commit python-simpleeval for openSUSE:Factory

Sat, 14 Mar 2026 14:24:28 -0700 

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package python-simpleeval for 
openSUSE:Factory checked in at 2026-03-14 22:22:23
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python-simpleeval (Old)
 and      /work/SRC/openSUSE:Factory/.python-simpleeval.new.8177 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "python-simpleeval"

Sat Mar 14 22:22:23 2026 rev:10 rq:1338808 version:1.0.5

Changes:
--------
--- /work/SRC/openSUSE:Factory/python-simpleeval/python-simpleeval.changes      
2025-10-30 17:10:56.957497021 +0100
+++ 
/work/SRC/openSUSE:Factory/.python-simpleeval.new.8177/python-simpleeval.changes
    2026-03-14 22:23:34.232051893 +0100
@@ -1,0 +2,12 @@
+Fri Mar 13 20:34:44 UTC 2026 - Dirk Müller <[email protected]>
+
+- update to 1.0.5 (CVE-2026-32640):
+  * Fixes Security issues with "dangerous" modules & functions
+    leaking through as attributes of other names, see:
+  * Breaking Change:
+  * Modules & Submodules now are not directly usable as names or
+    as attributes of other items, if you still need this
+    functionality, then use the new `ModuleWrapper`, or subclass
+    SimpleEval to bypass it.
+
+-------------------------------------------------------------------

Old:
----
  simpleeval-1.0.3.tar.gz

New:
----
  simpleeval-1.0.5.tar.gz

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ python-simpleeval.spec ++++++
--- /var/tmp/diff_new_pack.zCs5dn/_old  2026-03-14 22:23:34.668069955 +0100
+++ /var/tmp/diff_new_pack.zCs5dn/_new  2026-03-14 22:23:34.672070122 +0100
@@ -1,7 +1,7 @@
 #
 # spec file for package python-simpleeval
 #
-# Copyright (c) 2025 SUSE LLC and contributors
+# Copyright (c) 2026 SUSE LLC and contributors
 # Copyright (c) 2015-2024 Dr. Axel Braun
 #
 # All modifications and additions to the file contributed by third parties
@@ -20,7 +20,7 @@
 %define modname simpleeval
 %{?sle15_python_module_pythons}
 Name:           python-%{modname}
-Version:        1.0.3
+Version:        1.0.5
 Release:        0
 Summary:        A simple, safe single expression evaluator library
 License:        MIT

++++++ simpleeval-1.0.3.tar.gz -> simpleeval-1.0.5.tar.gz ++++++
++++ 2449 lines of diff (skipped)

Reply via email to