Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package opentofu for openSUSE:Factory checked in at 2025-12-09 12:53:33 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/opentofu (Old) and /work/SRC/openSUSE:Factory/.opentofu.new.1939 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "opentofu" Tue Dec 9 12:53:33 2025 rev:39 rq:1321673 version:1.10.8 Changes: -------- --- /work/SRC/openSUSE:Factory/opentofu/opentofu.changes 2025-11-07 18:23:45.054706057 +0100 +++ /work/SRC/openSUSE:Factory/.opentofu.new.1939/opentofu.changes 2025-12-09 12:59:54.648077144 +0100 @@ -1,0 +2,16 @@ +Tue Dec 09 06:50:22 UTC 2025 - Johannes Kastl <[email protected]> + +- Update to version 1.10.8: + * SECURITY ADVISORIES: + This release contains fixes for some security advisories + related to previous releases in this series. + - Incorrect handling of excluded subdomain constraint in + conjunction with TLS certificates containing wildcard SANs + This release incorporates the upstream fixes for + GO-2025-4175. + - Excessive CPU usage when reporting error about crafted TLS + certificate with many hostnames + This release incorporates the upstream fixes for + GO-2025-4155. + +------------------------------------------------------------------- Old: ---- opentofu-1.10.7.obscpio New: ---- opentofu-1.10.8.obscpio ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ opentofu.spec ++++++ --- /var/tmp/diff_new_pack.Wkx2eu/_old 2025-12-09 12:59:56.128139532 +0100 +++ /var/tmp/diff_new_pack.Wkx2eu/_new 2025-12-09 12:59:56.152140544 +0100 @@ -19,7 +19,7 @@ %define executable_name tofu Name: opentofu -Version: 1.10.7 +Version: 1.10.8 Release: 0 Summary: Declaratively manage your cloud infrastructure License: MPL-2.0 @@ -29,7 +29,7 @@ Source1: vendor.tar.gz Source99: opentofu-rpmlintrc BuildRequires: bash-completion -BuildRequires: go1.24 >= 1.24.6 +BuildRequires: go1.24 >= 1.24.11 BuildRequires: golang-packaging # See: https://github.com/hashicorp/opentofu/issues/22807 ExcludeArch: %{ix86} %{arm} ++++++ _service ++++++ --- /var/tmp/diff_new_pack.Wkx2eu/_old 2025-12-09 12:59:56.464153696 +0100 +++ /var/tmp/diff_new_pack.Wkx2eu/_new 2025-12-09 12:59:56.500155213 +0100 @@ -3,7 +3,7 @@ <param name="url">https://github.com/opentofu/opentofu/</param> <param name="scm">git</param> <param name="exclude">.git</param> - <param name="revision">v1.10.7</param> + <param name="revision">v1.10.8</param> <param name="versionformat">@PARENT_TAG@</param> <param name="versionrewrite-pattern">v(.*)</param> <param name="changesgenerate">enable</param> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.Wkx2eu/_old 2025-12-09 12:59:56.752165836 +0100 +++ /var/tmp/diff_new_pack.Wkx2eu/_new 2025-12-09 12:59:56.800167859 +0100 @@ -1,6 +1,6 @@ <servicedata> <service name="tar_scm"> <param name="url">https://github.com/opentofu/opentofu/</param> - <param name="changesrevision">4b32aa801f42a50f168ad842443885c2d1cd99bd</param></service></servicedata> + <param name="changesrevision">c1f4b7a60bce4a7eab9958af486b9abbe6ade7b4</param></service></servicedata> (No newline at EOF) ++++++ opentofu-1.10.7.obscpio -> opentofu-1.10.8.obscpio ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/opentofu-1.10.7/.go-version new/opentofu-1.10.8/.go-version --- old/opentofu-1.10.7/.go-version 2025-11-06 13:54:30.000000000 +0100 +++ new/opentofu-1.10.8/.go-version 2025-12-08 20:10:50.000000000 +0100 @@ -1 +1 @@ -1.24.9 +1.24.11 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/opentofu-1.10.7/CHANGELOG.md new/opentofu-1.10.8/CHANGELOG.md --- old/opentofu-1.10.7/CHANGELOG.md 2025-11-06 13:54:30.000000000 +0100 +++ new/opentofu-1.10.8/CHANGELOG.md 2025-12-08 20:10:50.000000000 +0100 @@ -1,4 +1,19 @@ -## 1.10.8 (unreleased) +## 1.10.9 (unreleased) + +## 1.10.8 + +SECURITY ADVISORIES: + +This release contains fixes for some security advisories related to