Merge branch 'factory' into leap-16.0

This reverts commit 3117857577.

_service

@@ -0,0 +1,22 @@
+<services>
+  <service name="obs_scm" mode="manual">
+    <param name="url">https://github.com/warewulf/warewulf.git</param>
+    <param name="scm">git</param>
+    <param name="revision">v4.6.4</param>
+    <param name="versionformat">@PARENT_TAG@</param>
+    <param name="versionrewrite-pattern">v(.*)</param>
+    <param name="changesgenerate">enable</param>
+    <param name="submodules">enable</param>
+    <param name="package-meta">yes</param>
+  </service>
+  <service name="set_version" mode="manual" />
+  <service name="format_spec_file" mode="manual" />
+  <service name="tar" mode="buildtime">
+    <param name="package-meta">yes</param>
+  </service>
+  <service name="go_modules" mode="manual" >
+    <param name="compression">xz</param>
+    <param name="archive">warewulf*obscpio</param>
+  </service>
+  <service name="format_spec_file" mode="manual" />
+</services>

fix-CVE-2025-58058.patch

@@ -0,0 +1,56 @@
+From 8e6c115089c0cbea4347ed252aba7cfe575c9456 Mon Sep 17 00:00:00 2001
+From: Christian Goll <cgoll@suse.com>
+Date: Mon, 8 Sep 2025 15:33:28 +0200
+Subject: [PATCH] fix CVE-2025-58058
+
+---
+ CHANGELOG.md | 3 +++
+ go.mod       | 2 +-
+ go.sum       | 4 ++--
+ 3 files changed, 6 insertions(+), 3 deletions(-)
+
+diff --git a/CHANGELOG.md b/CHANGELOG.md
+index 26c5994c..41fd92bf 100644
+--- a/CHANGELOG.md
++++ b/CHANGELOG.md
+@@ -6,6 +6,9 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
+ 
+ ## v4.6.5, unreleased
+ 
++### Fixed
++- updated github.com/ulikunitz/xz to 0.5.14 whiche fixes CVE-2025-58058
++
+ ## v4.6.4, 2025-09-05
+ 
+ ### Added
+diff --git a/go.mod b/go.mod
+index bdd4ef25..55b9642a 100644
+--- a/go.mod
++++ b/go.mod
+@@ -135,7 +135,7 @@ require (
+ 	github.com/swaggest/jsonschema-go v0.3.73 // indirect
+ 	github.com/swaggest/refl v1.3.0 // indirect
+ 	github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 // indirect
+-	github.com/ulikunitz/xz v0.5.12 // indirect
++	github.com/ulikunitz/xz v0.5.14 // indirect
+ 	github.com/urfave/cli v1.22.16 // indirect
+ 	github.com/vbatts/go-mtree v0.5.0 // indirect
+ 	github.com/vbatts/tar-split v0.11.7 // indirect
+diff --git a/go.sum b/go.sum
+index c5a19894..878b35c5 100644
+--- a/go.sum
++++ b/go.sum
+@@ -399,8 +399,8 @@ github.com/tj/assert v0.0.3/go.mod h1:Ne6X72Q+TB1AteidzQncjw9PabbMp4PBMZ1k+vd1Pv
+ github.com/tj/go-elastic v0.0.0-20171221160941-36157cbbebc2/go.mod h1:WjeM0Oo1eNAjXGDx2yma7uG2XoyRZTq1uv3M/o7imD0=
+ github.com/tj/go-kinesis v0.0.0-20171128231115-08b17f58cb1b/go.mod h1:/yhzCV0xPfx6jb1bBgRFjl5lytqVqZXEaeqWP8lTEao=
+ github.com/tj/go-spin v1.1.0/go.mod h1:Mg1mzmePZm4dva8Qz60H2lHwmJ2loum4VIrLgVnKwh4=
+-github.com/ulikunitz/xz v0.5.12 h1:37Nm15o69RwBkXM0J6A5OlE67RZTfzUxTj8fB3dfcsc=
+-github.com/ulikunitz/xz v0.5.12/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14=
++github.com/ulikunitz/xz v0.5.14 h1:uv/0Bq533iFdnMHZdRBTOlaNMdb1+ZxXIlHDZHIHcvg=
++github.com/ulikunitz/xz v0.5.14/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14=
+ github.com/urfave/cli v1.22.4/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
+ github.com/urfave/cli v1.22.16 h1:MH0k6uJxdwdeWQTwhSO42Pwr4YLrNLwBtg1MRgTqPdQ=
+ github.com/urfave/cli v1.22.16/go.mod h1:EeJR6BKodywf4zciqrdw6hpCPk68JO9z5LazXZMn5Po=
+-- 
+2.51.0
+

