Patch CVE-2016-8859 in alpine based images #42936
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
k8s-ci-robot
added
the
cncf-cla: yes
k8s-github-robot
added
do-not-merge
|
This change is |
|
/assign bowei |
|
/approve /lgtm |
|
this seems reasonable but i'm not sure why it's 5 commits. can you squash? |
|
Keeping the commits separate made it easier to manage the selective cherrypicks across branches. I can squash though. |
MrHohn
reviewed
Mar 14, 2017
| @@ -31,7 +31,7 @@ spec: | |||
| spec: | |||
| containers: | |||
| - name: autoscaler | |||
| image: gcr.io/google_containers/cluster-proportional-autoscaler-amd64:1.0.0 | |||
| image: gcr.io/google_containers/cluster-proportional-autoscaler-amd64:1.1.0-r2 | |||
There was a problem hiding this comment.
Sorry, forgot to mention, please remove --mode=linear flag for the autoscaler container. I aggressively deprecated this flag in 1.1.
|
This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of its
recipients. This is a temporary error. The following address(es) deferred:
curtis.l.bates@gmail.com
Domain imwiz.com has exceeded the max emails per hour (152/150 (101%)) allowed. Message will be reattempted later
------- This is a copy of the message, including all the headers. ------
Received: from github-smtp2-ext7.iad.github.net ([192.30.252.198]:46633 helo=github-smtp2a-ext-cp1-prd.iad.github.net)
by box969.bluehost.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256)
(Exim 4.87)
(envelope-from <noreply@github.com>)
id 1cnrVw-0008Kh-PP
for dev@imwiz.com; Tue, 14 Mar 2017 12:49:50 -0600
Date: Tue, 14 Mar 2017 11:49:33 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com;
s=pf2014; t=1489517373;
bh=2BBmWVzr7vXB3FzX6U1ipEMqBGofHWo5e/5ABi1dSsc=;
h=From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID:
List-Archive:List-Post:List-Unsubscribe:From;
b=bd2tQc47876JPaCD5e1dRJSs3NP8sGRt00mUfcC6RHkh6DFg/y8Wn2gVPyd6VuasC
mSVtQWldzvNnAGSIgW1YBGAEhHrWbH9atBprXekNqoxNGdLOflq/VwY8Lt4httR/zb
dxKkVi3gZFVaNALqaGzX5NOeG5lUW/YU2uNF/nVM=
From: Zihong Zheng <notifications@github.com>
Reply-To: kubernetes/kubernetes <reply@reply.github.com>
To: kubernetes/kubernetes <kubernetes@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <kubernetes/kubernetes/pull/42936/review/26899727@github.com>
In-Reply-To: <kubernetes/kubernetes/pull/42936@github.com>
References: <kubernetes/kubernetes/pull/42936@github.com>
Subject: Re: [kubernetes/kubernetes] Patch CVE-2016-8859 in alpine based
images (#42936)
Mime-Version: 1.0
Content-Type: multipart/alternative;
boundary="--==_mimepart_58c83b3de6c1a_45453f8fa338bc34258240";
charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: MrHohn
X-GitHub-Recipient: falenn
X-GitHub-Reason: subscribed
List-ID: kubernetes/kubernetes <kubernetes.kubernetes.github.com>
List-Archive: https://github.com/kubernetes/kubernetes
List-Post: <mailto:reply@reply.github.com>
List-Unsubscribe: <mailto:unsub+000ab60ae1c847f656e6ca681f15d444cc0c9425dca87ba192cf0000000114dffd3d92a169ce0cb99fac@reply.github.com>,
<https://github.com/notifications/unsubscribe/AAq2CvZy8ktr6Z_OJ5ir7s3EX1ok3zxeks5rluE9gaJpZM4MaCSr>
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: dev@imwiz.com
X-Spam-Status: No, score=0.1
X-Spam-Score: 1
X-Spam-Bar: /
X-Ham-Report: Spam detection software, running on the system "box969.bluehost.com",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
root\@localhost for details.
Content preview: MrHohn commented on this pull request. > @@ -31,7 +31,7 @@
spec: spec: containers: - name: autoscaler - image: gcr.io/google_containers/cluster-proportional-autoscaler-amd64:1.0.0
+ image: gcr.io/google_containers/cluster-proportional-autoscaler-amd64:1.1.0-r2
[...]
Content analysis details: (0.1 points, 4.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-0.0 SPF_PASS SPF: sender matches SPF record
0.7 HTML_IMAGE_ONLY_28 BODY: HTML: images with 2400-2800 bytes of words
0.0 HTML_MESSAGE BODY: HTML included in message
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
-0.5 AWL AWL: Adjusted score from AWL reputation of From: address
X-Spam-Flag: NO
----==_mimepart_58c83b3de6c1a_45453f8fa338bc34258240
Content-Type: text/plain;
charset=UTF-8
Content-Transfer-Encoding: 7bit
MrHohn commented on this pull request.