previous releases in this series. + +- Incorrect handling of excluded subdomain constraint in conjunction with TLS certificates containing wildcard SANs + + This release incorporates the upstream fixes for [GO-2025-4175](https://pkg.go.dev/vuln/GO-2025-4175). + +- Excessive CPU usage when reporting error about crafted TLS certificate with many hostnames + + This release incorporates the upstream fixes for [GO-2025-4155](https://pkg.go.dev/vuln/GO-2025-4155). + ## 1.10.7 @@ -126,8 +141,9 @@ - OpenTofu can now produce partial OpenTelemetry trace information, sent to a collector endpoint you control, when run with certain environment variables. This release includes experimental initial support for `tofu init` tracing, but more trace detail is planned for later OpenTofu releases. ([#2665](https://github.com/opentofu/opentofu/pull/2665)) - When running `tofu init` with a dependency lock file that contains entries for certain providers on `registry.terraform.io`, OpenTofu now attempts to select the corresponding version of the equivalent provider on `registry.opentofu.org` as an aid when switching directly from OpenTofu's predecessor. This applies only to the providers that are rebuilt from source and republished on the OpenTofu Registry by the OpenTofu project, because we cannot assume any equivalence for third-party providers published in other namespaces. ([#2791](https://github.com/opentofu/opentofu/pull/2791)) - When installing a provider from a source that offers a `.zip` archive of a provider package but that cannot also offer a signed set of official checksums for the provider, OpenTofu now includes its locally-verified zip archive checksum (`zh:` scheme) in the dependency lock file in addition to the package contents checksum (`h1:` checksum) previously recorded. This makes it more likely that a future reinstall of the same package from a different source will be verified successfully. ([#2656](https://github.com/opentofu/opentofu/pull/2656)) -- OpenTofu now recommends using `-exclude` instead of `-target`, when possible, in the error messages about unknown values in `count` and `for_each` arguments, thereby providing a more definitive workaround. ([#2154](https://github.com/opentofu/opentofu/pull/2154)) +- OpenTofu now recommends using `-exclude` instead of `-target`, when possible, in the error messages about unknown values in `count` and `for_each` arguments, thereby providing a more definitive workaround. ([#2154](https://github.com/opentofu/opentofu/pull/2154)) - `tofu init` now includes additional suggestions when provider installation fails and the provider had been chosen implicitly based on the backward-compatibility rules, rather than written explicitly in the configuration. ([#2084](https://github.com/opentofu/opentofu/issues/2084)) +- Logical operators (`&&` and `||`) now support short-circuit evaluation. The second operand is not evaluated if the result can be determined from the first operand alone. This prevents errors when accessing attributes on potentially null values and aligns with behavior in most modern programming languages. ([#828](https://github.com/opentofu/opentofu/issues/828)) BUG FIXES: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/opentofu-1.10.7/go.mod new/opentofu-1.10.8/go.mod --- old/opentofu-1.10.7/go.mod 2025-11-06 13:54:30.000000000 +0100 +++ new/opentofu-1.10.8/go.mod 2025-12-08 20:10:50.000000000 +0100 @@ -275,6 +275,6 @@ sigs.k8s.io/yaml v1.2.0 // indirect ) -go 1.24.9 +go 1.24.11 replace github.com/hashicorp/hcl/v2 v2.20.1 => github.com/opentofu/hcl/v2 v2.20.2-0.20251021132045-587d123c2828 Binary files old/opentofu-1.10.7/internal/command/cliconfig/svcauthconfig/testdata/helperprog/main and new/opentofu-1.10.8/internal/command/cliconfig/svcauthconfig/testdata/helperprog/main differ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/opentofu-1.10.7/version/VERSION