Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package regclient for openSUSE:Factory
checked in at 2025-09-02 17:58:39
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/regclient (Old)
and /work/SRC/openSUSE:Factory/.regclient.new.1977 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "regclient"
Tue Sep 2 17:58:39 2025 rev:9 rq:1302293 version:0.9.2
Changes:
--------
--- /work/SRC/openSUSE:Factory/regclient/regclient.changes 2025-08-25
20:39:04.790558645 +0200
+++ /work/SRC/openSUSE:Factory/.regclient.new.1977/regclient.changes
2025-09-02 17:59:02.564315075 +0200
@@ -1,0 +2,11 @@
+Tue Sep 02 05:48:59 UTC 2025 - Johannes Kastl
<opensuse_buildserv...@ojkastl.de>
+
+- Update to version 0.9.2:
+ * Security:
+ - xz upgrade fixes CVE-2025-58058 (PR 989)
+ * Miscellaneous:
+ - Fix CLI lint errors. (PR 983)
+ - Cleanup version output. (PR 985)
+ - Dockerfile cleanup. (PR 986)
+
+-------------------------------------------------------------------
Old:
----
regclient-0.9.1.obscpio
New:
----
regclient-0.9.2.obscpio
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ regclient.spec ++++++
--- /var/tmp/diff_new_pack.MpPOab/_old 2025-09-02 17:59:03.348348069 +0200
+++ /var/tmp/diff_new_pack.MpPOab/_new 2025-09-02 17:59:03.352348238 +0200
@@ -17,7 +17,7 @@
Name: regclient
-Version: 0.9.1
+Version: 0.9.2
Release: 0
Summary: OCI Registry Client in Go and tooling using those libraries
License: Apache-2.0
++++++ _service ++++++
--- /var/tmp/diff_new_pack.MpPOab/_old 2025-09-02 17:59:03.384349584 +0200
+++ /var/tmp/diff_new_pack.MpPOab/_new 2025-09-02 17:59:03.388349752 +0200
@@ -3,7 +3,7 @@
<param name="url">https://github.com/regclient/regclient</param>
<param name="scm">git</param>
<param name="package-meta">yes</param>
- <param name="revision">v0.9.1</param>
+ <param name="revision">v0.9.2</param>
<param name="versionformat">@PARENT_TAG@</param>
<param name="versionrewrite-pattern">v(.*)</param>
<param name="changesgenerate">enable</param>
++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.MpPOab/_old 2025-09-02 17:59:03.404350426 +0200
+++ /var/tmp/diff_new_pack.MpPOab/_new 2025-09-02 17:59:03.408350594 +0200
@@ -1,6 +1,6 @@
<servicedata>
<service name="tar_scm">
<param
name="url">https://github.com/regclient/regclient</param>
- <param
name="changesrevision">51df886b5e3b138ac168540ccef5997e0d383c86</param></service></servicedata>
+ <param
name="changesrevision">9bf4b30da1110d0bc82ba2f9268e8c099172dd75</param></service></servicedata>
(No newline at EOF)
++++++ regclient-0.9.1.obscpio -> regclient-0.9.2.obscpio ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/regclient-0.9.1/.git/HEAD
new/regclient-0.9.2/.git/HEAD
--- old/regclient-0.9.1/.git/HEAD 2025-08-24 21:20:38.000000000 +0200
+++ new/regclient-0.9.2/.git/HEAD 2025-08-29 15:49:46.000000000 +0200
@@ -1 +1 @@
-51df886b5e3b138ac168540ccef5997e0d383c86
+9bf4b30da1110d0bc82ba2f9268e8c099172dd75
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/regclient-0.9.1/.git/ORIG_HEAD
new/regclient-0.9.2/.git/ORIG_HEAD
--- old/regclient-0.9.1/.git/ORIG_HEAD 2025-08-24 21:20:38.000000000 +0200
+++ new/regclient-0.9.2/.git/ORIG_HEAD 2025-08-29 15:49:46.000000000 +0200
@@ -1 +1 @@
-51df886b5e3b138ac168540ccef5997e0d383c86
+9bf4b30da1110d0bc82ba2f9268e8c099172dd75
Binary files old/regclient-0.9.1/.git/index and new/regclient-0.9.2/.git/index
differ
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/regclient-0.9.1/.git/logs/HEAD
new/regclient-0.9.2/.git/logs/HEAD
--- old/regclient-0.9.1/.git/logs/HEAD 2025-08-24 21:20:38.000000000 +0200
+++ new/regclient-0.9.2/.git/logs/HEAD 2025-08-29 15:49:46.000000000 +0200
@@ -1,2 +1,2 @@
-0000000000000000000000000000000000000000
9c9bcc2f705c704826a86a25ab23822de10c0b9f kastl <kastl@tumbleweed-pkg.baten>
1756097393 +0200 clone: from https://github.com/regclient/regclient
-9c9bcc2f705c704826a86a25ab23822de10c0b9f
51df886b5e3b138ac168540ccef5997e0d383c86 kastl <kastl@tumbleweed-pkg.baten>
1756097393 +0200 checkout: moving from main to v0.9.1
+0000000000000000000000000000000000000000
339035e49ded3657d648a023213d0076000a99dd Johannes Kastl
<ojka...@baghira.oberhinkofen.ojkastl.de> 1756792138 +0200 clone: from
https://github.com/regclient/regclient
+339035e49ded3657d648a023213d0076000a99dd
9bf4b30da1110d0bc82ba2f9268e8c099172dd75 Johannes Kastl
<ojka...@baghira.oberhinkofen.ojkastl.de> 1756792138 +0200 checkout: moving
from main to v0.9.2
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/regclient-0.9.1/.git/logs/refs/heads/main
new/regclient-0.9.2/.git/logs/refs/heads/main
--- old/regclient-0.9.1/.git/logs/refs/heads/main 2025-08-24
21:20:38.000000000 +0200
+++ new/regclient-0.9.2/.git/logs/refs/heads/main 2025-08-29
15:49:46.000000000 +0200
@@ -1 +1 @@
-0000000000000000000000000000000000000000
9c9bcc2f705c704826a86a25ab23822de10c0b9f kastl <kastl@tumbleweed-pkg.baten>
1756097393 +0200 clone: from https://github.com/regclient/regclient
+0000000000000000000000000000000000000000
339035e49ded3657d648a023213d0076000a99dd Johannes Kastl
<ojka...@baghira.oberhinkofen.ojkastl.de> 1756792138 +0200 clone: from
https://github.com/regclient/regclient
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/regclient-0.9.1/.git/logs/refs/remotes/origin/HEAD
new/regclient-0.9.2/.git/logs/refs/remotes/origin/HEAD
--- old/regclient-0.9.1/.git/logs/refs/remotes/origin/HEAD 2025-08-24
21:20:38.000000000 +0200
+++ new/regclient-0.9.2/.git/logs/refs/remotes/origin/HEAD 2025-08-29
15:49:46.000000000 +0200
@@ -1 +1 @@
-0000000000000000000000000000000000000000
9c9bcc2f705c704826a86a25ab23822de10c0b9f kastl <kastl@tumbleweed-pkg.baten>
1756097393 +0200 clone: from https://github.com/regclient/regclient
+0000000000000000000000000000000000000000
339035e49ded3657d648a023213d0076000a99dd Johannes Kastl
<ojka...@baghira.oberhinkofen.ojkastl.de> 1756792138 +0200 clone: from
https://github.com/regclient/regclient
Binary files
old/regclient-0.9.1/.git/objects/pack/pack-9c8884d5d964272483aebd976510c53f55d58d42.idx
and
new/regclient-0.9.2/.git/objects/pack/pack-9c8884d5d964272483aebd976510c53f55d58d42.idx
differ
Binary files
old/regclient-0.9.1/.git/objects/pack/pack-9c8884d5d964272483aebd976510c53f55d58d42.pack
and
new/regclient-0.9.2/.git/objects/pack/pack-9c8884d5d964272483aebd976510c53f55d58d42.pack
differ
Binary files
