Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package amazon-ssm-agent for
openSUSE:Factory checked in at 2026-06-03 20:28:03
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/amazon-ssm-agent (Old)
and /work/SRC/openSUSE:Factory/.amazon-ssm-agent.new.1937 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "amazon-ssm-agent"
Wed Jun 3 20:28:03 2026 rev:45 rq:1356959 version:3.3.4624.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/amazon-ssm-agent/amazon-ssm-agent.changes
2026-05-28 23:13:36.539520621 +0200
+++
/work/SRC/openSUSE:Factory/.amazon-ssm-agent.new.1937/amazon-ssm-agent.changes
2026-06-03 20:30:16.668753465 +0200
@@ -1,0 +2,12 @@
+Wed Jun 3 11:14:09 UTC 2026 - John Paul Adrian Glaubitz
<[email protected]>
+
+- Update to version 3.3.4624.0
+ * Bump golang.org/x/crypto from v0.51.0 to v0.52.0
+ * Bump golang.org/x/net from v0.54.0 to v0.55.0
+ * Enforce directory boundary in BuildSafePath
+ * Fix visibility issue with Bottlerocket OS in document output
+ * Update go-git from v5.17.1 to v5.19.1 (bsc#1264952, CVE-2026-41506), this
+ also updates go-billy from v5.8.0 to v5.9.0 (bsc#1267332, CVE-2026-44740)
+- Drop CVE-2026-41506.patch, merged upstream
+
+-------------------------------------------------------------------
Old:
----
CVE-2026-41506.patch
amazon-ssm-agent-3.3.4515.0.tar.gz
New:
----
amazon-ssm-agent-3.3.4624.0.tar.gz
----------(Old B)----------
Old: also updates go-billy from v5.8.0 to v5.9.0 (bsc#1267332,
CVE-2026-44740)
- Drop CVE-2026-41506.patch, merged upstream
----------(Old E)----------
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ amazon-ssm-agent.spec ++++++
--- /var/tmp/diff_new_pack.P7ksac/_old 2026-06-03 20:30:17.592791733 +0200
+++ /var/tmp/diff_new_pack.P7ksac/_new 2026-06-03 20:30:17.596791898 +0200
@@ -17,7 +17,7 @@
Name: amazon-ssm-agent
-Version: 3.3.4515.0
+Version: 3.3.4624.0
Release: 0
Summary: Amazon Remote System Config Management
License: Apache-2.0
@@ -25,9 +25,6 @@
URL: https://github.com/aws/amazon-ssm-agent
Source0:
https://github.com/aws/amazon-ssm-agent/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
Source1: amazon-ssm-agent.tmpfiles
-# PATCH-FIX-UPSTREAM - HTTP authentication credential leak when following
redirects during smart-HTTP clone and fetch operations
-# Partial patch taken from
https://github.com/go-git/go-git/pull/2004/changes/bcd20a9c525826081262a06a9ed9c3167abfcd53
-Patch0: CVE-2026-41506.patch
BuildRequires: golang(API) >= 1.25.8
BuildRequires: pkgconfig(systemd)
Requires: systemd
@@ -99,9 +96,6 @@
%prep
%setup -q
-pushd vendor/github.com/go-git/go-git/v5
-%patch -P0 -p1
-popd
sed -i -e 's#const[ \s]*Version.*#const Version = "%{version}"#g'
agent/version/version.go
sed -i 's#/bin/#/sbin/#' packaging/linux/amazon-ssm-agent.service
sed -i 's#var defaultWorkerPath = "/usr/bin/"#var defaultWorkerPath =
"/usr/sbin/"#' agent/appconfig/constants_unix.go
++++++ amazon-ssm-agent-3.3.4515.0.tar.gz -> amazon-ssm-agent-3.3.4624.0.tar.gz
++++++
/work/SRC/openSUSE:Factory/amazon-ssm-agent/amazon-ssm-agent-3.3.4515.0.tar.gz
/work/SRC/openSUSE:Factory/.amazon-ssm-agent.new.1937/amazon-ssm-agent-3.3.4624.0.tar.gz
differ: char 16, line 1
