[AUTOPATCHER-CORE] Upgrade etcd to 3.5.18 Update to fix CVE-2023-39325, CVE-2023-44487 and CVE-2023-45288. (#12219)

Co-authored-by: corvus-callidus <[email protected]>

Author: CBL-Mariner-Bot

SPECS/etcd/CVE-2024-24786.patch

@@ -1,7 +1,7 @@
 {
   "Signatures": {
     "etcd.service": "4550a4967ba35670051cbfd9b4edf1fc57c0f1d7a07e51f88351ac44c76d8066",
-    "etcd-3.5.12-vendor.tar.gz": "2427523101fa0c5ec75f8c65224cddac89de86ae2f5d6b07f14ae7ea1b195064",
-    "etcd-3.5.12.tar.gz": "90b56a7f2f43a993d420954322e607a6e6a0ca5549f1f7c7dc3567d2f56678d9"
+    "etcd-3.5.18.tar.gz": "8c8890b15c1a19263ab4ee2b374698c1d76c2b31e9b55bdeea47193aa48d8025",
+    "etcd-3.5.18-vendor.tar.gz": "c8b9c5dac4466a1cc528801aad1664fbd4cc7967f31f495187afd79e01d716f3"
   }
 }

SPECS/etcd/etcd.signatures.json

@@ -2,8 +2,8 @@
 
 Summary:        A highly-available key value store for shared configuration
 Name:           etcd
-Version:        3.5.12
-Release:        2%{?dist}
+Version:        3.5.18
+Release:        1%{?dist}
 License:        ASL 2.0
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -44,7 +44,6 @@ Source1:        etcd.service
 #             --pax-option=exthdr.name=%d/PaxHeaders/%f,delete=atime,delete=ctime \
 #             -cJf [tarball name] [folder to tar]
 Source2:        %{name}-%{version}-vendor.tar.gz
-Patch0:         CVE-2024-24786.patch
 BuildRequires:  golang >= 1.16
 
 %description
@@ -72,7 +71,6 @@ mkdir -p %{ETCD_OUT_DIR}
 for component in server etcdctl etcdutl; do
     pushd $component
     tar --no-same-owner -xf %{_builddir}/%{name}-%{version}/vendor-$component.tar.gz
-    patch -p1 -s --fuzz=0 --no-backup-if-mismatch -f --input %{PATCH0}
     go build \
         -o %{ETCD_OUT_DIR} \
         -ldflags=-X=go.etcd.io/etcd/api/v3/version.GitSHA=v%{version}
@@ -147,13 +145,16 @@ install -vdm755 %{buildroot}%{_sharedstatedir}/etcd
 /%{_docdir}/%{name}-%{version}-tools/*
 
 %changelog
+* Tue Feb 04 2025 CBL-Mariner Servicing Account <[email protected]> - 3.5.18-1
+- Auto-upgrade to 3.5.18 - Upgrade to fix CVE-2023-39325, CVE-2023-44487 and CVE-2023-45288.
+
 * Tue Dec 03 2024 bhapathak <[email protected]> - 3.5.12-2
 - Patch CVE-2024-24786
 
 * Fri May 24 2024 CBL-Mariner Servicing Account <[email protected]> - 3.5.12-1
 - Auto-upgrade to 3.5.12 - none
 
-* Tue Oct 18 2023 Nicolas Guibourge <[email protected]> - 3.5.9-1
+* Wed Oct 18 2023 Nicolas Guibourge <[email protected]> - 3.5.9-1
 - Upgrade to 3.5.9 to match version required by kubernetes
 
 * Mon Oct 16 2023 CBL-Mariner Servicing Account <[email protected]> - 3.5.6-12

SPECS/etcd/etcd.spec

@@ -3368,8 +3368,8 @@
         "type": "other",
         "other": {
           "name": "etcd",
-          "version": "3.5.12",
-          "downloadUrl": "https://github.com/etcd-io/etcd/archive/v3.5.12.tar.gz"
+          "version": "3.5.18",
+          "downloadUrl": "https://github.com/etcd-io/etcd/archive/v3.5.18.tar.gz"
         }
       }
     },