diff --git a/SPECS/etcd/CVE-2026-29181.patch b/SPECS/etcd/CVE-2026-29181.patch new file mode 100644 index 00000000000..1b0bce40905 --- /dev/null +++ b/SPECS/etcd/CVE-2026-29181.patch @@ -0,0 +1,117 @@ +From 8c7a681ebfbcd7ab85c3c49aeb31de1c76db344a Mon Sep 17 00:00:00 2001 +From: AllSpark +Date: Wed, 29 Apr 2026 09:44:12 +0000 +Subject: [PATCH] internal/errorhandler: add global error handler delegator + +Signed-off-by: Azure Linux Security Servicing Account +Upstream-reference: AI Backport of https://github.com/open-telemetry/opentelemetry-go/commit/aa1894e09e3fe66860c7885cb40f98901b35277f.patch +--- + internal/errorhandler/errorhandler.go | 96 +++++++++++++++++++++++++++ + 1 file changed, 96 insertions(+) + create mode 100644 internal/errorhandler/errorhandler.go + +diff --git a/internal/errorhandler/errorhandler.go b/internal/errorhandler/errorhandler.go +new file mode 100644 +index 0000000..3f0ab31 +--- /dev/null ++++ b/internal/errorhandler/errorhandler.go +@@ -0,0 +1,96 @@ ++// Copyright The OpenTelemetry Authors ++// SPDX-License-Identifier: Apache-2.0 ++ ++// Package errorhandler provides the global error handler for OpenTelemetry. ++// ++// This package has no OTel dependencies, allowing it to be imported by any ++// package in the module without creating import cycles. ++package errorhandler // import "go.opentelemetry.io/otel/internal/errorhandler" ++ ++import ( ++ "errors" ++ "log" ++ "sync" ++ "sync/atomic" ++) ++ ++// ErrorHandler handles irremediable events. ++type ErrorHandler interface { ++ // Handle handles any error deemed irremediable by an OpenTelemetry ++ // component. ++ Handle(error) ++} ++ ++type ErrDelegator struct { ++ delegate atomic.Pointer[ErrorHandler] ++} ++ ++// Compile-time check that delegator implements ErrorHandler. ++var _ ErrorHandler = (*ErrDelegator)(nil) ++ ++func (d *ErrDelegator) Handle(err error) { ++ if eh := d.delegate.Load(); eh != nil { ++ (*eh).Handle(err) ++ return ++ } ++ log.Print(err) ++} ++ ++// setDelegate sets the ErrorHandler delegate. ++func (d *ErrDelegator) setDelegate(eh ErrorHandler) { ++ d.delegate.Store(&eh) ++} ++ ++type errorHandlerHolder struct { ++ eh ErrorHandler ++} ++ ++var ( ++ globalErrorHandler = defaultErrorHandler() ++ delegateErrorHandlerOnce sync.Once ++) ++ ++// GetErrorHandler returns the global ErrorHandler instance. ++// ++// The default ErrorHandler instance returned will log all errors to STDERR ++// until an override ErrorHandler is set with SetErrorHandler. All ++// ErrorHandler returned prior to this will automatically forward errors to ++// the set instance instead of logging. ++// ++// Subsequent calls to SetErrorHandler after the first will not forward errors ++// to the new ErrorHandler for prior returned instances. ++func GetErrorHandler() ErrorHandler { ++ return globalErrorHandler.Load().(errorHandlerHolder).eh ++} ++ ++// SetErrorHandler sets the global ErrorHandler to h. ++// ++// The first time this is called all ErrorHandler previously returned from ++// GetErrorHandler will send errors to h instead of the default logging ++// ErrorHandler. Subsequent calls will set the global ErrorHandler, but not ++// delegate errors to h. ++func SetErrorHandler(h ErrorHandler) { ++ current := GetErrorHandler() ++ ++ if _, cOk := current.(*ErrDelegator); cOk { ++ if _, ehOk := h.(*ErrDelegator); ehOk && current == h { ++ // Do not assign to the delegate of the default ErrDelegator to be ++ // itself. ++ log.Print(errors.New("no ErrorHandler delegate configured"), " ErrorHandler remains its current value.") ++ return ++ } ++ } ++ ++ delegateErrorHandlerOnce.Do(func() { ++ if def, ok := current.(*ErrDelegator); ok { ++ def.setDelegate(h) ++ } ++ }) ++ globalErrorHandler.Store(errorHandlerHolder{eh: h}) ++} ++ ++func defaultErrorHandler() *atomic.Value { ++ v := &atomic.Value{} ++ v.Store(errorHandlerHolder{eh: &ErrDelegator{}}) ++ return v ++} +-- +2.45.4 + diff --git a/SPECS/etcd/etcd.spec b/SPECS/etcd/etcd.spec index 05cc59d7e27..fb0c2a5ea9a 100644 --- a/SPECS/etcd/etcd.spec +++ b/SPECS/etcd/etcd.spec @@ -3,7 +3,7 @@ Summary: A highly-available key value store for shared configuration Name: etcd Version: 3.5.28 -Release: 1%{?dist} +Release: 2%{?dist} License: ASL 2.0 Vendor: Microsoft Corporation Distribution: Azure Linux @@ -44,6 +44,7 @@ Source1: etcd.service # --pax-option=exthdr.name=%d/PaxHeaders/%f,delete=atime,delete=ctime \ # -cJf [tarball name] [folder to tar] Source2: %{name}-%{version}-vendor.tar.gz +Patch0: CVE-2026-29181.patch BuildRequires: golang >= 1.16 %description @@ -61,6 +62,7 @@ tools. %prep %autosetup -N -p1 +%patch 0 -p1 tar --no-same-owner -xf %{SOURCE2} %build @@ -145,6 +147,9 @@ install -vdm755 %{buildroot}%{_sharedstatedir}/etcd /%{_docdir}/%{name}-%{version}-tools/* %changelog +* Wed Apr 29 2026 Azure Linux Security Servicing Account - 3.5.28-2 +- Patch for CVE-2026-29181 + * Fri Mar 27 2026 Akarsh Chaudhary - 3.5.28-1 - Upgrade to version 3.5.28 (fixes CVE-2026-33413 and CVE-2026-33343).