Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package rmt-server for openSUSE:Factory
checked in at 2023-04-25 16:42:47
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/rmt-server (Old)
and /work/SRC/openSUSE:Factory/.rmt-server.new.1533 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "rmt-server"
Tue Apr 25 16:42:47 2023 rev:57 rq:1082660 version:2.12
Changes:
--------
--- /work/SRC/openSUSE:Factory/rmt-server/rmt-server.changes 2022-09-10
20:17:20.764837415 +0200
+++ /work/SRC/openSUSE:Factory/.rmt-server.new.1533/rmt-server.changes
2023-04-25 16:44:27.802810004 +0200
@@ -1,0 +2,57 @@
+Wed Apr 12 15:27:18 UTC 2023 - Felix Schnizlein <fschnizl...@suse.com>
+
+- Version 2.12
+ * Update translations
+ * CVE-2023-28120: Update active support to fix possible XSS Security
Vulnerability
+ in bytesliced strings for html_safe. (bsc#1209507)
+ * CVE-2023-27530: Update rack to mitigate possible DoS in multipart mime
parsing (bsc#1209096)
+
+-------------------------------------------------------------------
+Fri Mar 31 17:10:41 UTC 2023 - Zuzana Petrova <zpetr...@suse.com>
+
+- Force rmt-client-setup-res script to use https (bsc#1209825)
+
+-------------------------------------------------------------------
+Tue Mar 21 09:20:19 UTC 2023 - Thomas Schmidt <tschm...@suse.com>
+
+- Download repomd.xml.asc before repomd.xml.key, because there are repos that
only have repomd.xml.asc
+
+-------------------------------------------------------------------
+Mon Mar 6 09:41:32 UTC 2023 - Felix Schnizlein <fschnizl...@suse.com>
+
+- Version 2.11:
+ - Mark secrets.yml.key file as part of the rpm to allow seamless downgrades
(bsc#1207670)
+
+-------------------------------------------------------------------
+Tue Jan 24 22:03:53 UTC 2023 - Thomas Schmidt <tschm...@suse.com>
+
+- Adding -f to the file move command when moving the mirrored directory to its
final location (bsc#1203171)
+
+-------------------------------------------------------------------
+Wed Dec 21 14:07:21 UTC 2022 - Thomas Schmidt <tschm...@suse.com>
+
+- Fix %post install of pubcloud subpackage reload of nginx (bsc#1206593)
+- Skip warnings regarding nokogiri libxml version mismatch (bsc#1202053)
+
+-------------------------------------------------------------------
+Fri Nov 11 17:11:56 UTC 2022 - Thomas Schmidt <tschm...@suse.com>
+
+- Release version 2.10:
+ - Add option to turn off system token support (bsc#1205089)
+ - Update the `last_seen_at` column on zypper service refresh
+ - Do not retry to import non-existing files in air-gapped mode (bsc#1204769)
+ - Fix CVE-2022-31254 (bsc#1204285): rmt-server-pubcloud allows to escalate
from user _rmt to root
+ Root-level escalation vector bug was found in the packaging file which has
been mitigated.
+
+-------------------------------------------------------------------
+Tue Nov 8 10:30:45 UTC 2022 - Zuzana Petrova <zpetr...@suse.com>
+
+- adapt rmt-client-setup-res script to work on SLL9/RHEL9
+
+-------------------------------------------------------------------
+Thu Sep 22 09:30:17 UTC 2022 - Felix Schnizlein <fschnizl...@suse.com>
+
+- Send system creation and product activation dates to SCC for better
+ visibility in SCC.
