Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package keybase-client for openSUSE:Factory 
checked in at 2026-06-30 15:13:05
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/keybase-client (Old)
 and      /work/SRC/openSUSE:Factory/.keybase-client.new.11887 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "keybase-client"

Tue Jun 30 15:13:05 2026 rev:39 rq:1362545 version:6.6.3

Changes:
--------
--- /work/SRC/openSUSE:Factory/keybase-client/keybase-client.changes    
2026-06-03 20:31:21.143425491 +0200
+++ /work/SRC/openSUSE:Factory/.keybase-client.new.11887/keybase-client.changes 
2026-06-30 15:13:29.020143445 +0200
@@ -1,0 +2,8 @@
+Mon Jun 29 20:36:43 UTC 2026 - Matthias Bach <[email protected]>
+
+- CVE-2026-46604: TIFF decoder can panic when decoding an invalid
+  image with an out-of-bounds strip offset (bsc#1269600)
+  * Add update-golang-image-1.patch and update-golang-image-2.patch
+    to backport upstreams fix.
+
+-------------------------------------------------------------------

New:
----
  update-golang-image-1.patch
  update-golang-image-2.patch

----------(New B)----------
  New:  image with an out-of-bounds strip offset (bsc#1269600)
  * Add update-golang-image-1.patch and update-golang-image-2.patch
    to backport upstreams fix.
  New:  image with an out-of-bounds strip offset (bsc#1269600)
  * Add update-golang-image-1.patch and update-golang-image-2.patch
    to backport upstreams fix.
----------(New E)----------

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ keybase-client.spec ++++++
--- /var/tmp/diff_new_pack.h8eqMC/_old  2026-06-30 15:13:30.284186246 +0200
+++ /var/tmp/diff_new_pack.h8eqMC/_new  2026-06-30 15:13:30.288186382 +0200
@@ -33,6 +33,8 @@
 Patch1:         ensure-mount-dir-exists.patch
 Patch2:         ensure-service-stop-unmounts-filesystem.patch
 Patch3:         update-filippo.io-edwards25519.patch
+Patch4:         update-golang-image-1.patch
+Patch5:         update-golang-image-2.patch
 BuildRequires:  fdupes
 BuildRequires:  go1.25
 BuildRequires:  golang-packaging

++++++ update-golang-image-1.patch ++++++
From: zoom-ua <[email protected]>
Date: Wed, 3 Jun 2026 10:10:57 -0400
Subject: [PATCH] bump golang.org/x/image (#29278)
References: gh#keybase/client#29278 bsc#1269600
Upstream: merged


---
 go/go.mod | 2 +-
 go/go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go/go.mod b/go/go.mod
index 986500d53b1a..e1699230367f 100644
--- a/go/go.mod
+++ b/go/go.mod
@@ -72,7 +72,7 @@ require (
        github.com/vividcortex/ewma v1.1.2-0.20170804035156-43880d236f69
        go.uber.org/zap v1.24.0
        golang.org/x/crypto v0.52.0
-       golang.org/x/image v0.38.0
+       golang.org/x/image v0.41.0
        golang.org/x/mobile v0.0.0-20251209145715-2553ed8ce294 // indirect
        golang.org/x/net v0.55.0
        golang.org/x/sync v0.20.0
diff --git a/go/go.sum b/go/go.sum
index 727fc48a97b5..2d8a378f8fed 100644
--- a/go/go.sum
+++ b/go/go.sum
@@ -530,8 +530,8 @@ golang.org/x/crypto v0.31.0/go.mod 
h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ss
 golang.org/x/crypto v0.32.0/go.mod 
h1:ZnnJkOaASj8g0AjIduWNlq2NRxL0PlBrbKVyZ6V/Ugc=
 golang.org/x/crypto v0.52.0 h1:RMs7fP2rXdep0CftQlK8Uf+kibLm7qkCcradZWYz988=
 golang.org/x/crypto v0.52.0/go.mod 
h1:1QgfPxDqh0T2M/elOJtp9RvuR95kVjir0e6/BvEmGbc=
-golang.org/x/image v0.38.0 h1:5l+q+Y9JDC7mBOMjo4/aPhMDcxEptsX+Tt3GgRQRPuE=
-golang.org/x/image v0.38.0/go.mod 
h1:/3f6vaXC+6CEanU4KJxbcUZyEePbyKbaLoDOe4ehFYY=
+golang.org/x/image v0.41.0 h1:8wS72eGJMJaBxK6okTzd4WaXumUlTVlb753MlsSvTCo=
+golang.org/x/image v0.41.0/go.mod 
h1:uIc348UZMSvS5Z65CVZ7iDPaNobNFEPeJ4kbqTOszmA=
 golang.org/x/mobile v0.0.0-20251209145715-2553ed8ce294 
h1:Cr6kbEvA6nqvdHynE4CtVKlqpZB9dS1Jva/6IsHA19g=
 golang.org/x/mobile v0.0.0-20251209145715-2553ed8ce294/go.mod 
h1:RdZ+3sb4CVgpCFnzv+I4haEpwqFfsfzlLHs3L7ok+e0=
 golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=


