Overview

File CVE-2026-25645.patch of Package python-requests.43441

From 66d21cb07bd6255b1280291c4fafb71803cdb3b7 Mon Sep 17 00:00:00 2001
From: Nate Prewitt <nate.prewitt@gmail.com>
Date: Wed, 25 Mar 2026 08:57:56 -0600
Subject: [PATCH] Merge commit from fork

---
 requests/utils.py | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

Index: requests-2.24.0/requests/utils.py
===================================================================
--- requests-2.24.0.orig/requests/utils.py
+++ requests-2.24.0/requests/utils.py
@@ -243,10 +243,12 @@ def extract_zipped_paths(path):
         return path
 
     # we have a valid zip archive and a valid member of that archive
-    tmp = tempfile.gettempdir()
-    extracted_path = os.path.join(tmp, *member.split('/'))
-    if not os.path.exists(extracted_path):
-        extracted_path = zip_file.extract(member, path=tmp)
+    suffix = os.path.splitext(member.split("/")[-1])[-1]
+    fd, extracted_path = tempfile.mkstemp(suffix=suffix)
+    try:
+        os.write(fd, zip_file.read(member))
+    finally:
+        os.close(fd)
 
     return extracted_path
openSUSE Build Service is sponsored by
Places