Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package amazon-ecs-init for openSUSE:Factory
checked in at 2026-05-28 23:12:42
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/amazon-ecs-init (Old)
and /work/SRC/openSUSE:Factory/.amazon-ecs-init.new.1937 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "amazon-ecs-init"
Thu May 28 23:12:42 2026 rev:19 rq:1355666 version:1.103.2
Changes:
--------
--- /work/SRC/openSUSE:Factory/amazon-ecs-init/amazon-ecs-init.changes
2026-05-24 19:37:49.496615350 +0200
+++
/work/SRC/openSUSE:Factory/.amazon-ecs-init.new.1937/amazon-ecs-init.changes
2026-05-28 23:14:03.220618392 +0200
@@ -1,0 +2,35 @@
+Thu May 28 13:51:44 UTC 2026 - John Paul Adrian Glaubitz
<[email protected]>
+
+- Update to version 1.103.2
+ * Enhancement - Bump github.com/aws/aws-sdk-go-v2/service/fsx from
+ 1.53.1 to 1.65.10 in /agent (#4966)
+ * Enhancement - Add semgrep security scan for command injection (#4959)
+ * Enhancement - Bump golang.org/x/tools from 0.39.0 to 0.45.0 in
+ /ecs-agent (#4965), also updates x/net to 0.54.0 (bsc#1266652,
CVE-2026-39821)
+ * Enhancement - Add integration test for credential refresher (#4961)
+ * Enhancement - Bump golang.org/x/tools from 0.42.0 to 0.45.0 in /agent
(#4873)
+ * Enhancement - Update Go version to 1.25.10 (#4960)
+ * Enhancement - Bump go.etcd.io/bbolt from 1.3.9 to 1.4.3 in /ecs-agent
(#4872)
+ * Enhancement - update credentials-fetcher retry comments/tests (#4954)
+ * Enhancement - Enhancement - Add retry mechanism to credentialsfetcher
(#4948)
+ * Enhancement - Add IMDS credential refresher (#4953)
+ * Bugfix - fix flaky tests depending on timers (#4955)
+- from version 1.103.1
+ * Feature - Implement IMDS scanner for task credential retrieval,
+ in the shared library (#4945)
+ * Feature - Add config/capability for IMDS-based task credential retrieval
+ (disabled for now) (#4938)
+ * Feature - Add IMDS credential scanner interface and capability constant
+ for IMDS-based task credential retrieval (#4937)
+ * Enhancement - Bump github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs
+ from 1.47.3 to 1.65.0 in /agent (#4921)
+ * Enhancement - Bump github.com/aws/aws-sdk-go-v2/service/s3
+ from 1.63.1 to 1.97.3 in /ecs-init (#4923)
+ * Enhancement - Bump github.com/aws/aws-sdk-go-v2/service/s3
+ from 1.79.2 to 1.97.3 in /agent (#4924)
+ * Enhancement - Bump go.opentelemetry.io/otel/exporters/otlp/
+ otlptrace/ otlptracehttp from 1.32.0 to 1.43.0 in /agent (#4926)
+ * Enhancement - Truncate log values to make agent logs less verbose (#4940)
+- Drop CVE-2026-33814.patch, merged upstream
+
+-------------------------------------------------------------------
Old:
----
CVE-2026-33814.patch
amazon-ecs-init-1.103.0.tar.gz
New:
----
amazon-ecs-init-1.103.2.tar.gz
----------(Old B)----------
Old: * Enhancement - Truncate log values to make agent logs less verbose
(#4940)
- Drop CVE-2026-33814.patch, merged upstream
----------(Old E)----------
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ amazon-ecs-init.spec ++++++
--- /var/tmp/diff_new_pack.s3RY8I/_old 2026-05-28 23:14:04.204658879 +0200
+++ /var/tmp/diff_new_pack.s3RY8I/_new 2026-05-28 23:14:04.208659044 +0200
@@ -18,7 +18,7 @@
%define short_name amazon-ecs
Name: amazon-ecs-init
-Version: 1.103.0
+Version: 1.103.2
Release: 0
Summary: Amazon EC2 Container Service Initialization
License: Apache-2.0
@@ -28,8 +28,6 @@
Source1: %{short_name}.service
Source2: amazon-ecs-init.tmpfiles
Patch0: reproducible.patch
-# PATCH-FIX-UPSTREAM - net: http2: prevent hanging Transport due to bad
SETTINGS frame
-Patch1: CVE-2026-33814.patch
BuildRequires: go >= 1.25.9
BuildRequires: pkgconfig(systemd)
# We cannot handle cross module dependencies properly, i.e. one module can
@@ -142,11 +140,6 @@
%prep
%setup -q -n amazon-ecs-agent-%{version}
%patch -P0 -p1
-# As ecs-init uses x/net/http2 via ecs-agent,
-# we have to patch the vulnerability there
-pushd ecs-agent/vendor/golang.org/x/net
-%patch -P1 -p1
-popd
%build
env
++++++ amazon-ecs-init-1.103.0.tar.gz -> amazon-ecs-init-1.103.2.tar.gz ++++++
/work/SRC/openSUSE:Factory/amazon-ecs-init/amazon-ecs-init-1.103.0.tar.gz
/work/SRC/openSUSE:Factory/.amazon-ecs-init.new.1937/amazon-ecs-init-1.103.2.tar.gz
differ: char 12, line 1