old/regclient-0.9.1/.git/objects/pack/pack-9c8884d5d964272483aebd976510c53f55d58d42.rev
and
new/regclient-0.9.2/.git/objects/pack/pack-9c8884d5d964272483aebd976510c53f55d58d42.rev
differ
Binary files
old/regclient-0.9.1/.git/objects/pack/pack-f35cdd29ceb72713582d86510aa772b17b76061a.idx
and
new/regclient-0.9.2/.git/objects/pack/pack-f35cdd29ceb72713582d86510aa772b17b76061a.idx
differ
Binary files
old/regclient-0.9.1/.git/objects/pack/pack-f35cdd29ceb72713582d86510aa772b17b76061a.pack
and
new/regclient-0.9.2/.git/objects/pack/pack-f35cdd29ceb72713582d86510aa772b17b76061a.pack
differ
Binary files
old/regclient-0.9.1/.git/objects/pack/pack-f35cdd29ceb72713582d86510aa772b17b76061a.rev
and
new/regclient-0.9.2/.git/objects/pack/pack-f35cdd29ceb72713582d86510aa772b17b76061a.rev
differ
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/regclient-0.9.1/.git/packed-refs
new/regclient-0.9.2/.git/packed-refs
--- old/regclient-0.9.1/.git/packed-refs 2025-08-24 21:20:38.000000000
+0200
+++ new/regclient-0.9.2/.git/packed-refs 2025-08-29 15:49:46.000000000
+0200
@@ -1,5 +1,5 @@
# pack-refs with: peeled fully-peeled sorted
-9c9bcc2f705c704826a86a25ab23822de10c0b9f refs/remotes/origin/main
+339035e49ded3657d648a023213d0076000a99dd refs/remotes/origin/main
daa734a0b4dc9c19231cfe691a241f0ce2a7b2f4 refs/remotes/origin/releases/0.0
4c6dd972a3c609f7c0997bb6e464aee431f8c971 refs/remotes/origin/releases/0.2
6a1a13c410f734f5e18a6032936bc6764814eae7 refs/remotes/origin/releases/0.3
@@ -8,7 +8,7 @@
766ee6291f882778207ff42207f9ca8b1da54e57 refs/remotes/origin/releases/0.6
6b1f7bd9a3b2972605f04a534143f7fed522b680 refs/remotes/origin/releases/0.7
ba184b305aaad55b40bf517d06e4d8d1afd35bf9 refs/remotes/origin/releases/0.8
-51df886b5e3b138ac168540ccef5997e0d383c86 refs/remotes/origin/releases/0.9
+9bf4b30da1110d0bc82ba2f9268e8c099172dd75 refs/remotes/origin/releases/0.9
54d924682eb6425847db8dd4acdfcd2beea4c83a refs/tags/v0.0.1
^f4dd0b8c5836798787b73dbec754be1d8a93695f
4fc2fa04faba545e279745f2afd8faad7ca7d296 refs/tags/v0.0.2
@@ -103,3 +103,5 @@
^ad4e3d926030f76419211838494434974f17db67
f0fc5276b3f9824a7dbe90f2f19c6b793327a2ab refs/tags/v0.9.1
^51df886b5e3b138ac168540ccef5997e0d383c86
+f2f52f74601fa8f460abe24aaa63447cf08b2a7b refs/tags/v0.9.2
+^9bf4b30da1110d0bc82ba2f9268e8c099172dd75
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/regclient-0.9.1/.git/refs/heads/main
new/regclient-0.9.2/.git/refs/heads/main
--- old/regclient-0.9.1/.git/refs/heads/main 2025-08-24 21:20:38.000000000
+0200
+++ new/regclient-0.9.2/.git/refs/heads/main 2025-08-29 15:49:46.000000000
+0200
@@ -1 +1 @@
-9c9bcc2f705c704826a86a25ab23822de10c0b9f
+339035e49ded3657d648a023213d0076000a99dd
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/regclient-0.9.1/.github/workflows/docker.yml
new/regclient-0.9.2/.github/workflows/docker.yml
--- old/regclient-0.9.1/.github/workflows/docker.yml 2025-08-24
21:20:38.000000000 +0200
+++ new/regclient-0.9.2/.github/workflows/docker.yml 2025-08-29
15:49:46.000000000 +0200
@@ -129,7 +129,7 @@
uses:
anchore/sbom-action/download-syft@da167eac915b4e86f08b264dbdbc867b61be6f0c #
v0.20.5
id: syft
with:
- syft-version: "v1.31.0"
+ syft-version: "v1.32.0"
# Dogfooding, use regctl to modify regclient images to improve
reproducibility
- name: Install regctl
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/regclient-0.9.1/.github/workflows/go.yml
new/regclient-0.9.2/.github/workflows/go.yml
--- old/regclient-0.9.1/.github/workflows/go.yml 2025-08-24
21:20:38.000000000 +0200
+++ new/regclient-0.9.2/.github/workflows/go.yml 2025-08-29
15:49:46.000000000 +0200
@@ -63,7 +63,7 @@
uses:
anchore/sbom-action/download-syft@da167eac915b4e86f08b264dbdbc867b61be6f0c #
v0.20.5
id: syft
with:
- syft-version: "v1.31.0"
+ syft-version: "v1.32.0"
- name: Build artifacts
if: startsWith( github.ref, 'refs/tags/v' ) || github.ref ==
'refs/heads/main'
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/regclient-0.9.1/.version-bump.lock
new/regclient-0.9.2/.version-bump.lock
--- old/regclient-0.9.1/.version-bump.lock 2025-08-24 21:20:38.000000000
+0200
+++ new/regclient-0.9.2/.version-bump.lock 2025-08-29 15:49:46.000000000
+0200
@@ -1,6 +1,6 @@
{"name":"docker-arg-alpine-digest","key":"docker.io/library/alpine:3.22.1","version":"sha256:4bcff63911fcb4448bd4fdacec207030997caf25e9bea4045fa6c8c44de311d1"}
{"name":"docker-arg-alpine-tag","key":"docker.io/library/alpine","version":"3.22.1"}
-{"name":"docker-arg-ecr","key":"https://github.com/awslabs/amazon-ecr-credential-helper.git:main","version":"64b08bad70174a1849fe597f0c59288eb7b7cf91"}
+{"name":"docker-arg-ecr","key":"https://github.com/awslabs/amazon-ecr-credential-helper.git","version":"v0.10.1"}
{"name":"docker-arg-gcr","key":"https://github.com/GoogleCloudPlatform/docker-credential-gcr.git","version":"v2.1.30"}
{"name":"docker-arg-go-digest","key":"docker.io/library/golang:1.25.0-alpine","version":"sha256:f18a072054848d87a8077455f0ac8a25886f2397f88bfdd222d6fafbb5bba440"}
{"name":"docker-arg-go-tag","key":"docker.io/library/golang","version":"1.25.0"}
@@ -12,7 +12,7 @@
{"name":"gha-cosign-version","key":"https://github.com/sigstore/cosign.git","version":"v2.5.3"}
{"name":"gha-golang-matrix","key":"golang-matrix","version":"[\"1.24\",
\"1.25\"]"}
{"name":"gha-golang-release","key":"golang-latest","version":"1.25"}
-{"name":"gha-syft-version","key":"docker.io/anchore/syft","version":"v1.31.0"}
+{"name":"gha-syft-version","key":"docker.io/anchore/syft","version":"v1.32.0"}
{"name":"gha-uses-commit","key":"https://github.com/actions/checkout.git:v5.0.0","version":"08c6903cd8c0fde910a37f88322edcfb5dd907a8"}
{"name":"gha-uses-commit","key":"https://github.com/actions/setup-go.git:v5.5.0","version":"d35c59abb061a4a6fb18e82ac0862c26744d6ab5"}
{"name":"gha-uses-commit","key":"https://github.com/actions/stale.git:v9.1.0","version":"5bef64f19d7facfb25b37b414482c7164d639639"}
@@ -38,14 +38,14 @@
{"name":"makefile-ci-distribution","key":"docker.io/library/registry","version":"3.0.0"}
{"name":"makefile-ci-zot","key":"ghcr.io/project-zot/zot-linux-amd64","version":"v2.1.7"}
{"name":"makefile-go-vulncheck","key":"https://go.googlesource.com/vuln.git","version":"v1.1.4"}
-{"name":"makefile-gomajor","key":"https://github.com/icholy/gomajor.git","version":"v0.14.0"}
