Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package helm for openSUSE:Factory checked in 
at 2022-08-11 18:32:19
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/helm (Old)
 and      /work/SRC/openSUSE:Factory/.helm.new.1521 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "helm"

Thu Aug 11 18:32:19 2022 rev:38 rq:994401 version:3.9.3

Changes:
--------
--- /work/SRC/openSUSE:Factory/helm/helm.changes        2022-07-26 
19:43:50.761167614 +0200
+++ /work/SRC/openSUSE:Factory/.helm.new.1521/helm.changes      2022-08-11 
18:32:30.526272314 +0200
@@ -1,0 +2,7 @@
+Wed Aug 10 21:52:18 UTC 2022 - Dirk M??ller <dmuel...@suse.com>
+
+- Update to version 3.9.3 (CVE-2022-1996, bsc#1200528):
+  * Bump k8s.io/kube-openapi to fix CVE-2022-1996 in 
github.com/emicklei/go-restful
+  * fixes #11142 missing array length check on release
+
+-------------------------------------------------------------------

Old:
----
  helm-3.9.2.tar.gz

New:
----
  helm-3.9.3.tar.gz

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ helm.spec ++++++
--- /var/tmp/diff_new_pack.Jmapve/_old  2022-08-11 18:32:31.302271124 +0200
+++ /var/tmp/diff_new_pack.Jmapve/_new  2022-08-11 18:32:31.306271118 +0200
@@ -21,7 +21,7 @@
 %define git_dirty clean
 
 Name:           helm
-Version:        3.9.2
+Version:        3.9.3
 Release:        0
 Summary:        The Kubernetes Package Manager
 License:        Apache-2.0

++++++ _service ++++++
--- /var/tmp/diff_new_pack.Jmapve/_old  2022-08-11 18:32:31.346271057 +0200
+++ /var/tmp/diff_new_pack.Jmapve/_new  2022-08-11 18:32:31.350271050 +0200
@@ -5,7 +5,7 @@
     <param name="exclude">.git</param>
     <param name="versionformat">@PARENT_TAG@</param>
     <param name="versionrewrite-pattern">v(.*)</param>
-    <param name="revision">v3.9.2</param>
+    <param name="revision">v3.9.3</param>
     <param name="changesgenerate">enable</param>
   </service>
   <service name="recompress" mode="disabled">

++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.Jmapve/_old  2022-08-11 18:32:31.366271026 +0200
+++ /var/tmp/diff_new_pack.Jmapve/_new  2022-08-11 18:32:31.370271020 +0200
@@ -1,6 +1,6 @@
 <servicedata>
 <service name="tar_scm">
                 <param name="url">https://github.com/helm/helm.git</param>
-              <param 
name="changesrevision">a2d079248b102494436a41ede0d458f433ae24a0</param></service></servicedata>
+              <param 
name="changesrevision">414ff28d4029ae8c8b05d62aa06c7fe3dee2bc58</param></service></servicedata>
 (No newline at EOF)
 

