Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package distribution for openSUSE:Factory checked in at 2026-04-28 11:57:50 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/distribution (Old) and /work/SRC/openSUSE:Factory/.distribution.new.11940 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "distribution" Tue Apr 28 11:57:50 2026 rev:11 rq:1349543 version:3.1.0 Changes: -------- --- /work/SRC/openSUSE:Factory/distribution/distribution.changes 2026-02-10 21:13:48.107030625 +0100 +++ /work/SRC/openSUSE:Factory/.distribution.new.11940/distribution.changes 2026-04-28 12:01:46.878996952 +0200 @@ -1,0 +2,137 @@ +Mon Apr 27 09:26:10 UTC 2026 - Dirk Müller <[email protected]> + +- update to 3.1.0 ( + bsc#1262096, CVE-2026-35172, + bsc#1261793, CVE-2026-33540, + bsc#1260283, CVE-2026-33186, + bsc#1262951, CVE-2026-34986, + bsc#1259718): + * Fixes CVE-2026-35172 + * Fixes CVE-2026-33540 + * Adds support for tag pagination + * Fixes default credentials in Azure storage provider + * Drops support for go1.23 and go1.24 and updates to go1.25 + * See the full changelog below for the full list of changes. + * docs: Update to refer to new image tag v3 + * Fix default_credentials in azure storage provider + * chore: make function comment match function name + * build(deps): bump golang.org/x/net from 0.37.0 to 0.38.0 in + the go_modules group across 1 directory + * fix: implement JWK thumbprint for Ed25519 public keys + * fix: Annotate code block from validation.indexes + configuration docs + * feat: extract redis config to separate struct + * Fix: resolve issue #4478 by using a temporary file for non- + append writes + * build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 + * docs: Add note about `OTEL_TRACES_EXPORTER` + * fix: set OTEL traces to disabled by default + * Fix markdown syntax for OTEL traces link in docs + * Switch UUIDs to UUIDv7 + * refactor: replace map iteration with maps.Copy/Clone + * s3-aws: fix build for 386 + * docs: Add OpenTelemetry links to quickstart docs + * Fix S3 driver loglevel param + * Fixed data race in TestSchedule test + * Fixes #4683 - uses X/Y instead of Gx/Gy for thumbprint of + ecdsa keys + * build(deps): bump actions/checkout from 4 to 5 + * Fix broken link to Docker Hub fair use policy + * fix(registry/handlers/app): redis CAs + * build(deps): bump actions/labeler from 5 to 6 + * build(deps): bump actions/setup-go from 5 to 6 + * build(deps): bump actions/upload-pages-artifact from 3 to 4 + * build(deps): bump ossf/scorecard-action from 2.4.2 to 2.4.3 + * build(deps): bump github/codeql-action from 3.26.5 to 4.30.7 + * build(deps): bump github/codeql-action from 4.30.7 to 4.30.8 + * chore: labeler: add area/client mapping for + internal/client/** + * client: add Accept headers to Exists() HEAD + * feat(registry): Make graceful shutdown test robust + * fix(registry): Correct log formatting for upstream challenge + * build(deps): bump github/codeql-action from 4.30.8 to 4.30.9 + * build(deps): bump github/codeql-action from 4.30.9 to 4.31.3 + * refactor: remove redundant variable declarations in for loops + * "should" -> "must" regarding redis eviction policy + * build(deps): bump actions/checkout from 5 to 6 + * Incorrect warning hint + * Add return error when list object + * build(deps): bump actions/checkout from 5.0.1 to 6.0.0 + * build(deps): bump peter-evans/dockerhub-description from 4 to + 5 + * fix: Logging regression for manifest HEAD requests + * Add boolean parsing util + * Expose `useFIPSEndpoint` for S3 + * Add Cloudfleet Container Registry to adopters + * fix(ci): Fix broken Azure e2e storage tests + * BUG: Fix notification filtering to work with actions when + mediatypes is empty + * build(deps): bump actions/checkout from 6.0.0 to 6.0.1 + * build(deps): bump actions/upload-artifact from 4.6.2 to 6.0.0 + * build(deps): bump github/codeql-action from 4.31.3 to 4.31.10 + * build(deps): bump github/codeql-action from 4.31.10 to 4.32.2 + * build(deps): bump actions/checkout from 6.0.1 to 6.0.2 + * update golangci-lint to v2.9 and fix linting issues + * update to go1.25.7, alpine 3.23, xx v1.9.0 + * vendor: github.com/sirupsen/logrus v1.9.4 + * vendor: update golang.org/x/* dependencies + * vendor: github.com/docker/docker-credential-helpers v0.9.5 + * vendor: github.com/opencontainers/image-spec v1.1.1 + * vendor: github.com/klauspost/compress v1.18.4 + * fix: prefer otel variables over hard coded service name + * vendor: github.com/spf13/cobra v1.10.2 + * vendor: github.com/bshuster-repo/logrus-logstash-hook v1.1.0 + * fix: sync parent dir to ensure data is reliably stored + * modernize code + * vendor: github.com/docker/go-events 605354379745 + * vendor: github.com/go-jose/go-jose/v4 v4.1.3 + * build(deps): bump github/codeql-action from 4.32.2 to 4.32.5 + * build(deps): bump docker/login-action from 3 to 4 + * build(deps): bump actions/upload-artifact from 6.0.0 to 7.0.0 + * build(deps): bump docker/setup-buildx-action from 3 to 4 + * build(deps): bump docker/bake-action from 6 to 7 + * build(deps): bump docker/metadata-action from 5 to 6 + * fix: nil-check scheduler in `proxyingRegistry.Close()` + * fix: set MD5 on GCS writer before first `Write` call in + `putContent` + * docs: pull through cache will pull from remote multiple times + * Update s3.md regionendpoint option + * chore(deps): Bump Go to latest 1.25 in CI workflows and + go.mod + * fix: correct Ed25519 JWK thumbprint `kty` from `"OTP"` to + `"OKP"` + * Update vacuum.go + * Opt: refector tag list pagination support (stage 1) + * Correctly match environment variables to YAML-inlined structs + in configuration + * Enable Redis TLS without client certificates + * build(deps): bump actions/deploy-pages from 4 to 5 + * build(deps): bump github/codeql-action from 4.32.5 to 4.34.1 + * fix(registry/proxy): use detached context when flushing write + buffer + * ci: pin actions and apply zizmor auto-fixes + * build(deps): bump actions/setup-go from 6.3.0 to 6.4.0 + * build(deps): bump github.com/go-jose/go-jose/v4 from 4.1.3 to + 4.1.4 in the go_modules group across 1 directory + * chore(app): warn when partial TLS config is used in Redis + * feat(registry): enhance authentication checks in htpasswd + implementation + * Opt: refactor tag list pagination support + * build(deps): bump codecov/codecov-action from 5.5.4 to 6.0.0 + * build(deps): bump actions/configure-pages from 5.0.0 to 6.0.0 + * fix(vendor): fix broke vendor validation + * chore(ci): Prep for v3.1 release + +------------------------------------------------------------------- +Mon Apr 27 09:25:23 UTC 2026 - Dirk Müller <[email protected]> + +- Update to version 3.1.0: + * chore(ci): Prep for v3.1 release + * fix(vendor): fix broke vendpor validation + * Opt: refactor tag list pagination support + * build(deps): bump codecov/codecov-action from 5.5.4 to 6.0.0 + * fix redis repo-scoped blob descriptor revocation + * build(deps): bump actions/configure-pages from 5.0.0 to 6.0.0 + * proxy: bind bearer realms to upstream trust boundary + +------------------------------------------------------------------- Old: ---- distribution-3.0.0.tar.zst New: ---- distribution-3.1.0.tar.zst ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ distribution.spec ++++++ --- /var/tmp/diff_new_pack.aqqLJY/_old 2026-04-28 12:01:47.475021643 +0200 +++ /var/tmp/diff_new_pack.aqqLJY/_new 2026-04-28 12:01:47.479021808 +0200 @@ -18,7 +18,7 @@ %define goipath github.com/distribution/distribution/v3 Name: distribution -Version: 3.0.0 +Version: 3.1.0 Release: 0 Summary: The toolset to pack, ship, store, and deliver content License: Apache-2.0 @@ -34,7 +34,7 @@ BuildRequires: systemd-rpm-macros BuildRequires: sysuser-tools BuildRequires: zstd -BuildRequires: golang(API) = 1.24 +BuildRequires: golang(API) = 1.26 Provides: docker-distribution = %{version} Obsoletes: docker-distribution < %{version} ExclusiveArch: %ix86 x86_64 %arm aarch64 ppc64 ppc64le s390x riscv64 ++++++ _service ++++++ --- /var/tmp/diff_new_pack.aqqLJY/_old 2026-04-28 12:01:47.543024460 +0200 +++ /var/tmp/diff_new_pack.aqqLJY/_new 2026-04-28 12:01:47.547024626 +0200 @@ -3,8 +3,8 @@ <param name="url">https://github.com/docker/distribution.git</param> <param name="scm">git</param> <param name="exclude">.git</param> - <param name="versionformat">3.0.0</param> - <param name="revision">v3.0.0</param> + <param name="versionformat">3.1.0</param> + <param name="revision">v3.1.0</param> <param name="changesgenerate">enable</param> </service> <service name="recompress" mode="manual"> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.aqqLJY/_old 2026-04-28 12:01:47.575025786 +0200 +++ /var/tmp/diff_new_pack.aqqLJY/_new 2026-04-28 12:01:47.583026117 +0200 @@ -1,5 +1,8 @@ <servicedata> <service name="tar_scm"> <param name="url">https://github.com/distribution/distribution.git</param> - <param name="changesrevision">b5ca020cfbe998e5af3457fda087444cf5116496</param></service></servicedata> + <param name="changesrevision">b5ca020cfbe998e5af3457fda087444cf5116496</param></service><service name="tar_scm"> + <param name="url">https://github.com/docker/distribution.git</param> + <param name="changesrevision">708f8d6b060248fe7192294dd5440320ffc86da0</param></service></servicedata> +(No newline at EOF) ++++++ distribution-3.0.0.tar.zst -> distribution-3.1.0.tar.zst ++++++ /work/SRC/openSUSE:Factory/distribution/distribution-3.0.0.tar.zst /work/SRC/openSUSE:Factory/.distribution.new.11940/distribution-3.1.0.tar.zst differ: char 7, line 1
