Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package opentofu for openSUSE:Factory checked in at 2025-11-07 18:21:59 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/opentofu (Old) and /work/SRC/openSUSE:Factory/.opentofu.new.1980 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "opentofu" Fri Nov 7 18:21:59 2025 rev:38 rq:1316064 version:1.10.7 Changes: -------- --- /work/SRC/openSUSE:Factory/opentofu/opentofu.changes 2025-09-18 21:11:17.520995474 +0200 +++ /work/SRC/openSUSE:Factory/.opentofu.new.1980/opentofu.changes 2025-11-07 18:23:45.054706057 +0100 @@ -1,0 +2,45 @@ +Thu Nov 06 14:38:25 UTC 2025 - Johannes Kastl <[email protected]> + +- Update to version 1.10.7: + * SECURITY ADVISORIES: + This release contains fixes for some security advisories + related to previous releases in this series. + - tofu init in OpenTofu v1.10.6 and earlier could potentially + use unbounded memory if there is a direct or indirect + dependency on a maliciously-crafted module package + distributed as a "tar" archive. + This would require the attacker to coerce a root module + author to depend (directly or indirectly) on a module package + they control, using the HTTP, Amazon S3, or Google Cloud + Storage source types to refer to a tar archive. + This release incorporates the upstream fixes for + CVE-2025-58183. + - When making requests to HTTPS servers, OpenTofu v1.10.6 and + earlier could potentially use unbounded memory or crash with + a "panic" error if TLS verification involves an + excessively-long certificate chain or a chain including DSA + public keys. + This affected all outgoing HTTPS requests made by OpenTofu + itself, including requests to HTTPS-based state storage + backends, module registries, and provider registries. For + example, an attacker could coerce a root module author to + depend (directly or indirectly) on a module they control + which then refers to a module or provider from an + attacker-controlled registry. That mode of attack would cause + failures in tofu init, at module or provider installation + time. + Provider plugins contain their own HTTPS client code, which + may have similar problems. OpenTofu v1.10.7 cannot address + similar problems within provider plugins, and so we recommend + checking for similar advisories and fixes in the provider + plugins you use. + This release incorporates upstream fixes for CVE-2025-58185, + CVE-2025-58187, and CVE-2025-58188. + * BUG FIXES: + - Fix crash in tofu test when using deprecated outputs (#3249) + - Fix missing provider functions when parentheses are used + (#3402) + - for_each inside dynamic blocks can now call provider-defined + functions. (#3429) + +------------------------------------------------------------------- Old: ---- opentofu-1.10.6.obscpio New: ---- opentofu-1.10.7.obscpio ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ opentofu.spec ++++++ --- /var/tmp/diff_new_pack.92sdrX/_old 2025-11-07 18:23:46.082749237 +0100 +++ /var/tmp/diff_new_pack.92sdrX/_new 2025-11-07 18:23:46.082749237 +0100 @@ -19,7 +19,7 @@ %define executable_name tofu Name: opentofu -Version: 1.10.6 +Version: 1.10.7 Release: 0 Summary: Declaratively manage your cloud infrastructure License: MPL-2.0 ++++++ _service ++++++ --- /var/tmp/diff_new_pack.92sdrX/_old 2025-11-07 18:23:46.130751253 +0100 +++ /var/tmp/diff_new_pack.92sdrX/_new 2025-11-07 18:23:46.134751420 +0100 @@ -3,7 +3,7 @@ <param name="url">https://github.com/opentofu/opentofu/</param> <param name="scm">git</param> <param name="exclude">.git</param> - <param name="revision">v1.10.6</param> + <param name="revision">v1.10.7</param> <param name="versionformat">@PARENT_TAG@</param> <param name="versionrewrite-pattern">v(.