Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package python-virtualenv for
openSUSE:Factory checked in at 2026-01-15 16:43:54
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python-virtualenv (Old)
and /work/SRC/openSUSE:Factory/.python-virtualenv.new.1928 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-virtualenv"
Thu Jan 15 16:43:54 2026 rev:74 rq:1327332 version:20.36.1
Changes:
--------
--- /work/SRC/openSUSE:Factory/python-virtualenv/python-virtualenv.changes
2025-08-27 21:34:35.698471225 +0200
+++
/work/SRC/openSUSE:Factory/.python-virtualenv.new.1928/python-virtualenv.changes
2026-01-15 16:44:17.827395756 +0100
@@ -1,0 +2,17 @@
+Mon Jan 12 11:27:00 UTC 2026 - Nico Krapp <[email protected]>
+
+- Update to 3.36.1 (fixes CVE-2026-22702, bsc#1256458)
+ * fix: resolve TOCTOU vulnerabilities in app_data and lock directory creation
+- Update to 3.36.0
+ * fix: Prevent NameError when accessing _DISTUTILS_PATCH during file
+ overwrite
+ * Upgrade pip and fix 3.15 picking old wheel
+ * fix: wrong path on migrated venv
+ * test_too_many_open_files: assert on errno.EMFILE instead of strerror
+ * fix: update filelock dependency version to 3.20.1 to fix CVE CVE-2025-68146
+ * fix: resolve EncodingWarning in tox upgrade environment
+ * Fix Interpreter discovery bug wrt. Microsoft Store shortcut using Latin-1
+ * Add support for PEP 440 version specifiers in the --python flag
+- disable test that is broken upstream
+
+-------------------------------------------------------------------
Old:
----
virtualenv-20.29.3.tar.gz
New:
----
virtualenv-20.36.1.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ python-virtualenv.spec ++++++
--- /var/tmp/diff_new_pack.ddHX6i/_old 2026-01-15 16:44:20.207494547 +0100
+++ /var/tmp/diff_new_pack.ddHX6i/_new 2026-01-15 16:44:20.211494713 +0100
@@ -1,7 +1,7 @@
#
# spec file for package python-virtualenv
#
-# Copyright (c) 2025 SUSE LLC and contributors
+# Copyright (c) 2026 SUSE LLC and contributors
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -31,18 +31,18 @@
%endif
%{?sle15_python_module_pythons}
Name: python-virtualenv%{psuffix}
-Version: 20.29.3
+Version: 20.36.1
Release: 0
Summary: Virtual Python Environment builder
License: MIT
URL: https://virtualenv.pypa.io/
# SourceRepository: https://github.com/pypa/virtualenv
Source:
https://files.pythonhosted.org/packages/source/v/virtualenv/virtualenv-%{version}.tar.gz
-BuildRequires: %{python_module base >= 3.7}
+BuildRequires: %{python_module base >= 3.8}
BuildRequires: %{python_module pip}
BuildRequires: python-rpm-macros
Requires: (python-distlib >= 0.3.7 with python-distlib < 1)
-Requires: (python-filelock >= 3.12.2 with python-filelock < 4)
+Requires: (python-filelock >= 3.20.3 with python-filelock < 4)
Requires: (python-platformdirs >= 3.9.1 with python-platformdirs < 5)
BuildArch: noarch
%if !%{with test}
@@ -115,12 +115,10 @@
%check
# online tests downloads from pypi
donttest="test_seed_link_via_app_data"
+donttest+=" or test_py_info_cache_invalidation_on_py_info_change" #
https://github.com/pypa/virtualenv/issues/2939
# take the first wheels directory we can find, they all contain the same file
export PIP_FIND_LINKS=$(ls -1d /usr/lib/python3.*/wheels | head -n 1)
%pytest -k "not ($donttest)"
-# test the special case with the bundles (for all flavors)
-export VIRTUALENV_SETUPTOOLS=bundle
-export VIRTUALENV_WHEEL=bundle
donttest+=" or test_embed_wheel_versions"
%pytest -k "not ($donttest)"
%endif
++++++ virtualenv-20.29.3.tar.gz -> virtualenv-20.36.1.tar.gz ++++++
++++ 3859 lines of diff (skipped)