switched-to-dnsmasq-as-default-dhcp-and-tftp-service.patch

@@ -0,0 +1,102 @@
+From 9e39845bda60e006936c8b6e34a02325d31448b3 Mon Sep 17 00:00:00 2001
+From: Christian Goll <cgoll@suse.com>
+Date: Fri, 18 Jul 2025 16:29:37 +0200
+Subject: [PATCH] switched to dnsmasq as default dhcp and tftp service
+
+---
+ CHANGELOG.md                |  1 +
+ etc/warewulf.conf           |  4 ++--
+ userdocs/server/dnsmasq.rst | 33 ++-------------------------------
+ warewulf.spec.in            |  2 +-
+ 4 files changed, 6 insertions(+), 34 deletions(-)
+
+diff --git a/CHANGELOG.md b/CHANGELOG.md
+index 26c5994c..0c6378e9 100644
+--- a/CHANGELOG.md
++++ b/CHANGELOG.md
+@@ -61,6 +61,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
+ - Fixed handling of comma-separated mount options in `fstab` and `ignition` overlays. #1950
+ - Fixed a race condition in `wwctl overlay edit`. #1947
+ - Fixed a syntax error in the RPM specfile.
++- switched to dnsmasq as default tftp and dhcp service
+ 
+ ## v4.6.2, 2025-07-09
+ 
+diff --git a/etc/warewulf.conf b/etc/warewulf.conf
+index 33cec64c..6e68047c 100644
+--- a/etc/warewulf.conf
++++ b/etc/warewulf.conf
+@@ -10,11 +10,11 @@ dhcp:
+   enabled: true
+   range start: 10.0.1.1
+   range end: 10.0.1.255
+-  systemd name: dhcpd
++  systemd name: dnsmasq
+   template: default
+ tftp:
+   enabled: true
+-  systemd name: tftp
++  systemd name: dnsmasq
+   ipxe:
+     00:09: ipxe-snponly-x86_64.efi
+     00:00: undionly.kpxe
+diff --git a/userdocs/server/dnsmasq.rst b/userdocs/server/dnsmasq.rst
+index b182ee8d..ba6037a0 100644
+--- a/userdocs/server/dnsmasq.rst
++++ b/userdocs/server/dnsmasq.rst
+@@ -2,37 +2,8 @@
+ Using dnsmasq
+ =============
+ 
+-As an experimental feature, it is possible to use ``dnsmasq`` instead of the ISC
+-``dhcpd`` server and ``TFTP`` server.
+-
+-In order to keep the file ``/etc/dnsmasq.d/ww4-hosts.conf`` is created and must
+-be included in the main ``dnsmasq.conf`` via the ``conf-dir=/etc/dnsmasq.d``
+-option.
+-
+-Installation
+-============
+-
+-Before the installation, make sure that ``dhcpd`` and ``tftp`` are disabled.
+-You can do that with the commands:
+-
+-.. code-block:: shell
+-
+-   systemctl disable --now dhcpd
+-   systemctl disable --now tftp
+-
+-Now you can install ``dnsmasq``.
+-
+-.. code-block:: shell
+-
+-   # Rocky Linux
+-   dnf install dnsmasq
+-
+-   # SUSE
+-   zypper install dnsmasq
+-
+-After the installation, instruct ``warewulf`` to use ``dnsmasq`` as its
+-``dhcpd`` and ``tftp`` service. This is done in the server configuration file,
+-typically at ``/etc/warewulf/warewulf.conf``:
++``dnsmasq`` is the default  ``dhcpd`` and ``tftp`` service. This can be configured
++in the server configuration file, typically at ``/etc/warewulf/warewulf.conf``:
+ 
+ .. code-block:: yaml
+ 
+diff --git a/warewulf.spec.in b/warewulf.spec.in
+index f32585db..ae5f098c 100644
+--- a/warewulf.spec.in
++++ b/warewulf.spec.in
+@@ -69,7 +69,7 @@ Requires: ipxe-bootimgs-aarch64
+ Requires: dnsmasq
+ %else
+ %if 0%{?rhel} >= 8 || 0%{?suse_version} || 0%{?fedora}
+-Requires: dhcp-server
++Requires: dnsmasq
+ %else
+ # rhel < 8 and others
+ Requires: dhcp
+-- 
+2.51.0
+

vendor.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:fcd08cc9522e0b1757d9a445b9fca7ad20a18cb607eaed3fd3a4992d6df5b2a8
-size 10190476

