From bc1247aa79a42cbed265ed7cab8590ca00c1a657842972a184aca0b16bae1532 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Adrian=20Schr=C3=B6ter?= <adrian@suse.de>
Date: Wed, 29 Jan 2025 15:50:13 +0100
Subject: [PATCH] Sync from SUSE:SLFO:1.1 kepler revision
 417598904c4bb87a977b81d7a001cd0f

---
 0003-Bump-x-net.patch | 63 +++++++++++++++++++++++++++++++++++++++++++
 kepler.changes        |  6 +++++
 kepler.spec           |  7 ++---
 vendor.tar.gz         |  4 +--
 4 files changed, 75 insertions(+), 5 deletions(-)
 create mode 100644 0003-Bump-x-net.patch

diff --git a/0003-Bump-x-net.patch b/0003-Bump-x-net.patch
new file mode 100644
index 0000000..4dde04f
--- /dev/null
+++ b/0003-Bump-x-net.patch
@@ -0,0 +1,63 @@
+diff --git a/go.mod b/go.mod
+index 2399a698..806ab848 100644
+--- a/go.mod
++++ b/go.mod
+@@ -18,7 +18,7 @@ require (
+ 	github.com/prometheus/client_golang v1.19.1
+ 	github.com/prometheus/prometheus v0.53.0
+ 	github.com/sirupsen/logrus v1.9.3
+-	golang.org/x/sys v0.22.0
++	golang.org/x/sys v0.29.0
+ 	gopkg.in/yaml.v3 v3.0.1
+ 	k8s.io/api v0.29.6
+ 	k8s.io/apimachinery v0.29.6
+@@ -69,10 +69,10 @@ require (
+ 	github.com/spf13/pflag v1.0.5 // indirect
+ 	github.com/stretchr/testify v1.9.0 // indirect
+ 	golang.org/x/exp v0.0.0-20240119083558-1b970713d09a // indirect
+-	golang.org/x/net v0.26.0 // indirect
++	golang.org/x/net v0.34.0 // indirect
+ 	golang.org/x/oauth2 v0.21.0 // indirect
+-	golang.org/x/term v0.21.0 // indirect
+-	golang.org/x/text v0.16.0 // indirect
++	golang.org/x/term v0.28.0 // indirect
++	golang.org/x/text v0.21.0 // indirect
+ 	golang.org/x/time v0.5.0 // indirect
+ 	golang.org/x/tools v0.22.0 // indirect
+ 	google.golang.org/protobuf v1.34.1 // indirect
+diff --git a/go.sum b/go.sum
+index 0303e196..8764a739 100644
+--- a/go.sum
++++ b/go.sum
+@@ -157,8 +157,8 @@ golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn
+ golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+ golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+ golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
+-golang.org/x/net v0.26.0 h1:soB7SVo0PWrY4vPW/+ay0jKDNScG2X9wFeYlXIvJsOQ=
+-golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE=
++golang.org/x/net v0.34.0 h1:Mb7Mrk043xzHgnRM88suvJFwzVrRfHEHJEl5/71CKw0=
++golang.org/x/net v0.34.0/go.mod h1:di0qlW3YNM5oh6GqDGQr92MyTozJPmybPK4Ev/Gm31k=
+ golang.org/x/oauth2 v0.21.0 h1:tsimM75w1tF/uws5rbeHzIWxEqElMehnc+iW793zsZs=
+ golang.org/x/oauth2 v0.21.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
+ golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+@@ -170,14 +170,14 @@ golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7w
+ golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+ golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+ golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+-golang.org/x/sys v0.22.0 h1:RI27ohtqKCnwULzJLqkv897zojh5/DwS/ENaMzUOaWI=
+-golang.org/x/sys v0.22.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+-golang.org/x/term v0.21.0 h1:WVXCp+/EBEHOj53Rvu+7KiT/iElMrO8ACK16SMZ3jaA=
+-golang.org/x/term v0.21.0/go.mod h1:ooXLefLobQVslOqselCNF4SxFAaoS6KujMbsGzSDmX0=
++golang.org/x/sys v0.29.0 h1:TPYlXGxvx1MGTn2GiZDhnjPA9wZzZeGKHHmKhHYvgaU=
++golang.org/x/sys v0.29.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
++golang.org/x/term v0.28.0 h1:/Ts8HFuMR2E6IP/jlo7QVLZHggjKQbhu/7H0LJFr3Gg=
++golang.org/x/term v0.28.0/go.mod h1:Sw/lC2IAUZ92udQNf3WodGtn4k/XoLyZoh8v/8uiwek=
+ golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+ golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+-golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4=
+-golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI=
++golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo=
++golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ=
+ golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk=
+ golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
+ golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
diff --git a/kepler.changes b/kepler.changes
index 3e59f04..6215ee5 100644
--- a/kepler.changes
+++ b/kepler.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Fri Jan 10 10:52:10 UTC 2025 - Witek Bedyk <witold.bedyk@suse.com>
+
+- Fix CVE-2024-45338 (bsc#1235311): Bump golang.org/x/net to 0.34.0
+  * Add file 0003-Bump-x-net.patch
+
 -------------------------------------------------------------------
 Tue Oct  8 10:55:24 UTC 2024 - Witek Bedyk <witold.bedyk@suse.com>
 
diff --git a/kepler.spec b/kepler.spec
index 25431a8..cb1ca09 100644
--- a/kepler.spec
+++ b/kepler.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package kepler
 #
-# Copyright (c) 2024 SUSE LLC
+# Copyright (c) 2025 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -20,20 +20,21 @@ Name:           kepler
 Version:        0.7.11
 Release:        0
 Summary:        Kubernetes-based Efficient Power Level Exporter
-License:        Apache-2.0 and (GPL-2.0-only or BSD-2-Clause) and GPL-2.0-only
+License:        Apache-2.0 AND (BSD-2-Clause OR GPL-2.0-only) AND GPL-2.0-only
 Group:          System/Monitoring
 URL:            https://github.com/sustainable-computing-io/kepler/
 Source0:        %{name}-%{version}.tar.gz
 Source1:        vendor.tar.gz
 Patch1:         0001-use-local-bpf2go.patch
 Patch2:         0002-change-data-path.patch
+Patch3:         0003-Bump-x-net.patch
 
 BuildRequires:  bpf2go
 BuildRequires:  clang
-BuildRequires:  golang(API) >= 1.21
 BuildRequires:  llvm
 BuildRequires:  llvm-devel
 BuildRequires:  zlib-devel
+BuildRequires:  golang(API) >= 1.21
 Recommends:     cpuid
 %{?systemd_ordering}
 
diff --git a/vendor.tar.gz b/vendor.tar.gz
index 7454a99..27cf26b 100644
--- a/vendor.tar.gz
+++ b/vendor.tar.gz
@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:f300bb4c6c7aa7f153143e8abc7728386aaef7df67051bb7d583c0a2fc600dd1
-size 8380464
+oid sha256:b7f180764144ec9e41c9ae591a887c8183c171623892052f962c2d2b9f1f83e3
+size 8783683