+{"name":"makefile-gomajor","key":"https://github.com/icholy/gomajor.git","version":"v0.15.0"}
{"name":"makefile-gosec","key":"https://github.com/securego/gosec.git","version":"v2.22.8"}
{"name":"makefile-markdown-lint","key":"docker.io/davidanson/markdownlint-cli2","version":"v0.18.1"}
-{"name":"makefile-osv-scanner","key":"https://github.com/google/osv-scanner.git","version":"v2.2.1"}
+{"name":"makefile-osv-scanner","key":"https://github.com/google/osv-scanner.git","version":"v2.2.2"}
{"name":"makefile-staticcheck","key":"https://github.com/dominikh/go-tools.git","version":"v0.6.1"}
-{"name":"makefile-syft-container-digest","key":"anchore/syft:v1.31.0","version":"sha256:c15fa8af4c25edd72c0daf026d095fe51adbcfc7ad5d79a66e93d88f249e5abb"}
-{"name":"makefile-syft-container-tag","key":"anchore/syft","version":"v1.31.0"}
-{"name":"makefile-syft-version","key":"docker.io/anchore/syft","version":"v1.31.0"}
+{"name":"makefile-syft-container-digest","key":"anchore/syft:v1.32.0","version":"sha256:b6a6da626d98f5cb92e28934176709003cce6cdcf674816959c7d84845d94045"}
+{"name":"makefile-syft-container-tag","key":"anchore/syft","version":"v1.32.0"}
+{"name":"makefile-syft-version","key":"docker.io/anchore/syft","version":"v1.32.0"}
{"name":"osv-golang-release","key":"docker.io/library/golang","version":"1.25.0"}
{"name":"shell-alpine-digest","key":"docker.io/library/alpine:3.22.1","version":"sha256:4bcff63911fcb4448bd4fdacec207030997caf25e9bea4045fa6c8c44de311d1"}
{"name":"shell-alpine-tag-base","key":"docker.io/library/alpine","version":"3"}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/regclient-0.9.1/.version-bump.yml
new/regclient-0.9.2/.version-bump.yml
--- old/regclient-0.9.1/.version-bump.yml 2025-08-24 21:20:38.000000000
+0200
+++ new/regclient-0.9.2/.version-bump.yml 2025-08-29 15:49:46.000000000
+0200
@@ -100,12 +100,11 @@
sourceArgs:
image: "docker.io/library/golang:{{.ScanMatch.Tag}}"
docker-arg-ecr:
- <<: *git-commit
+ <<: *git-tag-semver
scanArgs:
- regexp: '^ARG ECR_HELPER_VER=(?P<Version>[0-9a-f]+)\s*$'
+ regexp: '^ARG ECR_HELPER_VER=(?P<Version>v?\d+\.\d+\.\d+)\s*$'
sourceArgs:
url: "https://github.com/awslabs/amazon-ecr-credential-helper.git";
- ref: main
docker-arg-gcr:
<<: *git-tag-semver
scanArgs:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/regclient-0.9.1/Makefile new/regclient-0.9.2/Makefile
--- old/regclient-0.9.1/Makefile 2025-08-24 21:20:38.000000000 +0200
+++ new/regclient-0.9.2/Makefile 2025-08-29 15:49:46.000000000 +0200
@@ -19,10 +19,12 @@
fi; \
echo "$${vcs_version}" | sed -r 's#/+#-#g')
VCS_TAG?=$(shell git describe --tags --abbrev=0 2>/dev/null || true)
+VCS_SEC?=$(shell git log -1 --format=%ct)
+VCS_DATE?=$(shell date -d "@$(VCS_SEC)" +%Y-%m-%dT%H:%M:%SZ --utc)
LD_FLAGS?=-s -w -extldflags -static -buildid= -X
\"github.com/regclient/regclient/internal/version.vcsTag=$(VCS_TAG)\"
GO_BUILD_FLAGS?=-trimpath -ldflags "$(LD_FLAGS)"
DOCKERFILE_EXT?=$(shell if docker build --help 2>/dev/null | grep -q --
'--progress'; then echo ".buildkit"; fi)
-DOCKER_ARGS?=--build-arg "VCS_REF=$(VCS_REF)" --build-arg
"VCS_VERSION=$(VCS_VERSION)"
+DOCKER_ARGS?=--build-arg "VCS_REF=$(VCS_REF)" --build-arg
"VCS_VERSION=$(VCS_VERSION)" --build-arg "SOURCE_DATE_EPOCH=$(VCS_SEC)"
--build-arg "BUILD_DATE=$(VCS_DATE)"
GOPATH?=$(shell go env GOPATH)
PWD:=$(shell pwd)
VER_BUMP?=$(shell command -v version-bump 2>/dev/null)
@@ -34,14 +36,14 @@
$(VER_BUMP_CONTAINER)
endif
MARKDOWN_LINT_VER?=v0.18.1
-GOMAJOR_VER?=v0.14.0
+GOMAJOR_VER?=v0.15.0
GOSEC_VER?=v2.22.8
GO_VULNCHECK_VER?=v1.1.4
-OSV_SCANNER_VER?=v2.2.1
+OSV_SCANNER_VER?=v2.2.2
SYFT?=$(shell command -v syft 2>/dev/null)
SYFT_CMD_VER:=$(shell [ -x "$(SYFT)" ] && echo "v$$($(SYFT) version | awk
'/^Version: / {print $$2}')" || echo "0")
-SYFT_VERSION?=v1.31.0
-SYFT_CONTAINER?=anchore/syft:v1.31.0@sha256:c15fa8af4c25edd72c0daf026d095fe51adbcfc7ad5d79a66e93d88f249e5abb
+SYFT_VERSION?=v1.32.0
+SYFT_CONTAINER?=anchore/syft:v1.32.0@sha256:b6a6da626d98f5cb92e28934176709003cce6cdcf674816959c7d84845d94045
ifneq "$(SYFT_CMD_VER)" "$(SYFT_VERSION)"
SYFT=docker run --rm \
-v "$(shell pwd)/:$(shell pwd)/" -w "$(shell pwd)" \
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/regclient-0.9.1/build/Dockerfile.regbot
new/regclient-0.9.2/build/Dockerfile.regbot
--- old/regclient-0.9.1/build/Dockerfile.regbot 2025-08-24 21:20:38.000000000
+0200
+++ new/regclient-0.9.2/build/Dockerfile.regbot 2025-08-29 15:49:46.000000000
+0200
@@ -1,10 +1,11 @@
ARG REGISTRY=docker.io
ARG
ALPINE_VER=3.22.1@sha256:4bcff63911fcb4448bd4fdacec207030997caf25e9bea4045fa6c8c44de311d1
ARG
GO_VER=1.25.0-alpine@sha256:f18a072054848d87a8077455f0ac8a25886f2397f88bfdd222d6fafbb5bba440
-ARG ECR_HELPER_VER=64b08bad70174a1849fe597f0c59288eb7b7cf91
+ARG ECR_HELPER_VER=v0.10.1
ARG GCR_HELPER_VER=v2.1.30
ARG LUNAJSON_COMMIT=3d10600874527d71519b33ecbb314eb93ccd1df6
ARG SEMVER_COMMIT=a4b708ba243208d46e575da870af969dca46a94d
+ARG VCS_VERSION=(devel)
FROM ${REGISTRY}/library/golang:${GO_VER} AS golang
RUN apk add --no-cache \
@@ -77,15 +78,14 @@
ENV LUA_PATH="?;?.lua;/lua-user/?;/lua-user/?.lua;/lua-mods/?;/lua-mods/?.lua"
USER appuser
CMD [ "regbot", "--help" ]
-
ARG BUILD_DATE
ARG VCS_REF
-ARG VCS_VERSION=(devel)
+ARG VCS_VERSION
LABEL maintainer="" \
org.opencontainers.image.created=$BUILD_DATE \
org.opencontainers.image.authors="regclient contributors" \
org.opencontainers.image.url="https://github.com/regclient/regclient"; \
-
org.opencontainers.image.documentation="https://github.com/regclient/regclient";
\
+ org.opencontainers.image.documentation="https://regclient.org/"; \
org.opencontainers.image.source="https://github.com/regclient/regclient";
\
org.opencontainers.image.version=$VCS_VERSION \
org.opencontainers.image.revision=$VCS_REF \
@@ -101,15 +101,14 @@
ENV LUA_PATH="?;?.lua;/lua-user/?;/lua-user/?.lua;/lua-mods/?;/lua-mods/?.lua"
USER appuser
ENTRYPOINT [ "/regbot" ]
-
ARG BUILD_DATE
ARG VCS_REF
-ARG VCS_VERSION=(devel)
+ARG VCS_VERSION
LABEL maintainer="" \
org.opencontainers.image.created=$BUILD_DATE \
org.opencontainers.image.authors="regclient contributors" \
org.opencontainers.image.url="https://github.com/regclient/regclient"; \
-
org.opencontainers.image.documentation="https://github.com/regclient/regclient";
\
+ org.opencontainers.image.documentation="https://regclient.org/"; \