new/opentofu-1.10.8/version/VERSION --- old/opentofu-1.10.7/version/VERSION 2025-11-06 13:54:30.000000000 +0100 +++ new/opentofu-1.10.8/version/VERSION 2025-12-08 20:10:50.000000000 +0100 @@ -1 +1 @@ -1.10.7 +1.10.8 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/opentofu-1.10.7/website/docker-compose.build-non-main.yml new/opentofu-1.10.8/website/docker-compose.build-non-main.yml --- old/opentofu-1.10.7/website/docker-compose.build-non-main.yml 1970-01-01 01:00:00.000000000 +0100 +++ new/opentofu-1.10.8/website/docker-compose.build-non-main.yml 2025-12-08 20:10:50.000000000 +0100 @@ -0,0 +1,18 @@ +# Copyright (c) The OpenTofu Authors +# SPDX-License-Identifier: MPL-2.0 +# Copyright (c) 2023 HashiCorp, Inc. +# SPDX-License-Identifier: MPL-2.0 + +# This file is meant to be used only in running the `website` GH workflow on non-main branches and PRs that are targeting non-main branches. +# This is because the [blog/](https://github.com/opentofu/opentofu.org/tree/main/blog) content can point to documentation that is not available +# in branches of lower versions of OpenTofu. +services: + website: + build: . + ports: + - "3000:3000" + volumes: + - ../:/work/opentofu-repo/main + command: > + sh -c "sed -i 's#throw#warn#g' docusaurus.config.ts && npm run build" + restart: no \ No newline at end of file diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/opentofu-1.10.7/website/docs/intro/install/docker-compose.yaml new/opentofu-1.10.8/website/docs/intro/install/docker-compose.yaml --- old/opentofu-1.10.7/website/docs/intro/install/docker-compose.yaml 2025-11-06 13:54:30.000000000 +0100 +++ new/opentofu-1.10.8/website/docs/intro/install/docker-compose.yaml 2025-12-08 20:10:50.000000000 +0100 @@ -1,8 +1,8 @@ -# Copyright (c) The OpenTofu Authors -# SPDX-License-Identifier: MPL-2.0 -# Copyright (c) 2023 HashiCorp, Inc. -# SPDX-License-Identifier: MPL-2.0 - +# Copyright (c) The OpenTofu Authors +# SPDX-License-Identifier: MPL-2.0 +# Copyright (c) 2023 HashiCorp, Inc. +# SPDX-License-Identifier: MPL-2.0 + # This docker-compose file tests the installation instructions with all operating systems. See # # test-install-instructions.sh for details. version: '3.2' @@ -24,7 +24,7 @@ command: /data/alpine.sh working_dir: /data debian-convenience: - image: debian:buster + image: debian:stable volumes: - source: ./ target: /data @@ -32,7 +32,7 @@ command: /data/deb.sh --convenience working_dir: /data debian-manual: - image: debian:buster + image: debian:stable volumes: - source: ./ target: /data diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/opentofu-1.10.7/website/docs/intro/install/test-install-instructions.sh new/opentofu-1.10.8/website/docs/intro/install/test-install-instructions.sh --- old/opentofu-1.10.7/website/docs/intro/install/test-install-instructions.sh 2025-11-06 13:54:30.000000000 +0100 +++ new/opentofu-1.10.8/website/docs/intro/install/test-install-instructions.sh 2025-12-08 20:10:50.000000000 +0100 @@ -35,7 +35,7 @@ echo -e "::group::\033[0;31m❌ ${SERVICE}\033[0m" FAILED=$((${FAILED}+1)) fi - cat $TEMPFILE | grep -a -E "^[a-zA-Z]+-${SERVICE}-1\s+\| " | sed -E "s/^[a-zA-Z]+-${SERVICE}-1\s+\| //" + cat $TEMPFILE | grep -a -E "^${SERVICE}-1\s+\| " | sed -E "s/^${SERVICE}-1\s+\| //" echo "::endgroup::" done ++++++ opentofu.obsinfo ++++++ --- /var/tmp/diff_new_pack.Wkx2eu/_old 2025-12-09 13:00:10.620750424 +0100 +++ /var/tmp/diff_new_pack.Wkx2eu/_new 2025-12-09 13:00:10.632750930 +0100 @@ -1,5 +1,5 @@ name: opentofu -version: 1.10.7 -mtime: 1762433670 -commit: 4b32aa801f42a50f168ad842443885c2d1cd99bd +version: 1.10.8 +mtime: 1765221050 +commit: c1f4b7a60bce4a7eab9958af486b9abbe6ade7b4 ++++++ vendor.tar.gz ++++++ /work/SRC/openSUSE:Factory/opentofu/vendor.tar.gz /work/SRC/openSUSE:Factory/.opentofu.new.1939/vendor.tar.gz differ: char 13, line 1