++++++ update-golang-image-2.patch ++++++
From: zoom-ua <[email protected]>
Date: Fri, 26 Jun 2026 14:36:16 -0400
Subject: [PATCH]  golang.org/x/[email protected] (#29354)
References: gh#keybase/client#29354 bsc#1269600
Upstream: merged

---
 go/go.mod | 12 ++++++------
 go/go.sum | 24 ++++++++++++------------
 2 files changed, 18 insertions(+), 18 deletions(-)

diff --git a/go/go.mod b/go/go.mod
index 045af534f27f..61b140cf6ee7 100644
--- a/go/go.mod
+++ b/go/go.mod
@@ -72,12 +72,12 @@ require (
        github.com/vividcortex/ewma v1.1.2-0.20170804035156-43880d236f69
        go.uber.org/zap v1.24.0
        golang.org/x/crypto v0.52.0
-       golang.org/x/image v0.41.0
+       golang.org/x/image v0.43.0
        golang.org/x/mobile v0.0.0-20251209145715-2553ed8ce294 // indirect
        golang.org/x/net v0.55.0
-       golang.org/x/sync v0.20.0
+       golang.org/x/sync v0.21.0
        golang.org/x/sys v0.45.0
-       golang.org/x/text v0.37.0
+       golang.org/x/text v0.38.0
        golang.org/x/time v0.14.0
        gopkg.in/src-d/go-billy.v4 v4.3.2
        gopkg.in/src-d/go-git.v4 v4.13.1
@@ -182,9 +182,9 @@ require (
        go.uber.org/atomic v1.7.0 // indirect
        go.uber.org/multierr v1.6.0 // indirect
        go4.org v0.0.0-20161118210015-09d86de304dc // indirect
-       golang.org/x/mod v0.35.0 // indirect
-       golang.org/x/telemetry v0.0.0-20260409153401-be6f6cb8b1fa // indirect
-       golang.org/x/tools v0.44.0 // indirect
+       golang.org/x/mod v0.36.0 // indirect
+       golang.org/x/telemetry v0.0.0-20260508192327-42602be52be6 // indirect
+       golang.org/x/tools v0.45.0 // indirect
        golang.org/x/vuln v1.1.4 // indirect
        google.golang.org/appengine v1.6.8 // indirect
        google.golang.org/protobuf v1.36.11 // indirect
diff --git a/go/go.sum b/go/go.sum
index 2d8a378f8fed..953ead703f7a 100644
--- a/go/go.sum
+++ b/go/go.sum
@@ -530,8 +530,8 @@ golang.org/x/crypto v0.31.0/go.mod 
h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ss
 golang.org/x/crypto v0.32.0/go.mod 
h1:ZnnJkOaASj8g0AjIduWNlq2NRxL0PlBrbKVyZ6V/Ugc=
 golang.org/x/crypto v0.52.0 h1:RMs7fP2rXdep0CftQlK8Uf+kibLm7qkCcradZWYz988=
 golang.org/x/crypto v0.52.0/go.mod 
h1:1QgfPxDqh0T2M/elOJtp9RvuR95kVjir0e6/BvEmGbc=
-golang.org/x/image v0.41.0 h1:8wS72eGJMJaBxK6okTzd4WaXumUlTVlb753MlsSvTCo=
-golang.org/x/image v0.41.0/go.mod 
h1:uIc348UZMSvS5Z65CVZ7iDPaNobNFEPeJ4kbqTOszmA=
+golang.org/x/image v0.43.0 h1:FLxcP4ec2350nTfOC8ysKtqYSIFbk/QGjw1ZHNP4tsY=
+golang.org/x/image v0.43.0/go.mod 
h1:rrpelvGFt+kLPAjPM4HeWPgrl0FtafueU//e5N0qk/Q=
