Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package python-Glances for openSUSE:Factory checked in at 2026-03-24 18:48:59 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python-Glances (Old) and /work/SRC/openSUSE:Factory/.python-Glances.new.8177 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-Glances" Tue Mar 24 18:48:59 2026 rev:30 rq:1342176 version:4.5.2 Changes: -------- --- /work/SRC/openSUSE:Factory/python-Glances/python-Glances.changes 2025-04-14 12:59:35.567299132 +0200 +++ /work/SRC/openSUSE:Factory/.python-Glances.new.8177/python-Glances.changes 2026-03-24 18:49:54.853043900 +0100 @@ -1,0 +2,60 @@ +Tue Mar 24 07:42:53 UTC 2026 - Steve Kowalik <[email protected]> + +- Update to 4.5.2: + ## Security: + * Default CORS Configuration Allows Cross-Origin Credential Theft + (CVE-2026-32610, bsc#1259841) + * Incomplete Secrets Redaction: /api/v4/args Endpoint Leaks Password Hash + and SNMP Credentials (CVE-2026-32609, bsc#1259832) + * REST/WebUI Lacks Host Validation and Remains Exposed to DNS Rebinding + (CVE-2026-32632, bsc#1259839) + * Unauthenticated API Exposure / Add warning message on startup + (CVE-2026-32596, bsc#1260321) + * SQL Injection in DuckDB Export via Unparameterized DDL Statements + (CVE-2026-32611, bsc#1259840) + * Command Injection via Process Names in Action Command Templates + (CVE-2026-32608, bsc#1260320) + * Central Browser Autodiscovery Leaks Reusable Credentials to + Zeroconf-Spoofed Servers (CVE-2026-32634, bsc#1259837) + * Browser API Exposes Reusable Downstream Credentials + (CVE-2026-32633, bsc#1259838) + ## Enhancements: + * NPU Monitoring + * NVMe Support + * DuckDB Export + * CPU Core Assignment + * API Token Authentication + * Make a Glances API in order to use Glances as a Python lib + * Add a new --fetch (neofetch like) option to display a snapshot of the + current system status + * Show long command line with arrow key + * Do not call update if a call is done to a specific plugin through the API + * Make --stdout (csv and json) compliant with client/server mode + * API history endpoints shows times without timezone + * FR: Sort Sensors my name in proper number order + * Top processes extended stats and processes filter in Web server mode + * Entry point in the API to get extended process stats + ## Bug fixes: + * DiskIO — empty args not handled in msg_curse() + * Filesystem — KeyError: '/etc/hostname' on get_view + * Glances hang when killing process with muliple CTRL-C + * Ignore unsupported line endings in password fil + * Fix matching problem when fs config has "show" value + * globals: Fix a race condition in namedtuple_to_dict + * glances: removal of iterators helpers in processes.py and + stats_client_snmp.py + * glances: amps: Removal of iterator helpers, refactor + * Change "Pinned thread" to "Pinned task" and "Upin" to "Unpin" + * default_config_dir: Fix config path to include glances/ directory + * Cannot set warning/critical temperature for a specific sensor needs test + * Try to reduce latency between stat's update and view + * Error on Cloud plugin initialisation make TUI crash +- Drop patches: + * adjust-data-files.patch + * fix-tests.patch + * skip-online-tests.patch + * unitest-wait-for-server.patch +- Add patch use-sys-executable.patch: + * Use sys.executable everywhere in the testsuite. + +------------------------------------------------------------------- Old: ---- adjust-data-files.patch fix-tests.patch skip-online-tests.patch unitest-wait-for-server.patch v3.4.0.5.tar.gz New: ---- use-sys-executable.patch v4.5.2.tar.gz ----------(Old B)---------- Old:- Drop patches: * adjust-data-files.patch * fix-tests.patch Old: * adjust-data-files.patch * fix-tests.patch * skip-online-tests.patch Old: * fix-tests.patch * skip-online-tests.patch * unitest-wait-for-server.patch Old: * skip-online-tests.patch * unitest-wait-for-server.patch - Add patch use-sys-executable.patch: ----------(Old E)---------- ----------(New B)---------- New: * unitest-wait-for-server.patch - Add patch use-sys-executable.patch: * Use sys.executable everywhere in the testsuite. ----------(New E)---------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python-Glances.spec ++++++ --- /var/tmp/diff_new_pack.okOA5K/_old 2026-03-24 18:49:55.661077240 +0100 +++ /var/tmp/diff_new_pack.okOA5K/_new 2026-03-24 18:49:55.665077405 +0100 @@ -1,7 +1,7 @@ # # spec file for package python-Glances # -# Copyright (c) 2025 SUSE LLC +# Copyright (c) 2026 SUSE LLC and contributors # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -18,7 +18,7 @@ %{?sle15_python_module_pythons} Name: python-Glances -Version: 3.4.0.5 +Version: 4.5.2 Release: 0 Summary: A cross-platform curses-based monitoring tool License: LGPL-3.0-only @@ -26,26 +26,28 @@ Source: https://github.com/nicolargo/glances/archive/v%{version}.tar.gz Source2: glances.service Source3: glances.firewalld -Patch0: adjust-data-files.patch -Patch2: skip-online-tests.patch -Patch3: fix-tests.patch -Patch4: unitest-wait-for-server.patch -BuildRequires: %{python_module bottle} +# PATCH-FIX-UPSTREAM gh#nicolargo/glances#3497 +Patch0: use-sys-executable.patch +BuildRequires: %{python_module base >= 3.10} +BuildRequires: %{python_module curses} BuildRequires: %{python_module defusedxml} +BuildRequires: %{python_module fastapi} +BuildRequires: %{python_module jinja2} BuildRequires: %{python_module pip} -BuildRequires: %{python_module psutil >= 5.3.0} +BuildRequires: %{python_module psutil >= 5.6.7} +BuildRequires: %{python_module pytest} BuildRequires: %{python_module requests} +BuildRequires: %{python_module selenium} BuildRequires: %{python_module setuptools} -BuildRequires: %{python_module ujson} +BuildRequires: %{python_module uvicorn} BuildRequires: %{python_module wheel} BuildRequires: fdupes BuildRequires: python-rpm-macros -Requires: python-bottle Requires: python-defusedxml +Requires: python-jinja2 Requires: python-packaging -Requires: python-psutil >= 5.3.0 -Requires: python-requests -Requires: python-ujson +Requires: python-psutil >= 5.6.7 +Requires: python-shtab Requires(post): update-alternatives Requires(postun): update-alternatives Recommends: python-curses @@ -86,6 +88,9 @@ %python_clone -a %{buildroot}%{_bindir}/glances %python_expand %fdupes %{buildroot}%{$python_sitelib} +# Remove installed "data" files +rm -r %{buildroot}/usr/share/doc/glances + mkdir -p %{buildroot}%{_sbindir} ln -sf service %{buildroot}%{_sbindir}/rcglances mkdir -p %{buildroot}%{_unitdir} @@ -95,10 +100,11 @@ install -D -m 644 %{SOURCE3} %{buildroot}%{_prefix}/lib/firewalld/services/glances.xml %check -export LANG=en_US.UTF-8 -%python_exec unitest.py -%python_exec unitest-restful.py -%python_exec unitest-xmlrpc.py +# Don't test piped output using popen +donttest="test_run_sanitizes_pipe_in_mustache or test_pipe" +# Assumes network interfaces exist +donttest+=" or test_glances_api_plugin_network" +%pytest -k "not ($donttest)" %post %python_install_alternative glances glances.1 ++++++ use-sys-executable.patch ++++++ >From 5badf7100029627f6c130c57e66a8b3e0cea0948 Mon Sep 17 00:00:00 2001 From: Steve Kowalik <[email protected]> Date: Tue, 24 Mar 2026 11:19:11 +1100 Subject: [PATCH] Use sys.executable in the testsuite Rather than looking for a venv python executable, use the existing sys.executable property to execute the modules required. --- tests/conftest.py | 6 ++---- tests/test_browser_restful.py | 8 +++----- tests/test_mcp.py | 8 +++----- tests/test_restful.py | 6 ++---- tests/test_xmlrpc.py | 7 ++----- 5 files changed, 12 insertions(+), 23 deletions(-) diff --git a/tests/conftest.py b/tests/conftest.py index 6ac46cc42f..d243a8ed80 100644 --- a/tests/conftest.py +++ b/tests/conftest.py @@ -20,6 +20,7 @@ import os import shlex import subprocess +import sys import time from unittest.mock import patch @@ -74,10 +75,7 @@ def glances_stats_no_history(): @pytest.fixture(scope="session") def glances_webserver(): - if os.path.isfile('.venv/bin/python'): - cmdline = ".venv/bin/python" - else: - cmdline = "python" + cmdline = sys.executable cmdline += f" -m glances -B 0.0.0.0 -w --browser -p {SERVER_PORT} -C ./conf/glances.conf" args = shlex.split(cmdline) pid = subprocess.Popen(args) diff --git a/tests/test_browser_restful.py b/tests/test_browser_restful.py index 8d2c286c16..6768a40fae 100755 --- a/tests/test_browser_restful.py +++ b/tests/test_browser_restful.py @@ -20,6 +20,7 @@ import re import shlex import subprocess +import sys import time from pathlib import Path @@ -112,11 +113,8 @@ def browser_conf_path(tmp_path_factory): @pytest.fixture(scope='module') def glances_browser_server(browser_conf_path): """Start a Glances web server in browser mode with the generated config.""" - if os.path.isfile('.venv/bin/python'): - cmdline = '.venv/bin/python' - else: - cmdline = 'python' - cmdline += ( + cmdline = ( + f'{sys.executable}' f' -m glances -B 0.0.0.0 -w --browser' f' -p {SERVER_PORT} --disable-webui --disable-autodiscover' f' -C {browser_conf_path}' diff --git a/tests/test_mcp.py b/tests/test_mcp.py index 67a135e41f..1e4237ee26 100755 --- a/tests/test_mcp.py +++ b/tests/test_mcp.py @@ -14,6 +14,7 @@ import os import shlex import subprocess +import sys import time import unittest @@ -61,11 +62,8 @@ def test_000_start_server(self): global pid print('INFO: [TEST_000] Start the Glances Web Server with MCP enabled') - if os.path.isfile('.venv/bin/python'): - cmdline = ".venv/bin/python" - else: - cmdline = "python" - cmdline += ( + cmdline = ( + f"{sys.executable}" f" -m glances -B 0.0.0.0 -w --disable-webui" f" -p {SERVER_PORT} --disable-autodiscover" f" --enable-mcp -C ./conf/glances.conf" diff --git a/tests/test_restful.py b/tests/test_restful.py index eb8a3c20bd..101eb97c18 100755 --- a/tests/test_restful.py +++ b/tests/test_restful.py @@ -13,6 +13,7 @@ import os import shlex import subprocess +import sys import time import types import unittest @@ -54,10 +55,7 @@ def test_000_start_server(self): global pid print('INFO: [TEST_000] Start the Glances Web Server API') - if os.path.isfile('.venv/bin/python'): - cmdline = ".venv/bin/python" - else: - cmdline = "python" + cmdline = sys.executable cmdline += f" -m glances -B 0.0.0.0 -w --browser -p {SERVER_PORT} --disable-webui -C ./conf/glances.conf" print(f"Run the Glances Web Server on port {SERVER_PORT}") args = shlex.split(cmdline) diff --git a/tests/test_xmlrpc.py b/tests/test_xmlrpc.py index 35a6c5ffe9..7006bf1f6e 100755 --- a/tests/test_xmlrpc.py +++ b/tests/test_xmlrpc.py @@ -13,6 +13,7 @@ import os import shlex import subprocess +import sys import time import unittest @@ -53,11 +54,7 @@ def test_000_start_server(self): global pid print('INFO: [TEST_000] Start the Glances Web Server') - if os.path.isfile('.venv/bin/python'): - cmdline = ".venv/bin/python" - else: - cmdline = "python" - cmdline += f" -m glances -B localhost -s -p {SERVER_PORT}" + cmdline = f"{sys.executable} -m glances -B localhost -s -p {SERVER_PORT}" print(f"Run the Glances Server on port {SERVER_PORT}") args = shlex.split(cmdline) pid = subprocess.Popen(args) ++++++ v3.4.0.5.tar.gz -> v4.5.2.tar.gz ++++++ /work/SRC/openSUSE:Factory/python-Glances/v3.4.0.5.tar.gz /work/SRC/openSUSE:Factory/.python-Glances.new.8177/v4.5.2.tar.gz differ: char 13, line 1
