-
Notifications
You must be signed in to change notification settings - Fork 234
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
percona-server-8.4/8.4.0.1 package update #30143
Conversation
Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com>
Open AI suggestions to solve the build error:
|
…ion'. Additionally, expands melange tests Signed-off-by: Mark McCormick <mark.mccormick@chainguard.dev>
Package percona-server-8.4: Click to expand/collapsePackage percona-server-8.4: Package percona-server-8.4-dev: Click to expand/collapsePackage percona-server-8.4-dev: Package percona-server-8.4-oci-entrypoint: Click to expand/collapsePackage percona-server-8.4-oci-entrypoint: malcontent found differences: Click to expand/collapseDeleted: percona-server-8.4/var/lib/db/sbom/percona-server-8.4-8.4.0-r0.spdx.json [
|
RISK | KEY | DESCRIPTION | EVIDENCE |
---|---|---|---|
-MEDIUM | net/download | download files | downloadLocation |
-LOW | ref/site/url | contains embedded HTTPS URLs | https://spdx.org/spdxdocs/chainguard/melange/96933d7a3deebd5b2adae193e400 |
Deleted: percona-server-8.4-oci-entrypoint/var/lib/db/sbom/percona-server-8.4-oci-entrypoint-8.4.0-r0.spdx.json [⚠️ MEDIUM]
RISK | KEY | DESCRIPTION | EVIDENCE |
---|---|---|---|
-MEDIUM | net/download | download files | downloadLocation |
-LOW | ref/site/url | contains embedded HTTPS URLs | https://spdx.org/spdxdocs/chainguard/melange/a7b15687e7efee82005e2d5f014d |
Added: percona-server-8.4-oci-entrypoint/var/lib/db/sbom/percona-server-8.4-oci-entrypoint-8.4.0.1-r0.spdx.json [⚠️ MEDIUM]
RISK | KEY | DESCRIPTION | EVIDENCE |
---|---|---|---|
+MEDIUM | net/download | download files | downloadLocation |
+LOW | ref/site/url | contains embedded HTTPS URLs | https://spdx.org/spdxdocs/chainguard/melange/8110bc6e0a7b6951386e1b7a81de |
Changed: /tmp/wolfictl-apk-2090257076/percona-server-8.4/usr/bin/ps-admin
Changed: /tmp/wolfictl-apk-2090257076/percona-server-8.4/usr/bin/mysqld_safe
Changed: /tmp/wolfictl-apk-2090257076/percona-server-8.4/usr/bin/mysqld
Changed: /tmp/wolfictl-apk-2090257076/percona-server-8.4/usr/lib/percona-server-8.4/plugin/ha_rocksdb.so
Changed: /tmp/wolfictl-apk-2090257076/percona-server-8.4-dev/usr/include/kmip.h
Moved: percona-server-8.4-dev/var/lib/db/sbom/percona-server-8.4-dev-8.4.0-r0.spdx.json -> /tmp/wolfictl-apk-2090257076/percona-server-8.4/var/lib/db/sbom/percona-server-8.4-8.4.0.1-r0.spdx.json (similarity: 0.93)
Moved: percona-server-8.4-dev/var/lib/db/sbom/percona-server-8.4-dev-8.4.0-r0.spdx.json -> /tmp/wolfictl-apk-2090257076/percona-server-8.4-dev/var/lib/db/sbom/percona-server-8.4-dev-8.4.0.1-r0.spdx.json (similarity: 0.99)
Open AI suggestions to solve the build error:
|
Signed-off-by: Mark McCormick <mark.mccormick@chainguard.dev>
Open AI suggestions to solve the build error:
|
Signed-off-by: Mark McCormick <mark.mccormick@chainguard.dev>
Package percona-server-8.4: Click to expand/collapsePackage percona-server-8.4: Package percona-server-8.4-dev: Click to expand/collapsePackage percona-server-8.4-dev: Package percona-server-8.4-oci-entrypoint: Click to expand/collapsePackage percona-server-8.4-oci-entrypoint: malcontent found differences: Click to expand/collapseDeleted: percona-server-8.4-oci-entrypoint/var/lib/db/sbom/percona-server-8.4-oci-entrypoint-8.4.0-r0.spdx.json [
|
RISK | KEY | DESCRIPTION | EVIDENCE |
---|---|---|---|
-MEDIUM | net/download | download files | downloadLocation |
-LOW | ref/site/url | contains embedded HTTPS URLs | https://spdx.org/spdxdocs/chainguard/melange/a7b15687e7efee82005e2d5f014d |
Deleted: percona-server-8.4/var/lib/db/sbom/percona-server-8.4-8.4.0-r0.spdx.json [⚠️ MEDIUM]
RISK | KEY | DESCRIPTION | EVIDENCE |
---|---|---|---|
-MEDIUM | net/download | download files | downloadLocation |
-LOW | ref/site/url | contains embedded HTTPS URLs | https://spdx.org/spdxdocs/chainguard/melange/96933d7a3deebd5b2adae193e400 |
Added: percona-server-8.4-oci-entrypoint/var/lib/db/sbom/percona-server-8.4-oci-entrypoint-8.4.0.1-r0.spdx.json [⚠️ MEDIUM]
RISK | KEY | DESCRIPTION | EVIDENCE |
---|---|---|---|
+MEDIUM | net/download | download files | downloadLocation |
+LOW | ref/site/url | contains embedded HTTPS URLs | https://spdx.org/spdxdocs/chainguard/melange/8110bc6e0a7b6951386e1b7a81de |
Changed: /tmp/wolfictl-apk-404957323/percona-server-8.4/usr/lib/percona-server-8.4/plugin/ha_rocksdb.so
Changed: /tmp/wolfictl-apk-404957323/percona-server-8.4-dev/usr/include/kmip.h
Changed: /tmp/wolfictl-apk-404957323/percona-server-8.4/usr/bin/mysqld
Changed: /tmp/wolfictl-apk-404957323/percona-server-8.4/usr/bin/mysqld_safe
Changed: /tmp/wolfictl-apk-404957323/percona-server-8.4/usr/bin/ps-admin
Moved: percona-server-8.4-dev/var/lib/db/sbom/percona-server-8.4-dev-8.4.0-r0.spdx.json -> /tmp/wolfictl-apk-404957323/percona-server-8.4-dev/var/lib/db/sbom/percona-server-8.4-dev-8.4.0.1-r0.spdx.json (similarity: 0.99)
Moved: percona-server-8.4-dev/var/lib/db/sbom/percona-server-8.4-dev-8.4.0-r0.spdx.json -> /tmp/wolfictl-apk-404957323/percona-server-8.4/var/lib/db/sbom/percona-server-8.4-8.4.0.1-r0.spdx.json (similarity: 0.93)
Open AI suggestions to solve the build error:
|
The last part of the melange version number needs replaced with a dash before attempting a git clone. i.e 8.4.0.1 needs to be transformed back to 8.0.4-1. We had created 'vars.mangled-package-version' for this purpose, but we were not (yet) using it in the git clone. This addresses that. Additionally, expands the melange test coverage.
The CVEs look to be items we've recorded as false positives for percona-server v8.3 which we may need to copy over the advisories for - will do in separate PR.