Sync from SUSE:ALP:Source:Standard:1.0 google-osconfig-agent revision faf8755ebc72b95cfb44fa6653263111
This commit is contained in:
@@ -1,3 +1,433 @@
|
||||
-------------------------------------------------------------------
|
||||
Wed Jun 17 08:20:00 UTC 2026 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
|
||||
|
||||
- Packaging improvements:
|
||||
* Remove define github project name components no longer needed
|
||||
* Define shortname corresponding to binary name when different
|
||||
from package name. Use shortname where applicable to normalize
|
||||
common lines across Go app packages, similar to name macro.
|
||||
* Drop BuildRequires: golang-packaging. The original macros for
|
||||
file movements into GOPATH are obsolete with Go modules. Macro
|
||||
go_nostrip is no longer needed with current binutils and Go.
|
||||
* Remove go_nostrip macro which is no longer recommended
|
||||
* Re-enable binary stripping and debuginfo boo#1210938
|
||||
* Remove goprep macro which is no longer recommended
|
||||
* Build PIE with pattern that may become recommended procedure:
|
||||
%%ifnarch ppc64 GOFLAGS="-buildmode=pie" %%endif go build
|
||||
A go toolchain buildmode default config would be preferable
|
||||
but none exist at this time.
|
||||
* Drop export CGO_ENABLED="0". Use the default unless there is a
|
||||
defined requirement or benefit.
|
||||
* For this package, we were seeing the expected error
|
||||
"-buildmode=pie requires external (cgo) linking, but cgo is not
|
||||
enabled" when using buildmode=pie and CGO_ENABLED=0. The error
|
||||
manifested only on s390x and i586 architectures, which was not
|
||||
expected. Resolve by using default CGO_ENABLED.
|
||||
* Remove ldflags -s (Omit symbol table and debug info) and -w
|
||||
(Omit DWARF symbol table). This information is used to produce
|
||||
separate debuginfo packages and binaries are stripped for
|
||||
reduced size by GNU strip during RPM build.
|
||||
* Remove ldflags -X entry for embedding build version metadata.
|
||||
This information is embedded in binaries with go1.18+ and
|
||||
available via go version -m or runtime/debug.ReadBuildInfo().
|
||||
* Drop mod=vendor, go1.14+ will detect vendor dir and auto-enable
|
||||
* Raise minimum golang API version to 1.25.5 to match go.mod file
|
||||
* Use single invocation of %setup with -a1 to unpack both tarballs
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Jun 16 08:06:26 UTC 2026 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
|
||||
|
||||
- Update to version 20260615.01
|
||||
* Upgrade golang.org/x/crypto & golang.org/x/net (#1006)
|
||||
(bsc#1266171, CVE-2026-39827, CVE-2026-39834, CVE-2026-39828,
|
||||
CVE-2026-39829, CVE-2026-39831, CVE-2026-42508, CVE-2026-39833,
|
||||
CVE-2026-39830, CVE-2026-39832, CVE-2026-46597, CVE-2026-46598,
|
||||
CVE-2026-46595, CVE-2026-39835) (bsc#1266603, CVE-2026-39821)
|
||||
- from version 20260615.00
|
||||
* Add unit tests for ospatch_apt_upgrade.go (#938)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Jun 12 08:59:48 UTC 2026 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
|
||||
|
||||
- Update to version 20260611.00
|
||||
* Add unit tests for policies/policies.go PART 5 (#998)
|
||||
- from version 20260610.00
|
||||
* Add unit tests for policies/policies.go PART 4 (#997)
|
||||
- from version 20260609.02
|
||||
* squash commits (#936)
|
||||
- from version 20260609.01
|
||||
* Add unit tests for policies/policies.go PART 3 (#996)
|
||||
- from version 20260609.00
|
||||
* Add unit tests for policies/policies.go PART 2 (#991)
|
||||
- from version 20260602.01
|
||||
* Align format of dates and timestamp collected across Windows packages (#973)
|
||||
- from version 20260602.00
|
||||
* Add unit tests for config/config,go (#979)
|
||||
- from version 20260528.00
|
||||
* Bump github.com/containerd/containerd (#990)
|
||||
- from version 20260521.00
|
||||
* Cover agentconfig functionality by unit tests (#925)
|
||||
- from version 20260520.04
|
||||
* Add unit tests for policies/googet.go (#961)
|
||||
* Bump github.com/go-git/go-git/v5 (#987)
|
||||
- from version 20260520.02
|
||||
* Add unit tests for policies/yum.go (#952)
|
||||
* Add unit tests for policies/apt.go PART 3 (#951)
|
||||
- from version 20260520.00
|
||||
* Add unit tests for policies/zypper.go (#953)
|
||||
- from version 20260519.00
|
||||
* Add unit tests for policies/policies.go PART 1 (#949)
|
