Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

kubernetes1.32-apiserver-1.32.3-1.1 RPM for x86_64

From OpenSuSE Tumbleweed for x86_64

Name: kubernetes1.32-apiserver Distribution: openSUSE Tumbleweed
Version: 1.32.3 Vendor: openSUSE
Release: 1.1 Build date: Tue Mar 25 13:36:22 2025
Group: System/Management Build host: reproducible
Size: 102348873 Source RPM: kubernetes1.32-1.32.3-1.1.src.rpm
Packager: https://bugs.opensuse.org
Url: https://kubernetes.io/
Summary: Kubernetes apiserver for container image
 
This subpackage contains the kube-apiserver binary for Kubic images

Provides

Requires

License

Apache-2.0

Changelog

* Tue Mar 25 2025 Priyanka Saggu <priyanka.saggu@suse.com>
  - CVE-2025-1767: GitRepo Volume Inadvertent Local Repository Access, bsc#1239643
    * TL;DR: Please refer to the github issue for details on detecting and mitigating the CVE, if impacted:
    https://github.com/kubernetes/kubernetes/issues/130786
    * ***Important note to users and administrators****
    * How do I mitigate this vulnerability?
    To mitigate this vulnerability, you must use an init container to perform git clone operation and then mount the directory into the Pod's container. An example of this approach is provided here: https://gist.github.com/tallclair/849601a16cebeee581ef2be50c351841
    Note: You can also restrict the use of gitRepo volumes in your cluster using policies such as ValidatingAdmissionPolicy or through Restricted pod security standard policy. You can use the following Common Expression Language (CEL) expression as part of a policy to reject use of gitRepo volumes:
    `has(object.spec.volumes) || !object.spec.volumes.exists(v, has(v.gitRepo))`
    * Detection:
    To detect whether this vulnerability has been exploited, you can use the following command to list all pods that use the in-tree gitRepo volume and clones to a .git subdirectory.
    ```
    kubectl get pods --all-namespaces -o json | jq '.items[] | select(.spec.volumes[].gitRepo.repository | test("^/")) | {name: .metadata.name, namespace: .metadata.namespace, repository: (.spec.volumes[] | select(.gitRepo) | .gitRepo.repository)}'
    ```
    Please plan and consider migrating to Kubernetes v1.33 (~ Release Date: April 23, 2025).
    Since starting v1.33, the impacted gitRepo volume plugin will be disabled by default.
    Refer: https://github.com/kubernetes/kubernetes/pull/129923
    No prior Kubernetes versions (v1.29 - v1.32), will receive any backport fixe patches for this CVE, since there isn't a fully non-code-breaking patch available.
* Wed Mar 12 2025 Priyanka Saggu <priyanka.saggu@suse.com>
  - Update to version 1.32.3:
    * Add the feature gate `OrderedNamespaceDeletion` for apiserver
    * conntrack reconciler must check the dst port
    * fix(pod/util): typos in getting pod validation options
    * Add ControllerRoles Test
    * Fix Fixture Data
    * Add Watch to controller roles
    * Generate register files for all examples
    * add simpletype pkg in v1 for register-gen test
    * Add codegen::register to hack/update-codegen.sh
    * Add missing imports in register-gen
    * Revert "Add random interval to nodeStatusReport interval every time after an actual node status change"
    * Remove the feature-gate check before populating serverRunOptions.Flagz
    * test: Add emulated-version flag verification in flagz test
    * fix: flagz endpoint to return parsed flags value
    * kubeadm: fix panic when no UpgradeConfiguration was found in the config file
    * proxy: should add PingPeriod for websocket translator
    * Honor KUBE_HACK_TOOLS_GOTOOLCHAIN
    * Deflake the PodReplacementPolicyFeatureToggling Job integration test
    * Limit ResourceQuota LIST requests to times when informer is not synced
    * kubelet: fix DRA registration test
    * Fix the flaky Job test: TestSuccessPolicy_ReEnabling
    * bump netlink
    * DRA CEL: skip estimating the cost in the scheduler
    * DRA CEL: add missing size estimator
* Tue Feb 18 2025 Priyanka Saggu <priyanka.saggu@suse.com>
  - Update to version 1.32.2:
    * Bump images, dependencies and versions to go 1.23.6 and distroless iptables
    * Disable ServiceAccountNodeAudienceRestriction feature gate by default in v1.32
    * Kubelet server handler cleanup
    * Fix the remaining flaky integration tests in Job controller
    * WIP: fix the flaky Job integration tests
    * kubeadm: use the v1beta4 EtcdAPICall timeout for etcd calls
    * hack: backport apidiff.sh
    * Fix: touch /dev/null permission denied on macos
    * Added check for multipath device mapper
    * Fix Portworx plugin's CSI translation to copy secret name & namespace
    * We still can't rely on first condition being fs-expansion pending condition
    * Bump CSI sidecars to fix CI issues and such
    * kubeadm: remove misplaced error during image pull
  - Update .spec file to bump go version build requirements:
    * `BuildRequires:  go >= 1.23.6`
    * ref: https://github.com/kubernetes/kubernetes/blob/v1.32.2/build/dependencies.yaml#L117-L119
  - version 1.32.2 contain fix for CVE-2025-0426, bsc#1237189
    * Refer changelog for more information:
      https://github.com/kubernetes/kubernetes/blob/v1.32.2/CHANGELOG/CHANGELOG-1.32.md#important-security-information
* Thu Jan 16 2025 Priyanka Saggu <priyanka.saggu@suse.com>
  - Update to version 1.32.1:
    * kubelet: use env vars in node log query PS command
    * DRA e2e: adapt to increased ReservedFor limit
    * DRA API: bump maximum size of ReservedFor to 256
    * Add watch permission to namespace-controller for WatchListClient feature
    * webhook: alter regex to account for x509sha1 GODEBUG removal
    * kubeadm: fix a bug where the node.skipPhases in UpgradeNodeConfiguration is not respected by 'kubeadm upgrade node'
    * kubeadm: skip disabled addons in clusterconfig on upgrade
    * Bump images, dependencies and versions to go 1.23.4 and distroless iptables
    * Do not attempt to truncate revision history if revisionHistoryLimit is negative
    * fetch cni plugins from GitHub releases
    * Fix volume expansion offline
    * prevent unnecessary resolving of iscsi/fc devices to dm
    * Isolate mock signer for externaljwt tests
  - Update .spec file to bump go version build requirements:
    * `BuildRequires:  go >= 1.23.4`
    * ref: https://github.com/kubernetes/kubernetes/blob/v1.32.1/build/dependencies.yaml#L117-L119
* Thu Dec 19 2024 Priyanka Saggu <priyanka.saggu@suse.com>
  - initial package for Kubernetes v1.32.0
    * Full changelog - https://github.com/kubernetes/kubernetes/blob/v1.32.0/CHANGELOG/CHANGELOG-1.32.md

Files

/usr/bin/kube-apiserver
/usr/share/doc/packages/kubernetes1.32-apiserver
/usr/share/doc/packages/kubernetes1.32-apiserver/CONTRIBUTING.md
/usr/share/doc/packages/kubernetes1.32-apiserver/README.md
/usr/share/licenses/kubernetes1.32-apiserver
/usr/share/licenses/kubernetes1.32-apiserver/LICENSE
/usr/share/man/man1/kube-apiserver.1.gz

Generated by rpm2html 1.8.1

Fabrice Bellet, Thu Apr 3 23:36:53 2025