro:`PyObject_HEAD` or
-Index: Python-3.13.6/Doc/conf.py
+Index: Python-3.13.9/Doc/conf.py
 ===================================================================
--- Python-3.13.6.orig/Doc/conf.py	2025-08-07 12:16:45.115568663 +0200
-+++ Python-3.13.6/Doc/conf.py	2025-08-07 12:16:58.255236531 +0200
+--- Python-3.13.9.orig/Doc/conf.py	2025-11-04 17:39:03.414159687 +0100
+++ Python-3.13.9/Doc/conf.py	2025-11-04 17:41:42.877735198 +0100
@@ -11,6 +11,8 @@
 from importlib import import_module
 from importlib.util import find_spec
@@ -136,7 +111,7 @@ Index: Python-3.13.6/Doc/conf.py
 
 # Create table of contents entries for domain objects (e.g. functions, classes,
 # attributes, etc.). Default is True.
-@@ -258,6 +260,9 @@
+@@ -257,6 +259,9 @@
 # Avoid a warning with Sphinx >= 4.0
 root_doc = 'contents'
 
@@ -146,7 +121,7 @@ Index: Python-3.13.6/Doc/conf.py
 # Allow translation of index directives
 gettext_additional_targets = [
     'index',
-@@ -297,7 +302,7 @@
+@@ -296,7 +301,7 @@
 # (See .readthedocs.yml and https://docs.readthedocs.io/en/stable/reference/environment-variables.html)
 is_deployment_preview = os.getenv("READTHEDOCS_VERSION_TYPE") == "external"
 repository_url = os.getenv("READTHEDOCS_GIT_CLONE_URL", "")
@@ -172,10 +147,10 @@ Index: Python-3.13.6/Doc/conf.py
 # Options for c_annotations extension
 # -----------------------------------
 
-Index: Python-3.13.6/Doc/library/doctest.rst
+Index: Python-3.13.9/Doc/library/doctest.rst
 ===================================================================
--- Python-3.13.6.orig/Doc/library/doctest.rst	2025-08-06 15:05:20.000000000 +0200
-+++ Python-3.13.6/Doc/library/doctest.rst	2025-08-07 12:16:58.255583157 +0200
+--- Python-3.13.9.orig/Doc/library/doctest.rst	2025-10-14 15:52:31.000000000 +0200
+++ Python-3.13.9/Doc/library/doctest.rst	2025-11-04 17:41:42.878188221 +0100
@@ -310,7 +310,6 @@
 .. currentmodule:: None
 
@@ -184,10 +159,10 @@ Index: Python-3.13.6/Doc/library/doctest.rst
 
 .. currentmodule:: doctest
 
-Index: Python-3.13.6/Doc/library/email.compat32-message.rst
+Index: Python-3.13.9/Doc/library/email.compat32-message.rst
 ===================================================================
--- Python-3.13.6.orig/Doc/library/email.compat32-message.rst	2025-08-06 15:05:20.000000000 +0200
-+++ Python-3.13.6/Doc/library/email.compat32-message.rst	2025-08-07 12:16:58.256095517 +0200
+--- Python-3.13.9.orig/Doc/library/email.compat32-message.rst	2025-10-14 15:52:31.000000000 +0200
+++ Python-3.13.9/Doc/library/email.compat32-message.rst	2025-11-04 17:41:42.878726754 +0100
@@ -7,7 +7,6 @@
    :synopsis: The base class representing email messages in a fashion
               backward compatible with Python 3.2
@@ -196,10 +171,10 @@ Index: Python-3.13.6/Doc/library/email.compat32-message.rst
 