org.opencontainers.image.source="https://github.com/regclient/regclient";
\
org.opencontainers.image.version=$VCS_VERSION \
org.opencontainers.image.revision=$VCS_REF \
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/regclient-0.9.1/build/Dockerfile.regbot.buildkit
new/regclient-0.9.2/build/Dockerfile.regbot.buildkit
--- old/regclient-0.9.1/build/Dockerfile.regbot.buildkit 2025-08-24
21:20:38.000000000 +0200
+++ new/regclient-0.9.2/build/Dockerfile.regbot.buildkit 2025-08-29
15:49:46.000000000 +0200
@@ -3,10 +3,11 @@
ARG REGISTRY=docker.io
ARG
ALPINE_VER=3.22.1@sha256:4bcff63911fcb4448bd4fdacec207030997caf25e9bea4045fa6c8c44de311d1
ARG
GO_VER=1.25.0-alpine@sha256:f18a072054848d87a8077455f0ac8a25886f2397f88bfdd222d6fafbb5bba440
-ARG ECR_HELPER_VER=64b08bad70174a1849fe597f0c59288eb7b7cf91
+ARG ECR_HELPER_VER=v0.10.1
ARG GCR_HELPER_VER=v2.1.30
ARG LUNAJSON_COMMIT=3d10600874527d71519b33ecbb314eb93ccd1df6
ARG SEMVER_COMMIT=a4b708ba243208d46e575da870af969dca46a94d
+ARG VCS_VERSION=(devel)
FROM --platform=$BUILDPLATFORM ${REGISTRY}/library/golang:${GO_VER} AS golang
RUN apk add --no-cache \
@@ -95,15 +96,14 @@
ENV LUA_PATH="?;?.lua;/lua-user/?;/lua-user/?.lua;/lua-mods/?;/lua-mods/?.lua"
USER appuser
CMD [ "regbot", "--help" ]
-
ARG BUILD_DATE
ARG VCS_REF
-ARG VCS_VERSION=(devel)
+ARG VCS_VERSION
LABEL maintainer="" \
org.opencontainers.image.created=$BUILD_DATE \
org.opencontainers.image.authors="regclient contributors" \
org.opencontainers.image.url="https://github.com/regclient/regclient"; \
-
org.opencontainers.image.documentation="https://github.com/regclient/regclient";
\
+ org.opencontainers.image.documentation="https://regclient.org/"; \
org.opencontainers.image.source="https://github.com/regclient/regclient";
\
org.opencontainers.image.version=$VCS_VERSION \
org.opencontainers.image.revision=$VCS_REF \
@@ -119,15 +119,14 @@
ENV LUA_PATH="?;?.lua;/lua-user/?;/lua-user/?.lua;/lua-mods/?;/lua-mods/?.lua"
USER appuser
ENTRYPOINT [ "/regbot" ]
-
ARG BUILD_DATE
ARG VCS_REF
-ARG VCS_VERSION=(devel)
+ARG VCS_VERSION
LABEL maintainer="" \
org.opencontainers.image.created=$BUILD_DATE \
org.opencontainers.image.authors="regclient contributors" \
org.opencontainers.image.url="https://github.com/regclient/regclient"; \
-
org.opencontainers.image.documentation="https://github.com/regclient/regclient";
\
+ org.opencontainers.image.documentation="https://regclient.org/"; \
org.opencontainers.image.source="https://github.com/regclient/regclient";
\
org.opencontainers.image.version=$VCS_VERSION \
org.opencontainers.image.revision=$VCS_REF \
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/regclient-0.9.1/build/Dockerfile.regctl
new/regclient-0.9.2/build/Dockerfile.regctl
--- old/regclient-0.9.1/build/Dockerfile.regctl 2025-08-24 21:20:38.000000000
+0200
+++ new/regclient-0.9.2/build/Dockerfile.regctl 2025-08-29 15:49:46.000000000
+0200
@@ -1,8 +1,9 @@
ARG REGISTRY=docker.io
ARG
ALPINE_VER=3.22.1@sha256:4bcff63911fcb4448bd4fdacec207030997caf25e9bea4045fa6c8c44de311d1
ARG
GO_VER=1.25.0-alpine@sha256:f18a072054848d87a8077455f0ac8a25886f2397f88bfdd222d6fafbb5bba440
-ARG ECR_HELPER_VER=64b08bad70174a1849fe597f0c59288eb7b7cf91
+ARG ECR_HELPER_VER=v0.10.1
ARG GCR_HELPER_VER=v2.1.30
+ARG VCS_VERSION=(devel)
FROM ${REGISTRY}/library/golang:${GO_VER} AS golang
RUN apk add --no-cache \
@@ -56,15 +57,14 @@
COPY --from=build /src/bin/regctl /usr/local/bin/regctl
USER appuser
CMD [ "regctl", "--help" ]
-
ARG BUILD_DATE
ARG VCS_REF
-ARG VCS_VERSION=(devel)
+ARG VCS_VERSION
LABEL maintainer="" \
org.opencontainers.image.created=$BUILD_DATE \
org.opencontainers.image.authors="regclient contributors" \
org.opencontainers.image.url="https://github.com/regclient/regclient"; \
-
org.opencontainers.image.documentation="https://github.com/regclient/regclient";
\
+ org.opencontainers.image.documentation="https://regclient.org/"; \
org.opencontainers.image.source="https://github.com/regclient/regclient";
\
org.opencontainers.image.version=$VCS_VERSION \
org.opencontainers.image.revision=$VCS_REF \
@@ -78,15 +78,14 @@
COPY --from=build /src/bin/regctl /regctl
USER appuser
ENTRYPOINT [ "/regctl" ]
-
ARG BUILD_DATE
ARG VCS_REF
-ARG VCS_VERSION=(devel)
+ARG VCS_VERSION
LABEL maintainer="" \
org.opencontainers.image.created=$BUILD_DATE \
org.opencontainers.image.authors="regclient contributors" \
org.opencontainers.image.url="https://github.com/regclient/regclient"; \
-
org.opencontainers.image.documentation="https://github.com/regclient/regclient";
\
+ org.opencontainers.image.documentation="https://regclient.org/"; \
org.opencontainers.image.source="https://github.com/regclient/regclient";
\
org.opencontainers.image.version=$VCS_VERSION \
org.opencontainers.image.revision=$VCS_REF \
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/regclient-0.9.1/build/Dockerfile.regctl.buildkit
new/regclient-0.9.2/build/Dockerfile.regctl.buildkit
--- old/regclient-0.9.1/build/Dockerfile.regctl.buildkit 2025-08-24
21:20:38.000000000 +0200
+++ new/regclient-0.9.2/build/Dockerfile.regctl.buildkit 2025-08-29
15:49:46.000000000 +0200
@@ -3,8 +3,9 @@
ARG REGISTRY=docker.io
ARG
ALPINE_VER=3.22.1@sha256:4bcff63911fcb4448bd4fdacec207030997caf25e9bea4045fa6c8c44de311d1
ARG
GO_VER=1.25.0-alpine@sha256:f18a072054848d87a8077455f0ac8a25886f2397f88bfdd222d6fafbb5bba440
-ARG ECR_HELPER_VER=64b08bad70174a1849fe597f0c59288eb7b7cf91
+ARG ECR_HELPER_VER=v0.10.1
ARG GCR_HELPER_VER=v2.1.30
+ARG VCS_VERSION=(devel)
FROM --platform=$BUILDPLATFORM ${REGISTRY}/library/golang:${GO_VER} AS golang
RUN apk add --no-cache \
@@ -74,15 +75,14 @@
COPY --from=build /src/bin/regctl /usr/local/bin/regctl
USER appuser
CMD [ "regctl", "--help" ]
-
ARG BUILD_DATE
ARG VCS_REF
-ARG VCS_VERSION=(devel)
+ARG VCS_VERSION
LABEL maintainer="" \
org.opencontainers.image.created=$BUILD_DATE \
org.opencontainers.image.authors="regclient contributors" \
org.opencontainers.image.url="https://github.com/regclient/regclient"; \
-
org.opencontainers.image.documentation="https://github.com/regclient/regclient";
\
+ org.opencontainers.image.documentation="https://regclient.org/"; \
org.opencontainers.image.source="https://github.com/regclient/regclient";
\
org.opencontainers.image.version=$VCS_VERSION \
org.opencontainers.image.revision=$VCS_REF \
@@ -96,15 +96,14 @@
COPY --from=build /src/bin/regctl /regctl
