Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package kubectl-cnpg for openSUSE:Factory checked in at 2026-07-01 16:50:21 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/kubectl-cnpg (Old) and /work/SRC/openSUSE:Factory/.kubectl-cnpg.new.11887 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "kubectl-cnpg" Wed Jul 1 16:50:21 2026 rev:16 rq:1362878 version:1.29.2 Changes: -------- --- /work/SRC/openSUSE:Factory/kubectl-cnpg/kubectl-cnpg.changes 2026-05-12 19:31:43.655666582 +0200 +++ /work/SRC/openSUSE:Factory/.kubectl-cnpg.new.11887/kubectl-cnpg.changes 2026-07-01 16:50:28.209894211 +0200 @@ -1,0 +2,76 @@ +Wed Jul 01 06:48:30 UTC 2026 - Johannes Kastl <[email protected]> + +- Update to version 1.29.2: + * Important changes + - Updated the deprecation notice for native (in-tree) Barman + Cloud support to reflect that it will now be removed in + CloudNativePG 1.31.0, rather than 1.30.0. Users are still + encouraged to migrate to the Barman Cloud Plugin. (#11083) + - The cluster reference is now immutable on the Database, + Pooler, Publication, Subscription, and ScheduledBackup + resources. Pointing one of these objects at a different + cluster has no well-defined semantics and previously left the + controllers in an inconsistent state; the update is now + rejected at the API server via a CEL validation rule. + (#10743) + * Enhancements + - Enabled pg_upgrade in-place major upgrades to PostgreSQL 19 + or later for clusters that use Image Volume extensions, + building on the extension-path support added to pg_upgrade in + PostgreSQL 19. During the upgrade Job, the source- and + target-version extension images are mounted side by side, so + the old server keeps its libraries and a failed upgrade + reverts cleanly. (#10366) + - Added a label selector to the Cluster scale subresource + (status.selector), making a Cluster a valid targetRef for the + Vertical Pod Autoscaler (VPA) and Horizontal Pod Autoscaler + (HPA), which can now map a Cluster to its instance pods. + Contributed by @sebv004. (#8996) + - The operator now emits a Warning PrimaryStatusCheckFailed + event on the Cluster when the primary pod is Ready from the + kubelet perspective but the operator's /pg/status check fails + and failover is deferred, giving users visibility into the + deferral via kubectl describe cluster. (#10509) + - The operator now reloads a CNPG-i plugin automatically when + its pods are rolled: it watches the EndpointSlices backing + plugin Services and re-enqueues every cluster using the + plugin once the new pods become Ready, so an upgraded plugin + is picked up without waiting for the next resync. (#10836) + * Security and Supply Chain + - CVE-2026-55769 / GHSA-x8c2-3p4r-v9r6: search_path pinning on + operator-issued connections: a database owner could plant + overloaded built-in operators in the public schema and alter + the search_path so that operator introspection probes, + running as the cluster superuser, resolved those overloads + before pg_catalog, a CWE-426 privilege-escalation chain (same + class as CVE-2018-1058) that could lead to in-pod RCE via + COPY ... FROM PROGRAM. The operator now pins search_path = + pg_catalog, public, pg_temp on every pooled connection so it + ships in the startup message and takes precedence over + tenant-controlled defaults. (#10774, GHSA-x8c2-3p4r-v9r6) + - CVE-2026-55765 / GHSA-w3gf-xc94-wvmj: operator-side + SCRAM-SHA-256 password encoding: the operator now + SCRAM-SHA-256 encodes cleartext role passwords before issuing + CREATE/ALTER ROLE ... PASSWORD, so the literal PostgreSQL + parses (and that extensions such as