Accepting request 1175099 from devel:languages:python:Factory

- bsc#1221854 (CVE-2024-0450) Add CVE-2024-0450-zipfile-avoid-quoted-overlap-zipbomb.patch detecting the vulnerability of the "quoted-overlap" zipbomb (from gh#python/cpython!110016). - Add CVE-2023-52425-libexpat-2.6.0-remove-failing-tests.patch removing failing test fixing bpo#3151, which we just not support. - Remove patches over those embedded packages (cffi): - python-2.7-libffi-aarch64.patch - sparc_longdouble.patch OBS-URL: https://build.opensuse.org/request/show/1175099 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python?expand=0&rev=196
2024-05-21 16:34:28 +00:00 · 2024-05-21 16:34:28 +00:00 · 6565758ff5
commit 6565758ff5
parent 36ed6c337d 01ce66c584
11 changed files with 261 additions and 54 deletions
--- a/CVE-2023-52425-libexpat-2.6.0-remove-failing-tests.patch
+++ b/CVE-2023-52425-libexpat-2.6.0-remove-failing-tests.patch
@ -0,0 +1,32 @@
 ---
 Lib/test/test_minidom.py   |    3 ++-
 Lib/test/test_xml_etree.py |    6 ------
 2 files changed, 2 insertions(+), 7 deletions(-)
 --- a/Lib/test/test_minidom.py
 +++ b/Lib/test/test_minidom.py
@@ -1051,7 +1051,8 @@ class MinidomTest(unittest.TestCase):
         # Verify that character decoding errors raise exceptions instead
         # of crashing
 -        self.assertRaises(UnicodeDecodeError, parseString,
 +        self.assertRaises((UnicodeDecodeError, xml.parsers.expat.ExpatError),
 +                          parseString,
                 '<fran\xe7ais>Comment \xe7a va ? Tr\xe8s bien ?</fran\xe7ais>')
         doc.unlink()
 --- a/Lib/test/test_xml_etree.py
 +++ b/Lib/test/test_xml_etree.py
@@ -1482,12 +1482,6 @@ class BugsTest(unittest.TestCase):
                 b"<?xml version='1.0' encoding='ascii'?>\n"
                 b'<body>t&#227;g</body>')
 -    def test_issue3151(self):
 -        e = ET.XML('<prefix:localname xmlns:prefix="${stuff}"/>')
 -        self.assertEqual(e.tag, '{${stuff}}localname')
 -        t = ET.ElementTree(e)
 -        self.assertEqual(ET.tostring(e), b'<ns0:localname xmlns:ns0="${stuff}" />')
 -
     def test_issue6565(self):
         elem = ET.XML("<body><tag/></body>")
         self.assertEqual(summarize_list(elem), ['tag'])
--- a/CVE-2024-0450-zipfile-avoid-quoted-overlap-zipbomb.patch
+++ b/CVE-2024-0450-zipfile-avoid-quoted-overlap-zipbomb.patch
@ -0,0 +1,163 @@
 From d8877aaabe9aa5d9b9904c222c552f3c6a85017c Mon Sep 17 00:00:00 2001
 From: Serhiy Storchaka <storchaka@gmail.com>
 Date: Wed, 17 Jan 2024 15:41:50 +0200
 Subject: [PATCH] [CVE-2024-0450] Protect zipfile from "quoted-overlap" zipbomb
 Raise BadZipFile when try to read an entry that overlaps with
 other entry or central directory.
 (cherry picked from commit 66363b9a7b9fe7c99eba3a185b74c5fdbf842eba)
 From-PR: gh#python/cpython!110016
 Fixes: gh#python/cpython#109858
 Patch: CVE-2024-0450-zipfile-avoid-quoted-overlap-zipbomb.patch
 ---
 Lib/test/test_zipfile.py                                                |   66 +++++++++-
 Lib/zipfile.py                                                          |   12 +
 Misc/NEWS.d/next/Library/2023-09-28-13-15-51.gh-issue-109858.43e2dg.rst |    3 
 3 files changed, 78 insertions(+), 3 deletions(-)
 create mode 100644 Misc/NEWS.d/next/Library/2023-09-28-13-15-51.gh-issue-109858.43e2dg.rst
 --- a/Lib/test/test_zipfile.py
 +++ b/Lib/test/test_zipfile.py
@@ -1004,7 +1004,7 @@ class OtherTests(unittest.TestCase):
         self.assertTrue(not chk)
     def test_damaged_zipfile(self):
 -        """Check that zipfiles with missing bytes at the end raise BadZipFile."""
