Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package k9s for openSUSE:Factory checked in at 2025-07-10 22:12:19 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/k9s (Old) and /work/SRC/openSUSE:Factory/.k9s.new.7373 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "k9s" Thu Jul 10 22:12:19 2025 rev:59 rq:1291613 version:0.50.7 Changes: -------- --- /work/SRC/openSUSE:Factory/k9s/k9s.changes 2025-07-07 14:47:03.561677906 +0200 +++ /work/SRC/openSUSE:Factory/.k9s.new.7373/k9s.changes 2025-07-10 22:12:22.416276969 +0200 @@ -1,0 +2,5 @@ +Wed Jul 9 16:42:07 UTC 2025 - Dirk Müller <dmuel...@suse.com> + +- add CVE-2025-53547.patch (CVE-2025-53547, bsc#1246155) + +------------------------------------------------------------------- New: ---- CVE-2025-53547.patch ----------(New B)---------- New: - add CVE-2025-53547.patch (CVE-2025-53547, bsc#1246155) ----------(New E)---------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ k9s.spec ++++++ --- /var/tmp/diff_new_pack.rTWIR4/_old 2025-07-10 22:12:24.416360155 +0200 +++ /var/tmp/diff_new_pack.rTWIR4/_new 2025-07-10 22:12:24.432360821 +0200 @@ -24,6 +24,7 @@ URL: https://github.com/derailed/k9s Source: %{name}-%{version}.tar.gz Source1: vendor.tar.gz +Patch1: CVE-2025-53547.patch BuildRequires: golang(API) = 1.24 ExcludeArch: %{ix86} @@ -36,6 +37,9 @@ %prep %setup -qa1 +pushd vendor/helm.sh/helm/v3 +%patch -P 1 -p1 +popd %build # hash will be shortened by COMMIT_HASH:0:8 later ++++++ CVE-2025-53547.patch ++++++ >From 00de613324df4dd930e6d231d9aae7f9dee29c76 Mon Sep 17 00:00:00 2001 From: Matt Farina <matt.far...@suse.com> Date: Wed, 2 Jul 2025 15:10:04 -0400 Subject: [PATCH] Updating link handling Signed-off-by: Matt Farina <matt.far...@suse.com> (cherry picked from commit 76fdba4c8c2a4829a6b7abb48a08e51fd07fa0b3) (cherry picked from commit 4389fa639a4d8e6836fa8df9bb70dd69c2820c12) --- pkg/downloader/manager.go | 14 +++++ pkg/downloader/manager_test.go | 94 ++++++++++++++++++++++++++++++++++ 2 files changed, 108 insertions(+) diff --git a/pkg/downloader/manager.go b/pkg/downloader/manager.go index ec4056d2753..cc7850aae4b 100644 --- a/pkg/downloader/manager.go +++ b/pkg/downloader/manager.go @@ -852,6 +852,20 @@ func writeLock(chartpath string, lock *chart.Lock, legacyLockfile bool) error { lockfileName = "requirements.lock" } dest := filepath.Join(chartpath, lockfileName) + + info, err := os.Lstat(dest) + if err != nil && !os.IsNotExist(err) { + return fmt.Errorf("error getting info for %q: %w", dest, err) + } else if err == nil { + if info.Mode()&os.ModeSymlink != 0 { + link, err := os.Readlink(dest) + if err != nil { + return fmt.Errorf("error reading symlink for %q: %w", dest, err) + } + return fmt.Errorf("the %s file is a symlink to %q", lockfileName, link) + } + } + return os.WriteFile(dest, data, 0644) }