-
Notifications
You must be signed in to change notification settings - Fork 39k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Patch CVE-2016-8859 in alpine based images #42936
Conversation
/assign bowei |
/approve /lgtm |
this seems reasonable but i'm not sure why it's 5 commits. can you squash? |
Keeping the commits separate made it easier to manage the selective cherrypicks across branches. I can squash though. |
@@ -31,7 +31,7 @@ spec: | |||
spec: | |||
containers: | |||
- name: autoscaler | |||
image: gcr.io/google_containers/cluster-proportional-autoscaler-amd64:1.0.0 | |||
image: gcr.io/google_containers/cluster-proportional-autoscaler-amd64:1.1.0-r2 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry, forgot to mention, please remove --mode=linear
flag for the autoscaler container. I aggressively deprecated this flag in 1.1.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done.
This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of its
recipients. This is a temporary error. The following address(es) deferred:
curtis.l.bates@gmail.com
Domain imwiz.com has exceeded the max emails per hour (152/150 (101%)) allowed. Message will be reattempted later
------- This is a copy of the message, including all the headers. ------
Received: from github-smtp2-ext7.iad.github.net ([192.30.252.198]:46633 helo=github-smtp2a-ext-cp1-prd.iad.github.net)
by box969.bluehost.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256)
(Exim 4.87)
(envelope-from <noreply@github.com>)
id 1cnrVw-0008Kh-PP
for dev@imwiz.com; Tue, 14 Mar 2017 12:49:50 -0600
Date: Tue, 14 Mar 2017 11:49:33 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com;
s=pf2014; t=1489517373;
bh=2BBmWVzr7vXB3FzX6U1ipEMqBGofHWo5e/5ABi1dSsc=;
h=From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID:
List-Archive:List-Post:List-Unsubscribe:From;
b=bd2tQc47876JPaCD5e1dRJSs3NP8sGRt00mUfcC6RHkh6DFg/y8Wn2gVPyd6VuasC
mSVtQWldzvNnAGSIgW1YBGAEhHrWbH9atBprXekNqoxNGdLOflq/VwY8Lt4httR/zb
dxKkVi3gZFVaNALqaGzX5NOeG5lUW/YU2uNF/nVM=
From: Zihong Zheng <notifications@github.com>
Reply-To: kubernetes/kubernetes <reply@reply.github.com>
To: kubernetes/kubernetes <kubernetes@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <kubernetes/kubernetes/pull/42936/review/26899727@github.com>
In-Reply-To: <kubernetes/kubernetes/pull/42936@github.com>
References: <kubernetes/kubernetes/pull/42936@github.com>
Subject: Re: [kubernetes/kubernetes] Patch CVE-2016-8859 in alpine based
images (#42936)
Mime-Version: 1.0
Content-Type: multipart/alternative;
boundary="--==_mimepart_58c83b3de6c1a_45453f8fa338bc34258240";
charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: MrHohn
X-GitHub-Recipient: falenn
X-GitHub-Reason: subscribed
List-ID: kubernetes/kubernetes <kubernetes.kubernetes.github.com>
List-Archive: https://github.com/kubernetes/kubernetes
List-Post: <mailto:reply@reply.github.com>
List-Unsubscribe: <mailto:unsub+000ab60ae1c847f656e6ca681f15d444cc0c9425dca87ba192cf0000000114dffd3d92a169ce0cb99fac@reply.github.com>,
<https://github.com/notifications/unsubscribe/AAq2CvZy8ktr6Z_OJ5ir7s3EX1ok3zxeks5rluE9gaJpZM4MaCSr>
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: dev@imwiz.com
X-Spam-Status: No, score=0.1
X-Spam-Score: 1
X-Spam-Bar: /
X-Ham-Report: Spam detection software, running on the system "box969.bluehost.com",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
root\@localhost for details.
Content preview: MrHohn commented on this pull request. > @@ -31,7 +31,7 @@
spec: spec: containers: - name: autoscaler - image: gcr.io/google_containers/cluster-proportional-autoscaler-amd64:1.0.0
+ image: gcr.io/google_containers/cluster-proportional-autoscaler-amd64:1.1.0-r2
[...]
Content analysis details: (0.1 points, 4.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-0.0 SPF_PASS SPF: sender matches SPF record
0.7 HTML_IMAGE_ONLY_28 BODY: HTML: images with 2400-2800 bytes of words
0.0 HTML_MESSAGE BODY: HTML included in message
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
-0.5 AWL AWL: Adjusted score from AWL reputation of From: address
X-Spam-Flag: NO
----==_mimepart_58c83b3de6c1a_45453f8fa338bc34258240
Content-Type: text/plain;
charset=UTF-8
Content-Transfer-Encoding: 7bit
MrHohn commented on this pull request.
