11Summary: Virtual Python Environment builder
22Name: python-virtualenv
33Version: 20.26.6
4- Release: 2 %{?dist }
4+ Release: 3 %{?dist }
55License: MIT
66Vendor: Microsoft Corporation
77Distribution: Mariner
@@ -13,6 +13,12 @@ Patch1000: CVE-2025-50181v0.patch
1313Patch1001: CVE-2025-50181v1.patch
1414Patch1002: CVE-2025-50181v2.patch
1515Patch1003: CVE-2025-50181v3.patch
16+ Patch1004: CVE-2026-1703v0.patch
17+ Patch1005: CVE-2026-1703v1.patch
18+ Patch1006: CVE-2026-1703v2.patch
19+ Patch1007: CVE-2026-24049v0.patch
20+ Patch1008: CVE-2026-24049v1.patch
21+ Patch1009: CVE-2026-24049v2.patch
1622BuildArch: noarch
1723
1824%description
@@ -58,6 +64,8 @@ echo "Manually Patching virtualenv-20.26.6/src/virtualenv/seed/wheels/embed/pip-
5864mkdir -p unpacked_pip-24.0-py3-none-any
5965unzip src/virtualenv/seed/wheels/embed/pip-24.0-py3-none-any.whl -d unpacked_pip-24.0-py3-none-any
6066patch -p1 -d unpacked_pip-24.0-py3-none-any < %{PATCH1000 }
67+ echo "Manually Patching virtualenv-20.26.6/src/virtualenv/seed/wheels/embed/pip-24.0-py3-none-any.whl/pip/_internal/utils/unpacking.py"
68+ patch -p1 -d unpacked_pip-24.0-py3-none-any < %{PATCH1004 }
6169# Remove the original file
6270rm -f src/virtualenv/seed/wheels/embed/pip-24.0-py3-none-any.whl
6371# After patching, re-zip the contents back into a .whl
@@ -70,6 +78,8 @@ echo "Manually Patching virtualenv-20.26.6/src/virtualenv/seed/wheels/embed/pip-
7078mkdir -p unpacked_pip-24.2-py3-none-any
7179unzip src/virtualenv/seed/wheels/embed/pip-24.2-py3-none-any.whl -d unpacked_pip-24.2-py3-none-any
7280patch -p1 -d unpacked_pip-24.2-py3-none-any < %{PATCH1001 }
81+ echo "Manually Patching virtualenv-20.26.6/src/virtualenv/seed/wheels/embed/pip-24.2-py3-none-any.whl/pip/_internal/utils/unpacking.py"
82+ patch -p1 -d unpacked_pip-24.2-py3-none-any < %{PATCH1005 }
7383# Remove the original file
7484rm -f src/virtualenv/seed/wheels/embed/pip-24.2-py3-none-any.whl
7585# After patching, re-zip the contents back into a .whl
@@ -102,6 +112,8 @@ echo "Manually Patching virtualenv-16.7.9-py2.py3-none-any/virtualenv_support/pi
102112mkdir -p unpacked_pip-19.3.1-py2.py3-none-any
103113unzip unpacked_virtualenv-16.7.9-py2.py3-none-any/virtualenv_support/pip-19.3.1-py2.py3-none-any.whl -d unpacked_pip-19.3.1-py2.py3-none-any
104114patch -p1 -d unpacked_pip-19.3.1-py2.py3-none-any < %{PATCH1003 }
115+ echo "Manually Patching virtualenv-16.7.9-py2.py3-none-any/virtualenv_support/pip-19.3.1-py2.py3-none-any.whl/pip/_internal/utils/unpacking.py"
116+ patch -p1 -d unpacked_pip-19.3.1-py2.py3-none-any < %{PATCH1006 }
105117# Repack the inner wheel