++++++ helm-3.9.2.tar.gz -> helm-3.9.3.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/helm-3.9.2/go.mod new/helm-3.9.3/go.mod
--- old/helm-3.9.2/go.mod       2022-07-21 18:40:09.000000000 +0200
+++ new/helm-3.9.3/go.mod       2022-08-10 19:10:59.000000000 +0200
@@ -76,7 +76,7 @@
        github.com/docker/go-metrics v0.0.1 // indirect
        github.com/docker/go-units v0.4.0 // indirect
        github.com/docker/libtrust v0.0.0-20150114040149-fa567046d9b1 // 
indirect
-       github.com/emicklei/go-restful v2.9.5+incompatible // indirect
+       github.com/emicklei/go-restful/v3 v3.8.0 // indirect
        github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d // 
indirect
        github.com/fatih/color v1.13.0 // indirect
        github.com/felixge/httpsnoop v1.0.1 // indirect
@@ -124,7 +124,6 @@
        github.com/morikuni/aec v1.0.0 // indirect
        github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // 
indirect
        github.com/onsi/ginkgo v1.16.4 // indirect
-       github.com/onsi/gomega v1.15.0 // indirect
        github.com/opencontainers/go-digest v1.0.0 // indirect
        github.com/peterbourgon/diskv v2.0.1+incompatible // indirect
        github.com/pmezard/go-difflib v1.0.0 // indirect
@@ -143,7 +142,7 @@
        github.com/yvasiyarov/gorelic v0.0.0-20141212073537-a9bba5b9ab50 // 
indirect
        github.com/yvasiyarov/newrelic_platform_go 
v0.0.0-20140908184405-b21fdbd4370f // indirect
        go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5 // indirect
-       golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd // indirect
+       golang.org/x/net v0.0.0-20220225172249-27dd8689420f // indirect
        golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8 // indirect
        golang.org/x/sync v0.0.0-20220601150217-0de741cfad7f // indirect
        golang.org/x/sys v0.0.0-20220412211240-33da011f77ad // indirect
@@ -157,7 +156,7 @@
        gopkg.in/yaml.v2 v2.4.0 // indirect
        gopkg.in/yaml.v3 v3.0.1 // indirect
        k8s.io/component-base v0.24.2 // indirect
-       k8s.io/kube-openapi v0.0.0-20220328201542-3ee0da9b0b42 // indirect
+       k8s.io/kube-openapi v0.0.0-20220627174259-011e075b9cb8 // indirect
        k8s.io/utils v0.0.0-20220210201930-3a6ce19ff2f9 // indirect
        sigs.k8s.io/json v0.0.0-20211208200746-9f7c6b3444d2 // indirect
        sigs.k8s.io/kustomize/api v0.11.4 // indirect
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/helm-3.9.2/go.sum new/helm-3.9.3/go.sum
--- old/helm-3.9.2/go.sum       2022-07-21 18:40:09.000000000 +0200
+++ new/helm-3.9.3/go.sum       2022-08-10 19:10:59.000000000 +0200
@@ -205,8 +205,9 @@
 github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153 
h1:yUdfgN0XgIJw7foRItutHYUIhlcKzcSf5vDpdhQAKTc=
 github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod 
h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc=
 github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod 
h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs=
-github.com/emicklei/go-restful v2.9.5+incompatible 
h1:spTtZBk5DYEvbxMVutUuTyh1Ao2r4iyvLdACqsl/Ljk=
 github.com/emicklei/go-restful v2.9.5+incompatible/go.mod 
h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs=
+github.com/emicklei/go-restful/v3 v3.8.0 
h1:eCZ8ulSerjdAiaNpF7GxXIE7ZCMo1moN1qX+S609eVw=
+github.com/emicklei/go-restful/v3 v3.8.0/go.mod 
h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
 github.com/envoyproxy/go-control-plane v0.9.0/go.mod 
h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
 github.com/envoyproxy/go-control-plane 
v0.9.1-0.20191026205805-5f8ba28d4473/go.mod 
h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
 github.com/envoyproxy/go-control-plane v0.9.4/go.mod 
h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
@@ -572,11 +573,11 @@
 github.com/onsi/ginkgo v1.14.0/go.mod 
h1:iSB4RoI2tjJc9BBv4NKIKWKya62Rps+oPG/Lv9klQyY=
 github.com/onsi/ginkgo v1.16.4 h1:29JGrr5oVBm5ulCWet69zQkzWipVXIol6ygQUe/EzNc=
 github.com/onsi/ginkgo v1.16.4/go.mod 
h1:dX+/inL/fNMqNlz0e9LfyB9TswhZpCVdJM/Z6Vvnwo0=
+github.com/onsi/ginkgo/v2 v2.1.4 
h1:GNapqRSid3zijZ9H77KrgVG4/8KqiyRsxcSxe+7ApXY=