 +        """Check that zipfiles with missing bytes at the end raise BadZipfile."""
         # - Create a valid zip file
         fp = io.BytesIO()
         with zipfile.ZipFile(fp, mode="w") as zipf:
@@ -1012,7 +1012,7 @@ class OtherTests(unittest.TestCase):
         zipfiledata = fp.getvalue()
         # - Now create copies of it missing the last N bytes and make sure
 -        #   a BadZipFile exception is raised when we try to open it
 +        #   a BadZipfile exception is raised when we try to open it
         for N in range(len(zipfiledata)):
             fp = io.BytesIO(zipfiledata[:N])
             self.assertRaises(zipfile.BadZipfile, zipfile.ZipFile, fp)
@@ -1053,7 +1053,7 @@ class OtherTests(unittest.TestCase):
         # quickly.
         self.assertRaises(IOError, zipfile.ZipFile, TESTFN)
 -    def test_empty_file_raises_BadZipFile(self):
 +    def test_empty_file_raises_BadZipfile(self):
         with open(TESTFN, 'w') as f:
             pass
         self.assertRaises(zipfile.BadZipfile, zipfile.ZipFile, TESTFN)
@@ -1377,6 +1377,66 @@ class TestsWithRandomBinaryFiles(unittes
         with open(TESTFN, "wb") as fp:
             fp.write(self.data)
 +    @skipUnless(zlib, "requires zlib")
 +    def test_full_overlap(self):
 +        data = (
 +            b'PK\x03\x04\x14\x00\x00\x00\x08\x00\xa0lH\x05\xe2\x1e'
 +            b'8\xbb\x10\x00\x00\x00\t\x04\x00\x00\x01\x00\x00\x00a\xed'
 +            b'\xc0\x81\x08\x00\x00\x00\xc00\xd6\xfbK\\d\x0b`P'
 +            b'K\x01\x02\x14\x00\x14\x00\x00\x00\x08\x00\xa0lH\x05\xe2'
 +            b'\x1e8\xbb\x10\x00\x00\x00\t\x04\x00\x00\x01\x00\x00\x00\x00'
 +            b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00aPK'
 +            b'\x01\x02\x14\x00\x14\x00\x00\x00\x08\x00\xa0lH\x05\xe2\x1e'
 +            b'8\xbb\x10\x00\x00\x00\t\x04\x00\x00\x01\x00\x00\x00\x00\x00'
 +            b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00bPK\x05'
 +            b'\x06\x00\x00\x00\x00\x02\x00\x02\x00^\x00\x00\x00/\x00\x00'
 +            b'\x00\x00\x00'
 +        )
 +        with zipfile.ZipFile(io.BytesIO(data), 'r') as zipf:
 +            self.assertEqual(zipf.namelist(), ['a', 'b'])
 +            zi = zipf.getinfo('a')
 +            self.assertEqual(zi.header_offset, 0)
 +            self.assertEqual(zi.compress_size, 16)
 +            self.assertEqual(zi.file_size, 1033)
 +            zi = zipf.getinfo('b')
 +            self.assertEqual(zi.header_offset, 0)
 +            self.assertEqual(zi.compress_size, 16)
 +            self.assertEqual(zi.file_size, 1033)
 +            self.assertEqual(len(zipf.read('a')), 1033)
 +            with self.assertRaisesRegexp(zipfile.BadZipfile, 'File name.*differ'):
 +                zipf.read('b')
 +
 +    @skipUnless(zlib, "requires zlib")
 +    def test_quoted_overlap(self):
 +        data = (
 +            b'PK\x03\x04\x14\x00\x00\x00\x08\x00\xa0lH\x05Y\xfc'
 +            b'8\x044\x00\x00\x00(\x04\x00\x00\x01\x00\x00\x00a\x00'
 +            b'\x1f\x00\xe0\xffPK\x03\x04\x14\x00\x00\x00\x08\x00\xa0l'
 +            b'H\x05\xe2\x1e8\xbb\x10\x00\x00\x00\t\x04\x00\x00\x01\x00'
 +            b'\x00\x00b\xed\xc0\x81\x08\x00\x00\x00\xc00\xd6\xfbK\\'
 +            b'd\x0b`PK\x01\x02\x14\x00\x14\x00\x00\x00\x08\x00\xa0'
 +            b'lH\x05Y\xfc8\x044\x00\x00\x00(\x04\x00\x00\x01'