USER appuser
ENTRYPOINT [ "/regctl" ]
-
ARG BUILD_DATE
ARG VCS_REF
-ARG VCS_VERSION=(devel)
+ARG VCS_VERSION
LABEL maintainer="" \
org.opencontainers.image.created=$BUILD_DATE \
org.opencontainers.image.authors="regclient contributors" \
org.opencontainers.image.url="https://github.com/regclient/regclient"; \
-
org.opencontainers.image.documentation="https://github.com/regclient/regclient";
\
+ org.opencontainers.image.documentation="https://regclient.org/"; \
org.opencontainers.image.source="https://github.com/regclient/regclient";
\
org.opencontainers.image.version=$VCS_VERSION \
org.opencontainers.image.revision=$VCS_REF \
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/regclient-0.9.1/build/Dockerfile.regsync
new/regclient-0.9.2/build/Dockerfile.regsync
--- old/regclient-0.9.1/build/Dockerfile.regsync 2025-08-24
21:20:38.000000000 +0200
+++ new/regclient-0.9.2/build/Dockerfile.regsync 2025-08-29
15:49:46.000000000 +0200
@@ -1,8 +1,9 @@
ARG REGISTRY=docker.io
ARG
ALPINE_VER=3.22.1@sha256:4bcff63911fcb4448bd4fdacec207030997caf25e9bea4045fa6c8c44de311d1
ARG
GO_VER=1.25.0-alpine@sha256:f18a072054848d87a8077455f0ac8a25886f2397f88bfdd222d6fafbb5bba440
-ARG ECR_HELPER_VER=64b08bad70174a1849fe597f0c59288eb7b7cf91
+ARG ECR_HELPER_VER=v0.10.1
ARG GCR_HELPER_VER=v2.1.30
+ARG VCS_VERSION=(devel)
FROM ${REGISTRY}/library/golang:${GO_VER} AS golang
RUN apk add --no-cache \
@@ -56,15 +57,14 @@
COPY --from=build /src/bin/regsync /usr/local/bin/regsync
USER appuser
CMD [ "regsync", "--help" ]
-
ARG BUILD_DATE
ARG VCS_REF
-ARG VCS_VERSION=(devel)
+ARG VCS_VERSION
LABEL maintainer="" \
org.opencontainers.image.created=$BUILD_DATE \
org.opencontainers.image.authors="regclient contributors" \
org.opencontainers.image.url="https://github.com/regclient/regclient"; \
-
org.opencontainers.image.documentation="https://github.com/regclient/regclient";
\
+ org.opencontainers.image.documentation="https://regclient.org/"; \
org.opencontainers.image.source="https://github.com/regclient/regclient";
\
org.opencontainers.image.version=$VCS_VERSION \
org.opencontainers.image.revision=$VCS_REF \
@@ -78,15 +78,14 @@
COPY --from=build /src/bin/regsync /regsync
USER appuser
ENTRYPOINT [ "/regsync" ]
-
ARG BUILD_DATE
ARG VCS_REF
-ARG VCS_VERSION=(devel)
+ARG VCS_VERSION
LABEL maintainer="" \
org.opencontainers.image.created=$BUILD_DATE \
org.opencontainers.image.authors="regclient contributors" \
org.opencontainers.image.url="https://github.com/regclient/regclient"; \
-
org.opencontainers.image.documentation="https://github.com/regclient/regclient";
\
+ org.opencontainers.image.documentation="https://regclient.org/"; \
org.opencontainers.image.source="https://github.com/regclient/regclient";
\
org.opencontainers.image.version=$VCS_VERSION \
org.opencontainers.image.revision=$VCS_REF \
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/regclient-0.9.1/build/Dockerfile.regsync.buildkit
new/regclient-0.9.2/build/Dockerfile.regsync.buildkit
--- old/regclient-0.9.1/build/Dockerfile.regsync.buildkit 2025-08-24
21:20:38.000000000 +0200
+++ new/regclient-0.9.2/build/Dockerfile.regsync.buildkit 2025-08-29
15:49:46.000000000 +0200
@@ -3,8 +3,9 @@
ARG REGISTRY=docker.io
ARG
ALPINE_VER=3.22.1@sha256:4bcff63911fcb4448bd4fdacec207030997caf25e9bea4045fa6c8c44de311d1
ARG
GO_VER=1.25.0-alpine@sha256:f18a072054848d87a8077455f0ac8a25886f2397f88bfdd222d6fafbb5bba440
-ARG ECR_HELPER_VER=64b08bad70174a1849fe597f0c59288eb7b7cf91
+ARG ECR_HELPER_VER=v0.10.1
ARG GCR_HELPER_VER=v2.1.30
+ARG VCS_VERSION=(devel)
FROM --platform=$BUILDPLATFORM ${REGISTRY}/library/golang:${GO_VER} AS golang
RUN apk add --no-cache \
@@ -74,15 +75,14 @@
COPY --from=build /src/bin/regsync /usr/local/bin/regsync
USER appuser
CMD [ "regsync", "--help" ]
-
ARG BUILD_DATE
ARG VCS_REF
-ARG VCS_VERSION=(devel)
+ARG VCS_VERSION
LABEL maintainer="" \
org.opencontainers.image.created=$BUILD_DATE \
org.opencontainers.image.authors="regclient contributors" \
org.opencontainers.image.url="https://github.com/regclient/regclient"; \
-
org.opencontainers.image.documentation="https://github.com/regclient/regclient";
\
+ org.opencontainers.image.documentation="https://regclient.org/"; \
org.opencontainers.image.source="https://github.com/regclient/regclient";
\
org.opencontainers.image.version=$VCS_VERSION \
org.opencontainers.image.revision=$VCS_REF \
@@ -96,15 +96,14 @@
COPY --from=build /src/bin/regsync /regsync
USER appuser
ENTRYPOINT [ "/regsync" ]
-
ARG BUILD_DATE
ARG VCS_REF
-ARG VCS_VERSION=(devel)
+ARG VCS_VERSION
LABEL maintainer="" \
org.opencontainers.image.created=$BUILD_DATE \
org.opencontainers.image.authors="regclient contributors" \
org.opencontainers.image.url="https://github.com/regclient/regclient"; \
-
org.opencontainers.image.documentation="https://github.com/regclient/regclient";
\
+ org.opencontainers.image.documentation="https://regclient.org/"; \
org.opencontainers.image.source="https://github.com/regclient/regclient";
\
org.opencontainers.image.version=$VCS_VERSION \
org.opencontainers.image.revision=$VCS_REF \
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/regclient-0.9.1/cmd/regbot/root.go
new/regclient-0.9.2/cmd/regbot/root.go
--- old/regclient-0.9.1/cmd/regbot/root.go 2025-08-24 21:20:38.000000000
+0200
+++ new/regclient-0.9.2/cmd/regbot/root.go 2025-08-29 15:49:46.000000000
+0200
@@ -71,9 +71,15 @@
versionCmd := &cobra.Command{
Use: "version",
Short: "Show the version",
- Long: `Show the version`,
- Args: cobra.RangeArgs(0, 0),
- RunE: opts.runVersion,
+ Long: fmt.Sprintf(`Show the version of %s. Note that docker
image builds will always be marked "dirty".`, cmd.Name()),
+ Example: fmt.Sprintf(`
+# display full version details
+%[1]s version
+
+# retrieve the version number
+%[1]s version --format '{{.VCSTag}}'`, cmd.Name()),
+ Args: cobra.ExactArgs(0),
+ RunE: opts.runVersion,
}
cmd.PersistentFlags().StringArrayVar(&opts.logopts, "logopt",
[]string{}, "Log options")
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/regclient-0.9.1/cmd/regctl/image.go
new/regclient-0.9.2/cmd/regctl/image.go
--- old/regclient-0.9.1/cmd/regctl/image.go 2025-08-24 21:20:38.000000000
+0200
+++ new/regclient-0.9.2/cmd/regctl/image.go 2025-08-29 15:49:46.000000000
+0200
@@ -107,7 +107,7 @@
If the base name is not provided, annotations will be checked in the image.
