| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
| Name: kubernetes1.29-client | Distribution: openSUSE Tumbleweed |
| Version: 1.29.15 | Vendor: openSUSE |
| Release: 1.1 | Build date: Tue Mar 25 14:00:00 2025 |
| Group: System/Management | Build host: reproducible |
| Size: 55775535 | Source RPM: kubernetes1.29-1.29.15-1.1.src.rpm |
| Packager: https://bugs.opensuse.org | |
| Url: https://kubernetes.io/ | |
| Summary: Kubernetes client tools | |
Kubernetes client tools like kubectl.
Apache-2.0
* Tue Mar 25 2025 Priyanka Saggu <priyanka.saggu@suse.com>
- CVE-2025-1767: GitRepo Volume Inadvertent Local Repository Access, bsc#1239643
* TL;DR: Please refer to the github issue for details on detecting and mitigating the CVE, if impacted:
https://github.com/kubernetes/kubernetes/issues/130786
* ***Important note to users and administrators****
* How do I mitigate this vulnerability?
To mitigate this vulnerability, you must use an init container to perform git clone operation and then mount the directory into the Pod's container. An example of this approach is provided here: https://gist.github.com/tallclair/849601a16cebeee581ef2be50c351841
Note: You can also restrict the use of gitRepo volumes in your cluster using policies such as ValidatingAdmissionPolicy or through Restricted pod security standard policy. You can use the following Common Expression Language (CEL) expression as part of a policy to reject use of gitRepo volumes:
`has(object.spec.volumes) || !object.spec.volumes.exists(v, has(v.gitRepo))`
* Detection:
To detect whether this vulnerability has been exploited, you can use the following command to list all pods that use the in-tree gitRepo volume and clones to a .git subdirectory.
```
kubectl get pods --all-namespaces -o json | jq '.items[] | select(.spec.volumes[].gitRepo.repository | test("^/")) | {name: .metadata.name, namespace: .metadata.namespace, repository: (.spec.volumes[] | select(.gitRepo) | .gitRepo.repository)}'
```
Please plan and consider migrating to Kubernetes v1.33 (~ Release Date: April 23, 2025).
Since starting v1.33, the impacted gitRepo volume plugin will be disabled by default.
Refer: https://github.com/kubernetes/kubernetes/pull/129923
No prior Kubernetes versions (v1.29 - v1.32), will receive any backport fixe patches for this CVE, since there isn't a fully non-code-breaking patch available.
* Wed Mar 12 2025 Priyanka Saggu <priyanka.saggu@suse.com>
- Update to version 1.29.15:
* Bump to build with go 1.23.6
* Honor KUBE_HACK_TOOLS_GOTOOLCHAIN
* Update tools to go1.22 min
* .*: fix lint errors Fix SA4032 and SA3000 which are flagged after bumping to go1.23 and v0.5.1 of go-tools.
* hack: disable SA1006 check
* hack/tools: bump go-tools for go1.23.x
- Update .spec file to bump go version build requirements:
* `BuildRequires: go >= 1.23.6`
* BuildRequires: golang(API) = 1.23
* ref: https://github.com/kubernetes/kubernetes/blob/v1.29.15/build/dependencies.yaml#L117-L141
* Tue Feb 18 2025 Priyanka Saggu <priyanka.saggu@suse.com>
- Update to version 1.29.14 (final upstream patch release):
* Bump images, dependencies and versions to go 1.22.12 and distroless iptables
* Kubelet server handler cleanup
* Fix Go vet errors for master golang
* Update pkg/controlplane/apiserver/config_test.go
* prioritize user EtcdOptions.StorageConfig.StorageObjectCountTracker
* Fix: StorageObjectCountTracker is nil, apf estimator got ObjectCountNotFoundErr
* Bump govulncheck to 1.1.2
- Update .spec file to bump go version build requirements:
* `BuildRequires: go >= 1.22.12`
* ref: https://github.com/kubernetes/kubernetes/blob/v1.29.14/build/dependencies.yaml#L119-L121
- version 1.29.14 contain fix for CVE-2025-0426, bsc#1237189
* Refer: https://github.com/kubernetes/kubernetes/issues/130016#issue-2836467448
- version 1.29.14 is the final patch release by the upstream project, and will be EOL on Feb 28, 2025.
* Refer: https://kubernetes.io/releases/patch-releases/#non-active-branch-history
* Thu Jan 16 2025 Priyanka Saggu <priyanka.saggu@suse.com>
- Update to version 1.29.13:
* kubelet: use env vars in node log query PS command
* Fix kubelet on Windows fails if a pod has SecurityContext with RunAsUser.