 +            b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
 +            b'\x00aPK\x01\x02\x14\x00\x14\x00\x00\x00\x08\x00\xa0l'
 +            b'H\x05\xe2\x1e8\xbb\x10\x00\x00\x00\t\x04\x00\x00\x01\x00'
 +            b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00$\x00\x00\x00'
 +            b'bPK\x05\x06\x00\x00\x00\x00\x02\x00\x02\x00^\x00\x00'
 +            b'\x00S\x00\x00\x00\x00\x00'
 +        )
 +        with zipfile.ZipFile(io.BytesIO(data), 'r') as zipf:
 +            self.assertEqual(zipf.namelist(), ['a', 'b'])
 +            zi = zipf.getinfo('a')
 +            self.assertEqual(zi.header_offset, 0)
 +            self.assertEqual(zi.compress_size, 52)
 +            self.assertEqual(zi.file_size, 1064)
 +            zi = zipf.getinfo('b')
 +            self.assertEqual(zi.header_offset, 36)
 +            self.assertEqual(zi.compress_size, 16)
 +            self.assertEqual(zi.file_size, 1033)
 +            with self.assertRaisesRegexp(zipfile.BadZipfile, 'Overlapped entries'):
 +                zipf.read('a')
 +            self.assertEqual(len(zipf.read('b')), 1033)
 +
     def tearDown(self):
         unlink(TESTFN)
         unlink(TESTFN2)
 --- a/Lib/zipfile.py
 +++ b/Lib/zipfile.py
@@ -305,6 +305,7 @@ class ZipInfo (object):
             'compress_size',
             'file_size',
             '_raw_time',
 +            '_end_offset',
         )
     def __init__(self, filename="NoName", date_time=(1980,1,1,0,0,0)):
@@ -343,6 +344,7 @@ class ZipInfo (object):
         self.volume = 0                 # Volume number of file header
         self.internal_attr = 0          # Internal attributes
         self.external_attr = 0          # External file attributes
 +        self._end_offset = None         # Start of the next local header or central directory
         # Other attributes are set by class ZipFile:
         # header_offset         Byte offset to the file header
         # CRC                   CRC-32 of the uncompressed file
@@ -891,6 +893,12 @@ class ZipFile(object):
             if self.debug > 2:
                 print "total", total
 +        end_offset = self.start_dir
 +        for zinfo in sorted(self.filelist,
 +                            key=lambda zinfo: zinfo.header_offset,
 +                            reverse=True):
 +            zinfo._end_offset = end_offset
 +            end_offset = zinfo.header_offset
     def namelist(self):
         """Return a list of file names in the archive."""
@@ -1002,6 +1010,10 @@ class ZipFile(object):
                         'File name in directory "%s" and header "%s" differ.' % (
                             zinfo.orig_filename, fname)
 +            if (zinfo._end_offset is not None and
 +                zef_file.tell() + zinfo.compress_size > zinfo._end_offset):
 +                raise BadZipfile("Overlapped entries: {!r} (possible zip bomb)".format(zinfo.orig_filename))
 +
             # check for encrypted flag & handle password
             is_encrypted = zinfo.flag_bits & 0x1
             zd = None
 --- /dev/null
 +++ b/Misc/NEWS.d/next/Library/2023-09-28-13-15-51.gh-issue-109858.43e2dg.rst
@@ -0,0 +1,3 @@
 +Protect :mod:`zipfile` from "quoted-overlap" zipbomb. It now raises
 +BadZipfile when try to read an entry that overlaps with other entry or
 +central directory.