pg_stat_statements or + pgaudit may capture) is the SCRAM verifier rather than the + cleartext secret. Pre-hashed (MD5 or SCRAM) values are + forwarded unchanged, and the per-Secret annotation + cnpg.io/passwordPassthrough: "enabled" opts out. (#10724, + GHSA-w3gf-xc94-wvmj) + * Changes + - Added support for Kubernetes 1.36. (#10900) + - Updated the default PostgreSQL version to 18.4. (#10719) + - Updated the Kubernetes versions used to test the operator on + public cloud providers. (#10720, #10563, #11033) + * Fixes - cnpg plugin: + - Fixed kubectl cnpg psql on Windows, where execution relied on + a Unix-only system call and failed with "not supported by + windows"; Windows now launches kubectl exec as a child + process. Contributed by @Utkarsh-sharma47. (#10972) + - Fixed an unbounded memory leak in kubectl cnpg logs -f on + busy clusters, where a per-log-group timer was never + released; timers are now reused across iterations. + Contributed by @Anand-240. (#10976) + +------------------------------------------------------------------- Old: ---- kubectl-cnpg-1.29.1.obscpio New: ---- kubectl-cnpg-1.29.2.obscpio ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ kubectl-cnpg.spec ++++++ --- /var/tmp/diff_new_pack.vEyvni/_old 2026-07-01 16:50:33.218067789 +0200 +++ /var/tmp/diff_new_pack.vEyvni/_new 2026-07-01 16:50:33.230068205 +0200 @@ -17,7 +17,7 @@ Name: kubectl-cnpg -Version: 1.29.1 +Version: 1.29.2 Release: 0 Summary: Manage PostgreSQL clusters built using CloudNativePG License: Apache-2.0 ++++++ _service ++++++ --- /var/tmp/diff_new_pack.vEyvni/_old 2026-07-01 16:50:33.550079296 +0200 +++ /var/tmp/diff_new_pack.vEyvni/_new 2026-07-01 16:50:33.594080821 +0200 @@ -1,9 +1,9 @@ <services> <service name="obs_scm" mode="manual"> - <param name="url">https://github.com/cloudnative-pg/cloudnative-pg</param> + <param name="url">https://github.com/cloudnative-pg/cloudnative-pg.git</param> <param name="scm">git</param> <param name="exclude">.git</param> - <param name="revision">v1.29.1</param> + <param name="revision">refs/tags/v1.29.2</param> <param name="versionformat">@PARENT_TAG@</param> <param name="versionrewrite-pattern">v(.*)</param> <param name="changesgenerate">enable</param> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.vEyvni/_old 2026-07-01 16:50:33.830089001 +0200 +++ /var/tmp/diff_new_pack.vEyvni/_new 2026-07-01 16:50:33.874090526 +0200 @@ -1,6 +1,8 @@ <servicedata> <service name="tar_scm"> <param name="url">https://github.com/cloudnative-pg/cloudnative-pg</param> - <param name="changesrevision">a4060c152630c9e8958e17d3d23f26b4eb30b69f</param></service></servicedata> + <param name="changesrevision">a4060c152630c9e8958e17d3d23f26b4eb30b69f</param></service><service name="tar_scm"> + <param name="url">https://github.com/cloudnative-pg/cloudnative-pg.git</param> + <param name="changesrevision">94ee3117858765c77d0dbfde381a037944a48a64</param></service></servicedata> (No newline at EOF) ++++++ kubectl-cnpg-1.29.1.obscpio -> kubectl-cnpg-1.29.2.obscpio ++++++ ++++ 64687 lines of diff (skipped) ++++++ kubectl-cnpg.obsinfo ++++++ --- /var/tmp/diff_new_pack.vEyvni/_old 2026-07-01 16:50:40.006303406 +0200 +++ /var/tmp/diff_new_pack.vEyvni/_new 2026-07-01 16:50:40.034304380 +0200 @@ -1,5 +1,5 @@ name: kubectl-cnpg -version: 1.29.1 -mtime: 1778250727 -commit: a4060c152630c9e8958e17d3d23f26b4eb30b69f +version: 1.29.2 +mtime: 1782749117 +commit: 94ee3117858765c77d0dbfde381a037944a48a64 ++++++ vendor.tar.gz ++++++ /work/SRC/openSUSE:Factory/kubectl-cnpg/vendor.tar.gz /work/SRC/openSUSE:Factory/.kubectl-cnpg.new.11887/vendor.tar.gz differ: char 31, line 1