||||
- from version 20260513.01
|
||||
* Bump github.com/go-git/go-git/v5 (#981), this also updates
|
||||
golang.org/x/net to v0.53.0 (bsc#1265762, CVE-2026-33814)
|
||||
- from version 20260513.00
|
||||
* upgrade a few packages (#980)
|
||||
- from version 20260512.02
|
||||
* Add/improve unit tests for agentendpoint/exec_task.go (#933)
|
||||
- from version 20260512.01
|
||||
* Cover google_update.go by unit tests (#941)
|
||||
- from version 20260512.00
|
||||
* Change zone for arm64 builds because of stockout (#978)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu May 21 07:39:20 UTC 2026 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
|
||||
|
||||
- Add CVE-2026-33186.patch to fix authorization bypass in grpc-go due to improper
|
||||
validation of the HTTP/2 :path pseudo-header (bsc#1260264, CVE-2026-33186)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed May 13 07:43:51 UTC 2026 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
|
||||
|
||||
- Update to version 20260511.00
|
||||
* switch to t2a-standard-2 on ARM package build (#977)
|
||||
- from version 20260505.03
|
||||
* Cover zypper_patch by unit tests (#958)
|
||||
- from version 20260505.02
|
||||
* Remove unused functions DisableAutoUpdates (#970)
|
||||
- from version 20260505.01
|
||||
* Bump go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc (#966)
|
||||
- from version 20260505.00
|
||||
* Upgrade a few dependencies across the repo (#968)
|
||||
+ github.com/go-git/go-git/v5 5.16.2->5.18.0 (bsc#1264923, CVE-2026-41506)
|
||||
+ github.com/go-jose/go-jose/v4 4.1.3->4.1.4 (bsc#1262926, CVE-2026-34986)
|
||||
+ github.com/go-viper/mapstructure/v2 2.3.0->2.4.0
|
||||
+ go.opentelemetry.io/otel 1.40.0->1.41.0
|
||||
+ go.opentelemetry.io/otel/sdk 1.39.0->1.43.0
|
||||
- from version 20260504.01
|
||||
* bump github.com/docker/cli to 29.2.0 (#962)
|
||||
- from version 20260504.00
|
||||
* Bump github.com/opencontainers/selinux (#960)
|
||||
- Add missing CVE reference to previous changelog entry
|
||||
- Drop CVE-2026-34986.patch, merged upstream
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon May 4 08:56:50 UTC 2026 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
|
||||
|
||||
- Update to version 20260428.00
|
||||
* Add/improve unit tests for agentendpoint/agentendpoint.go (#930)
|
||||
- from version 20260427.03
|
||||
* Cover config/file.go by unit tests (#935)
|
||||
- from version 20260422.01
|
||||
* Cover patch_linux.go by unit tests (#932)
|
||||
- from version 20260422.00
|
||||
* upgrade grpc package in main package and e2e tests (#959)
|
||||
(bsc#1260264, CVE-2026-33186)
|
||||
- from version 20260417.04
|
||||
* Bump OSV-Scalibr version to v0.4.3 (#956)
|
||||
- from version 20260417.03
|
||||
* Add unit tests for updates_linux.go (#937)
|
||||
- from version 20260417.02
|
||||
* Add zone to CreateDisk step (#955)
|
||||
- from version 20260417.01
|
||||
* Change disk type for deb11 (#954)
|
||||
- from version 20260417.00
|
||||
* Add unit tests for policies/apt.go PART 1 (#950)
|
||||
- from version 20260410.02
|
||||
* Add unit tests for packages/pty_linux.go (#943)
|
||||
- from version 20260410.01
|
||||
* fix disk type for arm workflows (#948)
|
||||
- from version 20260410.00
|
||||
* Change machine type for arm based workflows (#946)
|
||||
- Drop CVE-2026-33186.patch, merged upstream
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Apr 27 12:30:24 UTC 2026 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
|
||||
|
||||
- Add CVE-2026-34986.patch to fix crafted JWE input with a missing encrypted
|
||||
key can lead to a denial of service (bsc#1262926, CVE-2026-34986)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Apr 1 14:16:50 UTC 2026 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
|
||||
|
||||
- Update to version 20260330.00
|
||||
* bump timeouts for all workflows (#940)
|
||||
- from version 20260326.00
|
||||
* Cover exec_resource.go by unit tests (#934)
|
||||
- from version 20260318.00
|
||||
* Integrate OSConfig agent with ReportVmInventory (#923)
|
||||
- from version 20260313.02
|
||||
* remove cacheonly flag from yum upgrade (#924)
|
||||
- from version 20260313.01
|
||||
* conditions python version override (#927)
|
||||
- from version 20260313.00
|
||||
* Fix presubmits by explicitly set python version for rpm based systems (#926)
|
||||
- from version 20260311.00
|
||||
* Bump osconfig version (#922)
|
||||
