Remove subprocess-raise-timeout.patch, which seems irrelevant

now.
2025-11-06 23:24:21 +01:00
parent faa4a5c356
commit ed242c6395
8 changed files with 43 additions and 66 deletions
--- a/CVE-2025-8291-consistency-zip64.patch
+++ b/CVE-2025-8291-consistency-zip64.patch
@@ -10,17 +10,17 @@ prepended to the ZIP file.

 Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
 ---
- Lib/test/test_zipfile/test_core.py            | 82 ++++++++++++++++++-
- Lib/zipfile/__init__.py                       | 51 +++++++-----
- ...-10-07-19-31-34.gh-issue-139700.vNHU1O.rst |  3 +
+ Lib/test/test_zipfile/test_core.py                                       |   82 +++++++++-
+ Lib/zipfile/__init__.py                                                  |   51 +++---
+ Misc/NEWS.d/next/Security/2025-10-07-19-31-34.gh-issue-139700.vNHU1O.rst |    3 
 3 files changed, 113 insertions(+), 23 deletions(-)
 create mode 100644 Misc/NEWS.d/next/Security/2025-10-07-19-31-34.gh-issue-139700.vNHU1O.rst

-diff --git a/Lib/test/test_zipfile/test_core.py b/Lib/test/test_zipfile/test_core.py
-index c033059a515db6..6acfefc74d6665 100644
--- a/Lib/test/test_zipfile/test_core.py
-+++ b/Lib/test/test_zipfile/test_core.py
-@@ -898,6 +898,8 @@ def make_zip64_file(
+Index: Python-3.14.0/Lib/test/test_zipfile/test_core.py
+===================================================================
+--- Python-3.14.0.orig/Lib/test/test_zipfile/test_core.py	2025-11-12 01:03:54.947094045 +0100
+++ Python-3.14.0/Lib/test/test_zipfile/test_core.py	2025-11-12 01:04:11.766432381 +0100
+@@ -898,6 +898,8 @@
         self, file_size_64_set=False, file_size_extra=False,
         compress_size_64_set=False, compress_size_extra=False,
         header_offset_64_set=False, header_offset_extra=False,
@@ -29,7 +29,7 @@ index c033059a515db6..6acfefc74d6665 100644
     ):
         """Generate bytes sequence for a zip with (incomplete) zip64 data.
 
-@@ -951,6 +953,12 @@ def make_zip64_file(
+@@ -951,6 +953,12 @@
 
         central_dir_size = struct.pack('<Q', 58 + 8 * len(central_zip64_fields))
         offset_to_central_dir = struct.pack('<Q', 50 + 8 * len(local_zip64_fields))
@@ -42,7 +42,7 @@ index c033059a515db6..6acfefc74d6665 100644
 
         local_extra_length = struct.pack("<H", 4 + 8 * len(local_zip64_fields))
         central_extra_length = struct.pack("<H", 4 + 8 * len(central_zip64_fields))
-@@ -979,14 +987,17 @@ def make_zip64_file(
+@@ -979,14 +987,17 @@
             + filename
             + central_extra
             # Zip64 end of central directory
@@ -64,7 +64,7 @@ index c033059a515db6..6acfefc74d6665 100644
             # end of central directory
             + b"PK\x05\x06\x00\x00\x00\x00\x01\x00\x01\x00:\x00\x00\x002\x00"
             + b"\x00\x00\x00\x00"
-@@ -1017,6 +1028,7 @@ def test_bad_zip64_extra(self):
+@@ -1017,6 +1028,7 @@
         with self.assertRaises(zipfile.BadZipFile) as e:
             zipfile.ZipFile(io.BytesIO(missing_file_size_extra))
         self.assertIn('file size', str(e.exception).lower())
@@ -72,7 +72,7 @@ index c033059a515db6..6acfefc74d6665 100644
 
         # zip64 file size present, zip64 compress size present, one field in
         # extra, expecting two, equals missing compress size.
-@@ -1028,6 +1040,7 @@ def test_bad_zip64_extra(self):
+@@ -1028,6 +1040,7 @@
         with self.assertRaises(zipfile.BadZipFile) as e:
             zipfile.ZipFile(io.BytesIO(missing_compress_size_extra))
         self.assertIn('compress size', str(e.exception).lower())
@@ -80,7 +80,7 @@ index c033059a515db6..6acfefc74d6665 100644
 