106118rm -f unpacked_virtualenv-16.7.9-py2.py3-none-any/virtualenv_support/pip-19.3.1-py2.py3-none-any.whl
107119pushd unpacked_pip-19.3.1-py2.py3-none-any
@@ -115,6 +127,36 @@ pushd unpacked_virtualenv-16.7.9-py2.py3-none-any
115127zip -r ../tests/unit/create/unpacked_virtualenv-16.7.9-py2.py3-none-any *
116128popd
117129
130+ echo "Manually Patching virtualenv-20.26.6/src/virtualenv/seed/wheels/embed/setuptools-75.1.0-py3-none-any.whl/setuptools/_vendor/wheel/cli/unpack.py"
131+ mkdir -p unpacked_setuptools-75.1.0-py3-none-any
132+ unzip src/virtualenv/seed/wheels/embed/setuptools-75.1.0-py3-none-any.whl -d unpacked_setuptools-75.1.0-py3-none-any
133+ patch -p1 -d unpacked_setuptools-75.1.0-py3-none-any < %{PATCH1007 }
134+ rm -f src/virtualenv/seed/wheels/embed/setuptools-75.1.0-py3-none-any.whl
135+ pushd unpacked_setuptools-75.1.0-py3-none-any
136+ zip -r ../src/virtualenv/seed/wheels/embed/setuptools-75.1.0-py3-none-any.whl *
137+ popd
138+ rm -rf unpacked_setuptools-75.1.0-py3-none-any
139+
140+ echo "Manually Patching virtualenv-20.26.6/src/virtualenv/seed/wheels/embed/wheel-0.42.0-py3-none-any.whl/wheel/cli/unpack.py"
141+ mkdir -p unpacked_wheel-0.42.0-py3-none-any
142+ unzip src/virtualenv/seed/wheels/embed/wheel-0.42.0-py3-none-any.whl -d unpacked_wheel-0.42.0-py3-none-any
143+ patch -p1 -d unpacked_wheel-0.42.0-py3-none-any < %{PATCH1008 }
144+ rm -f src/virtualenv/seed/wheels/embed/wheel-0.42.0-py3-none-any.whl
145+ pushd unpacked_wheel-0.42.0-py3-none-any
146+ zip -r ../src/virtualenv/seed/wheels/embed/wheel-0.42.0-py3-none-any.whl *
147+ popd
148+ rm -rf unpacked_wheel-0.42.0-py3-none-any
149+
150+ echo "Manually Patching virtualenv-20.26.6/src/virtualenv/seed/wheels/embed/wheel-0.44.0-py3-none-any.whl/wheel/cli/unpack.py"
151+ mkdir -p unpacked_wheel-0.44.0-py3-none-any
152+ unzip src/virtualenv/seed/wheels/embed/wheel-0.44.0-py3-none-any.whl -d unpacked_wheel-0.44.0-py3-none-any
153+ patch -p1 -d unpacked_wheel-0.44.0-py3-none-any < %{PATCH1009 }
154+ rm -f src/virtualenv/seed/wheels/embed/wheel-0.44.0-py3-none-any.whl
155+ pushd unpacked_wheel-0.44.0-py3-none-any
156+ zip -r ../src/virtualenv/seed/wheels/embed/wheel-0.44.0-py3-none-any.whl *
157+ popd
158+ rm -rf unpacked_wheel-0.44.0-py3-none-any
159+
118160%generate_buildrequires
119161
120162%build
@@ -136,6 +178,9 @@ tox -e py
136178%{_bindir }/virtualenv
137179
138180%changelog
181+ * Tue Feb 24 2026 BinduSri Adabala <v-badabala@microsoft.com> - 20.26.6-3
182+ - Patch for CVE-2026-1703 & CVE-2026-24049
183+
139184* Wed Jul 09 2025 Aninda Pradhan <v-anipradhan@microsoft.com> - 20.26.6-2
140185- Add patch to fix CVE-2025-50181 in urllib3 poolmanager.py
141186
0 commit comments