Accepting request 1132710 from home:avicenzi:branches:devel:kubic

- Update to version 2.10.7: * CVE-2023-45283 (boo#1216943) * CVE-2023-45284 (boo#1216944) * CVE-2023-47124 (boo#1217806) * CVE-2023-47633 (boo#1217807) * CVE-2023-47106 (boo#1217804) * GHSA-7v4p-328v-8v5g, CVE-2023-39325 (boo#1216109) OBS-URL: https://build.opensuse.org/request/show/1132710 OBS-URL: https://build.opensuse.org/package/show/devel:kubic/traefik?expand=0&rev=23
2023-12-12 16:30:53 +00:00 · 2023-12-12 16:30:53 +00:00 · 657b51e00e
commit 657b51e00e
parent c354994b45
10 changed files with 66 additions and 23 deletions
--- a/2
+++ b/2
@ -3,7 +3,7 @@
    <param name="url">https://github.com/traefik/traefik.git</param>
    <param name="scm">git</param>
    <param name="exclude">.git</param>
-    <param name="revision">v2.10.1</param>
+    <param name="revision">v2.10.7</param>
    <param name="versionformat">@PARENT_TAG@</param>
    <param name="changesgenerate">enable</param>
    <param name="versionrewrite-pattern">v(.*)</param>
--- a/2
+++ b/2
@ -1,4 +1,4 @@
 <servicedata>
 <service name="tar_scm">
                <param name="url">https://github.com/traefik/traefik.git</param>
-              <param name="changesrevision">7805c683e3336501cf168f40d5d03d4b73431783</param></service></servicedata>
+              <param name="changesrevision">0a7964300166d167f68d5502bc245b3b9c8842b4</param></service></servicedata>
--- a/traefik-2.10.1.tar.gz
+++ b/traefik-2.10.1.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:49425aed79f05fc1a78b56cdf8c06b34cbd8a128250be39ebb68cad6cbd4bf80
-size 8923393
--- a/traefik-2.10.1.webui.tar.gz
+++ b/traefik-2.10.1.webui.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:e8473c4585698b264c07c1fc2ebf282124662e722257ccddbf4bd8b3bac8dea3
-size 1895036
--- a/traefik-2.10.7.tar.gz
+++ b/traefik-2.10.7.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:b03a5b57ce316981eb89862a3d5f8ba6d9f79b3338a6e60efe8cca08111c9fba
+size 9473934
--- a/traefik-2.10.7.webui.tar.gz
+++ b/traefik-2.10.7.webui.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:df526b3a913dcd1d29b3d94f55a08d02c6aa91d9af02d5c55a0084829946abca
+size 4324320
--- a/traefik.changes
+++ b/traefik.changes
@ -1,3 +1,48 @@
+-------------------------------------------------------------------
+Fri Dec 08 12:51:12 UTC 2023 - alexandre.vicenzi@suse.com
+
+- Update to version 2.10.7:
+  * CVEs:
+    * CVE-2023-45283 (boo#1216943)
+    * CVE-2023-45284 (boo#1216944)
+    * CVE-2023-47124 (boo#1217806)
+    * CVE-2023-47633 (boo#1217807)
+    * CVE-2023-47106 (boo#1217804)
+    * GHSA-7v4p-328v-8v5g, CVE-2023-39325 (boo#1216109)
+  * Bug fixes:
+      * [accesslogs] Fix preflight response status in access logs
+      * [accesslogs] Move origin fields capture to service level
+      * [acme] Do not check for wildcard domains for non DNS challenge
+      * [acme] Remove backoff for http challenge (CVE-2023-47124)
+      * [acme] Update go-acme/lego to v4.14.0
+      * [consul,consulcatalog] Update github.com/hashicorp/consul/api
+      * [http3] Update quic-go to v0.39.1
+      * [k8s/crd] Fix multiple subsets endpoint
+      * [k8s/ingress,k8s/crd,k8s,hub] Clean code related to Hub
+      * [k8s/ingress,k8s] fix: avoid panic on resource backends
+      * [kv] Ignore ErrKeyNotFound error for the KV provider
+      * [logs] Fixed datadog logs json format issue
+      * [metrics] Enable Prometheus provider cleanup when only the router's metrics level is activated
+      * [middleware,authentication] Adjust forward auth to avoid connection leak
+      * [middleware,server] Improve CNAME flattening to avoid unnecessary error logging
+      * [middleware,tracing,plugins] fix: traceability of the middleware plugins
+      * [middleware] Allow X-Forwarded-For delete operation
+      * [middleware] Encode query semicolons
+      * [middleware] Fix stripPrefix middleware is not applied to retried attempts
+      * [middleware] Missing trailer with custom errors middleware
+      * [middleware] Support informational headers in middlewares redefining the response writer
+      * [plugins] Improve error messages related to plugins
+      * [provider] Refuse recursive requests (CVE-2023-47633)
+      * [server] Deny request with fragment in URL path (CVE-2023-47106)
+      * [server] Update x/net and grpc/grpc-go
+      * [tracing] Remove deprecated code usage for datadog tracer
+      * [tracing] Update DataDog tracing dependency to v1.50.1
+      * [webui] Add missing accessControlAllowOriginListRegex to middleware view
+      * Fix false positive in url anonymization
+    * Misc:
+      * [webui] Updates the Hub tooltip content using a web component and adds an option to disable Hub button
+- Update Go version (CVE-2023-45283, CVE-2023-45284, CVE-2023-39325)
+
 -------------------------------------------------------------------
 Mon Jun 12 17:26:46 UTC 2023 - alexandre.vicenzi@suse.com

