Merge pull request 'Update to 1.52.2:' (#4) from mcepl/update-golang-oauth2-fix-changelog into factory

- fix: typos
  - Use default temporary directory in tests
  - Go 1.24 is out, drop Go 1.22 bsc#1239200
    (CVE-2025-22868): add update-golang-oauth2.patch
    to revendor to use golang.org/x/oauth2 v0.28.0
    (https://pkg.go.dev/vuln/GO-2025-3488).

.gitignore

@@ -1 +1,2 @@
 .osc
+_scmsync.obsinfo

_scmsync.obsinfo

@@ -1,4 +0,0 @@
-mtime: 1689603042
-commit: c4ea9c3ca155cb33e950531c9e067c115099b6de
-url: https://src.opensuse.org/mcepl/fake-gcs-server.git
-revision: c4ea9c3ca155cb33e950531c9e067c115099b6de

_service

@@ -1,5 +1,5 @@
 <services>
-  <service name="go_modules" mode="disabled">
+  <service name="go_modules" mode="manual">
        <param name="compression">xz</param>
   </service>
 </services>

fake-gcs-server.changes

@@ -1,3 +1,105 @@
+-------------------------------------------------------------------
+Tue Mar 11 08:23:03 UTC 2025 - Matej Cepl <mcepl@cepl.eu>
+
+- Update to 1.52.2:
+  - fix: typos
+  - Use default temporary directory in tests
+  - Go 1.24 is out, drop Go 1.22
+- bsc#1239200 (CVE-2025-22868): add update-golang-oauth2.patch to
+  revendor to use golang.org/x/oauth2 v0.28.0
+  (https://pkg.go.dev/vuln/GO-2025-3488).
+
+-------------------------------------------------------------------
+Tue Jan 28 22:48:18 UTC 2025 - Matej Cepl <mcepl@cepl.eu>
+
+- Update to v1.52.1
+    - backend: always set StorageClass
+- Update to v1.52.0
+    - feat: Add _internal/delete_all to delete all data
+    - Add disposition and language to ComposeObject
+- Update to v1.51.0
+    - Disallow uppercase in bucket names
+    - Add POST workaround for clients which cannot PATCH
+    - Add support for getObjectACL and deleteObjectACL
+    - internal/backend: support OpenBSD to get file status last
+      changed info
+    - Persist created and updated time in compose
+    - fix: avoid IncompleteRead on completed partial reads
+    - Add support for StorageClass
+    - Add support for Content-Language
+    - Add support for canceling resumable uploads
+    - Add support for MaxResults when listing objects
+    - Upgrade deps
+- Update to v1.50.2
+    - Revert "fakestorage: remove unused type"
+- Update to v1.50.1
+    - internal/grpc: use the generated proto provided by Google
+- Update to v1.50.0
+    - github/workflows: add job to validate cross-compilation and
+      fix build on freebsd
+    - ci: fix goreleaser config
+    - Support content-disposition
+    - Support setting cache-control of object
+    - add aliases to support specifying EventOptions
+- Update to v1.49.3
+    - Go 1.23 is out, adopt it (CVE-2023-45288, bsc#1236521)
+
+-------------------------------------------------------------------
+Thu Jul 18 14:27:33 UTC 2024 - Matej Cepl <mcepl@cepl.eu>
+
+- Update to v1.49.2:
+  - Add omitempty to new timestorageclassupdated
+- Update to v1.49.1:
+  - examples: remove Ruby
+  - Include fields required by alpakka scala client in response
+  - Add Testcontainers example with Node.js
+- Update to v1.49.0:
+  - Add Object Deletion Using Signed URLs
+  - examples/node: add exists()
+  - Don't omit versioning.enabled in bucket response
+  - Additional ACL response attributes
+  - Additional bucket response attributes
+  - Upgrade deps (CVE-2023-45288, bsc#1236521)
+- Update to v1.48.0:
+  - Fix brittle test
+  - Fill the errors attribute for HTTP errors
+  - Remove unnecessary quoting around ETag in JSON response
+  - Additional object response attributes
+  - Support the projection parameter in getObject
+- Update to v1.47.8:
+  - Add Ruby example
+- Update to v1.47.7:
+  - Updated python example
+  - Fixed patchObject ignoring ContentType and ContentEncoding
+- Update to v1.47.6:
+  - ci/goreleaser: remove deprecated option
+  - config: trim trailing slashes from externalURL
+- Update to v1.47.5:
+  - Migrate from logrus to slog
+  - add missing etag header in download object response
+  - github/workflows/main: pin python to 3.11 in gsutil example
+  - github/workflows/main: bump node and java in examples
+- Update to v1.47.4:
+  - server: add MethodHead to the /download mapping
+- Update to v1.47.2:
+  - backend/fs: return empty BucketAttrs if the metadata file is
+    missing
+- Update to v1.47.1:
+  - Restore 4443 as default port for '-scheme http' as before PR
+    #1215
+- Update to v1.47.0:
+  - Disallow composing more than 32 objects at once
+  - Remove obsolete upload route
+  - Additional bucket response attributes
+  - Support trailing slash in /o and /b routes
+  - Add scheme option to bind to both HTTP and HTTPS
+- Update to v1.46.0:
+  - Unify logic for seeding the server from a directory
+  - Send X-Goog-Stored-Content-Encoding header
+  - Omit items if empty in object list response
+  - Add Bucket Attributes
+  - backend/fs: some bucket attributes cleanup
+
 -------------------------------------------------------------------
 Mon Jul 17 14:06:02 UTC 2023 - Matej Cepl <mcepl@suse.com>
 