 golang.org/x/mobile v0.0.0-20251209145715-2553ed8ce294 
h1:Cr6kbEvA6nqvdHynE4CtVKlqpZB9dS1Jva/6IsHA19g=
 golang.org/x/mobile v0.0.0-20251209145715-2553ed8ce294/go.mod 
h1:RdZ+3sb4CVgpCFnzv+I4haEpwqFfsfzlLHs3L7ok+e0=
 golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
@@ -541,8 +541,8 @@ golang.org/x/mod v0.8.0/go.mod 
h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/mod v0.15.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
 golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
-golang.org/x/mod v0.35.0 h1:Ww1D637e6Pg+Zb2KrWfHQUnH2dQRLBQyAtpr/haaJeM=
-golang.org/x/mod v0.35.0/go.mod h1:+GwiRhIInF8wPm+4AoT6L0FA1QWAad3OMdTRx4tFYlU=
+golang.org/x/mod v0.36.0 h1:JJjpVx6myfUsUdAzZuOSTTmRE0PfZeNWzzvKrP7amb4=
+golang.org/x/mod v0.36.0/go.mod h1:moc6ELqsWcOw5Ef3xVprK5ul/MvtVvkIXLziUOICjUQ=
 golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod 
h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20181220203305-927f97764cc3/go.mod 
h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod 
h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
@@ -577,8 +577,8 @@ golang.org/x/sync v0.3.0/go.mod 
h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=
 golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sync v0.10.0/go.mod 
h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
-golang.org/x/sync v0.20.0 h1:e0PTpb7pjO8GAtTs2dQ6jYa5BWYlMuX047Dco/pItO4=
-golang.org/x/sync v0.20.0/go.mod 
h1:9xrNwdLfx4jkKbNva9FpL6vEN7evnE43NNNJQ2LF3+0=
+golang.org/x/sync v0.21.0 h1:HLII4xRRTtCRkxYp4HNFF0Js/Og6q2i++KXbg0gHCwM=
+golang.org/x/sync v0.21.0/go.mod 
h1:9xrNwdLfx4jkKbNva9FpL6vEN7evnE43NNNJQ2LF3+0=
 golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod 
h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20181205085412-a5c9d58dba9a/go.mod 
h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20181221143128-b4a75ba826a6/go.mod 
h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -617,8 +617,8 @@ golang.org/x/sys v0.29.0/go.mod 
h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.45.0 h1:dO4czNzziLiiXplLQgBCEpCvXQ3dnkn0SdaZSYdQ+FY=
 golang.org/x/sys v0.45.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw=
 golang.org/x/telemetry v0.0.0-20240228155512-f48c80bd79b2/go.mod 
h1:TeRTkGYfJXctD9OcfyVLyj2J3IxLnKwHJR8f4D8a3YE=
-golang.org/x/telemetry v0.0.0-20260409153401-be6f6cb8b1fa 
h1:efT73AJZfAAUV7SOip6pWGkwJDzIGiKBZGVzHYa+ve4=
-golang.org/x/telemetry v0.0.0-20260409153401-be6f6cb8b1fa/go.mod 
h1:kHjTxDEnAu6/Nl9lDkzjWpR+bmKfxeiRuSDlsMb70gE=
+golang.org/x/telemetry v0.0.0-20260508192327-42602be52be6 
