fe0bf54177
- Update to version 3.4.10 [CVE-2020-15106][boo#1174951]: * version: 3.4.10 * Documentation: note on data encryption * etcdserver: change protobuf field type from int to int64 (#12000) * pkg: consider umask when use MkdirAll * etcdmain: let grpc proxy warn about insecure-skip-tls-verify * etcdmain: fix shadow error * pkg/fileutil: print desired file permission in error log * pkg: Fix dir permission check on Windows * auth: Customize simpleTokenTTL settings. * mvcc: chanLen 1024 is to biger,and it used more memory. 128 seems to be enough. Sometimes the consumption speed is more than the production speed. * auth: return incorrect result 'ErrUserNotFound' when client request without username or username was empty. * etcdmain: fix shadow error * doc: add TLS related warnings * etcdserver:FDUsage set ticker to 10 minute from 5 seconds. This ticker will check File Descriptor Requirements ,and count all fds in used. And recorded some logs when in used >= limit/5*4. Just recorded message. If fds was more than 10K,It's low performance due to FDUsage() works. So need to increase it. * clientv3: cancel watches proactively on client context cancellation * wal: check out of range slice in "ReadAll", "decoder" * etcdctl, etcdmain: warn about --insecure-skip-tls-verify options * Documentation: note on the policy of insecure by default * etcdserver: don't let InternalAuthenticateRequest have password * auth: a new error code for the case of password auth against no password user * Documentation: note on password strength * etcdmain: best effort detection of self pointing in tcp proxy * Discovery: do not allow passing negative cluster size * wal: fix panic when decoder not set * embed: fix compaction runtime err * pkg: check file stats * etcdserver, et al: add --unsafe-no-fsync flag * version: 3.4.9 * wal: add TestValidSnapshotEntriesAfterPurgeWal testcase OBS-URL: https://build.opensuse.org/request/show/824853 OBS-URL: https://build.opensuse.org/package/show/devel:kubic/etcd?expand=0&rev=6
By default etcd doesn't require authentication. If you configure etcd to be reachable over the network, have untrustworthy local users on the system where etc runs or store date in etcd that needs to be kept confidential please make sure to enable authentication. You can do that by configuring the settings under [security] in /etc/sysconfig/etcd. For additional guidance please red https://coreos.com/etcd/docs/latest/v2/security.html and https://coreos.com/etcd/docs/latest/op-guide/authentication.html to ensure that you enforce proper access control