If the digest is available, this checks if that matches the base name.
If the digest is not available, layers of each manifest are compared.
-If the layers match, the config (history and roots) are optionally compared.
+If the layers match, the config (history and roots) are optionally compared.
If the base image does not match, the command exits with a non-zero status.`,
Example: `
# report if base image has changed using annotations
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/regclient-0.9.1/cmd/regctl/manifest.go
new/regclient-0.9.2/cmd/regctl/manifest.go
--- old/regclient-0.9.1/cmd/regctl/manifest.go 2025-08-24 21:20:38.000000000
+0200
+++ new/regclient-0.9.2/cmd/regctl/manifest.go 2025-08-29 15:49:46.000000000
+0200
@@ -60,7 +60,7 @@
Aliases: []string{"del", "rm", "remove"},
Short: "delete a manifest",
Long: `Delete a manifest. This will delete the manifest, and
all tags pointing to that
-manifest. You must specify a digest, not a tag on this command (e.g.
+manifest. You must specify a digest, not a tag on this command (e.g.
image_name@sha256:1234abc...). It is up to the registry whether the delete
API is supported. Additionally, registries may garbage collect the filesystem
layers (blobs) separately or not at all. See also the "tag delete" command.`,
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/regclient-0.9.1/cmd/regctl/root.go
new/regclient-0.9.2/cmd/regctl/root.go
--- old/regclient-0.9.1/cmd/regctl/root.go 2025-08-24 21:20:38.000000000
+0200
+++ new/regclient-0.9.2/cmd/regctl/root.go 2025-08-29 15:49:46.000000000
+0200
@@ -107,13 +107,13 @@
cmd := &cobra.Command{
Use: "version",
Short: "Show the version",
- Long: fmt.Sprintf(`Show the version of %s`,
opts.rootOpts.name),
- Example: `
+ Long: fmt.Sprintf(`Show the version of %s. Note that docker
image builds will always be marked "dirty".`, opts.rootOpts.name),
+ Example: fmt.Sprintf(`
# display full version details
-regctl version
+%[1]s version
# retrieve the version number
-regctl version --format '{{.VCSTag}}'`,
+%[1]s version --format '{{.VCSTag}}'`, opts.rootOpts.name),
Args: cobra.ExactArgs(0),
RunE: opts.runVersion,
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/regclient-0.9.1/cmd/regsync/root.go
new/regclient-0.9.2/cmd/regsync/root.go
--- old/regclient-0.9.1/cmd/regsync/root.go 2025-08-24 21:20:38.000000000
+0200
+++ new/regclient-0.9.2/cmd/regsync/root.go 2025-08-29 15:49:46.000000000
+0200
@@ -80,14 +80,14 @@
cmd.PersistentFlags().StringVarP(&opts.verbosity, "verbosity", "v",
slog.LevelInfo.String(), "Log level (trace, debug, info, warn, error)")
cmd.PersistentFlags().StringArrayVar(&opts.logopts, "logopt",
[]string{}, "Log options")
- var serverCmd = &cobra.Command{
+ serverCmd := &cobra.Command{
Use: "server",
Short: "run the regsync server",
Long: `Sync registries according to the configuration.`,
Args: cobra.RangeArgs(0, 0),
RunE: opts.runServer,
}
- var checkCmd = &cobra.Command{
+ checkCmd := &cobra.Command{
Use: "check",
Short: "processes each sync command once but skip actual copy",
Long: `Processes each sync command in the configuration file in
order.
@@ -97,7 +97,7 @@
Args: cobra.RangeArgs(0, 0),
RunE: opts.runCheck,
}
- var onceCmd = &cobra.Command{
+ onceCmd := &cobra.Command{
Use: "once",
Short: "processes each sync command once, ignoring cron
schedule",
Long: `Processes each sync command in the configuration file in
order.
@@ -107,7 +107,7 @@
RunE: opts.runOnce,
}
onceCmd.Flags().BoolVar(&opts.missing, "missing", false, "Only copy
tags that are missing on target")
- var configCmd = &cobra.Command{
+ configCmd := &cobra.Command{
Use: "config",
Short: "Show the config",
Long: `Show the config`,
@@ -123,12 +123,18 @@
curCmd.Flags().BoolVar(&opts.abortOnErr, "abort-on-error",
false, "Immediately abort on any errors")
}
- var versionCmd = &cobra.Command{
+ versionCmd := &cobra.Command{
Use: "version",
Short: "Show the version",
- Long: `Show the version`,
- Args: cobra.RangeArgs(0, 0),
- RunE: opts.runVersion,
+ Long: fmt.Sprintf(`Show the version of %s. Note that docker
image builds will always be marked "dirty".`, cmd.Name()),
+ Example: fmt.Sprintf(`
+# display full version details
+%[1]s version
+
+# retrieve the version number
+%[1]s version --format '{{.VCSTag}}'`, cmd.Name()),
+ Args: cobra.ExactArgs(0),
+ RunE: opts.runVersion,
}
versionCmd.Flags().StringVar(&opts.format, "format", "{{printPretty
.}}", "Format output with go template syntax")
_ = versionCmd.RegisterFlagCompletionFunc("format", func(cmd
*cobra.Command, args []string, toComplete string) ([]string,
cobra.ShellCompDirective) {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/regclient-0.9.1/go.mod new/regclient-0.9.2/go.mod
--- old/regclient-0.9.1/go.mod 2025-08-24 21:20:38.000000000 +0200
+++ new/regclient-0.9.2/go.mod 2025-08-29 15:49:46.000000000 +0200
@@ -11,7 +11,7 @@
github.com/robfig/cron/v3 v3.0.1
github.com/sirupsen/logrus v1.9.3
github.com/spf13/cobra v1.9.1
- github.com/ulikunitz/xz v0.5.13
+ github.com/ulikunitz/xz v0.5.15
github.com/yuin/gopher-lua v1.1.1
golang.org/x/sys v0.35.0
golang.org/x/term v0.34.0
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/regclient-0.9.1/go.sum new/regclient-0.9.2/go.sum
--- old/regclient-0.9.1/go.sum 2025-08-24 21:20:38.000000000 +0200
+++ new/regclient-0.9.2/go.sum 2025-08-29 15:49:46.000000000 +0200
@@ -29,8 +29,8 @@
github.com/stretchr/objx v0.1.0/go.mod
h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
github.com/stretchr/testify v1.7.0
h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY=
github.com/stretchr/testify v1.7.0/go.mod
h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/ulikunitz/xz v0.5.13 h1:ar98gWrjf4H1ev05fYP/o29PDZw9DrI3niHtnEqyuXA=
-github.com/ulikunitz/xz v0.5.13/go.mod
h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14=
+github.com/ulikunitz/xz v0.5.15 h1:9DNdB5s+SgV3bQ2ApL10xRc35ck0DuIX/isZvIk+ubY=
+github.com/ulikunitz/xz v0.5.15/go.mod
h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14=
github.com/yuin/gopher-lua v1.1.1
h1:kYKnWBjvbNP4XLT3+bPEwAXJx262OhaHDWDVOPjL46M=
github.com/yuin/gopher-lua v1.1.1/go.mod
h1:GBR0iDaNXjAgGg9zfCvksxSRnQx76gclCIb7kdAd1Pw=
golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod
h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/regclient-0.9.1/release.md
new/regclient-0.9.2/release.md
--- old/regclient-0.9.1/release.md 2025-08-24 21:20:38.000000000 +0200
+++ new/regclient-0.9.2/release.md 2025-08-29 15:49:46.000000000 +0200
@@ -1,21 +1,20 @@
-# Release v0.9.1
+# Release v0.9.2
-Features:
+Security:
-- Allow relative urls in bearer auth. ([PR 963][pr-963])
-- Add "ns" query param to registry mirror requests. ([PR 976][pr-976])
+- xz upgrade fixes CVE-2025-58058 ([PR 989][pr-989])
Miscellaneous:
-- Update to SLSA v1 provenance. ([PR 968][pr-968])
-- Add a "make clean" command. ([PR 969][pr-969])
+- Fix CLI lint errors. ([PR 983][pr-983])
+- Cleanup version output. ([PR 985][pr-985])
+- Dockerfile cleanup. ([PR 986][pr-986])
Contributors:
- @sudo-bmitch
-- @wjordan
-[pr-963]: https://github.com/regclient/regclient/pull/963
-[pr-968]: https://github.com/regclient/regclient/pull/968
-[pr-969]: https://github.com/regclient/regclient/pull/969
-[pr-976]: https://github.com/regclient/regclient/pull/976
+[pr-983]: https://github.com/regclient/regclient/pull/983
+[pr-985]: https://github.com/regclient/regclient/pull/985
+[pr-986]: https://github.com/regclient/regclient/pull/986
+[pr-989]: https://github.com/regclient/regclient/pull/989
++++++ regclient.obsinfo ++++++
--- /var/tmp/diff_new_pack.MpPOab/_old 2025-09-02 17:59:03.872370121 +0200
+++ /var/tmp/diff_new_pack.MpPOab/_new 2025-09-02 17:59:03.876370289 +0200
@@ -1,5 +1,5 @@
name: regclient
-version: 0.9.1
-mtime: 1756063238
-commit: 51df886b5e3b138ac168540ccef5997e0d383c86
+version: 0.9.2
+mtime: 1756475386
+commit: 9bf4b30da1110d0bc82ba2f9268e8c099172dd75
++++++ vendor.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/vendor/github.com/ulikunitz/xz/TODO.md
new/vendor/github.com/ulikunitz/xz/TODO.md
--- old/vendor/github.com/ulikunitz/xz/TODO.md 2025-08-24 21:20:38.000000000
+0200
+++ new/vendor/github.com/ulikunitz/xz/TODO.md 2025-08-29 15:49:46.000000000
+0200
@@ -1,9 +1,5 @@
# TODO list
-## Release v0.5.x
-
-1. Support check flag in gxz command.