         # zip64 compress size present, no fields in extra, expecting one,
         # equals missing compress size.
-@@ -1037,6 +1050,7 @@ def test_bad_zip64_extra(self):
+@@ -1037,6 +1050,7 @@
         with self.assertRaises(zipfile.BadZipFile) as e:
             zipfile.ZipFile(io.BytesIO(missing_compress_size_extra))
         self.assertIn('compress size', str(e.exception).lower())
@@ -88,7 +88,7 @@ index c033059a515db6..6acfefc74d6665 100644
 
         # zip64 file size present, zip64 compress size present, zip64 header
         # offset present, two fields in extra, expecting three, equals missing
-@@ -1051,6 +1065,7 @@ def test_bad_zip64_extra(self):
+@@ -1051,6 +1065,7 @@
         with self.assertRaises(zipfile.BadZipFile) as e:
             zipfile.ZipFile(io.BytesIO(missing_header_offset_extra))
         self.assertIn('header offset', str(e.exception).lower())
@@ -96,7 +96,7 @@ index c033059a515db6..6acfefc74d6665 100644
 
         # zip64 compress size present, zip64 header offset present, one field
         # in extra, expecting two, equals missing header offset
-@@ -1063,6 +1078,7 @@ def test_bad_zip64_extra(self):
+@@ -1063,6 +1078,7 @@
         with self.assertRaises(zipfile.BadZipFile) as e:
             zipfile.ZipFile(io.BytesIO(missing_header_offset_extra))
         self.assertIn('header offset', str(e.exception).lower())
@@ -104,7 +104,7 @@ index c033059a515db6..6acfefc74d6665 100644
 
         # zip64 file size present, zip64 header offset present, one field in
         # extra, expecting two, equals missing header offset
-@@ -1075,6 +1091,7 @@ def test_bad_zip64_extra(self):
+@@ -1075,6 +1091,7 @@
         with self.assertRaises(zipfile.BadZipFile) as e:
             zipfile.ZipFile(io.BytesIO(missing_header_offset_extra))
         self.assertIn('header offset', str(e.exception).lower())
@@ -112,7 +112,7 @@ index c033059a515db6..6acfefc74d6665 100644
 
         # zip64 header offset present, no fields in extra, expecting one,
         # equals missing header offset
-@@ -1086,6 +1103,63 @@ def test_bad_zip64_extra(self):
+@@ -1086,6 +1103,63 @@
         with self.assertRaises(zipfile.BadZipFile) as e:
             zipfile.ZipFile(io.BytesIO(missing_header_offset_extra))
         self.assertIn('header offset', str(e.exception).lower())
@@ -176,11 +176,11 @@ index c033059a515db6..6acfefc74d6665 100644
 
     def test_generated_valid_zip64_extra(self):
         # These values are what is set in the make_zip64_file method.
-diff --git a/Lib/zipfile/__init__.py b/Lib/zipfile/__init__.py
-index 2969f735e8abb9..ac2332e58468a2 100644
--- a/Lib/zipfile/__init__.py
-+++ b/Lib/zipfile/__init__.py
-@@ -265,7 +265,7 @@ def is_zipfile(filename):
+Index: Python-3.14.0/Lib/zipfile/__init__.py
+===================================================================
+--- Python-3.14.0.orig/Lib/zipfile/__init__.py	2025-11-12 01:03:55.239347604 +0100
+++ Python-3.14.0/Lib/zipfile/__init__.py	2025-11-12 01:04:11.767105446 +0100
+@@ -265,7 +265,7 @@
         else:
             with open(filename, "rb") as fp:
                 result = _check_zipfile(fp)
@@ -189,7 +189,7 @@ index 2969f735e8abb9..ac2332e58468a2 100644
         pass
     return result
 
-@@ -275,9 +275,6 @@ def _handle_prepended_data(endrec, debug=0):
+@@ -275,9 +275,6 @@
 
     # "concat" is zero, unless zip was concatenated to another file
     concat = endrec[_ECD_LOCATION] - size_cd - offset_cd
@@ -199,7 +199,7 @@ index 2969f735e8abb9..ac2332e58468a2 100644
 
     if debug > 2:
         inferred = concat + offset_cd
-@@ -289,16 +286,15 @@ def _EndRecData64(fpin, offset, endrec):
+@@ -289,16 +286,15 @@
     """
     Read the ZIP64 end-of-archive records and use that to update endrec
     """
@@ -221,7 +221,7 @@ index 2969f735e8abb9..ac2332e58468a2 100644
     sig, diskno, reloff, disks = struct.unpack(structEndArchive64Locator, data)
     if sig != stringEndArchive64Locator:
         return endrec
-@@ -306,16 +302,33 @@ def _EndRecData64(fpin, offset, endrec):
+@@ -306,16 +302,33 @@
     if diskno != 0 or disks > 1:
         raise BadZipFile("zipfiles that span multiple disks are not supported")
 