* webhook: alter regex to account for x509sha1 GODEBUG removal
* Bump images, dependencies and versions to go 1.22.10 and distroless iptables
* Do not attempt to truncate revision history if revisionHistoryLimit is negative
* fetch cni plugins from GitHub releases
* prevent unnecessary resolving of iscsi/fc devices to dm
* kubelet: Fix the volume manager did't check the device mount state in the actual state of the world before marking the volume as detached. It may cause a pod to be stuck in the Terminating state due to the above issue when it was deleted.
- Update .spec file to bump go version build requirements:
* `BuildRequires: go >= 1.22.10`
* ref: https://github.com/kubernetes/kubernetes/blob/v1.29.13/build/dependencies.yaml#L119-L121
* Thu Dec 19 2024 Priyanka Saggu <priyanka.saggu@suse.com>
- Update to version 1.29.12:
* Bump images, dependencies and versions to go 1.22.9 and distroless iptables
* skip TestCreateBlobDisk test
- Update .spec file to bump go version build requirements:
* `BuildRequires: go >= 1.22.9`
* ref: https://github.com/kubernetes/kubernetes/blob/v1.29.12/build/dependencies.yaml#L119-L121
* Thu Nov 28 2024 Priyanka Saggu <priyanka.saggu@suse.com>
- Update to version 1.29.11:
* Build etcd image v3.5.16
* Update etcd from v3.5.15 to v3.5.16
* server/config: assing system:apiserver user to system:authenticated group
* bugfix(scheduler): preemption picks wrong victim node with higher priority pod on it.
* tests for nodes with different nodeName and name
* manually revert #109877
* Mon Nov 04 2024 Priyanka Saggu <priyanka.saggu@suse.com>
- Update to version 1.29.10:
* bump golang to 1.22.8
* kubeadm: fix a bug where the RemoveMember function did not return the correct member list when the member to be removed did not exist
* Fix deleted UDP endpoint detection
* Fix daemonset to ensure old unhealthy pods are counted towards max unavailable budget.
* fix: requeue pods rejected by Extenders properly
* kubeadm: check the member list status before adding or removing an etcd member
* kubeadm: check whether the peer URL for the added etcd member already exists when the MemberAddAsLearner/MemberAdd fails
* bugfix: endpoints controller track resource version conrrectly
* Remove `socat` and `ebtables` from kubeadm preflight checks
* fix memory leak from global MeterProvider
- Update .spec file to bump go version build requirements:
* `BuildRequires: go >= 1.22.8`
* ref: https://github.com/kubernetes/kubernetes/blob/v1.29.10/build/dependencies.yaml#L119-L121
* Mon Oct 14 2024 Priyanka Saggu <priyanka.saggu@suse.com>
- Update to version 1.29.9:
* Restart the init container to not be stuck in created state
* succeeded pod is being re-admitted
* Avoid SidecarContainers code path for non-sidecar pods
* Build etcd image of v3.5.15
* Update etcd from v3.5.14 to v3.5.15
* add missing RBAC to statefulset-controller for StatefulSetAutoDeletePVC feature
* Bump images, dependencies and versions to go 1.22.6 and distroless iptables
* Add a new workqueue to endpointslice controller for updating topology cache and checking node topology distribution.
* fix a scheduler preemption issue that victim is not patched properly
* kube-proxy: initialization wait for service and endpoint handlers synced
- Update .spec file to bump go version build requirements:
* `BuildRequires: go >= 1.22.5`
* ref: https://github.com/kubernetes/kubernetes/blob/v1.29.9/build/dependencies.yaml#L119-L12
* Fri Aug 16 2024 Priyanka Saggu <priyanka.saggu@suse.com>
- Update to version 1.29.8:
* Respect controllers on PVCs for retention policy
* Updating kubelet on Windows to query uuid from registry
* Update err message before ratcheting feature enabled.
* Terminate restartable init containers ignoring not-started containers
* Hot fix for panic on schema conversion.
* mount-utils: treat syscall.ENODEV as corrupted mount
* update container ubuntu sha256
* update driver installer
* api: fix ValidatingAdmissionPolicyList json tag
* apiserver: fix watch namespace
* Fix that PodIP field is not set for terminal pod
* Use omitempty for optional fields in Job Pod Failure Policy
* Tue Aug 06 2024 Priyanka Saggu <priyanka.saggu@suse.com>
- Follow up changes after go version bump to 1.22:
- For ppc64le platform: disabled `export GOLDFLAGS='-linkmode=external'`. * to fix the build failure error:
`-linkmode=external requires external (cgo) linking, but cgo is not enabled`
- For linux/s390x platform: disabled building kubernetes binaries with `-buildmode=pie`
* `-buildmode=pie` with "internal linking" is not yet supported on linux/s390x platform
* ref: https://github.com/golang/go/blob/a63907808d14679c723e566cb83acc76fc8cafc2/src/internal/platform/supported.go#L223-L232
* ref: https://github.com/golang/go/issues/64875#issuecomment-1870734528
* Tue Aug 06 2024 priyanka.saggu@suse.com
- Update to version 1.29.7:
* Add funcs in pkg/filesystem/util that can actually set file permissiosn on Windows and update container log dir perms to 660 on Windows
* Fix pv reclaim failed due to its phase is wrongly updated to the Failed state by kcm
* fix issue with using feature HonorPVReclaimPolicy in csi-provisioner
* Mark a test case which sets up a sample-apiserver as serial due to potential conflicts with other test cases which do the same.