 
 The :class:`Message` class is very similar to the
-Index: Python-3.13.6/Doc/library/xml.etree.elementtree.rst
+Index: Python-3.13.9/Doc/library/xml.etree.elementtree.rst
 ===================================================================
--- Python-3.13.6.orig/Doc/library/xml.etree.elementtree.rst	2025-08-06 15:05:20.000000000 +0200
-+++ Python-3.13.6/Doc/library/xml.etree.elementtree.rst	2025-08-07 12:16:58.256380542 +0200
+--- Python-3.13.9.orig/Doc/library/xml.etree.elementtree.rst	2025-10-14 15:52:31.000000000 +0200
+++ Python-3.13.9/Doc/library/xml.etree.elementtree.rst	2025-11-04 17:41:42.879107050 +0100
@@ -873,7 +873,6 @@
 
 .. module:: xml.etree.ElementTree
@@ -208,10 +183,10 @@ Index: Python-3.13.6/Doc/library/xml.etree.elementtree.rst
 
 .. class:: Element(tag, attrib={}, **extra)
 
-Index: Python-3.13.6/Doc/tools/check-warnings.py
+Index: Python-3.13.9/Doc/tools/check-warnings.py
 ===================================================================
--- Python-3.13.6.orig/Doc/tools/check-warnings.py	2025-08-06 15:05:20.000000000 +0200
-+++ Python-3.13.6/Doc/tools/check-warnings.py	2025-08-07 12:16:58.256796101 +0200
+--- Python-3.13.9.orig/Doc/tools/check-warnings.py	2025-10-14 15:52:31.000000000 +0200
+++ Python-3.13.9/Doc/tools/check-warnings.py	2025-11-04 17:41:42.879425179 +0100
@@ -228,7 +228,8 @@
             print(filename)
             for warning in warnings:
@@ -231,10 +206,10 @@ Index: Python-3.13.6/Doc/tools/check-warnings.py
         for warning in warnings
         if "Doc/" in warning
     }
-Index: Python-3.13.6/Doc/tools/extensions/audit_events.py
+Index: Python-3.13.9/Doc/tools/extensions/audit_events.py
 ===================================================================
--- Python-3.13.6.orig/Doc/tools/extensions/audit_events.py	2025-08-06 15:05:20.000000000 +0200
-+++ Python-3.13.6/Doc/tools/extensions/audit_events.py	2025-08-07 12:16:58.257103336 +0200
+--- Python-3.13.9.orig/Doc/tools/extensions/audit_events.py	2025-10-14 15:52:31.000000000 +0200
+++ Python-3.13.9/Doc/tools/extensions/audit_events.py	2025-11-04 17:41:42.879679368 +0100
@@ -1,9 +1,6 @@
 """Support for documenting audit events."""
 
@@ -370,10 +345,10 @@ Index: Python-3.13.6/Doc/tools/extensions/audit_events.py
     ) -> nodes.row:
         row = nodes.row()
         name_node = nodes.paragraph("", nodes.Text(name))
-Index: Python-3.13.6/Doc/tools/extensions/availability.py
+Index: Python-3.13.9/Doc/tools/extensions/availability.py
 ===================================================================
--- Python-3.13.6.orig/Doc/tools/extensions/availability.py	2025-08-06 15:05:20.000000000 +0200
-+++ Python-3.13.6/Doc/tools/extensions/availability.py	2025-08-07 12:16:58.257352322 +0200
+--- Python-3.13.9.orig/Doc/tools/extensions/availability.py	2025-10-14 15:52:31.000000000 +0200
+++ Python-3.13.9/Doc/tools/extensions/availability.py	2025-11-04 17:41:42.879900324 +0100
@@ -1,8 +1,6 @@
 """Support for documenting platform availability"""
 