--- a/5
+++ b/5
@ -1,5 +0,0 @@
 <multibuild>
  <package>python-base</package>
  <package>python-doc</package>
 </multibuild>
--- a/python-2.7-libffi-aarch64.patch
+++ b/python-2.7-libffi-aarch64.patch
@ -1,13 +0,0 @@
 Index: Python-2.7.9/Modules/_ctypes/libffi/src/aarch64/ffi.c
 ===================================================================
 --- Python-2.7.9.orig/Modules/_ctypes/libffi/src/aarch64/ffi.c
 +++ Python-2.7.9/Modules/_ctypes/libffi/src/aarch64/ffi.c
@@ -728,7 +728,7 @@ aarch64_prep_args (struct call_context *
 	      state.ngrn = N_X_ARG_REG;
 	      memcpy (allocate_to_stack (&state, stack, ty->alignment,
 -					 ty->size), ecif->avalue + i, ty->size);
 +					 ty->size), ecif->avalue[i], ty->size);
 	    }
 	  break;
--- a/python-base.changes
+++ b/python-base.changes
@ -1,3 +1,11 @@
 -------------------------------------------------------------------
 Sat May 18 15:49:07 UTC 2024 - Matej Cepl <mcepl@suse.com>
 - bsc#1221854 (CVE-2024-0450) Add
  CVE-2024-0450-zipfile-avoid-quoted-overlap-zipbomb.patch
  detecting the vulnerability of the "quoted-overlap" zipbomb
  (from gh#python/cpython!110016).
 -------------------------------------------------------------------
 Sat May 11 05:46:55 UTC 2024 - Matej Cepl <mcepl@cepl.eu>
@ -5,6 +13,12 @@ Sat May 11 05:46:55 UTC 2024 - Matej Cepl <mcepl@cepl.eu>
  CVE-2023-52425)
 - Make sure to remove all embedded versions of other packages
  (including expat).
 - Add CVE-2023-52425-libexpat-2.6.0-remove-failing-tests.patch
  removing failing test fixing bpo#3151, which we just not
  support.
 - Remove patches over those embedded packages (cffi):
  - python-2.7-libffi-aarch64.patch
  - sparc_longdouble.patch
 -------------------------------------------------------------------
 Tue Apr 16 15:39:24 UTC 2024 - Matej Cepl <mcepl@cepl.eu>
--- a/python-base.spec
+++ b/python-base.spec
@ -51,13 +51,10 @@ Patch4:         python-2.5.1-sqlite.patch
 Patch5:         python-2.7.4-canonicalize2.patch
 Patch7:         python-2.6-gettext-plurals.patch
 Patch8:         python-2.6b3-curses-panel.patch
 Patch10:        sparc_longdouble.patch
 Patch13:        python-2.7.2-fix_date_time_compiler.patch
 Patch17:        remove-static-libpython.patch
 # PATCH-FEATURE-OPENSUSE python-bundle-lang.patch bnc#617751 dimstar@opensuse.org -- gettext: when looking in default_localedir also check in locale-bundle.
