From 657b51e00e381b27e2210b64cf7c1f231a6aa7f21e8155b86c1951cc119078cd Mon Sep 17 00:00:00 2001
From: Alexandre Vicenzi <alexandre.vicenzi@suse.com>
Date: Tue, 12 Dec 2023 16:30:53 +0000
Subject: [PATCH] Accepting request 1132710 from
 home:avicenzi:branches:devel:kubic

- Update to version 2.10.7:
  * CVE-2023-45283 (boo#1216943)
  * CVE-2023-45284 (boo#1216944)
  * CVE-2023-47124 (boo#1217806)
  * CVE-2023-47633 (boo#1217807)
  * CVE-2023-47106 (boo#1217804)
  * GHSA-7v4p-328v-8v5g, CVE-2023-39325 (boo#1216109)

OBS-URL: https://build.opensuse.org/request/show/1132710
OBS-URL: https://build.opensuse.org/package/show/devel:kubic/traefik?expand=0&rev=23
---
 _service                    |  2 +-
 _servicedata                |  2 +-
 traefik-2.10.1.tar.gz       |  3 ---
 traefik-2.10.1.webui.tar.gz |  3 ---
 traefik-2.10.7.tar.gz       |  3 +++
 traefik-2.10.7.webui.tar.gz |  3 +++
 traefik.changes             | 45 +++++++++++++++++++++++++++++++++++++
 traefik.spec                | 18 +++++++--------
 traefik.toml                |  6 ++---
 vendor.tar.gz               |  4 ++--
 10 files changed, 66 insertions(+), 23 deletions(-)
 delete mode 100644 traefik-2.10.1.tar.gz
 delete mode 100644 traefik-2.10.1.webui.tar.gz
 create mode 100644 traefik-2.10.7.tar.gz
 create mode 100644 traefik-2.10.7.webui.tar.gz

diff --git a/_service b/_service
index a775c79..7542d43 100644
--- a/_service
+++ b/_service
@@ -3,7 +3,7 @@
     <param name="url">https://github.com/traefik/traefik.git</param>
     <param name="scm">git</param>
     <param name="exclude">.git</param>
-    <param name="revision">v2.10.1</param>
+    <param name="revision">v2.10.7</param>
     <param name="versionformat">@PARENT_TAG@</param>
     <param name="changesgenerate">enable</param>
     <param name="versionrewrite-pattern">v(.*)</param>
diff --git a/_servicedata b/_servicedata
index 7618255..15a39be 100644
--- a/_servicedata
+++ b/_servicedata
@@ -1,4 +1,4 @@
 <servicedata>
 <service name="tar_scm">
                 <param name="url">https://github.com/traefik/traefik.git</param>
-              <param name="changesrevision">7805c683e3336501cf168f40d5d03d4b73431783</param></service></servicedata>
\ No newline at end of file
+              <param name="changesrevision">0a7964300166d167f68d5502bc245b3b9c8842b4</param></service></servicedata>
\ No newline at end of file
diff --git a/traefik-2.10.1.tar.gz b/traefik-2.10.1.tar.gz
deleted file mode 100644
index cf9b075..0000000
--- a/traefik-2.10.1.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:49425aed79f05fc1a78b56cdf8c06b34cbd8a128250be39ebb68cad6cbd4bf80
-size 8923393
diff --git a/traefik-2.10.1.webui.tar.gz b/traefik-2.10.1.webui.tar.gz
deleted file mode 100644
index 99a8c38..0000000
--- a/traefik-2.10.1.webui.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:e8473c4585698b264c07c1fc2ebf282124662e722257ccddbf4bd8b3bac8dea3
-size 1895036
diff --git a/traefik-2.10.7.tar.gz b/traefik-2.10.7.tar.gz
new file mode 100644
index 0000000..550bfe7
--- /dev/null
+++ b/traefik-2.10.7.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:b03a5b57ce316981eb89862a3d5f8ba6d9f79b3338a6e60efe8cca08111c9fba
+size 9473934
diff --git a/traefik-2.10.7.webui.tar.gz b/traefik-2.10.7.webui.tar.gz
new file mode 100644
index 0000000..37d966f
--- /dev/null
+++ b/traefik-2.10.7.webui.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:df526b3a913dcd1d29b3d94f55a08d02c6aa91d9af02d5c55a0084829946abca
+size 4324320
diff --git a/traefik.changes b/traefik.changes
index b50f355..1722f77 100644
--- a/traefik.changes
+++ b/traefik.changes
@@ -1,3 +1,48 @@
+-------------------------------------------------------------------
+Fri Dec 08 12:51:12 UTC 2023 - alexandre.vicenzi@suse.com
+
+- Update to version 2.10.7:
+  * CVEs:
+    * CVE-2023-45283 (boo#1216943)
+    * CVE-2023-45284 (boo#1216944)
+    * CVE-2023-47124 (boo#1217806)
+    * CVE-2023-47633 (boo#1217807)
+    * CVE-2023-47106 (boo#1217804)
+    * GHSA-7v4p-328v-8v5g, CVE-2023-39325 (boo#1216109)
+  * Bug fixes:
+      * [accesslogs] Fix preflight response status in access logs
+      * [accesslogs] Move origin fields capture to service level
+      * [acme] Do not check for wildcard domains for non DNS challenge
+      * [acme] Remove backoff for http challenge (CVE-2023-47124)
+      * [acme] Update go-acme/lego to v4.14.0
+      * [consul,consulcatalog] Update github.com/hashicorp/consul/api
+      * [http3] Update quic-go to v0.39.1
+      * [k8s/crd] Fix multiple subsets endpoint
+      * [k8s/ingress,k8s/crd,k8s,hub] Clean code related to Hub
+      * [k8s/ingress,k8s] fix: avoid panic on resource backends
+      * [kv] Ignore ErrKeyNotFound error for the KV provider
+      * [logs] Fixed datadog logs json format issue
+      * [metrics] Enable Prometheus provider cleanup when only the router's metrics level is activated
+      * [middleware,authentication] Adjust forward auth to avoid connection leak
+      * [middleware,server] Improve CNAME flattening to avoid unnecessary error logging
+      * [middleware,tracing,plugins] fix: traceability of the middleware plugins
+      * [middleware] Allow X-Forwarded-For delete operation
+      * [middleware] Encode query semicolons
+      * [middleware] Fix stripPrefix middleware is not applied to retried attempts
+      * [middleware] Missing trailer with custom errors middleware
+      * [middleware] Support informational headers in middlewares redefining the response writer
+      * [plugins] Improve error messages related to plugins
+      * [provider] Refuse recursive requests (CVE-2023-47633)
+      * [server] Deny request with fragment in URL path (CVE-2023-47106)
+      * [server] Update x/net and grpc/grpc-go
+      * [tracing] Remove deprecated code usage for datadog tracer
+      * [tracing] Update DataDog tracing dependency to v1.50.1
+      * [webui] Add missing accessControlAllowOriginListRegex to middleware view
+      * Fix false positive in url anonymization
+    * Misc:
+      * [webui] Updates the Hub tooltip content using a web component and adds an option to disable Hub button
+- Update Go version (CVE-2023-45283, CVE-2023-45284, CVE-2023-39325)
+
 -------------------------------------------------------------------
 Mon Jun 12 17:26:46 UTC 2023 - alexandre.vicenzi@suse.com
 
