Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[CVE-2023-45288] Update x/net for CVE-2023-45288 #124174

Merged
merged 1 commit into from Apr 4, 2024
Merged

[CVE-2023-45288] Update x/net for CVE-2023-45288 #124174

merged 1 commit into from Apr 4, 2024

Conversation

dims
Copy link
Member

@dims dims commented Apr 3, 2024
edited by MadhavJivrajani

Update x/net to pick up golang/net@ba87210

Note that this is not enough, we have to update to using go1.22.2 as well.

xref: #124173

What type of PR is this?

/kind bug

What this PR does / why we need it:

Which issue(s) this PR fixes:

Fixes #

Special notes for your reviewer:

Does this PR introduce a user-facing change?

golang.org/x/net is bumped to v0.23.0 to address CVE-2023-45288

Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.:

@k8s-ci-robot k8s-ci-robot added release-note-none Denotes a PR that doesn't merit a release note. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. kind/bug Categorizes issue or PR as related to a bug. labels Apr 3, 2024
@k8s-ci-robot
Copy link
Contributor

Please note that we're already in Test Freeze for the release-1.30 branch. This means every merged PR will be automatically fast-forwarded via the periodic ci-fast-forward job to the release branch of the upcoming v1.30.0 release.

Fast forwards are scheduled to happen every 6 hours, whereas the most recent run was: Wed Apr 3 02:18:49 UTC 2024.

@k8s-ci-robot k8s-ci-robot added cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. do-not-merge/needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. needs-priority Indicates a PR lacks a `priority/foo` label and requires one. labels Apr 3, 2024
@dims
Copy link
Member Author

dims commented Apr 3, 2024

/sig architecture

@k8s-ci-robot k8s-ci-robot added sig/architecture Categorizes an issue or PR as relevant to SIG Architecture. and removed do-not-merge/needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. labels Apr 3, 2024
@k8s-ci-robot k8s-ci-robot requested review from andrewsykim, bowei and a team April 3, 2024 20:39
@dims
Copy link
Member Author

dims commented Apr 3, 2024

/priority critical-urgent
/milestone v1.30

cc @kubernetes/release-managers

@k8s-ci-robot k8s-ci-robot added this to the v1.30 milestone Apr 3, 2024
@k8s-ci-robot k8s-ci-robot added priority/critical-urgent Highest priority. Must be actively worked on as someone's top priority right now. area/apiserver area/cloudprovider area/code-generation area/dependency Issues or PRs related to dependency changes area/kube-proxy area/kubectl area/kubelet sig/api-machinery Categorizes an issue or PR as relevant to SIG API Machinery. sig/auth Categorizes an issue or PR as relevant to SIG Auth. sig/cli Categorizes an issue or PR as relevant to SIG CLI. sig/cloud-provider Categorizes an issue or PR as relevant to SIG Cloud Provider. sig/cluster-lifecycle Categorizes an issue or PR as relevant to SIG Cluster Lifecycle. and removed needs-priority Indicates a PR lacks a `priority/foo` label and requires one. labels Apr 3, 2024
@liggitt
Copy link
Member

liggitt commented Apr 3, 2024

/lgtm
/approve
/milestone v1.30

will want to replay this on release branches as well to resolve the DOS CVE

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Apr 3, 2024
@k8s-ci-robot
Copy link
Contributor

LGTM label has been added.

Git tree hash: a20746e5c53729304eeb24c422c79bb48b0d2048

@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: dims, liggitt

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Apr 3, 2024
@liggitt
Copy link
Member

liggitt commented Apr 3, 2024

grr... needs hack/update-go-workspace.sh run ... go.work.sum is out of date

@k8s-triage-robot
Copy link

The Kubernetes project has merge-blocking tests that are currently too flaky to consistently pass.

