Accepting request 1318215 from utilities

OBS-URL: https://build.opensuse.org/request/show/1318215
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/sbctl?expand=0&rev=9

_service

@@ -14,5 +14,7 @@
     <param name="compression">gz</param>
   </service>
   <service name="go_modules" mode="manual">
+    <param name="replace">github.com/ulikunitz/xz=github.com/ulikunitz/xz@v0.5.14</param>
+    <param name="replace">golang.org/x/net=golang.org/x/net@v0.46.0</param>
   </service>
 </services>

sbctl-0.15.3.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:af78a78997f903aaa9d275d026e094cc4cbd668254ca320d463232728f91ad5f
-size 17951470

sbctl-0.18.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:f244890d1676bc9e7761ebbbdc7e94e516b47642ef37efd0b7b60e5223fcaaa5
+size 17960022

sbctl.changes

@@ -1,3 +1,74 @@
+-------------------------------------------------------------------
+Wed Nov 12 07:29:18 UTC 2025 - Fridrich Strba <fstrba@suse.com>
+
+- Upgrade the embedded golang.org/x/net to 0.46.0
+  * Fixes: bsc#1251399, CVE-2025-47911: various algorithms with
+    quadratic complexity when parsing HTML documents
+  * Fixes: bsc#1251609, CVE-2025-58190: excessive memory consumption
+    by 'html.ParseFragment' when processing specially crafted input
+
+-------------------------------------------------------------------
+Mon Oct 13 09:06:05 UTC 2025 - Jan Loeser <rooterle@posteo.de>
+
+- Update to version 0.18:
+  * logging: fixup new go vet warning
+  * workflows: add cc for cross compile
+  * workflow: add sudo to apt
+  * workflow: add pcsclite to ci
+  * workflow: try enable cgo
+  * go.mod: update golang.org/x/ dependencies
+  * fix: avoid adding bogus Country attribute to subject DNs
+  * sbctl: only store file if we did actually sign the file
+  * installkernel: add post install hook for Debian's traditional installkernel
+  * CI: missing libpcsclite pkg
+  * workflows: add missing depends and new pattern keyword
+  * Add yubikey example for create keys to the README
+  * Initial yubikey backend keytype support
+  * verify: ensure we pass args in correct order
+
+-------------------------------------------------------------------
+Mon Sep  1 09:34:54 UTC 2025 - Michael Vetter <mvetter@suse.com>
+
+- bsc#1248949 (CVE-2025-58058):
+  Bump xz to 0.5.14
+
+-------------------------------------------------------------------
+Mon May  5 11:24:29 UTC 2025 - Jan Loeser <jan.loeser@posteo.de>
+
+- Update to version 0.17:
+  * Ensure we don't wrongly compare input/output files when signing
+  * Added --json supprt to sbctl verify
+  * Ensure sbctl setup with no arguments returns a helpful output
+  * Import latest Microsoft keys for KEK and db databases
+  * Ensure we print the path of the file when encountering an invalid PE file
+  * Misc fixups in tests
+  * Misc typo fixes in prints
+
+-------------------------------------------------------------------
+Tue Oct 22 03:56:54 UTC 2024 - Joshua Smith <smolsheep@opensuse.org>
+
+- Disable tests that fail due to gh/foxboron/sbctl#343
+- Update to version 0.16:
+  * Ensure sbctl reads --config even if /etc/sbctl/sbctl.conf is
+    present
+  * Fixed a bug where sbctl would abort if the TPM eventlog
+    contains the same byte multiple times
+  * Fixed a landlock bug where enroll-keys --export did not work
+  * Fixed a bug where an ESP mounted to multiple paths would not be
+    detected
+  * Exporting keys without efivars present work again
+  * sbctl sign will now use the saved output path if the signed
+    file is enrolled
+  * enroll-keys --append will now work without --force.
+- Updates from version 0.15.4:
+  * Fixed an issue where sign-all did not report a non-zero exit
+    code when something failed
+  * Fixed and issue where we couldn't write to a file with landlock
+  * Fixed an issue where --json would print the human readable
+    output and the json
+  * Fixes landlock for UKI/bundles by disabling the sandbox feature
+  * Some doc fixups that mentioned /usr/share/
+
 -------------------------------------------------------------------
 Wed Jul 31 23:55:22 UTC 2024 - Joshua Smith <smolsheep@opensuse.org>
 

sbctl.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package sbctl
 #
-# Copyright (c) 2024 SUSE LLC
+# Copyright (c) 2025 SUSE LLC and contributors
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -17,16 +17,12 @@
 
 
 Name:           sbctl
-Version:        0.15.3
+Version:        0.18
 Release:        0
 Summary:        Secure Boot key manager
 License:        MIT
 Group:          System/Boot
 URL:            https://github.com/Foxboron/sbctl
-%if "%{_vendor}" == "debbuild"
-# Needed to set Maintainer in output debs
-Packager:       Jan Loeser <jan.loeser@posteo.de>
-%endif
 Source:         %{name}-%{version}.tar.gz
 Source1:        vendor.tar.gz
 Source2:        %{name}-rpmlintrc
@@ -42,10 +38,12 @@ BuildRequires:  binutils
 %if 0%{?suse_version}
 BuildRequires:  go >= 1.22.0
 BuildRequires:  golang-packaging
+BuildRequires:  pcsc-lite-devel
 BuildRequires:  pkgconfig(openssl) > 3.0.0
 %endif
 %if 0%{?ubuntu}
 BuildRequires:  golang >= 1.22.0
+BuildRequires:  libpcsclite-dev
 BuildRequires:  libssl-dev > 3.0.0
 %endif
 
@@ -74,21 +72,20 @@ VERSION="%{version}" %make_build all
 # Fix potential-bashisms rpmlint error by using bash shebang
 sed -i 's|bin/sh|bin/bash|' %{buildroot}%{_prefix}/lib/kernel/install.d/91-sbctl.install
 
-%check
-%make_build test
-
 %files
 %doc README.md
 %license LICENSE
 
 %dir %{_prefix}/lib/kernel/
 %dir %{_prefix}/lib/kernel/install.d/
+%dir %{_prefix}/lib/kernel/postinst.d/
 %dir %{_datadir}/fish/
 %dir %{_datadir}/fish/vendor_completions.d/
 %dir %{_datadir}/zsh/
 %dir %{_datadir}/zsh/site-functions/
 
 %{_prefix}/lib/kernel/install.d/91-sbctl.install
+%{_prefix}/lib/kernel/postinst.d/91-sbctl.install
 %{_mandir}/man8/sbctl.8*
 %{_mandir}/man5/sbctl.conf.5*
 %{_datadir}/bash-completion/completions/sbctl

vendor.tar.gz

@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:b66951060caf84826b0f64aa2dacc23fc8bfcbee06c7b633ac90f846d723a293
-size 5705126
+oid sha256:d2fc644ddb2b233faec1f29dd1199748667ff2a50640a8b5107920fef6ca1fa2
+size 5068731