- from version 20260309.02
|
||||
* Extend OSV scalibr extractor (#921)
|
||||
- from version 20260309.01
|
||||
* upgrade golang.org/x/crypto and it's transitive deps (#918)
|
||||
- from version 20260309.00
|
||||
* Add purl to pkg info (#920)
|
||||
- from version 20260306.00
|
||||
* Add 'Type' field to PkgInfo (#919)
|
||||
- from version 20260303.01
|
||||
* Upgrade go.opentelemetry.io/otel/sdk (#913)
|
||||
- from version 20260303.00
|
||||
* Bump github.com/vbatts/tar-split from 0.11.5 to 0.12.2 (#908)
|
||||
- from version 20260302.00
|
||||
* Bump github.com/spdx/tools-golang from 0.5.3 to 0.5.7 (#906)
|
||||
- from version 20260126.00
|
||||
* Bump go.opentelemetry.io/otel/sdk from 1.38.0 to 1.39.0 (#905)
|
||||
* Bump github.com/sirupsen/logrus (#894)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Jan 23 14:29:15 UTC 2026 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
|
||||
|
||||
- Update to version 20260119.00
|
||||
* Bump cloud.google.com/go/storage from 1.56.0 to 1.58.0 (#899)
|
||||
- Add missing Bugzilla and CVE references for CVE-2023-45288
|
||||
- Drop CVE-2025-47911.patch, fixed upstream
|
||||
- Drop CVE-2025-58190.patch, fixed upstream
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jan 7 11:45:40 UTC 2026 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
|
||||
|
||||
- Update to version 20251230.00
|
||||
* chore: Migrate gsutil usage to gcloud storage (#904)
|
||||
- from version 20251223.00
|
||||
* fix e2e tests for report inventory (#903)
|
||||
- from version 20251222.01
|
||||
* Revert "Bump cloud.google.com/go/longrunning from 0.6.3 to 0.7.0 (#882)" (#902)
|
||||
- from version 20251222.00
|
||||
* Bump golang to the new version (#900)
|
||||
- from version 20251218.00
|
||||
* add new CODEOWNERS (#901)
|
||||
- from version 20251217.00
|
||||
* Bump cloud.google.com/go/longrunning from 0.6.3 to 0.7.0 (#882)
|
||||
- Bump the golang compiler version to 1.24.5
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Dec 9 08:38:50 UTC 2025 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
|
||||
|
||||
- Update to version 20251202.00
|
||||
* Revert "Bump github.com/spdx/tools-golang from 0.5.3 to 0.5.5 (#887)" (#893)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Dec 2 12:47:38 UTC 2025 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
|
||||
|
||||
- Update to version 20251201.00
|
||||
* Revert "Bump github.com/containerd/containerd (#890)" (#892)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Nov 27 10:31:37 UTC 2025 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
|
||||
|
||||
- Update to version 20251126.00
|
||||
* Bump github.com/containerd/containerd (#890)
|
||||
* Bump github.com/spdx/tools-golang from 0.5.3 to 0.5.5 (#887)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Nov 7 11:04:38 UTC 2025 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
|
||||
|
||||
- Update to version 20251028.00
|
||||
* Bump go.opentelemetry.io/otel/sdk/metric from 1.35.0 to 1.38.0 (#886)
|
||||
* Bump github.com/tidwall/pretty from 1.2.0 to 1.2.1 (#880)
|
||||
- from version 20251023.02
|
||||
* Create multiple_os.yaml (#883)
|
||||
- from version 20251023.00
|
||||
* Bump github.com/docker/go-connections from 0.4.0 to 0.6.0 (#877)
|
||||
* Add test runner for e2e tests (#876)
|
||||
- Reword previous changelog entry so that the added patches are accepted
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Oct 14 10:56:31 UTC 2025 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
|
||||
|
||||
- Update to version 20250925.00
|
||||
* Bump cloud.google.com/go/auth/oauth2adapt from 0.2.7 to 0.2.8 (#870)
|
||||
* Bump google.golang.org/protobuf from 1.36.6 to 1.36.9 (#874)
|
||||
* Bump go.opentelemetry.io/otel from 1.35.0 to 1.38.0 (#872)
|
||||
* Bump github.com/golang/glog from 1.2.4 to 1.2.5 (#830)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Oct 8 16:20:08 UTC 2025 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
|
||||
|
||||
- Add CVE-2025-47911.patch to fix an issue in the HTML parser where a large
|
||||
number of open elements can cause the parser to become extremely slow by
|
||||
limiting the stack size of open elements (bsc#1251453, CVE-2025-47911)
|
||||
- Add CVE-2025-58190.patch to fix an issue in the HTML parser where a specific
|
||||
HTML document can cause the parser to enter an infinite loop when trying
|
||||
to parse a </tbody> and implied </tr> next to each other.