@@ -260,7 +260,7 @@ index 2969f735e8abb9..ac2332e58468a2 100644
 
     # Update the original endrec using data from the ZIP64 record
     endrec[_ECD_SIGNATURE] = sig
-@@ -325,6 +338,7 @@ def _EndRecData64(fpin, offset, endrec):
+@@ -325,6 +338,7 @@
     endrec[_ECD_ENTRIES_TOTAL] = dircount2
     endrec[_ECD_SIZE] = dirsize
     endrec[_ECD_OFFSET] = diroffset
@@ -268,7 +268,7 @@ index 2969f735e8abb9..ac2332e58468a2 100644
     return endrec
 
 
-@@ -358,7 +372,7 @@ def _EndRecData(fpin):
+@@ -358,7 +372,7 @@
         endrec.append(filesize - sizeEndCentDir)
 
         # Try to read the "Zip64 end of central directory" structure
@@ -277,7 +277,7 @@ index 2969f735e8abb9..ac2332e58468a2 100644
 
     # Either this is not a ZIP file, or it is a ZIP file with an archive
     # comment.  Search the end of the file for the "end of central directory"
-@@ -382,8 +396,7 @@ def _EndRecData(fpin):
+@@ -382,8 +396,7 @@
         endrec.append(maxCommentStart + start)
 
         # Try to read the "Zip64 end of central directory" structure
@@ -287,7 +287,7 @@ index 2969f735e8abb9..ac2332e58468a2 100644
 
     # Unable to find a valid end of central directory structure
     return None
-@@ -2142,7 +2155,7 @@ def _write_end_record(self):
+@@ -2142,7 +2155,7 @@
                                    " would require ZIP64 extensions")
             zip64endrec = struct.pack(
                 structEndArchive64, stringEndArchive64,
@@ -296,11 +296,10 @@ index 2969f735e8abb9..ac2332e58468a2 100644
                 centDirSize, centDirOffset)
             self.fp.write(zip64endrec)
 
-diff --git a/Misc/NEWS.d/next/Security/2025-10-07-19-31-34.gh-issue-139700.vNHU1O.rst b/Misc/NEWS.d/next/Security/2025-10-07-19-31-34.gh-issue-139700.vNHU1O.rst
-new file mode 100644
-index 00000000000000..a8e7a1f1878c6b
--- /dev/null
-+++ b/Misc/NEWS.d/next/Security/2025-10-07-19-31-34.gh-issue-139700.vNHU1O.rst
+Index: Python-3.14.0/Misc/NEWS.d/next/Security/2025-10-07-19-31-34.gh-issue-139700.vNHU1O.rst
+===================================================================
+--- /dev/null	1970-01-01 00:00:00.000000000 +0000
+++ Python-3.14.0/Misc/NEWS.d/next/Security/2025-10-07-19-31-34.gh-issue-139700.vNHU1O.rst	2025-11-12 01:04:11.767493557 +0100
@@ -0,0 +1,3 @@
 +Check consistency of the zip64 end of central directory record. Support
 +records with "zip64 extensible data" if there are no bytes prepended to the
--- a/Python-3.14.0a5.tar.xz
+++ b/Python-3.14.0a5.tar.xz
--- a/Python-3.14.0a5.tar.xz.sigstore
+++ b/Python-3.14.0a5.tar.xz.sigstore
--- a/fix-test-recursion-limit-15.6.patch
+++ b/fix-test-recursion-limit-15.6.patch
@@ -2,10 +2,10 @@
 Lib/test/test_compile.py |    5 +++++
 1 file changed, 5 insertions(+)

