Fix building of etcd


Bump to commit f29b1ada19713544b698dab8c94c97cfa1e83dac


Bump to commit e1ca3b4434945e57e8e3a451cdbde74a903cc8e1 Security fix for CVE-2018-16886 Security fix for CVE-2018-1098 CVE-2018-1099

This update has been submitted for testing by eclipseo.

10 months ago

This update has obsoleted etcd-3.3.12-2.20190413gitf29b1ad.fc29, and has inherited its bugs and notes.

10 months ago

This update has been pushed to testing.

10 months ago
User Icon martinpitt commented & provided feedback 10 months ago
karma

This still fails, but differently now. On a current and clean F-29, with etcd-3.2.16-6.fc29.x86_64:

# systemctl status -l etcd
● etcd.service - Etcd Server
   Loaded: loaded (/usr/lib/systemd/system/etcd.service; disabled; vendor preset: disabled)
   Active: active (running) since Tue 2019-04-16 02:18:20 EDT; 35s ago
 Main PID: 7797 (etcd)
    Tasks: 9 (limit: 1147)
   Memory: 35.6M
      CPU: 226ms
   CGroup: /system.slice/etcd.service
           └─7797 /usr/bin/etcd --name=default --data-dir=/var/lib/etcd/default.etcd --listen-client-urls=http://localhost:2379

Apr 16 02:18:20 m1.cockpit.lan etcd[7797]: 8e9e05c52164694d received MsgVoteResp from 8e9e05c52164694d at term 2
Apr 16 02:18:20 m1.cockpit.lan etcd[7797]: 8e9e05c52164694d became leader at term 2
Apr 16 02:18:20 m1.cockpit.lan etcd[7797]: raft.node: 8e9e05c52164694d elected leader 8e9e05c52164694d at term 2
Apr 16 02:18:20 m1.cockpit.lan etcd[7797]: setting up the initial cluster version to 3.2
Apr 16 02:18:20 m1.cockpit.lan etcd[7797]: published {Name:default ClientURLs:[http://localhost:2379]} to cluster cdf818194e3a8c32
Apr 16 02:18:20 m1.cockpit.lan systemd[1]: Started Etcd Server.
Apr 16 02:18:20 m1.cockpit.lan etcd[7797]: ready to serve client requests
Apr 16 02:18:20 m1.cockpit.lan etcd[7797]: serving insecure client requests on 127.0.0.1:2379, this is strongly discouraged!
Apr 16 02:18:20 m1.cockpit.lan etcd[7797]: set the initial cluster version to 3.2
Apr 16 02:18:20 m1.cockpit.lan etcd[7797]: enabled capabilities for version 3.2

Somehow dnf upgrade --enablerepo=updates-testing etcd and dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2019-049b108f40 say "nothing to do", so it seems this isn't yet published. However, I downloaded the build manually with koji download-build, and it fails again:

# systemctl status -l etcd
● etcd.service - Etcd Server
   Loaded: loaded (/usr/lib/systemd/system/etcd.service; disabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Tue 2019-04-16 02:25:42 EDT; 2min 33s ago
  Process: 23291 ExecStart=/bin/bash -c GOMAXPROCS=$(nproc) /usr/bin/etcd --name="${ETCD_NAME}" --data-dir="${ETCD_DATA_DIR}" --listen-client-urls="${ETCD_LISTEN_>
 Main PID: 23291 (code=exited, status=1/FAILURE)
      CPU: 16ms

Apr 16 02:25:42 m1.cockpit.lan systemd[1]: Starting Etcd Server...
Apr 16 02:25:42 m1.cockpit.lan etcd[23291]: recognized and used environment variable ETCD_ADVERTISE_CLIENT_URLS=http://localhost:2379
Apr 16 02:25:42 m1.cockpit.lan etcd[23291]: conflicting environment variable "ETCD_LISTEN_CLIENT_URLS" is shadowed by corresponding command-line flag (either unset environment variable or disable flag)
Apr 16 02:25:42 m1.cockpit.lan systemd[1]: etcd.service: Main process exited, code=exited, status=1/FAILURE
Apr 16 02:25:42 m1.cockpit.lan systemd[1]: etcd.service: Failed with result 'exit-code'.
Apr 16 02:25:42 m1.cockpit.lan systemd[1]: Failed to start Etcd Server.

Bodhi is disabling automatic push to stable due to negative karma. The maintainer may push manually if they determine that the issue is not severe.

10 months ago
User Icon eclipseo commented & provided feedback 10 months ago

Caused by https://github.com/etcd-io/etcd/pull/9382 Will fix our service file accordingly.

This update has been obsoleted by etcd-3.3.12-4.20190413gitf29b1ad.fc29.

10 months ago

Please login to add feedback.

Metadata
Type
security
Karma
-1
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Dates
submitted
10 months ago
in testing
10 months ago
BZ#1514762 etcd-3.3.12 is available
0
0
BZ#1552714 CVE-2018-1098 etcd: Cross-site request forgery via crafted local POST forms
0
0
BZ#1552717 CVE-2018-1099 etcd: DNS rebinding vulnerability in etcd server
0
0
BZ#1552720 CVE-2018-1098 CVE-2018-1099 etcd: various flaws [fedora-all]
0
0
BZ#1607180 during build, vendor'ed files are used
0
0
BZ#1651034 CVE-2018-16886 etcd: Improper Authentication in auth/store.go:AuthInfoFromTLS() via gRPC-gateway
0
0
BZ#1665782 CVE-2018-16886 etcd: Improper Authentication in auth/store.go:AuthInfoFromTLS() via gRPC-gateway [fedora-all]
0
0

Automated Test Results