h1:HjU6IWBiAgRIdAJ9/y1rwCn+UELEmwV+VsTLzj/W4sE=
+golang.org/x/telemetry v0.0.0-20260508192327-42602be52be6/go.mod 
h1:Eqhaxk/wZsWEH8CRxLwj6xzEJbz7k1EFGqx7nyCoabE=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod 
h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod 
h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
@@ -642,8 +642,8 @@ golang.org/x/text v0.13.0/go.mod 
h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
 golang.org/x/text v0.14.0/go.mod 
h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/text v0.15.0/go.mod 
h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/text v0.21.0/go.mod 
h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ=
-golang.org/x/text v0.37.0 h1:Cqjiwd9eSg8e0QAkyCaQTNHFIIzWtidPahFWR83rTrc=
-golang.org/x/text v0.37.0/go.mod 
h1:a5sjxXGs9hsn/AJVwuElvCAo9v8QYLzvavO5z2PiM38=
+golang.org/x/text v0.38.0 h1:sXmwo9DwP3OK9EZ7PqAdaooSGozfl/3a6/xJcbzPRhE=
+golang.org/x/text v0.38.0/go.mod 
h1:YXZt3QhHUKYT53r2lLKFIVi6Ao1jdzrTR/KQ09qyxF4=
 golang.org/x/time v0.14.0 h1:MRx4UaLrDotUKUdCIqzPC48t1Y9hANFKIRpNx+Te8PI=
 golang.org/x/time v0.14.0/go.mod 
h1:eL/Oa2bBBK0TkX57Fyni+NgnyQQN4LitPmob2Hjnqw4=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod 
h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
@@ -657,8 +657,8 @@ golang.org/x/tools v0.1.12/go.mod 
h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc
 golang.org/x/tools v0.6.0/go.mod 
h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
 golang.org/x/tools v0.13.0/go.mod 
h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58=
 golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod 
h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk=
-golang.org/x/tools v0.44.0 h1:UP4ajHPIcuMjT1GqzDWRlalUEoY+uzoZKnhOjbIPD2c=
-golang.org/x/tools v0.44.0/go.mod 
h1:KA0AfVErSdxRZIsOVipbv3rQhVXTnlU6UhKxHd1seDI=
+golang.org/x/tools v0.45.0 h1:18qN3FAooORvApf5XjCXgsuayZOEtXf6JK18I3+ONa8=
+golang.org/x/tools v0.45.0/go.mod 
h1:LuUGqqaXcXMEFEruIVJVm5mgDD8vww/z/SR1gQ4uE/0=
 golang.org/x/tools/go/expect v0.1.1-deprecated 
h1:jpBZDwmgPhXsKZC6WhL20P4b/wmnpsEAGHaNy0n/rJM=
 golang.org/x/tools/go/expect v0.1.1-deprecated/go.mod 
h1:eihoPOH+FgIqa3FpoTwguz/bVUSGBlGQU67vpBeOrBY=
 golang.org/x/tools/go/packages/packagestest v0.1.1-deprecated 
h1:1h2MnaIAIXISqTFKdENegdpAgUXz6NrPEsbIeWaBRvM=



++++++ vendor-6.6.3.tar.xz ++++++
/work/SRC/openSUSE:Factory/keybase-client/vendor-6.6.3.tar.xz 
/work/SRC/openSUSE:Factory/.keybase-client.new.11887/vendor-6.6.3.tar.xz 
differ: char 15, line 1

Reply via email to