 Patch20:        python-bundle-lang.patch
 # PATCH-FIX-UPSTREAM Fix argument passing in libffi for aarch64
 Patch22:        python-2.7-libffi-aarch64.patch
 Patch24:        python-bsddb6.patch
 # PATCH-FIX-UPSTREAM accept directory-based CA paths as well
 Patch33:        python-2.7.9-ssl_ca_path.patch
@ -165,6 +162,12 @@ Patch79:        CVE-2023-40217-avoid-ssl-pre-close.patch
 # PATCH-FIX-UPSTREAM CVE-2022-48566-compare_digest-more-constant.patch bsc#1214691 mcepl@suse.com
 # Make compare_digest more constant-time
 Patch80:        CVE-2022-48566-compare_digest-more-constant.patch
 # PATCH-FIX-OPENSUSE CVE-2023-52425-libexpat-2.6.0-remove-failing-tests.patch bpo#3151 mcepl@suse.com
 # We don't have fix for bpo#3151 and it is just not supported
 Patch81:        CVE-2023-52425-libexpat-2.6.0-remove-failing-tests.patch
 # PATCH-FIX-UPSTREAM CVE-2024-0450-zipfile-avoid-quoted-overlap-zipbomb.patch bsc#1221854 mcepl@suse.com
 # detecting the vulnerability of the "quoted-overlap" zipbomb (from gh#python/cpython!110016).
 Patch82:        CVE-2024-0450-zipfile-avoid-quoted-overlap-zipbomb.patch
 # COMMON-PATCH-END
 %define         python_version    %(echo %{tarversion} | head -c 3)
 BuildRequires:  automake
@ -268,11 +271,9 @@ other applications.
 %patch -P 5 -p1
 %patch -P 7 -p1
 %patch -P 8 -p1
 %patch -P 10 -p1
 %patch -P 13 -p1
 %patch -P 17 -p1
 %patch -P 20 -p1
 %patch -P 22 -p1
 %patch -P 24 -p1
 %patch -P 33 -p1
 %if %{suse_version} < 1500 && !0%{?is_opensuse}
@ -322,6 +323,8 @@ other applications.
 %patch -P 78 -p1
 %patch -P 79 -p1
 %patch -P 80 -p1
 %patch -P 81 -p1
 %patch -P 82 -p1
 # For patch 66
 cp -v %{SOURCE66} Lib/test/recursion.tar
--- a/python-doc.changes
+++ b/python-doc.changes
@ -1,3 +1,11 @@
 -------------------------------------------------------------------
 Sat May 18 15:49:07 UTC 2024 - Matej Cepl <mcepl@suse.com>
 - bsc#1221854 (CVE-2024-0450) Add
  CVE-2024-0450-zipfile-avoid-quoted-overlap-zipbomb.patch
  detecting the vulnerability of the "quoted-overlap" zipbomb
  (from gh#python/cpython!110016).
 -------------------------------------------------------------------
 Sat May 11 05:46:55 UTC 2024 - Matej Cepl <mcepl@cepl.eu>
@ -5,6 +13,12 @@ Sat May 11 05:46:55 UTC 2024 - Matej Cepl <mcepl@cepl.eu>
  CVE-2023-52425)
 - Make sure to remove all embedded versions of other packages
  (including expat).
 - Add CVE-2023-52425-libexpat-2.6.0-remove-failing-tests.patch
  removing failing test fixing bpo#3151, which we just not
  support.
 - Remove patches over those embedded packages (cffi):
  - python-2.7-libffi-aarch64.patch
  - sparc_longdouble.patch
 -------------------------------------------------------------------
 Tue Apr 16 15:39:24 UTC 2024 - Matej Cepl <mcepl@cepl.eu>
--- a/python-doc.spec
+++ b/python-doc.spec
@ -47,13 +47,10 @@ Patch4:         python-2.5.1-sqlite.patch
 Patch5:         python-2.7.4-canonicalize2.patch
 Patch7:         python-2.6-gettext-plurals.patch
 Patch8:         python-2.6b3-curses-panel.patch
 Patch10:        sparc_longdouble.patch
 Patch13:        python-2.7.2-fix_date_time_compiler.patch
 Patch17:        remove-static-libpython.patch
 # PATCH-FEATURE-OPENSUSE python-bundle-lang.patch bnc#617751 dimstar@opensuse.org -- gettext: when looking in default_localedir also check in locale-bundle.
