Update Expr to v1.17.7

- Addresses CVE-2025-68156 - Resolves: RHEL-136443
Version bump to 0.135.0
2025-12-17 10:31:13 +00:00 · 2025-10-08 10:38:37 +01:00 · 2025-08-11 17:01:43 +01:00 · 2025-08-11 15:02:48 +01:00 · 2025-06-13 09:58:11 +01:00 · 2025-03-26 15:46:36 +00:00
4 changed files with 115 additions and 29 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1,5 @@
 /opentelemetry-collector-0.102.1.tar.gz
+/opentelemetry-collector-0.107.0.tar.gz
+/redhat-opentelemetry-collector-0.107.0.tar.gz
+/redhat-opentelemetry-collector-0.127.0.tar.gz
+/redhat-opentelemetry-collector-0.135.0.tar.gz
--- a/99
+++ b/99
@ -0,0 +1,99 @@
+* Tue Jun 10 2025 Kseniia Nivnia <knivnia@redhat.com> - 0.127.0-1
+- Collector version update
+- Go version update to v1.23.9
+- Update addresses CVE-2025-22871
+  Resolves: RHEL-90009
+
+* Tue Mar 25 2025 Conor Cowman <ccowman@redhat.com> - 0.107.0-9
+- Bump revision
+- Update golang-jwt v5.2.1 to v5.2.2
+- Update addresses CVE-2025-30204
+  Resolves: RHEL-85035
+
+* Wed Mar 19 2025 Conor Cowman <ccowman@redhat.com> - 0.107.0-8
+- Bump revision
+- Update go-jose v4.0.2 to v4.0.5
+- Update testify v1.9.0 to v1.10.0
+- Update addresses CVE-2025-27144
+  Resolves: RHEL-84160
+
+* Wed Mar 19 2025 Conor Cowman <ccowman@redhat.com> - 0.107.0-7
+- Bump revision
+- Update expr v1.16.9 to v1.17.0
+- Update addresses CVE-2025-29786
+  Resolves: RHEL-84153
+
+* Tue Mar 18 2025 Conor Cowman <ccowman@redhat.com> - 0.107.0-6
+- Bump revision
+- Update Golang v1.22.11 to v1.23.0
+- Update x/oauth2 v0.22.0 to v0.27.0
+- Update addresses CVE-2025-22868
+  Resolves: RHEL-84025
+
+* Mon Mar 03 2025 Conor Cowman <ccowman@redhat.com> - 0.107.0-5
+- Bump revision
+- Add runtime requirements for shadow-utils and util-linux to ensure successful creation of observability user on installation
+- Modify pre-uninstallation stage to only delete delete the observability user on full uninstallation to prevent the user being deleted during upgrades
+  Resolves: RHEL-76915
+
+* Wed Feb 12 2025 Conor Cowman <ccowman@redhat.com> - 0.107.0-4
+- Bump revision
+- Fix reversion of previous dependency updates post golang update
+  Resolves: RHEL-79109
+
+* Tue Feb 11 2025 Conor Cowman <ccowman@redhat.com> - 0.107.0-3
+- Bump revision
+- Update tarball golang from 1.21.0 to 1.22.11
+- Update addresses CVE-2024-45336
+  Resolves: RHEL-78944
+
+* Fri Feb 07 2025 Conor Cowman <ccowman@redhat.com> - 0.107.0-2
+- Bump revision
+- Update tarball name to match upstream
+- Upgrade the following tarball dependencies:
+- x/sys v0.23.0 to v0.29.0
+- x/crypto v0.26.0 to v0.32.0
+- x/net v0.28.0 to v0.33.0
+- x/sync v0.8.0 to v0.10.0
+- x/term v0.23.0 to v0.28.0
+- x/text v0.17.0 to v0.21.0
+- Update addresses the following CVEs:
+- CVE-2024-45338
+- CVE-2024-45337
+  Resolves: RHEL-78346
+
+* Thu Nov 28 2024 Felix Kolwa <fkolwa@redhat.com> - 0.107.0-1
+- Version bump to 0.107.0
+- Reset release to 1
+- Update addresses the following CVEs:
+- CVE-2024-34155
+- CVE-2024-34156
+- CVE-2024-42368
+
+* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 0.102.1-6
+- Bump release for October 2024 mass rebuild:
+  Resolves: RHEL-64018
+
+* Mon Sep 09 2024 Major Hayden <major@redhat.com> - 0.102.1-5
+- Rebuilt for C10S/RHEL 10
+
+* Mon Aug 19 2024 Felix Kolwa <fkolwa@redhat.com> - 0.102.1-4
+- include aarch64 build target
+* Thu Aug 01 2024 Benedikt Bongartz <bongartz@redhat.com> - 0.102.1-3
+- Add default selinux policy for journald receiver
+- Bump revision
+* Wed Jul 24 2024 Benedikt Bongartz <bongartz@redhat.com> - 0.102.1-2
+- spec: strip go binary
+* Tue Jul 16 2024 Benedikt Bongartz <bongartz@redhat.com> - 0.102.1-1
+- rpm: trim date (#89) (Ben B)
+- Add transform processor (#88) (Ruben Vargas)
+* Fri Jun 28 2024 Benedikt Bongartz <bongartz@redhat.com> - 0.102.1
+- move microshift specifics into another rpm
+- bump collector version to 0.102.0
+* Fri Apr 12 2024 Benedikt Bongartz <bongartz@redhat.com> - 0.95.0
+- add observability user that is part of the systemd-journal group
+- add opentelemetry collector config folder (`/etc/opentelemetry-collector/configs`)
+- add opentelemetry collector default config
+- add microshift manifests
+* Thu Feb 1 21:59:10 CET 2024 Nina Olear <nolear@redhat.com> - 0.93.4
+- First package for Copr
--- a/opentelemetry-collector.spec
+++ b/opentelemetry-collector.spec
@ -1,6 +1,6 @@
 %global goipath         github.com/os-observability/redhat-opentelemetry-collector

