diff --git a/python-virtualenv.changes b/python-virtualenv.changes index b71b697..522826f 100644 --- a/python-virtualenv.changes +++ b/python-virtualenv.changes @@ -1,3 +1,20 @@ +------------------------------------------------------------------- +Mon Jan 12 11:27:00 UTC 2026 - Nico Krapp + +- Update to 3.36.1 (fixes CVE-2026-22702, bsc#1256458) + * fix: resolve TOCTOU vulnerabilities in app_data and lock directory creation +- Update to 3.36.0 + * fix: Prevent NameError when accessing _DISTUTILS_PATCH during file + overwrite + * Upgrade pip and fix 3.15 picking old wheel + * fix: wrong path on migrated venv + * test_too_many_open_files: assert on errno.EMFILE instead of strerror + * fix: update filelock dependency version to 3.20.1 to fix CVE CVE-2025-68146 + * fix: resolve EncodingWarning in tox upgrade environment + * Fix Interpreter discovery bug wrt. Microsoft Store shortcut using Latin-1 + * Add support for PEP 440 version specifiers in the --python flag +- disable test that is broken upstream + ------------------------------------------------------------------- Tue Aug 26 09:28:27 UTC 2025 - Markéta Machová diff --git a/python-virtualenv.spec b/python-virtualenv.spec index 96cebf5..bcd8874 100644 --- a/python-virtualenv.spec +++ b/python-virtualenv.spec @@ -1,7 +1,7 @@ # # spec file for package python-virtualenv # -# Copyright (c) 2025 SUSE LLC and contributors +# Copyright (c) 2026 SUSE LLC and contributors # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -31,18 +31,18 @@ %endif %{?sle15_python_module_pythons} Name: python-virtualenv%{psuffix} -Version: 20.29.3 +Version: 20.36.1 Release: 0 Summary: Virtual Python Environment builder License: MIT URL: https://virtualenv.pypa.io/ # SourceRepository: https://github.com/pypa/virtualenv Source: https://files.pythonhosted.org/packages/source/v/virtualenv/virtualenv-%{version}.tar.gz -BuildRequires: %{python_module base >= 3.7} +BuildRequires: %{python_module base >= 3.8} BuildRequires: %{python_module pip} BuildRequires: python-rpm-macros Requires: (python-distlib >= 0.3.7 with python-distlib < 1) -Requires: (python-filelock >= 3.12.2 with python-filelock < 4) +Requires: (python-filelock >= 3.20.3 with python-filelock < 4) Requires: (python-platformdirs >= 3.9.1 with python-platformdirs < 5) BuildArch: noarch %if !%{with test} @@ -115,12 +115,10 @@ rm -r tests/unit/activation %check # online tests downloads from pypi donttest="test_seed_link_via_app_data" +donttest+=" or test_py_info_cache_invalidation_on_py_info_change" # https://github.com/pypa/virtualenv/issues/2939 # take the first wheels directory we can find, they all contain the same file export PIP_FIND_LINKS=$(ls -1d /usr/lib/python3.*/wheels | head -n 1) %pytest -k "not ($donttest)" -# test the special case with the bundles (for all flavors) -export VIRTUALENV_SETUPTOOLS=bundle -export VIRTUALENV_WHEEL=bundle donttest+=" or test_embed_wheel_versions" %pytest -k "not ($donttest)" %endif diff --git a/virtualenv-20.29.3.tar.gz b/virtualenv-20.29.3.tar.gz deleted file mode 100644 index 5e280fa..0000000 --- a/virtualenv-20.29.3.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:95e39403fcf3940ac45bc717597dba16110b74506131845d9b687d5e73d947ac -size 4320280 diff --git a/virtualenv-20.36.1.tar.gz b/virtualenv-20.36.1.tar.gz new file mode 100644 index 0000000..18ca6bd --- /dev/null +++ b/virtualenv-20.36.1.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:8befb5c81842c641f8ee658481e42641c68b5eab3521d8e092d18320902466ba +size 6032239