Accepting request 1244129 from devel:kubic

Bump flannel to v0.26.4, which includes `golang.org/x/net/http2` at v0.34.0, fixes bsc#1236522 (CVE-2023-45288) - add `go-modules` for automated creation of go vendored modules tarball - bump go version: `BuildRequires: golang(API) >= 1.23` - delete unused `kube-flannel.yaml` source in the spec file, it is directly soured from the flannel source tar ball OBS-URL: https://build.opensuse.org/request/show/1244129 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/flannel?expand=0&rev=25
2025-02-07 22:07:21 +00:00 · 2025-02-07 22:07:21 +00:00 · 0bd3582ca6
commit 0bd3582ca6
parent 27b8faf6d2 b0d3d278c9
9 changed files with 103 additions and 236 deletions
--- a/5
+++ b/5
@ -5,7 +5,7 @@
    <param name="exclude">.git</param>
    <param name="versionformat">@PARENT_TAG@</param>
    <param name="versionrewrite-pattern">v(.*)</param>
-    <param name="revision">v0.24.2</param>
+    <param name="revision">v0.26.4</param>
    <param name="changesgenerate">enable</param>
  </service>
  <service name="tar" mode="disabled"/>
@ -16,5 +16,8 @@
  <service name="set_version" mode="disabled">
    <param name="basename">flannel</param>
  </service>
+  <service name="go_modules" mode="disabled">
+    <param name="archive">flannel-0.26.4.tar.gz</param>
+  </service>
 </services>

--- a/2
+++ b/2
@ -1,4 +1,4 @@
 <servicedata>
 <service name="tar_scm">
                <param name="url">https://github.com/flannel-io/flannel.git</param>
-              <param name="changesrevision">3d56ed16e123a6fb06841ba920664b3ce4c99cda</param></service></servicedata>
+              <param name="changesrevision">c22fb8cdd05638fbc9095f05ecce5ea3a13e16c6</param></service></servicedata>
--- a/flannel-0.24.2.tar.gz
+++ b/flannel-0.24.2.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:320baa7e3a40c87cc1a000c33d2a2db52664ece2f6f676f6cedc91dfaad8105b
-size 2387361
--- a/flannel-0.26.4.tar.gz
+++ b/flannel-0.26.4.tar.gz
--- a/flannel.changes
+++ b/flannel.changes
@ -1,3 +1,91 @@
+-------------------------------------------------------------------
+Fri Feb  7 11:23:27 UTC 2025 - Priyanka Saggu <priyanka.saggu@suse.com>
+
+- add `go-modules` for automated creation of go vendored modules tarball
+
+- bump go version: `BuildRequires:  golang(API) >= 1.23`
+
+- delete unused `kube-flannel.yaml` source in the spec file, it is directly soured from the flannel source tar ball
+ 
+-------------------------------------------------------------------
+Fri Feb  7 11:16:55 UTC 2025 - Priyanka Saggu <priyanka.saggu@suse.com>
+
+- Update to version 0.26.4:
+  * Moved to github container registry
+  * Bump github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/vpc
+  * Bump go.etcd.io/etcd/tests/v3 from 3.5.17 to 3.5.18
+  * fix: Fix high CPU usage when losing etcd connection and try to re-establish connection with exponential backoff
+  * Bump github.com/containernetworking/plugins from 1.6.1 to 1.6.2
+  * Bump alpine from 20240923 to 20250108 in /images
+  * Bump golang.org/x/net from 0.31.0 to 0.33.0
+  * Bump github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/vpc
+  * Bump github.com/jonboulle/clockwork from 0.4.0 to 0.5.0
+  * feat: add bool to control CNI config installation using Helm
+  * fix: add missing MY_NODE_NAME env in chart
+  * Bump k8s deps to 0.29.12
+  * Don't panic upon shutdown when running in standalone mode
+  * Bump golang.org/x/crypto from 0.29.0 to 0.31.0
+  * Bump alpine from 20240807 to 20240923 in /images
+  * Bump github.com/containernetworking/plugins from 1.6.0 to 1.6.1
+  * Bump github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/vpc
+  * Bump github.com/vishvananda/netns from 0.0.4 to 0.0.5
+  * Use the standard context library
+  * Bump github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common
+  * Updated flannel cni image to 1.6.0
+  * Updated CNI plugins version on the README
+  * Bump sigs.k8s.io/knftables from 0.0.17 to 0.0.18
+  * Bump github.com/golang-jwt/jwt/v4 from 4.4.2 to 4.5.1
+  * Bump github.com/Microsoft/hcsshim from 0.12.8 to 0.12.9
+  * Added check to not check br_filter in case of windows
+  * Bumo golangci-lint to latest version
+  * Bump to go 1.23
+  * Added checks for br_netfilter module
+  * Try not to cleanup multiple peers behind same PublicIP