-Version:                0.102.1
+Version:                0.135.0
 ExcludeArch:            %{ix86} s390 ppc ppc64

 %gometa
@ -12,21 +12,24 @@ Collector with the supported components for a Red Hat build of OpenTelemetry}
 %global godocs        README.md

 Name:           opentelemetry-collector
-Release:        5%{?dist}
+Release:        %autorelease
 Summary:        Red Hat build of OpenTelemetry

 License:        Apache-2.0

-Source0:        %{name}-%{version}.tar.gz
+Source0:        redhat-%{name}-%{version}.tar.gz
 Source1:        otel_collector_journald.te

 BuildRequires: systemd
 BuildRequires: %{?go_compiler:compiler(go-compiler)}%{!?go_compiler:golang}
 BuildRequires: binutils
 BuildRequires: git
-BuildRequires:  policycoreutils, checkpolicy, selinux-policy-devel
+BuildRequires: policycoreutils, checkpolicy, selinux-policy-devel

+Requires(pre): shadow-utils
+Requires(pre): util-linux
 Requires(pre): /usr/sbin/useradd, /usr/bin/getent
+Requires(pre): group(systemd-journal)
 Requires(postun): /usr/sbin/userdel

 %description
@ -69,7 +72,9 @@ install -m 0755 -p ./opentelemetry-collector-with-options %{buildroot}%{_bindir}
 /usr/bin/getent passwd observability > /dev/null || /usr/sbin/useradd -r -M -s /sbin/nologin -g observability -G systemd-journal observability

 %postun
-/usr/sbin/userdel observability
+if [ $1 -eq 0 ]; then
+    /usr/sbin/userdel observability
+fi

 %post
 semodule -i %{_datadir}/selinux/packages/otel_collector_journald.pp
@ -102,26 +107,4 @@ fi
 %{_bindir}/*

