bump golang.org/x/crypto to v0.53.0 to fix CVE-2026-39829, CVE-2026-39830, CVE-2026-39832

Switch Source0 to consume tarball from the internal GitLab
sustaining-engineering repo instead of GitHub.

Resolves: RHEL-185910 RHEL-186260 RHEL-188708
Signed-off-by: Jindrich Novy <jnovy@redhat.com>
This commit is contained in:
Jindrich Novy 2026-07-01 12:29:14 +02:00
parent 065c93fd13
commit 780fdb6933
2 changed files with 9 additions and 12 deletions

View File

@ -12,23 +12,19 @@ go build -buildmode pie -compiler gc -tags="rpm_crashtraceback libtrust_openssl
%global import_path github.com/containers/buildah
%global branch release-1.33
%global commit0 a7f817901d3bfe517394ada98ac240c7e5bcdaf1
%global commit0 2cbee78beb097a58bb86868e050e642619a146ca
%global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
Epoch: 2
Name: buildah
Version: 1.33.14
Release: 3%{?dist}
Release: 4%{?dist}
Summary: A command line tool used for creating OCI Images
License: ASL 2.0
URL: https://%{name}.io
# https://fedoraproject.org/wiki/PackagingDrafts/Go#Go_Language_Architectures
ExclusiveArch: %{go_arches}
%if 0%{?branch:1}
Source0: https://%{import_path}/tarball/%{commit0}/%{branch}-%{shortcommit0}.tar.gz
%else
Source0: https://%{import_path}/archive/%{commit0}/%{name}-%{version}-%{shortcommit0}.tar.gz
%endif
Source0: https://gitlab.cee.redhat.com/sustaining-engineering/container-tools/src-git/%{name}/-/archive/%{commit0}/%{branch}-%{shortcommit0}.tar.gz
BuildRequires: golang >= 1.17.7
BuildRequires: git
BuildRequires: glib2-devel
@ -76,11 +72,7 @@ Requires: nmap-ncat
This package contains system tests for %{name}
%prep
%if 0%{?branch:1}
%autosetup -Sgit -n containers-%{name}-%{shortcommit0}
%else
%autosetup -Sgit -n %{name}-%{commit0}
%endif
sed -i 's/GOMD2MAN =/GOMD2MAN ?=/' docs/Makefile
sed -i '/docs install/d' Makefile
@ -136,6 +128,11 @@ make DESTDIR=%{buildroot} PREFIX=%{_prefix} -C docs install
%{_datadir}/%{name}/test
%changelog
* Wed Jul 01 2026 Jindrich Novy <jnovy@redhat.com> - 2:1.33.14-4
- switch source URL from GitHub to the internal GitLab sustaining-engineering repo
- update to the latest content of release-1.33 (commit 2cbee78)
- bump golang.org/x/crypto to v0.53.0 to fix CVE-2026-39829, CVE-2026-39830, CVE-2026-39832
* Tue Feb 17 2026 Jindrich Novy <jnovy@redhat.com> - 2:1.33.14-3
- rebuild for CVE-2025-68121
- Resolves: RHEL-149262

View File

@ -1 +1 @@
SHA512 (release-1.33-a7f8179.tar.gz) = 49f599aefea7dea489ee4d0eecb51374f88bb57054be9f55321f44e48544f7541a57569426e96d4682b055493e6e48f3295c6c3f7006d6be9de80d23bab0d533
SHA512 (release-1.33-2cbee78.tar.gz) = 9e24baacd67cc1358fea08ca7b36fb672e875cb6b3ffb798e2b1e9b3c00b7fe3735bfdec3ed2770eb83923748d81bb728b5c537034234acb1130d0f60311e891