Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package openbao for openSUSE:Factory checked
in at 2025-08-29 18:36:51
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/openbao (Old)
and /work/SRC/openSUSE:Factory/.openbao.new.1977 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "openbao"
Fri Aug 29 18:36:51 2025 rev:12 rq:1301864 version:2.4.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/openbao/openbao.changes 2025-08-18
16:08:32.819659908 +0200
+++ /work/SRC/openSUSE:Factory/.openbao.new.1977/openbao.changes
2025-08-29 18:38:52.879470574 +0200
@@ -1,0 +2,119 @@
+Fri Aug 29 04:08:42 UTC 2025 - Johannes Kastl
<opensuse_buildserv...@ojkastl.de>
+
+- Update to version 2.4.0:
+ * SECURITY
+ - audit/file: Restrict mode parameter
+ - Refuse setting an irregular file mode
+ - Silently strip any executable bits [GH-1651]
+ * CHANGES
+ - certutil.ParsePublicKeyPEM of the package
+ github.com/openbao/openbao/sdk/v2/helper/certutil will now
+ return a crypto.PublicKey instead of any. You might need to
+ remove type assertions from your code. [GH-1611]
+ - database: Drop obsolete upgrade check in roleAtPath()
+ function introduced in v0.10 of Vault. [GH-1675]
+ - sdk/framework: Remove LegacyStringToSliceHookFunc, use
+ mapstructure.StringToWeakSliceHookFunc instead. [GH-1626]
+ - sdk/helper: Removed sdk/helper/base62, sdk/helper/mlock,
+ sdk/helper/parseutil, sdk/helper/password,
+ sdk/helper/strutil, and sdk/helper/tlsutil packages.
+ Please use github.com/openbao/go-secure-stdlib/xxx or
+ github.com/hashicorp/go-secure-stdlib/xxx instead.
+ - sdk/database/helper/connutil: Removed Initialize from
+ ConnectionProducer interface, and SQLConnectionProducer
+ struct. [GH-1676]
+ - sdk/logical: Introduce context to
+ logical.HandleListPage(...). [GH-1696]
+ - sdk: Bump Go version to 1.24.0 [GH-1690]
+ - vault/seal: removal of deprecated migration path of an old
+ pre-Vault v1.0 (encrypted) recovery config location [GH-1424]
+ * FEATURES
+ - Allow filtering LIST, SCAN responses via the
+ list_scan_response_keys_filter_path parameter to restrict
+ information to only readable or listable values. [GH-1389]
+ - Configuration-Based Audit Devices: Create and remove audit
+ devices through server configuration updates. Changes are
+ applied on restart and SIGHUP with issues appearing in the
+ logs. [GH-1700]
+ - Declarative Self-Initialization: allow server operators to
+ define initial service state through request-driven
+ initialization that occurs automatically on first server
+ start. Operators can reference environment variables and
+ files to provision initial authentication, audit, and secret
+ mounts in addition to having full control over general
+ requests to OpenBao It is suggested to put the minimal
+ necessary configuration in this and use a proper IaC platform
+ like OpenTofu to perform further configuration of the
+ instance. [GH-1506]
+ - Delay recovery key generation for auto-unseal mechanisms and
+ make rotation authenticated: Add authenticated root and
+ recovery key rotation endpoints, allow delayed recovery key
+ generation (setting initial shares to 0). Solve the issue
+ with the unauthenticated recovery key rotation APIs.
+ [GH-1518]
+ - Inline, Write-less Authentication: support passing
+ authentication information inline with the desired main
+ operation to avoid the need for separate authentication
+ calls, storing and maintaining tokens. This authentication
+ form will not work with operations that create leases. In
+ this form of authentication, no storage writes occur as a
+ result of authentication allowing its use on future
+ read-enabled standby nodes. [GH-1433]
+ - Add static key unseal mechanism to allow auto-unseal in
+ environments with explicit trust chaining. [GH-1425]
+ * IMPROVEMENTS
+ - api/auth/jwt: initial implementation of JWT Auth Method
+ [GH-1526]
+ - auth/oidc: Add new show_qr=true cli option to display a QR
+ code of the login URL. [GH-1561]
+ - auto-unsealing: Improved the clarity of the warning message
+ logged when the server is uninitialized and auto-unsealing is
+ configured. [GH-1411]
+ - builtin/credential/jwt: Support TLS authentication against
+ explicit alt name/subject. [GH-1533]
+ - cel: Add cel-go ext helpers for string, list, optional,
+ regex, math, set, and encoder operations [GH-1697]
+ - cel: Unify CEL helper functions between JWT and PKI modules,
+ making email validation and other utilities available across
+ both authentication and certificate management [GH-1697]
+ - cli: add new subcommand "bao operator validate-config" to
+ validate a configuration file syntax [GH-1609]
+ - core: sys/seal-status: endpoint now always returns the
+ barrier seal type, explicitly adds recovery seal type
+ [GH-1638]
+ - deps: Update go-jose v3 to go-jose v4 [GH-1477]
+ - secrets/kv: Add CAS (Compare-And-Swap) support for metadata
+ operations in KV v2 secrets engine. Metadata updates now
+ support versioning via metadata_cas parameter and
+ metadata_cas_required configuration option to prevent
+ concurrent modification conflicts. [GH-1372]
+ - ui: change the message 'Vault is sealed to 'OpenBao is
+ Sealed' by changing the title of the unseal template
+ [GH-1652]
+ - seal/pkcs11: Support and default to software encryption for
+ RSA key types. [GH-1742]
+ * DEPRECATIONS
+ - storage/postgresql: remove support for legacy PostgreSQL
+ versions before 9.5 which require a special upsert function.