vendor.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:629cfae88716e34aa4e99e7b45ab770eee3a44e1bf83bd24ccfaecf8c2d270fd
+size 6489812

warewulf-4.6.4.obscpio

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:b080ebcb0fcdeb3da9cb1e69a0053e7c0ffa0d1bd43d9e6bf8e58908bdda887e
+size 4748300

warewulf.obsinfo

@@ -0,0 +1,4 @@
+name: warewulf
+version: 4.6.4
+mtime: 1757112751
+commit: 4b9e2f0282ff82c31b20d65507dd02989210aaf2

warewulf4-v4.6.5.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:9b5caa2d97ab1b68c0b3e0a85221e97c9d6c222b72b0dbbb711e7e9cbb42646e
-size 11235905

warewulf4.changes

@@ -1,20 +1,3 @@
--------------------------------------------------------------------
-Mon Jan 19 13:48:50 UTC 2026 - Christian Goll <cgoll@suse.com>
-
-- updated to v4.6.5 with following changes:
-  * new wwctl overlay info command
-  * fixed wwctl image import --update option (bsc#1254470)
-  * cross-arch support for wwclient
-  * improved IPv6 support
-  * improved support for bonded interfaces
-  * renamed debian.interfaces overlay to ifupdown
-  * new systemd-networkd overlay
-  * warewulf-dracut fixes, including "provision-to-disk" fixes
-- default to dnsmasq instead of dhcpd and tftp
-- Removed fix-CVE-2025-58058.patch as updated upstream
-- Removed switched-to-dnsmasq-as-default-dhcp-and-tftp-service.patch 
-  preferring editing conf with yq
-
 -------------------------------------------------------------------
 Mon Sep 08 09:45:51 UTC 2025 - Christian Goll <cgoll@suse.com>
 

warewulf4.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package warewulf4
 #
-# Copyright (c) 2026 SUSE LLC
+# Copyright (c) 2025 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -29,19 +29,23 @@
 ExclusiveArch:  x86_64 aarch64
 
 Name:           warewulf4
-Version:        4.6.5
+Version:        4.6.4
 Release:        0
 Summary:        A suite of tools for clustering
 License:        BSD-3-Clause
 Group:          Productivity/Clustering/Computing
 URL:            https://warewulf.org
-Source0:        https://github.com/warewulf/warewulf/releases/download/v%{version}/warewulf-%{version}.tar.gz#/warewulf4-v%{version}.tar.gz
-Source1:        vendor.tar.gz
+Source0:        warewulf-%{version}.tar
+Source1:        vendor.tar.xz
 Source5:        warewulf4-rpmlintrc
 Source10:       config-ww4.sh
 Source11:       adjust_overlays.sh
 Source20:       README.dnsmasq
 Source21:       README.RKE2.md
+Patch0:         switched-to-dnsmasq-as-default-dhcp-and-tftp-service.patch
+Patch1:         fix-CVE-2025-58058.patch
+#Patch1:         overlay.patch
+#Patch2:         upstream.patch
 
 BuildRequires:  %{python_module Sphinx-latex}
 BuildRequires:  distribution-release
@@ -62,6 +66,7 @@ BuildRequires:  pkgconfig(gpgme)
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 %sysusers_requires
 Requires:       %{name}-overlay = %{version}
+Requires:       firewalld
 Requires:       iproute2
 Requires:       ipxe-bootimgs
 Requires:       logrotate
@@ -196,10 +201,7 @@ yq e '
   .tftp.ipxe."00:09" = "ipxe-x86_64.efi" |
   .tftp.ipxe."00:0B" = "snp-arm64.efi" |
   .["image mounts"] += {"source": "/etc/SUSEConnect", "dest": "/etc/SUSEConnect", "readonly": true} |
-  .["image mounts"] += {"source": "/etc/zypp/credentials.d/SCCcredentials", "dest": "/etc/zypp/credentials.d/SCCcredentials", "readonly": true} |
-  .dhcp.["systemd name"] = "dnsmasq" |
-  .tftp.["systemd name"] = "dnsmasq"
-  ' \
+  .["image mounts"] += {"source": "/etc/zypp/credentials.d/SCCcredentials", "dest": "/etc/zypp/credentials.d/SCCcredentials", "readonly": true}' \
   -i %{buildroot}%{_sysconfdir}/warewulf/warewulf.conf
 # SUSE starts user UIDs at 1000
 #sed -i -e 's@\(.* \$_UID \(>\|-ge\) \)500\(.*\)@\11000\3@' %{buildroot}%{_localstatedir}/lib/warewulf/overlays/host/rootfs/etc/profile.d/ssh_setup.*sh.ww