Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

k3s/1.29.3-r1: cve remediation #16429

Merged
merged 2 commits into from
Apr 8, 2024
Merged

k3s/1.29.3-r1: cve remediation #16429

merged 2 commits into from
Apr 8, 2024

Conversation

octo-sts[bot]
Copy link
Contributor

@octo-sts octo-sts bot commented Apr 6, 2024

@octo-sts octo-sts bot added the automated pr label Apr 6, 2024
@hectorj2f hectorj2f force-pushed the cve-k3s-c4ff05ac72c4d493113012337fcfc6e1 branch 2 times, most recently from 3878978 to 96be1ea Compare April 7, 2024 21:46
@hectorj2f
fix: dependency bumps
ed36eba 
Signed-off-by: hectorj2f <[email protected]>
@hectorj2f hectorj2f force-pushed the cve-k3s-c4ff05ac72c4d493113012337fcfc6e1 branch from 96be1ea to ed36eba Compare April 7, 2024 21:48
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Apr 7, 2024

Package k3s: Click to expand/collapse

Package k3s:
Modified: /bin/_k3s-inner
Modified: /bin/k3s

Package k3s-images: Click to expand/collapse

Package k3s-images:
Modified: /var/lib/rancher/k3s/agent/images/k3s-airgap-images-amd64.tar

bincapz found differences: Click to expand/collapse

Changed: k3s/bin/k3s

RISK KEY DESCRIPTION
+2/MEDIUM kernel/apparmor apparmor
+2/MEDIUM process/chdir changes current working directory: "cd yO"
+1/LOW kernel/seccomp operate on Secure Computing state of the process

Changed: k3s/bin/_k3s-inner

RISK KEY DESCRIPTION
-2/MEDIUM net/vnc vnc user
+2/MEDIUM process/chdir changes current working directory: "cd"

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Apr 7, 2024

Package k3s: Click to expand/collapse

Package k3s:
Modified: /bin/_k3s-inner
Modified: /bin/k3s

Package k3s-images: Click to expand/collapse

Package k3s-images:
Modified: /var/lib/rancher/k3s/agent/images/k3s-airgap-images-amd64.tar

bincapz found differences: Click to expand/collapse

Changed: k3s/bin/k3s

RISK KEY DESCRIPTION
+2/MEDIUM kernel/apparmor apparmor
+2/MEDIUM net/bpf bPF (Berkeley Packet Filter)
+1/LOW kernel/seccomp operate on Secure Computing state of the process

Changed: k3s/bin/_k3s-inner

RISK KEY DESCRIPTION
-2/MEDIUM net/vnc vnc user
+2/MEDIUM process/chdir changes current working directory: "cd"

vaikas
vaikas reviewed Apr 8, 2024
View reviewed changes
Copy link
Member

@vaikas vaikas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just curious if we need something else in our gobump so that we wouldn't need to do both bump, and patch the go files too. Having the patch file, I would assume will be harder to know when / how to remove old patches?

@debasishbsws debasishbsws merged commit ea744d5 into main Apr 8, 2024
8 checks passed
@debasishbsws debasishbsws deleted the cve-k3s-c4ff05ac72c4d493113012337fcfc6e1 branch April 8, 2024 07:07
@hectorj2f
Copy link
Member

@vaikas The patch is used whenever we need to make some code changes. We could remove go.mod/sum files from the patch. However whenever there is an update, gobump unnecessary changes will be wiped out from the definition.

Regarding the patch, I am sure our update bot does not check if it is needed anymore.

@vaikas
Copy link
Member

vaikas commented Apr 9, 2024

Yeah, that makes sense about the code changes, and I was indeed only wondering about the go.sum/go.mod patches.

This was referenced Nov 21, 2024
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@vaikas vaikas vaikas left review comments

@debasishbsws debasishbsws debasishbsws approved these changes

Assignees
No one assigned
Labels
automated pr
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@hectorj2f @vaikas @debasishbsws