|
||||
(bsc#1251704, CVE-2025-58190)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Sep 16 12:12:32 UTC 2025 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
|
||||
|
||||
- Update to version 20250902.01
|
||||
* Bump github.com/googleapis/enterprise-certificate-proxy (#829)
|
||||
- from version 20250902.00
|
||||
* update github.com/go-jose/go-jose/v4 (#869)
|
||||
* Upgrade scalibr and other deps (#866)
|
||||
- from version 20250901.00
|
||||
* Fix possibility of path traversal for zip and tar archival (#868)
|
||||
- from version 20250825.00
|
||||
* set CODEOWNERS file as required by org (#863)
|
||||
- from version 20250819.00
|
||||
* Fix/rhel10 build centos image (#860)
|
||||
- from version 20250814.00
|
||||
* Fix/rhel10 build image (#859)
|
||||
- from version 20250813.00
|
||||
* Fix: Add RHEL 10 support to RPM startup script (#858)
|
||||
- from version 20250811.00
|
||||
* Remove old/sles-15-sp4-sap as image is deprecated (#857)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Aug 11 13:30:16 UTC 2025 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
|
||||
|
||||
- Update to version 20250806.00
|
||||
* Fixed JSON identifier for the universe domain (#855)
|
||||
- from version 20250729.00
|
||||
* Bump github.com/google/s2a-go from 0.1.8 to 0.1.9 (#828)
|
||||
- from version 20250725.02
|
||||
* Update utils.go (#854)
|
||||
* Upgrade golang.org/x/oauth2 package to the latest. (#853)
|
||||
* Bump golang.org/x/time from 0.9.0 to 0.12.0 (#839)
|
||||
- from version 20250725.01
|
||||
* Bump golang.org/x/oauth2 (#848)
|
||||
* Port fix for debian 11 to goo package manager. (#852)
|
||||
- from version 20250725.00
|
||||
* Update Golang version in common.sh and skip backports
|
||||
repo for debian 11 (#850)
|
||||
- from version 20250723.01
|
||||
* Add workflows to build package for el10 (#849)
|
||||
- from version 20250721.00
|
||||
* Make OS Config agent TPC aware (#846)
|
||||
- from version 20250718.00
|
||||
* Create workflows for new Debian 13. (#847)
|
||||
- Drop CVE-2025-22868.patch, merged upstream
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Jul 11 11:51:22 UTC 2025 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
|
||||
|
||||
- Update to version 20250703.00
|
||||
* Fix sles images (#844)
|
||||
- from version 20250702.00
|
||||
* Remove rhel-sap 8-4 add rhel-sap 8-10 (#843)
|
||||
- from version 20250701.00
|
||||
* Bump the go_modules group across 1 directory with 2 updates (#840)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jun 25 11:23:00 UTC 2025 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
|
||||
|
||||
- Update to version 20250606.00
|
||||
* Change base docker images Google's official base images. (#838)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Jun 12 13:35:19 UTC 2025 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
|
||||
|
||||
- Update to version 20250416.02 (bsc#1244304, bsc#1244503)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed May 28 09:01:24 UTC 2025 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
|
||||
|
||||
- Update to version 20250523.01
|
||||
* Add a simple no-op OS policy for user testing (#837)
|
||||
- from version 20250523.00
|
||||
* Introduce scalibr inventory extractor for dpkg/rpm/cos
|
||||
os/filesystem extractors (linux) (#834)
|
||||
* Trace GetInstalledPackages memory levels (#835)
|
||||
- from version 20250520.00
|
||||
