Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package python-filelock for openSUSE:Factory
checked in at 2026-01-06 17:42:33
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python-filelock (Old)
and /work/SRC/openSUSE:Factory/.python-filelock.new.1928 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-filelock"
Tue Jan 6 17:42:33 2026 rev:27 rq:1325388 version:3.20.2
Changes:
--------
--- /work/SRC/openSUSE:Factory/python-filelock/python-filelock.changes
2025-11-12 21:42:21.724598284 +0100
+++
/work/SRC/openSUSE:Factory/.python-filelock.new.1928/python-filelock.changes
2026-01-06 17:43:34.087144469 +0100
@@ -1,0 +2,10 @@
+Mon Jan 5 10:10:09 UTC 2026 - Nico Krapp <[email protected]>
+
+- Update to 3.20.2
+ * Support Unix systems without O_NOFOLLOW by @mwilliamson in #463
+ * [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in #464
+- Update to 3.20.1 (fixes CVE-2025-68146, bsc#1255244)
+ * CVE-2025-68146: Fix TOCTOU symlink vulnerability in lock file creation
+ by @gaborbernat in #461
+
+-------------------------------------------------------------------
Old:
----
filelock-3.20.0.tar.gz
New:
----
filelock-3.20.2.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ python-filelock.spec ++++++
--- /var/tmp/diff_new_pack.LgI2IF/_old 2026-01-06 17:43:34.879176329 +0100
+++ /var/tmp/diff_new_pack.LgI2IF/_new 2026-01-06 17:43:34.883176491 +0100
@@ -1,7 +1,7 @@
#
# spec file for package python-filelock
#
-# Copyright (c) 2025 SUSE LLC and contributors
+# Copyright (c) 2026 SUSE LLC and contributors
# Copyright (c) 2018 Matthias Fehring <[email protected]>
#
# All modifications and additions to the file contributed by third parties
@@ -27,7 +27,7 @@
%endif
%{?sle15_python_module_pythons}
Name: python-filelock%{?pkg_suffix}
-Version: 3.20.0
+Version: 3.20.2
Release: 0
Summary: Platform Independent File Lock in Python
License: Unlicense
@@ -60,7 +60,7 @@
inter-process communication.
%prep
-%setup -q -n filelock-%{version}
+%autosetup -p1 -n filelock-%{version}
%build
%pyproject_wheel
++++++ filelock-3.20.0.tar.gz -> filelock-3.20.2.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/filelock-3.20.0/PKG-INFO new/filelock-3.20.2/PKG-INFO
--- old/filelock-3.20.0/PKG-INFO 2020-02-02 01:00:00.000000000 +0100
+++ new/filelock-3.20.2/PKG-INFO 2020-02-02 01:00:00.000000000 +0100
@@ -1,6 +1,6 @@
Metadata-Version: 2.4
Name: filelock
-Version: 3.20.0
+Version: 3.20.2
Summary: A platform independent file lock.
Project-URL: Documentation, https://py-filelock.readthedocs.io
Project-URL: Homepage, https://github.com/tox-dev/py-filelock
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/filelock-3.20.0/src/filelock/_unix.py
new/filelock-3.20.2/src/filelock/_unix.py
--- old/filelock-3.20.0/src/filelock/_unix.py 2020-02-02 01:00:00.000000000
+0100
+++ new/filelock-3.20.2/src/filelock/_unix.py 2020-02-02 01:00:00.000000000
+0100
@@ -39,6 +39,9 @@
def _acquire(self) -> None:
ensure_directory_exists(self.lock_file)
open_flags = os.O_RDWR | os.O_TRUNC
+ o_nofollow = getattr(os, "O_NOFOLLOW", None)
+ if o_nofollow is not None:
+ open_flags |= o_nofollow
if not Path(self.lock_file).exists():
open_flags |= os.O_CREAT
fd = os.open(self.lock_file, open_flags, self._context.mode)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/filelock-3.20.0/src/filelock/_windows.py
new/filelock-3.20.2/src/filelock/_windows.py
--- old/filelock-3.20.0/src/filelock/_windows.py 2020-02-02
01:00:00.000000000 +0100
+++ new/filelock-3.20.2/src/filelock/_windows.py 2020-02-02
01:00:00.000000000 +0100
@@ -11,7 +11,38 @@
from ._util import ensure_directory_exists, raise_on_not_writable_file
if sys.platform == "win32": # pragma: win32 cover
+ import ctypes
import msvcrt
+ from ctypes import wintypes
+
+ # Windows API constants for reparse point detection
+ FILE_ATTRIBUTE_REPARSE_POINT = 0x00000400
+ INVALID_FILE_ATTRIBUTES = 0xFFFFFFFF
+
+ # Load kernel32.dll
+ _kernel32 = ctypes.WinDLL("kernel32", use_last_error=True)
+ _kernel32.GetFileAttributesW.argtypes = [wintypes.LPCWSTR]
+ _kernel32.GetFileAttributesW.restype = wintypes.DWORD
+
+ def _is_reparse_point(path: str) -> bool:
+ """
+ Check if a path is a reparse point (symlink, junction, etc.) on
Windows.
+
+ :param path: Path to check
+ :return: True if path is a reparse point, False otherwise
+ :raises OSError: If GetFileAttributesW fails for reasons other than
file-not-found
+ """
+ attrs = _kernel32.GetFileAttributesW(path)
+ if attrs == INVALID_FILE_ATTRIBUTES:
+ # File doesn't exist yet - that's fine, we'll create it
+ err = ctypes.get_last_error()
+ if err == 2: # noqa: PLR2004 # ERROR_FILE_NOT_FOUND
+ return False
+ if err == 3: # noqa: PLR2004 # ERROR_PATH_NOT_FOUND
+ return False
+ # Some other error - let caller handle it
+ return False
+ return bool(attrs & FILE_ATTRIBUTE_REPARSE_POINT)
class WindowsFileLock(BaseFileLock):
"""Uses the :func:`msvcrt.locking` function to hard lock the lock file
on Windows systems."""
@@ -19,6 +50,13 @@
def _acquire(self) -> None:
raise_on_not_writable_file(self.lock_file)
ensure_directory_exists(self.lock_file)
+
+ # Security check: Refuse to open reparse points (symlinks,
junctions)
+ # This prevents TOCTOU symlink attacks (CVE-TBD)
+ if _is_reparse_point(self.lock_file):
+ msg = f"Lock file is a reparse point (symlink/junction):
{self.lock_file}"
+ raise OSError(msg)
+
flags = (
os.O_RDWR # open for read and write
| os.O_CREAT # create file if not exists
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/filelock-3.20.0/src/filelock/version.py
new/filelock-3.20.2/src/filelock/version.py
--- old/filelock-3.20.0/src/filelock/version.py 2020-02-02 01:00:00.000000000
+0100
+++ new/filelock-3.20.2/src/filelock/version.py 2020-02-02 01:00:00.000000000
+0100
@@ -28,7 +28,7 @@
commit_id: COMMIT_ID
__commit_id__: COMMIT_ID
-__version__ = version = '3.20.0'
-__version_tuple__ = version_tuple = (3, 20, 0)
+__version__ = version = '3.20.2'
+__version_tuple__ = version_tuple = (3, 20, 2)
__commit_id__ = commit_id = None