* defaultMaskedPaths must be kept in sync with moby/moby.
* gitRepo volume: directory must be max 1 level deep
* Bump images, dependencies and versions to go 1.22.5 and distroless iptables
* Fix endpoints status out-of-sync when the pod state changes rapidly
* kubeadm: don't fail post upgrade in EnsureAdminClusterRoleBindingImpl if the error is crb already exists
* fix: skip isPodWorthRequeuing only when SchedulingGates gates the pod
* kubectl create cronjobs: Manually set OwnerReferences
- Update .spec file to bump go version build requirements:
* `BuildRequires: go >= 1.22.5`
* `BuildRequires: golang(API) = 1.22`
* ref: https://github.com/kubernetes/kubernetes/blob/v1.29.7/build/dependencies.yaml#L119-L121
* Wed Jun 26 2024 Priyanka Saggu <priyanka.saggu@suse.com>
- Update to version 1.29.6:
* Bump images, dependencies and versions to go 1.21.11 and distroless iptables/setcap/debian-base
* Don't fill in NodeToStatusMap with UnschedulableAndUnresolvable
* Revert "scheduler: preallocation for NodeToStatusMap"
* add an integration test when nodeAffinity specifies a non-existent node.
* base on allNodes when calculating nextStartNodeIndex
* Don't sort under lock
* Fix printPod panic with spurious container statuses
* Fix NFS related issues on GCP/Ubuntu
* cherry pick #124618 to 1.29
* fix requests tracker concurrency
* fix conflict race in statefulset rest update
* fix stateful set pod recreation and event spam
* fix pods tracking and internal error checking in statefulset tests
* Updated & added visibility to apiserver x509 test certificates expiring this year
* Fix PersistentVolumeLabel admission plugin on Azure
* Fri May 17 2024 Priyanka Saggu <priyanka.saggu@suse.com>
- Update to version 1.29.5:
* scheduler: preallocation for NodeToStatusMap
* add e2e test when a plugin (in-tree or out-of-tree) return non-existent/illegal nodes, the pod should be scheduled normally if suitable nodes exists
* add integration test for pod with pvc has node-affinity to non-existent/existent nodes
* test to catch illegal nodeNames returned by PreFilterResult
* hotfix when a plugin (in-tree or out-of-tree) return non-existent/illegal nodes, the pod scheduling flow will abort immediately.
* kubeadm: fix upgrading external CA cluster to 1.29
* Idempotent transformers in scheduler & kcm
* cluster/gce: upgrade cos-97-lts -> cos-109-lts
* storage e2e: update hostpath and mock images
* add log verbosity to endpoint topology hint loop.
* Rename `cluster` to `storage_cluster_id` for apiserver_storage_size_bytes metric
* Thu Apr 18 2024 Priyanka Saggu <priyanka.saggu@suse.com>
- Update to version 1.29.4:
* Add envFrom to serviceaccount admission plugin
* update debian-base to bookworm-v1.0.2
* [go] Bump images, dependencies and versions to go 1.21.9 and distroless iptables / set-cap
* [CVE-2023-45288] .*: bump x/net to v0.23.0
* Keep streams from being set up after closeAllStreamReaders is called
* Make websocket heartbeat test timing less flaky
* Avoid logging binary junk for frame write failure
* Use the right feature gate when updating uncertain volumes
* fix panic with SIGSEGV in kubeadm certs check-expiration
* retry policy creation for CRD type checking E2E test
* Undo double run of the TestWatchSemantics test to avoid hitting timeout
* apiserver/storage/cacher: decrease the running time of tests in the cacher package.
* Serve watch without resourceVersion from cache and introduce a WatchFromStorageWithoutResourceVersion feature gate to allow serving watch from storage.