* Trace GetInstalledPackages memory levels (#835)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed May 14 08:37:59 UTC 2025 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
|
||||
|
||||
- Update to version 20250513.00
|
||||
* Fix rpm extractor, handle (none) value correctly. (#833)
|
||||
- from version 20250512.01
|
||||
* Bump github.com/envoyproxy/go-control-plane from 0.13.1 to 0.13.4 (#816)
|
||||
- from version 20250512.00
|
||||
* Bump golang.org/x/net from 0.39.0 to 0.40.0 (#819)
|
||||
- from version 20250508.01
|
||||
* cosmetic refactoring to osinfo package (#826)
|
||||
- from version 20250508.00
|
||||
* Refactor /inventory with dependency injection (#825)
|
||||
* Add debian, ubuntu (InstalledDebPackages) snapshots (#821)
|
||||
* cover packages_linux.go file with tests (#824)
|
||||
* Add debian (10,11,12) GetPackageUpdates output snapshots (#822)
|
||||
- from version 20250507.00
|
||||
* Add InstalledRPMPackages snapshot tests (#823)
|
||||
- from version 20250506.02
|
||||
* Yum tests: simplify initialization of exit errors (#820)
|
||||
- from version 20250506.01
|
||||
* Improve test coverage for gem package manager (#818)
|
||||
- from version 20250506.00
|
||||
* after go/x/crypto update 0.32.0 -> 0.37.0 (#817)
|
||||
- from version 20250505.01
|
||||
* Improve packages package coverage (#814)
|
||||
* Bump golang.org/x/net from 0.34.0 to 0.39.0 (#807)
|
||||
- from version 20250505.00
|
||||
* Bump golang.org/x/crypto from 0.32.0 to 0.37.0 (#806)
|
||||
- from version 20250430.00
|
||||
* Snapshot YumUpdates (GetPackageUpdates) output (#813)
|
||||
- from version 20250428.00
|
||||
* Snapshot ZypperPatches, ZypperUpdates (GetPackageUpdates) output
|
||||
for sles 12, 15 testdata (#812)
|
||||
- from version 20250423.00
|
||||
* Introduce MatchSnapshot large test results matcher function, snapshot
|
||||
apt-deb GetPackageUpdates (#811)
|
||||
- from version 20250416.02
|
||||
* defaultSleeper: tolerate 10% difference to reduce test flakiness (#810)
|
||||
* Add output of some packagemanagers to the testdata (#808)
|
||||
- from version 20250416.01
|
||||
* Refactor OS Info package (#809)
|
||||
- from version 20250416.00
|
||||
* Report RPM inventory as YUM instead of empty SoftwarePackage
|
||||
when neither Zypper nor YUM are installed. (#805)
|
||||
- from version 20250414.00
|
||||
* Update hash computation algorithm (#799)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Apr 14 08:11:40 UTC 2025 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
|
||||
|
||||
- Update to version 20250320.00
|
||||
* Bump github.com/envoyproxy/protoc-gen-validate from 1.1.0 to 1.2.1 (#797)
|
||||
- from version 20250318.00
|
||||
* Bump go.opentelemetry.io/otel/sdk/metric from 1.32.0 to 1.35.0 (#793)
|
||||
- from version 20250317.02
|
||||
* Bump cel.dev/expr from 0.18.0 to 0.22.0 (#792)
|
||||
* Bump github.com/golang/glog from 1.2.3 to 1.2.4 in the go_modules group (#785)
|
||||
- from version 20250317.01
|
||||
* Bump cloud.google.com/go/logging from 1.12.0 to 1.13.0 (#774)
|
||||
- from version 20250317.00
|
||||
* Add tests for retryutil package. (#795)
|
||||
- from version 20250306.00
|
||||
* Update OWNERS (#794)
|
||||
- from version 20250206.01
|
||||
* Use separate counters for pre- and post-patch reboots. (#788)
|
||||
- from version 20250206.00
|
||||
* Update owners (#789)
|
||||
- from version 20250203.00
|
||||
* Fix the vet errors for contants in logging (#786)
|
||||
- from version 20250122.00
|
||||
* change available package check (#783)
|
||||
