Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package kubernetes1.23 for openSUSE:Factory checked in at 2023-06-21 22:38:44 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/kubernetes1.23 (Old) and /work/SRC/openSUSE:Factory/.kubernetes1.23.new.15902 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "kubernetes1.23" Wed Jun 21 22:38:44 2023 rev:10 rq:1093983 version:1.23.17 Changes: -------- --- /work/SRC/openSUSE:Factory/kubernetes1.23/kubernetes1.23.changes 2023-06-16 16:55:34.113963835 +0200 +++ /work/SRC/openSUSE:Factory/.kubernetes1.23.new.15902/kubernetes1.23.changes 2023-06-21 22:39:33.710263801 +0200 @@ -1,0 +2,7 @@ +Tue Jun 20 12:56:47 UTC 2023 - Priyanka Saggu <priyanka.sa...@suse.com> + +- Security Patch Fix for CVE-2023-2431 (bsc#1212493) + * added patch: fix-seccomp-localhost-error-handling.patch + * this new kubelet component patch returns an error when a Pod or Container's SecurityContext has a localhost seccomp type but an empty localhostProfile field. + +------------------------------------------------------------------- New: ---- fix-seccomp-localhost-error-handling.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ kubernetes1.23.spec ++++++ --- /var/tmp/diff_new_pack.EXXRyQ/_old 2023-06-21 22:39:34.410268014 +0200 +++ /var/tmp/diff_new_pack.EXXRyQ/_new 2023-06-21 22:39:34.418268062 +0200 @@ -51,6 +51,8 @@ Patch5: revert-coredns-image-renaming.patch # Patch to fix CVE-2023-2727 and CVE-2023-2728, by preventing ephemeral containers from using an image that is restricted by ImagePolicyWebhook and from bypassing the mountable secrets policy enforced by the ServiceAccount admission plugin Patch6: kube-apiserver-admission-plugin-policy.patch +# Patch to fix CVE-2023-2431, to return error when a Pod or Container's SecurityContext has a localhost seccomp type but an empty localhostProfile field. +Patch7: fix-seccomp-localhost-error-handling.patch BuildRequires: fdupes BuildRequires: git BuildRequires: go-go-md2man @@ -74,6 +76,7 @@ + # packages to build containerized control plane %package apiserver Summary: Kubernetes apiserver for container image @@ -219,6 +222,7 @@ %patch4 -p0 %patch5 -p1 %patch6 -p1 +%patch7 -p1 %build # This is fixing bug bsc#1065972 ++++++ fix-seccomp-localhost-error-handling.patch ++++++ ++++ 860 lines (skipped)