 github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod 
h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA=
 github.com/onsi/gomega v1.7.1/go.mod 
h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY=
 github.com/onsi/gomega v1.10.1/go.mod 
h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo=
-github.com/onsi/gomega v1.15.0 h1:WjP/FQ/sk43MRmnEcT+MlDw2TFvkrXlprrPST/IudjU=
-github.com/onsi/gomega v1.15.0/go.mod 
h1:cIuvLEne0aoVhAgh/O6ac0Op8WWw9H6eYCriF+tEHG0=
+github.com/onsi/gomega v1.19.0 h1:4ieX6qQjPP/BfC3mpsAtIGGlxTWPeA3Inl/7DtXw1tw=
 github.com/opencontainers/go-digest v1.0.0 
h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
 github.com/opencontainers/go-digest v1.0.0/go.mod 
h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
 github.com/opencontainers/image-spec v1.0.3-0.20211202183452-c5a74bcca799 
h1:rc3tiVYb5z54aKaDfakKn0dDjIyPpTtszkjuMzyt7ec=
@@ -857,15 +858,15 @@
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod 
h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod 
h1:RBQZq4jEuRlivfhVLdyRGr576XBO4/greRjx4P4O3yc=
 golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod 
h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
-golang.org/x/net v0.0.0-20210428140749-89ef3d95e781/go.mod 
h1:OJAsFXCWl8Ukc7SiCT/9KSuxbyM7479/AVlXFRxuMCk=
 golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420/go.mod 
h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod 
h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d/go.mod 
h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20210825183410-e898025ed96a/go.mod 
h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f/go.mod 
h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod 
h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd 
h1:O7DYs+zxREGLKzKoMQrtrEacpb0ZVXA5rIwylE2Xchk=
 golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod 
h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
+golang.org/x/net v0.0.0-20220225172249-27dd8689420f 
h1:oA4XRj0qtSt8Yo1Zms0CUlsT3KG69V2UGQWPBxujDmc=
+golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod 
h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod 
h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod 
h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod 
h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -1274,8 +1275,9 @@
 k8s.io/klog/v2 v2.60.1 h1:VW25q3bZx9uE3vvdL6M8ezOX79vA2Aq1nEWLqNQclHc=
 k8s.io/klog/v2 v2.60.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
 k8s.io/kube-openapi v0.0.0-20210421082810-95288971da7e/go.mod 
h1:vHXdDvt9+2spS2Rx9ql3I8tycm3H9FDfdUoIuKCefvw=
-k8s.io/kube-openapi v0.0.0-20220328201542-3ee0da9b0b42 
h1:Gii5eqf+GmIEwGNKQYQClCayuJCe2/4fZUvF7VG99sU=
 k8s.io/kube-openapi v0.0.0-20220328201542-3ee0da9b0b42/go.mod 
h1:Z/45zLw8lUo4wdiUkI+v/ImEGAvu3WatcZl3lPMR4Rk=
+k8s.io/kube-openapi v0.0.0-20220627174259-011e075b9cb8 
h1:yEQKdMCjzAOvGeiTwG4hO/hNVNtDOuUFvMUZ0OlaIzs=
+k8s.io/kube-openapi v0.0.0-20220627174259-011e075b9cb8/go.mod 
h1:mbJ+NSUoAhuR14N0S63bPkh8MGVSo3VYSGZtH/mfMe0=
 k8s.io/kubectl v0.24.2 h1:+RfQVhth8akUmIc2Ge8krMl/pt66V7210ka3RE/p0J4=
 k8s.io/kubectl v0.24.2/go.mod h1:+HIFJc0bA6Tzu5O/YcuUt45APAxnNL8LeMuXwoiGsPg=
 k8s.io/metrics v0.24.2/go.mod h1:5NWURxZ6Lz5gj8TFU83+vdWIVASx7W8lwPpHYCqopMo=
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/helm-3.9.2/pkg/storage/driver/util.go 
new/helm-3.9.3/pkg/storage/driver/util.go
--- old/helm-3.9.2/pkg/storage/driver/util.go   2022-07-21 18:40:09.000000000 
+0200
+++ new/helm-3.9.3/pkg/storage/driver/util.go   2022-08-10 19:10:59.000000000 
+0200
@@ -63,7 +63,7 @@
        // For backwards compatibility with releases that were stored before
        // compression was introduced we skip decompression if the
        // gzip magic header is not found
-       if bytes.Equal(b[0:3], magicGzip) {
+       if len(b) > 3 && bytes.Equal(b[0:3], magicGzip) {
                r, err := gzip.NewReader(bytes.NewReader(b))
                if err != nil {
                        return nil, err

++++++ vendor.tar.gz ++++++
/work/SRC/openSUSE:Factory/helm/vendor.tar.gz 
/work/SRC/openSUSE:Factory/.helm.new.1521/vendor.tar.gz differ: char 5, line 1

Reply via email to