commit distribution for openSUSE:Factory

Fri, 12 May 2023 11:41:54 -0700 

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package distribution for openSUSE:Factory 
checked in at 2023-05-12 20:39:09
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/distribution (Old)
 and      /work/SRC/openSUSE:Factory/.distribution.new.1533 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "distribution"

Fri May 12 20:39:09 2023 rev:5 rq:1086800 version:2.8.2

Changes:
--------
--- /work/SRC/openSUSE:Factory/distribution/distribution.changes        
2023-01-20 17:39:56.420939422 +0100
+++ /work/SRC/openSUSE:Factory/.distribution.new.1533/distribution.changes      
2023-05-12 20:41:45.135336385 +0200
@@ -1,0 +2,27 @@
+Fri May 12 16:05:11 UTC 2023 - Dirk Müller <dmuel...@suse.com>
+
+- update to 2.8.2 (bsc#1207705, CVE-2023-2253, bsc#1210428):
+  * Revert registry/client: set `Accept: identity` header when
+    getting layers
+  * Parse `http` forbidden as denied
+  * Fix CVE-2023-2253 runaway allocation on /v2/_catalog
+  * Fix panic in inmemory driver
+  * update to go1.19.9
+  * Add code to handle pagination of parts. Fixes max layer size
+    of 10GB bug
+  * Dockerfile: fix filenames of artifacts
+- drop aws-sdk-1.42.27-update.patch (no longer wanted)
+- drop 0001-Fix-runaway-allocation-on-v2-_catalog.patch (upstream)
+
+-------------------------------------------------------------------
+Wed Apr 26 19:32:36 UTC 2023 - Dirk Müller <dmuel...@suse.com>
+
+- refresh 0001-Fix-runaway-allocation-on-v2-_catalog.patch to
+  be more compatible with invalid pagination requests (CVE-2023-2253, 
bsc#1207705)␣
+
+-------------------------------------------------------------------
+Fri Feb 17 09:08:35 UTC 2023 - Dirk Müller <dmuel...@suse.com>
+
+- add 0001-Fix-runaway-allocation-on-v2-_catalog.patch (CVE-2023-2253, 
bsc#1207705)
+
+-------------------------------------------------------------------

Old:
----
  aws-sdk-1.42.27-update.patch
  distribution-2.8.1.tar.zst

New:
----
  distribution-2.8.2.tar.zst

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ distribution.spec ++++++
--- /var/tmp/diff_new_pack.qdZHvs/_old  2023-05-12 20:41:46.379342720 +0200
+++ /var/tmp/diff_new_pack.qdZHvs/_new  2023-05-12 20:41:46.387342760 +0200
@@ -18,7 +18,7 @@
 
 %define goipath github.com/docker/distribution
 Name:           distribution
-Version:        2.8.1
+Version:        2.8.2
 Release:        0
 Summary:        The toolset to pack, ship, store, and deliver content
 License:        Apache-2.0
@@ -29,12 +29,11 @@
 Source2:        registry.service
 Source4:        README-registry.SUSE
 Source10:       system-user-registry.conf
-Patch1:         aws-sdk-1.42.27-update.patch
 BuildRequires:  golang-packaging
 BuildRequires:  systemd-rpm-macros
 BuildRequires:  sysuser-tools
 BuildRequires:  zstd
-BuildRequires:  golang(API) = 1.16
+BuildRequires:  golang(API) = 1.19
 Provides:       docker-distribution = %{version}
 Obsoletes:      docker-distribution < %{version}
 ExclusiveArch:  %ix86 x86_64 %arm aarch64 ppc64 ppc64le s390x riscv64
@@ -66,7 +65,6 @@
 
 %prep
 %setup -q -n distribution-%{version}
-%patch1 -p2
 cp %{SOURCE4} .
 
 %build
@@ -78,7 +76,7 @@
 %define ldflags "-s -w -X %{goipath}/version.Version=v%{version} -X 
%{goipath}/version.Package=%{goipath}"
 
 for cmd in registry digest registry-api-descriptor-template; do
-    %{gobuild} -ldflags %{ldflags} -tags %{buildtags} cmd/$cmd
+    %{gobuild} -trimpath -ldflags %{ldflags} -tags %{buildtags} cmd/$cmd
 done
 
 %install

++++++ _service ++++++
--- /var/tmp/diff_new_pack.qdZHvs/_old  2023-05-12 20:41:46.451343086 +0200
+++ /var/tmp/diff_new_pack.qdZHvs/_new  2023-05-12 20:41:46.459343127 +0200
@@ -3,8 +3,8 @@
     <param name="url">https://github.com/docker/distribution.git</param>
     <param name="scm">git</param>
     <param name="exclude">.git</param>
-    <param name="versionformat">2.8.1</param>
-    <param name="revision">v2.8.1</param>
+    <param name="versionformat">2.8.2</param>
+    <param name="revision">v2.8.2</param>
     <param name="changesgenerate">enable</param>
   </service>
   <service name="recompress" mode="disabled">

++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.qdZHvs/_old  2023-05-12 20:41:46.487343269 +0200
+++ /var/tmp/diff_new_pack.qdZHvs/_new  2023-05-12 20:41:46.491343290 +0200
@@ -3,6 +3,6 @@
                 <param 
name="url">https://github.com/distribution/distribution.git</param>
               <param 
name="changesrevision">b5ca020cfbe998e5af3457fda087444cf5116496</param></service><service
 name="tar_scm">
                 <param 
name="url">https://github.com/docker/distribution.git</param>
-              <param 
name="changesrevision">b5ca020cfbe998e5af3457fda087444cf5116496</param></service></servicedata>
+              <param 
name="changesrevision">7c354a4b40feeea21d7eeae4de91c8ff7951e672</param></service></servicedata>
 (No newline at EOF)

Reply via email to