Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package openbao for openSUSE:Factory checked in at 2026-02-05 17:59:37 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/openbao (Old) and /work/SRC/openSUSE:Factory/.openbao.new.1670 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "openbao" Thu Feb 5 17:59:37 2026 rev:16 rq:1331105 version:2.5.0 Changes: -------- --- /work/SRC/openSUSE:Factory/openbao/openbao.changes 2025-11-25 17:19:29.249228188 +0100 +++ /work/SRC/openSUSE:Factory/.openbao.new.1670/openbao.changes 2026-02-05 18:03:48.012164606 +0100 @@ -1,0 +2,132 @@ +Thu Feb 05 05:55:49 UTC 2026 - Johannes Kastl <[email protected]> + +- Update to version 2.5.0: + This release adds support for horizontal read scalability! + * SECURITY + - core/sys: BREAKING: default value of + disable_unauthed_rekey_endpoints is true, to continue using + unauthed rekey endpoints, set + disable_unauthed_rekey_endpoints=false in listeners + explicitly. [GH-2125] + * CHANGES + - Remove the deprecated creation_statements, + revocation_statements, rollback_statements, and + renew_statements fields from the dbplugin Statements protobuf + message [GH-1962] + - api: The deprecated api.MountConfigOutput.PluginName field + was removed. This was already always empty. [GH-2036] + - auth/jwt: Return error msg on OIDCDiscoveryURL including + .well-known/openid-configuration component. [GH-2066] + - core/audit: removed jsonx as a output format option for audit + mounts [GH-2047] + - sys/host-info: This endpoint may start reporting slightly + higher memory usage than before (On Linux only). See + https://github.com/shirou/gopsutil/releases/tag/v4.25.8 for + more information. [GH-1887] + * FEATURES + - Add declarative plugin distribution via OCI images: using the + plugin configuration keyword. Plugins can be automatically + downloaded via the plugin_auto_download=true option. Plugins + can be manually downloaded via the bao plugin init command. + Plugins can be automatically registered via the + plugin_auto_register=true option, regardless if they were + manually provisioned or from OCI images. [GH-1824] + - Support Horizontal Read Scalability: all existing HA standby + nodes are automatically upgraded with read support. Requests + which only perform storage read operations will be handled + locally on the standby node. Requests which perform a + storage write operation (or as indicated by plugins) are + forwarded to the active leader. Results are eventually + consistent: a write may not be immediately visible on the + standby. To disable, set disable_standby_reads=true in the + config file before startup. [GH-1986] + - OIDC Provider: Add Client Credentials flow to OIDC Provider. + [GH-1732] + - sdk/framework: add Response.SchemaName to allow custom + response schema names in the generated OpenAPI spec. + [GH-1714] + * IMPROVEMENTS + - audit: Add http audit device for low-volume, webhook-based + audit event reporting. [GH-1709] + - auth/jwt: Add type checking to role. [GH-1854] + - command: Add environment variables to provide configuration + for Proxy, Agent, and bao operator migrate via + BAO_PROXY_CONFIG_PATH, BAO_AGENT_CONFIG_PATH, and + BAO_MIGRATE_CONFIG_PATH. [GH-2153] + - command: Support BAO_CONFIG_PATH in plugin init, just like + server &c do. [GH-2164] + - command: server, operator diagnose and 'operator + validate-config` now support the environment variable + BAO_CONFIG_FILE for the -config command option. [GH-2115] + - core/metrics: Support custom path for metrics on metrics-only + listeners. [GH-1853] + - core/namespaces: Use JobManager for namespace deletion, + decreasing lock contention. [GH-2226] + - core/policies: Add endpoint to allow detailed listing of a + subset of policies. [GH-1965] + - core/policies: Use per-namespace write lock, improving + parallelism. [GH-2226] + - core: Added metrics_only and disallow_metrics options to + control metrics endpoint exposure on a per-listener basis. + [GH-1834] + - database/valkey: Adds the ability to configure the Valkey + database connection using a single connection_url parameter. + [GH-1923] + - database: all database plugins now ignore "not found" errors + on revoke by default. See Plugin Author Guide for rationale. + [GH-2101] + - openapi: Add response schemas for token store operations and + update operation suffixes. [GH-1840] + - pki: add allowed_ip_sans_cidr parameter to PKI role system, + to provide additional checks for IP SANs. [GH-1833] + - storage/postgresql: implement physical.FencingHABackend to + minimize chances that writes on secondary nodes occur. + [GH-1571] + - transit: Add associated_data parameter to generate data key. + [GH-1828] + - website: Add an example of current role statement from + Valkey. [GH-1811] + * DEPRECATIONS + - core/seal: Remove the undocumented "aead" seal mechanism. + Consider