*)</param> <param name="changesgenerate">enable</param> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.92sdrX/_old 2025-11-07 18:23:46.162752597 +0100 +++ /var/tmp/diff_new_pack.92sdrX/_new 2025-11-07 18:23:46.166752765 +0100 @@ -1,6 +1,6 @@ <servicedata> <service name="tar_scm"> <param name="url">https://github.com/opentofu/opentofu/</param> - <param name="changesrevision">1f0c3de8dc7471db05eb2411cee7a90185693200</param></service></servicedata> + <param name="changesrevision">4b32aa801f42a50f168ad842443885c2d1cd99bd</param></service></servicedata> (No newline at EOF) ++++++ opentofu-1.10.6.obscpio -> opentofu-1.10.7.obscpio ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/opentofu-1.10.6/.go-version new/opentofu-1.10.7/.go-version --- old/opentofu-1.10.6/.go-version 2025-09-03 19:57:47.000000000 +0200 +++ new/opentofu-1.10.7/.go-version 2025-11-06 13:54:30.000000000 +0100 @@ -1 +1 @@ -1.24.6 +1.24.9 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/opentofu-1.10.6/CHANGELOG.md new/opentofu-1.10.7/CHANGELOG.md --- old/opentofu-1.10.6/CHANGELOG.md 2025-09-03 19:57:47.000000000 +0200 +++ new/opentofu-1.10.7/CHANGELOG.md 2025-11-06 13:54:30.000000000 +0100 @@ -1,4 +1,30 @@ -## 1.10.7 (unreleased) +## 1.10.8 (unreleased) + +## 1.10.7 + +SECURITY ADVISORIES: + +This release contains fixes for some security advisories related to previous releases in this series. + +- `tofu init` in OpenTofu v1.10.6 and earlier could potentially use unbounded memory if there is a direct or indirect dependency on a maliciously-crafted module package distributed as a "tar" archive. + + This would require the attacker to coerce a root module author to depend (directly or indirectly) on a module package they control, using the HTTP, Amazon S3, or Google Cloud Storage source types to refer to a tar archive. + + This release incorporates the upstream fixes for [CVE-2025-58183](https://www.cve.org/CVERecord?id=CVE-2025-58183). + +- When making requests to HTTPS servers, OpenTofu v1.10.6 and earlier could potentially use unbounded memory or crash with a "panic" error if TLS verification involves an excessively-long certificate chain or a chain including DSA public keys. + + This affected all outgoing HTTPS requests made by OpenTofu itself, including requests to HTTPS-based state storage backends, module registries, and provider registries. For example, an attacker could coerce a root module author to depend (directly or indirectly) on a module they control which then refers to a module or provider from an attacker-controlled registry. That mode of attack would cause failures in `tofu init`, at module or provider installation time. + + Provider plugins contain their own HTTPS client code, which may have similar problems. OpenTofu v1.10.7 cannot address similar problems within provider plugins, and so we recommend checking for similar advisories and fixes in the provider plugins you use. + + This release incorporates upstream fixes for [CVE-2025-58185](https://www.cve.org/CVERecord?id=CVE-2025-58185), [CVE-2025-58187](https://www.cve.org/CVERecord?id=CVE-2025-58187), and [CVE-2025-58188](https://www.cve.org/CVERecord?id=CVE-2025-58188). + +BUG FIXES: + +* Fix crash in tofu test when using deprecated outputs ([#3249](https://github.com/opentofu/opentofu/pull/3249)) +* Fix missing provider functions when parentheses are used ([#3402](https://github.com/opentofu/opentofu/pull/3402)) +* `for_each` inside `dynamic` blocks can now call provider-defined