Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package python-filelock for openSUSE:Factory
checked in at 2026-01-13 21:23:14
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python-filelock (Old)
and /work/SRC/openSUSE:Factory/.python-filelock.new.1928 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-filelock"
Tue Jan 13 21:23:14 2026 rev:28 rq:1326782 version:3.20.3
Changes:
--------
--- /work/SRC/openSUSE:Factory/python-filelock/python-filelock.changes
2026-01-06 17:43:34.087144469 +0100
+++
/work/SRC/openSUSE:Factory/.python-filelock.new.1928/python-filelock.changes
2026-01-13 21:23:44.461139469 +0100
@@ -1,0 +2,6 @@
+Mon Jan 12 11:19:38 UTC 2026 - Nico Krapp <[email protected]>
+
+- Update to 3.20.3 (fixes CVE-2026-22701, bsc#1256457)
+ * Fix TOCTOU symlink vulnerability in SoftFileLock by @gaborbernat in #465
+
+-------------------------------------------------------------------
Old:
----
filelock-3.20.2.tar.gz
New:
----
filelock-3.20.3.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ python-filelock.spec ++++++
--- /var/tmp/diff_new_pack.5H296T/_old 2026-01-13 21:23:46.489223175 +0100
+++ /var/tmp/diff_new_pack.5H296T/_new 2026-01-13 21:23:46.501223671 +0100
@@ -27,7 +27,7 @@
%endif
%{?sle15_python_module_pythons}
Name: python-filelock%{?pkg_suffix}
-Version: 3.20.2
+Version: 3.20.3
Release: 0
Summary: Platform Independent File Lock in Python
License: Unlicense
++++++ filelock-3.20.2.tar.gz -> filelock-3.20.3.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/filelock-3.20.2/PKG-INFO new/filelock-3.20.3/PKG-INFO
--- old/filelock-3.20.2/PKG-INFO 2020-02-02 01:00:00.000000000 +0100
+++ new/filelock-3.20.3/PKG-INFO 2020-02-02 01:00:00.000000000 +0100
@@ -1,6 +1,6 @@
Metadata-Version: 2.4
Name: filelock
-Version: 3.20.2
+Version: 3.20.3
Summary: A platform independent file lock.
Project-URL: Documentation, https://py-filelock.readthedocs.io
Project-URL: Homepage, https://github.com/tox-dev/py-filelock
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/filelock-3.20.2/src/filelock/_soft.py
new/filelock-3.20.3/src/filelock/_soft.py
--- old/filelock-3.20.2/src/filelock/_soft.py 2020-02-02 01:00:00.000000000
+0100
+++ new/filelock-3.20.3/src/filelock/_soft.py 2020-02-02 01:00:00.000000000
+0100
@@ -16,13 +16,15 @@
def _acquire(self) -> None:
raise_on_not_writable_file(self.lock_file)
ensure_directory_exists(self.lock_file)
- # first check for exists and read-only mode as the open will mask this
case as EEXIST
flags = (
os.O_WRONLY # open for writing only
| os.O_CREAT
| os.O_EXCL # together with above raise EEXIST if the file
specified by filename exists
| os.O_TRUNC # truncate the file to zero byte
)
+ o_nofollow = getattr(os, "O_NOFOLLOW", None)
+ if o_nofollow is not None:
+ flags |= o_nofollow
try:
file_handler = os.open(self.lock_file, flags, self._context.mode)
except OSError as exception: # re-raise unless expected exception
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/filelock-3.20.2/src/filelock/version.py
new/filelock-3.20.3/src/filelock/version.py
--- old/filelock-3.20.2/src/filelock/version.py 2020-02-02 01:00:00.000000000
+0100
+++ new/filelock-3.20.3/src/filelock/version.py 2020-02-02 01:00:00.000000000
+0100
@@ -28,7 +28,7 @@
commit_id: COMMIT_ID
__commit_id__: COMMIT_ID
-__version__ = version = '3.20.2'
-__version_tuple__ = version_tuple = (3, 20, 2)
+__version__ = version = '3.20.3'
+__version_tuple__ = version_tuple = (3, 20, 3)
__commit_id__ = commit_id = None
