From 91785bb12169472ed858bce31c2a7fded649949d99abfb1e39e893a3c02e2885 Mon Sep 17 00:00:00 2001 From: Jordi Massaguer Date: Wed, 19 Dec 2018 11:42:18 +0000 Subject: [PATCH 1/2] Accepting request 659822 from home:clee:branches:devel:CaaSP:Head:ControllerNode - Updated to a supported version of Go (due to security reasons) * bsc#1118897 CVE-2018-16873 go#29230 cmd/go: remote command execution during "go get -u" * bsc#1118898 CVE-2018-16874 go#29231 cmd/go: directory traversal in "go get" via curly braces in import paths * bsc#1118899 CVE-2018-16875 go#29233 crypto/x509: CPU denial of service OBS-URL: https://build.opensuse.org/request/show/659822 OBS-URL: https://build.opensuse.org/package/show/devel:CaaSP:Head:ControllerNode/flannel?expand=0&rev=12 --- flannel.changes | 11 +++++++++++ flannel.spec | 2 ++ 2 files changed, 13 insertions(+) diff --git a/flannel.changes b/flannel.changes index 185725d..21d5b78 100644 --- a/flannel.changes +++ b/flannel.changes @@ -1,3 +1,14 @@ +------------------------------------------------------------------- +Wed Dec 19 01:18:01 UTC 2018 - clee@suse.com + +- Updated to a supported version of Go (due to security reasons) + * bsc#1118897 CVE-2018-16873 + go#29230 cmd/go: remote command execution during "go get -u" + * bsc#1118898 CVE-2018-16874 + go#29231 cmd/go: directory traversal in "go get" via curly braces in import paths + * bsc#1118899 CVE-2018-16875 + go#29233 crypto/x509: CPU denial of service + ------------------------------------------------------------------- Wed Dec 12 12:43:24 UTC 2018 - alvaro.saurin@suse.com diff --git a/flannel.spec b/flannel.spec index 56d3c6c..111d5f3 100644 --- a/flannel.spec +++ b/flannel.spec @@ -38,6 +38,8 @@ BuildRequires: golang-packaging BuildRequires: systemd BuildRequires: xz BuildRequires: golang(API) >= 1.11 +# go1.11.3 contains sec. fixes bsc#1118897(CVE-2018-16873) bsc#1118897(CVE-2018-16873) bsc#1118899(CVE-2018-16875) +BuildRequires: go >= 1.11.3 Requires(post): %fillup_prereq BuildRoot: %{_tmppath}/%{name}-%{version}-build ExcludeArch: s390 From d570d217a388d01e4580bcfa6f85a663a27f16258d4ddd1aff550b2cd0d453fd Mon Sep 17 00:00:00 2001 From: Jordi Massaguer Date: Wed, 19 Dec 2018 17:18:35 +0000 Subject: [PATCH 2/2] Accepting request 660072 from home:clee:branches:devel:CaaSP:Head:ControllerNode - Refactor go to go1.11 for BuildRequires OBS-URL: https://build.opensuse.org/request/show/660072 OBS-URL: https://build.opensuse.org/package/show/devel:CaaSP:Head:ControllerNode/flannel?expand=0&rev=13 --- flannel.changes | 5 +++++ flannel.spec | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/flannel.changes b/flannel.changes index 21d5b78..ec510f2 100644 --- a/flannel.changes +++ b/flannel.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Wed Dec 19 16:55:33 UTC 2018 - clee@suse.com + +- Refactor go to go1.11 for BuildRequires + ------------------------------------------------------------------- Wed Dec 19 01:18:01 UTC 2018 - clee@suse.com diff --git a/flannel.spec b/flannel.spec index 111d5f3..89f17a4 100644 --- a/flannel.spec +++ b/flannel.spec @@ -39,7 +39,7 @@ BuildRequires: systemd BuildRequires: xz BuildRequires: golang(API) >= 1.11 # go1.11.3 contains sec. fixes bsc#1118897(CVE-2018-16873) bsc#1118897(CVE-2018-16873) bsc#1118899(CVE-2018-16875) -BuildRequires: go >= 1.11.3 +BuildRequires: go1.11 >= 1.11.3 Requires(post): %fillup_prereq BuildRoot: %{_tmppath}/%{name}-%{version}-build ExcludeArch: s390