Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package cmctl for openSUSE:Factory checked in at 2024-02-04 19:08:10 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/cmctl (Old) and /work/SRC/openSUSE:Factory/.cmctl.new.1815 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "cmctl" Sun Feb 4 19:08:10 2024 rev:21 rq:1143761 version:1.14.1 Changes: -------- --- /work/SRC/openSUSE:Factory/cmctl/cmctl.changes 2023-12-09 22:57:26.464837612 +0100 +++ /work/SRC/openSUSE:Factory/.cmctl.new.1815/cmctl.changes 2024-02-04 19:08:28.627042206 +0100 @@ -1,0 +2,62 @@ +Sat Feb 03 08:23:32 UTC 2024 - [email protected] + +- Update to version 1.14.1 (1.14.0 was not released): + cert-manager 1.14 brings a variety of features, security + improvements and bug fixes, including: support for creating X.509 + certificates with "Other Name" fields, and support for creating + CA certificates with "Name Constraints" and "Authority + Information Accessors" extensions. + * Changes since 1.14.0: + - Fix broken cainjector image value in Helm chart (#6693, + @SgtCoDFish) + - Fix bug in cmctl namespace detection which prevented it being + used as a startupapicheck image in namespaces other than + cert-manager. (#6706, @inteon) + - Fix bug in cmctl which caused cmctl experimental install to + panic. (#6706, @inteon) + * Breaking Changes + - The startupapicheck job uses a new OCI image called + "startupapicheck", instead of the ctl image. If you run in + an environment in which images cannot be pulled, be sure to + include the new image. + - The KeyUsage and BasicConstraints extensions will now be + encoded as critical in the CertificateRequest's CSR blob. + * New X.509 Features + - The cert-manager Certificate resource now allows you to + configure a subset of "Other Name" SANs, which are described + in the Subject Alternative Name section of RFC 5280 (on page + 37). + - We specifically support any otherName type with a UTF-8 + value, such as the User Principal Name or sAMAccountName. + These are useful when issuing unique certificates for + authenticating with LDAP systems such as Microsoft Active + Directory. The feature is still in alpha stage and requires + you to enable the OtherName feature flag in the controller + and webhook components. + * New CA certificate Features + - You can now specify the X.509 v3 Authority Information + Accessors extension, with URLs for certificates issued by the + CA issuer. + - Users can now use name constraints in CA certificates. To + know more details on name constraints check out RFC section + https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.10 + * Security + - An ongoing security audit of the cert-manager code revealed + some weaknesses which we have addressed in this release, such + as using more secure default settings in the HTTP servers + that serve metrics, healthz and pprof endpoints. This will + help mitigate denial-of-service attacks against those + important services. + - All the cert-manager containers are now configured with read + only root file system by default, to prevent unexpected + changes to the file system of the OCI image. + - And it is now possible to configure the metrics server to use + HTTPS rather than HTTP, so that clients can verify the + identity of the metrics server. + * Other + - The liveness probe of the cert-manager controller Pod is now + enabled by default. + - There is a new option .spec.keystores.pkcs12.algorithms to + specify encryption and MAC algorithms for PKCS. + +------------------------------------------------------------------- Old: ---- cert-manager-1.13.3.obscpio New: ---- cert-manager-1.14.1.obscpio ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ cmctl.spec ++++++ --- /var/tmp/diff_new_pack.lbuqbo/_old 2024-02-04 19:08:30.319103181 +0100 +++ /var/tmp/diff_new_pack.lbuqbo/_new 2024-02-04 19:08:30.319103181 +0100 @@ -1,7 +1,7 @@ # # spec file for package cmctl # -# Copyright (c) 2023 SUSE LLC +# Copyright (c) 2024 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -21,7 +21,7 @@ %define archive_name cert-manager Name: cmctl -Version: 1.13.3 +Version: 1.14.1 Release: 0 Summary: CLI tool that can help you to manage cert-manager resources inside your cluster License: Apache-2.0 ++++++ _service ++++++ --- /var/tmp/diff_new_pack.lbuqbo/_old 2024-02-04 19:08:30.355104479 +0100 +++ /var/tmp/diff_new_pack.lbuqbo/_new 2024-02-04 19:08:30.359104623 +0100 @@ -3,7 +3,7 @@ <param name="url">https://github.com/cert-manager/cert-manager</param> <param name="scm">git</param> <param name="exclude">.git</param> - <param name="revision">v1.13.3</param> + <param name="revision">v1.14.1</param> <param name="versionformat">@PARENT_TAG@</param> <param name="changesgenerate">enable</param> <param name="versionrewrite-pattern">v(.*)</param> @@ -19,7 +19,7 @@ <param name="compression">gz</param> </service> <service name="go_modules" mode="manual"> - <param name="archive">cert-manager-1.13.3.obscpio</param> + <param name="archive">cert-manager-1.14.1.obscpio</param> </service> </services> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.lbuqbo/_old 2024-02-04 19:08:30.375105199 +0100 +++ /var/tmp/diff_new_pack.lbuqbo/_new 2024-02-04 19:08:30.379105343 +0100 @@ -1,6 +1,6 @@ <servicedata> <service name="tar_scm"> <param name="url">https://github.com/cert-manager/cert-manager</param> - <param name="changesrevision">9f704ed6962d8ddf49432cfa551570472bdd0989</param></service></servicedata> + <param name="changesrevision">241e64fd3019c23e7d087b732f4ebd400d2c9039</param></service></servicedata> (No newline at EOF) ++++++ cert-manager-1.13.3.obscpio -> cert-manager-1.14.1.obscpio ++++++ ++++ 2358 lines of diff (skipped) ++++++ cert-manager.obsinfo ++++++ --- /var/tmp/diff_new_pack.lbuqbo/_old 2024-02-04 19:08:30.507109956 +0100 +++ /var/tmp/diff_new_pack.lbuqbo/_new 2024-02-04 19:08:30.511110100 +0100 @@ -1,5 +1,5 @@ name: cert-manager -version: 1.13.3 -mtime: 1701971586 -commit: 876e386ee905aa86e2466c287e654613b0426927 +version: 1.14.1 +mtime: 1706867188 +commit: c7b1e30ee03c0df36d03a5cd9964894b4b78b966 ++++++ vendor.tar.gz ++++++ /work/SRC/openSUSE:Factory/cmctl/vendor.tar.gz /work/SRC/openSUSE:Factory/.cmctl.new.1815/vendor.tar.gz differ: char 5, line 1