+  * fix trivy check
+  * check that the lease includes an IP address of the requested family before configuring the flannel interface
+  * Fixed IPv6 chosen in case of public-ipv6 configured
+  * add timeout to e2e test pipelines
+  * Update k8s version ine2e tests to v1.29.8
+  * Update netlink to v1.3.0
+  * Fixed values file on flannel chart
+  * Bump k8s.io/klog/v2 from 2.120.1 to 2.130.1
+  * Updated Flannel chart with Netpol containter and removed clustercidr
+  * Fix bug in hostgw-windows
+  * Fix bug in the logic polling the interface
+  * Added node-public-ip annotation
+  * Try several times to contact kube-api before failing
+  * Fixed IPv6 0 initialization
+  * wireguard backend: avoid error message if route already exists
+  * Bump github.com/avast/retry-go/v4 from 4.5.1 to 4.6.0
+  * use wait.PollUntilContextTimeout instead of deprecated wait.Poll
+  * troubleshooting.md: add `ethtool -K flannel.1 tx-checksum-ip-generic off` for NAT
+  * Added configuration for pulic-ip through node annotation
+  * extension/vxlan: remove arp commands from vxlan examples
+  * Refactor TrafficManager windows files to clarify logs
+  * Add persistent-mac option to v6 too
+  * fix comparison with previous networks in SetupAndEnsureMasqRules
+  * show content of stdout and stderr when running iptables-restore returns an error
+  * Add extra check before contacting kube-api
+  * remove unimplemented error in windows trafficmngr
+  * remove --dirty flags in git describe
+  * Added leaseAttr string method with logs on VxLan
+  * remove multiClusterCidr related-code.
+  * Implement nftables masquerading for flannel
+  * fix: ipv6 iptables rules were created even when IPv6 was disabled
+  * Add tolerations to the flannel chart
+  * Added additional check for n.spec.podCIDRs
+  * Remove net-tools since it's an old package that we are not using
+  * fix iptables_windows.go
+  * Clean-up Makefile and use docker buildx locally
+  * Use manual test to ensure iptables-* binaries are present
+  * Bump github.com/containerd/containerd from 1.6.23 to 1.6.26
+  * Bump github.com/joho/godotenv
+  * SubnetManager should use the main context
+  * Simplify TrafficManager interface
+  * refactor iptables package to prepare for nftables-based implementation
+
+- flannel v0.26.4, includes `golang.org/x/net/http2` at v0.34.0, which fixes bsc#1236522 (CVE-2023-45288) 
+
 -------------------------------------------------------------------
 Fri Apr 19 17:51:42 UTC 2024 - Jeff Mahoney <jeffm@suse.com>

--- a/flannel.obsinfo
+++ b/flannel.obsinfo
@ -1,4 +1,4 @@
 name: flannel
-version: 0.24.2
-mtime: 1705661246
-commit: 3d56ed16e123a6fb06841ba920664b3ce4c99cda
+version: 0.26.4
+mtime: 1738660448
+commit: c22fb8cdd05638fbc9095f05ecce5ea3a13e16c6
--- a/flannel.spec
+++ b/flannel.spec
@ -24,7 +24,7 @@
 %define flannel_container_path registry.opensuse.org/kubic/flannel

 Name:           flannel
-Version:        0.24.2
+Version:        0.26.4
 Release:        0
 Summary:        An etcd backed network fabric for containers
 License:        Apache-2.0
@ -32,11 +32,10 @@ Group:          System/Management
 Url:            https://github.com/flannel-io/flannel
 Source0:        flannel-%{version}.tar.gz
 Source1:        vendor.tar.gz
-Source2:        kube-flannel.yaml
 Requires:       iproute2
 Requires:       iptables
 BuildRequires:  golang-packaging
-BuildRequires:  golang(API) >= 1.20
+BuildRequires:  golang(API) >= 1.23
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 ExcludeArch:    s390
 %{go_nostrip}
--- a/kube-flannel.yaml
+++ b/kube-flannel.yaml
@ -1,223 +0,0 @@
---
-apiVersion: policy/v1beta1
-kind: PodSecurityPolicy
-metadata:
-  name: psp.flannel.unprivileged
-  annotations:
-    seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default
-    seccomp.security.alpha.kubernetes.io/defaultProfileName: docker/default
-    apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
-    apparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default
-spec:
-  privileged: false
-  volumes:
-  - configMap
-  - secret
-  - emptyDir
-  - hostPath
-  allowedHostPaths:
-  - pathPrefix: "/etc/cni/net.d"
-  - pathPrefix: "/etc/kube-flannel"
-  - pathPrefix: "/run/flannel"
-  readOnlyRootFilesystem: false
