Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package k9s for openSUSE:Factory checked in 
at 2025-07-10 22:12:19
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/k9s (Old)
 and      /work/SRC/openSUSE:Factory/.k9s.new.7373 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "k9s"

Thu Jul 10 22:12:19 2025 rev:59 rq:1291613 version:0.50.7

Changes:
--------
--- /work/SRC/openSUSE:Factory/k9s/k9s.changes  2025-07-07 14:47:03.561677906 
+0200
+++ /work/SRC/openSUSE:Factory/.k9s.new.7373/k9s.changes        2025-07-10 
22:12:22.416276969 +0200
@@ -1,0 +2,5 @@
+Wed Jul  9 16:42:07 UTC 2025 - Dirk Müller <dmuel...@suse.com>
+
+- add CVE-2025-53547.patch (CVE-2025-53547, bsc#1246155)
+
+-------------------------------------------------------------------

New:
----
  CVE-2025-53547.patch

----------(New B)----------
  New:
- add CVE-2025-53547.patch (CVE-2025-53547, bsc#1246155)
----------(New E)----------

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ k9s.spec ++++++
--- /var/tmp/diff_new_pack.rTWIR4/_old  2025-07-10 22:12:24.416360155 +0200
+++ /var/tmp/diff_new_pack.rTWIR4/_new  2025-07-10 22:12:24.432360821 +0200
@@ -24,6 +24,7 @@
 URL:            https://github.com/derailed/k9s
 Source:         %{name}-%{version}.tar.gz
 Source1:        vendor.tar.gz
+Patch1:         CVE-2025-53547.patch
 BuildRequires:  golang(API) = 1.24
 ExcludeArch:    %{ix86}
 
@@ -36,6 +37,9 @@
 
 %prep
 %setup -qa1
+pushd vendor/helm.sh/helm/v3
+%patch -P 1 -p1
+popd
 
 %build
 # hash will be shortened by COMMIT_HASH:0:8 later

++++++ CVE-2025-53547.patch ++++++
>From 00de613324df4dd930e6d231d9aae7f9dee29c76 Mon Sep 17 00:00:00 2001
From: Matt Farina <matt.far...@suse.com>
Date: Wed, 2 Jul 2025 15:10:04 -0400
Subject: [PATCH] Updating link handling

Signed-off-by: Matt Farina <matt.far...@suse.com>
(cherry picked from commit 76fdba4c8c2a4829a6b7abb48a08e51fd07fa0b3)
(cherry picked from commit 4389fa639a4d8e6836fa8df9bb70dd69c2820c12)
---
 pkg/downloader/manager.go      | 14 +++++
 pkg/downloader/manager_test.go | 94 ++++++++++++++++++++++++++++++++++
 2 files changed, 108 insertions(+)

diff --git a/pkg/downloader/manager.go b/pkg/downloader/manager.go
index ec4056d2753..cc7850aae4b 100644
--- a/pkg/downloader/manager.go
+++ b/pkg/downloader/manager.go
@@ -852,6 +852,20 @@ func writeLock(chartpath string, lock *chart.Lock, 
legacyLockfile bool) error {
                lockfileName = "requirements.lock"
        }
        dest := filepath.Join(chartpath, lockfileName)
+
+       info, err := os.Lstat(dest)
+       if err != nil && !os.IsNotExist(err) {
+               return fmt.Errorf("error getting info for %q: %w", dest, err)
+       } else if err == nil {
+               if info.Mode()&os.ModeSymlink != 0 {
+                       link, err := os.Readlink(dest)
+                       if err != nil {
+                               return fmt.Errorf("error reading symlink for 
%q: %w", dest, err)
+                       }
+                       return fmt.Errorf("the %s file is a symlink to %q", 
lockfileName, link)
+               }
+       }
+
        return os.WriteFile(dest, data, 0644)
 }
 

Reply via email to