 %changelog
-* Mon Sep 09 2024 Major Hayden <major@redhat.com> - 0.102.1-5
- Rebuilt for C10S/RHEL 10
-
-* Mon Aug 19 2024 Felix Kolwa <fkolwa@redhat.com> - 0.102.1-4
- include aarch64 build target
-* Thu Aug 01 2024 Benedikt Bongartz <bongartz@redhat.com> - 0.102.1-3
- Add default selinux policy for journald receiver
- Bump revision
-* Wed Jul 24 2024 Benedikt Bongartz <bongartz@redhat.com> - 0.102.1-2
- spec: strip go binary
-* Tue Jul 16 2024 Benedikt Bongartz <bongartz@redhat.com> - 0.102.1-1
- rpm: trim date (#89) (Ben B)
- Add transform processor (#88) (Ruben Vargas)
-* Fri Jun 28 2024 Benedikt Bongartz <bongartz@redhat.com> - 0.102.1
- move microshift specifics into another rpm
- bump collector version to 0.102.0
-* Fri Apr 12 2024 Benedikt Bongartz <bongartz@redhat.com> - 0.95.0
- add observability user that is part of the systemd-journal group
- add opentelemetry collector config folder (`/etc/opentelemetry-collector/configs`)
- add opentelemetry collector default config
- add microshift manifests
-* Thu Feb 1 21:59:10 CET 2024 Nina Olear <nolear@redhat.com> - 0.93.4
- First package for Copr
+%autochangelog
--- a/2
+++ b/2
@ -1 +1 @@
-SHA512 (opentelemetry-collector-0.102.1.tar.gz) = 0bad66a38ed7fecd38457191961bbf49075b0ffe4848b46ce56e967389046dfba8ada9a911535822078d90a4ddd2e0a32979f2554bddcf20727984d0fc5b2e03
+SHA512 (redhat-opentelemetry-collector-0.135.0.tar.gz) = d370f6a156848e527001b2a3f404ea63fdfd9f563f6d51cdc90fc42c9643b7fcb9fd7fa71cceeb3bf44f970f4d26958db54c24832700047a9e2e9237b5a2bd43
Author	SHA1	Message	Date
Kseniia Nivnia	03a7f3d833	Update Expr to v1.17.7 - Addresses CVE-2025-68156 - Resolves: RHEL-136443	2025-12-17 10:31:13 +00:00
Kseniia Nivnia	ff74052b23	Version bump to 0.135.0 Add systemd-journal group to Requires Bump go-tpm-keyfiles Resolves: RHEL-119363 Signed-off-by: Kseniia Nivnia <knivnia@redhat.com>	2025-10-08 10:38:37 +01:00
Kseniia Nivnia	30f3e2943a	Go version update to v1.24.4 Update addresses CVE-2025-4673 Resolves: RHEL-105054 Signed-off-by: Kseniia Nivnia <knivnia@redhat.com>	2025-08-11 17:01:43 +01:00
Kseniia Nivnia	1f182238ed	Convert to %autorelease and %autochangelog Resolves: RHEL-108612 [skip changelog]	2025-08-11 15:02:48 +01:00
Kseniia Nivnia	2e3da9a81b	Version bump to 0.127.0 Update version to v0.127.0 Update Go version to v1.23.9 to address CVE-2025-22871 Resolves: RHEL-90009 Signed-off-by: Kseniia Nivnia <knivnia@redhat.com>	2025-06-13 09:58:11 +01:00
ccowman	b7e1c80bb7	Update golang-jwt v5.2.1 to v5.2.2 Update golang-jwt from v5.2.1 to v5.2.2 to resolve CVE-2025-30204 Signed-off-by: ccowman <ccowman@redhat.com>	2025-03-26 15:46:36 +00:00
ccowman	2f332f80d7	Update go-jose and testify Update go-jose v4.0.2 to v4.0.5 and testify v1.9.0 to v1.10.0 to address CVE-2025-27144 Resolves: RHEL-84160 Signed-off-by: ccowman <ccowman@redhat.com>	2025-03-19 17:42:50 +00:00
ccowman	f240cfdda7	Update Expr Parser to v1.17.0 Update Expr Parser v1.16.9 to v1.17.0 to address CVE-2025-29786 Resolves: RHEL-84153 Signed-off-by: ccowman <ccowman@redhat.com>	2025-03-19 17:25:19 +00:00
ccowman	2d37c8cf87	Update x/oauth and golang Update golang from v1.22.11 to v1.23 and x/oauth from v0.22.0 to v0.27.0 to resolve CVE-2025-22868 Resolves: RHEL-84025 Signed-off-by: ccowman <ccowman@redhat.com>	2025-03-18 19:12:29 +00:00
ccowman	5f3eb3ff51	Stop deleting observability user during upgrades Adjust the pre-uninstallation phase so that the observability user is only deleted during full uninstallation. This prevents the user from being deleted during upgrades and ensures the service contines to work as intended after a major rhel upgrade. Also add precautionary runtime requirements for shadow-utils and util-linux as both are required for the creation of the observability user. Resolves: RHEL-76915 Signed-off-by: ccowman <ccowman@redhat.com>	2025-03-03 12:49:08 +00:00
ccowman	9585a06293	Fix reversion of previous dependency updates Bump revision and fix reversion of previous dependency updates post golang update Resolves: RHEL-79109 Signed-off-by: ccowman <ccowman@redhat.com>	2025-02-12 21:52:07 +00:00
ccowman	5872d63a39	Bump revision and update go version Bump revision and update golang version in tarball from 1.21.0 to 1.22.11 to fix net/http CVE-2024-45336 and fix specified dependency versions in changelog entry Resolves: RHEL-78944 Signed-off-by: ccowman <ccowman@redhat.com>	2025-02-11 21:55:39 +00:00
ccowman	cb916d3ad7	Bump revision and update tarball dependencies Fixes CVE-2024-45338 and CVE-2024-45337 Resolves: RHEL-78346 Signed-off-by: ccowman <ccowman@redhat.com>	2025-02-07 14:16:55 +00:00
Felix Kolwa	11c18c1380	Version bump to 0.107.0 Resolves: RHEL-58094	2024-11-29 10:36:45 +01:00
Troy Dawson	e51a722f54	Bump release for October 2024 mass rebuild: Resolves: RHEL-64018	2024-10-29 08:53:12 -07:00