Skip to content

Commit 1d8c94d

Browse files
CBL-Mariner-BotAkarshHCLKanishk-Bansal
authored
Merge PR "[AUTO-CHERRYPICK] [High] Upgrade etcd to 3.5.28 for CVE-2026-33413 and CVE-2026-33343 - branch main" #16375
Co-authored-by: AkarshHCL <v-akarshc@microsoft.com> Co-authored-by: Kanishk Bansal <103916909+Kanishk-Bansal@users.noreply.github.com>
1 parent 44c15f6 commit 1d8c94d

File tree

3 files changed

+11
-8
lines changed

3 files changed

+11
-8
lines changed

SPECS/etcd/etcd.signatures.json

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
{
22
"Signatures": {
33
"etcd.service": "4550a4967ba35670051cbfd9b4edf1fc57c0f1d7a07e51f88351ac44c76d8066",
4-
"etcd-3.5.21.tar.gz": "76d7fcafe4fcc957fcd45671226b992c16e5f5e724935dea9df0190ac2b13481",
5-
"etcd-3.5.21-vendor.tar.gz": "b4c072080f0ca47c1d447b6547165b943206cb5cb71dbd35a9e68079fdeac5a7"
4+
"etcd-3.5.28.tar.gz": "c1e873c174c44de5fb148024d3ad741cae11548b5b6d2ac36a003289e55024be",
5+
"etcd-3.5.28-vendor.tar.gz": "7decc96250a76e9807d98834d35657d7f5ccdfd2f3d5e507d8e97bddc05cc79c"
66
}
77
}

SPECS/etcd/etcd.spec

Lines changed: 7 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
Summary: A highly-available key value store for shared configuration
22
Name: etcd
3-
Version: 3.5.21
4-
Release: 4%{?dist}
3+
Version: 3.5.28
4+
Release: 1%{?dist}
55
License: ASL 2.0
66
Vendor: Microsoft Corporation
77
Distribution: Mariner
@@ -14,7 +14,7 @@ Source1: etcd.service
1414
# generate_source_tarball.sh --srcTarball <source_tarball> --pkgVersion %%{version} --outFolder .
1515
Source2: %{name}-%{version}-vendor.tar.gz
1616

17-
BuildRequires: msft-golang
17+
BuildRequires: msft-golang > 1.25
1818

1919
%description
2020
A highly-available key value store for shared configuration and service discovery.
@@ -115,6 +115,9 @@ install -vdm755 %{buildroot}%{_sharedstatedir}/etcd
115115
/%{_docdir}/%{name}-%{version}-tools/*
116116

117117
%changelog
118+
* Fri Mar 27 2026 Akarsh Chaudhary <v-akarshc@microsoft.com> - 3.5.28-1
119+
- Upgrade to version 3.5.28 (fixes CVE-2026-33413 and CVE-2026-33343).
120+
118121
* Tue Oct 14 2025 Kanishk Bansal <kanbansal@microsoft.com> - 3.5.21-4
119122
- Bump to build with latest golang 1.24.9
120123

@@ -149,7 +152,7 @@ install -vdm755 %{buildroot}%{_sharedstatedir}/etcd
149152
* Fri Feb 02 2024 CBL-Mariner Servicing Account <cblmargh@microsoft.com> - 3.5.9-2
150153
- Bump release to rebuild with go 1.21.6
151154

152-
* Tue Oct 18 2023 Nicolas Guibourge <nicolasg@microsoft.com> - 3.5.9-1
155+
* Wed Oct 18 2023 Nicolas Guibourge <nicolasg@microsoft.com> - 3.5.9-1
153156
- Upgrade to 3.5.9 to match version required by kubernetes
154157

155158
* Mon Oct 16 2023 CBL-Mariner Servicing Account <cblmargh@microsoft.com> - 3.5.6-12

cgmanifest.json

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -3348,8 +3348,8 @@
33483348
"type": "other",
33493349
"other": {
33503350
"name": "etcd",
3351-
"version": "3.5.21",
3352-
"downloadUrl": "https://github.com/etcd-io/etcd/archive/v3.5.21.tar.gz"
3351+
"version": "3.5.28",
3352+
"downloadUrl": "https://github.com/etcd-io/etcd/archive/v3.5.28.tar.gz"
33533353
}
33543354
}
33553355
},

0 commit comments

Comments
 (0)