diff --git a/traefik.spec b/traefik.spec
index 8ac3fcd..ba620b3 100644
--- a/traefik.spec
+++ b/traefik.spec
@@ -19,7 +19,7 @@
 %define project github.com/traefik/traefik
 
 Name:           traefik
-Version:        2.10.1
+Version:        2.10.7
 Release:        0
 Summary:        The Cloud Native Application Proxy
 License:        MIT
@@ -33,12 +33,10 @@ Source4:        %{name}-%{version}.webui.tar.gz
 BuildRequires:  go-bindata
 BuildRequires:  golang-packaging
 BuildRequires:  systemd-rpm-macros
-BuildRequires:  (golang(API) >= 1.20 with golang(API) < 1.21)
+BuildRequires:  (golang(API) >= 1.21 with golang(API) < 1.22)
 Recommends:     podman
 %{?systemd_requires}
 %{go_provides}
-# Make sure that the binary is not getting stripped.
-%{go_nostrip}
 
 %description
 Traefik (pronounced traffic) is a modern HTTP reverse proxy and load balancer
@@ -52,7 +50,6 @@ Pointing Traefik at your orchestrator should be the only configuration step you
 %setup -q
 
 %build
-build_date=$(date -u -d @${SOURCE_DATE_EPOCH:-$(date +%%s)} +"%%Y%%m%%d")
 %{goprep} %{project}
 
 # tarball causes "inconsistent vendoring"
@@ -64,16 +61,17 @@ tar -xf %{SOURCE4}
 # see script/generate
 go generate
 
+build_date=$(date -u -d @${SOURCE_DATE_EPOCH:-$(date +%%s)} +"%%Y%%m%%d")
 # see script/binary
 CGO_ENABLED=0 GOGC=off go build \
   -buildmode=pie \
   -mod=vendor \
-  -ldflags "-s -w \
-  -X github.com/traefik/traefik/v2/pkg/version.Version=%{version} \
-  -X github.com/traefik/traefik/v2/pkg/version.Codename='' \
-  -X github.com/traefik/traefik/v2/pkg/version.BuildDate=${build_date}" \
+  -ldflags "-X github.com/traefik/traefik/v3/pkg/version.Version=%{version} \
+            -X github.com/traefik/traefik/v3/pkg/version.Codename='' \
+            -X github.com/traefik/traefik/v3/pkg/version.BuildDate=${build_date}" \
   -installsuffix nocgo \
-  -o traefik ./cmd/traefik
+  -o traefik \
+  ./cmd/traefik
 
 %install
 install -d %{buildroot}/%{_sbindir}
diff --git a/traefik.toml b/traefik.toml
index bc7dac4..d3c92be 100644
--- a/traefik.toml
+++ b/traefik.toml
@@ -8,7 +8,7 @@
 # Global configuration
 ################################################################
 [global]
-  checkNewVersion = true
+  checkNewVersion = false
   sendAnonymousUsage = false
 
 ################################################################
@@ -42,7 +42,7 @@
   # Optional
   # Default: "ERROR"
   #
-  level = "INFO"
+  # level = "DEBUG"
 
   # Sets the filepath for the traefik log. If not specified, stdout will be used.
   # Intermediate directories are created if necessary.
@@ -69,7 +69,7 @@
 #
 # Optional
 #
-[accessLog]
+# [accessLog]
 
   # Sets the file path for the access log. If not specified, stdout will be used.
   # Intermediate directories are created if necessary.
diff --git a/vendor.tar.gz b/vendor.tar.gz
index 55b308e..8acb9bf 100644
--- a/vendor.tar.gz
+++ b/vendor.tar.gz
@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:ee225980a42857b01b873a30d126e675709949f5b7d9f1ba726c1cf63fbc2116
-size 27669549
+oid sha256:a89d2a954de032e57e86dab229d6b0c6c2a992ea83015d31c6f6161ebb569381
+size 23503919