head	1.1;
access;
symbols
	pkgsrc-2026Q1:1.1.0.20
	pkgsrc-2026Q1-base:1.1
	pkgsrc-2025Q4:1.1.0.18
	pkgsrc-2025Q4-base:1.1
	pkgsrc-2025Q3:1.1.0.16
	pkgsrc-2025Q3-base:1.1
	pkgsrc-2025Q2:1.1.0.14
	pkgsrc-2025Q2-base:1.1
	pkgsrc-2025Q1:1.1.0.12
	pkgsrc-2025Q1-base:1.1
	pkgsrc-2024Q4:1.1.0.10
	pkgsrc-2024Q4-base:1.1
	pkgsrc-2024Q3:1.1.0.8
	pkgsrc-2024Q3-base:1.1
	pkgsrc-2024Q2:1.1.0.6
	pkgsrc-2024Q2-base:1.1
	pkgsrc-2024Q1:1.1.0.4
	pkgsrc-2024Q1-base:1.1
	pkgsrc-2023Q4:1.1.0.2
	pkgsrc-2023Q4-base:1.1;
locks; strict;
comment	@# @;


1.1
date	2023.12.24.12.36.18;	author bsiegert;	state Exp;
branches;
next	;
commitid	y54BZKBrIzpAsIRE;


desc
@@


1.1
log
@packer: update to 1.9.5 and add security fix

This is the last version before the change to a non-free license.

This fixes the following vulnerability:

Vulnerability #1: GO-2023-2402
    Man-in-the-middle attacker can compromise integrity of secure channel in
    golang.org/x/crypto
  More info: https://pkg.go.dev/vuln/GO-2023-2402
  Module: golang.org/x/crypto
    Found in: golang.org/x/crypto@@v0.0.0-20220622213112-05595931fe9d
    Fixed in: golang.org/x/crypto@@v0.17.0

1.9.3

core/docs: Clarify the expected usage of the packer init command for HCL2
template builds.
core/hcp: Add support for project-level service principals. A user connecting
with a project level service principals must provide a valid HCP_PROJECT_ID
in order to connect.
core: A new Docker image packer:release-full has been added for all
supported architectures. The release-full image includes Packer and all the
official plugins pre-installed in its environment.
core: Add enhanced support to Packer telemetry for bundle plugins usage.

1.9.4

Bug fix: When invoking Packer with the CHECKPOINT_DISABLE environment variable
the telemetry reporter is left uninitialized in order to disable telemetry
reporting.  Any method calls on the nil reporter is expected to check if the
reporter is active or in NOOP mode. The SetBundledUsage function, introduced in
Packer 1.9.2, failed to perform a nil check before attempting to modify an
attribute, causing Packer to fail when telemetry is disabled. This release
fixes this issue by introducing such a check.

1.9.5

Bump github.com/go-jose/go-jose/v3 to address GO-2023-2334.
Add VirtualBox as known plugin prefix to prevent endless bundled plugin
warning.
@
text
@$NetBSD$

Update /x/crypto version to fix a vulnerability

--- go.mod.orig	2023-12-24 10:07:54.035147303 +0000
+++ go.mod
@@@@ -45,14 +45,14 @@@@ require (
 	github.com/ulikunitz/xz v0.5.10
 	github.com/zclconf/go-cty v1.10.0
 	github.com/zclconf/go-cty-yaml v1.0.1
-	golang.org/x/crypto v0.14.0 // indirect
+	golang.org/x/crypto v0.17.0 // indirect
 	golang.org/x/mod v0.8.0
 	golang.org/x/net v0.17.0
 	golang.org/x/oauth2 v0.11.0
 	golang.org/x/sync v0.3.0
-	golang.org/x/sys v0.13.0 // indirect
-	golang.org/x/term v0.13.0 // indirect
-	golang.org/x/text v0.13.0 // indirect
+	golang.org/x/sys v0.15.0 // indirect
+	golang.org/x/term v0.15.0 // indirect
+	golang.org/x/text v0.14.0 // indirect
 	golang.org/x/tools v0.6.0
 	google.golang.org/api v0.128.0 // indirect
 	google.golang.org/grpc v1.59.0
@