Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package apptainer for openSUSE:Factory checked in at 2026-01-07 16:02:24 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/apptainer (Old) and /work/SRC/openSUSE:Factory/.apptainer.new.1928 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "apptainer" Wed Jan 7 16:02:24 2026 rev:38 rq:1325744 version:1.4.5 Changes: -------- --- /work/SRC/openSUSE:Factory/apptainer/apptainer.changes 2025-11-06 18:18:35.473106774 +0100 +++ /work/SRC/openSUSE:Factory/.apptainer.new.1928/apptainer.changes 2026-01-07 16:03:12.819609744 +0100 @@ -1,0 +2,47 @@ +Tue Jan 6 18:21:04 UTC 2026 - Egbert Eich <[email protected]> + +- Update ot 1.4.5 + * Fix for moderate severity GO-2025-4176 / CVE-2025-65105 / + GHSA-j3rw-fx6g-q46j (bsc#1255462): + Ineffective application of selinux / apparmor --security option. + Updates of a few dependent go libraries for related security fixes. + * Other fix + Run FUSE processes in a separate process group. This detaches them + from the main process so they don't receive signals such as interrupts + sent to a terminal there. This was not a problem with interactive + shells because they start their own group, but was a problem with + some programs with interactive Read/Eval/Print/Loops such as python. + An interrupt there would kill the FUSE processes. +- From 1.4.4 + * By applying patches to the bundled fuse2fs, allow again the possibility + of using a non-writable ext3 image file as an overlay. Fixes regression + introduced in 1.4.3. + * If an overlay or bound data image is asked to be mounted writable but + the user has no write access to the image, show a warning message + instead of silently switching to readonly. + * Avoid a fatal error when starting fakeroot from suid mode while + in an NFS directory. + * Fix 32-bit builds which were accidentally broken by a library + upgrade that was done for a minor security issue. +- Fix CVEs: + * GO-2025-4135 - CVE-2025-47914 + Malformed constraint may cause denial of service in + golang.org/x/crypto/ssh/agent. + * GO-2025-4134 - CVE-2025-58181 + Unbounded memory consumption in golang.org/x/crypto/ssh. + * GO-2025-4116 - CVE-2025-47913 + Potential denial of service in golang.org/x/crypto/ssh/agent. + * GO-2025-3595 - CVE-2025-22872 + Incorrect Neutralization of Input During Web Page Generation + in x/net. + * GO-2025-3503 - CVE-2025-22870 + HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net. + * GO-2025-3487 - CVE-2025-22869 + Potential denial of service in golang.org/x/crypto. + * GO-2025-3485 - CVE-2025-27144 + DoS in go-jose Parsing in github.com/go-jose/go-jose. + * GO-2025-3754 - CVE-2025-8556 + CIRCL-Fourq: Missing and wrong validation can lead to + incorrect results in github.com/cloudflare/circl. + +------------------------------------------------------------------- Old: ---- apptainer-1.4.2.tar.gz New: ---- apptainer-1.4.5.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ apptainer.spec ++++++ --- /var/tmp/diff_new_pack.lM1byz/_old 2026-01-07 16:03:14.491679338 +0100 +++ /var/tmp/diff_new_pack.lM1byz/_new 2026-01-07 16:03:14.495679504 +0100 @@ -1,8 +1,7 @@ # # spec file for package apptainer # -# Copyright (c) 2025 SUSE LLC -# Copyright (c) 2025 SUSE LLC and contributors +# Copyright (c) 2026 SUSE LLC and contributors # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -26,7 +25,7 @@ License: BSD-3-Clause-LBNL AND OpenSSL Group: Productivity/Clustering/Computing Name: apptainer -Version: 1.4.2 +Version: 1.4.5 Release: 0 # https://spdx.org/licenses/BSD-3-Clause-LBNL.html URL: https://apptainer.org @@ -47,11 +46,11 @@ BuildRequires: gcc BuildRequires: git BuildRequires: go >= 1.19 +BuildRequires: libseccomp-devel BuildRequires: libuuid-devel BuildRequires: make BuildRequires: openssl-devel BuildRequires: sysuser-tools -BuildRequires: libseccomp-devel Requires: squashfs Requires: squashfuse Recommends: fuse2fs ++++++ _service ++++++ --- /var/tmp/diff_new_pack.lM1byz/_old 2026-01-07 16:03:14.635685332 +0100 +++ /var/tmp/diff_new_pack.lM1byz/_new 2026-01-07 16:03:14.639685498 +0100 @@ -1,6 +1,17 @@ <services> <service name="go_modules" mode="disabled"> + <param name="replace"> + golang.org/x/crypto=golang.org/x/[email protected] + </param> + <param name="replace"> + golang.org/x/net=golang.org/x/[email protected] + </param> + <param name="replace"> + github.com/go-jose/go-jose/v4=github.com/go-jose/go-jose/[email protected] + </param> + <param name="replace"> + github.com/cloudflare/circl=github.com/cloudflare/[email protected] + </param> </service> </services> - ++++++ apptainer-1.4.2.tar.gz -> apptainer-1.4.5.tar.gz ++++++ ++++ 1743 lines of diff (skipped) ++++++ vendor.tar.gz ++++++ /work/SRC/openSUSE:Factory/apptainer/vendor.tar.gz /work/SRC/openSUSE:Factory/.apptainer.new.1928/vendor.tar.gz differ: char 13, line 1
