From 3b777b73458207f38441f99476f9f80203762d50800bfda8cfb86103e34feb12 Mon Sep 17 00:00:00 2001 From: Priyanka Saggu Date: Mon, 26 Feb 2024 11:05:09 +0000 Subject: [PATCH] Accepting request 1150811 from home:psaggu:branches:devel:kubic - add new patch to advance autoscaling v2 as the preferred API version, to fix bsc#1219964, CVE-2024-0793 * autoscaling-advance-v2-as-the-preferred-API-version.patch OBS-URL: https://build.opensuse.org/request/show/1150811 OBS-URL: https://build.opensuse.org/package/show/devel:kubic/kubernetes1.24?expand=0&rev=31 --- ...ance-v2-as-the-preferred-API-version.patch | 80 +++++++++++++++++++ kubernetes1.24.changes | 6 ++ kubernetes1.24.spec | 7 +- 3 files changed, 91 insertions(+), 2 deletions(-) create mode 100644 autoscaling-advance-v2-as-the-preferred-API-version.patch diff --git a/autoscaling-advance-v2-as-the-preferred-API-version.patch b/autoscaling-advance-v2-as-the-preferred-API-version.patch new file mode 100644 index 0000000..ea31b57 --- /dev/null +++ b/autoscaling-advance-v2-as-the-preferred-API-version.patch @@ -0,0 +1,80 @@ +From 40a6d6306a2c6c202ab33c3d90178ce19fabf7cf Mon Sep 17 00:00:00 2001 +From: SataQiu +Date: Sun, 11 Dec 2022 13:09:39 +0800 +Subject: [PATCH] autoscaling: advance v2 as the preferred API version over v1 + +--- + pkg/apis/autoscaling/install/install.go | 3 +-- + pkg/controlplane/storageversionhashdata/data.go | 4 ++-- + test/integration/etcd/data.go | 6 +++--- + 3 files changed, 6 insertions(+), 7 deletions(-) + +Index: kubernetes-1.24.17/pkg/apis/autoscaling/install/install.go +=================================================================== +--- kubernetes-1.24.17.orig/pkg/apis/autoscaling/install/install.go ++++ kubernetes-1.24.17/pkg/apis/autoscaling/install/install.go +@@ -40,6 +40,5 @@ func Install(scheme *runtime.Scheme) { + utilruntime.Must(v2.AddToScheme(scheme)) + utilruntime.Must(v2beta1.AddToScheme(scheme)) + utilruntime.Must(v1.AddToScheme(scheme)) +- // TODO: move v2 to the front of the list in 1.24 +- utilruntime.Must(scheme.SetVersionPriority(v1.SchemeGroupVersion, v2.SchemeGroupVersion, v2beta1.SchemeGroupVersion, v2beta2.SchemeGroupVersion)) ++ utilruntime.Must(scheme.SetVersionPriority(v2.SchemeGroupVersion, v1.SchemeGroupVersion, v2beta1.SchemeGroupVersion, v2beta2.SchemeGroupVersion)) + } +Index: kubernetes-1.24.17/pkg/controlplane/storageversionhashdata/data.go +=================================================================== +--- kubernetes-1.24.17.orig/pkg/controlplane/storageversionhashdata/data.go ++++ kubernetes-1.24.17/pkg/controlplane/storageversionhashdata/data.go +@@ -51,10 +51,10 @@ var GVRToStorageVersionHash = map[string + "v1/secrets": "S6u1pOWzb84=", + "v1/serviceaccounts": "pbx9ZvyFpBE=", + "v1/services": "0/CO1lhkEBI=", +- "autoscaling/v1/horizontalpodautoscalers": "oQlkt7f5j/A=", +- "autoscaling/v2/horizontalpodautoscalers": "oQlkt7f5j/A=", +- "autoscaling/v2beta1/horizontalpodautoscalers": "oQlkt7f5j/A=", +- "autoscaling/v2beta2/horizontalpodautoscalers": "oQlkt7f5j/A=", ++ "autoscaling/v1/horizontalpodautoscalers": "qwQve8ut294=", ++ "autoscaling/v2/horizontalpodautoscalers": "qwQve8ut294=", ++ "autoscaling/v2beta1/horizontalpodautoscalers": "qwQve8ut294=", ++ "autoscaling/v2beta2/horizontalpodautoscalers": "qwQve8ut294=", + "batch/v1/jobs": "mudhfqk/qZY=", + "batch/v1/cronjobs": "h/JlFAZkyyY=", + "batch/v1beta1/cronjobs": "h/JlFAZkyyY=", +Index: kubernetes-1.24.17/test/integration/etcd/data.go +=================================================================== +--- kubernetes-1.24.17.orig/test/integration/etcd/data.go ++++ kubernetes-1.24.17/test/integration/etcd/data.go +@@ -128,6 +128,7 @@ func GetEtcdStorageDataForNamespace(name + gvr("autoscaling", "v1", "horizontalpodautoscalers"): { + Stub: `{"metadata": {"name": "hpa2"}, "spec": {"maxReplicas": 3, "scaleTargetRef": {"kind": "something", "name": "cross"}}}`, + ExpectedEtcdPath: "/registry/horizontalpodautoscalers/" + namespace + "/hpa2", ++ ExpectedGVK: gvkP("autoscaling", "v2", "HorizontalPodAutoscaler"), + }, + // -- + +@@ -135,7 +136,6 @@ func GetEtcdStorageDataForNamespace(name + gvr("autoscaling", "v2", "horizontalpodautoscalers"): { + Stub: `{"metadata": {"name": "hpa4"}, "spec": {"maxReplicas": 3, "scaleTargetRef": {"kind": "something", "name": "cross"}}}`, + ExpectedEtcdPath: "/registry/horizontalpodautoscalers/" + namespace + "/hpa4", +- ExpectedGVK: gvkP("autoscaling", "v1", "HorizontalPodAutoscaler"), + }, + // -- + +@@ -143,7 +143,7 @@ func GetEtcdStorageDataForNamespace(name + gvr("autoscaling", "v2beta1", "horizontalpodautoscalers"): { + Stub: `{"metadata": {"name": "hpa1"}, "spec": {"maxReplicas": 3, "scaleTargetRef": {"kind": "something", "name": "cross"}}}`, + ExpectedEtcdPath: "/registry/horizontalpodautoscalers/" + namespace + "/hpa1", +- ExpectedGVK: gvkP("autoscaling", "v1", "HorizontalPodAutoscaler"), ++ ExpectedGVK: gvkP("autoscaling", "v2", "HorizontalPodAutoscaler"), + }, + // -- + +@@ -151,7 +151,7 @@ func GetEtcdStorageDataForNamespace(name + gvr("autoscaling", "v2beta2", "horizontalpodautoscalers"): { + Stub: `{"metadata": {"name": "hpa3"}, "spec": {"maxReplicas": 3, "scaleTargetRef": {"kind": "something", "name": "cross"}}}`, + ExpectedEtcdPath: "/registry/horizontalpodautoscalers/" + namespace + "/hpa3", +- ExpectedGVK: gvkP("autoscaling", "v1", "HorizontalPodAutoscaler"), ++ ExpectedGVK: gvkP("autoscaling", "v2", "HorizontalPodAutoscaler"), + }, + // -- + diff --git a/kubernetes1.24.changes b/kubernetes1.24.changes index 91e83a4..c502639 100644 --- a/kubernetes1.24.changes +++ b/kubernetes1.24.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Mon Feb 26 09:54:57 UTC 2024 - Priyanka Saggu + +- add new patch to advance autoscaling v2 as the preferred API version, to fix bsc#1219964, CVE-2024-0793 + * autoscaling-advance-v2-as-the-preferred-API-version.patch + ------------------------------------------------------------------- Thu Feb 22 12:45:59 UTC 2024 - Dominique Leuenberger diff --git a/kubernetes1.24.spec b/kubernetes1.24.spec index 2d6cccb..ea6d1f2 100644 --- a/kubernetes1.24.spec +++ b/kubernetes1.24.spec @@ -1,7 +1,7 @@ # # spec file # -# Copyright (c) 2023 SUSE LLC +# Copyright (c) 2024 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -51,6 +51,8 @@ Patch4: kubeadm-opensuse-flexvolume.patch Patch5: revert-coredns-image-renaming.patch # Patch to fix reproducible builds https://github.com/kubernetes/kubernetes/issues/110928 Patch6: kubernetes-trimpath.patch +# Patch to advance autoscaling v2 as the preferred API version, to fix bsc#1219964, CVE-2024-0793 +Patch7: autoscaling-advance-v2-as-the-preferred-API-version.patch BuildRequires: fdupes BuildRequires: git BuildRequires: go >= 1.20.7 @@ -80,8 +82,8 @@ for management and discovery. -# packages to build containerized control plane +# packages to build containerized control plane %package apiserver Summary: Kubernetes apiserver for container image Group: System/Management @@ -226,6 +228,7 @@ Fish command line completion support for %{name}-client. %patch -P 4 -p0 %patch -P 5 -p1 %patch -P 6 -p1 +%patch -P 7 -p1 %build # This is fixing bug bsc#1065972