-
## Release v0.6
1. Review encoder and check for lzma improvements under xz.
@@ -86,6 +82,13 @@
## Log
+## 2025-08-28
+
+Release v0.5.14 addresses the security vulnerability CVE-2025-58058. If you put
+bytes in from of a LZMA stream, the header might not be read correctly and
+memory for the dictionary buffer allocated. I have implemented mitigations for
+the problem.
+
### 2025-08-20
Release v0.5.13 addressed issue #61 regarding handling of multiple WriteClosers
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/vendor/github.com/ulikunitz/xz/lzma/header.go
new/vendor/github.com/ulikunitz/xz/lzma/header.go
--- old/vendor/github.com/ulikunitz/xz/lzma/header.go 2025-08-24
21:20:38.000000000 +0200
+++ new/vendor/github.com/ulikunitz/xz/lzma/header.go 2025-08-29
15:49:46.000000000 +0200
@@ -60,36 +60,36 @@
// HeaderLen provides the length of the LZMA file header.
const HeaderLen = 13
-// header represents the header of an LZMA file.
-type header struct {
- properties Properties
- dictCap int
- // uncompressed size; negative value if no size is given
- size int64
+// Header represents the Header of an LZMA file.
+type Header struct {
+ Properties Properties
+ DictSize uint32
+ // uncompressed Size; negative value if no Size is given
+ Size int64
}
// marshalBinary marshals the header.
-func (h *header) marshalBinary() (data []byte, err error) {
- if err = h.properties.verify(); err != nil {
+func (h *Header) marshalBinary() (data []byte, err error) {
+ if err = h.Properties.verify(); err != nil {
return nil, err
}
- if !(0 <= h.dictCap && int64(h.dictCap) <= MaxDictCap) {
+ if !(h.DictSize <= MaxDictCap) {
return nil, fmt.Errorf("lzma: DictCap %d out of range",
- h.dictCap)
+ h.DictSize)
}
data = make([]byte, 13)
// property byte
- data[0] = h.properties.Code()
+ data[0] = h.Properties.Code()
// dictionary capacity
- putUint32LE(data[1:5], uint32(h.dictCap))
+ putUint32LE(data[1:5], uint32(h.DictSize))
// uncompressed size
var s uint64
- if h.size > 0 {
- s = uint64(h.size)
+ if h.Size > 0 {
+ s = uint64(h.Size)
} else {
s = noHeaderSize
}
@@ -99,20 +99,20 @@
}
// unmarshalBinary unmarshals the header.
-func (h *header) unmarshalBinary(data []byte) error {
+func (h *Header) unmarshalBinary(data []byte) error {
if len(data) != HeaderLen {
return errors.New("lzma.unmarshalBinary: data has wrong length")
}
// properties
var err error
- if h.properties, err = PropertiesForCode(data[0]); err != nil {
+ if h.Properties, err = PropertiesForCode(data[0]); err != nil {
return err
}
// dictionary capacity
- h.dictCap = int(uint32LE(data[1:]))
- if h.dictCap < 0 {
+ h.DictSize = uint32LE(data[1:])
+ if int(h.DictSize) < 0 {
return errors.New(
"LZMA header: dictionary capacity exceeds maximum " +
"integer")
@@ -121,10 +121,10 @@
// uncompressed size
s := uint64LE(data[5:])
if s == noHeaderSize {
- h.size = -1
+ h.Size = -1
} else {
- h.size = int64(s)
- if h.size < 0 {
+ h.Size = int64(s)
+ if h.Size < 0 {
return errors.New(
"LZMA header: uncompressed size " +
"out of int64 range")
@@ -134,9 +134,9 @@
return nil
}
-// validDictCap checks whether the dictionary capacity is correct. This
+// validDictSize checks whether the dictionary capacity is correct. This
// is used to weed out wrong file headers.
-func validDictCap(dictcap int) bool {
+func validDictSize(dictcap int) bool {
if int64(dictcap) == MaxDictCap {
return true
}
@@ -155,13 +155,16 @@
// dictionary sizes of 2^n or 2^n+2^(n-1) with n >= 10 or 2^32-1. If
// there is an explicit size it must not exceed 256 GiB. The length of
// the data argument must be HeaderLen.
+//
+// This function should be disregarded because there is no guarantee that LZMA
+// files follow the constraints.
func ValidHeader(data []byte) bool {
- var h header
+ var h Header
if err := h.unmarshalBinary(data); err != nil {
return false
}
- if !validDictCap(h.dictCap) {
+ if !validDictSize(int(h.DictSize)) {
return false
}
- return h.size < 0 || h.size <= 1<<38
+ return h.Size < 0 || h.Size <= 1<<38
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/vendor/github.com/ulikunitz/xz/lzma/reader.go
new/vendor/github.com/ulikunitz/xz/lzma/reader.go
--- old/vendor/github.com/ulikunitz/xz/lzma/reader.go 2025-08-24
21:20:38.000000000 +0200
+++ new/vendor/github.com/ulikunitz/xz/lzma/reader.go 2025-08-29
15:49:46.000000000 +0200
@@ -6,25 +6,32 @@
// Reader and Writer support the classic LZMA format. Reader2 and
// Writer2 support the decoding and encoding of LZMA2 streams.
//
-// The package is written completely in Go and doesn't rely on any external
+// The package is written completely in Go and does not rely on any external
// library.
package lzma
import (
"errors"
+ "fmt"
"io"
)
// ReaderConfig stores the parameters for the reader of the classic LZMA
// format.
type ReaderConfig struct {
+ // Since v0.5.14 this parameter sets an upper limit for a .lzma file's
+ // dictionary size. This helps to mitigate problems with mangled
+ // headers.
DictCap int
}
// fill converts the zero values of the configuration to the default values.
func (c *ReaderConfig) fill() {
if c.DictCap == 0 {
- c.DictCap = 8 * 1024 * 1024
+ // set an upper limit of 2 GiB-1 for dictionary capacity
+ // to address the zero prefix security issue.
