From bf87581cada362329d8dcba8df1f62a72fd14ce35fe6789d7227b062ae0a2f76 Mon Sep 17 00:00:00 2001
From: Jordi Massaguer <jmassaguerpla@suse.com>
Date: Wed, 19 Dec 2018 17:02:47 +0000
Subject: [PATCH] Accepting request 660059 from
 home:clee:branches:devel:CaaSP:Head:ControllerNode

- Updated to a supported version of Go (due to security reasons)
  * bsc#1118897 CVE-2018-16873
    go#29230 cmd/go: remote command execution during "go get -u"
  * bsc#1118898 CVE-2018-16874
    go#29231 cmd/go: directory traversal in "go get" via curly braces in import paths
  * bsc#1118899 CVE-2018-16875
    go#29233 crypto/x509: CPU denial of service

OBS-URL: https://build.opensuse.org/request/show/660059
OBS-URL: https://build.opensuse.org/package/show/devel:CaaSP:Head:ControllerNode/etcd?expand=0&rev=13
---
 etcd.changes | 10 ++++++++++
 etcd.spec    |  2 ++
 2 files changed, 12 insertions(+)

diff --git a/etcd.changes b/etcd.changes
index 83161c0..bb071c0 100644
--- a/etcd.changes
+++ b/etcd.changes
@@ -1,4 +1,14 @@
 -------------------------------------------------------------------
+Wed Dec 19 01:28:24 UTC 2018 - clee@suse.com
+
+- Updated to a supported version of Go (due to security reasons)
+  * bsc#1118897 CVE-2018-16873
+    go#29230 cmd/go: remote command execution during "go get -u"
+  * bsc#1118898 CVE-2018-16874
+    go#29231 cmd/go: directory traversal in "go get" via curly braces in import paths
+  * bsc#1118899 CVE-2018-16875
+    go#29233 crypto/x509: CPU denial of service
+-------------------------------------------------------------------
 Wed Dec 12 12:43:23 UTC 2018 - alvaro.saurin@suse.com
 
 - Updated to a supported version of Go (due to security reasons)
diff --git a/etcd.spec b/etcd.spec
index 8e8b66b..1f85fff 100644
--- a/etcd.spec
+++ b/etcd.spec
@@ -38,6 +38,8 @@ BuildRequires:  shadow
 BuildRequires:  systemd-rpm-macros
 BuildRequires:  xz
 BuildRequires:  golang(API) = 1.11
+# go1.11.3 contains sec. fixes bsc#1118897(CVE-2018-16873) bsc#1118897(CVE-2018-16873) bsc#1118899(CVE-2018-16875)
+BuildRequires:  go1.11 >= 1.11.3
 ExcludeArch:    %ix86
 Requires(post): %fillup_prereq
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build