Package Release Info

cheat-4.4.2-bp157.2.3.1

Update Info: openSUSE-2025-482
Available in Package Hub : 15 SP7 Update

platforms

AArch64
ppc64le
s390x
x86-64

subpackages

cheat

Change Logs

* Thu Nov 27 2025 Witek Bedyk <witold.bedyk@suse.com>

- Security:
  * CVE-2025-47913: Fix client process termination (bsc#1253593)
  * CVE-2025-58181: Fix potential unbounded memory consumption
    (bsc#1253922)
  * CVE-2025-47914: Fix panic due to an out of bounds read
    (bsc#1254051)
  * Replace golang.org/x/crypto=golang.org/x/crypto@v0.45.0
  * Replace golang.org/x/net=golang.org/x/net@v0.47.0
  * Replace golang.org/x/sys=golang.org/x/sys@v0.38.0

* Fri Aug 22 2025 Jeff Kowalczyk <jkowalczyk@suse.com>

- Packaging improvements:
  * Drop Requires: golang-packaging. The recommended Go toolchain
    dependency expression is BuildRequires: golang(API) >= 1.x or
    optionally the metapackage BuildRequires: go
  * Use BuildRequires: golang(API) >= 1.19 matching go.mod
  * Build PIE with pattern that may become recommended procedure:
    %%ifnarch ppc64 GOFLAGS="-buildmode=pie" %%endif go build
    A go toolchain buildmode default config would be preferable
    but none exist at this time.
  * Drop mod=vendor, go1.14+ will detect vendor dir and auto-enable
  * Remove go build -o output binary location and name. Default
    binary has the same name as package of func main() and is
    placed in the top level of the build directory.
  * Add basic %check to execute binary --help

* Thu Aug 21 2025 Jeff Kowalczyk <jkowalczyk@suse.com>

- Packaging improvements:
  * Service go_modules replace dependencies with CVEs
  * Replace github.com/cloudflare/circl=github.com/cloudflare/circl@v1.6.1
    Fix GO-2025-3754 GHSA-2x5j-vhc8-9cwm
  * Replace golang.org/x/net=golang.org/x/net@v0.36.0
    Fixes GO-2025-3503 CVE-2025-22870
  * Replace golang.org/x/crypto=golang.org/x/crypto@v0.35.0
    Fixes GO-2023-2402 CVE-2023-48795 GHSA-45x7-px36-x8w8
    Fixes GO-2025-3487 CVE-2025-22869
  * Replace github.com/go-git/go-git/v5=github.com/go-git/go-git/v5@v5.13.0
    Fixes GO-2025-3367 CVE-2025-21614 GHSA-r9px-m959-cxf4
    Fixes GO-2025-3368 CVE-2025-21613 GHSA-v725-9546-7q7m
  * Service tar_scm set mode manual from disabled
  * Service tar_scm create archive from git so we can exclude
    vendor directory upstream committed to git. Committed vendor
    directory contents have build issues even after go mod tidy.
  * Service tar_scm exclude dir vendor
  * Service set_version set mode manual from disabled
  * Service set_version remove param basename not needed

* Thu Aug 21 2025 Michael Vetter <mvetter@suse.com>

- bsc#1247629 (CVE-2025-21613):
  * Use go-git 5.13.0 via replace in _service

Version: 4.4.2-bp157.1.7

Version: 4.4.2-bp156.3.3.1

* Sat Dec 16 2023 Michael Vetter <mvetter@suse.com>

- Update to 4.4.2:
  * Bump chroma to newest version
  * Remove plan9 support due to build failure
  * Upgrade to yaml.v3

* Wed Dec 13 2023 Michael Vetter <mvetter@suse.com>

- Update to 4.4.1:
  * Update dependencies
  * Make minor changes to appease revive (linter)

Version: 4.4.0-bp156.2.16

Version: 4.4.0-bp155.1.8

* Mon Jan 16 2023 Michael Vetter <mvetter@suse.com>

- Remove dependency on pandoc:
  Upsteam ships a man page. Lets assume they update it upon each
  release and take it without generating ourselves

* Fri Jan 13 2023 Michael Vetter <mvetter@suse.com>

- Only build manpage using pandoc when on x86_64.
  Pandoc seems to not be available on all archs.

* Tue Jan 10 2023 Michael Vetter <mvetter@suse.com>

- Initial package of cheat 4.4.0 for openSUSE