Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package python-onionshare for openSUSE:Factory checked in at 2026-07-01 16:35:56 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python-onionshare (Old) and /work/SRC/openSUSE:Factory/.python-onionshare.new.11887 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-onionshare" Wed Jul 1 16:35:56 2026 rev:23 rq:1362627 version:2.6.4 Changes: -------- --- /work/SRC/openSUSE:Factory/python-onionshare/python-onionshare.changes 2025-03-11 20:47:48.168426407 +0100 +++ /work/SRC/openSUSE:Factory/.python-onionshare.new.11887/python-onionshare.changes 2026-07-01 16:36:19.204397293 +0200 @@ -1,0 +2,11 @@ +Fri Jun 26 05:40:16 UTC 2026 - Axel Braun <[email protected]> + +- version 2.6.4 (bsc#1269693, CVE-2026-54707, + bsc#1269698, CVE-2026-54706): + * updated dependencies + * Security fix: Prevent symlink traversal + * Security fix: Prevent upload of files when file upload mode is disabled. Prevent creation of empty folder on empty POST request payload + * Dependencies: Updates tor dependencies and other python and web dependencies. Also updates flatpak runtime. + * Bug fix: Show indeterminate progress and warn user during Tor traversal + +------------------------------------------------------------------- Old: ---- onionshare-2.6.3.tar.gz New: ---- onionshare-2.6.4.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python-onionshare.spec ++++++ --- /var/tmp/diff_new_pack.WAnOB5/_old 2026-07-01 16:36:20.252433754 +0200 +++ /var/tmp/diff_new_pack.WAnOB5/_new 2026-07-01 16:36:20.252433754 +0200 @@ -1,8 +1,8 @@ # # spec file for package python-onionshare # -# Copyright (c) 2025 SUSE LLC -# Copyright (c) 2018-2025 Dr. Axel Braun +# Copyright (c) 2026 SUSE LLC and contributors +# Copyright (c) 2018-2026 Dr. Axel Braun # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,18 +17,13 @@ # -# Always only build one flavor -%if 0%{?suse_version} >= 1550 %define pythons python3 -%else -%{?sle15_python_module_pythons} -%endif %global mypython %pythons %global mysitelib %{expand:%%{%{mypython}_sitelib}} %define plainpython python Name: python-onionshare -Version: 2.6.3 +Version: 2.6.4 Release: 0 Summary: Self-hosting Tor Onion Service based file sharing License: GPL-3.0-or-later @@ -39,7 +34,7 @@ # PATCH-FIX-OPENSUSE skip test_large_download in gui tests Patch0: 0001-adjust_tests.diff -BuildRequires: %{mypython}-devel >= 3.8 +BuildRequires: %{mypython}-devel >= 3.10 BuildRequires: %{mypython}-pip BuildRequires: %{mypython}-setuptools BuildRequires: %{mypython}-wheel @@ -50,19 +45,19 @@ BuildRequires: %{mypython}-poetry-core BuildRequires: update-desktop-files # SECTION test -BuildRequires: %{mypython}-pytest +BuildRequires: %{mypython}-pytest >= 7.2.0 BuildRequires: %{mypython}-pytest-qt BuildRequires: %{mypython}-pytest-xvfb # /SECTION # SECTION runtime test BuildRequires: %{mypython}-Cython >= 3.0.2 -BuildRequires: %{mypython}-Flask >= 2.3.2 +BuildRequires: %{mypython}-Flask >= 3.1.3 BuildRequires: %{mypython}-Flask-Compress >= 1.13 -BuildRequires: %{mypython}-Flask-SocketIO >= 5.3.4 +BuildRequires: %{mypython}-Flask-SocketIO >= 5.6 BuildRequires: %{mypython}-PyNaCl BuildRequires: %{mypython}-PySocks BuildRequires: %{mypython}-Unidecode -BuildRequires: %{mypython}-Werkzeug >= 2.3.4 +BuildRequires: %{mypython}-Werkzeug >= 3.1 BuildRequires: %{mypython}-cepa BuildRequires: %{mypython}-click BuildRequires: %{mypython}-colorama @@ -71,7 +66,7 @@ BuildRequires: %{mypython}-gevent-websocket BuildRequires: %{mypython}-packaging >= 23.1 BuildRequires: %{mypython}-psutil -BuildRequires: %{mypython}-pyside6 >= 6.5.2 +BuildRequires: %{mypython}-pyside6 >= 6.8.2 BuildRequires: %{mypython}-python-gnupg BuildRequires: %{mypython}-qrcode BuildRequires: %{mypython}-requests @@ -107,18 +102,18 @@ Provides: python-onionshare = %{version}-%{release} Provides: python-onionshare_cli = %{version}-%{release} # Obsolete old multiflavor packages -Obsoletes: %{plainpython}-onionshare-data < 2.3.1 -Obsoletes: python310-onionshare < 2.3.1 -Obsoletes: python36-onionshare < 2.3.1 -Obsoletes: python38-onionshare < 2.3.1 -Obsoletes: python39-onionshare < 2.3.1 +Obsoletes: %{plainpython}-onionshare-data < 2.6.4 +Obsoletes: python310-onionshare < 2.6.4 +Obsoletes: python311-onionshare < 2.6.4 +Obsoletes: python312-onionshare < 2.6.4 +Obsoletes: python313-onionshare < 2.6.4 %if %{suse_version} >= 1500 # incorrect package name was used until 2024-01-24 -Obsoletes: %{plainpython}-onionshare <= 2.6 +Obsoletes: %{plainpython}-onionshare <= 2.6.3 %endif %if 0%{?sle_version} >= 150600 && "%pythons" != "python3" # obsolete python 3.6 package -Obsoletes: python3-onionshare <= 2.6 +Obsoletes: python3-onionshare <= 2.6.3 %endif BuildArch: noarch %python_subpackages ++++++ onionshare-2.6.3.tar.gz -> onionshare-2.6.4.tar.gz ++++++ /work/SRC/openSUSE:Factory/python-onionshare/onionshare-2.6.3.tar.gz /work/SRC/openSUSE:Factory/.python-onionshare.new.11887/onionshare-2.6.4.tar.gz differ: char 13, line 1
