- Add CVE-2025-8194-tarfile-no-neg-offsets.patch which now

validates archives to ensure member offsets are non-negative
  (gh#python/cpython#130577, CVE-2025-8194, bsc#1247249).

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python39?expand=0&rev=240

subprocess-raise-timeout.patch

@@ -0,0 +1,12 @@
+--- a/Lib/test/test_subprocess.py
++++ b/Lib/test/test_subprocess.py
+@@ -253,7 +253,8 @@ class ProcessTestCase(BaseTestCase):
+                      "time.sleep(3600)"],
+                     # Some heavily loaded buildbots (sparc Debian 3.x) require
+                     # this much time to start and print.
+-                    timeout=3)
++                    # OBS might require even more
++                    timeout=10)
+             self.fail("Expected TimeoutExpired.")
+         self.assertEqual(c.exception.output, b'BDFL')
+