@@ -31,7 +31,7 @@ spec:
spec:
containers:
- name: autoscaler
- image: gcr.io/google_containers/cluster-proportional-autoscaler-amd64:1.0.0
+ image: gcr.io/google_containers/cluster-proportional-autoscaler-amd64:1.1.0-r2
Sorry, forgot to mention, please remove `--mode=linear` flag for the autoscaler container. I aggressively deprecated this flag in 1.1.
…--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
#42936 (review)
----==_mimepart_58c83b3de6c1a_45453f8fa338bc34258240
Content-Type: text/html;
charset=UTF-8
Content-Transfer-Encoding: 7bit
<p><b>@MrHohn</b> commented on this pull request.</p>
<hr>
<p>In <a href="#42936 (comment)">cluster/addons/dns-horizontal-autoscaler/dns-horizontal-autoscaler.yaml</a>:</p>
<pre style='color:#555'>> @@ -31,7 +31,7 @@ spec:
spec:
containers:
- name: autoscaler
- image: gcr.io/google_containers/cluster-proportional-autoscaler-amd64:1.0.0
+ image: gcr.io/google_containers/cluster-proportional-autoscaler-amd64:1.1.0-r2
</pre>
<p>Sorry, forgot to mention, please remove <code>--mode=linear</code> flag for the autoscaler container. I aggressively deprecated this flag in 1.1.</p>
<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">—<br />You are receiving this because you are subscribed to this thread.<br />Reply to this email directly, <a href="#42936 (review)">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/AAq2ChyhoY4JoeSc7iOeFLgr_UJz3Kbnks5rluE9gaJpZM4MaCSr">mute the thread</a>.<img alt="" height="1" src="https://github.com/notifications/beacon/AAq2Chee6M9d58sjpE9LDUPH7dCMT_-fks5rluE9gaJpZM4MaCSr.gif" width="1" /></p>
<div itemscope itemtype="http://schema.org/EmailMessage">
<div itemprop="action" itemscope itemtype="http://schema.org/ViewAction">
<link itemprop="url" href="#42936 (review)"></link>
<meta itemprop="name" content="View Pull Request"></meta>
</div>
<meta itemprop="description" content="View this Pull Request on GitHub"></meta>
</div>
<script type="application/json" data-scope="inboxmarkup">{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/kubernetes/kubernetes","title":"kubernetes/kubernetes","subtitle":"GitHub repository","main_image_url":"https://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5d88-11e6-95fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubusercontent.com/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png","action":{"name":"Open in GitHub","url":"https://github.com/kubernetes/kubernetes"}},"updates":{"snippets":[{"icon":"PERSON","message":"@MrHohn commented on #42936"}],"action":{"name":"View Pull Request","url":"#42936 (review)"}}}</script>
----==_mimepart_58c83b3de6c1a_45453f8fa338bc34258240--
|
Bump gcr.io/google_containers/cluster-proportional-autoscaler-amd64 to 1.1.0-r2 Bump gcr.io/google-containers/dnsmasq-metrics-amd64 to 1.0.1 Bump gcr.io/google-containers/etcd-empty-dir-cleanup to 0.0.2 Bump gcr.io/google-containers/kube-addon-manager to v6.1.1 Bump gcr.io/google_containers/kube-dnsmasq-amd64 to 1.4.1
|
This PR has no LGTM and approve. @timstclair can you get one? |
|
@zmerlynn Could you please approve this cherrypick too? |
|
Is this PR directly on the 1.5 branch? Do we have a corresponding CVE fix on master & 1.6? |
|
@timstclair: If this is a manual cherry-pick, can you at least reference the pulls you're picking somewhere (like the top comment)? |
|
Corresponding PRs:
This is a PR directly on the 1.5 branch. Before I squashed the commits, some were manually cherrypicked from one branch to another. The automatic cherrypick process can't be used since different branches are on different releases of the addons. |
|
/lgtm |
k8s-ci-robot
added
the
lgtm
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: bowei, timstclair, zmerlynn
Needs approval from an approver in each of these OWNERS Files:
You can indicate your approval by writing |
k8s-github-robot
added
the
approved
mwielgus
added
the
cherry-pick-approved
mwielgus
added
cherrypick-candidate
and removed
do-not-merge
|
Automatic merge from submit-queue |
|
Commit found in the "release-1.5" branch appears to be this PR. Removing the "cherrypick-candidate" label. If this is an error find help to get your PR picked. |
![https://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5d88-11e6-95fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubusercontent.com/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png","action":{"name":"Open](https://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5d88-11e6-95fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubusercontent.com/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png","action":{"name":"Open){kind=link}
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
/cc @ixdy @bowei @MrHohn