This commit adds a script to sync the version present in .go-version
across all go.mod files as the toolchain directive. As part of that,
this commit also modifies go.mod files that did not have synced toolchain
directives.
Additionally, this also adds a script to verify all toolchain and go
directives against the version present in .go-version as follows:
(1) The go directive <= version in .go-version
(2) The toolchain directive == version in .go-version
This script runs as part of the `make verify` target, making it run
as a presbumit by default.
Signed-off-by: Madhav Jivrajani <madhav.jiv@gmail.com>
The last step with gRPC update behavior changes auditing to resolve CVE #16740 in 3.5
This PR backports #14922, #16338, #16587, #16630, #16636 and #16739 to release-3.5.
Signed-off-by: Chao Chen <chaochn@amazon.com>
Run `scripts/genproto.sh --skip-protodoc` and checkout
server/wal/walpb/record.pb.go because we still use go.etcd.io/etcd/raft/v3
instead of go.etcd.io/raft/v3.
Before
```
➜ etcd git:(release-3.5) etcdctl put foo bar
OK
➜ etcd git:(release-3.5) etcdctl get -w json foo
{"header":{"cluster_id":14841639068965178418,"member_id":10276657743932975437,"revision":2,"raft_term":2},"kvs":[{"key":"Zm9v","create_revision":2,"mod_revision":2,"version":1,"value":"YmFy"}],"count":1}
➜ etcd git:(release-3.5) etcdctl compact 2
compacted revision 2
➜ etcd git:(release-3.5) http_proxy= curl -L http://127.0.0.1:2379/v3/maintenance/hashkv -X POST -d '{"revsion":2}'
Not Found
```
After
```bash
➜ etcd git:(bp-16464) http_proxy= curl -L http://127.0.0.1:2379/v3/maintenance/hashkv -X POST -d '{"revsion":2}'
{"header":{"cluster_id":"14841639068965178418","member_id":"10276657743932975437","revision":"2","raft_term":"3"},"hash":3305255506,"compact_revision":"2"}%
```
Signed-off-by: Wei Fu <fuweid89@gmail.com>
When etcdserver receives a LeaseRenew request, it may be still in
progress of processing the LeaseGrantRequest on exact the same
leaseID. Accordingly it may return a TTL=0 to client due to the
leaseID not found error. So the leader should wait for the appliedID
to be available before processing client requests.
Prevent etcd from crashing when given a bad grant payload, e.g.:
$ curl -d '{"name": "foo"}' http://localhost:2379/v3/auth/role/add
{"header":{"cluster_id":"14841639068965178418", ...
$ curl -d '{"name": "foo"}' http://localhost:2379/v3/auth/role/grant
curl: (52) Empty reply from server
Signed-off-by: Gyuho Lee <leegyuho@amazon.com>