This bot retests PRs for certain kubernetes repos according to the following rules:

  • The PR does have any do-not-merge/* labels
  • The PR does not have the needs-ok-to-test label
  • The PR is mergeable (does not have a needs-rebase label)
  • The PR is approved (has cncf-cla: yes, lgtm, approved labels)
  • The PR is failing tests required for merge

You can:

/retest

@dims
Update x/net for CVE-2023-45288
99fac38 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
@dims dims force-pushed the update-x/net-for-CVE-2023-45288 branch from 40e992e to 99fac38 Compare April 3, 2024 23:56
@k8s-ci-robot k8s-ci-robot removed the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Apr 3, 2024
@dims
Copy link
Member Author

dims commented Apr 3, 2024

grr... needs hack/update-go-workspace.sh run ... go.work.sum is out of date

had to run hack/update-codegen.sh ... pushed a fresh commit

@liggitt
Copy link
Member

liggitt commented Apr 4, 2024

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Apr 4, 2024
@k8s-ci-robot
Copy link
Contributor

LGTM label has been added.

Git tree hash: cbf83de658865062975396132f06ebbedada4e6b

@dims
Copy link
Member Author

dims commented Apr 4, 2024

/retest

@k8s-ci-robot k8s-ci-robot merged commit d9c54f6 into kubernetes:master Apr 4, 2024
20 checks passed
@MadhavJivrajani MadhavJivrajani changed the title Update x/net for CVE-2023-45288 [CVE-2023-45288] Update x/net for CVE-2023-45288 Apr 4, 2024
This was referenced Apr 4, 2024
Merged
Merged
Merged
@k8s-ci-robot k8s-ci-robot added release-note Denotes a PR that will be considered when it comes time to generate release notes. and removed release-note-none Denotes a PR that doesn't merit a release note. labels Apr 4, 2024
@MadhavJivrajani MadhavJivrajani mentioned this pull request Apr 5, 2024
Closed
11 tasks
@zouyee zouyee mentioned this pull request Apr 9, 2024
Closed
@cici37 cici37 added the triage/accepted Indicates an issue or PR is ready to be actively worked on. label Apr 11, 2024
@k8s-ci-robot k8s-ci-robot removed the needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. label Apr 11, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@andrewsykim andrewsykim Awaiting requested review from andrewsykim

@bowei bowei Awaiting requested review from bowei

@liggitt liggitt Awaiting requested review from liggitt

@thockin thockin Awaiting requested review from thockin

Assignees

@liggitt liggitt

@thockin thockin

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. area/apiserver area/cloudprovider area/code-generation area/dependency Issues or PRs related to dependency changes area/kube-proxy area/kubectl area/kubelet cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/bug Categorizes issue or PR as related to a bug. lgtm "Looks good to me", indicates that a PR is ready to be merged. priority/critical-urgent Highest priority. Must be actively worked on as someone's top priority right now. release-note Denotes a PR that will be considered when it comes time to generate release notes. sig/api-machinery Categorizes an issue or PR as relevant to SIG API Machinery. sig/architecture Categorizes an issue or PR as relevant to SIG Architecture. sig/auth Categorizes an issue or PR as relevant to SIG Auth. sig/cli Categorizes an issue or PR as relevant to SIG CLI. sig/cloud-provider Categorizes an issue or PR as relevant to SIG Cloud Provider. sig/cluster-lifecycle Categorizes an issue or PR as relevant to SIG Cluster Lifecycle. sig/instrumentation Categorizes an issue or PR as relevant to SIG Instrumentation. sig/network Categorizes an issue or PR as relevant to SIG Network. sig/node Categorizes an issue or PR as relevant to SIG Node. sig/storage Categorizes an issue or PR as relevant to SIG Storage. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. triage/accepted Indicates an issue or PR is ready to be actively worked on.
Projects
SIG Auth
Archived in project
SIG CLI
Archived in project
Milestone
v1.30
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@dims @k8s-ci-robot @liggitt @k8s-triage-robot @thockin @cici37