Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Update github.com/containerd/containerd to v1.5.13 to fix security issues #5930

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
bmelbourne wants to merge 1 commit into from
Closed

Update github.com/containerd/containerd to v1.5.13 to fix security issues #5930

bmelbourne wants to merge 1 commit into from

Conversation

@bmelbourne
Copy link

@bmelbourne bmelbourne commented Jun 5, 2022
edited
Loading

Signed-off-by: Barry Melbourne [email protected]

What type of PR is this?

/kind dependency-change

What this PR does / why we need it:

Update Go github.com/containerd/containerd package to v1.5.13 to fix the following critical security vulnerabilities

CVE-2021-43816
CVE-2022-31030

Which issue(s) this PR fixes:

None

Special notes for your reviewer:

Does this PR introduce a user-facing change?

None

@bmelbourne bmelbourne requested review from mrunalp and runcom as code owners June 5, 2022 11:53
@openshift-ci openshift-ci bot added do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. release-note-none Denotes a PR that doesn't merit a release note. kind/dependency-change Categorizes issue or PR as related to changing dependencies dco-signoff: yes Indicates the PR's author has DCO signed all their commits. labels Jun 5, 2022
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Jun 5, 2022

Hi @bmelbourne. Thanks for your PR.

I'm waiting for a cri-o member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-ci openshift-ci bot added the needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. label Jun 5, 2022
@openshift-ci openshift-ci bot requested review from QiWang19 and wgahnagl June 5, 2022 11:54
@bmelbourne bmelbourne changed the title [WIP] Update github.com/containerd/containerd to v1.5.12 to fix CVE-2021-43816 Update github.com/containerd/containerd to v1.5.12 to fix CVE-2021-43816 Jun 5, 2022
@openshift-ci openshift-ci bot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Jun 5, 2022
@bmelbourne bmelbourne force-pushed the bugfix/update-go-containerd-pkg branch 2 times, most recently from d47b9da to a1dc69b Compare June 5, 2022 12:10
@haircommander
Copy link
Member

haircommander commented Jun 6, 2022

/ok-to-test

thanks @bmelbourne ! I think this is a good idea, though I don't think we are vulnerable of that issue because we vendor containerd. we use some of their libraries, but we shouldn't use their code that handlers this labeling. nonetheless, always good to update deps

@openshift-ci openshift-ci bot added ok-to-test Indicates a non-member PR verified by an org member that is safe to test. and removed needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels Jun 6, 2022
@bmelbourne bmelbourne changed the title Update github.com/containerd/containerd to v1.5.12 to fix CVE-2021-43816 Update github.com/containerd/containerd to v1.5.13 to fix security issues Jun 6, 2022
@bmelbourne bmelbourne force-pushed the bugfix/update-go-containerd-pkg branch 3 times, most recently from 8efea10 to 4fd3052 Compare June 6, 2022 22:01
@bmelbourne bmelbourne changed the title Update github.com/containerd/containerd to v1.5.13 to fix security issues [WIP] Update github.com/containerd/containerd to v1.5.13 to fix security issues Jun 7, 2022
@openshift-ci openshift-ci bot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Jun 7, 2022
@bmelbourne bmelbourne closed this Jun 9, 2022
@bmelbourne bmelbourne force-pushed the bugfix/update-go-containerd-pkg branch from 4fd3052 to 5786bb6 Compare June 9, 2022 15:41
@bmelbourne
Copy link
Author

bmelbourne commented Jun 9, 2022

/reopen

@openshift-ci
Copy link
Contributor

openshift-ci bot commented Jun 9, 2022

@bmelbourne: Reopened this PR.

Details

In response to this:

/reopen

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-ci openshift-ci bot reopened this Jun 9, 2022
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Jun 9, 2022

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: bmelbourne
To complete the pull request process, please assign umohnani8 after the PR has been reviewed.
You can assign the PR to them by writing /assign @umohnani8 in a comment when ready.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci
Copy link
Contributor

openshift-ci bot commented Jun 9, 2022

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: bmelbourne
To complete the pull request process, please assign umohnani8 after the PR has been reviewed.
You can assign the PR to them by writing /assign @umohnani8 in a comment when ready.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@haircommander
Copy link
Member

haircommander commented Jun 9, 2022

I think we'll end up going for #5956 as it bumps the version even farther. I appreciate you opening the PR @bmelbourne , thanks !

@openshift-ci-robot
Copy link

openshift-ci-robot commented Jun 9, 2022

@bmelbourne: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/kata-jenkins c2c7a24 link true /test kata-containers
Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

@bmelbourne bmelbourne changed the title [WIP] Update github.com/containerd/containerd to v1.5.13 to fix security issues Update github.com/containerd/containerd to v1.5.13 to fix security issues Jun 9, 2022
@openshift-ci openshift-ci bot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Jun 9, 2022
@bmelbourne
Copy link
Author

bmelbourne commented Jun 9, 2022

/retest-required

@bmelbourne
Copy link
Author

bmelbourne commented Jun 9, 2022

/test integration_fedora

@openshift-ci
Copy link
Contributor

openshift-ci bot commented Jun 9, 2022
edited
Loading

@bmelbourne: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/e2e-agnostic 4fd3052 link true /test e2e-agnostic
ci/prow/e2e-gcp 4fd3052 link true /test e2e-gcp
ci/kata-jenkins c2c7a24 link true /test kata-containers
ci/openshift-jenkins/integration_crun_cgroupv2 c2c7a24 link false /test integration_cgroupv2
ci/openshift-jenkins/integration_crun c2c7a24 link true /test integration_crun

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

@bmelbourne
Copy link
Author

bmelbourne commented Jun 9, 2022

/close

@openshift-ci
Copy link
Contributor

openshift-ci bot commented Jun 9, 2022

@bmelbourne: Closed this PR.

Details

In response to this:

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-ci openshift-ci bot closed this Jun 9, 2022
@bmelbourne bmelbourne deleted the bugfix/update-go-containerd-pkg branch June 9, 2022 17:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mrunalp mrunalp Awaiting requested review from mrunalp mrunalp is a code owner

@runcom runcom Awaiting requested review from runcom

@QiWang19 QiWang19 Awaiting requested review from QiWang19

@wgahnagl wgahnagl Awaiting requested review from wgahnagl

Assignees

No one assigned

Labels

dco-signoff: yes Indicates the PR's author has DCO signed all their commits. kind/dependency-change Categorizes issue or PR as related to changing dependencies ok-to-test Indicates a non-member PR verified by an org member that is safe to test. release-note-none Denotes a PR that doesn't merit a release note.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@bmelbourne @haircommander @openshift-ci-robot