-  # Users and groups
-  runAsUser:
-    rule: RunAsAny
-  supplementalGroups:
-    rule: RunAsAny
-  fsGroup:
-    rule: RunAsAny
-  # Privilege Escalation
-  allowPrivilegeEscalation: false
-  defaultAllowPrivilegeEscalation: false
-  # Capabilities
-  allowedCapabilities: ['NET_ADMIN', 'NET_RAW']
-  defaultAddCapabilities: []
-  requiredDropCapabilities: []
-  # Host namespaces
-  hostPID: false
-  hostIPC: false
-  hostNetwork: true
-  hostPorts:
-  - min: 0
-    max: 65535
-  # SELinux
-  seLinux:
-    # SELinux is unused in CaaSP
-    rule: 'RunAsAny'
---
-kind: ClusterRole
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: flannel
-rules:
- apiGroups: ['extensions']
-  resources: ['podsecuritypolicies']
-  verbs: ['use']
-  resourceNames: ['psp.flannel.unprivileged']
- apiGroups:
-  - ""
-  resources:
-  - pods
-  verbs:
-  - get
- apiGroups:
-  - ""
-  resources:
-  - nodes
-  verbs:
-  - list
-  - watch
- apiGroups:
-  - ""
-  resources:
-  - nodes/status
-  verbs:
-  - patch
---
-kind: ClusterRoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: flannel
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: flannel
-subjects:
- kind: ServiceAccount
-  name: flannel
-  namespace: kube-system
---
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: flannel
-  namespace: kube-system
---
-kind: ConfigMap
-apiVersion: v1
-metadata:
-  name: kube-flannel-cfg
-  namespace: kube-system
-  labels:
-    tier: node
-    app: flannel
-data:
-  cni-conf.json: |
-    {
-      "name": "cbr0",
-      "cniVersion": "0.3.1",
-      "plugins": [
-        {
-          "type": "flannel",
-          "delegate": {
-            "hairpinMode": true,
-            "isDefaultGateway": true
-          }
-        },
-        {
-          "type": "portmap",
-          "capabilities": {
-            "portMappings": true
-          }
-        }
-      ]
-    }
-  net-conf.json: |
-    {
-      "Network": "10.244.0.0/16",
-      "Backend": {
-        "Type": "vxlan"
-      }
-    }
---
-apiVersion: apps/v1
-kind: DaemonSet
-metadata:
-  name: kube-flannel-ds
-  namespace: kube-system
-  labels:
-    tier: node
-    app: flannel
-spec:
-  selector:
-    matchLabels:
-      app: flannel
-  template:
-    metadata:
-      labels:
-        tier: node
-        app: flannel
-    spec:
-      affinity:
-        nodeAffinity:
-          requiredDuringSchedulingIgnoredDuringExecution:
-            nodeSelectorTerms:
-            - matchExpressions:
-              - key: kubernetes.io/os
-                operator: In
-                values:
-                - linux
-      hostNetwork: true
-      priorityClassName: system-node-critical
-      tolerations:
-      - operator: Exists
-        effect: NoSchedule
-      serviceAccountName: flannel
-      initContainers:
-      - name: install-cni
-        image: quay.io/coreos/flannel:v0.14.0
-        command:
-        - cp
-        args:
-        - -f
-        - /etc/kube-flannel/cni-conf.json
-        - /etc/cni/net.d/10-flannel.conflist
-        volumeMounts:
-        - name: cni
-          mountPath: /etc/cni/net.d
-        - name: flannel-cfg
-          mountPath: /etc/kube-flannel/
-      containers:
-      - name: kube-flannel
-        image: quay.io/coreos/flannel:v0.14.0
-        command:
-        - /opt/bin/flanneld
-        args:
-        - --ip-masq
-        - --kube-subnet-mgr
-        resources:
-          requests:
-            cpu: "100m"
-            memory: "50Mi"
-          limits:
-            cpu: "100m"
-            memory: "50Mi"
-        securityContext:
-          privileged: false
-          capabilities:
-            add: ["NET_ADMIN", "NET_RAW"]
-        env:
-        - name: POD_NAME
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.name
-        - name: POD_NAMESPACE
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.namespace
-        volumeMounts:
-        - name: run
-          mountPath: /run/flannel
-        - name: flannel-cfg
-          mountPath: /etc/kube-flannel/
-      volumes:
-      - name: run
-        hostPath:
-          path: /run/flannel
-      - name: cni
-        hostPath:
-          path: /etc/cni/net.d
-      - name: flannel-cfg
-        configMap:
-          name: kube-flannel-cfg
--- a/vendor.tar.gz
+++ b/vendor.tar.gz