fake-gcs-server.spec

@@ -21,14 +21,18 @@
 %global provider_prefix github.com/fsouza/fake-gcs-server/fakestorage
 %global import_path     %{provider_prefix}
 Name:           fake-gcs-server
-Version:        1.45.2
+Version:        1.52.2
 Release:        0
 Summary:        Google Cloud Storage emulator & testing library
 License:        BSD-2-Clause
 URL:            https://github.com/fsouza/fake-gcs-server
 Source0:        https://github.com/fsouza/%{name}/archive/refs/tags/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
 Source1:        vendor.tar.xz
+# PATCH-FIX-UPSTREAM update-golang-oauth2.patch bsc#[0-9]+ mcepl@suse.com
+# update vendored golang-oauth2 (CVE-2025-22868, GO-2025-3488)
+Patch0:         update-golang-oauth2.patch
 BuildRequires:  fdupes
+BuildRequires:  go >= 1.23.0
 BuildRequires:  golang-packaging
 BuildRequires:  xz
 %{go_nostrip}

update-golang-oauth2.patch

@@ -0,0 +1,41 @@
+---
+ go.mod |    6 ++++--
+ go.sum |    4 ++--
+ 2 files changed, 6 insertions(+), 4 deletions(-)
+
+Index: fake-gcs-server-1.52.2/go.mod
+===================================================================
+--- fake-gcs-server-1.52.2.orig/go.mod	2025-02-16 04:33:40.000000000 +0100
++++ fake-gcs-server-1.52.2/go.mod	2025-03-11 10:36:31.416633475 +0100
+@@ -10,7 +10,7 @@
+ 	github.com/minio/minio-go/v7 v7.0.86
+ 	github.com/pkg/xattr v0.4.10
+ 	github.com/stretchr/testify v1.10.0
+-	golang.org/x/oauth2 v0.26.0
++	golang.org/x/oauth2 v0.28.0
+ 	google.golang.org/api v0.215.0
+ )
+ 
+@@ -77,4 +77,6 @@
+ 	gopkg.in/yaml.v3 v3.0.1 // indirect
+ )
+ 
+-go 1.23
++go 1.23.0
++
++toolchain go1.24.1
+Index: fake-gcs-server-1.52.2/go.sum
+===================================================================
+--- fake-gcs-server-1.52.2.orig/go.sum	2025-02-16 04:33:40.000000000 +0100
++++ fake-gcs-server-1.52.2/go.sum	2025-03-11 10:36:39.413614515 +0100
+@@ -187,8 +187,8 @@
+ golang.org/x/net v0.35.0 h1:T5GQRQb2y08kTAByq9L4/bz8cipCdA8FbRTXewonqY8=
+ golang.org/x/net v0.35.0/go.mod h1:EglIi67kWsHKlRzzVMUD93VMSWGFOMSZgxFjparz1Qk=
+ golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
+-golang.org/x/oauth2 v0.26.0 h1:afQXWNNaeC4nvZ0Ed9XvCCzXM6UHJG7iCg0W4fPqSBE=
+-golang.org/x/oauth2 v0.26.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
++golang.org/x/oauth2 v0.28.0 h1:CrgCKl8PPAVtLnU3c+EDw6x11699EWlsDeWNWKdIOkc=
++golang.org/x/oauth2 v0.28.0/go.mod h1:onh5ek6nERTohokkhCD/y2cV4Do3fxFHFuAejCkRWT8=
+ golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+ golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+ golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=