Bug 1200725

Summary: golang-github-prometheus-alertmanager: rpm includes sources
Product: [openSUSE] openSUSE Distribution Reporter: Martin Schröder <martin>
Component: OtherAssignee: Witek Bedyk <witold.bedyk>
Status: RESOLVED FIXED QA Contact: E-mail List <qa-bugs>
Severity: Normal    
Priority: P5 - None    
Version: Leap 15.3   
Target Milestone: ---   
Hardware: M68K   
OS: OS/2   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Martin Schröder 2022-06-20 18:15:02 UTC 
Similar to Bug 1151558, the rpms for golang-github-prometheus-alertmanager also install the sources.

> rpm -qi golang-github-prometheus-alertmanager
Name        : golang-github-prometheus-alertmanager
Version     : 0.23.0
Release     : 150100.4.7.1
Architecture: x86_64
Install Date: Mo 20 Jun 2022 20:09:01 CEST
Group       : Unspecified
Size        : 79254008
License     : Apache-2.0
Signature   : RSA/SHA256, Mi 11 Mai 2022 11:00:47 CEST, Key ID 70af9e8139db7c82
Source RPM  : golang-github-prometheus-alertmanager-0.23.0-150100.4.7.1.src.rpm
Build Date  : Mi 11 Mai 2022 10:58:15 CEST
Build Host  : sheep22
Relocations : (not relocatable)
Packager    : https://www.suse.com/
Vendor      : SUSE LLC <https://www.suse.com/>
URL         : https://prometheus.io/
Summary     : Prometheus Alertmanager

> du -sh /usr/share/go/1.17/contrib/src/github.com/prometheus/alertmanager
32M     /usr/share/go/1.17/contrib/src/github.com/prometheus/alertmanager

May I suggest to check the other golang-github packages for this bug?
Comment 1 Klaus Kämpf 2022-06-22 06:10:55 UTC 
Sorry I don't maintain this package any more.
I'm happy to file a drop request if noone else will pick it.
Comment 2 Witek Bedyk 2022-07-19 08:25:52 UTC 
Submission of the bugfix requested to development project:

https://build.opensuse.org/request/show/990089
Comment 4 Swamp Workflow Management 2022-10-26 13:28:46 UTC 
SUSE-RU-2022:3743-1: An update that has one recommended fix can now be installed.

Category: recommended (moderate)
Bug References: 1200725
CVE References: 
JIRA References: 
Sources used:
openSUSE Leap 15.4 (src):    golang-github-prometheus-alertmanager-0.23.0-150100.4.10.1
openSUSE Leap 15.3 (src):    golang-github-prometheus-alertmanager-0.23.0-150100.4.10.1
SUSE Manager Tools 15 (src):    golang-github-prometheus-alertmanager-0.23.0-150100.4.10.1
SUSE Linux Enterprise Module for SUSE Manager Proxy 4.3 (src):    golang-github-prometheus-alertmanager-0.23.0-150100.4.10.1
SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 (src):    golang-github-prometheus-alertmanager-0.23.0-150100.4.10.1
SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1 (src):    golang-github-prometheus-alertmanager-0.23.0-150100.4.10.1
SUSE Enterprise Storage 6 (src):    golang-github-prometheus-alertmanager-0.23.0-150100.4.10.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 5 Swamp Workflow Management 2022-10-26 14:07:09 UTC 
SUSE-SU-2022:3747-1: An update that solves three vulnerabilities, contains 6 features and has two fixes is now available.

Category: security (moderate)
Bug References: 1196338,1198903,1200725,1201535,1201539
CVE References: CVE-2022-21698,CVE-2022-31097,CVE-2022-31107
JIRA References: SLE-23422,SLE-23439,SLE-24243,SLE-24565,SLE-24791,SUMA-114
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    golang-github-prometheus-node_exporter-1.3.0-1.21.1
SUSE OpenStack Cloud 9 (src):    golang-github-prometheus-node_exporter-1.3.0-1.21.1
SUSE Manager Tools 12 (src):    golang-github-lusitaniae-apache_exporter-0.11.0-1.13.1, golang-github-prometheus-alertmanager-0.23.0-1.15.2, golang-github-prometheus-node_exporter-1.3.0-1.21.1, grafana-8.3.10-1.33.2, kiwi-desc-saltboot-0.1.1661440542.6cbe0da-1.29.1, mgr-daemon-4.3.6-1.38.1, spacecmd-4.3.15-38.109.1, spacewalk-client-tools-4.3.12-52.77.1, uyuni-common-libs-4.3.6-1.27.1
SUSE Linux Enterprise Server for SAP 12-SP4 (src):    golang-github-prometheus-node_exporter-1.3.0-1.21.1
SUSE Linux Enterprise Server 12-SP5 (src):    golang-github-prometheus-node_exporter-1.3.0-1.21.1
SUSE Linux Enterprise Server 12-SP4-LTSS (src):    golang-github-prometheus-node_exporter-1.3.0-1.21.1
SUSE Linux Enterprise Server 12-SP3-BCL (src):    golang-github-prometheus-node_exporter-1.3.0-1.21.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 6 Witek Bedyk 2023-05-19 08:18:54 UTC 
The package has been fixed in Tumbleweed.
Comment 8 Maintenance Automation 2024-01-23 20:30:44 UTC 
SUSE-SU-2024:0191-1: An update that solves 45 vulnerabilities, contains 17 features and has 30 security fixes can now be installed.