@@ -427,10 +402,10 @@ Index: Python-3.13.6/Doc/tools/extensions/availability.py
     app.add_directive("availability", Availability)
 
     return {
-Index: Python-3.13.6/Doc/tools/extensions/c_annotations.py
+Index: Python-3.13.9/Doc/tools/extensions/c_annotations.py
 ===================================================================
--- Python-3.13.6.orig/Doc/tools/extensions/c_annotations.py	2025-08-06 15:05:20.000000000 +0200
-+++ Python-3.13.6/Doc/tools/extensions/c_annotations.py	2025-08-07 12:16:58.257571556 +0200
+--- Python-3.13.9.orig/Doc/tools/extensions/c_annotations.py	2025-10-14 15:52:31.000000000 +0200
+++ Python-3.13.9/Doc/tools/extensions/c_annotations.py	2025-11-04 17:41:42.880074051 +0100
@@ -9,22 +9,26 @@
 * Set ``stable_abi_file`` to the path to stable ABI list.
 """
@@ -568,10 +543,10 @@ Index: Python-3.13.6/Doc/tools/extensions/c_annotations.py
     return {
         "version": "1.0",
         "parallel_read_safe": True,
-Index: Python-3.13.6/Doc/tools/extensions/changes.py
+Index: Python-3.13.9/Doc/tools/extensions/changes.py
 ===================================================================
--- Python-3.13.6.orig/Doc/tools/extensions/changes.py	2025-08-06 15:05:20.000000000 +0200
-+++ Python-3.13.6/Doc/tools/extensions/changes.py	2025-08-07 12:16:58.257773818 +0200
+--- Python-3.13.9.orig/Doc/tools/extensions/changes.py	2025-10-14 15:52:31.000000000 +0200
+++ Python-3.13.9/Doc/tools/extensions/changes.py	2025-11-04 17:41:42.880259370 +0100
@@ -1,7 +1,5 @@
 """Support for documenting version of changes, additions, deprecations."""
 
@@ -607,10 +582,10 @@ Index: Python-3.13.6/Doc/tools/extensions/changes.py
     # Override Sphinx's directives with support for 'next'
     app.add_directive("versionadded", PyVersionChange, override=True)
     app.add_directive("versionchanged", PyVersionChange, override=True)
-Index: Python-3.13.6/Doc/tools/extensions/glossary_search.py
+Index: Python-3.13.9/Doc/tools/extensions/glossary_search.py
 ===================================================================
--- Python-3.13.6.orig/Doc/tools/extensions/glossary_search.py	2025-08-06 15:05:20.000000000 +0200
-+++ Python-3.13.6/Doc/tools/extensions/glossary_search.py	2025-08-07 12:16:58.257959947 +0200
+--- Python-3.13.9.orig/Doc/tools/extensions/glossary_search.py	2025-10-14 15:52:31.000000000 +0200
+++ Python-3.13.9/Doc/tools/extensions/glossary_search.py	2025-11-04 17:41:42.880446332 +0100
@@ -1,21 +1,27 @@
 """Feature search results for glossary items prominently."""
 
@@ -654,10 +629,10 @@ Index: Python-3.13.6/Doc/tools/extensions/glossary_search.py
     app.connect('doctree-resolved', process_glossary_nodes)
     app.connect('build-finished', write_glossary_json)
 
-Index: Python-3.13.6/Doc/tools/extensions/implementation_detail.py
+Index: Python-3.13.9/Doc/tools/extensions/implementation_detail.py
 ===================================================================
--- Python-3.13.6.orig/Doc/tools/extensions/implementation_detail.py	2025-08-06 15:05:20.000000000 +0200
-+++ Python-3.13.6/Doc/tools/extensions/implementation_detail.py	2025-08-07 12:16:58.258140488 +0200
+--- Python-3.13.9.orig/Doc/tools/extensions/implementation_detail.py	2025-10-14 15:52:31.000000000 +0200
+++ Python-3.13.9/Doc/tools/extensions/implementation_detail.py	2025-11-04 17:41:42.880613957 +0100
@@ -1,17 +1,10 @@
 """Support for marking up implementation details."""
 