switching to the static seal instead as a + replacement. [GH-1910] + - core: Removed FeatureFlags parsing and related code. + [GH-2045] + - sdk: Removed sdk/v2/helper/license package. [GH-2045] + - ui: Removed internal/ui/feature-flags endpoint and all its + usage. [GH-2045] + * BUG FIXES + - agent/auth: Fix token reissue error with kerberos method. + [GH-2373] + - auth/jwt: Fix ordering of variable declarations in CEL + program roles. [GH-1854] + - core/identity: Ensure periodic func only operates on a single + namespace at a time, decreasing storage contention. [GH-2226] + - core/identity: fix corrupt data being stored when referencing + member_group_ids across namespaces (requires + unsafe_cross_namespace_identity=true) [GH-2321] + - core/namespaces: Ensure namespace creation is interruptable, + allowing namespace deletion for cleanup. [GH-2226] + - core/namespaces: Fix deadlock on namespace creation, deletion + due to transaction/lock ordering. [GH-2226] + - core/namespaces: Fix storage failures in namespace creation + leading to a total system deadlock. [GH-2166] + - core/namespaces: improve recovery from partial deletion of + namespaces, preventing server startup failure. [GH-2188] + - database/valkey: The creation_statements parameter now + correctly accepts a standard array of strings for ACL rules + (e.g., ["+@read", "~*"]). Previously, it incorrectly required + a stringified JSON array. The old format is still supported + for backward compatibility. [GH-1959] + - helper/jobmanager: Fix queue length metrics to report as + gauges. [GH-2226] + - physical/postgresql: ensure underlying HA lock removal from + database causes lock loss, write failures. [GH-2100] + - raft: return correct raft leader id from read replica nodes + when using bao operator raft list-peers. [GH-2331] + - sdk/logical: Use created transaction for WithTransaction + callback. [GH-2226] + - secrets/pki: Fix ordering of variable declarations in CEL + program roles. [GH-1854] + +------------------------------------------------------------------- Old: ---- openbao-2.4.4.obscpio ui-2.4.4.tar.gz New: ---- openbao-2.5.0.obscpio ui-2.5.0.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ openbao.spec ++++++ --- /var/tmp/diff_new_pack.Pxa0eL/_old 2026-02-05 18:05:20.448042138 +0100 +++ /var/tmp/diff_new_pack.Pxa0eL/_new 2026-02-05 18:05:20.452042306 +0100 @@ -1,7 +1,7 @@ # # spec file for package openbao # -# Copyright (c) 2025 SUSE LLC and contributors +# Copyright (c) 2026 SUSE LLC and contributors # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -23,7 +23,7 @@ %define short_executable_name bao Name: openbao -Version: 2.4.4 +Version: 2.5.0 Release: 0 Summary: Manage, store, and distribute sensitive data License: MPL-2.0 @@ -38,7 +38,7 @@ Source11: Makefile Source12: PACKAGING_README.md BuildRequires: fdupes -BuildRequires: go1.24 >= 1.24.6 +BuildRequires: golang(API) >= 1.25 BuildRequires: user(openbao) # Provides: bao = %{version} ++++++ _service ++++++ --- /var/tmp/diff_new_pack.Pxa0eL/_old 2026-02-05 18:05:20.512044823 +0100 +++ /var/tmp/diff_new_pack.Pxa0eL/_new 2026-02-05 18:05:20.516044991 +0100 @@ -3,7 +3,7 @@ <param name="url">https://github.com/openbao/openbao</param> <param name="scm">git</param> <param name="exclude">.git</param> - <param name="revision">v2.4.4</param> + <param name="revision">v2.5.0</param> <param name="versionformat">@PARENT_TAG@</param> <param name="versionrewrite-pattern">v(.*)</param> <param name="changesgenerate">enable</param> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.Pxa0eL/_old 2026-02-05 18:05:20.556046669 +0100 +++ /var/tmp/diff_new_pack.Pxa0eL/_new 2026-02-05 18:05:20.560046837 +0100 @@ -1,6 +1,6 @@ <servicedata> <service name="tar_scm"> <param name="url">https://github.com/openbao/openbao</param> - <param name="changesrevision">4bfd70723d4f9b82be00e87b8c018ac661dd9b99</param></service></servicedata> + <param name="changesrevision">bcbb6036ec2b747bceb98c7706ce9b974faa1b23</param></service></servicedata> (No newline at EOF) ++++++ openbao-2.4.4.obscpio -> openbao-2.5.0.obscpio ++++++ ++++ 60395 lines of diff (skipped) ++++++ openbao.obsinfo ++++++ --- /var/tmp/diff_new_pack.Pxa0eL/_old 2026-02-05 18:05:28.928397875 +0100 +++ /var/tmp/diff_new_pack.Pxa0eL/_new 2026-02-05 18:05:29.008401231 +0100 @@ -1,5 +1,5 @@ name: openbao -version: 2.4.4 -mtime: 1764013024 -commit: 4bfd70723d4f9b82be00e87b8c018ac661dd9b99 +version: 2.5.0 +mtime: 1770220637 +commit: bcbb6036ec2b747bceb98c7706ce9b974faa1b23 ++++++ ui-2.4.4.tar.gz -> ui-2.5.0.tar.gz ++++++ /work/SRC/openSUSE:Factory/openbao/ui-2.4.4.tar.gz /work/SRC/openSUSE:Factory/.openbao.new.1670/ui-2.5.0.tar.gz differ: char 5, line 1 ++++++ vendor.tar.gz ++++++ /work/SRC/openSUSE:Factory/openbao/vendor.tar.gz /work/SRC/openSUSE:Factory/.openbao.new.1670/vendor.tar.gz differ: char 13, line 1
