Hello community,
here is the log from the commit of package etcd for openSUSE:Factory checked in
at 2019-02-01 11:46:15
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/etcd (Old)
and /work/SRC/openSUSE:Factory/.etcd.new.28833 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "etcd"
Fri Feb 1 11:46:15 2019 rev:15 rq:670117 version:3.3.11
Changes:
--------
--- /work/SRC/openSUSE:Factory/etcd/etcd.changes 2018-12-28
12:33:57.732020378 +0100
+++ /work/SRC/openSUSE:Factory/.etcd.new.28833/etcd.changes 2019-02-01
11:46:23.780493888 +0100
@@ -1,0 +2,10 @@
+Wed Jan 30 11:58:15 UTC 2019 - Panagiotis Georgiadis pgeorgia...@suse.com
+
+- Update to version 3.3.11:
+ * version: 3.3.11
+ * auth: fix cherry-pick
+ * auth: disable CommonName auth for gRPC-gateway
+ * grpcproxy: fix memory leak
+ * bsc#1121850 CVE-2018-16886
+
+-------------------------------------------------------------------
Old:
----
etcd-3.3.10.tar.xz
New:
----
etcd-3.3.11.tar.xz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ etcd.spec ++++++
--- /var/tmp/diff_new_pack.jQxesF/_old 2019-02-01 11:46:25.984491624 +0100
+++ /var/tmp/diff_new_pack.jQxesF/_new 2019-02-01 11:46:25.984491624 +0100
@@ -22,7 +22,7 @@
%endif
Name: etcd
-Version: 3.3.10
+Version: 3.3.11
Release: 0
Summary: Highly-available key value store for configuration and service
discovery
License: Apache-2.0
++++++ _service ++++++
--- /var/tmp/diff_new_pack.jQxesF/_old 2019-02-01 11:46:26.008491600 +0100
+++ /var/tmp/diff_new_pack.jQxesF/_new 2019-02-01 11:46:26.008491600 +0100
@@ -4,8 +4,8 @@
<param name="url">https://github.com/coreos/etcd.git</param>
<param name="exclude">.git</param>
<param name="filename">etcd</param>
- <param name="versionformat">3.3.10</param>
- <param name="revision">v3.3.10</param>
+ <param name="versionformat">3.3.11</param>
+ <param name="revision">v3.3.11</param>
<param name="changesgenerate">enable</param>
</service>
<service name="recompress" mode="disabled">
++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.jQxesF/_old 2019-02-01 11:46:26.024491583 +0100
+++ /var/tmp/diff_new_pack.jQxesF/_new 2019-02-01 11:46:26.024491583 +0100
@@ -1,4 +1,4 @@
<servicedata>
<service name="tar_scm">
<param name="url">https://github.com/coreos/etcd.git</param>
- <param
name="changesrevision">27fc7e2296f506182f58ce846e48f36b34fe6842</param></service></servicedata>
\ No newline at end of file
+ <param
name="changesrevision">2cf9e51d2a78003b164c2998886158e60ded1cbb</param></service></servicedata>
\ No newline at end of file
++++++ etcd-3.3.10.tar.xz -> etcd-3.3.11.tar.xz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/etcd-3.3.10/.travis.yml new/etcd-3.3.11/.travis.yml
--- old/etcd-3.3.10/.travis.yml 2018-10-10 19:17:54.000000000 +0200
+++ new/etcd-3.3.11/.travis.yml 2019-01-11 20:12:25.000000000 +0100
@@ -6,7 +6,7 @@
services: docker
go:
-- 1.10.4
+- 1.10.7
notifications:
on_success: never
@@ -23,7 +23,7 @@
matrix:
fast_finish: true
allow_failures:
- - go: 1.10.4
+ - go: 1.10.7
env: TARGET=linux-386-unit
exclude:
- go: tip
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/etcd-3.3.10/auth/store.go
new/etcd-3.3.11/auth/store.go
--- old/etcd-3.3.10/auth/store.go 2018-10-10 19:17:54.000000000 +0200
+++ new/etcd-3.3.11/auth/store.go 2019-01-11 20:12:25.000000000 +0100
@@ -982,10 +982,23 @@
cn := chain.Subject.CommonName
plog.Debugf("found common name %s", cn)
- return &AuthInfo{
+ ai := &AuthInfo{
Username: cn,
Revision: as.Revision(),
}
+ md, ok := metadata.FromIncomingContext(ctx)
+ if !ok {
+ return nil
+ }
+
+ // gRPC-gateway proxy request to etcd server includes
Grpcgateway-Accept
+ // header. The proxy uses etcd client server
certificate. If the certificate
+ // has a CommonName we should never use this for
authentication.
+ if gw := md["grpcgateway-accept"]; len(gw) > 0 {
+ plog.Warningf("ignoring common name in
gRPC-gateway proxy request %s", ai.Username)
+ return nil
+ }
+ return ai
}
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/etcd-3.3.10/proxy/grpcproxy/cache/store.go
new/etcd-3.3.11/proxy/grpcproxy/cache/store.go
--- old/etcd-3.3.10/proxy/grpcproxy/cache/store.go 2018-10-10
19:17:54.000000000 +0200
+++ new/etcd-3.3.11/proxy/grpcproxy/cache/store.go 2019-01-11
20:12:25.000000000 +0100
@@ -99,9 +99,12 @@
iv = c.cachedRanges.Find(ivl)
if iv == nil {
- c.cachedRanges.Insert(ivl, []string{key})
+ val := map[string]struct{}{key: {}}
+ c.cachedRanges.Insert(ivl, val)
} else {
- iv.Val = append(iv.Val.([]string), key)
+ val := iv.Val.(map[string]struct{})
+ val[key] = struct{}{}
+ iv.Val = val
}
}
@@ -141,8 +144,8 @@
ivs = c.cachedRanges.Stab(ivl)
for _, iv := range ivs {
- keys := iv.Val.([]string)
- for _, key := range keys {
+ keys := iv.Val.(map[string]struct{})
+ for key := range keys {
c.lru.Remove(key)
}
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/etcd-3.3.10/version/version.go
new/etcd-3.3.11/version/version.go
--- old/etcd-3.3.10/version/version.go 2018-10-10 19:17:54.000000000 +0200
+++ new/etcd-3.3.11/version/version.go 2019-01-11 20:12:25.000000000 +0100
@@ -26,7 +26,7 @@
var (
// MinClusterVersion is the min cluster version this etcd binary is
compatible with.
MinClusterVersion = "3.0.0"
- Version = "3.3.10"
+ Version = "3.3.11"
APIVersion = "unknown"
// Git SHA Value will be set during build
