Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package telemetrygen for openSUSE:Factory checked in at 2026-04-02 17:43:03 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/telemetrygen (Old) and /work/SRC/openSUSE:Factory/.telemetrygen.new.21863 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "telemetrygen" Thu Apr 2 17:43:03 2026 rev:11 rq:1344275 version:0.149.0 Changes: -------- --- /work/SRC/openSUSE:Factory/telemetrygen/telemetrygen.changes 2026-03-18 16:52:58.019171930 +0100 +++ /work/SRC/openSUSE:Factory/.telemetrygen.new.21863/telemetrygen.changes 2026-04-02 17:44:33.863741578 +0200 @@ -1,0 +2,98 @@ +Wed Apr 01 04:40:41 UTC 2026 - Johannes Kastl <[email protected]> + +- Update to version 0.149.0: + * [chore] update dependency (#47273) + * fix(deps): update module golang.org/x/sync to v0.20.0 (#47266) + * fix(deps): update module github.com/hetznercloud/hcloud-go/v2 + to v2.37.0 (#47262) + * fix(deps): update module github.com/stretchr/testify to v1.11.1 + (#47263) + * fix(deps): update module github.com/googleapis/gax-go/v2 to + v2.20.0 (#47260) + * fix(deps): update module github.com/hashicorp/go-version to + v1.9.0 (#47261) + * fix(deps): update all github.com/aws packages (#47252) + * fix(deps): update module github.com/elastic/go-docappender/v2 + to v2.14.0 (#47256) + * fix(deps): update module cloud.google.com/go/spanner to v1.89.0 + (#47254) + * fix(deps): update module + github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common + to v1.3.68 (#47253) + * chore(deps): update module github.com/rhysd/actionlint to + v1.7.12 (#47250) + * chore(deps): update actions/setup-go digest to 4a36011 (#47249) + * [chore] Update core dependencies (#47245) + * Bump github.com/go-git/go-git/v5 from 5.16.5 to 5.17.1 in + /internal/tools (#47240) + * fix(deps): update module go.opentelemetry.io/ebpf-profiler to + v0.0.202613 (#47153) + * fix(deps): update module github.com/knadh/koanf/v2 to v2.3.4 + (#47139) + * fix(deps): update module github.com/klauspost/compress to + v1.18.5 (#47138) + * fix(deps): update module github.com/jackc/pgx/v5 to v5.9.1 + (#47146) + * fix(deps): update module + github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common + to v1.3.63 (#47140) + * fix(deps): update all github.com/aws packages (#47143) + * Bump google.golang.org/grpc from 1.76.0 to 1.79.3 in + /internal/docker (#47111) + * Bump github.com/buger/jsonparser from 1.1.1 to 1.1.2 in + /receiver/purefbreceiver (#47112) + * fix(deps): update module github.com/getsentry/sentry-go to + v0.44.1 (#47155) + * Bump github.com/buger/jsonparser from 1.1.1 to 1.1.2 in + /exporter/prometheusexporter (#47169) + * Update All golang.org/x packages (#47072) + * fix(deps): update module github.com/antchfx/xmlquery to v1.5.1 + (#47136) + * [chore] Update core dependencies (#47205) + * Update module github.com/goccy/go-json to v0.10.6 (#47070) + * Update module modernc.org/sqlite to v1.47.0 (#47080) + * Update module gitlab.com/gitlab-org/api/client-go/v2 to v2.7.0 + (#47079) + * Update module github.com/SAP/go-hdb to v1.16.2 (#47078) + * Update module + github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common + to v1.3.61 (#47071) + * Update All github.com/aws packages (#47067) + * Update module github.com/elastic/go-docappender/v2 to v2.13.0 + (#47076) + * Update module github.com/DeRuina/timberjack to v1.4.0 (#47075) + * Update module