python
diff --git a/‎Doc/library/zipfile.rst
Lines changed: 11 additions & 7 deletions b/‎Doc/library/zipfile.rst
Lines changed: 11 additions & 7 deletions
diff --git a/‎Lib/test/test_zipfile/test_core.py
Lines changed: 98 additions & 8 deletions b/‎Lib/test/test_zipfile/test_core.py
Lines changed: 98 additions & 8 deletions
diff --git a/‎Lib/zipfile/__init__.py
Lines changed: 69 additions & 40 deletions b/‎Lib/zipfile/__init__.py
Lines changed: 69 additions & 40 deletions
@@ -550,17 +550,21 @@ ZipFile Objects
    will be removed.
 
    If *removed* is not provided, local file entries no longer referenced in the
-   central directory will be removed. The algorithm assumes that local file
-   entries are stored consecutively. Extra bytes between entries will also be
-   removed. Data before the first referenced entry is preserved unless it
-   appears to be a sequence of consecutive local file entries.
+   central directory will be removed.  The algorithm assumes that local file
+   entries are stored consecutively:
+   #. Data before the first referenced entry is removed only when it appears to
+      be a sequence of consecutive entries with no extra following bytes; extra
+      preceeding bytes are preserved.
+   #. Data between referenced entries is removed only when it appears to
+      be a sequence of consecutive entries with no extra preceding bytes; extra
+      following bytes are preserved.
 
    ``strict_descriptor=True`` can be provided to skip the slower scan for an
    unsigned data descriptor (deprecated in the latest ZIP specification and is
    only used by legacy tools) when checking for bytes resembling a valid local
-   file entry before the first referenced entry.  This improves performance,
-   but may cause some stale local file entries to be preserved, as any entry
-   using an unsigned descriptor cannot be detected.
+   file entry.  This improves performance, but may cause some stale local file
+   entries to be preserved, as any entry using an unsigned descriptor cannot
+   be detected.
 
    *chunk_size* may be specified to control the buffer size when moving
    entry data (default is 1 MiB).
 
@@ -1836,22 +1836,31 @@ def test_repack_file_entry_before_first_file(self):
                 with zipfile.ZipFile(TESTFN) as zh:
                     self.assertIsNone(zh.testzip())
 
-    def test_repack_bytes_between_files(self):
-        """Should remove bytes between local file entries."""
+    def test_repack_bytes_before_removed_files(self):
+        """Should preserve if there are bytes before stale local file entries."""
         for ii in ([1], [1, 2], [2]):
             with self.subTest(remove=ii):
                 # calculate the expected results
-                test_files = [data for j, data in enumerate(self.test_files) if j not in ii]
-                expected_zinfos = self._prepare_zip_from_test_files(TESTFN, test_files)
+                with open(TESTFN, 'wb') as fh:
+                    with zipfile.ZipFile(fh, 'w', self.compression) as zh:
+                        for i, (file, data) in enumerate(self.test_files):
+                            if i
6D40
 == ii[0]:
+                                fh.write(b' dummy bytes ')
+                                zh.start_dir = fh.tell()
+                            zh.writestr(file, data)
+                        for i in ii:
+                            zh.remove(self.test_files[i][0])
+                        expected_zinfos = [ComparableZipInfo(zi) for zi in zh.infolist()]
                 expected_size = os.path.getsize(TESTFN)
 
                 # do the removal and check the result
                 with open(TESTFN, 'wb') as fh:
                     with zipfile.ZipFile(fh, 'w', self.compression) as zh:
                         for i, (file, data) in enumerate(self.test_files):
+                            if i == ii[0]:
+                                fh.write(b' dummy bytes ')
+                                zh.start_dir = fh.tell()
                             zh.writestr(file, data)
-                            fh.write(b' dummy bytes ')
-                            zh.start_dir = fh.tell()
                 with zipfile.ZipFile(TESTFN, 'a', self.compression) as zh:
                     for i in ii:
                         zh.remove(self.test_files[i][0])
@@ -1870,6 +1879,87 @@ def test_repack_bytes_between_files(self):
                 with zipfile.ZipFile(TESTFN) as zh:
                     self.assertIsNone(zh.testzip())
 