+ [GH-1570]
+ * BUGFIXES
+ - api: Fix compatibility with sys/health from Vault Enterprise
+ [GH-1730]
+ - command: fixes typo in Windows command for setting BAO_ADDR
+ in development mode [GH-1527]
+ - core/namespaces: Prevent infinite loop in namespace loading
+ due to incorrect list pagination when more than 100 sibling
+ namespaces exist under a given parent [GH-1696]
+ - identity: fix nil panic when collecting metrics with
+ unsafe_cross_namespace_identity=true. [GH-1715]
+ - pki: Truncate should error on expired certificates [GH-1369]
+ - releases: add missing container image manifests for *-hsm
+ variants [GH-1597]
+ - sdk: Various constants in the sdk package mistakenly had no
+ explicit type. They now now typed correctly. [GH-1523]
+ - secrets/pki: Prevent infinite loop in tidy stemming from
+ incorrect list pagination [GH-1696]
+ - storage/postgresql: more graceful handling of parallel table
+ creation [GH-1506]
+
+-------------------------------------------------------------------
Old:
----
openbao-2.3.2.obscpio
ui-2.3.2.tar.gz
New:
----
openbao-2.4.0.obscpio
ui-2.4.0.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ openbao.spec ++++++
--- /var/tmp/diff_new_pack.pL6NHk/_old 2025-08-29 18:39:00.299785696 +0200
+++ /var/tmp/diff_new_pack.pL6NHk/_new 2025-08-29 18:39:00.303785866 +0200
@@ -23,7 +23,7 @@
%define short_executable_name bao
Name: openbao
-Version: 2.3.2
+Version: 2.4.0
Release: 0
Summary: Manage, store, and distribute sensitive data
License: MPL-2.0
++++++ _service ++++++
--- /var/tmp/diff_new_pack.pL6NHk/_old 2025-08-29 18:39:00.367788584 +0200
+++ /var/tmp/diff_new_pack.pL6NHk/_new 2025-08-29 18:39:00.367788584 +0200
@@ -3,7 +3,7 @@
<param name="url">https://github.com/openbao/openbao</param>
<param name="scm">git</param>
<param name="exclude">.git</param>
- <param name="revision">v2.3.2</param>
+ <param name="revision">v2.4.0</param>
<param name="versionformat">@PARENT_TAG@</param>
<param name="versionrewrite-pattern">v(.*)</param>
<param name="changesgenerate">enable</param>
++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.pL6NHk/_old 2025-08-29 18:39:00.387789434 +0200
+++ /var/tmp/diff_new_pack.pL6NHk/_new 2025-08-29 18:39:00.391789603 +0200
@@ -1,6 +1,6 @@
<servicedata>
<service name="tar_scm">
<param name="url">https://github.com/openbao/openbao</param>
- <param
name="changesrevision">b1a68f558c89d18d38fbb8675bb6fc1d90b71e98</param></service></servicedata>
+ <param
name="changesrevision">f9407a27fbee45f62ba521bba2bf1e2360c61031</param></service></servicedata>
(No newline at EOF)
++++++ openbao-2.3.2.obscpio -> openbao-2.4.0.obscpio ++++++
++++ 71906 lines of diff (skipped)
++++++ openbao.obsinfo ++++++
--- /var/tmp/diff_new_pack.pL6NHk/_old 2025-08-29 18:39:03.379916502 +0200
+++ /var/tmp/diff_new_pack.pL6NHk/_new 2025-08-29 18:39:03.455919729 +0200
@@ -1,5 +1,5 @@
name: openbao
-version: 2.3.2
-mtime: 1754624784
-commit: b1a68f558c89d18d38fbb8675bb6fc1d90b71e98
+version: 2.4.0
+mtime: 1756412595
+commit: f9407a27fbee45f62ba521bba2bf1e2360c61031
++++++ ui-2.3.2.tar.gz -> ui-2.4.0.tar.gz ++++++
/work/SRC/openSUSE:Factory/openbao/ui-2.3.2.tar.gz
/work/SRC/openSUSE:Factory/.openbao.new.1977/ui-2.4.0.tar.gz differ: char 5,
line 1
++++++ vendor.tar.gz ++++++
/work/SRC/openSUSE:Factory/openbao/vendor.tar.gz
/work/SRC/openSUSE:Factory/.openbao.new.1977/vendor.tar.gz differ: char 13,
line 1
