From 59e1e8b8975688967bb7c248f0666dad005fc834 Mon Sep 17 00:00:00 2001
From: Sam Doran <sdoran@redhat.com>
Date: Mar 11 2026 21:23:15 +0000
Subject: Add patch for CVE-2025-69872


---

diff --git a/0001-CVE-2025-69872-unsafe-pickle.patch b/0001-CVE-2025-69872-unsafe-pickle.patch
new file mode 100644
index 0000000..6ecef0a
--- /dev/null
+++ b/0001-CVE-2025-69872-unsafe-pickle.patch
@@ -0,0 +1,31 @@
+diff --git diskcache/core.py diskcache/core.py
+index 7a3d23b..6901d96 100644
+--- diskcache/core.py
++++ diskcache/core.py
+@@ -232,7 +232,7 @@ class Disk:
+ 
+         for count in range(1, 11):
+             with cl.suppress(OSError):
+-                os.makedirs(full_dir)
++                os.makedirs(full_dir, 0o700)
+ 
+             try:
+                 # Another cache may have deleted the directory before
+@@ -417,7 +417,7 @@ def args_to_key(base, args, kwargs, typed, ignore):
+ class Cache:
+     """Disk and file backed cache."""
+ 
+-    def __init__(self, directory=None, timeout=60, disk=Disk, **settings):
++    def __init__(self, directory=None, timeout=60, disk=JSONDisk, **settings):
+         """Initialize cache instance.
+ 
+         :param str directory: cache directory
+@@ -444,7 +444,7 @@ class Cache:
+ 
+         if not op.isdir(directory):
+             try:
+-                os.makedirs(directory, 0o755)
++                os.makedirs(directory, 0o700)
+             except OSError as error:
+                 if error.errno != errno.EEXIST:
+                     raise EnvironmentError(
diff --git a/python-diskcache.spec b/python-diskcache.spec
index ca90f15..bd8bfea 100644
--- a/python-diskcache.spec
+++ b/python-diskcache.spec
@@ -13,6 +13,11 @@ URL:            https://grantjenks.com/docs/diskcache/
 # Pypi version does not have tests
 Source0:        %{forgesource}
 
+# Mitigate the risk of unsafe pickel deserialization.
+# This is a modified version of the upstream patch that changes the default
+# to a safe alternative.
+# https://github.com/grantjenks/python-diskcache/pull/359.patch
+Patch:          0001-CVE-2025-69872-unsafe-pickle.patch
 
 BuildRequires:  python3-devel
 BuildRequires:  python3-tox
@@ -52,7 +57,7 @@ sed -i 's/==4.2.*//g' tox.ini
 
 %files -n python3-%{srcname} -f %{pyproject_files}
 %doc README.rst
- 
+
 %changelog
 * Sat Jan 17 2026 Fedora Release Engineering <releng@fedoraproject.org> - 5.6.3-11
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild