Remove unnecessary patch and note that the bug has been already fixed.

2025-11-13 14:32:39 +01:00
parent 8825dfe9e6
commit b563206f1a
3 changed files with 2 additions and 36 deletions
--- a/CVE-2025-8291-consistency-zip64.patch
+++ b/CVE-2025-8291-consistency-zip64.patch
@@ -1,21 +0,0 @@
 From 8e208c6c06a38a008ac0c09781f9dc3cfdc26769 Mon Sep 17 00:00:00 2001
 From: Serhiy Storchaka <storchaka@gmail.com>
 Date: Wed, 24 Sep 2025 20:56:01 +0300
 Subject: [PATCH] gh-139700: Check consistency of the zip64 end of central
 directory record
 Support records with "zip64 extensible data" if there are no bytes
 prepended to the ZIP file.
 ---
 Misc/NEWS.d/next/Security/2025-10-07-19-31-34.gh-issue-139700.vNHU1O.rst |    3 +++
 1 file changed, 3 insertions(+)
 create mode 100644 Misc/NEWS.d/next/Security/2025-10-07-19-31-34.gh-issue-139700.vNHU1O.rst
 Index: Python-3.15.0a1/Misc/NEWS.d/next/Security/2025-10-07-19-31-34.gh-issue-139700.vNHU1O.rst
 ===================================================================
 --- /dev/null	1970-01-01 00:00:00.000000000 +0000
 +++ Python-3.15.0a1/Misc/NEWS.d/next/Security/2025-10-07-19-31-34.gh-issue-139700.vNHU1O.rst	2025-11-07 00:32:39.141440720 +0100
@@ -0,0 +1,3 @@
 +Check consistency of the zip64 end of central directory record. Support
 +records with "zip64 extensible data" if there are no bytes prepended to the
 +ZIP file.
--- a/python315.changes
+++ b/python315.changes
@@ -3,17 +3,6 @@ Mon Nov 10 10:01:37 UTC 2025 - Andreas Schwab <schwab@suse.de>
 - Update list of skipped tests in qemu linux-user emulation
 -------------------------------------------------------------------
 Thu Nov  6 23:45:56 UTC 2025 - Matej Cepl <mcepl@cepl.eu>
 - Add CVE-2025-8291-consistency-zip64.patch which checks
  consistency of the zip64 end of central directory record, and
  preventing obfuscation of the payload, i.e., you scanning for
  malicious content in a ZIP file with one ZIP parser (let's say
  a Rust one) then unpack it in production with another (e.g.,
  the Python one) and get malicious content that the other parser
  did not see (CVE-2025-8291, bsc#1251305)
 -------------------------------------------------------------------
 Fri Oct 24 21:45:47 UTC 2025 - Matej Cepl <mcepl@cepl.eu>
@@ -89,7 +78,8 @@ Fri Oct 24 21:45:47 UTC 2025 - Matej Cepl <mcepl@cepl.eu>
  - Security
    - gh-139700: Check consistency of the zip64 end of central
      directory record. Support records with “zip64 extensible
-      data” if there are no bytes prepended to the ZIP file.
+      data” if there are no bytes prepended to the ZIP file
      (bsc#1251305, CVE-2025-8291).
    - gh-139400: xml.parsers.expat: Make sure that parent
      Expat parsers are only garbage-collected once they
      are no longer referenced by subparsers created by
--- a/python315.spec
+++ b/python315.spec
@@ -224,9 +224,6 @@ Patch40:        fix-test-recursion-limit-15.6.patch
 Patch41:        bsc1243155-sphinx-non-determinism.patch
 # PATCH-FIX-OPENSUSE gh139257-Support-docutils-0.22.patch gh#python/cpython#139257 daniel.garcia@suse.com
 Patch42:        gh139257-Support-docutils-0.22.patch
 # PATCH-FIX-UPSTREAM CVE-2025-8291-consistency-zip64.patch bsc#1251305 mcepl@suse.com
 # Check consistency of the zip64 end of central directory record
 Patch43:        CVE-2025-8291-consistency-zip64.patch
 #### Python 3.15 DEVELOPMENT PATCHES
 BuildRequires:  autoconf-archive
 BuildRequires:  automake