- from version 20250121.00
|
||||
* Fix Inventory reporting e2e tests. (#782)
|
||||
- from version 20250120.00
|
||||
* fix e2e tests (#781)
|
||||
- Add -buildmode=pie to go build command line (bsc#1239948)
|
||||
- Drop CVE-2024-45339.patch, merged upstream
|
||||
- Renumber patches
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Mar 11 11:28:22 UTC 2025 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
|
||||
|
||||
@@ -314,7 +744,7 @@ Thu May 16 12:33:50 UTC 2024 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.c
|
||||
* Updating dependencies and respective checksums (#556)
|
||||
- from version 20240501.01
|
||||
* Update go.mod (#554)
|
||||
- from version 20240501.00
|
||||
- from version 20240501.00 (bsc#1236533, CVE-2023-45288)
|
||||
* Bump golang.org/x/net from 0.17.0 to 0.23.0 (#542)
|
||||
- from version 20240430.01
|
||||
* Remove SBOM generation logic from package build workflows (#553)
|
||||
@@ -455,7 +885,6 @@ Thu Aug 31 12:31:38 UTC 2023 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.c
|
||||
* Added burov, dowgird, paulinakania and Gulio to OWNERS (#482)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
|
||||
Fri Jul 7 09:33:36 UTC 2023 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
|
||||
|
||||
- Update to version 20230706.02 (bsc#1212418, bsc#1212759)
|
||||
|
||||
@@ -16,51 +16,33 @@
|
||||
#
|
||||
|
||||
|
||||
%global provider github
|
||||
%global provider_tld com
|
||||
%global project GoogleCloudPlatform
|
||||
%global repo osconfig
|
||||
%global provider_prefix %{provider}.%{provider_tld}/%{project}/%{repo}
|
||||
%global import_path %{provider_prefix}
|
||||
%define shortname osconfig
|
||||
|
||||
Name: google-osconfig-agent
|
||||
Version: 20250115.01
|
||||
Version: 20260615.01
|
||||
Release: 0
|
||||
Summary: Google Cloud Guest Agent
|
||||
License: Apache-2.0
|
||||
Group: System/Daemons
|
||||
URL: https://%{provider_prefix}
|
||||
Source0: %{repo}-%{version}.tar.gz
|
||||
Source0: %{shortname}-%{version}.tar.gz
|
||||
Source1: vendor.tar.gz
|
||||
Source2: rpmlintrc
|
||||
# PATCH-FIX-UPSTREAM - gh/golang/glog#74 - Fix vulnerability when creating log files (CVE-2024-45339)
|
||||
Patch0: CVE-2024-45339.patch
|
||||
# PATCH-FIX-UPSTREAM - Fix unexpected memory consumption during token parsing in golang.org/x/oauth2
|
||||
Patch1: CVE-2025-22868.patch
|
||||
BuildRequires: golang(API) >= 1.22.4
|
||||
BuildRequires: golang-packaging
|
||||
BuildRequires: golang(API) >= 1.25.5
|
||||
Requires: google-guest-configs
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||
|
||||
|
||||
|
||||
%{go_nostrip}
|
||||
%{go_provides}
|
||||
|
||||
%description
|
||||
Google Cloud OSConfig Agent
|
||||
|
||||
%prep
|
||||
%setup -q -n %{repo}-%{version}
|
||||
%setup -q -D -T -a 1 -n %{repo}-%{version}
|
||||
%patch -P0 -p0
|
||||
pushd vendor/golang.org/x/oauth2
|
||||
%patch -P1 -p1
|
||||
popd
|
||||
%setup -n %{shortname}-%{version} -a1
|
||||
|
||||
%build
|
||||
%goprep %{import_path}
|
||||
CGO_ENABLED=0 go build -ldflags="-s -w -X main.version=%{version}-%{release}" -mod=vendor -o google_osconfig_agent
|
||||
%ifnarch ppc64
|
||||
export GOFLAGS="-buildmode=pie"
|
||||
%endif
|
||||
go build -o google_osconfig_agent
|
||||
|
||||
%install
|
||||
install -d %{buildroot}%{_bindir}
|
||||
|
||||
@@ -3,8 +3,8 @@
|
||||
<param name="url">https://github.com/GoogleCloudPlatform/osconfig</param>
|
||||
<param name="scm">git</param>
|
||||
<param name="exclude">.git</param>
|
||||