* Ensure that initial events are sorted for WatchList
* fix aggregator path filtering to include /
* Filter aggregated apiservice gv
* Use DBG=1 for conformance verification
* build: use -trimpath in non-DBG mode
- Update .spec file to bump go version build requirements:
* `BuildRequires: go >= 1.21.9`
* ref: https://github.com/kubernetes/kubernetes/blob/v1.29.4/build/dependencies.yaml#L119-L121
* Mon Apr 08 2024 Priyanka Saggu <priyanka.saggu@suse.com>
- update .spec file to set FORCE_HOST_GO env variable,
to force k8s build scripts use the local GOTOOLCHAIN version from the build pipeline
(i.e. GOTOOLCHAIN='local')
* ref: https://github.com/kubernetes/kubernetes/blob/9791f0d1f39f3f1e0796add7833c1059325d5098/hack/lib/golang.sh#L507
* Mon Apr 08 2024 priyanka.saggu@suse.com
- Update to version 1.29.3:
* remove --v arg from kubetest2-tester-ginkgo test args
* ci: bump kind to latest for kms jobs
* [go] Bump images, dependencies and versions to go 1.21.8 / distroless-iptables to v0.4.6
* [CVE-2024-24786] Bump github.com/golang/protobuf v1.5.4, google.golang.org/protobuf v1.33.0
* keep existing PDB conditions when updating status
* Validate restartable init container state transition
* Test that separation of streams work by using progress notifies
* Prevent watch cache starvation, by moving its watch to separate RPC and add a SeparateCacheWatchRPC feature flag to disable this behavior
* fix UT failure TestPrintIPAddressList
* etcd: Update to version 3.5.12
* build etcd image v3.5.12
* Fix race condition between external-resizer and kubelet
* codegen: don't nuke files if only verifying
* dra: increase timeout in setupFakeDRADriverGRPCServer to prevent tests to flake.
* e2e_node: replace `registry.k8s.io/stress:v1` with agnhost
* promote agnhost to v2.47
* fixing issue with GetCPUUsageNanoCores on Windows
* Fix cleanup of file subpaths
* Fix SELinux e2e tests: add label to observed metrics
- Update .spec file to bump go version build requirements:
* `BuildRequires: go >= 1.21.18`
* ref: https://github.com/kubernetes/kubernetes/blob/v1.29.3/build/dependencies.yaml#L119-L121
* Mon Feb 26 2024 priyanka.saggu@suse.com
- Update to version 1.29.2:
* [go] Bump images, dependencies and versions to go 1.21.7 / setcap/debian-base to bookworm-v1.0.1 and distroless-iptables to v0.4.5
* Revert "kubeadm: fix a bug where the uploaded kubelet configuration in kube-system/kubelet-config ConfigMap does not respect user patch"
* kubeadm: better checks if the node is CP during "upgrade node"
* test: remove unnecessary skip healthz check from test
* bugfix: dont skip reconcile for unchanged policy if last sync failed
* Add processStartTime in metrics/slis
* Fix deprecated version for pod_scheduling_duration_seconds
* flag PersistentVolumeLastPhaseTransitionTime field as beta
* If a pvc has an empty storageclass name, don't try to assign a default StorageClass to it.
* Fix kubeadm init regression
* Drop PendingChanges methods from change trackers, move into UpdateResults
* Squash some unnecessarily-chained methods in the change trackers
* Thu Feb 22 2024 Dominique Leuenberger <dimstar@opensuse.org>
- Use %patch -P N instead of deprecated %patchN.
* Tue Jan 23 2024 priyanka.saggu@suse.com
- Update to version 1.29.1:
* Revert "Graduate Evented PLEG to Beta"
* [go] Bump images, dependencies and versions to go 1.21.6 and distroless iptables to 0.4.4
* Make OpenAPIGetter tolerant of nil
* use context for lazy evaluation.
* Initialize default attach func regardless of the value of flag
* .*: bump golang.org/x/tools to v0.16.1
* fix: 119921
* Keep presence cost to 0 to ensure backward compatibility.
* fix(scheduler): fix incorrect loop logic in MultiPoint to avoid a plugin being loaded multiple times
* fix falky test pkg/registry/core/persistentvolume/storage TestUpdateStatus
* Use a separate function for checking if device was reconstructed
* Add tests for checking of uncertain device paths
* Fix device uncertain errors on reboot
* Fix CSI migration for vSphere volumes
* Wire in field dropping for CRDs
* Revert "scheduler/nodeaffinity: reduce pod scheduling latency"
* Revert "scheduler/NodeUnschedulable: reduce pod scheduling latency"
* kube-proxy: Fix etp:Local for externalIPs
* Add unit test for Job Controller for panic when PodFailurePolicy is used on 1.28
* Tue Jan 23 2024 Priyanka Saggu <priyanka.saggu@suse.com>
- initial package for Kubernetes v1.29.0
/etc/alternatives/kubectl /usr/bin/kubectl /usr/bin/kubectl1.29 /usr/share/doc/packages/kubernetes1.29-client /usr/share/doc/packages/kubernetes1.29-client/CONTRIBUTING.md /usr/share/doc/packages/kubernetes1.29-client/README.md /usr/share/licenses/kubernetes1.29-client /usr/share/licenses/kubernetes1.29-client/LICENSE
Generated by rpm2html 1.8.1
Fabrice Bellet, Sun Mar 30 23:32:47 2025