functions. ([#3429](https://github.com/opentofu/opentofu/issues/3429)) ## 1.10.6 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/opentofu-1.10.6/go.mod new/opentofu-1.10.7/go.mod --- old/opentofu-1.10.6/go.mod 2025-09-03 19:57:47.000000000 +0200 +++ new/opentofu-1.10.7/go.mod 2025-11-06 13:54:30.000000000 +0100 @@ -275,6 +275,6 @@ sigs.k8s.io/yaml v1.2.0 // indirect ) -go 1.24.6 +go 1.24.9 -replace github.com/hashicorp/hcl/v2 v2.20.1 => github.com/opentofu/hcl/v2 v2.20.2-0.20250121132637-504036cd70e7 +replace github.com/hashicorp/hcl/v2 v2.20.1 => github.com/opentofu/hcl/v2 v2.20.2-0.20251021132045-587d123c2828 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/opentofu-1.10.6/go.sum new/opentofu-1.10.7/go.sum --- old/opentofu-1.10.6/go.sum 2025-09-03 19:57:47.000000000 +0200 +++ new/opentofu-1.10.7/go.sum 2025-11-06 13:54:30.000000000 +0100 @@ -926,8 +926,8 @@ github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= github.com/opencontainers/image-spec v1.1.0 h1:8SG7/vwALn54lVB/0yZ/MMwhFrPYtpEHQb2IpWsCzug= github.com/opencontainers/image-spec v1.1.0/go.mod h1:W4s4sFTMaBeK1BQLXbG4AdM2szdn85PY75RI83NrTrM= -github.com/opentofu/hcl/v2 v2.20.2-0.20250121132637-504036cd70e7 h1:QHUIrylb/q3pQdQcnAr74cGWsXS1lmA8GqP+RWFMK6U= -github.com/opentofu/hcl/v2 v2.20.2-0.20250121132637-504036cd70e7/go.mod h1:k+HgkLpoWu9OS81sy4j1XKDXaWm/rLysG33v5ibdDnc= +github.com/opentofu/hcl/v2 v2.20.2-0.20251021132045-587d123c2828 h1:r2WiJxljn/Cxwpq9zMZ5HomJcNwmGNjKmeZnFsxkpBg= +github.com/opentofu/hcl/v2 v2.20.2-0.20251021132045-587d123c2828/go.mod h1:k+HgkLpoWu9OS81sy4j1XKDXaWm/rLysG33v5ibdDnc= github.com/opentofu/registry-address v0.0.0-20230920144404-f1e51167f633 h1:81TBkM/XGIFlVvyabp0CJl00UHeVUiQjz0fddLMi848= github.com/opentofu/registry-address v0.0.0-20230920144404-f1e51167f633/go.mod h1:HzQhpVo/NJnGmN+7FPECCVCA5ijU7AUcvf39enBKYOc= github.com/packer-community/winrmcp v0.0.0-20180921211025-c76d91c1e7db h1:9uViuKtx1jrlXLBW/pMnhOfzn3iSEdLase/But/IZRU= diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/opentofu-1.10.6/internal/command/test_test.go new/opentofu-1.10.7/internal/command/test_test.go --- old/opentofu-1.10.6/internal/command/test_test.go 2025-09-03 19:57:47.000000000 +0200 +++ new/opentofu-1.10.7/internal/command/test_test.go 2025-11-06 13:54:30.000000000 +0100 @@ -1537,3 +1537,27 @@ t.Fatalf("expected status code 0 but got %d: %s", code, output.All()) } } + +// See https://github.com/opentofu/opentofu/issues/3246 +func TestTest_DeprecatedOutputs(t *testing.T) { + td := t.TempDir() + testCopyDir(t, testFixturePath("test/deprecated_outputs"), td) + t.Chdir(td) + + view, done := testView(t) + ui := new(cli.MockUi) + meta := Meta{ + Ui: ui, + View: view, + } + + testCmd := &TestCommand{ + Meta: meta, + } + + code := testCmd.Run(nil) + output := done(t) + if code != 0 { + t.Fatalf("expected status code 0 but got %d: %s", code, output.All()) + } +} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/opentofu-1.10.6/internal/command/testdata/test/deprecated_outputs/main.tf new/opentofu-1.10.7/internal/command/testdata/test/deprecated_outputs/main.tf --- old/opentofu-1.10.6/internal/command/testdata/test/deprecated_outputs/main.tf 1970-01-01 01:00:00.000000000 +0100 +++ new/opentofu-1.10.7/internal/command/testdata/test/deprecated_outputs/main.tf 2025-11-06 13:54:30.000000000 +0100 @@ -0,0 +1,4 @@ +output "example" { + value = "example" + deprecated = "for reasons" +} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/opentofu-1.10.6/internal/command/testdata/test/deprecated_outputs/main.tftest.hcl new/opentofu-1.10.7/internal/command/testdata/test/deprecated_outputs/main.tftest.hcl --- old/opentofu-1.10.6/internal/command/testdata/test/deprecated_outputs/main.tftest.hcl 1970-01-01 01:00:00.000000000 +0100 +++ new/opentofu-1.10.7/internal/command/testdata/test/deprecated_outputs/main.tftest.hcl 2025-11-06 13:54:30.000000000 +0100 @@ -0,0 +1,8 @@ +run "example" { + command = plan + + assert { + condition = output.example == "example" + error_message = "ruh-roh" + } +} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/opentofu-1.10.6/internal/lang/eval.go new/opentofu-1.10.7/internal/lang/eval.go --- old/opentofu-1.10.6/internal/lang/eval.go 2025-09-03 19:57:47.000000000 +0200 +++ new/opentofu-1.10.7/internal/lang/eval.go 2025-11-06 13:54:30.000000000 +0100 @@ -36,6 +36,9 @@ spec := schema.DecoderSpec() traversals := dynblock.ExpandVariablesHCLDec(body, spec) + // using ExpandFunctionsHCLDec to extract strictly the functions that are referenced inside the `dynamic` + // block, since that is what is needed to be injected into the expansion evalCtx for the expansion to work + traversals = append(traversals, filterProviderFunctions(dynblock.ExpandFunctionsHCLDec(body, spec))...) refs, diags := References(s.ParseRef, traversals) ctx, ctxDiags := s.EvalContext(refs) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/opentofu-1.10.6/internal/lang/functions.go new/opentofu-1.10.7/internal/lang/functions.go --- old/opentofu-1.10.6/internal/lang/functions.go 2025-09-03 19:57:47.000000000 +0200 +++ new/opentofu-1.10.7/internal/lang/functions.go 2025-11-06 13:54:30.000000000 +0100 @@ -25,7 +25,8 @@ "uuid", } -// This should probably be replaced with addrs.Function everywhere +// CoreNamespace defines the string prefix used for all core namespaced functions +// TODO: This should probably be replaced with addrs.Function everywhere const CoreNamespace = addrs.FunctionNamespaceCore + "::" // Functions returns the set of functions that should be used to when evaluating diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/opentofu-1.10.6/internal/lang/marks/marks.go new/opentofu-1.10.7/internal/lang/marks/marks.go --- old/opentofu-1.10.6/internal/lang/marks/marks.go 2025-09-03 19:57:47.000000000 +0200 +++ new/opentofu-1.10.7/internal/lang/marks/marks.go 2025-11-06 13:54:30.000000000 +0100 @@ -107,6 +107,12 @@ // DeprecatedOutput marks a given values as deprecated constructing a DeprecationCause // from module output specific data. func DeprecatedOutput(v cty.Value, addr addrs.AbsOutputValue, msg string, isFromRemoteModule bool) cty.Value { + if addr.Module.IsRoot() { + // Marking a root output as deprecated has no impact. + // We hit this case when using the test framework on a module however. + // This is requried as the ModuleCallOutput() below will panic on the root module. + return v + } _, callOutAddr := addr.ModuleCallOutput() return Deprecated(v, DeprecationCause{ IsFromRemoteModule: isFromRemoteModule, diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/opentofu-1.10.6/internal/lang/references_test.go new/opentofu-1.10.7/internal/lang/references_test.go --- old/opentofu-1.10.6/internal/lang/references_test.go 1970-01-01 01:00:00.000000000 +0100 +++ new/opentofu-1.10.7/internal/lang/references_test.go 2025-11-06 13:54:30.000000000 +0100 @@ -0,0 +1,102 @@ +// Copyright (c) The OpenTofu Authors +// SPDX-License-Identifier: MPL-2.0 +// Copyright (c) 2023 HashiCorp, Inc. +// SPDX-License-Identifier: MPL-2.0 + +package lang + +import ( + "testing" + + "github.com/google/go-cmp/cmp" + "github.com/hashicorp/hcl/v2" + "github.com/hashicorp/hcl/v2/hclsyntax" + + "github.com/opentofu/opentofu/internal/addrs" +) + +func TestReferencesInExpr(t *testing.T) { + // Note for developers, this list is non-exhaustive right now + // and there are many more expression types. This test is mainly to ensure that provider + // defined function references are returned from references with parentheses + // to resolve issue opentofu/opentofu#3401 + tests := map[string]struct { + exprSrc string + wantFuncRefs []string // List of expected provider function references + }{ + "no functions": { + exprSrc: `"literal"`, + wantFuncRefs: nil, + }, + "provider function without parentheses": { + exprSrc: `provider::testing::echo("hello")`, + wantFuncRefs: []string{"provider::testing::echo"}, + }, + "provider function with parentheses": { + exprSrc: `(provider::testing::echo("hello"))`, + wantFuncRefs: []string{"provider::testing::echo"}, + }, + "provider function in binary expression": { + exprSrc: `(provider::testing::add(1, 2)) + 3`, + wantFuncRefs: []string{"provider::testing::add"}, + }, + "nested parentheses": { + exprSrc: `((provider::testing::echo("hello")))`, + wantFuncRefs: []string{"provider::testing::echo"}, + }, + "provider function in conditional true": { + exprSrc: `true ? provider::testing::echo("yes") : "no"`, + wantFuncRefs: []string{"provider::testing::echo"}, + }, + "provider function in conditional false": { + exprSrc: `false ? "yes" : provider::testing::echo("no")`, + wantFuncRefs: []string{"provider::testing::echo"}, + }, + "provider function in conditional condition": { + exprSrc: `provider::testing::is_true() ? "yes" : "no"`, + wantFuncRefs: []string{"provider::testing::is_true"}, + }, + "multiple provider functions": { + exprSrc: `(provider::testing::add(1, 2)) + (provider::testing::mul(3, 4))`, + wantFuncRefs: []string{"provider::testing::add", "provider::testing::mul"}, + }, + "provider function with alias": { + exprSrc: `(provider::testing::custom::echo("hello"))`, + wantFuncRefs: []string{"provider::testing::custom::echo"}, + }, + "core function not included": { + exprSrc: `(core::max(1, 2))`, + wantFuncRefs: nil, // core functions are not provider functions + }, + "builtin function not included": { + exprSrc: `(length([1, 2, 3]))`, + wantFuncRefs: nil, // builtin functions are not provider functions + }, + } + + for name, test := range tests { + t.Run(name, func(t *testing.T) { + expr, diags := hclsyntax.ParseExpression([]byte(test.exprSrc), "test.tf", hcl.Pos{Line: 1, Column: 1}) + if diags.HasErrors() { + t.Fatalf("Failed to parse expression: %s", diags.Error()) + } + + refs, refDiags := ReferencesInExpr(addrs.ParseRef, expr) + if refDiags.HasErrors() { + t.Errorf("Unexpected diagnostics: %s", refDiags.Err()) + } + + // Extract provider function references + var gotFuncRefs []string + for _, ref := range refs { + if provFunc, ok := ref.Subject.(addrs.ProviderFunction); ok { + gotFuncRefs = append(gotFuncRefs, provFunc.String()) + } + } + + if diff := cmp.Diff(test.wantFuncRefs, gotFuncRefs); diff != "" { + t.Errorf("Wrong provider function references (-want +got):\n%s", diff) + } + }) + } +} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/opentofu-1.10.6/internal/tofu/context_apply2_test.go new/opentofu-1.10.7/internal/tofu/context_apply2_test.go --- old/opentofu-1.10.6/internal/tofu/context_apply2_test.go 2025-09-03 19:57:47.000000000 +0200 +++ new/opentofu-1.10.7/internal/tofu/context_apply2_test.go 2025-11-06 13:54:30.000000000 +0100 @@ -10,6 +10,8 @@ "context" "errors" "fmt" + "math/big" + "strconv" "strings" "sync" "testing" @@ -5625,3 +5627,110 @@ t.Fatal(diags.Err()) } } + +// TestContext2Apply_callingProviderFunctionFromDynamicBlock checks that a +// provider function