|
1 | | -%global _default_patch_fuzz 2 |
2 | | - |
3 | 1 | Summary: A highly-available key value store for shared configuration |
4 | 2 | Name: etcd |
5 | | -Version: 3.5.9 |
6 | | -Release: 2%{?dist} |
| 3 | +Version: 3.5.12 |
| 4 | +Release: 1%{?dist} |
7 | 5 | License: ASL 2.0 |
8 | 6 | Vendor: Microsoft Corporation |
9 | 7 | Distribution: Mariner |
10 | 8 | Group: System Environment/Security |
11 | 9 | URL: https://github.com/etcd-io/etcd/ |
12 | 10 | Source0: https://github.com/etcd-io/etcd/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz |
13 | 11 | Source1: etcd.service |
14 | | -# Below is a manually created tarball, no download link. |
15 | 12 | # We're using vendored Go modules from this tarball, since network is disabled during build time. |
16 | | -# |
17 | | -# How to re-build this file: |
18 | | -# 1. either download etcd source tarball or git clone etcd repo from github and checkout relevant tag |
19 | | -# 2. execute 'go mod vendor' in 'server', 'etcdctl' and 'etcdutl' folders |
20 | | -# and create tarball containting 'vendor' folder for each |
21 | | -# (naming rule for tarball is 'vendor-[component].tar.gz', e.g.: 'vendor-server.tar.gz') |
22 | | -# 3. create 'vendor' tarballs for dump tools |
23 | | -# a. cd 'tools/etcd-dump-db' folder, create 'go.mod' file ('go mod init go.etcd.io/etcd/tools/etcd-dump-db/v3') |
24 | | -# b. populate 'go.mod' file ('go mod tidy') |
25 | | -# c. add replace rules in 'go.mod' making sure that each etcd dependency is taken locally, |
26 | | -# e.g. add the following (and remove them from require section): |
27 | | -# replace ( |
28 | | -# go.etcd.io/etcd/api/v3 v3.5.1 => ../../api |
29 | | -# go.etcd.io/etcd/server/v3 v3.5.1 => ../../server |
30 | | -# ) |
31 | | -# d. create vendor folder ('go mod vendor') |
32 | | -# e. create tarball containing 'vendor' folder and 'go.mod' and 'go.sum' files |
33 | | -# (same naming rules than described above) |
34 | | -# f. repeat above operations for 'etcd-dump-logs' folder |
35 | | -# 4. create 'etcd-%{version}-vendor.tar.gz' tarball containing all tarballs created above |
36 | | -# |
37 | | -# NOTES: |
38 | | -# - You require GNU tar version 1.28+. |
39 | | -# - The additional options enable generation of a tarball with the same hash every time regardless of the environment. |
40 | | -# See: https://reproducible-builds.org/docs/archives/ |
41 | | -# - You can use the following tar command to create the tarballs |
42 | | -# tar --sort=name --mtime="2021-11-10 00:00Z" \ |
43 | | -# --owner=0 --group=0 --numeric-owner \ |
44 | | -# --pax-option=exthdr.name=%d/PaxHeaders/%f,delete=atime,delete=ctime \ |
45 | | -# -cJf [tarball name] [folder to tar] |
| 13 | +# In order to regenerate this tarball, download the source tarball and run: |
| 14 | +# generate_source_tarball.sh --srcTarball <source_tarball> --pkgVersion %%{version} --outFolder . |
46 | 15 | Source2: %{name}-%{version}-vendor.tar.gz |
47 | | -BuildRequires: golang >= 1.16 |
| 16 | +BuildRequires: golang >= 1.20.13 |
48 | 17 |
|
49 | 18 | %description |
50 | 19 | A highly-available key value store for shared configuration and service discovery. |
@@ -145,6 +114,9 @@ install -vdm755 %{buildroot}%{_sharedstatedir}/etcd |
145 | 114 | /%{_docdir}/%{name}-%{version}-tools/* |
146 | 115 |
|
147 | 116 | %changelog |
| 117 | +* Wed Mar 20 2024 Pawel Winogrodzki <pawelwi@microsoft.com> - 3.5.12-1 |
| 118 | +- Upgrade to version 3.5.12 to patch CVE-2024-44487. |
| 119 | + |
148 | 120 | * Fri Feb 02 2024 CBL-Mariner Servicing Account <cblmargh@microsoft.com> - 3.5.9-2 |
149 | 121 | - Bump release to rebuild with go 1.21.6 |
150 | 122 |
|
|
0 commit comments