Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[release-2.8] CVE-2023-3089 Fix #239

Merged
merged 3 commits into from
Jul 6, 2023
Merged

[release-2.8] CVE-2023-3089 Fix #239

merged 3 commits into from
Jul 6, 2023

Conversation

mprahl
Copy link
Contributor

@mprahl mprahl commented Jul 6, 2023
edited
Loading

This also cherry-picks the commit that fixes in CI by using the ocm repo instead of the registration-operator repo for setting up the testing environment.

@mprahl mprahl requested a review from dhaiducek July 6, 2023 14:29
@mprahl
Copy link
Contributor Author

mprahl commented Jul 6, 2023

/cherry-pick release-2.7

@openshift-cherrypick-robot
Copy link

@mprahl: once the present PR merges, I will cherry-pick it on top of release-2.7 in a new PR and assign it to you.

In response to this:

/cherry-pick release-2.7

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@mprahl
Copy link
Contributor Author

mprahl commented Jul 6, 2023

/cherry-pick release-2.6

@openshift-cherrypick-robot
Copy link

@mprahl: once the present PR merges, I will cherry-pick it on top of release-2.6 in a new PR and assign it to you.

In response to this:

/cherry-pick release-2.6

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

dhaiducek
dhaiducek previously approved these changes Jul 6, 2023
View reviewed changes
Copy link
Contributor

@dhaiducek dhaiducek left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cherry-pick of:

@openshift-ci openshift-ci bot added the lgtm label Jul 6, 2023
@mprahl
Use the ocm repo instead of the registration-operator
175b7fb 
The registration-operator repo was consolidated into the ocm repo, so
the Makefile targets used for our CI no longer worked.

Signed-off-by: mprahl <mprahl@users.noreply.github.com>
(cherry picked from commit fe87533ab76b30818ebe2e76ad6219699c2966ad)
(cherry picked from commit bc6b981)
@mprahl
Stop explicitly disabling CGO
35c55a4 
The image used to build the binary had to be changed so that the glibc
versions matched.

Addresses CVE-2023-3089

Signed-off-by: mprahl <mprahl@users.noreply.github.com>
(cherry picked from commit aacdb399f1203935c5bc605e021a918d10fc2852)
@mprahl
Stop statically compiling the binary
03d4102 
Addresses CVE-2023-3089

Signed-off-by: mprahl <mprahl@users.noreply.github.com>
(cherry picked from commit 0baaf579af2d763a527787fa4b90a6ee143d30d8)
@openshift-ci openshift-ci bot removed the lgtm label Jul 6, 2023
@mprahl mprahl requested a review from dhaiducek July 6, 2023 15:04
@openshift-ci openshift-ci bot added the lgtm label Jul 6, 2023
@openshift-ci
Copy link

openshift-ci bot commented Jul 6, 2023

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: dhaiducek, mprahl

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@sonarcloud
Copy link

sonarcloud bot commented Jul 6, 2023

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
No Duplication information No Duplication information

@openshift-merge-robot openshift-merge-robot merged commit 7e24ba2 into stolostron:release-2.8 Jul 6, 2023
@openshift-cherrypick-robot
Copy link

@mprahl: #239 failed to apply on top of branch "release-2.6":

Applying: Use the ocm repo instead of the registration-operator
Using index info to reconstruct a base tree...
M	Makefile
M	build/manage-clusters.sh
Falling back to patching base and 3-way merge...
Auto-merging build/manage-clusters.sh
Auto-merging Makefile
CONFLICT (content): Merge conflict in Makefile
error: Failed to merge in the changes.
hint: Use 'git am --show-current-patch=diff' to see the failed patch
Patch failed at 0001 Use the ocm repo instead of the registration-operator
When you have resolved this problem, run "git am --continue".
If you prefer to skip this patch, run "git am --skip" instead.
To restore the original branch and stop patching, run "git am --abort".

In response to this:

/cherry-pick release-2.6

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-cherrypick-robot
Copy link

@mprahl: #239 failed to apply on top of branch "release-2.7":

Applying: Use the ocm repo instead of the registration-operator
Using index info to reconstruct a base tree...
M	Makefile
M	build/manage-clusters.sh
Falling back to patching base and 3-way merge...
Auto-merging build/manage-clusters.sh
Auto-merging Makefile
CONFLICT (content): Merge conflict in Makefile
error: Failed to merge in the changes.
hint: Use 'git am --show-current-patch=diff' to see the failed patch
Patch failed at 0001 Use the ocm repo instead of the registration-operator
When you have resolved this problem, run "git am --continue".
If you prefer to skip this patch, run "git am --skip" instead.
To restore the original branch and stop patching, run "git am --abort".

In response to this:

/cherry-pick release-2.7

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

This was referenced Jul 6, 2023
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dhaiducek dhaiducek dhaiducek approved these changes

Assignees

@dhaiducek dhaiducek

Labels
approved dco-signoff: yes lgtm
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@mprahl @openshift-cherrypick-robot @dhaiducek @openshift-merge-robot