[AutoPR- Security] Patch etcd for CVE-2026-29181 [MEDIUM]

SPECS/etcd/CVE-2026-29181.patch

@@ -0,0 +1,117 @@
+From 8c7a681ebfbcd7ab85c3c49aeb31de1c76db344a Mon Sep 17 00:00:00 2001
+From: AllSpark <allspark@microsoft.com>
+Date: Wed, 29 Apr 2026 09:44:12 +0000
+Subject: [PATCH] internal/errorhandler: add global error handler delegator
+
+Signed-off-by: Azure Linux Security Servicing Account <azurelinux-security@microsoft.com>
+Upstream-reference: AI Backport of https://github.com/open-telemetry/opentelemetry-go/commit/aa1894e09e3fe66860c7885cb40f98901b35277f.patch
+---
+ internal/errorhandler/errorhandler.go | 96 +++++++++++++++++++++++++++
+ 1 file changed, 96 insertions(+)
+ create mode 100644 internal/errorhandler/errorhandler.go
+
+diff --git a/internal/errorhandler/errorhandler.go b/internal/errorhandler/errorhandler.go
+new file mode 100644
+index 0000000..3f0ab31
+--- /dev/null
++++ b/internal/errorhandler/errorhandler.go
+@@ -0,0 +1,96 @@
++// Copyright The OpenTelemetry Authors
++// SPDX-License-Identifier: Apache-2.0
++
++// Package errorhandler provides the global error handler for OpenTelemetry.
++//
++// This package has no OTel dependencies, allowing it to be imported by any
++// package in the module without creating import cycles.
++package errorhandler // import "go.opentelemetry.io/otel/internal/errorhandler"
++
++import (
++	"errors"
++	"log"
++	"sync"
++	"sync/atomic"
++)
++
++// ErrorHandler handles irremediable events.
++type ErrorHandler interface {
++	// Handle handles any error deemed irremediable by an OpenTelemetry
++	// component.
++	Handle(error)
++}
++
++type ErrDelegator struct {
++	delegate atomic.Pointer[ErrorHandler]
++}
++
++// Compile-time check that delegator implements ErrorHandler.
++var _ ErrorHandler = (*ErrDelegator)(nil)
++
++func (d *ErrDelegator) Handle(err error) {
++	if eh := d.delegate.Load(); eh != nil {
++		(*eh).Handle(err)
++		return
++	}
++	log.Print(err)
++}
++
++// setDelegate sets the ErrorHandler delegate.
++func (d *ErrDelegator) setDelegate(eh ErrorHandler) {
++	d.delegate.Store(&eh)
++}
++
++type errorHandlerHolder struct {
++	eh ErrorHandler
++}
++
++var (
++	globalErrorHandler       = defaultErrorHandler()
++	delegateErrorHandlerOnce sync.Once
++)
++
++// GetErrorHandler returns the global ErrorHandler instance.
++//
++// The default ErrorHandler instance returned will log all errors to STDERR
++// until an override ErrorHandler is set with SetErrorHandler. All
++// ErrorHandler returned prior to this will automatically forward errors to
++// the set instance instead of logging.
++//
++// Subsequent calls to SetErrorHandler after the first will not forward errors
++// to the new ErrorHandler for prior returned instances.
++func GetErrorHandler() ErrorHandler {
++	return globalErrorHandler.Load().(errorHandlerHolder).eh
++}
++
++// SetErrorHandler sets the global ErrorHandler to h.
++//
++// The first time this is called all ErrorHandler previously returned from
++// GetErrorHandler will send errors to h instead of the default logging
++// ErrorHandler. Subsequent calls will set the global ErrorHandler, but not
++// delegate errors to h.
++func SetErrorHandler(h ErrorHandler) {
++	current := GetErrorHandler()
++
++	if _, cOk := current.(*ErrDelegator); cOk {
++		if _, ehOk := h.(*ErrDelegator); ehOk && current == h {
++			// Do not assign to the delegate of the default ErrDelegator to be
++			// itself.
++			log.Print(errors.New("no ErrorHandler delegate configured"), " ErrorHandler remains its current value.")
++			return
++		}
++	}
++
++	delegateErrorHandlerOnce.Do(func() {
++		if def, ok := current.(*ErrDelegator); ok {
++			def.setDelegate(h)
++		}
++	})
++	globalErrorHandler.Store(errorHandlerHolder{eh: h})
++}
++
++func defaultErrorHandler() *atomic.Value {
++	v := &atomic.Value{}
++	v.Store(errorHandlerHolder{eh: &ErrDelegator{}})
++	return v
++}
+-- 
+2.45.4
+

SPECS/etcd/etcd.spec

@@ -3,7 +3,7 @@
 Summary:        A highly-available key value store for shared configuration
 Name:           etcd
 Version:        3.5.28
-Release:        1%{?dist}
+Release:        2%{?dist}
 License:        ASL 2.0
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -44,6 +44,7 @@ Source1:        etcd.service
 #             --pax-option=exthdr.name=%d/PaxHeaders/%f,delete=atime,delete=ctime \
 #             -cJf [tarball name] [folder to tar]
 Source2:        %{name}-%{version}-vendor.tar.gz
+Patch0:         CVE-2026-29181.patch
 BuildRequires:  golang >= 1.16
 
 %description
@@ -61,6 +62,7 @@ tools.
 
 %prep
 %autosetup -N -p1
+%patch 0 -p1
 tar --no-same-owner -xf %{SOURCE2}
 
 %build
@@ -145,6 +147,9 @@ install -vdm755 %{buildroot}%{_sharedstatedir}/etcd
 /%{_docdir}/%{name}-%{version}-tools/*
 
 %changelog
+* Wed Apr 29 2026 Azure Linux Security Servicing Account <azurelinux-security@microsoft.com> - 3.5.28-2
+- Patch for CVE-2026-29181
+
 
 * Fri Mar 27 2026 Akarsh Chaudhary <v-akarshc@microsoft.com> - 3.5.28-1
 - Upgrade to version 3.5.28 (fixes CVE-2026-33413 and CVE-2026-33343).