Python: Fix CVE-2025-8194

chapter01/changelog.xml

@@ -40,6 +40,16 @@
     appropriate for the entry or if needed the entire day's listitem.
     -->
 
+    <listitem>
+      <para>2025-08-05</para>
+      <itemizedlist>
+        <listitem>
+          <para>[renodr] - Fixed CVE-2025-8194 in Python. Fixes
+          <ulink url="&lfs-ticket-root;5774">#5774</ulink>.</para>
+        </listitem>
+      </itemizedlist>
+    </listitem>
+
     <listitem>
       <para>2025-08-01</para>
       <itemizedlist>

chapter08/python.xml

@@ -42,11 +42,17 @@
 
   <sect2 role="installation">
     <title>Installation of Python 3</title>
-<!--
-    <para>First, apply a security patch to the current package:</para>
 
-    <screen><userinput remap="pre">patch -Np1 -i ../&python-security-fixes-patch;</userinput></screen>
--->    
+    <!-- CVE-2025-8194, see BLFS ticket #21895. The sed adds three lines. Thank
+    you Bruce for the sed! Please do not modify the spacing. -renodr -->
+    <para>First, fix a security vulnerability in the tarfile module:</para>
+
+<screen><userinput remap="pre">sed -e '/Round/{n;n;a\
+        # Only non-negative offsets are allowed\
+        if count &lt; 0:\
+            raise InvalidHeaderError("invalid offset")
+}' -i Lib/tarfile.py</userinput></screen>
+
     <para>Prepare Python for compilation:</para>
 
 <screen><userinput remap="configure">./configure --prefix=/usr          \