Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package apptainer for openSUSE:Factory
checked in at 2024-05-13 17:58:43
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/apptainer (Old)
and /work/SRC/openSUSE:Factory/.apptainer.new.1880 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "apptainer"
Mon May 13 17:58:43 2024 rev:28 rq:1173668 version:1.3.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/apptainer/apptainer.changes 2024-03-22
15:32:23.870920031 +0100
+++ /work/SRC/openSUSE:Factory/.apptainer.new.1880/apptainer.changes
2024-05-13 17:59:12.676369476 +0200
@@ -1,0 +2,11 @@
+Mon May 13 05:36:38 UTC 2024 - Egbert Eich <e...@suse.com>
+
+- Make sure, digest values handled by the Go library
+ github.com/opencontainers/go-digest and used throughout the
+ Go-implemented containers ecosystem are always validated. This
+ prevents attackers from triggering unexpected authenticated
+ registry accesses.
+ * Bump-github.com-containers-image-v5-from-5.30.0-to-5.30.1.patch
+ (CVE-2024-3727, bsc#1224114).
+
+-------------------------------------------------------------------
New:
----
Bump-github.com-containers-image-v5-from-5.30.0-to-5.30.1.patch
BETA DEBUG BEGIN:
New: registry accesses.
* Bump-github.com-containers-image-v5-from-5.30.0-to-5.30.1.patch
(CVE-2024-3727, bsc#1224114).
BETA DEBUG END:
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ apptainer.spec ++++++
--- /var/tmp/diff_new_pack.b7wFq3/_old 2024-05-13 17:59:13.568402022 +0200
+++ /var/tmp/diff_new_pack.b7wFq3/_new 2024-05-13 17:59:13.568402022 +0200
@@ -42,6 +42,7 @@
Source20: %{name}-rpmlintrc
Source21: vendor.tar.gz
Patch1: Remove-signatures-from-Docker-images.patch
+Patch100: Bump-github.com-containers-image-v5-from-5.30.0-to-5.30.1.patch
BuildRequires: cryptsetup
BuildRequires: fdupes
BuildRequires: gcc
++++++ Bump-github.com-containers-image-v5-from-5.30.0-to-5.30.1.patch ++++++
From: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri May 10 15:29:32 2024 +0000
Subject: Bump github.com/containers/image/v5 from 5.30.0 to 5.30.1
Patch-mainline: Upstream
Git-repo: https://github.com/apptainer/apptainer
Git-commit: 37bcd30d64a934fa78acc838745f5868a4800706
References: bsc#1224114
Bumps [github.com/containers/image/v5](https://github.com/containers/image)
from 5.30.0 to 5.30.1.
- [Release notes](https://github.com/containers/image/releases)
- [Commits](https://github.com/containers/image/compare/v5.30.0...v5.30.1)
Signed-off-by: Egbert Eich <e...@suse.de>
---
updated-dependencies:
- dependency-name: github.com/containers/image/v5
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <supp...@github.com>---
go.mod | 2 +-
go.sum | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/go.mod b/go.mod
index 8ee607d04..e540f5658 100644
--- a/go.mod
+++ b/go.mod
@@ -21 +21 @@ require (
- github.com/containers/image/v5 v5.30.0
+ github.com/containers/image/v5 v5.30.1
diff --git a/go.sum b/go.sum
index 5747de20d..73e76ddd9 100644
--- a/go.sum
+++ b/go.sum
@@ -88,2 +88,2 @@ github.com/containernetworking/plugins v1.4.1/go.mod
h1:n6FFGKcaY4o2o5msgu/UImto
-github.com/containers/image/v5 v5.30.0
h1:CmHeSwI6W2kTRWnUsxATDFY5TEX4b58gPkaQcEyrLIA=
-github.com/containers/image/v5 v5.30.0/go.mod
h1:gSD8MVOyqBspc0ynLsuiMR9qmt8UQ4jpVImjmK0uXfk=
+github.com/containers/image/v5 v5.30.1
h1:AKrQMgOKI1oKx5FW5eoU2xoNyzACajHGx1O3qxobvFM=
+github.com/containers/image/v5 v5.30.1/go.mod
h1:gSD8MVOyqBspc0ynLsuiMR9qmt8UQ4jpVImjmK0uXfk=
++++++ vendor.tar.gz ++++++
/work/SRC/openSUSE:Factory/apptainer/vendor.tar.gz
/work/SRC/openSUSE:Factory/.apptainer.new.1880/vendor.tar.gz differ: char 12,
line 1
