[AUTO-CHERRYPICK] [AUTOPATCHER-CORE] Upgrade python-virtualenv to 20.26.6 for CVE-2024-53899 [High] - branch main (#12924)

Author: CBL-Mariner-Bot

SPECS/python-virtualenv/0001-replace-to-flit.patch

@@ -0,0 +1,65 @@
+From efa2c18a0c114f2d32e2c101401b716e4ac9e6f4 Mon Sep 17 00:00:00 2001
+From: Kanishk-Bansal <kbkanishk975@gmail.com>
+Date: Wed, 26 Feb 2025 06:31:14 +0000
+Subject: [PATCH] replace-to-flit
+
+---
+ pyproject.toml | 23 ++++-------------------
+ 1 file changed, 4 insertions(+), 19 deletions(-)
+
+diff --git a/pyproject.toml b/pyproject.toml
+index fabf434..179525d 100644
+--- a/pyproject.toml
++++ b/pyproject.toml
+@@ -1,9 +1,6 @@
+ [build-system]
+-build-backend = "hatchling.build"
+-requires = [
+-  "hatch-vcs>=0.3",
+-  "hatchling>=1.17.1",
+-]
++build-backend = "flit_core.buildapi"
++requires = ["flit_core >=3.8.0,<4"]
+ 
+ [project]
+ name = "virtualenv"
+@@ -14,7 +11,7 @@ keywords = [
+   "isolated",
+   "virtual",
+ ]
+-license = "MIT"
++license = {text = "MIT"}
+ maintainers = [
+   { name = "Bernat Gabor", email = "gaborjbernat@gmail.com" },
+ ]
+@@ -40,9 +37,7 @@ classifiers = [
+   "Topic :: Software Development :: Testing",
+   "Topic :: Utilities",
+ ]
+-dynamic = [
+-  "version",
+-]
++version = "3.10.0"
+ dependencies = [
+   "distlib<1,>=0.3.7",
+   "filelock<4,>=3.12.2",
+@@ -95,16 +90,6 @@ entry-points."virtualenv.discovery".builtin = "virtualenv.discovery.builtin:Buil
+ entry-points."virtualenv.seed".app-data = "virtualenv.seed.embed.via_app_data.via_app_data:FromAppData"
+ entry-points."virtualenv.seed".pip = "virtualenv.seed.embed.pip_invoke:PipInvoke"
+ 
+-[tool.hatch]
+-build.hooks.vcs.version-file = "src/virtualenv/version.py"
+-build.targets.sdist.include = [
+-  "/src",
+-  "/tests",
+-  "/tasks",
+-  "/tox.ini",
+-]
+-version.source = "vcs"
+-
+ [tool.ruff]
+ target-version = "py37"
+ line-length = 120
+-- 
+2.45.2
+

SPECS/python-virtualenv/fix-plugin-attribute-name.patch

@@ -1,5 +1,5 @@
 {
- "Signatures": {
-  "python-virtualenv-20.14.0.tar.gz": "8e5b402037287126e81ccde9432b95a8be5b19d36584f64957060a3488c11ca8"
- }
-}
+  "Signatures": {
+    "python-virtualenv-20.26.6.tar.gz": "280aede09a2a5c317e409a00102e7077c6432c5a38f0ef938e643805a7ad2c48"
+  }
+}

SPECS/python-virtualenv/pin-pytest-version.patch

@@ -1,16 +1,14 @@
 Summary:        Virtual Python Environment builder
 Name:           python-virtualenv
-Version:        20.14.0
-Release:        6%{?dist}
+Version:        20.26.6
+Release:        1%{?dist}
 License:        MIT
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
 Group:          Development/Languages/Python
 URL:            https://pypi.python.org/pypi/virtualenv
-Source0:        https://files.pythonhosted.org/packages/4a/c3/04f361a90ed4e6b3f3f696d61db5c786eaa741d2a6c125bc905b8a1c0200/virtualenv-%{version}.tar.gz#/%{name}-%{version}.tar.gz
-# Derived from upstream patch https://github.com/pypa/virtualenv/commit/9f9dc6250fc88e92b1ca6206429966788846d696
-Patch0:         fix-plugin-attribute-name.patch
-Patch1:         pin-pytest-version.patch
+Source0:        https://files.pythonhosted.org/packages/3f/40/abc5a766da6b0b2457f819feab8e9203cbeae29327bd241359f866a3da9d/virtualenv-20.26.6.tar.gz#/%{name}-%{version}.tar.gz
+Patch0:         0001-replace-to-flit.patch
 BuildArch:      noarch
 
 %description
@@ -26,6 +24,8 @@ BuildRequires:  python3-wheel
 %if 0%{?with_check}
 BuildRequires:  python3-pip
 %endif
+BuildRequires:  python3-flit
+BuildRequires:  python3-flit-core >= 3.8.0
 
 Requires:       python3
 Requires:       python3-filelock
@@ -40,14 +40,18 @@ virtualenv is a tool to create isolated Python environment.
 %prep
 %autosetup -p1 -n virtualenv-%{version}
 
+%generate_buildrequires
+
 %build
-%py3_build
+%pyproject_wheel
 
 %install
-%py3_install
+%pyproject_install
 
 %check
 pip3 install 'tox>=3.27.1,<4.0.0'
+# skip "test_can_build_c_extensions" tests since they fail on python3_version >= 3.12. See https://src.fedoraproject.org/rpms/python-virtualenv/blob/rawhide/f/python-virtualenv.spec#_153
+sed -i 's/coverage run -m pytest {posargs:--junitxml {toxworkdir}\/junit\.{envname}\.xml tests --int}/coverage run -m pytest {posargs:--junitxml {toxworkdir}\/junit\.{envname}\.xml tests -k "not test_can_build_c_extensions" --int}/g' tox.ini
 tox -e py
 
 %files -n python3-virtualenv
@@ -57,6 +61,11 @@ tox -e py
 %{_bindir}/virtualenv
 
 %changelog
+* Wed Feb 26 2025 CBL-Mariner Servicing Account <cblmargh@microsoft.com> - 20.26.6-1
+- Auto-upgrade to 20.26.6 - for CVE-2024-53899 [High]
+- Remove previously applied patches
+- Added patch to use python3-flit-core as build-backend rather than hatchling (which is not yet supported on Azure Linux) 
+
 * Wed Feb 07 2024 corvus-callidus <108946721+corvus-callidus@users.noreply.github.com> - 20.14.0-6
 - Fix pytest version to <8 for compatibility
 

SPECS/python-virtualenv/python-virtualenv.signatures.json

@@ -24924,8 +24924,8 @@
         "type": "other",
         "other": {
           "name": "python-virtualenv",
-          "version": "20.14.0",
-          "downloadUrl": "https://files.pythonhosted.org/packages/4a/c3/04f361a90ed4e6b3f3f696d61db5c786eaa741d2a6c125bc905b8a1c0200/virtualenv-20.14.0.tar.gz"
+          "version": "20.26.6",
+          "downloadUrl": "https://files.pythonhosted.org/packages/3f/40/abc5a766da6b0b2457f819feab8e9203cbeae29327bd241359f866a3da9d/virtualenv-20.26.6.tar.gz"
         }
       }
     },