+    def test_repack_bytes_after_removed_files(self):
+        """Should keep extra bytes if there are bytes after stale local file entries."""
+        for ii in ([1], [1, 2], [2]):
+            with self.subTest(remove=ii):
+                # calculate the expected results
+                with open(TESTFN, 'wb') as fh:
+                    with zipfile.ZipFile(fh, 'w', self.compression) as zh:
+                        for i, (file, data) in enumerate(self.test_files):
+                            if i not in ii:
+                                zh.writestr(file, data)
+                            if i == ii[-1]:
+                                fh.write(b' dummy bytes ')
+                                zh.start_dir = fh.tell()
+                        expected_zinfos = [ComparableZipInfo(zi) for zi in zh.infolist()]
+                expected_size = os.path.getsize(TESTFN)
+
+                # do the removal and check the result
+                with open(TESTFN, 'wb') as fh:
+                    with zipfile.ZipFile(fh, 'w', self.compression) as zh:
+                        for i, (file, data) in enumerate(self.test_files):
+                            zh.writestr(file, data)
+                            if i == ii[-1]:
+                                fh.write(b' dummy bytes ')
+                                zh.start_dir = fh.tell()
+                with zipfile.ZipFile(TESTFN, 'a', self.compression) as zh:
+                    for i in ii:
+                        zh.remove(self.test_files[i][0])
+                    zh.repack()
+
+                    # check infolist
+                    self.assertEqual(
+                        [ComparableZipInfo(zi) for zi in zh.infolist()],
+                        expected_zinfos,
+                    )
+
+                # check file size
+                self.assertEqual(os.path.getsize(TESTFN), expected_size)
+
+                # make sure the zip file is still valid
+                with zipfile.ZipFile(TESTFN) as zh:
+                    self.assertIsNone(zh.testzip())
+
+    def test_repack_bytes_between_removed_files(self):
+        """Should strip only local file entries before random bytes."""
+        # calculate the expected results
+        with open(TESTFN, 'wb') as fh:
+            with zipfile.ZipFile(fh, 'w', self.compression) as zh:
+                zh.writestr(*self.test_files[0])
+                fh.write(b' dummy bytes ')
+                zh.start_dir = fh.tell()
+                zh.writestr(*self.test_files[2])
+                zh.remove(self.test_files[2][0])
+                expected_zinfos = [ComparableZipInfo(zi) for zi in zh.infolist()]
+        expected_size = os.path.getsize(TESTFN)
+
+        # do the removal and check the result
+        with open(TESTFN, 'wb') as fh:
+            with zipfile.ZipFile(fh, 'w', self.compression) as zh:
+                zh.writestr(*self.test_files[0])
+                zh.writestr(*self.test_files[1])
+                fh.write(b' dummy bytes ')
+                zh.start_dir = fh.tell()
+                zh.writestr(*self.test_files[2])
+        with zipfile.ZipFile(TESTFN, 'a', self.compression) as zh:
+            zh.remove(self.test_files[1][0])
+            zh.remove(self.test_files[2][0])
+            zh.repack()
+
+            # check infolist
+            self.assertEqual(
+                [ComparableZipInfo(zi) for zi in zh.infolist()],
+                expected_zinfos,
+            )
+
+        # check file size
+        self.assertEqual(os.path.getsize(TESTFN), expected_size)
+
+        # make sure the zip file is still valid
+        with zipfile.ZipFile(TESTFN) as zh:
+            self.assertIsNone(zh.testzip())
+
     def test_repack_zip64(self):
         """Should correctly handle file entries with zip64."""
         for ii in ([0], [0, 1], [1], [2]):
@@ -2011,7 +2101,7 @@ def test_repack_data_descriptor_no_sig_strict(self):
         if self.compression not in (zipfile.ZIP_STORED, zipfile.ZIP_LZMA):
             self.skipTest('require unsupported decompression method')
 
-        for ii in ([0], [0, 1]):
+        for ii in ([0], [0, 1], [1], [2]):
             with self.subTest(remove=ii):
                 # calculate the expected results
                 with open(TESTFN, 'wb') as fh:
@@ -2055,7 +2145,7 @@ def test_repack_data_descriptor_no_sig_strict_by_decompressoin(self):
         if self.compression in (zipfile.ZIP_STORED, zipfile.ZIP_LZMA):
             self.skipTest('require supported decompression method')
 
-        for ii in ([0], [0, 1]):
+        for ii in ([0], [0, 1], [1], [2]):
             with self.subTest(remove=ii):
                 # calculate the expected results
                 test_files = [data for j, data in enumerate(self.test_files) if j not in ii]
 
@@ -1385,66 +1385,78 @@ def repack(self, zfile, removed=None):
         Assumes that local file entries are stored consecutively, with no gaps
         or overlaps.
 
-        Stripping occurs in two phases:
+        Behavior:
 
-        1. Before the first recorded file entry:
-            - If a sequence of valid local file entries (starting with
-              `PK\x03\x04`) is found immediately before the first recorded
-              entry, it is stripped.
-            - Otherwise, all leading bytes are preserved (e.g., in cases such
-              as self-extracting archives or embedded ZIP payloads).
+        1. If any referenced entry overlaps with another, a `BadZipFile` error
+           is raised since safe repacking cannot be guaranteed.
 
