commit agama for openSUSE:Factory

Source-Sync Wed, 06 Aug 2025 09:16:56 -0700

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package agama for openSUSE:Factory checked 
in at 2025-08-06 14:34:40
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/agama (Old)
 and      /work/SRC/openSUSE:Factory/.agama.new.1085 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "agama"

Wed Aug  6 14:34:40 2025 rev:26 rq:1297889 version:0

Changes:
--------
--- /work/SRC/openSUSE:Factory/agama/agama.changes      2025-07-31 
17:45:46.731102429 +0200
+++ /work/SRC/openSUSE:Factory/.agama.new.1085/agama.changes    2025-08-06 
14:36:28.184041843 +0200
@@ -1,0 +2,12 @@
+Mon Jul 28 12:40:40 UTC 2025 - Martin Vidner <[email protected]>
+
+- update pam crate not to use a vulnerable users dependency
+  (bsc#1244200, CVE-2025-5791)
+
+-------------------------------------------------------------------
+Mon Jul 28 08:18:09 UTC 2025 - Imobach Gonzalez Sosa <[email protected]>
+
+- When the files in inst.auto or inst.script cannot be downloaded,
+  write the errors earlier (gh#agama-project/agama#2168).
+
+-------------------------------------------------------------------

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ agama.obscpio ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/agama/Cargo.lock new/agama/Cargo.lock
--- old/agama/Cargo.lock        2025-07-25 11:45:56.000000000 +0200
+++ new/agama/Cargo.lock        2025-07-30 09:59:42.000000000 +0200
@@ -2967,14 +2967,13 @@
 [[package]]
 name = "pam"
 version = "0.8.0"
-source = "registry+https://github.com/rust-lang/crates.io-index";
-checksum = "8ab553c52103edb295d8f7d6a3b593dc22a30b1fb99643c777a8f36915e285ba"
+source = 
"git+https://github.com/1wilkens/pam.git?rev=daf26ae#daf26ae3512d8e5a7478ccff1e4232ef5ebf9b03";
 dependencies = [
  "libc",
  "memchr",
  "pam-macros",
  "pam-sys",
- "users",
+ "uzers",
 ]
 
 [[package]]
@@ -4633,16 +4632,6 @@
 ]
 
 [[package]]
-name = "users"
-version = "0.10.0"
-source = "registry+https://github.com/rust-lang/crates.io-index";
-checksum = "aa4227e95324a443c9fcb06e03d4d85e91aabe9a5a02aa818688b6918b6af486"
-dependencies = [
- "libc",
- "log",
-]
-
-[[package]]
 name = "utf-8"
 version = "0.7.6"
 source = "registry+https://github.com/rust-lang/crates.io-index";
@@ -4714,6 +4703,16 @@
 ]
 
 [[package]]
+name = "uzers"
+version = "0.11.3"
+source = "registry+https://github.com/rust-lang/crates.io-index";
+checksum = "76d283dc7e8c901e79e32d077866eaf599156cbf427fffa8289aecc52c5c3f63"
+dependencies = [
+ "libc",
+ "log",
+]
+
+[[package]]
 name = "valuable"
 version = "0.1.1"
 source = "registry+https://github.com/rust-lang/crates.io-index";
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/agama/agama-autoinstall/src/auto_loader.rs 
new/agama/agama-autoinstall/src/auto_loader.rs
--- old/agama/agama-autoinstall/src/auto_loader.rs      2025-07-25 
11:45:56.000000000 +0200
+++ new/agama/agama-autoinstall/src/auto_loader.rs      2025-07-30 
09:59:42.000000000 +0200
@@ -77,8 +77,8 @@
         for url in urls {
             println!("Loading configuration from {url}");
             while let Err(error) = loader.load(url).await {
+                eprintln!("Could not load configuration from {url}: {error}");
                 if !self.should_retry(url).await? {
-                    println!("Could not load configuration from {url}");
                     return Err(error);
                 }
             }
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/agama/agama-autoinstall/src/scripts.rs 
new/agama/agama-autoinstall/src/scripts.rs
--- old/agama/agama-autoinstall/src/scripts.rs  2025-07-25 11:45:56.000000000 
+0200
+++ new/agama/agama-autoinstall/src/scripts.rs  2025-07-30 09:59:42.000000000 
+0200
@@ -98,8 +98,8 @@
     async fn save_script(&self, url: &str, path: &PathBuf) -> 
anyhow::Result<()> {
         let mut file = Self::create_file(&path, 0o700)?;
         while let Err(error) = Transfer::get(url, &mut file, self.insecure) {
+            eprintln!("Could not load configuration from {url}: {error}");
             if !self.should_retry(&url).await? {
-                println!("Could not load configuration from {url}");
                 return Err(anyhow!(error));
             }
         }
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/agama/agama-server/Cargo.toml 
new/agama/agama-server/Cargo.toml
--- old/agama/agama-server/Cargo.toml   2025-07-25 11:45:56.000000000 +0200
+++ new/agama/agama-server/Cargo.toml   2025-07-30 09:59:42.000000000 +0200
@@ -37,7 +37,9 @@
 config = "0.15.11"
 rand = "0.9.1"
 axum-extra = { version = "0.9.4", features = ["cookie", "typed-header"] }
-pam = "0.8.0"
+# pam 0.8.0 (2023-11) plus an unreleased commit from 2023-12
+# that switches from users to uzers, fixing CVE-2025-5791
+pam = { git = "https://github.com/1wilkens/pam.git";, rev = "daf26ae" }
 serde_with = "3.10.0"
 pin-project = "1.1.5"
 openssl = "0.10.66"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/agama/package/agama.changes 
new/agama/package/agama.changes
--- old/agama/package/agama.changes     2025-07-25 11:45:56.000000000 +0200
+++ new/agama/package/agama.changes     2025-07-30 09:59:42.000000000 +0200
@@ -1,4 +1,16 @@
 -------------------------------------------------------------------
+Mon Jul 28 12:40:40 UTC 2025 - Martin Vidner <[email protected]>
+
+- update pam crate not to use a vulnerable users dependency
+  (bsc#1244200, CVE-2025-5791)
+
+-------------------------------------------------------------------
+Mon Jul 28 08:18:09 UTC 2025 - Imobach Gonzalez Sosa <[email protected]>
+
+- When the files in inst.auto or inst.script cannot be downloaded,
+  write the errors earlier (gh#agama-project/agama#2168).
+
+-------------------------------------------------------------------
 Thu Jul 24 13:19:52 UTC 2025 - Imobach Gonzalez Sosa <[email protected]>
 
 - Introduce inst.auto_insecure and inst.script_insecure to disable

++++++ agama.obsinfo ++++++
--- /var/tmp/diff_new_pack.E8yKI2/_old  2025-08-06 14:36:30.324131979 +0200
+++ /var/tmp/diff_new_pack.E8yKI2/_new  2025-08-06 14:36:30.328132148 +0200
@@ -1,5 +1,5 @@
 name: agama
-version: 17+45.62ec01ba4
-mtime: 1753436756
-commit: 62ec01ba4fad2b975b69bfcab9641645b3c97804
+version: 17+60.68fdb92ec
+mtime: 1753862382
+commit: 68fdb92ec2e3b20bd408c0c9708e60acebfdc8e2
 

++++++ vendor.tar.zst ++++++
/work/SRC/openSUSE:Factory/agama/vendor.tar.zst 
/work/SRC/openSUSE:Factory/.agama.new.1085/vendor.tar.zst differ: char 7, line 1

commit agama for openSUSE:Factory

Reply via email to