-Index: Python-3.14.0b3/Lib/test/test_compile.py
+Index: Python-3.14.0/Lib/test/test_compile.py
 ===================================================================
--- Python-3.14.0b3.orig/Lib/test/test_compile.py	2025-06-22 00:32:01.975698954 +0200
-+++ Python-3.14.0b3/Lib/test/test_compile.py	2025-06-22 00:32:07.740981155 +0200
+--- Python-3.14.0.orig/Lib/test/test_compile.py	2025-11-06 23:19:11.681015028 +0100
+++ Python-3.14.0/Lib/test/test_compile.py	2025-11-06 23:22:47.971267371 +0100
@@ -24,6 +24,9 @@
 from test.support.bytecode_helper import instructions_with_positions
 from test.support.os_helper import FakePath
@@ -16,7 +16,7 @@ Index: Python-3.14.0b3/Lib/test/test_compile.py
 class TestSpecifics(unittest.TestCase):
 
     def compile_single(self, source):
-@@ -121,6 +124,7 @@ class TestSpecifics(unittest.TestCase):
+@@ -120,6 +123,7 @@
         self.assertEqual(d['z'], 12)
 
     @unittest.skipIf(support.is_wasi, "exhausts limited stack on WASI")
@@ -31,4 +31,4 @@ Index: Python-3.14.0b3/Lib/test/test_compile.py
 +    @unittest.skipIf(IS_SLE_15_6 and IS_32bit, "fails on 15.6 i586")
     @support.skip_emscripten_stack_overflow()
     def test_compiler_recursion_limit(self):
-         # Expected limit is Py_C_RECURSION_LIMIT
+         # Compiler frames are small
--- a/python-3.3.0b1-fix_date_time_compiler.patch
+++ b/python-3.3.0b1-fix_date_time_compiler.patch
@@ -2,10 +2,10 @@
 Makefile.pre.in |    5 +++++
 1 file changed, 5 insertions(+)

-Index: Python-3.14.0rc1/Makefile.pre.in
+Index: Python-3.14.0/Makefile.pre.in
 ===================================================================
--- Python-3.14.0rc1.orig/Makefile.pre.in	2025-07-22 18:42:44.000000000 +0200
-+++ Python-3.14.0rc1/Makefile.pre.in	2025-07-23 10:10:27.325708066 +0200
+--- Python-3.14.0.orig/Makefile.pre.in	2025-10-07 11:34:52.000000000 +0200
+++ Python-3.14.0/Makefile.pre.in	2025-11-06 23:19:25.434995608 +0100
@@ -1910,6 +1910,11 @@
 	      -DGITBRANCH="\"`LC_ALL=C $(GITBRANCH)`\"" \
 	      -o $@ $(srcdir)/Modules/getbuildinfo.c
--- a/python314.changes
+++ b/python314.changes
@@ -8,6 +8,8 @@ Tue Nov  4 16:44:05 UTC 2025 - Matej Cepl <mcepl@cepl.eu>
  a Rust one) then unpack it in production with another (e.g.,
  the Python one) and get malicious content that the other parser
  did not see (CVE-2025-8291, bsc#1251305)
+- Remove subprocess-raise-timeout.patch, which seems irrelevant
+  now.

 -------------------------------------------------------------------
 Wed Oct 15 09:22:40 UTC 2025 - Daniel Garcia <daniel.garcia@suse.com>
--- a/python314.spec
+++ b/python314.spec
@@ -203,8 +203,6 @@ Patch02:        F00251-change-user-install-location.patch
 Patch03:        python-3.3.0b1-localpath.patch
 # replace DATE, TIME and COMPILER by fixed definitions to aid reproducible builds
 Patch04:        python-3.3.0b1-fix_date_time_compiler.patch
-# Raise timeout value for test_subprocess
-Patch06:        subprocess-raise-timeout.patch
 # PATCH-FEATURE-UPSTREAM bpo-31046_ensurepip_honours_prefix.patch bpo#31046 mcepl@suse.com
 # ensurepip should honour the value of $(prefix)
 Patch07:        bpo-31046_ensurepip_honours_prefix.patch
--- a/subprocess-raise-timeout.patch
+++ b/subprocess-raise-timeout.patch
@@ -1,18 +0,0 @@
---
- Lib/test/test_subprocess.py |    6 +++++-
- 1 file changed, 5 insertions(+), 1 deletion(-)
-
--- a/Lib/test/test_subprocess.py
-+++ b/Lib/test/test_subprocess.py
-@@ -281,7 +281,8 @@ class ProcessTestCase(BaseTestCase):
-                      "time.sleep(3600)"],
-                     # Some heavily loaded buildbots (sparc Debian 3.x) require
-                     # this much time to start and print.
-                    timeout=3)
-+                    # OBS might require even more
-+                    timeout=10)
-             self.fail("Expected TimeoutExpired.")
-         self.assertEqual(c.exception.output, b'BDFL')
- 
-     def test_timeout_exception(self):
-         try: