Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package openbao for openSUSE:Factory checked in at 2026-05-21 18:29:45 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/openbao (Old) and /work/SRC/openSUSE:Factory/.openbao.new.2084 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "openbao" Thu May 21 18:29:45 2026 rev:20 rq:1354397 version:2.5.4 Changes: -------- --- /work/SRC/openSUSE:Factory/openbao/openbao.changes 2026-04-21 12:47:22.028761985 +0200 +++ /work/SRC/openSUSE:Factory/.openbao.new.2084/openbao.changes 2026-05-21 18:32:19.358854679 +0200 @@ -1,0 +2,66 @@ +Thu May 21 06:40:42 UTC 2026 - Johannes Kastl <[email protected]> + +- Update to version 2.5.4: + * SECURITY + - core/auth: Fix audit logs dropping custom headers when using + inline auth. GHSA-q8cj-789h-vg24 / CVE-2026-46358. [GH-3076] + - core: Prevent hidden default token issuance from auth plugin + endpoints returning both a logical.Auth{} response object and + an error. GHSA-7j6w-vvw2-5f9c / CVE-2026-46405. [GH-3150] + - core: Remove legacy lease endpoints (sys/revoke, sys/renew, + sys/revoke-prefix, and sys/revoke-force) due to + cross-namespace lease modification. GHSA-v8v8-cm84-m686 / + CVE-2026-45808. [GH-3152] + * IMPROVEMENTS + - storage/postgresql: Set constraint name to table+"_pkey" and + ha_table+"_pkey" and index to table+"_idx" for uniqueness + when reusing the same database partition for multiple OpenBao + instances. [GH-2876] + * BUG FIXES + - auth/kerberos: Do not return logical.Auth{} response during + initial negotiation at the same time as an error. [GH-3150] + - core/mfa: Handle invalidation for login MFA, ensuring standby + nodes respond appropriately on writes. [GH-3083] + - core/policies: Fix list_scan_response_keys_filter_path + incorrectly erring on empty list responses. [GH-3063] + - core/quotas: Correctly handle default rate limit exempt paths + on quota configuration invalidation. [GH-2953] + - core: Disallow logical secret engines from creating + authentication tokens. [GH-3087] + - core: Forward generate-root, step-down and rekey requests to + active node to resolve inconsistent standby behavior. + [GH-3006] + - storage/raft: Wait for autopilot shutdown to avoid panic when + racing to retrieve known servers. [GH-3054] + - storage/postgresql: Revert accidental rename of ha_table + option to haTable. Both spellings are now supported to retain + compatibility, though ha_table takes precedence. [GH-2876] + * What's Changed + - Remove 2.5.x community docs by @cipherboy in #3071 + - Disallow non-auth plugins from creating tokens (#3087 by + @cipherboy) backported by @phil9909 in #3112 + - Handle invalidation of LoginMFA keys (#3083 by @cipherboy) + backported by @phil9909 in #3113 + - Fix audit logs dropping custom headers when using inline auth + (#3076 by @jackyliao123) backported by @phil9909 in #3114 + - fix: nil-guard d.autopilot before calling GetState (#3054 by + @mpldr) backported by @phil9909 in #3115 + - fix: Fix request handling filtering for the no data case + (#3063 by @eklatzer) backported by @phil9909 in #3116 + - Update vulnerable deps before 2.5.4 by @cipherboy in #3121 + - Fix cache invalidation memory leak (#3105 by @cipherboy) + backported by @phil9909 in #3131 + - Use unique constraints, indices in PostgreSQL storage (#2876 + by @cipherboy) backported by @phil9909 in #3132 + - Correctly handle default_rate_limit_exempt_paths_toggle + invalidation (#2953 by @cipherboy) backported by @phil9909 in + #3134 + - Fix /v1/sys/ forwarding regressions for standby instances + (#3006 by @tsaarni) backported by @phil9909 in #3133 + - Remove legacy cross-namespace lease endpoints (#3152 by + @cipherboy) backported by @cipherboy in #3153 + - Prevent errors from creating orphaned tokens (#3150 by + @cipherboy) backported by @cipherboy in #3151 + - Add release notes for v2.5.4 by @satoqz in #3154 + +------------------------------------------------------------------- Old: ---- openbao-2.5.3.obscpio ui-2.5.3.tar.gz New: ---- openbao-2.5.4.obscpio ui-2.5.4.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ openbao.spec ++++++ --- /var/tmp/diff_new_pack.yRxJ56/_old 2026-05-21 18:32:36.575562317 +0200 +++ /var/tmp/diff_new_pack.yRxJ56/_new 2026-05-21 18:32:36.575562317 +0200 @@ -23,7 +23,7 @@ %define short_executable_name bao Name: openbao -Version: 2.5.3 +Version: 2.5.4 Release: 0 Summary: Manage, store, and distribute sensitive data License: MPL-2.0 ++++++ _service ++++++ --- /var/tmp/diff_new_pack.yRxJ56/_old 2026-05-21 18:32:36.659565770 +0200 +++ /var/tmp/diff_new_pack.yRxJ56/_new 2026-05-21 18:32:36.671566263 +0200 @@ -2,7 +2,7 @@ <service name="obs_scm" mode="manual"> <param name="url">https://github.com/openbao/openbao</param> <param name="scm">git</param> - <param name="revision">v2.5.3</param> + <param name="revision">v2.5.4</param> <param name="package-meta">yes</param> <param name="versionformat">@PARENT_TAG@</param> <param name="versionrewrite-pattern">v(.*)</param> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.yRxJ56/_old 2026-05-21 18:32:36.719568236 +0200 +++ /var/tmp/diff_new_pack.yRxJ56/_new 2026-05-21 18:32:36.735568893 +0200 @@ -1,6 +1,6 @@ <servicedata> <service name="tar_scm"> <param name="url">https://github.com/openbao/openbao</param> - <param name="changesrevision">988c88d7ef54b4d4581629b229488dfba5e085ba</param></service></servicedata> + <param name="changesrevision">4f6d47246a053375271a5fd8af85c3b75695aa46</param></service></servicedata> (No newline at EOF) ++++++ openbao-2.5.3.obscpio -> openbao-2.5.4.obscpio ++++++ /work/SRC/openSUSE:Factory/openbao/openbao-2.5.3.obscpio /work/SRC/openSUSE:Factory/.openbao.new.2084/openbao-2.5.4.obscpio differ: char 48, line 1 ++++++ openbao.obsinfo ++++++ --- /var/tmp/diff_new_pack.yRxJ56/_old 2026-05-21 18:32:36.827572675 +0200 +++ /var/tmp/diff_new_pack.yRxJ56/_new 2026-05-21 18:32:36.835573004 +0200 @@ -1,5 +1,5 @@ name: openbao -version: 2.5.3 -mtime: 1776712412 -commit: 988c88d7ef54b4d4581629b229488dfba5e085ba +version: 2.5.4 +mtime: 1779292428 +commit: 4f6d47246a053375271a5fd8af85c3b75695aa46 ++++++ ui-2.5.3.tar.gz -> ui-2.5.4.tar.gz ++++++ /work/SRC/openSUSE:Factory/openbao/ui-2.5.3.tar.gz /work/SRC/openSUSE:Factory/.openbao.new.2084/ui-2.5.4.tar.gz differ: char 14, line 1 ++++++ vendor.tar.gz ++++++ /work/SRC/openSUSE:Factory/openbao/vendor.tar.gz /work/SRC/openSUSE:Factory/.openbao.new.2084/vendor.tar.gz differ: char 14, line 1