<param name="versionformat">20250115.01</param>
|
||||
<param name="revision">20250115.01</param>
|
||||
<param name="versionformat">20260615.01</param>
|
||||
<param name="revision">20260615.01</param>
|
||||
<param name="changesgenerate">enable</param>
|
||||
</service>
|
||||
<service name="recompress" mode="disabled">
|
||||
@@ -15,6 +15,6 @@
|
||||
<param name="basename">osconfig</param>
|
||||
</service>
|
||||
<service name="go_modules" mode="disabled">
|
||||
<param name="archive">osconfig-20250115.01.tar.gz</param>
|
||||
<param name="archive">osconfig-20260615.01.tar.gz</param>
|
||||
</service>
|
||||
</services>
|
||||
|
||||
+1
-1
@@ -1,4 +1,4 @@
|
||||
<servicedata>
|
||||
<service name="tar_scm">
|
||||
<param name="url">https://github.com/GoogleCloudPlatform/osconfig</param>
|
||||
<param name="changesrevision">61118e25e4aa0e456a6b960d6e6f8bdcb4b678a2</param></service></servicedata>
|
||||
<param name="changesrevision">5b74d2e70f06700a7a5b1901efd6f602d6ad0b84</param></service></servicedata>
|
||||
@@ -1,105 +0,0 @@
|
||||
diff -Nru vendor.orig/github.com/golang/glog/glog_file.go vendor/github.com/golang/glog/glog_file.go
|
||||
--- vendor.orig/github.com/golang/glog/glog_file.go 2025-01-27 09:02:41.000000000 +0100
|
||||
+++ vendor/github.com/golang/glog/glog_file.go 2025-02-17 10:28:28.777320262 +0100
|
||||
@@ -116,32 +116,53 @@
|
||||
// contains tag ("INFO", "FATAL", etc.) and t. If the file is created
|
||||
// successfully, create also attempts to update the symlink for that tag, ignoring
|
||||
// errors.
|
||||
-func create(tag string, t time.Time) (f *os.File, filename string, err error) {
|
||||
+func create(tag string, t time.Time, dir string) (f *os.File, filename string, err error) {
|
||||
+ if dir != "" {
|
||||
+ f, name, err := createInDir(dir, tag, t)
|
||||
+ if err == nil {
|
||||
+ return f, name, err
|
||||
+ }
|
||||
+ return nil, "", fmt.Errorf("log: cannot create log: %v", err)
|
||||
+ }
|
||||
+
|
||||
onceLogDirs.Do(createLogDirs)
|
||||
if len(logDirs) == 0 {
|
||||
return nil, "", errors.New("log: no log dirs")
|
||||
}
|
||||
- name, link := logName(tag, t)
|
||||
var lastErr error
|
||||
for _, dir := range logDirs {
|
||||
- fname := filepath.Join(dir, name)
|
||||
- f, err := os.Create(fname)
|
||||
+ f, name, err := createInDir(dir, tag, t)
|
||||
if err == nil {
|
||||
- symlink := filepath.Join(dir, link)
|
||||
- os.Remove(symlink) // ignore err
|
||||
- os.Symlink(name, symlink) // ignore err
|
||||
- if *logLink != "" {
|
||||
- lsymlink := filepath.Join(*logLink, link)
|
||||
- os.Remove(lsymlink) // ignore err
|
||||
- os.Symlink(fname, lsymlink) // ignore err
|
||||
- }
|
||||
- return f, fname, nil
|
||||
+ return f, name, err
|
||||
}
|
||||
lastErr = err
|
||||
}
|
||||
return nil, "", fmt.Errorf("log: cannot create log: %v", lastErr)
|
||||
}
|
||||
|
||||
+func createInDir(dir, tag string, t time.Time) (f *os.File, name string, err error) {
|
||||
+ name, link := logName(tag, t)
|
||||
+ fname := filepath.Join(dir, name)
|
||||
+ // O_EXCL is important here, as it prevents a vulnerability. The general idea is that logs often
|
||||
+ // live in an insecure directory (like /tmp), so an unprivileged attacker could create fname in
|
||||
+ // advance as a symlink to a file the logging process can access, but the attacker cannot. O_EXCL
|
||||
+ // fails the open if it already exists, thus prevent our this code from opening the existing file
|
||||
+ // the attacker points us to.