+
+-------------------------------------------------------------------
Old:
----
rmt-server-2.9.tar.bz2
New:
----
rmt-server-2.12.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ rmt-server.spec ++++++
--- /var/tmp/diff_new_pack.zkaYSQ/_old 2023-04-25 16:44:28.474813987 +0200
+++ /var/tmp/diff_new_pack.zkaYSQ/_new 2023-04-25 16:44:28.482814035 +0200
@@ -1,7 +1,7 @@
#
# spec file for package rmt-server
#
-# Copyright (c) 2022 SUSE LLC
+# Copyright (c) 2023 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -20,6 +20,7 @@
%define lib_dir %{_libdir}/rmt
%define data_dir %{_localstatedir}/lib/rmt
%define conf_dir %{_sysconfdir}/rmt
+%define script_dir %{_libexecdir}/rmt
%define rmt_user _rmt
%define rmt_group nginx
@@ -29,7 +30,7 @@
%define ruby_version %{rb_default_ruby_suffix}
Name: rmt-server
-Version: 2.9
+Version: 2.12
Release: 0
Summary: Repository mirroring tool and registration proxy for SCC
License: GPL-2.0-or-later
@@ -188,6 +189,10 @@
mkdir -p %{buildroot}%{_libexecdir}/supportconfig/plugins
install -D -m 544 support/rmt
%{buildroot}%{_libexecdir}/supportconfig/plugins/rmt
+# Directory permission update script
+mkdir -p %{buildroot}%{script_dir}
+install -D -m 544 package/files/update_rmt_app_dir_permissions.sh
%{buildroot}%{script_dir}/update_rmt_app_dir_permissions.sh
+
# bash completion
install -D -m 644 package/files/rmt-cli_bash-completion.sh
%{buildroot}%{_datadir}/bash-completion/completions/rmt-cli
@@ -204,6 +209,10 @@
# was created with a different major version than the distribution's bundler.
sed -i '/BUNDLED WITH/{N;d;}' %{buildroot}%{app_dir}/Gemfile.lock
+# Drop warning "Nokogiri was built against libxml version x, but has
dynamically y"
+# Because we cannot control which libxml version is installed on the system
+sed -i 's|warnings << "Nokogiri was built|# warnings << "Nokogiri was built|'
%{buildroot}%{lib_dir}/vendor/bundle/ruby/*/gems/nokogiri-*/lib/nokogiri/version/info.rb
+
# cleanup unneeded files
find %{buildroot}%{lib_dir} "(" -name "*.c" -o -name "*.h" -o -name .keep ")"
-delete
find %{buildroot}%{app_dir} -name .keep -delete
@@ -230,19 +239,25 @@
chrpath -d
%{buildroot}%{lib_dir}/vendor/bundle/ruby/*/extensions/*/*/mysql2-*/mysql2/mysql2.so
%files
-%attr(-,%{rmt_user},%{rmt_group}) %{app_dir}
+%attr(0755,root,root) %{app_dir}
%exclude %{app_dir}/engines/
%exclude %{app_dir}/package/
+%exclude %{app_dir}/rmt/tmp
%attr(-,%{rmt_user},%{rmt_group}) %{data_dir}
%attr(-,%{rmt_user},%{rmt_group}) %{conf_dir}
-%attr(-,%{rmt_user},%{rmt_group}) /var/lib/rmt
%dir %{_libexecdir}/supportconfig
%dir %{_libexecdir}/supportconfig/plugins
+%dir %{script_dir}
%dir /var/lib/rmt
%ghost %{_datadir}/rmt/public/repo
%ghost %{_datadir}/rmt/public/suma
+
+# The secrets file is created by running the initial rake tasks in the `post`
section
+%ghost %{app_dir}/config/secrets.yml.key
+%ghost %{app_dir}/config/secrets.yml.enc
+
%dir %{_sysconfdir}/slp.reg.d
-%config(noreplace) %attr(0640, %{rmt_user},root) %{_sysconfdir}/rmt.conf
+%config(noreplace) %attr(0640, %{rmt_user}, root) %{_sysconfdir}/rmt.conf
