Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package
golang-github-prometheus-alertmanager for openSUSE:Factory checked in at
2025-05-30 14:37:46
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/golang-github-prometheus-alertmanager (Old)
and
/work/SRC/openSUSE:Factory/.golang-github-prometheus-alertmanager.new.25440
(New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "golang-github-prometheus-alertmanager"
Fri May 30 14:37:46 2025 rev:24 rq:1281120 version:0.28.1
Changes:
--------
---
/work/SRC/openSUSE:Factory/golang-github-prometheus-alertmanager/golang-github-prometheus-alertmanager.changes
2025-03-18 17:44:30.001579036 +0100
+++
/work/SRC/openSUSE:Factory/.golang-github-prometheus-alertmanager.new.25440/golang-github-prometheus-alertmanager.changes
2025-05-30 17:21:21.693364251 +0200
@@ -1,0 +2,10 @@
+Tue May 27 16:18:58 UTC 2025 - Witek Bedyk <witold.be...@suse.com>
+
+- Security: Fix proxy bypassing using IPv6 zone IDs
+ (CVE-2025-22870, bsc#1238686):
+ * Add 0002-Bump-x-net.patch
+- Use `manual` build service
+- Drop Go packaging macros
+- Add testing
+
+-------------------------------------------------------------------
New:
----
0002-Bump-x-net.patch
BETA DEBUG BEGIN:
New: (CVE-2025-22870, bsc#1238686):
* Add 0002-Bump-x-net.patch
- Use `manual` build service
BETA DEBUG END:
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ golang-github-prometheus-alertmanager.spec ++++++
--- /var/tmp/diff_new_pack.ZFWJvN/_old 2025-05-30 17:21:22.397393479 +0200
+++ /var/tmp/diff_new_pack.ZFWJvN/_new 2025-05-30 17:21:22.397393479 +0200
@@ -29,9 +29,9 @@
Source3: alertmanager.yml
# Lifted from Debian's alertmanager package
Patch1: 0001-Default-settings.patch
+Patch2: 0002-Bump-x-net.patch
BuildRequires: fdupes
BuildRequires: golang-github-prometheus-promu >= 0.12.0
-BuildRequires: golang-packaging
BuildRequires: golang(API) >= 1.23
Requires(pre): group(prometheus)
Requires(pre): user(prometheus)
@@ -46,27 +46,20 @@
OpsGenie. It also takes care of silencing and inhibition of alerts.
%prep
-%ifarch s390x
-%autosetup -N -a1 -n alertmanager-%{version}
-%patch -P 1 -p1
-%else
%autosetup -a1 -p1 -n alertmanager-%{version}
-%endif
%build
-%goprep github.com/prometheus/alertmanager
-export GOFLAGS="-buildmode=pie"
%ifarch %{ix86} armv7l armv7hl s390x
-GOPATH=%{_builddir}/go promu build -v --cgo
-%else
-GOPATH=%{_builddir}/go promu build -v
+export BUILD_CGO_FLAG="--cgo"
%endif
+%ifnarch ppc64
+export GOFLAGS="-buildmode=pie"
+%endif
+promu build -v $BUILD_CGO_FLAG
%install
-%goinstall
-install -D -m0755 %{_builddir}/alertmanager-%{version}/alertmanager
%{buildroot}/%{_bindir}/alertmanager
+install -D -m0755 %{_builddir}/alertmanager-%{version}/alertmanager
%{buildroot}/%{_bindir}/prometheus-alertmanager
install -D -m0755 %{_builddir}/alertmanager-%{version}/amtool
%{buildroot}/%{_bindir}/amtool
-mv %{buildroot}%{_bindir}/alertmanager
%{buildroot}%{_bindir}/prometheus-alertmanager
install -D -m 0644 %{SOURCE2}
%{buildroot}%{_unitdir}/prometheus-alertmanager.service
install -Dd -m 0755 %{buildroot}%{_sbindir}
ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rcprometheus-alertmanager
@@ -76,6 +69,11 @@
install -Dd -m 0750 %{buildroot}%{_localstatedir}/lib/prometheus/alertmanager
%fdupes %{buildroot}/%{_prefix}
+%check
+go test -short -x `go list ./... | grep -v cluster`
+%{buildroot}%{_bindir}/prometheus-alertmanager --version
+%{buildroot}%{_bindir}/amtool --version
+
%pre
%service_add_pre prometheus-alertmanager.service
++++++ 0002-Bump-x-net.patch ++++++
diff --git a/go.mod b/go.mod
index 886f16f3..ca7c42d3 100644
--- a/go.mod
+++ b/go.mod
@@ -1,6 +1,8 @@
module github.com/prometheus/alertmanager
-go 1.22.0
+go 1.23.0
+
+toolchain go1.24.3
require (
github.com/KimMachineGun/automemlimit v0.7.0
@@ -43,8 +45,8 @@ require (
go.uber.org/atomic v1.11.0
go.uber.org/automaxprocs v1.6.0
golang.org/x/mod v0.22.0
- golang.org/x/net v0.33.0
- golang.org/x/text v0.21.0
+ golang.org/x/net v0.36.0
+ golang.org/x/text v0.22.0
golang.org/x/tools v0.28.0
gopkg.in/telebot.v3 v3.3.8
gopkg.in/yaml.v2 v2.4.0
@@ -93,10 +95,10 @@ require (
go.opentelemetry.io/otel v1.24.0 // indirect
go.opentelemetry.io/otel/metric v1.24.0 // indirect
go.opentelemetry.io/otel/trace v1.24.0 // indirect
- golang.org/x/crypto v0.31.0 // indirect
+ golang.org/x/crypto v0.35.0 // indirect
golang.org/x/oauth2 v0.24.0 // indirect
- golang.org/x/sync v0.10.0 // indirect
- golang.org/x/sys v0.28.0 // indirect
+ golang.org/x/sync v0.11.0 // indirect
+ golang.org/x/sys v0.30.0 // indirect
google.golang.org/protobuf v1.35.2 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
)
diff --git a/go.sum b/go.sum
index 8b90e154..79f0edeb 100644
--- a/go.sum
+++ b/go.sum
@@ -550,8 +550,8 @@ golang.org/x/crypto
v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPh
golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod
h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
golang.org/x/crypto v0.0.0-20211108221036-ceb1ce70b4fa/go.mod
h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
golang.org/x/crypto v0.0.0-20220411220226-7b82a4e95df4/go.mod
h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/crypto v0.31.0 h1:ihbySMvVjLAeSH1IbfcRTkD/iNscyz8rGzjF/E5hV6U=
-golang.org/x/crypto v0.31.0/go.mod
h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk=
+golang.org/x/crypto v0.35.0 h1:b15kiHdrGCHrP6LvwaQ3c03kgNhhiMgvlhxHQhmg2Xs=
+golang.org/x/crypto v0.35.0/go.mod
h1:dy7dXNW32cAb/6/PRuTNsix8T+vJAqvuIy5Bli/x0YQ=
golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod
h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod
h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod
h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
@@ -636,8 +636,8 @@ golang.org/x/net v0.0.0-20220325170049-de3da57026de/go.mod
h1:CfG3xpIq0wQ8r1q4Su
golang.org/x/net v0.0.0-20220412020605-290c469a71a5/go.mod
h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
golang.org/x/net v0.0.0-20220425223048-2871e0cb64e4/go.mod
h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
golang.org/x/net v0.0.0-20220520000938-2e3eb7b945c2/go.mod
h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
-golang.org/x/net v0.33.0 h1:74SYHlV8BIgHIFC/LrYkOGIwL19eTYXQ5wc6TBuO36I=
-golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4=
+golang.org/x/net v0.36.0 h1:vWF2fRbw4qslQsQzgFqZff+BItCvGFQqKzKIzx1rmoA=
+golang.org/x/net v0.36.0/go.mod h1:bFmbeoIPfrw4sMHNhb4J9f6+tPziuGjq7Jk/38fxi1I=
golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod
h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod
h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod
h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -672,8 +672,8 @@ golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod
h1:RxMgew5VJxzue5/jJ
golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod
h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod
h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20220513210516-0976fa681c29/go.mod
h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.10.0 h1:3NQrjDixjgGwUOCaF8w2+VYHv0Ve/vGYSbdkTa98gmQ=
-golang.org/x/sync v0.10.0/go.mod
h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
+golang.org/x/sync v0.11.0 h1:GGz8+XQP4FvTTrjZPzNKTMFtSXH80RAzG+5ghFPgK9w=
+golang.org/x/sync v0.11.0/go.mod
h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod
h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod
h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod
h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -752,8 +752,8 @@ golang.org/x/sys v0.0.0-20220328115105-d36c6a25d886/go.mod
h1:oPkhp1MJrh7nUepCBc
golang.org/x/sys v0.0.0-20220412211240-33da011f77ad/go.mod
h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220502124256-b6088ccd6cba/go.mod
h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod
h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA=
-golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.30.0 h1:QjkSwP/36a20jFYWkSue1YwXzLmsV5Gfq7Eiy72C1uc=
+golang.org/x/sys v0.30.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod
h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod
h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod
h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -765,8 +765,8 @@ golang.org/x/text v0.3.4/go.mod
h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
-golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo=
-golang.org/x/text v0.21.0/go.mod
h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ=
+golang.org/x/text v0.22.0 h1:bofq7m3/HAFvbF51jz3Q9wLg3jkvSPuiZu/pD1XwgtM=
+golang.org/x/text v0.22.0/go.mod
h1:YRoo4H8PVmsu+E3Ou7cqLVH8oXWIHVoX0jqUWALQhfY=
golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod
h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod
h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod
h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
++++++ _service ++++++
--- /var/tmp/diff_new_pack.ZFWJvN/_old 2025-05-30 17:21:22.445395472 +0200
+++ /var/tmp/diff_new_pack.ZFWJvN/_new 2025-05-30 17:21:22.449395638 +0200
@@ -4,9 +4,9 @@
<param name="url">https://github.com/prometheus/alertmanager</param>
<param name="exclude">.git</param>
<param name="exclude">.github</param>
- <param name="revision">refs/tags/v0.28.1</param>
+ <param name="revision">v0.28.1</param>
<param name="versionformat">@PARENT_TAG@</param>
- <param name="versionrewrite-pattern">^\D*([\d.]+)$</param>
+ <param name="versionrewrite-pattern">v(.*)</param>
</service>
<service name="set_version" mode="manual">
<param name="basename">alertmanager</param>
++++++ alertmanager-0.28.1.obscpio ++++++
++++++ vendor.tar.gz ++++++
++++ 2664 lines of diff (skipped)
