| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
| Name: kubernetes1.31-proxy | Distribution: openSUSE Tumbleweed |
| Version: 1.31.7 | Vendor: openSUSE |
| Release: 1.1 | Build date: Tue Mar 25 13:57:44 2025 |
| Group: System/Management | Build host: reproducible |
| Size: 71789384 | Source RPM: kubernetes1.31-1.31.7-1.1.src.rpm |
| Packager: https://bugs.opensuse.org | |
| Url: https://kubernetes.io/ | |
| Summary: Kubernetes proxy for container image | |
This subpackage contains the kube-proxy binary for Kubic images
Apache-2.0
* Tue Mar 25 2025 Priyanka Saggu <priyanka.saggu@suse.com>
- CVE-2025-1767: GitRepo Volume Inadvertent Local Repository Access, bsc#1239643
* TL;DR: Please refer to the github issue for details on detecting and mitigating the CVE, if impacted:
https://github.com/kubernetes/kubernetes/issues/130786
* ***Important note to users and administrators****
* How do I mitigate this vulnerability?
To mitigate this vulnerability, you must use an init container to perform git clone operation and then mount the directory into the Pod's container. An example of this approach is provided here: https://gist.github.com/tallclair/849601a16cebeee581ef2be50c351841
Note: You can also restrict the use of gitRepo volumes in your cluster using policies such as ValidatingAdmissionPolicy or through Restricted pod security standard policy. You can use the following Common Expression Language (CEL) expression as part of a policy to reject use of gitRepo volumes:
`has(object.spec.volumes) || !object.spec.volumes.exists(v, has(v.gitRepo))`
* Detection:
To detect whether this vulnerability has been exploited, you can use the following command to list all pods that use the in-tree gitRepo volume and clones to a .git subdirectory.
```
kubectl get pods --all-namespaces -o json | jq '.items[] | select(.spec.volumes[].gitRepo.repository | test("^/")) | {name: .metadata.name, namespace: .metadata.namespace, repository: (.spec.volumes[] | select(.gitRepo) | .gitRepo.repository)}'
```
Please plan and consider migrating to Kubernetes v1.33 (~ Release Date: April 23, 2025).
Since starting v1.33, the impacted gitRepo volume plugin will be disabled by default.
Refer: https://github.com/kubernetes/kubernetes/pull/129923
No prior Kubernetes versions (v1.29 - v1.32), will receive any backport fixe patches for this CVE, since there isn't a fully non-code-breaking patch available.
* Wed Mar 12 2025 Priyanka Saggu <priyanka.saggu@suse.com>
- Update to version 1.31.7:
* Update status before returning err
* Add the feature gate `OrderedNamespaceDeletion` for apiserver.
* Update kubectl exec to use correct format
* kubeadm: fix panic when no UpgradeConfiguration was found in the config file
* proxy: should add PingPeriod for websocket translator
* Bump to build with go 1.23.6
* Honor KUBE_HACK_TOOLS_GOTOOLCHAIN
* Deflake the PodReplacementPolicyFeatureToggling Job integration test
* Limit ResourceQuota LIST requests to times when informer is not synced
* do not install handler for /metrics/slis using sync.Once
* Fix the flaky Job test: TestSuccessPolicy_ReEnabling
- Update .spec file to bump go version build requirements:
* `BuildRequires: go >= 1.23.6`
* BuildRequires: golang(API) = 1.23
* ref: https://github.com/kubernetes/kubernetes/blob/v1.31.7/build/dependencies.yaml#L117-L139
* Tue Feb 18 2025 Priyanka Saggu <priyanka.saggu@suse.com>
- Update to version 1.31.6:
* Bump images, dependencies and versions to go 1.22.12 and distroless iptables
* Kubelet server handler cleanup
* Fix the remaining flaky integration tests in Job controller
* WIP: fix the flaky Job integration tests
* kubeadm: use the v1beta4 EtcdAPICall timeout for etcd calls
* hack: backport apidiff.sh
* Added check for multipath device mapper
* Fix: touch /dev/null permission denied on macos
* Fix Portworx plugin's CSI translation to copy secret name & namespace
* kubeadm: remove misplaced error during image pull
* Fix Go vet errors for master golang
* hack/tools: bump go-tools for go1.23.0
* Fix nil pointer dereference in selectable fields check When checking specVersion.SelectableFields, if specVersion is nil, a nil pointer dereference could occur. This change updates the conditional to use || instead of &&, ensuring that the check for specVersion being nil happens first, avoiding potential runtime panics.
- Update .spec file to bump go version build requirements:
* `BuildRequires: go >= 1.22.12`
* ref: https://github.com/kubernetes/kubernetes/blob/v1.31.6/build/dependencies.yaml#L117-L119
- version 1.31.6 contain fix for CVE-2025-0426, bsc#1237189
* Refer: https://github.com/kubernetes/kubernetes/issues/130016#issue-2836467448
* Thu Jan 16 2025 Priyanka Saggu <priyanka.saggu@suse.com>
- Update to version 1.31.5:
* kubelet: use env vars in node log query PS command
* webhook: alter regex to account for x509sha1 GODEBUG removal
* kubeadm: fix a bug where the node.skipPhases in UpgradeNodeConfiguration is not respected by 'kubeadm upgrade node'
* Bump images, dependencies and versions to go 1.22.10 and distroless iptables
* Do not attempt to truncate revision history if revisionHistoryLimit is negative
* fetch cni plugins from GitHub releases
* Fix volume expansion offline
* prevent unnecessary resolving of iscsi/fc devices to dm
* kubelet: Fix the volume manager did't check the device mount state in the actual state of the world before marking the volume as detached. It may cause a pod to be stuck in the Terminating state due to the above issue when it was deleted.