 Patch20:        python-bundle-lang.patch
 # PATCH-FIX-UPSTREAM Fix argument passing in libffi for aarch64
 Patch22:        python-2.7-libffi-aarch64.patch
 Patch24:        python-bsddb6.patch
 # PATCH-FIX-UPSTREAM accept directory-based CA paths as well
 Patch33:        python-2.7.9-ssl_ca_path.patch
@ -161,6 +158,12 @@ Patch79:        CVE-2023-40217-avoid-ssl-pre-close.patch
 # PATCH-FIX-UPSTREAM CVE-2022-48566-compare_digest-more-constant.patch bsc#1214691 mcepl@suse.com
 # Make compare_digest more constant-time
 Patch80:        CVE-2022-48566-compare_digest-more-constant.patch
 # PATCH-FIX-OPENSUSE CVE-2023-52425-libexpat-2.6.0-remove-failing-tests.patch bpo#3151 mcepl@suse.com
 # We don't have fix for bpo#3151 and it is just not supported
 Patch81:        CVE-2023-52425-libexpat-2.6.0-remove-failing-tests.patch
 # PATCH-FIX-UPSTREAM CVE-2024-0450-zipfile-avoid-quoted-overlap-zipbomb.patch bsc#1221854 mcepl@suse.com
 # detecting the vulnerability of the "quoted-overlap" zipbomb (from gh#python/cpython!110016).
 Patch82:        CVE-2024-0450-zipfile-avoid-quoted-overlap-zipbomb.patch
 # COMMON-PATCH-END
 Provides:       pyth_doc = %{version}
 Provides:       pyth_ps = %{version}
@ -198,11 +201,9 @@ Python, and Macintosh Module Reference in PDF format.
 %patch -P 5 -p1
 %patch -P 7 -p1
 %patch -P 8 -p1
 %patch -P 10 -p1
 %patch -P 13 -p1
 %patch -P 17 -p1
 %patch -P 20 -p1
 %patch -P 22 -p1
 %patch -P 24 -p1
 %patch -P 33 -p1
 %if %{suse_version} < 1500 && !0%{?is_opensuse}
@ -252,6 +253,8 @@ Python, and Macintosh Module Reference in PDF format.
 %patch -P 78 -p1
 %patch -P 79 -p1
 %patch -P 80 -p1
 %patch -P 81 -p1
 %patch -P 82 -p1
 # For patch 66
 cp -v %{SOURCE66} Lib/test/recursion.tar
--- a/python.changes
+++ b/python.changes
@ -1,3 +1,11 @@
 -------------------------------------------------------------------
 Sat May 18 15:49:07 UTC 2024 - Matej Cepl <mcepl@suse.com>
 - bsc#1221854 (CVE-2024-0450) Add
  CVE-2024-0450-zipfile-avoid-quoted-overlap-zipbomb.patch
  detecting the vulnerability of the "quoted-overlap" zipbomb
  (from gh#python/cpython!110016).
 -------------------------------------------------------------------
 Sat May 11 05:46:55 UTC 2024 - Matej Cepl <mcepl@cepl.eu>
@ -5,6 +13,12 @@ Sat May 11 05:46:55 UTC 2024 - Matej Cepl <mcepl@cepl.eu>
  CVE-2023-52425)
 - Make sure to remove all embedded versions of other packages
  (including expat).
 - Add CVE-2023-52425-libexpat-2.6.0-remove-failing-tests.patch
  removing failing test fixing bpo#3151, which we just not
  support.
 - Remove patches over those embedded packages (cffi):
  - python-2.7-libffi-aarch64.patch
  - sparc_longdouble.patch
 -------------------------------------------------------------------
 Tue Apr 16 15:39:24 UTC 2024 - Matej Cepl <mcepl@cepl.eu>
--- a/python.spec
+++ b/python.spec
@ -47,13 +47,10 @@ Patch4:         python-2.5.1-sqlite.patch
 Patch5:         python-2.7.4-canonicalize2.patch
 Patch7:         python-2.6-gettext-plurals.patch
 Patch8:         python-2.6b3-curses-panel.patch
 Patch10:        sparc_longdouble.patch
 Patch13:        python-2.7.2-fix_date_time_compiler.patch
 Patch17:        remove-static-libpython.patch
 # PATCH-FEATURE-OPENSUSE python-bundle-lang.patch bnc#617751 dimstar@opensuse.org -- gettext: when looking in default_localedir also check in locale-bundle.