+ c.DictCap = (1 << 31) - 1
+ // original: c.DictCap = 8 * 1024 * 1024
}
}
@@ -39,10 +46,33 @@
}
// Reader provides a reader for LZMA files or streams.
+//
+// # Security concerns
+//
+// Note that LZMA format doesn't support a magic marker in the header. So
+// [NewReader] cannot determine whether it reads the actual header. For
instance
+// the LZMA stream might have a zero byte in front of the reader, leading to
+// larger dictionary sizes and file sizes. The code will detect later that
there
+// are problems with the stream, but the dictionary has already been allocated
+// and this might consume a lot of memory.
+//
+// Version 0.5.14 introduces built-in mitigations:
+//
+// - The [ReaderConfig] DictCap field is now interpreted as a limit for the
+// dictionary size.
+// - The default is 2 Gigabytes minus 1 byte (2^31-1 bytes).
+// - Users can check with the [Reader.Header] method what the actual values
are in
+// their LZMA files and set a smaller limit using [ReaderConfig].
+// - The dictionary size doesn't exceed the larger of the file size and
+// the minimum dictionary size. This is another measure to prevent huge
+// memory allocations for the dictionary.
+// - The code supports stream sizes only up to a pebibyte (1024^5).
type Reader struct {
- lzma io.Reader
- h header
- d *decoder
+ lzma io.Reader
+ header Header
+ // headerOrig stores the original header read from the stream.
+ headerOrig Header
+ d *decoder
}
// NewReader creates a new reader for an LZMA stream using the classic
@@ -51,8 +81,37 @@
return ReaderConfig{}.NewReader(lzma)
}
+// ErrDictSize reports about an error of the dictionary size.
+type ErrDictSize struct {
+ ConfigDictCap int
+ HeaderDictSize uint32
+ Message string
+}
+
+// Error returns the error message.
+func (e *ErrDictSize) Error() string {
+ return e.Message
+}
+
+func newErrDictSize(messageformat string,
+ configDictCap int, headerDictSize uint32,
+ args ...interface{}) *ErrDictSize {
+ newArgs := make([]interface{}, len(args)+2)
+ newArgs[0] = configDictCap
+ newArgs[1] = headerDictSize
+ copy(newArgs[2:], args)
+ return &ErrDictSize{
+ ConfigDictCap: configDictCap,
+ HeaderDictSize: headerDictSize,
+ Message: fmt.Sprintf(messageformat, newArgs...),
+ }
+}
+
+// We support only files not larger than 1 << 50 bytes (a pebibyte, 1024^5).
+const maxStreamSize = 1 << 50
+
// NewReader creates a new reader for an LZMA stream in the classic
-// format. The function reads and verifies the the header of the LZMA
+// format. The function reads and verifies the header of the LZMA
// stream.
func (c ReaderConfig) NewReader(lzma io.Reader) (r *Reader, err error) {
if err = c.Verify(); err != nil {
@@ -66,29 +125,63 @@
return nil, err
}
r = &Reader{lzma: lzma}
- if err = r.h.unmarshalBinary(data); err != nil {
+ if err = r.header.unmarshalBinary(data); err != nil {
return nil, err
}
- if r.h.dictCap < MinDictCap {
- r.h.dictCap = MinDictCap
+ r.headerOrig = r.header
+ dictSize := int64(r.header.DictSize)
+ if int64(c.DictCap) < dictSize {
+ return nil, newErrDictSize(
+ "lzma: header dictionary size %[2]d exceeds configured
dictionary capacity %[1]d",
+ c.DictCap, uint32(dictSize),
+ )
+ }
+ if dictSize < MinDictCap {
+ dictSize = MinDictCap
+ }
+ // original code: disabled this because there is no point in increasing
+ // the dictionary above what is stated in the file.
+ /*
+ if int64(c.DictCap) > int64(dictSize) {
+ dictSize = int64(c.DictCap)
+ }
+ */
+ size := r.header.Size
+ if size >= 0 && size < dictSize {
+ dictSize = size
+ }
+ // Protect against modified or malicious headers.
+ if size > maxStreamSize {
+ return nil, fmt.Errorf(
+ "lzma: stream size %d exceeds a pebibyte (1024^5)",
+ size)
}
- dictCap := r.h.dictCap
- if c.DictCap > dictCap {
- dictCap = c.DictCap
+ if dictSize < MinDictCap {
+ dictSize = MinDictCap
}
- state := newState(r.h.properties)
- dict, err := newDecoderDict(dictCap)
+ r.header.DictSize = uint32(dictSize)
+
+ state := newState(r.header.Properties)
+ dict, err := newDecoderDict(int(dictSize))
if err != nil {
return nil, err
}
- r.d, err = newDecoder(ByteReader(lzma), state, dict, r.h.size)
+ r.d, err = newDecoder(ByteReader(lzma), state, dict, r.header.Size)
if err != nil {
return nil, err
}
return r, nil
}
+// Header returns the header as read from the LZMA stream. It is intended to
+// allow the user to understand what parameters are typically provided in the
+// headers of the LZMA files and set the DictCap field in [ReaderConfig]
+// accordingly.
+func (r *Reader) Header() (h Header, ok bool) {
+ return r.headerOrig, r.d != nil
+}
+
// EOSMarker indicates that an EOS marker has been encountered.
func (r *Reader) EOSMarker() bool {
return r.d.eosMarker
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/vendor/github.com/ulikunitz/xz/lzma/writer.go
new/vendor/github.com/ulikunitz/xz/lzma/writer.go
--- old/vendor/github.com/ulikunitz/xz/lzma/writer.go 2025-08-24
21:20:38.000000000 +0200
+++ new/vendor/github.com/ulikunitz/xz/lzma/writer.go 2025-08-29
15:49:46.000000000 +0200
@@ -96,21 +96,21 @@
}
// header returns the header structure for this configuration.
-func (c *WriterConfig) header() header {
- h := header{
- properties: *c.Properties,
- dictCap: c.DictCap,
- size: -1,
+func (c *WriterConfig) header() Header {
+ h := Header{
+ Properties: *c.Properties,
+ DictSize: uint32(c.DictCap),
+ Size: -1,
}
if c.SizeInHeader {
- h.size = c.Size
+ h.Size = c.Size
}
return h
}
// Writer writes an LZMA stream in the classic format.
type Writer struct {
- h header
+ h Header
bw io.ByteWriter
buf *bufio.Writer
e *encoder
@@ -130,12 +130,12 @@
w.buf = bufio.NewWriter(lzma)
w.bw = w.buf
}
- state := newState(w.h.properties)
- m, err := c.Matcher.new(w.h.dictCap)
+ state := newState(w.h.Properties)
+ m, err := c.Matcher.new(int(w.h.DictSize))
if err != nil {
return nil, err
}
- dict, err := newEncoderDict(w.h.dictCap, c.BufSize, m)
+ dict, err := newEncoderDict(int(w.h.DictSize), c.BufSize, m)
if err != nil {
return nil, err
}
@@ -171,8 +171,8 @@
// Write puts data into the Writer.
func (w *Writer) Write(p []byte) (n int, err error) {
- if w.h.size >= 0 {
- m := w.h.size
+ if w.h.Size >= 0 {
+ m := w.h.Size
m -= w.e.Compressed() + int64(w.e.dict.Buffered())
if m < 0 {
m = 0
@@ -192,9 +192,9 @@
// Close closes the writer stream. It ensures that all data from the
// buffer will be compressed and the LZMA stream will be finished.
func (w *Writer) Close() error {
- if w.h.size >= 0 {
+ if w.h.Size >= 0 {
n := w.e.Compressed() + int64(w.e.dict.Buffered())
- if n != w.h.size {
+ if n != w.h.Size {
return errSize
}
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/vendor/modules.txt new/vendor/modules.txt
--- old/vendor/modules.txt 2025-08-24 21:20:38.000000000 +0200
+++ new/vendor/modules.txt 2025-08-29 15:49:46.000000000 +0200
@@ -49,7 +49,7 @@
# github.com/spf13/pflag v1.0.7
## explicit; go 1.12
github.com/spf13/pflag
-# github.com/ulikunitz/xz v0.5.13
+# github.com/ulikunitz/xz v0.5.15
## explicit; go 1.12
github.com/ulikunitz/xz
github.com/ulikunitz/xz/internal/hash
