bump golang.org/x/crypto to v0.53.0 to fix CVE-2026-39829, CVE-2026-39830, CVE-2026-39832
Switch Source0 to consume tarball from the internal GitLab sustaining-engineering repo instead of GitHub. Resolves: RHEL-185910 RHEL-186260 RHEL-188708 Signed-off-by: Jindrich Novy <jnovy@redhat.com>
This commit is contained in:
parent
065c93fd13
commit
780fdb6933
19
buildah.spec
19
buildah.spec
@ -12,23 +12,19 @@ go build -buildmode pie -compiler gc -tags="rpm_crashtraceback libtrust_openssl
|
||||
|
||||
%global import_path github.com/containers/buildah
|
||||
%global branch release-1.33
|
||||
%global commit0 a7f817901d3bfe517394ada98ac240c7e5bcdaf1
|
||||
%global commit0 2cbee78beb097a58bb86868e050e642619a146ca
|
||||
%global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
|
||||
|
||||
Epoch: 2
|
||||
Name: buildah
|
||||
Version: 1.33.14
|
||||
Release: 3%{?dist}
|
||||
Release: 4%{?dist}
|
||||
Summary: A command line tool used for creating OCI Images
|
||||
License: ASL 2.0
|
||||
URL: https://%{name}.io
|
||||
# https://fedoraproject.org/wiki/PackagingDrafts/Go#Go_Language_Architectures
|
||||
ExclusiveArch: %{go_arches}
|
||||
%if 0%{?branch:1}
|
||||
Source0: https://%{import_path}/tarball/%{commit0}/%{branch}-%{shortcommit0}.tar.gz
|
||||
%else
|
||||
Source0: https://%{import_path}/archive/%{commit0}/%{name}-%{version}-%{shortcommit0}.tar.gz
|
||||
%endif
|
||||
Source0: https://gitlab.cee.redhat.com/sustaining-engineering/container-tools/src-git/%{name}/-/archive/%{commit0}/%{branch}-%{shortcommit0}.tar.gz
|
||||
BuildRequires: golang >= 1.17.7
|
||||
BuildRequires: git
|
||||
BuildRequires: glib2-devel
|
||||
@ -76,11 +72,7 @@ Requires: nmap-ncat
|
||||
This package contains system tests for %{name}
|
||||
|
||||
%prep
|
||||
%if 0%{?branch:1}
|
||||
%autosetup -Sgit -n containers-%{name}-%{shortcommit0}
|
||||
%else
|
||||
%autosetup -Sgit -n %{name}-%{commit0}
|
||||
%endif
|
||||
sed -i 's/GOMD2MAN =/GOMD2MAN ?=/' docs/Makefile
|
||||
sed -i '/docs install/d' Makefile
|
||||
|
||||
@ -136,6 +128,11 @@ make DESTDIR=%{buildroot} PREFIX=%{_prefix} -C docs install
|
||||
%{_datadir}/%{name}/test
|
||||
|
||||
%changelog
|
||||
* Wed Jul 01 2026 Jindrich Novy <jnovy@redhat.com> - 2:1.33.14-4
|
||||
- switch source URL from GitHub to the internal GitLab sustaining-engineering repo
|
||||
- update to the latest content of release-1.33 (commit 2cbee78)
|
||||
- bump golang.org/x/crypto to v0.53.0 to fix CVE-2026-39829, CVE-2026-39830, CVE-2026-39832
|
||||
|
||||
* Tue Feb 17 2026 Jindrich Novy <jnovy@redhat.com> - 2:1.33.14-3
|
||||
- rebuild for CVE-2025-68121
|
||||
- Resolves: RHEL-149262
|
||||
|
||||
2
sources
2
sources
@ -1 +1 @@
|
||||
SHA512 (release-1.33-a7f8179.tar.gz) = 49f599aefea7dea489ee4d0eecb51374f88bb57054be9f55321f44e48544f7541a57569426e96d4682b055493e6e48f3295c6c3f7006d6be9de80d23bab0d533
|
||||
SHA512 (release-1.33-2cbee78.tar.gz) = 9e24baacd67cc1358fea08ca7b36fb672e875cb6b3ffb798e2b1e9b3c00b7fe3735bfdec3ed2770eb83923748d81bb728b5c537034234acb1130d0f60311e891
|
||||
|
||||
Loading…
Reference in New Issue
Block a user