|
||||
+ f, err = os.OpenFile(fname, os.O_RDWR|os.O_CREATE|os.O_EXCL, 0666)
|
||||
+ if err == nil {
|
||||
+ symlink := filepath.Join(dir, link)
|
||||
+ os.Remove(symlink) // ignore err
|
||||
+ os.Symlink(name, symlink) // ignore err
|
||||
+ if *logLink != "" {
|
||||
+ lsymlink := filepath.Join(*logLink, link)
|
||||
+ os.Remove(lsymlink) // ignore err
|
||||
+ os.Symlink(fname, lsymlink) // ignore err
|
||||
+ }
|
||||
+ return f, fname, nil
|
||||
+ }
|
||||
+ return nil, "", err
|
||||
+}
|
||||
+
|
||||
// flushSyncWriter is the interface satisfied by logging destinations.
|
||||
type flushSyncWriter interface {
|
||||
Flush() error
|
||||
@@ -248,6 +269,7 @@
|
||||
names []string
|
||||
sev logsink.Severity
|
||||
nbytes uint64 // The number of bytes written to this file
|
||||
+ madeAt time.Time
|
||||
}
|
||||
|
||||
func (sb *syncBuffer) Sync() error {
|
||||
@@ -255,9 +277,14 @@
|
||||
}
|
||||
|
||||
func (sb *syncBuffer) Write(p []byte) (n int, err error) {
|
||||
+ // Rotate the file if it is too large, but ensure we only do so,
|
||||
+ // if rotate doesn't create a conflicting filename.
|
||||
if sb.nbytes+uint64(len(p)) >= MaxSize {
|
||||
- if err := sb.rotateFile(time.Now()); err != nil {
|
||||
- return 0, err
|
||||
+ now := timeNow()
|
||||
+ if now.After(sb.madeAt.Add(1*time.Second)) || now.Second() != sb.madeAt.Second() {
|
||||
+ if err := sb.rotateFile(now); err != nil {
|
||||
+ return 0, err
|
||||
+ }
|
||||
}
|
||||
}
|
||||
n, err = sb.Writer.Write(p)
|
||||
@@ -275,7 +302,8 @@
|
||||
func (sb *syncBuffer) rotateFile(now time.Time) error {
|
||||
var err error
|
||||
pn := "<none>"
|
||||
- file, name, err := create(sb.sev.String(), now)
|
||||
+ file, name, err := create(sb.sev.String(), now, "")
|
||||
+ sb.madeAt = now
|
||||
|
||||
if sb.file != nil {
|
||||
// The current log file becomes the previous log at the end of
|
||||
@@ -1,41 +0,0 @@
|
||||
From 681b4d8edca1bcfea5bce685d77ea7b82ed3e7b3 Mon Sep 17 00:00:00 2001
|
||||
From: Neal Patel <nealpatel@google.com>
|
||||
Date: Thu, 30 Jan 2025 14:10:09 -0500
|
||||
Subject: [PATCH] jws: split token into fixed number of parts
|
||||
|
||||
Thanks to 'jub0bs' for reporting this issue.
|
||||
|
||||
Fixes #71490
|
||||
Fixes CVE-2025-22868
|
||||
|
||||
Change-Id: I2552731f46d4907f29aafe7863c558387b6bd6e2
|
||||
Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/652155
|
||||
Auto-Submit: Gopher Robot <gobot@golang.org>
|
||||
Reviewed-by: Damien Neil <dneil@google.com>
|
||||
Reviewed-by: Roland Shoemaker <roland@golang.org>
|
||||
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
|
||||
---
|
||||
jws/jws.go | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/jws/jws.go b/jws/jws.go
|
||||
index 9501564..6f03a49 100644
|
||||
--- a/jws/jws.go
|
||||
+++ b/jws/jws.go
|
||||
@@ -165,11 +165,11 @@ func Encode(header *Header, c *ClaimSet, key *rsa.PrivateKey) (string, error) {
|
||||
// Verify tests whether the provided JWT token's signature was produced by the private key
|
||||
// associated with the supplied public key.
|
||||
func Verify(token string, key *rsa.PublicKey) error {
|
||||
- parts := strings.Split(token, ".")
|
||||
- if len(parts) != 3 {
|
||||
+ if strings.Count(token, ".") != 2 {
|
||||
return errors.New("jws: invalid token received, token must have 3 parts")
|
||||
}
|
||||
|
||||
+ parts := strings.SplitN(token, ".", 3)
|
||||
signedContent := parts[0] + "." + parts[1]
|
||||
signatureString, err := base64.RawURLEncoding.DecodeString(parts[2])
|
||||
if err != nil {
|
||||
--
|
||||
2.48.1
|
||||
|
||||
BIN
Binary file not shown.
BIN
Binary file not shown.
LFS
BIN
Binary file not shown.
Reference in New Issue
Block a user