From 8016c940db2d71113e39bfd2ff452f696c3c0cbc5a6964a04c4f8f32a08129cb Mon Sep 17 00:00:00 2001
From: Christian Goll <cgoll@suse.com>
Date: Fri, 7 Oct 2022 12:44:28 +0000
Subject: [PATCH] Accepting request 1008777 from home:mslacken:pr

- Udpated to 1.1.2 which fixed CVE-2022-39237
  * CVE-2022-39237: The sif dependency included in Apptainer before this
    release does not verify that the hash algorithm(s) used are
    cryptographically secure when verifying digital signatures. This release
    updates to sif v2.8.1 which corrects this issue. See the linked advisory
    for references and a workaround.

OBS-URL: https://build.opensuse.org/request/show/1008777
OBS-URL: https://build.opensuse.org/package/show/network:cluster/apptainer?expand=0&rev=23
---
 apptainer-1.1.0.tar.gz |  3 ---
 apptainer-1.1.2.tar.gz |  3 +++
 apptainer.changes      | 10 ++++++++++
 apptainer.spec         |  2 +-
 vendor.tar.gz          |  4 ++--
 5 files changed, 16 insertions(+), 6 deletions(-)
 delete mode 100644 apptainer-1.1.0.tar.gz
 create mode 100644 apptainer-1.1.2.tar.gz

diff --git a/apptainer-1.1.0.tar.gz b/apptainer-1.1.0.tar.gz
deleted file mode 100644
index bf4d72d..0000000
--- a/apptainer-1.1.0.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:a36ad5b0cd5f01080f0303ac022dec00c5eb909068db296498c8802e590e81cb
-size 5175619
diff --git a/apptainer-1.1.2.tar.gz b/apptainer-1.1.2.tar.gz
new file mode 100644
index 0000000..6b24e4e
--- /dev/null
+++ b/apptainer-1.1.2.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:4892d2a4347a05ae66b2d7c8becf6dbbe175e12c11a4960040aa293319ee4601
+size 5175828
diff --git a/apptainer.changes b/apptainer.changes
index e26cf10..7a8da25 100644
--- a/apptainer.changes
+++ b/apptainer.changes
@@ -1,3 +1,13 @@
+-------------------------------------------------------------------
+Fri Oct  7 12:42:57 UTC 2022 - Christian Goll <cgoll@suse.com>
+
+- Udpated to 1.1.2 which fixed CVE-2022-39237
+  * CVE-2022-39237: The sif dependency included in Apptainer before this
+    release does not verify that the hash algorithm(s) used are
+    cryptographically secure when verifying digital signatures. This release
+    updates to sif v2.8.1 which corrects this issue. See the linked advisory
+    for references and a workaround.
+
 -------------------------------------------------------------------
 Wed Sep 28 09:07:18 UTC 2022 - Christian Goll <cgoll@suse.com>
 
diff --git a/apptainer.spec b/apptainer.spec
index 472c2ea..b44baee 100644
--- a/apptainer.spec
+++ b/apptainer.spec
@@ -25,7 +25,7 @@ Summary:        Application and environment virtualization
 License:        BSD-3-Clause-LBNL
 Group:          Productivity/Clustering/Computing
 Name:           apptainer
-Version:        1.1.0
+Version:        1.1.2
 Release:        0
 # https://spdx.org/licenses/BSD-3-Clause-LBNL.html
 URL:            https://apptainer.org
diff --git a/vendor.tar.gz b/vendor.tar.gz
index 5eabcef..20ca387 100644
--- a/vendor.tar.gz
+++ b/vendor.tar.gz
@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:c68491bfd2bbe56d6fa6fd83bc97523cad65372aade5c659efd0b1f0d5241901
-size 7214251
+oid sha256:dd1ee418aeb61d5a9679fe6517f01eebe313e5b8ae532b203aacd13be2bba92c
+size 7349891