@@ -708,10 +683,10 @@ Index: Python-3.13.6/Doc/tools/extensions/implementation_detail.py
     app.add_directive("impl-detail", ImplementationDetail)
 
     return {
-Index: Python-3.13.6/Doc/tools/extensions/issue_role.py
+Index: Python-3.13.9/Doc/tools/extensions/issue_role.py
 ===================================================================
--- Python-3.13.6.orig/Doc/tools/extensions/issue_role.py	2025-08-06 15:05:20.000000000 +0200
-+++ Python-3.13.6/Doc/tools/extensions/issue_role.py	2025-08-07 12:16:58.258306293 +0200
+--- Python-3.13.9.orig/Doc/tools/extensions/issue_role.py	2025-10-14 15:52:31.000000000 +0200
+++ Python-3.13.9/Doc/tools/extensions/issue_role.py	2025-11-04 17:41:42.880769320 +0100
@@ -1,22 +1,18 @@
 """Support for referencing issues in the tracker."""
 
@@ -757,10 +732,10 @@ Index: Python-3.13.6/Doc/tools/extensions/issue_role.py
     app.add_role("issue", BPOIssue())
     app.add_role("gh", GitHubIssue())
 
-Index: Python-3.13.6/Doc/tools/extensions/misc_news.py
+Index: Python-3.13.9/Doc/tools/extensions/misc_news.py
 ===================================================================
--- Python-3.13.6.orig/Doc/tools/extensions/misc_news.py	2025-08-06 15:05:20.000000000 +0200
-+++ Python-3.13.6/Doc/tools/extensions/misc_news.py	2025-08-07 12:16:58.258481107 +0200
+--- Python-3.13.9.orig/Doc/tools/extensions/misc_news.py	2025-10-14 15:52:31.000000000 +0200
+++ Python-3.13.9/Doc/tools/extensions/misc_news.py	2025-11-04 17:41:42.880942406 +0100
@@ -1,7 +1,5 @@
 """Support for including Misc/NEWS."""
 
@@ -813,10 +788,10 @@ Index: Python-3.13.6/Doc/tools/extensions/misc_news.py
     app.add_directive("miscnews", MiscNews)
 
     return {
-Index: Python-3.13.6/Doc/tools/extensions/patchlevel.py
+Index: Python-3.13.9/Doc/tools/extensions/patchlevel.py
 ===================================================================
--- Python-3.13.6.orig/Doc/tools/extensions/patchlevel.py	2025-08-06 15:05:20.000000000 +0200
-+++ Python-3.13.6/Doc/tools/extensions/patchlevel.py	2025-08-07 12:16:58.258716335 +0200
+--- Python-3.13.9.orig/Doc/tools/extensions/patchlevel.py	2025-10-14 15:52:31.000000000 +0200
+++ Python-3.13.9/Doc/tools/extensions/patchlevel.py	2025-11-04 17:41:42.881098319 +0100
@@ -3,7 +3,7 @@
 import re
 import sys
@@ -854,10 +829,10 @@ Index: Python-3.13.6/Doc/tools/extensions/patchlevel.py
     version = f"{info.major}.{info.minor}"
     release = f"{info.major}.{info.minor}.{info.micro}"
     if info.releaselevel != "final":
-Index: Python-3.13.6/Doc/tools/extensions/pydoc_topics.py
+Index: Python-3.13.9/Doc/tools/extensions/pydoc_topics.py
 ===================================================================
--- Python-3.13.6.orig/Doc/tools/extensions/pydoc_topics.py	2025-08-06 15:05:20.000000000 +0200
-+++ Python-3.13.6/Doc/tools/extensions/pydoc_topics.py	2025-08-07 12:16:58.258911962 +0200
+--- Python-3.13.9.orig/Doc/tools/extensions/pydoc_topics.py	2025-10-14 15:52:31.000000000 +0200
+++ Python-3.13.9/Doc/tools/extensions/pydoc_topics.py	2025-11-04 17:41:42.881251888 +0100
@@ -1,21 +1,23 @@
 """Support for building "topic help" for pydoc."""