github.com/DataDog/agent-payload/v5 to v5.0.185 + (#47069) + * Update module cloud.google.com/go/pubsub/v2 to v2.5.0 (#47074) + * Update kubernetes monorepo to v0.35.3 (#47068) + * Update docker-compose deps to v0.148.0 (#47073) + * Update dockerfile deps (#47065) + * Update github-actions deps (#47066) + * [chore] Update core dependencies (#47064) + * Bump google.golang.org/grpc from 1.76.0 to 1.79.3 in + /internal/metadataproviders (#47060) + * Bump github.com/buger/jsonparser from 1.1.1 to 1.1.2 in + /pkg/translator/faro (#47057) + * Bump github.com/buger/jsonparser from 1.1.1 to 1.1.2 in + /exporter/faroexporter (#47056) + * Bump github.com/buger/jsonparser from 1.1.1 to 1.1.2 in + /testbed (#47051) + * Bump github.com/buger/jsonparser from 1.1.1 to 1.1.2 in + /receiver/purefareceiver (#47053) + * Bump github.com/buger/jsonparser from 1.1.1 to 1.1.2 in + /internal/datadog/e2e (#47052) + * Update module github.com/buger/jsonparser to v1.1.2 [SECURITY] + (#47049) + * [chore] Update core dependencies (#47044) + * Update semconv for skywalking to latest (#45130) + * Bump google.golang.org/grpc from 1.76.0 to 1.79.3 in + /pkg/xk8stest (#47014) + * [chore] update github.com/edsrzf/mmap-go to support AIX + (#47031) + * [chore] update grpc to 1.79.3 (#47028) + * Bump google.golang.org/grpc from 1.79.2 to 1.79.3 in + /receiver/jmxreceiver (#47027) + * Bump google.golang.org/grpc from 1.79.2 to 1.79.3 in + /receiver/wavefrontreceiver (#47012) + +------------------------------------------------------------------- Old: ---- telemetrygen-0.148.0.obscpio New: ---- telemetrygen-0.149.0.obscpio ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ telemetrygen.spec ++++++ --- /var/tmp/diff_new_pack.FiYI5t/_old 2026-04-02 17:44:35.043789041 +0200 +++ /var/tmp/diff_new_pack.FiYI5t/_new 2026-04-02 17:44:35.047789202 +0200 @@ -17,7 +17,7 @@ Name: telemetrygen -Version: 0.148.0 +Version: 0.149.0 Release: 0 Summary: Telemetry generator for OpenTelemetry License: Apache-2.0 ++++++ _service ++++++ --- /var/tmp/diff_new_pack.FiYI5t/_old 2026-04-02 17:44:35.087790811 +0200 +++ /var/tmp/diff_new_pack.FiYI5t/_new 2026-04-02 17:44:35.103791455 +0200 @@ -2,7 +2,7 @@ <service name="obs_scm" mode="manual"> <param name="url">https://github.com/open-telemetry/opentelemetry-collector-contrib.git</param> <param name="scm">git</param> - <param name="revision">refs/tags/v0.148.0</param> + <param name="revision">refs/tags/v0.149.0</param> <param name="match-tag">v*</param> <param name="versionformat">@PARENT_TAG@</param> <param name="versionrewrite-pattern">v(.*)</param> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.FiYI5t/_old 2026-04-02 17:44:35.135792742 +0200 +++ /var/tmp/diff_new_pack.FiYI5t/_new 2026-04-02 17:44:35.143793064 +0200 @@ -3,6 +3,6 @@ <param name="url">https://github.com/open-telemetry/opentelemetry-collector-contrib</param> <param name="changesrevision">da05052499099b69cbb68a679a0efeac95a5d88c</param></service><service name="tar_scm"> <param name="url">https://github.com/open-telemetry/opentelemetry-collector-contrib.git</param> - <param name="changesrevision">d3c47b3bc48a08bc40afc6067c13c319afecf5cb</param></service></servicedata> + <param name="changesrevision">262df712c2a3f8d240b041a73109e8ab3904b916</param></service></servicedata> (No newline at EOF) ++++++ telemetrygen-0.148.0.obscpio -> telemetrygen-0.149.0.obscpio ++++++ ++++ 162794 lines of diff (skipped) ++++++ telemetrygen.obsinfo ++++++ --- /var/tmp/diff_new_pack.FiYI5t/_old 2026-04-02 17:44:51.932479990 +0200 +++ /var/tmp/diff_new_pack.FiYI5t/_new 2026-04-02 17:44:51.956480983 +0200 @@ -1,5 +1,5 @@ name: telemetrygen -version: 0.148.0 -mtime: 1773764031 -commit: d3c47b3bc48a08bc40afc6067c13c319afecf5cb +version: 0.149.0 +mtime: 1774985249 +commit: 262df712c2a3f8d240b041a73109e8ab3904b916 ++++++ vendor.