forked from pool/python315
Remove unnecessary patch and note that the bug has been already fixed.
This commit is contained in:
@@ -1,21 +0,0 @@
|
||||
From 8e208c6c06a38a008ac0c09781f9dc3cfdc26769 Mon Sep 17 00:00:00 2001
|
||||
From: Serhiy Storchaka <storchaka@gmail.com>
|
||||
Date: Wed, 24 Sep 2025 20:56:01 +0300
|
||||
Subject: [PATCH] gh-139700: Check consistency of the zip64 end of central
|
||||
directory record
|
||||
|
||||
Support records with "zip64 extensible data" if there are no bytes
|
||||
prepended to the ZIP file.
|
||||
---
|
||||
Misc/NEWS.d/next/Security/2025-10-07-19-31-34.gh-issue-139700.vNHU1O.rst | 3 +++
|
||||
1 file changed, 3 insertions(+)
|
||||
create mode 100644 Misc/NEWS.d/next/Security/2025-10-07-19-31-34.gh-issue-139700.vNHU1O.rst
|
||||
|
||||
Index: Python-3.15.0a1/Misc/NEWS.d/next/Security/2025-10-07-19-31-34.gh-issue-139700.vNHU1O.rst
|
||||
===================================================================
|
||||
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
|
||||
+++ Python-3.15.0a1/Misc/NEWS.d/next/Security/2025-10-07-19-31-34.gh-issue-139700.vNHU1O.rst 2025-11-07 00:32:39.141440720 +0100
|
||||
@@ -0,0 +1,3 @@
|
||||
+Check consistency of the zip64 end of central directory record. Support
|
||||
+records with "zip64 extensible data" if there are no bytes prepended to the
|
||||
+ZIP file.
|
||||
@@ -3,17 +3,6 @@ Mon Nov 10 10:01:37 UTC 2025 - Andreas Schwab <schwab@suse.de>
|
||||
|
||||
- Update list of skipped tests in qemu linux-user emulation
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Nov 6 23:45:56 UTC 2025 - Matej Cepl <mcepl@cepl.eu>
|
||||
|
||||
- Add CVE-2025-8291-consistency-zip64.patch which checks
|
||||
consistency of the zip64 end of central directory record, and
|
||||
preventing obfuscation of the payload, i.e., you scanning for
|
||||
malicious content in a ZIP file with one ZIP parser (let's say
|
||||
a Rust one) then unpack it in production with another (e.g.,
|
||||
the Python one) and get malicious content that the other parser
|
||||
did not see (CVE-2025-8291, bsc#1251305)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Oct 24 21:45:47 UTC 2025 - Matej Cepl <mcepl@cepl.eu>
|
||||
|
||||
@@ -89,7 +78,8 @@ Fri Oct 24 21:45:47 UTC 2025 - Matej Cepl <mcepl@cepl.eu>
|
||||
- Security
|
||||
- gh-139700: Check consistency of the zip64 end of central
|
||||
directory record. Support records with “zip64 extensible
|
||||
data” if there are no bytes prepended to the ZIP file.
|
||||
data” if there are no bytes prepended to the ZIP file
|
||||
(bsc#1251305, CVE-2025-8291).
|
||||
- gh-139400: xml.parsers.expat: Make sure that parent
|
||||
Expat parsers are only garbage-collected once they
|
||||
are no longer referenced by subparsers created by
|
||||
|
||||
@@ -224,9 +224,6 @@ Patch40: fix-test-recursion-limit-15.6.patch
|
||||
Patch41: bsc1243155-sphinx-non-determinism.patch
|
||||
# PATCH-FIX-OPENSUSE gh139257-Support-docutils-0.22.patch gh#python/cpython#139257 daniel.garcia@suse.com
|
||||
Patch42: gh139257-Support-docutils-0.22.patch
|
||||
# PATCH-FIX-UPSTREAM CVE-2025-8291-consistency-zip64.patch bsc#1251305 mcepl@suse.com
|
||||
# Check consistency of the zip64 end of central directory record
|
||||
Patch43: CVE-2025-8291-consistency-zip64.patch
|
||||
#### Python 3.15 DEVELOPMENT PATCHES
|
||||
BuildRequires: autoconf-archive
|
||||
BuildRequires: automake
|
||||
|
||||
Reference in New Issue
Block a user