Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package mcphost for openSUSE:Factory checked in at 2026-05-23 23:23:57 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/mcphost (Old) and /work/SRC/openSUSE:Factory/.mcphost.new.2084 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "mcphost" Sat May 23 23:23:57 2026 rev:8 rq:1354772 version:0.34.0 Changes: -------- --- /work/SRC/openSUSE:Factory/mcphost/mcphost.changes 2026-05-14 21:46:01.778176729 +0200 +++ /work/SRC/openSUSE:Factory/.mcphost.new.2084/mcphost.changes 2026-05-23 23:24:35.905905453 +0200 @@ -1,0 +2,16 @@ +Fri May 22 16:17:34 UTC 2026 - Egbert Eich <[email protected]> + +- Fix CVE-2026-39827, CVE-2026-39834, CVE-2026-39828, CVE-2026-39829, + CVE-2026-39831, CVE-2026-42508, CVE-2026-39833, CVE-2026-39830, + CVE-2026-39832, CVE-2026-46597, CVE-2026-46598, CVE-2026-46595, + CVE-2026-39835 (bsc#266145) + Update golang.org/x/crypto to v0.52.0 +- Integrate vulnchecker into %check stage (optional). + +------------------------------------------------------------------- +Fri May 22 08:00:24 UTC 2026 - Egbert Eich <[email protected]> + +- Fix CVE-2026-33814 GO-2026-4918 (bsc#1265730): + Update golang.org/x/net to 0.53.0. + +------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ mcphost.spec ++++++ --- /var/tmp/diff_new_pack.K2AcE8/_old 2026-05-23 23:24:37.877985960 +0200 +++ /var/tmp/diff_new_pack.K2AcE8/_new 2026-05-23 23:24:37.877985960 +0200 @@ -15,6 +15,8 @@ # Please submit bugfixes or comments via https://bugs.opensuse.org/ # +%{bcond_with vulncheck} + Name: mcphost Version: 0.34.0 Release: 0 @@ -24,8 +26,10 @@ Source0: https://github.com/mark3labs/mcphost/archive/refs/tags/v%{version}.tar.gz#/%{name}-%{version}.tar.gz Source1: vendor.tar.gz BuildRequires: golang(API) >= 1.26 +%if %{with vulncheck} BuildRequires: govulncheck BuildRequires: govulncheck-vulndb +%endif %description A CLI host application that enables Large Language Models (LLMs) to interact @@ -87,6 +91,12 @@ %check # execute the binary as a basic check %{buildroot}/%{_bindir}/%{name} help +%if %{with vulncheck} +for i in $(find %{buildroot} -executable -and -not -type d -and -not -name "*.debug" -and -not -name "*.so*"); do + file $i | grep -q "^$i: ELF" || continue + govulncheck -mode=binary -db file:///usr/share/vulndb/ $i +done +%endif %files %license LICENSE ++++++ _scmsync.obsinfo ++++++ --- /var/tmp/diff_new_pack.K2AcE8/_old 2026-05-23 23:24:38.209999514 +0200 +++ /var/tmp/diff_new_pack.K2AcE8/_new 2026-05-23 23:24:38.278002290 +0200 @@ -1,5 +1,5 @@ -mtime: 1778771870 -commit: 44d0d009fa8e510795c31d537a0052da461de99e74000135f12d24326f52f3e7 +mtime: 1779467110 +commit: a2c183c8361ea69a9a8a3deada3fbb0bde7fb23bed93c3d86a6a4c187085d76d url: https://src.opensuse.org/AI/mcphost revision: main ++++++ _service ++++++ --- /var/tmp/diff_new_pack.K2AcE8/_old 2026-05-23 23:24:38.530012578 +0200 +++ /var/tmp/diff_new_pack.K2AcE8/_new 2026-05-23 23:24:38.578014537 +0200 @@ -7,7 +7,10 @@ github.com/buger/jsonparser=github.com/buger/[email protected] </param> <param name="replace"> - golang.org/x/net=golang.org/x/[email protected] + golang.org/x/net=golang.org/x/[email protected] + </param> + <param name="replace"> + golang.org/x/crypto=golang.org/x/[email protected] </param> </service> </services> ++++++ build.specials.obscpio ++++++ ++++++ build.specials.obscpio ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/.gitignore new/.gitignore --- old/.gitignore 1970-01-01 01:00:00.000000000 +0100 +++ new/.gitignore 2026-05-22 18:25:10.000000000 +0200 @@ -0,0 +1,4 @@ +*.obscpio +*.osc +_build.* +.pbuild ++++++ vendor.tar.gz ++++++ /work/SRC/openSUSE:Factory/mcphost/vendor.tar.gz /work/SRC/openSUSE:Factory/.mcphost.new.2084/vendor.tar.gz differ: char 119, line 1