can be used by referencing it in a dynamic block inside +// a resource. +func TestContext2Apply_callingProviderFunctionFromDynamicBlock(t *testing.T) { + m := testModuleInline(t, map[string]string{ + "main.tf": ` +terraform { + required_providers { + test = { + source = "example.com/foo/test" + } + } +} + +locals { + urls = ["foo:80", "bar:81"] +} +resource "test_resource" "res" { + dynamic "allow" { + iterator = item + for_each = { + for z in local.urls : + z => provider::test::extract_port(z) if contains([80, 81], provider::test::extract_port(z)) + } + content { + port = item.value + } + } +} +`, + }) + + p := MockProvider{} + p.GetProviderSchemaResponse = &providers.GetProviderSchemaResponse{ + ResourceTypes: map[string]providers.Schema{ + "test_resource": { + Block: &configschema.Block{ + BlockTypes: map[string]*configschema.NestedBlock{ + "allow": { + Nesting: configschema.NestingList, + Block: configschema.Block{ + Attributes: map[string]*configschema.Attribute{ + "port": { + Type: cty.Number, + Optional: true, + }, + }, + }, + }, + }, + }, + }, + }, + Functions: map[string]providers.FunctionSpec{ + "extract_port": { + Parameters: []providers.FunctionParameterSpec{ + { + Name: "in", + Type: cty.String, + AllowNullValue: false, + AllowUnknownValues: false, + }, + }, + Return: cty.Number, + }, + }, + } + p.CallFunctionFn = func(request providers.CallFunctionRequest) providers.CallFunctionResponse { + // Since there is only a single function defined, we don't want to make this implementation more complex than + // needed, so we have only the implementation for that. + v := request.Arguments[0].AsString() + idx := strings.LastIndex(v, ":") + if idx >= 0 { + v = v[idx+1:] + } + port, err := strconv.ParseFloat(v, 64) + if err != nil { + return providers.CallFunctionResponse{ + Error: err, + } + } + return providers.CallFunctionResponse{ + Result: cty.NumberVal(big.NewFloat(port)), + } + } + ctx := testContext2(t, &ContextOpts{ + Providers: map[addrs.Provider]providers.Factory{ + addrs.MustParseProviderSourceString("example.com/foo/test"): testProviderFuncFixed(&p), + }, + }) + + assertState := func(t *testing.T, s *states.State) { + res := s.Resource(mustAbsResourceAddr("test_resource.res")) + diff := cmp.Diff(`{"allow":[{"port":81},{"port":80}]}`, string(res.Instances[addrs.NoKey].Current.AttrsJSON)) + if diff != "" { + t.Fatalf("wrong expected resource change found (-wanted, +got):\n%s", diff) + } + } + plan, diags := ctx.Plan(context.Background(), m, states.NewState(), SimplePlanOpts(plans.NormalMode, nil)) + assertNoErrors(t, diags) + assertState(t, plan.PlannedState) + + state, diags := ctx.Apply(context.Background(), plan, m) + assertNoErrors(t, diags) + assertState(t, state) +} \ No newline at end of file diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/opentofu-1.10.6/version/VERSION new/opentofu-1.10.7/version/VERSION --- old/opentofu-1.10.6/version/VERSION 2025-09-03 19:57:47.000000000 +0200 +++ new/opentofu-1.10.7/version/VERSION 2025-11-06 13:54:30.000000000 +0100 @@ -1 +1 @@ -1.10.6 +1.10.7 ++++++ opentofu.obsinfo ++++++ --- /var/tmp/diff_new_pack.92sdrX/_old 2025-11-07 18:23:51.714985798 +0100 +++ /var/tmp/diff_new_pack.92sdrX/_new 2025-11-07 18:23:51.730986471 +0100 @@ -1,5 +1,5 @@ name: opentofu -version: 1.10.6 -mtime: 1756922267 -commit: 1f0c3de8dc7471db05eb2411cee7a90185693200 +version: 1.10.7 +mtime: 1762433670 +commit: 4b32aa801f42a50f168ad842443885c2d1cd99bd ++++++ vendor.tar.gz ++++++ /work/SRC/openSUSE:Factory/opentofu/vendor.tar.gz /work/SRC/openSUSE:Factory/.opentofu.new.1980/vendor.tar.gz differ: char 13, line 1
