From 780fdb69339d51f3ea0e7ee67a286149c39dc041 Mon Sep 17 00:00:00 2001 From: Jindrich Novy Date: Wed, 1 Jul 2026 12:29:14 +0200 Subject: [PATCH] bump golang.org/x/crypto to v0.53.0 to fix CVE-2026-39829, CVE-2026-39830, CVE-2026-39832 Switch Source0 to consume tarball from the internal GitLab sustaining-engineering repo instead of GitHub. Resolves: RHEL-185910 RHEL-186260 RHEL-188708 Signed-off-by: Jindrich Novy --- buildah.spec | 19 ++++++++----------- sources | 2 +- 2 files changed, 9 insertions(+), 12 deletions(-) diff --git a/buildah.spec b/buildah.spec index e3232b6..e9aa3e5 100644 --- a/buildah.spec +++ b/buildah.spec @@ -12,23 +12,19 @@ go build -buildmode pie -compiler gc -tags="rpm_crashtraceback libtrust_openssl %global import_path github.com/containers/buildah %global branch release-1.33 -%global commit0 a7f817901d3bfe517394ada98ac240c7e5bcdaf1 +%global commit0 2cbee78beb097a58bb86868e050e642619a146ca %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) Epoch: 2 Name: buildah Version: 1.33.14 -Release: 3%{?dist} +Release: 4%{?dist} Summary: A command line tool used for creating OCI Images License: ASL 2.0 URL: https://%{name}.io # https://fedoraproject.org/wiki/PackagingDrafts/Go#Go_Language_Architectures ExclusiveArch: %{go_arches} -%if 0%{?branch:1} -Source0: https://%{import_path}/tarball/%{commit0}/%{branch}-%{shortcommit0}.tar.gz -%else -Source0: https://%{import_path}/archive/%{commit0}/%{name}-%{version}-%{shortcommit0}.tar.gz -%endif +Source0: https://gitlab.cee.redhat.com/sustaining-engineering/container-tools/src-git/%{name}/-/archive/%{commit0}/%{branch}-%{shortcommit0}.tar.gz BuildRequires: golang >= 1.17.7 BuildRequires: git BuildRequires: glib2-devel @@ -76,11 +72,7 @@ Requires: nmap-ncat This package contains system tests for %{name} %prep -%if 0%{?branch:1} -%autosetup -Sgit -n containers-%{name}-%{shortcommit0} -%else %autosetup -Sgit -n %{name}-%{commit0} -%endif sed -i 's/GOMD2MAN =/GOMD2MAN ?=/' docs/Makefile sed -i '/docs install/d' Makefile @@ -136,6 +128,11 @@ make DESTDIR=%{buildroot} PREFIX=%{_prefix} -C docs install %{_datadir}/%{name}/test %changelog +* Wed Jul 01 2026 Jindrich Novy - 2:1.33.14-4 +- switch source URL from GitHub to the internal GitLab sustaining-engineering repo +- update to the latest content of release-1.33 (commit 2cbee78) +- bump golang.org/x/crypto to v0.53.0 to fix CVE-2026-39829, CVE-2026-39830, CVE-2026-39832 + * Tue Feb 17 2026 Jindrich Novy - 2:1.33.14-3 - rebuild for CVE-2025-68121 - Resolves: RHEL-149262 diff --git a/sources b/sources index 5d4d2c0..19576eb 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (release-1.33-a7f8179.tar.gz) = 49f599aefea7dea489ee4d0eecb51374f88bb57054be9f55321f44e48544f7541a57569426e96d4682b055493e6e48f3295c6c3f7006d6be9de80d23bab0d533 +SHA512 (release-1.33-2cbee78.tar.gz) = 9e24baacd67cc1358fea08ca7b36fb672e875cb6b3ffb798e2b1e9b3c00b7fe3735bfdec3ed2770eb83923748d81bb728b5c537034234acb1130d0f60311e891