%config(noreplace) %{_sysconfdir}/slp.reg.d/rmt-server.reg
%{_mandir}/man8/rmt-cli.8%{?ext_man}
%{_bindir}/rmt-cli
@@ -267,6 +282,7 @@
%{_libdir}/rmt
%{_libexecdir}/supportconfig/plugins/rmt
+%{script_dir}/update_rmt_app_dir_permissions.sh
%files config
%dir %{_sysconfdir}/nginx
@@ -277,7 +293,7 @@
%files pubcloud
%{_bindir}/rmt-test-regsharing
%{_bindir}/rmt-manual-instance-verify
-%attr(-,%{rmt_user},%{rmt_group}) %{app_dir}/engines/
+%attr(-,root,root) %{app_dir}/engines/
%dir %{_sysconfdir}/nginx/rmt-auth.d/
%dir %attr(-,%{rmt_user},%{rmt_group}) %{data_dir}/regsharing
%exclude %{app_dir}/engines/registration_sharing/package/
@@ -299,14 +315,13 @@
getent group %{rmt_group} >/dev/null || %{_sbindir}/groupadd -r %{rmt_group}
getent passwd %{rmt_user} >/dev/null || \
%{_sbindir}/useradd -g %{rmt_group} -s /bin/false -r \
- -c "user for RMT" -d %{app_dir} %{rmt_user}
+ -c "user for RMT" %{rmt_user}
%service_add_pre rmt-server.target rmt-server.service
rmt-server-migration.service rmt-server-mirror.service rmt-server-sync.service
rmt-server-systems-scc-sync.service
%post
%service_add_post rmt-server.target rmt-server.service
rmt-server-migration.service rmt-server-mirror.service rmt-server-sync.service
rmt-server-systems-scc-sync.service
-cd %{_datadir}/rmt && runuser -u %{rmt_user} -g %{rmt_group} -- bin/rails
rmt:secrets:create_encryption_key >/dev/null RAILS_ENV=production
-cd %{_datadir}/rmt && runuser -u %{rmt_user} -g %{rmt_group} -- bin/rails
rmt:secrets:create_secret_key_base >/dev/null RAILS_ENV=production
-
+cd %{_datadir}/rmt && bin/rails rmt:secrets:create_encryption_key >/dev/null
RAILS_ENV=production && \
+cd %{_datadir}/rmt && bin/rails rmt:secrets:create_secret_key_base >/dev/null
RAILS_ENV=production && \
# Run only on install
if [ $1 -eq 1 ]; then
echo "Please run the YaST RMT module (or 'yast2 rmt' from the command line)
to complete the configuration of your RMT" >> /dev/stdout
@@ -321,6 +336,7 @@
if [ -f %{app_dir}/config/system_uuid ]; then
mv %{app_dir}/config/system_uuid /var/lib/rmt/system_uuid
fi
+ bash %{script_dir}/update_rmt_app_dir_permissions.sh %{app_dir}
fi
if [ ! -e %{_datadir}/rmt/public/repo ]; then
@@ -355,6 +371,7 @@
%posttrans pubcloud
/usr/bin/systemctl try-restart rmt-server.service
-/usr/bin/systemctl reload nginx.service
+# Don't fail if either systemd or nginx are not running
+/usr/bin/systemctl try-reload-or-restart nginx.service || true
%changelog
++++++ rmt-cli.8.gz ++++++
--- /var/tmp/diff_new_pack.zkaYSQ/_old 2023-04-25 16:44:28.530814320 +0200
+++ /var/tmp/diff_new_pack.zkaYSQ/_new 2023-04-25 16:44:28.534814343 +0200
@@ -1,7 +1,7 @@
.\" generated with Ronn/v0.7.3
.\" http://github.com/rtomayko/ronn/tree/0.7.3
.
-.TH "RMT\-CLI" "8" "September 2022" "" "RMT"
+.TH "RMT\-CLI" "8" "December 2022" "" "RMT"
.
.SH "NAME"
\fBrmt\-cli\fR \- control and configure your RMT server
++++++ rmt-server-2.9.tar.bz2 -> rmt-server-2.12.tar.bz2 ++++++
/work/SRC/openSUSE:Factory/rmt-server/rmt-server-2.9.tar.bz2
/work/SRC/openSUSE:Factory/.rmt-server.new.1533/rmt-server-2.12.tar.bz2 differ:
char 11, line 1
