Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package gleam for openSUSE:Factory checked in at 2026-06-04 18:55:33 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/gleam (Old) and /work/SRC/openSUSE:Factory/.gleam.new.2375 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "gleam" Thu Jun 4 18:55:33 2026 rev:17 rq:1357049 version:1.17.0 Changes: -------- --- /work/SRC/openSUSE:Factory/gleam/gleam.changes 2026-06-02 16:07:47.471532547 +0200 +++ /work/SRC/openSUSE:Factory/.gleam.new.2375/gleam.changes 2026-06-04 18:57:25.772589000 +0200 @@ -1,0 +2,26 @@ +Wed Jun 3 10:40:39 UTC 2026 - Jan Fooken <[email protected]> + +- Update to 1.17.0: + * Fixed security vulnerabilities: + - Restrict custom documentation page `path` and `source` values so + `gleam docs build` cannot escape the docs output directory or project + root (bsc#1267396, CVE-2026-32685) + - Restrict publication tarball creation so they cannot contain files + from outside the project root (bsc#1267397, CVE-2026-42795) + - Stricter deserialisation rules for files internal the build directory + to reject corrupted data (bsc#1267398, CVE-2026-43965) + * All features and bug fixes are extensively highlighted with + examples in the upstream blog post at + https://gleam.run/news/single-file-gleam-beam-programs-with-escript/ + and changelog at + https://github.com/gleam-lang/gleam/blob/v1.17.0/CHANGELOG.md some of + the highlights include: + - Various JavaScript code generation fixes and optimization + - Various compiler error handling improvements + - Ability to use the `todo` keyword in constants + - Improved handling of Git monorepos during package management + - Ability to create escripts from Gleam programs + - Various language server improvements like reference highlighting, + record hovering and code actions + +------------------------------------------------------------------- Old: ---- gleam-1.16.0.obscpio gleam-1.16.0.tar.zst gleam.obsinfo New: ---- gleam-1.17.0.tar.zst ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ gleam.spec ++++++ --- /var/tmp/diff_new_pack.1dNkC4/_old 2026-06-04 18:57:33.380903249 +0200 +++ /var/tmp/diff_new_pack.1dNkC4/_new 2026-06-04 18:57:33.392903745 +0200 @@ -17,7 +17,7 @@ Name: gleam -Version: 1.16.0 +Version: 1.17.0 Release: 0 Summary: A friendly language for building type-safe, scalable systems! License: Apache-2.0 @@ -29,6 +29,7 @@ # https://github.com/rust-lang/rust/issues/120301 BuildRequires: cargo >= 1.91.0 # For tests +BuildRequires: erlang BuildRequires: git-core Requires: erlang Requires: erlang-rebar3 @@ -50,8 +51,9 @@ install -m 0755 %{_builddir}/%{name}-%{version}/target/release/gleam %{buildroot}%{_bindir}/gleam %check -# Requires JavaScript engines that aren't packaged on openSUSE -%{cargo_test} -- --skip tests::echo +# tests::echo requires JavaScript engines that aren't packaged on openSUSE +# tests::escript_success_with_dependency requires network access +%{cargo_test} -- --skip tests::echo --skip tests::escript_success_with_dependency %files %license LICENCE ++++++ _scmsync.obsinfo ++++++ --- /var/tmp/diff_new_pack.1dNkC4/_old 2026-06-04 18:57:33.692916137 +0200 +++ /var/tmp/diff_new_pack.1dNkC4/_new 2026-06-04 18:57:33.716917128 +0200 @@ -1,6 +1,6 @@ -mtime: 1777542355 -commit: 75343758b1900e691915975e5f9736e4a43b023f751fdf1d213cd2270f389b57 +mtime: 1780489299 +commit: 8400b2469fb71ad2c07917b45589ab475f20c00167efccd0399b06acafcd228f url: https://src.opensuse.org/erlang/gleam -revision: 75343758b1900e691915975e5f9736e4a43b023f751fdf1d213cd2270f389b57 +revision: 8400b2469fb71ad2c07917b45589ab475f20c00167efccd0399b06acafcd228f projectscmsync: https://src.opensuse.org/erlang/_ObsPrj.git ++++++ _service ++++++ --- /var/tmp/diff_new_pack.1dNkC4/_old 2026-06-04 18:57:33.844922415 +0200 +++ /var/tmp/diff_new_pack.1dNkC4/_new 2026-06-04 18:57:33.872923572 +0200 @@ -3,7 +3,7 @@ <param name="url">https://github.com/gleam-lang/gleam.git</param> <param name="versionformat">@PARENT_TAG@</param> <param name="scm">git</param> - <param name="revision">v1.16.0</param> + <param name="revision">v1.17.0</param> <param name="match-tag">*</param> <param name="versionrewrite-pattern">v(\d+\.\d+\.\d+)</param> <param name="versionrewrite-replacement">\1</param> ++++++ build.specials.obscpio ++++++ ++++++ build.specials.obscpio ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/.gitignore new/.gitignore --- old/.gitignore 1970-01-01 01:00:00.000000000 +0100 +++ new/.gitignore 2026-06-03 14:21:39.000000000 +0200 @@ -0,0 +1 @@ +.osc ++++++ gleam-1.16.0.tar.zst -> gleam-1.17.0.tar.zst ++++++ ++++ 31295 lines of diff (skipped) ++++++ vendor.tar.zst ++++++ /work/SRC/openSUSE:Factory/gleam/vendor.tar.zst /work/SRC/openSUSE:Factory/.gleam.new.2375/vendor.tar.zst differ: char 7, line 1