 Patch20:        python-bundle-lang.patch
 # PATCH-FIX-UPSTREAM Fix argument passing in libffi for aarch64
 Patch22:        python-2.7-libffi-aarch64.patch
 Patch24:        python-bsddb6.patch
 # PATCH-FIX-UPSTREAM accept directory-based CA paths as well
 Patch33:        python-2.7.9-ssl_ca_path.patch
@ -161,6 +158,12 @@ Patch79:        CVE-2023-40217-avoid-ssl-pre-close.patch
 # PATCH-FIX-UPSTREAM CVE-2022-48566-compare_digest-more-constant.patch bsc#1214691 mcepl@suse.com
 # Make compare_digest more constant-time
 Patch80:        CVE-2022-48566-compare_digest-more-constant.patch
 # PATCH-FIX-OPENSUSE CVE-2023-52425-libexpat-2.6.0-remove-failing-tests.patch bpo#3151 mcepl@suse.com
 # We don't have fix for bpo#3151 and it is just not supported
 Patch81:        CVE-2023-52425-libexpat-2.6.0-remove-failing-tests.patch
 # PATCH-FIX-UPSTREAM CVE-2024-0450-zipfile-avoid-quoted-overlap-zipbomb.patch bsc#1221854 mcepl@suse.com
 # detecting the vulnerability of the "quoted-overlap" zipbomb (from gh#python/cpython!110016).
 Patch82:        CVE-2024-0450-zipfile-avoid-quoted-overlap-zipbomb.patch
 # COMMON-PATCH-END
 BuildRequires:  automake
 BuildRequires:  db-devel
@ -318,11 +321,9 @@ that rely on earlier non-verification behavior.
 %patch -P 5 -p1
 %patch -P 7 -p1
 %patch -P 8 -p1
 %patch -P 10 -p1
 %patch -P 13 -p1
 %patch -P 17 -p1
 %patch -P 20 -p1
 %patch -P 22 -p1
 %patch -P 24 -p1
 %patch -P 33 -p1
 %if %{suse_version} < 1500 && !0%{?is_opensuse}
@ -372,6 +373,8 @@ that rely on earlier non-verification behavior.
 %patch -P 78 -p1
 %patch -P 79 -p1
 %patch -P 80 -p1
 %patch -P 81 -p1
 %patch -P 82 -p1
 # For patch 66
 cp -v %{SOURCE66} Lib/test/recursion.tar
--- a/sparc_longdouble.patch
+++ b/sparc_longdouble.patch
@ -1,21 +0,0 @@
 Python ticket 6029
 ==== //tools/python/2.6.2/src/base/Modules/_ctypes/libffi/src/sparc/ffi.c#1 - /home/build/clifford/gpdb/tools/python/2.6.2/src/base/Modules/_ctypes/libffi/src/sparc/ffi.c ====
 ---
 Modules/_ctypes/libffi/src/sparc/ffi.c |    5 +++++
 1 file changed, 5 insertions(+)
 --- a/Modules/_ctypes/libffi/src/sparc/ffi.c
 +++ b/Modules/_ctypes/libffi/src/sparc/ffi.c
@@ -652,6 +652,11 @@
 	}
       else
 	{
 +#if FFI_TYPE_LONGDOUBLE != FFI_TYPE_DOUBLE
 +         /* SparcV9 long double is 16-byte aligned; skip arg if necessary */
 +         if (arg_types[i]->type == FFI_TYPE_LONGDOUBLE && (argn & 1))
 +           argn++;
 +#endif
 	  /* Right-justify.  */
 	  argn += ALIGN(arg_types[i]->size, FFI_SIZEOF_ARG) / FFI_SIZEOF_ARG;