@@ -31,7 +31,7 @@ spec:
spec:
containers:
- name: autoscaler
- image: gcr.io/google_containers/cluster-proportional-autoscaler-amd64:1.0.0
+ image: gcr.io/google_containers/cluster-proportional-autoscaler-amd64:1.1.0-r2
Sorry, forgot to mention, please remove `--mode=linear` flag for the autoscaler container. I aggressively deprecated this flag in 1.1.
…--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
#42936 (review)
----==_mimepart_58c83b3de6c1a_45453f8fa338bc34258240
Content-Type: text/html;
charset=UTF-8
Content-Transfer-Encoding: 7bit
<p><b>@MrHohn</b> commented on this pull request.</p>
<hr>
<p>In <a href="#42936 (comment)">cluster/addons/dns-horizontal-autoscaler/dns-horizontal-autoscaler.yaml</a>:</p>
<pre style='color:#555'>> @@ -31,7 +31,7 @@ spec:
spec:
containers:
- name: autoscaler
- image: gcr.io/google_containers/cluster-proportional-autoscaler-amd64:1.0.0
+ image: gcr.io/google_containers/cluster-proportional-autoscaler-amd64:1.1.0-r2
</pre>
<p>Sorry, forgot to mention, please remove <code>--mode=linear</code> flag for the autoscaler container. I aggressively deprecated this flag in 1.1.</p>
<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">—<br />You are receiving this because you are subscribed to this thread.<br />Reply to this email directly, <a href="#42936 (review)">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/AAq2ChyhoY4JoeSc7iOeFLgr_UJz3Kbnks5rluE9gaJpZM4MaCSr">mute the thread</a>.<img alt="" height="1" src="https://github.com/notifications/beacon/AAq2Chee6M9d58sjpE9LDUPH7dCMT_-fks5rluE9gaJpZM4MaCSr.gif" width="1" /></p>
<div itemscope itemtype="http://schema.org/EmailMessage">
<div itemprop="action" itemscope itemtype="http://schema.org/ViewAction">
<link itemprop="url" href="#42936 (review)"></link>
<meta itemprop="name" content="View Pull Request"></meta>
</div>
<meta itemprop="description" content="View this Pull Request on GitHub"></meta>
</div>
<script type="application/json" data-scope="inboxmarkup">{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/kubernetes/kubernetes","title":"kubernetes/kubernetes","subtitle":"GitHub repository","main_image_url":"https://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5d88-11e6-95fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubusercontent.com/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png","action":{"name":"Open in GitHub","url":"https://github.com/kubernetes/kubernetes"}},"updates":{"snippets":[{"icon":"PERSON","message":"@MrHohn commented on #42936"}],"action":{"name":"View Pull Request","url":"#42936 (review)"}}}</script>
----==_mimepart_58c83b3de6c1a_45453f8fa338bc34258240--
|
Bump gcr.io/google_containers/cluster-proportional-autoscaler-amd64 to 1.1.0-r2 Bump gcr.io/google-containers/dnsmasq-metrics-amd64 to 1.0.1 Bump gcr.io/google-containers/etcd-empty-dir-cleanup to 0.0.2 Bump gcr.io/google-containers/kube-addon-manager to v6.1.1 Bump gcr.io/google_containers/kube-dnsmasq-amd64 to 1.4.1
This PR has no LGTM and approve. @timstclair can you get one? |
@zmerlynn Could you please approve this cherrypick too? |
Is this PR directly on the 1.5 branch? Do we have a corresponding CVE fix on master & 1.6? |
@timstclair: If this is a manual cherry-pick, can you at least reference the pulls you're picking somewhere (like the top comment)? |
Corresponding PRs:
This is a PR directly on the 1.5 branch. Before I squashed the commits, some were manually cherrypicked from one branch to another. The automatic cherrypick process can't be used since different branches are on different releases of the addons. |
/lgtm |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: bowei, timstclair, zmerlynn
Needs approval from an approver in each of these OWNERS Files:
You can indicate your approval by writing |
Automatic merge from submit-queue |
Commit found in the "release-1.5" branch appears to be this PR. Removing the "cherrypick-candidate" label. If this is an error find help to get your PR picked. |
/cc @ixdy @bowei @MrHohn