Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package openbao for openSUSE:Factory checked in at 2026-03-26 21:08:52 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/openbao (Old) and /work/SRC/openSUSE:Factory/.openbao.new.8177 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "openbao" Thu Mar 26 21:08:52 2026 rev:18 rq:1342701 version:2.5.2 Changes: -------- --- /work/SRC/openSUSE:Factory/openbao/openbao.changes 2026-03-20 21:25:36.411978652 +0100 +++ /work/SRC/openSUSE:Factory/.openbao.new.8177/openbao.changes 2026-03-27 06:46:02.249385793 +0100 @@ -1,0 +2,67 @@ +Thu Mar 26 05:54:29 UTC 2026 - Johannes Kastl <[email protected]> + +- Update to version 2.5.2: + * SECURITY + - auth/jwt: Prevent XSS via error_description parameter in + callback_mode=direct auth methods. CVE-2026-33758. [GH-2709] + - auth/jwt: Prompt for confirmation during direct callback mode + to authorize OpenBao token issuance. CVE-2026-33757. + [GH-2710] + * BUG FIXES + - command: External token helpers now inherit environment + variables from the parent process. [GH-2570] + - core/metrics: Fix count of leases/tokens/kv-secrets/entities + metric not being emitted. [GH-2672] + - core/mounts, core/namespaces: Fix lock ordering in mount + deletion racing against namespace updates, causing deadlocks. + [GH-2625] + - core/seal: Fix /sys/rotate/root call rotating both root key + and unseal key when using a Shamir Seal, losing all key + shares. [GH-2619] + - core: Skip re-scheduling lease expiration jobs that need to + write to storage when a node unseals in read-only mode. + [GH-2549] + - core: Fix potential deadlock in JobManager, which can cause + mount deletion timeouts. [GH-2630] + - http: Forward help requests to active node when unable to + handle them on standby with read requests handling disabled. + [GH-2572] + - identity/oidc: Fix OIDC named key rotation silently skipping + in non-root namespaces due to double namespace prefix in + storage path lookup. [GH-2669] + - raft: Propagate peer join/remove/promote/demote and autopilot + read/update requests to active node. [GH-2574] + * What's Changed + - Bump github.com/bgentry/speakeasy to v0.2.0 (#2535 by + @agrimault-dinum) backported by @agrimault-dinum in #2545 + - Fix expired test certificates (#2552 by @satoqz) backported + by @phil9909 in #2631 + - Skip lease restoration on standby nodes (#2549 by + @wslabosz-reply) backported by @phil9909 in #2632 + - Pass full environment to token helper (#2570 by @satoqz) + backported by @phil9909 in #2633 + - Handle help requests on standby nodes when reads are disabled + (#2572 by @wslabosz-reply) backported by @phil9909 in #2634 + - Don't iterate namespaces on mount deletion (#2625 by @satoqz) + backported by @phil9909 in #2635 + - fix race condition in jobmanager (#2630 by @phil9909) + backported by @phil9909 in #2636 + - Bump github.com/cloudflare/circl to v1.6.3 (#2577 by @satoqz) + backported by @satoqz in #2652 + - Fix root key rotation endpoint rotating Shamir's KEK (#2619 + by @wslabosz-reply) backported by @satoqz in #2650 + - Bump to Go 1.25.8 (#2609 by @satoqz) backported by @satoqz in + #2651 + - Forward raft autopilot operations (#2574 by @wslabosz-reply) + backported by @satoqz in #2659 + - Fix regression in OIDC named key rotation (#2669 by + @JAYKRISHNAN) backported by @phil9909 in #2694 + - Fix missing emitMetricsActiveNode metrics (#2672 by + @wslabosz-reply) backported by @satoqz in #2697 + - Resolve GHSA-cpj3-3r2f-xj59 (#2709 by @gianklug) by + @cipherboy in #2711 + - Resolve GHSA-7q7g-x6vg-xpc3 (#2710 by @gianklug) by + @cipherboy in #2713 + - Add changelog for v2.5.2 by @cipherboy in #2715 + +------------------------------------------------------------------- Old: ---- openbao-2.5.1.obscpio ui-2.5.1.tar.gz New: ---- openbao-2.5.2.obscpio ui-2.5.2.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ openbao.spec ++++++ --- /var/tmp/diff_new_pack.dKu0oX/_old 2026-03-27 06:46:14.489891055 +0100 +++ /var/tmp/diff_new_pack.dKu0oX/_new 2026-03-27 06:46:14.489891055 +0100 @@ -23,7 +23,7 @@ %define short_executable_name bao Name: openbao -Version: 2.5.1 +Version: 2.5.2 Release: 0 Summary: Manage, store, and distribute sensitive data License: MPL-2.0 ++++++ _service ++++++ --- /var/tmp/diff_new_pack.dKu0oX/_old 2026-03-27 06:46:14.565894193 +0100 +++ /var/tmp/diff_new_pack.dKu0oX/_new 2026-03-27 06:46:14.569894358 +0100 @@ -2,7 +2,7 @@ <service name="obs_scm" mode="manual"> <param name="url">https://github.com/openbao/openbao</param> <param name="scm">git</param> - <param name="revision">v2.5.1</param> + <param name="revision">v2.5.2</param> <param name="package-meta">yes</param> <param name="versionformat">@PARENT_TAG@</param> <param name="versionrewrite-pattern">v(.*)</param> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.dKu0oX/_old 2026-03-27 06:46:14.609896009 +0100 +++ /var/tmp/diff_new_pack.dKu0oX/_new 2026-03-27 06:46:14.617896339 +0100 @@ -1,6 +1,6 @@ <servicedata> <service name="tar_scm"> <param name="url">https://github.com/openbao/openbao</param> - <param name="changesrevision">e546fae8cbfe95d8f36a351deb2cd23bfb94119e</param></service></servicedata> + <param name="changesrevision">932fcf892eba8d646a9bfc58a59ea3b2475b17fa</param></service></servicedata> (No newline at EOF) ++++++ openbao-2.5.1.obscpio -> openbao-2.5.2.obscpio ++++++ /work/SRC/openSUSE:Factory/openbao/openbao-2.5.1.obscpio /work/SRC/openSUSE:Factory/.openbao.new.8177/openbao-2.5.2.obscpio differ: char 49, line 1 ++++++ openbao.obsinfo ++++++ --- /var/tmp/diff_new_pack.dKu0oX/_old 2026-03-27 06:46:14.705899971 +0100 +++ /var/tmp/diff_new_pack.dKu0oX/_new 2026-03-27 06:46:14.705899971 +0100 @@ -1,5 +1,5 @@ name: openbao -version: 2.5.1 -mtime: 1771866154 -commit: e546fae8cbfe95d8f36a351deb2cd23bfb94119e +version: 2.5.2 +mtime: 1774454556 +commit: 932fcf892eba8d646a9bfc58a59ea3b2475b17fa ++++++ ui-2.5.1.tar.gz -> ui-2.5.2.tar.gz ++++++ /work/SRC/openSUSE:Factory/openbao/ui-2.5.1.tar.gz /work/SRC/openSUSE:Factory/.openbao.new.8177/ui-2.5.2.tar.gz differ: char 14, line 1 ++++++ vendor.tar.gz ++++++ /work/SRC/openSUSE:Factory/openbao/vendor.tar.gz /work/SRC/openSUSE:Factory/.openbao.new.8177/vendor.tar.gz differ: char 134, line 1