Category: security (moderate)
Bug References: 1047218, 1172110, 1188571, 1189520, 1191454, 1192154, 1192383, 1192696, 1192763, 1193492, 1193686, 1193688, 1194873, 1195726, 1195727, 1195728, 1196338, 1196652, 1197507, 1198903, 1199810, 1200480, 1200591, 1200725, 1201003, 1201059, 1201535, 1201539, 1203283, 1203596, 1203597, 1203599, 1204032, 1204089, 1204126, 1204302, 1204303, 1204304, 1204305, 1204501, 1205207, 1205225, 1205227, 1205759, 1207352, 1207749, 1207750, 1207830, 1208046, 1208049, 1208051, 1208060, 1208062, 1208064, 1208065, 1208270, 1208293, 1208298, 1208612, 1208692, 1208719, 1208819, 1208821, 1208965, 1209113, 1209645, 1210458, 1210907, 1211525, 1212099, 1212100, 1212279, 1212641, 1218843, 1218844
CVE References: CVE-2020-7753, CVE-2021-36222, CVE-2021-3711, CVE-2021-3807, CVE-2021-3918, CVE-2021-39226, CVE-2021-41174, CVE-2021-41244, CVE-2021-43138, CVE-2021-43798, CVE-2021-43813, CVE-2021-43815, CVE-2022-0155, CVE-2022-21673, CVE-2022-21698, CVE-2022-21702, CVE-2022-21703, CVE-2022-21713, CVE-2022-23552, CVE-2022-27191, CVE-2022-27664, CVE-2022-29170, CVE-2022-31097, CVE-2022-31107, CVE-2022-31123, CVE-2022-31130, CVE-2022-32149, CVE-2022-35957, CVE-2022-36062, CVE-2022-39201, CVE-2022-39229, CVE-2022-39306, CVE-2022-39307, CVE-2022-39324, CVE-2022-41715, CVE-2022-41723, CVE-2022-46146, CVE-2023-0507, CVE-2023-0594, CVE-2023-1387, CVE-2023-1410, CVE-2023-2183, CVE-2023-2801, CVE-2023-3128, CVE-2023-40577
Jira References: MSQA-718, PED-2145, PED-2617, PED-3576, PED-3578, PED-3694, PED-4556, PED-5405, PED-5406, PED-7353, SLE-23422, SLE-23439, SLE-24238, SLE-24239, SLE-24565, SLE-24791, SUMA-114
Sources used:
SUSE Manager Client Tools Beta for SLE 12 (src): rhnlib-5.0.1-24.30.3, spacecmd-5.0.1-41.42.3, grafana-9.5.8-4.21.2, prometheus-postgres_exporter-0.10.1-3.6.4, golang-github-prometheus-node_exporter-1.5.0-4.15.4, golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2, system-user-grafana-1.0.0-3.7.2, kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2, golang-github-prometheus-prometheus-2.45.0-4.33.3, supportutils-plugin-susemanager-client-5.0.1-9.15.2, uyuni-common-libs-5.0.1-3.33.3, prometheus-blackbox_exporter-0.24.0-3.6.3, golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4, golang-github-prometheus-alertmanager-0.26.0-4.12.4, system-user-prometheus-1.0.0-3.7.2, python-hwdata-2.3.5-15.12.2, golang-github-boynux-squid_exporter-1.6-4.9.2, supportutils-plugin-salt-1.2.2-9.9.2, golang-github-prometheus-promu-0.14.0-4.12.2, mgr-push-5.0.1-4.21.4

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.