- Update .spec file to bump go version build requirements:
* `BuildRequires: go >= 1.22.10`
* ref: https://github.com/kubernetes/kubernetes/blob/v1.31.5/build/dependencies.yaml#L117-L119
* Thu Dec 19 2024 Priyanka Saggu <priyanka.saggu@suse.com>
- Update to version 1.31.4:
* fix isLikelyNotMountPointStatx relative path issue
* Bump images, dependencies and versions to go 1.22.9 and distroless iptables
* Ensure that a node's CIDR isn't released until the node is deleted
- Update .spec file to bump go version build requirements:
* `BuildRequires: go >= 1.22.9`
* ref: https://github.com/kubernetes/kubernetes/blob/v1.31.4/build/dependencies.yaml#L117-L119
* Thu Nov 28 2024 Priyanka Saggu <priyanka.saggu@suse.com>
- Update to version 1.31.3:
* Fix TestCacherDontMissEventsOnReinitialization test
* bugfix(scheduler): preemption picks wrong victim node with higher priority pod on it.
* Update metrics documentation for v1.31
* fix(leaderelection): nil check in OnStoppedLeading func
* Fix crash on kube manager's service-lb-controller after v1.31.0.
* server/config: assing system:apiserver user to system:authenticated group
* tests for nodes with different nodeName and name
* manually revert #109877
* Mon Nov 04 2024 Priyanka Saggu <priyanka.saggu@suse.com>
- Update to version 1.31.2:
* bump golang to 1.22.8
* kubeadm: fix a bug where the RemoveMember function did not return the correct member list when the member to be removed did not exist
* Fix deleted UDP endpoint detection
* kubeadm: check the member list status before adding or removing an etcd member
* kubeadm: check whether the peer URL for the added etcd member already exists when the MemberAddAsLearner/MemberAdd fails
* Install Nvidia Daemonset in test harness for GCE
* Add some simple tests for nvidia GPU(s)
* bugfix: endpoints controller track resource version conrrectly
* Remove `socat` and `ebtables` from kubeadm preflight checks
* Add activeDeadlineSeconds to kubeadm upgrade-health-check job
* API emulation versioning honors cohabitating resources
* update vendor
* fix memory leak from global MeterProvider
- Update .spec file to bump go version build requirements:
* `BuildRequires: go >= 1.22.8`
* ref: https://github.com/kubernetes/kubernetes/blob/v1.31.2/build/dependencies.yaml#L117-L119
* Tue Sep 24 2024 Priyanka Saggu <priyanka.saggu@suse.com>
- Update to version 1.31.1:
* Restart the init container to not be stuck in created state
* succeeded pod is being re-admitted
* Avoid SidecarContainers code path for non-sidecar pods
* Revert "fix: handle socket file detection on Windows"
* add missing RBAC to statefulset-controller for StatefulSetAutoDeletePVC feature
* Update cni-plugins to v1.5.1
* Bump images, dependencies and versions to go 1.22.6 and distroless iptables
* update coredns/corefile-migration to v1.0.23 to support coredns v1.11.3
* kubeadm: bump coredns to 1.11.3
* kube-up.sh: bump coreDNS to 1.11.3
* fix v1a3 ResourceSliceList metadata field name
* Switch DisableNodeKubeProxyVersion back to disabled-by-default
* fix a scheduler preemption issue that victim is not patched properly
* kube-proxy: initialization wait for service and endpoint handlers synced
* Restore honoring --version build ID overrides
- Update .spec file to bump go version build requirements:
* `BuildRequires: go >= 1.22.6`
* ref: https://github.com/kubernetes/kubernetes/blob/v1.31.1/build/dependencies.yaml#L117-L119
* Tue Aug 20 2024 Priyanka Saggu <priyanka.saggu@suse.com>
- refresh "revert-coredns-image-renaming.patch" patch as per release-1.31 branch:
* ref: https://github.com/kubernetes/kubernetes/blob/4d8e197743a6f764cdbb802e5f6d339d293a2e2e/cmd/kubeadm/app/images/images.go#L25-L54
* Fri Aug 16 2024 Priyanka Saggu <priyanka.saggu@suse.com>
- initial package for Kubernetes v1.31.0
* Full changelog - https://github.com/kubernetes/kubernetes/blob/v1.31.0/CHANGELOG/CHANGELOG-1.31.md
/usr/bin/kube-proxy /usr/share/doc/packages/kubernetes1.31-proxy /usr/share/doc/packages/kubernetes1.31-proxy/CONTRIBUTING.md /usr/share/doc/packages/kubernetes1.31-proxy/README.md /usr/share/licenses/kubernetes1.31-proxy /usr/share/licenses/kubernetes1.31-proxy/LICENSE /usr/share/man/man1/kube-proxy.1.gz
Generated by rpm2html 1.8.1
Fabrice Bellet, Sun Mar 30 23:32:47 2025