--- a/traefik.spec
+++ b/traefik.spec
@ -19,7 +19,7 @@
 %define project github.com/traefik/traefik

 Name:           traefik
-Version:        2.10.1
+Version:        2.10.7
 Release:        0
 Summary:        The Cloud Native Application Proxy
 License:        MIT
@ -33,12 +33,10 @@ Source4:        %{name}-%{version}.webui.tar.gz
 BuildRequires:  go-bindata
 BuildRequires:  golang-packaging
 BuildRequires:  systemd-rpm-macros
-BuildRequires:  (golang(API) >= 1.20 with golang(API) < 1.21)
+BuildRequires:  (golang(API) >= 1.21 with golang(API) < 1.22)
 Recommends:     podman
 %{?systemd_requires}
 %{go_provides}
-# Make sure that the binary is not getting stripped.
-%{go_nostrip}

 %description
 Traefik (pronounced traffic) is a modern HTTP reverse proxy and load balancer
@ -52,7 +50,6 @@ Pointing Traefik at your orchestrator should be the only configuration step you
 %setup -q

 %build
-build_date=$(date -u -d @${SOURCE_DATE_EPOCH:-$(date +%%s)} +"%%Y%%m%%d")
 %{goprep} %{project}

 # tarball causes "inconsistent vendoring"
@ -64,16 +61,17 @@ tar -xf %{SOURCE4}
 # see script/generate
 go generate

+build_date=$(date -u -d @${SOURCE_DATE_EPOCH:-$(date +%%s)} +"%%Y%%m%%d")
 # see script/binary
 CGO_ENABLED=0 GOGC=off go build \
  -buildmode=pie \
  -mod=vendor \
-  -ldflags "-s -w \
-  -X github.com/traefik/traefik/v2/pkg/version.Version=%{version} \
-  -X github.com/traefik/traefik/v2/pkg/version.Codename='' \
-  -X github.com/traefik/traefik/v2/pkg/version.BuildDate=${build_date}" \
+  -ldflags "-X github.com/traefik/traefik/v3/pkg/version.Version=%{version} \
+            -X github.com/traefik/traefik/v3/pkg/version.Codename='' \
+            -X github.com/traefik/traefik/v3/pkg/version.BuildDate=${build_date}" \
  -installsuffix nocgo \
-  -o traefik ./cmd/traefik
+  -o traefik \
+  ./cmd/traefik

 %install
 install -d %{buildroot}/%{_sbindir}
--- a/traefik.toml
+++ b/traefik.toml
@ -8,7 +8,7 @@
 # Global configuration
 ################################################################
 [global]
-  checkNewVersion = true
+  checkNewVersion = false
  sendAnonymousUsage = false

 ################################################################
@ -42,7 +42,7 @@
  # Optional
  # Default: "ERROR"
  #
-  level = "INFO"
+  # level = "DEBUG"

  # Sets the filepath for the traefik log. If not specified, stdout will be used.
  # Intermediate directories are created if necessary.
@ -69,7 +69,7 @@
 #
 # Optional
 #
-[accessLog]
+# [accessLog]

  # Sets the file path for the access log. If not specified, stdout will be used.
  # Intermediate directories are created if necessary.
--- a/vendor.tar.gz
+++ b/vendor.tar.gz
@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:ee225980a42857b01b873a30d126e675709949f5b7d9f1ba726c1cf63fbc2116
-size 27669549
+oid sha256:a89d2a954de032e57e86dab229d6b0c6c2a992ea83015d31c6f6161ebb569381
+size 23503919