-        2. Between or after the recorded entries:
-            - Any bytes between two recorded entries, or between the last
-              recorded and the central directory, are removed—regardless of
-              whether they resemble valid entries.
+        2. Data before the first referenced entry is stripped only when it
+           appears to be a sequence of consecutive entries with no extra
+           following bytes; extra preceeding bytes are preserved.
+
+        3. Data between referenced entries is stripped only when it appears to
+           be a sequence of consecutive entries with no extra preceding bytes;
+           extra following bytes are preserved.
+
+        4. This is to prevent an unexpected data removal (false positive),
+           though a false negative may happen in certain rare cases.
 
         Examples:
 
-        Stripping before first recorded entry:
+        Stripping before the first referenced entry:
 
             [random bytes]
-            [unreferenced local file entry 1]
-            [unreferenced local file entry 2]
+            [unreferenced local file entry]
             [random bytes]
             <-- stripping start
-            [unreferenced local file entry 3]
-            [unreferenced local file entry 4]
+            [unreferenced local file entry]
+            [unreferenced local file entry]
             <-- stripping end
-            [recorded local file entry 1]
+            [local file entry 1] (or central directory)
             ...
-            [central directory]
 
-        Stripping between recorded entries:
+        Stripping between referenced entries:
 
             ...
-            [recorded local file entry 5]
+            [local file entry]
             <-- stripping start
+            [unreferenced local file entry]
+            [unreferenced local file entry]
+            <-- stripping end
             [random bytes]
             [unreferenced local file entry]
             [random bytes]
-            <-- stripping end
-            [recorded local file entry 6]
+            [local file entry] (or central directory)
             ...
-            [recorded local file entry n]
-            <-- stripping start
+
+        No stripping:
+
             [unreferenced local file entry]
-            <-- stripping end
-            [central directory]
+            [random bytes]
+            [local file entry 1] (or central directory)
+            ...
 
         No stripping:
 
-            [unreferenced local file entry 1]
-            [unreferenced local file entry 2]
             ...
-            [unreferenced local file entry n]
+            [local file entry]
             [random bytes]
-            [recorded local file entry 1]
+            [unreferenced local file entry]
+            [local file entry] (or central directory)
             ...
 
-        removed: None or a sequence of ZipInfo instances representing removed
-                 entries. When provided, only their corresponding local file
-                 entries are stripped.
+        Side effects:
+            - Modifies the ZIP file in place.
+            - Updates zfile.start_dir to account for removed data.
+            - Sets zfile._didModify to True.
+            - Adjusts header_offset and _end_offset of referenced ZipInfo
+              instances.
+
+        Parameters:
+            zfile: A ZipFile object representing the archive to repack.
+            removed: Optional. A sequence of ZipInfo instances representing
+                the previously removed entries. When provided, only their
+                corresponding local file entries are stripped.
         """
         removed_zinfos = set(removed or ())
 
@@ -1512,17 +1524,34 @@ def repack(self, zfile, removed=None):
                 entry_offset += used_entry_size
 
             else:
+                old_header_offset = zinfo.header_offset
+                zinfo.header_offset -= entry_offset
+
                 if entry_offset > 0:
-                    old_header_offset = zinfo.header_offset
-                    zinfo.header_offset -= entry_offset
                     self._copy_bytes(fp, old_header_offset, zinfo.header_offset, used_entry_size)
 
-                if zinfo._end_offset is not None:
-                    zinfo._end_offset = zinfo.header_offset + used_entry_size
-
-                # update entry_offset for subsequent files to follow
                 if used_entry_size < entry_size:
-                    entry_offset += entry_size - used_entry_size
+                    stale_entry_size = self._validate_local_file_entry_sequence(
+                        fp,
+                        old_header_offset + used_entry_size,
+                        old_header_offset + entry_size,
+                    )
+                else:
+                    stale_entry_size = 0
+
+                if stale_entry_size > 0:
+                    self._copy_bytes(
+                        fp,
+                        old_header_offset + used_entry_size + stale_entry_size,
+                        zinfo.header_offset + used_entry_size,
+                        entry_size - used_entry_size - stale_entry_size,
+                    )
+
+                    # update entry_offset for subsequent files to follow
+                    entry_offset += stale_entry_size
+
+                if zinfo._end_offset is not None:
+                    zinfo._end_offset = zinfo.header_offset + entry_size - stale_entry_size
 
         # update state
         zfile.start_dir -= entry_offset