Overview

File 0003-Switch-hashicorp-go-retryablehttp-to-the-SUSE-fork.patch of Package podman.37144

From dbc80bf70d230ae64d122577a0825f8377dbafc3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dan=20=C4=8Cerm=C3=A1k?= <dcermak@suse.com>
Date: Mon, 9 Dec 2024 13:47:24 +0100
Subject: [PATCH 3/5] Switch hashicorp/go-retryablehttp to the SUSE fork

The SUSE fork has the fix for CVE-2024-6104 backported to v0.7.5 and is a proper
go module. Thereby this fix can no longer get overwritten by an accidental
`make vendor-in-container`.

Signed-off-by: Danish Prakash <contact@danishpraka.sh>
---
 go.mod             | 3 +++
 go.sum             | 4 ++--
 vendor/modules.txt | 2 +-
 3 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index eef462a586d6..a83dfc2c4117 100644
--- a/go.mod
+++ b/go.mod
@@ -217,3 +217,6 @@ require (
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	tags.cncf.io/container-device-interface/specs-go v0.6.0 // indirect
 )
+
+// replaced with the HEAD commit of the suse-v0.7.5 branch at github.com/suse/go-retryablehttp
+replace github.com/hashicorp/go-retryablehttp v0.7.5 => github.com/suse/go-retryablehttp v0.0.0-20241209123412-5c0e967751af
diff --git a/go.sum b/go.sum
index 74b9a954c7c6..5c42cb7aee5a 100644
--- a/go.sum
+++ b/go.sum
@@ -646,8 +646,6 @@ github.com/hashicorp/go-multierror v0.0.0-20161216184304-ed905158d874/go.mod h1:
 github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk=
 github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo=
 github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM=
-github.com/hashicorp/go-retryablehttp v0.7.5 h1:bJj+Pj19UZMIweq/iie+1u5YCdGrnxCT9yvm0e+Nd5M=
-github.com/hashicorp/go-retryablehttp v0.7.5/go.mod h1:Jy/gPYAdjqffZ/yFGCFV2doI5wjtH1ewM9u8iYVjtX8=
 github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
 github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
 github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
@@ -1042,6 +1040,8 @@ github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o
 github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
 github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
 github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
+github.com/suse/go-retryablehttp v0.0.0-20241209123412-5c0e967751af h1:DY/ORvARYzbrRccGK9YHtH74BGo4rYKW+UsekETTs8Y=
+github.com/suse/go-retryablehttp v0.0.0-20241209123412-5c0e967751af/go.mod h1:Jy/gPYAdjqffZ/yFGCFV2doI5wjtH1ewM9u8iYVjtX8=
 github.com/sylabs/sif/v2 v2.15.0 h1:Nv0tzksFnoQiQ2eUwpAis9nVqEu4c3RcNSxX8P3Cecw=
 github.com/sylabs/sif/v2 v2.15.0/go.mod h1:X1H7eaPz6BAxA84POMESXoXfTqgAnLQkujyF/CQFWTc=
 github.com/syndtr/gocapability v0.0.0-20170704070218-db04d3cc01c8/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww=
diff --git a/vendor/modules.txt b/vendor/modules.txt
index 52048c4e0033..83e26f63767b 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -686,7 +686,7 @@ github.com/hashicorp/go-cleanhttp
 # github.com/hashicorp/go-multierror v1.1.1
 ## explicit; go 1.13
 github.com/hashicorp/go-multierror
-# github.com/hashicorp/go-retryablehttp v0.7.5
+# github.com/hashicorp/go-retryablehttp v0.7.5 => github.com/suse/go-retryablehttp v0.0.0-20241209123412-5c0e967751af
 ## explicit; go 1.13
 github.com/hashicorp/go-retryablehttp
 # github.com/hugelgupf/p9 v0.3.1-0.20230822151754-54f5c5530921
-- 
2.46.0
openSUSE Build Service is sponsored by
Places