From 6c8be35fa8681908f76ade192eb41a4ef400853d Mon Sep 17 00:00:00 2001
From: Humble Chirammal <humble.devassy@gmail.com>
Date: Thu, 27 Apr 2023 16:47:54 +0530
Subject: [PATCH 1/2] update the etcd base image to v1.4.2

The current base v1.3.0 has many CVEs[1] which are addressed in latest
versions of the bullseye

[1] ex:
CVE-2022-2509
CVE-2021-46828

Signed-off-by: Humble Chirammal <humble.devassy@gmail.com>
---
 build/dependencies.yaml      |  2 +-
 cluster/images/etcd/Makefile | 10 +++++-----
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/build/dependencies.yaml b/build/dependencies.yaml
index c9a1bfdc1625..a7f0a0687068 100644
--- a/build/dependencies.yaml
+++ b/build/dependencies.yaml
@@ -123,7 +123,7 @@ dependencies:
 
   # Base images
   - name: "registry.k8s.io/debian-base: dependents"
-    version: bullseye-v1.3.0
+    version: bullseye-v1.4.2
     refPaths:
     - path: cluster/images/etcd/Makefile
       match: BASEIMAGE\?\=registry\.k8s\.io\/build-image\/debian-base:[a-zA-Z]+\-v((([0-9]+)\.([0-9]+)\.([0-9]+)(?:-([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?)(?:\+([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?)
diff --git a/cluster/images/etcd/Makefile b/cluster/images/etcd/Makefile
index d57bfce4f2f5..25cb4b4e0930 100644
--- a/cluster/images/etcd/Makefile
+++ b/cluster/images/etcd/Makefile
@@ -92,19 +92,19 @@ DOCKERFILE.windows = Dockerfile.windows
 DOCKERFILE := ${DOCKERFILE.${OS}}
 
 ifeq ($(ARCH),amd64)
-    BASEIMAGE?=registry.k8s.io/build-image/debian-base:bullseye-v1.3.0
+    BASEIMAGE?=registry.k8s.io/build-image/debian-base:bullseye-v1.4.2
 endif
 ifeq ($(ARCH),arm)
-    BASEIMAGE?=registry.k8s.io/build-image/debian-base-arm:bullseye-v1.3.0
+    BASEIMAGE?=registry.k8s.io/build-image/debian-base-arm:bullseye-v1.4.2
 endif
 ifeq ($(ARCH),arm64)
-    BASEIMAGE?=registry.k8s.io/build-image/debian-base-arm64:bullseye-v1.3.0
+    BASEIMAGE?=registry.k8s.io/build-image/debian-base-arm64:bullseye-v1.4.2
 endif
 ifeq ($(ARCH),ppc64le)
-    BASEIMAGE?=registry.k8s.io/build-image/debian-base-ppc64le:bullseye-v1.3.0
+    BASEIMAGE?=registry.k8s.io/build-image/debian-base-ppc64le:bullseye-v1.4.2
 endif
 ifeq ($(ARCH),s390x)
-    BASEIMAGE?=registry.k8s.io/build-image/debian-base-s390x:bullseye-v1.3.0
+    BASEIMAGE?=registry.k8s.io/build-image/debian-base-s390x:bullseye-v1.4.2
 endif
 
 BASE.windows = mcr.microsoft.com/windows/nanoserver

From 6b40cd8cd372af4322d669e2a3503c628203b4b6 Mon Sep 17 00:00:00 2001
From: Humble Chirammal <humble.devassy@gmail.com>
Date: Thu, 27 Apr 2023 17:08:04 +0530
Subject: [PATCH 2/2] update test/conformance/image version to v1.4.2

Signed-off-by: Humble Chirammal <humble.devassy@gmail.com>
---
 test/conformance/image/Makefile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/test/conformance/image/Makefile b/test/conformance/image/Makefile
index 732327d9bc35..b44cac0534fa 100644
--- a/test/conformance/image/Makefile
+++ b/test/conformance/image/Makefile
@@ -33,7 +33,7 @@ CLUSTER_DIR?=$(shell pwd)/../../../cluster/
 
 # This is defined in root Makefile, but some build contexts do not refer to them
 KUBE_BASE_IMAGE_REGISTRY?=registry.k8s.io
-BASE_IMAGE_VERSION?=bullseye-v1.3.0
+BASE_IMAGE_VERSION?=bullseye-v1.4.2
 BASEIMAGE?=${KUBE_BASE_IMAGE_REGISTRY}/build-image/debian-base-${ARCH}:${BASE_IMAGE_VERSION}
 
 # Keep debian releases (e.g. debian 11 == bullseye) consistent