Accepting request 659822 from home:clee:branches:devel:CaaSP:Head:ControllerNode

- Updated to a supported version of Go (due to security reasons) * bsc#1118897 CVE-2018-16873 go#29230 cmd/go: remote command execution during "go get -u" * bsc#1118898 CVE-2018-16874 go#29231 cmd/go: directory traversal in "go get" via curly braces in import paths * bsc#1118899 CVE-2018-16875 go#29233 crypto/x509: CPU denial of service OBS-URL: https://build.opensuse.org/request/show/659822 OBS-URL: https://build.opensuse.org/package/show/devel:CaaSP:Head:ControllerNode/flannel?expand=0&rev=12
2018-12-19 11:42:18 +00:00 · 2018-12-19 11:42:18 +00:00 · 91785bb121
commit 91785bb121
parent 120e748ecb
2 changed files with 13 additions and 0 deletions
--- a/flannel.changes
+++ b/flannel.changes
@ -1,3 +1,14 @@
+-------------------------------------------------------------------
+Wed Dec 19 01:18:01 UTC 2018 - clee@suse.com
+
+- Updated to a supported version of Go (due to security reasons)
+  * bsc#1118897 CVE-2018-16873
+    go#29230 cmd/go: remote command execution during "go get -u"
+  * bsc#1118898 CVE-2018-16874
+    go#29231 cmd/go: directory traversal in "go get" via curly braces in import paths
+  * bsc#1118899 CVE-2018-16875
+    go#29233 crypto/x509: CPU denial of service
+
 -------------------------------------------------------------------
 Wed Dec 12 12:43:24 UTC 2018 - alvaro.saurin@suse.com

--- a/flannel.spec
+++ b/flannel.spec
@ -38,6 +38,8 @@ BuildRequires:  golang-packaging
 BuildRequires:  systemd
 BuildRequires:  xz
 BuildRequires:  golang(API) >= 1.11
+# go1.11.3 contains sec. fixes bsc#1118897(CVE-2018-16873) bsc#1118897(CVE-2018-16873) bsc#1118899(CVE-2018-16875)
+BuildRequires:  go >= 1.11.3
 Requires(post): %fillup_prereq
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 ExcludeArch:    s390