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/vendor/google.golang.org/grpc/internal/envconfig/envconfig.go new/vendor/google.golang.org/grpc/internal/envconfig/envconfig.go --- old/vendor/google.golang.org/grpc/internal/envconfig/envconfig.go 2026-03-17 17:13:51.000000000 +0100 +++ new/vendor/google.golang.org/grpc/internal/envconfig/envconfig.go 2026-03-31 21:27:29.000000000 +0200 @@ -88,6 +88,22 @@ // feature can be disabled by setting the environment variable // GRPC_EXPERIMENTAL_PF_WEIGHTED_SHUFFLING to "false". PickFirstWeightedShuffling = boolFromEnv("GRPC_EXPERIMENTAL_PF_WEIGHTED_SHUFFLING", true) + + // DisableStrictPathChecking indicates whether strict path checking is + // disabled. This feature can be disabled by setting the environment + // variable GRPC_GO_EXPERIMENTAL_DISABLE_STRICT_PATH_CHECKING to "true". + // + // When strict path checking is enabled, gRPC will reject requests with + // paths that do not conform to the gRPC over HTTP/2 specification found at + // https://github.com/grpc/grpc/blob/master/doc/PROTOCOL-HTTP2.md. + // + // When disabled, gRPC will allow paths that do not contain a leading slash. + // Enabling strict path checking is recommended for security reasons, as it + // prevents potential path traversal vulnerabilities. + // + // A future release will remove this environment variable, enabling strict + // path checking behavior unconditionally. + DisableStrictPathChecking = boolFromEnv("GRPC_GO_EXPERIMENTAL_DISABLE_STRICT_PATH_CHECKING", false) ) func boolFromEnv(envVar string, def bool) bool { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/vendor/google.golang.org/grpc/server.go new/vendor/google.golang.org/grpc/server.go --- old/vendor/google.golang.org/grpc/server.go 2026-03-17 17:13:51.000000000 +0100 +++ new/vendor/google.golang.org/grpc/server.go 2026-03-31 21:27:29.000000000 +0200 @@ -42,6 +42,7 @@ "google.golang.org/grpc/internal" "google.golang.org/grpc/internal/binarylog" "google.golang.org/grpc/internal/channelz" + "google.golang.org/grpc/internal/envconfig" "google.golang.org/grpc/internal/grpcsync" "google.golang.org/grpc/internal/grpcutil" istats "google.golang.org/grpc/internal/stats" @@ -149,6 +150,8 @@ serverWorkerChannel chan func() serverWorkerChannelClose func() + + strictPathCheckingLogEmitted atomic.Bool } type serverOptions struct { @@ -1762,6 +1765,24 @@ return ss.s.WriteStatus(statusOK) } +func (s *Server) handleMalformedMethodName(stream *transport.ServerStream, ti *traceInfo) { + if ti != nil { + ti.tr.LazyLog(&fmtStringer{"Malformed method name %q", []any{stream.Method()}}, true) + ti.tr.SetError() + } + errDesc := fmt.Sprintf("malformed method name: %q", stream.Method()) + if err := stream.WriteStatus(status.New(codes.Unimplemented, errDesc)); err != nil { + if ti != nil { + ti.tr.LazyLog(&fmtStringer{"%v", []any{err}}, true) + ti.tr.SetError() + } + channelz.Warningf(logger, s.channelz, "grpc: Server.handleStream failed to write status: %v", err) + } + if ti != nil { + ti.tr.Finish() + } +} + func (s *Server) handleStream(t transport.ServerTransport, stream *transport.ServerStream) { ctx := stream.Context() ctx = contextWithServer(ctx, s) @@ -1782,26 +1803,30 @@ } sm := stream.Method() - if sm != "" && sm[0] == '/' { + if sm == "" { + s.handleMalformedMethodName(stream, ti) + return + } + if sm[0] != '/' { + // TODO(easwars): Add a link to the CVE in the below log messages once + // published. + if envconfig.DisableStrictPathChecking { + if old := s.strictPathCheckingLogEmitted.Swap(true); !old { + channelz.Warningf(logger, s.channelz, "grpc: Server.handleStream received malformed method name %q. Allowing it because the environment variable GRPC_GO_EXPERIMENTAL_DISABLE_STRICT_PATH_CHECKING is set to true, but this option will be removed in a future release.", sm) + } + } else { + if old := s.strictPathCheckingLogEmitted.Swap(true); !old { + channelz.Warningf(logger, s.channelz, "grpc: Server.handleStream rejected malformed method name %q. To temporarily allow such requests, set the environment variable GRPC_GO_EXPERIMENTAL_DISABLE_STRICT_PATH_CHECKING to true. Note that this is not recommended as it may allow requests to bypass security policies.", sm) + } + s.handleMalformedMethodName(stream, ti) + return + } + } else { sm = sm[1:] } pos := strings.LastIndex(sm, "/") if pos == -1 { - if ti != nil { - ti.tr.LazyLog(&fmtStringer{"Malformed method name %q", []any{sm}}, true) - ti.tr.SetError() - } - errDesc := fmt.Sprintf("malformed method name: %q", stream.Method()) - if err := stream.WriteStatus(status.New(codes.Unimplemented, errDesc)); err != nil { - if ti != nil { - ti.tr.LazyLog(&fmtStringer{"%v", []any{err}}, true) - ti.tr.SetError() - } - channelz.Warningf(logger, s.channelz, "grpc: Server.handleStream failed to write status: %v", err) - } - if ti != nil { - ti.tr.Finish() - } + s.handleMalformedMethodName(stream, ti) return } service := sm[:pos] diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/vendor/google.golang.org/grpc/version.go new/vendor/google.golang.org/grpc/version.go --- old/vendor/google.golang.org/grpc/version.go 2026-03-17 17:13:51.000000000 +0100 +++ new/vendor/google.golang.org/grpc/version.go 2026-03-31 21:27:29.000000000 +0200 @@ -19,4 +19,4 @@ package grpc // Version is the current grpc version. -const Version = "1.79.2" +const Version = "1.79.3" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/vendor/modules.txt new/vendor/modules.txt --- old/vendor/modules.txt 2026-03-17 17:13:51.000000000 +0100 +++ new/vendor/modules.txt 2026-03-31 21:27:29.000000000 +0200 @@ -62,10 +62,10 @@ ## explicit; go 1.24.0 go.opentelemetry.io/auto/sdk go.opentelemetry.io/auto/sdk/internal/telemetry -# go.opentelemetry.io/collector/featuregate v1.54.0 +# go.opentelemetry.io/collector/featuregate v1.55.0 ## explicit; go 1.25.0 go.opentelemetry.io/collector/featuregate -# go.opentelemetry.io/collector/pdata v1.54.0 +# go.opentelemetry.io/collector/pdata v1.55.0 ## explicit; go 1.25.0 go.opentelemetry.io/collector/pdata/internal go.opentelemetry.io/collector/pdata/internal/json @@ -255,7 +255,7 @@ ## explicit; go 1.24.0 google.golang.org/genproto/googleapis/rpc/errdetails google.golang.org/genproto/googleapis/rpc/status -# google.golang.org/grpc v1.79.2 +# google.golang.org/grpc v1.79.3 ## explicit; go 1.24.0 google.golang.org/grpc google.golang.org/grpc/attributes
