Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump protobuf to v1.3.2 #606

Merged
merged 1 commit into from
Feb 18, 2021
Merged

Bump protobuf to v1.3.2 #606

merged 1 commit into from
Feb 18, 2021

Conversation

dougbtv
Copy link
Member

@dougbtv dougbtv commented Feb 5, 2021
edited
Loading

Update gogo/protobuf to v1.3.2 to fix https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3121. The related k8s fix is here: kubernetes/kubernetes#98477

Also bumps libcni to v0.8.1

@coveralls
Copy link

coveralls commented Feb 5, 2021
edited
Loading

Pull Request Test Coverage Report for Build 578746776

  • 0 of 0 changed or added relevant lines in 0 files are covered.
  • No unchanged relevant lines lost coverage.
  • Overall coverage remained the same at 70.694%
Totals Coverage Status
Change from base Build 578446768: 0.0%
Covered Lines: 1141
Relevant Lines: 1614
💛 - Coveralls

@s1061123
Copy link
Member

s1061123 commented Feb 7, 2021
edited
Loading

Why the test failed??? Let me check it offline...
https://github.com/intel/multus-cni/pull/606/checks?check_run_id=1841681814#step:10:78

fedepaol
fedepaol reviewed Feb 10, 2021
View reviewed changes
go.mod Outdated
github.com/containernetworking/plugins v0.8.2
github.com/gogo/protobuf v1.3.2 // indirect
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think with this only we won't cover indirect deps.
If you look at go.sum, there are still older version used. To always use 1.3.2 you need to use the replace directive

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, right. As far as I checked k8s repo, master or v1.21.0-alpha.3 only fixes the protobuf isssue.

kubernetes/kubernetes@4d3ed16

That is what I know of, for now.

  • Currently multus uses kubernetes v1.13.0 library (which contains kubelet/api/podresources/v1alpha1)
  • To update protobuf we need to update v1.21.0-alpha.3 or later (or wait for bugfix version...)
  • v1.21.0-alpha.3 does not have kubelet/api/podresources/v1alpha1, so multus build is failed

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So we may need to stop support old sr-iov feature (kubelet)...

@dougbtv dougbtv force-pushed the bump-protobuf branch 2 times, most recently from b819596 to fe9f9c4 Compare February 18, 2021 16:13
@s1061123
Copy link
Member

Looks good to me, thanks! Please merge it!

@dougbtv dougbtv merged commit a0d292a into k8snetworkplumbingwg:master Feb 18, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@s1061123 s1061123 s1061123 left review comments

@fedepaol fedepaol fedepaol left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@dougbtv @coveralls @s1061123 @fedepaol