Thanks to visit codestin.com
Credit goes to github.com

Skip to content

[1.27] Bump runc to 1.1.6 #117242

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Apr 25, 2023
Merged

[1.27] Bump runc to 1.1.6 #117242

merged 2 commits into from
Apr 25, 2023

Conversation

haircommander
Copy link
Contributor

What type of PR is this?

/kind bug

What this PR does / why we need it:

Which issue(s) this PR fixes:

Fixes #

Special notes for your reviewer:

cherry-picks of #117241 and #117095 for 1.27

Does this PR introduce a user-facing change?

CVE-2023-27561 CVE-2023-25809 CVE-2023-28642: Bump fix runc v1.1.4 -> v1.1.5

Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.:

@k8s-ci-robot k8s-ci-robot added release-note Denotes a PR that will be considered when it comes time to generate release notes. do-not-merge/cherry-pick-not-approved Indicates that a PR is not yet approved to merge into a release branch. labels Apr 12, 2023
@k8s-ci-robot k8s-ci-robot added this to the v1.27 milestone Apr 12, 2023
@k8s-ci-robot k8s-ci-robot added size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. kind/bug Categorizes issue or PR as related to a bug. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. do-not-merge/needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. needs-priority Indicates a PR lacks a `priority/foo` label and requires one. labels Apr 12, 2023
@k8s-ci-robot k8s-ci-robot requested review from dims and logicalhan April 12, 2023 13:32
@k8s-ci-robot k8s-ci-robot added the area/dependency Issues or PRs related to dependency changes label Apr 12, 2023
@k8s-ci-robot k8s-ci-robot requested a review from a team April 12, 2023 13:32
@dims
Copy link
Member

dims commented Apr 12, 2023

@haircommander could you please poke at why we are getting one more transitive dependency than we had before? Is there anything we can do about it? (submit a PR to update something or other in runc?)

/assign @liggitt

/logs/artifacts /home/prow/go/src/k8s.io/kubernetes
go: downloading github.com/kubernetes-sigs/depstat v0.7.0
go: downloading github.com/spf13/cobra v1.1.1
go: downloading github.com/spf13/pflag v1.0.5
/home/prow/go/src/k8s.io/kubernetes
HEAD is now at 168a654e467 Merge commit 'e5997[2](https://prow.k8s.io/view/gs/kubernetes-jenkins/pr-logs/pull/117242/check-dependency-stats/1646143991122497536#1:build-log.txt%3A2)2bc59280bc5899b[3](https://prow.k8s.io/view/gs/kubernetes-jenkins/pr-logs/pull/117242/check-dependency-stats/1646143991122497536#1:build-log.txt%3A3)2957ff088ef97c33fa' into release-1.27
Switched to a new branch 'base'
--- /logs/artifacts/stats-base.txt	2023-0[4](https://prow.k8s.io/view/gs/kubernetes-jenkins/pr-logs/pull/117242/check-dependency-stats/1646143991122497536#1:build-log.txt%3A4)-12 13:33:[5](https://prow.k8s.io/view/gs/kubernetes-jenkins/pr-logs/pull/117242/check-dependency-stats/1646143991122497536#1:build-log.txt%3A5)3.187195487 +0000
+++ /logs/artifacts/stats.txt	2023-04-12 13:33:52.8[6](https://prow.k8s.io/view/gs/kubernetes-jenkins/pr-logs/pull/117242/check-dependency-stats/1646143991122497536#1:build-log.txt%3A6)[7](https://prow.k8s.io/view/gs/kubernetes-jenkins/pr-logs/pull/117242/check-dependency-stats/1646143991122497536#1:build-log.txt%3A7)163257 +0000
@@ -1,6 +1,6 @@
 Direct Dependencies: 206 
-Transitive Dependencies: 230 
-Total Dependencies: 279 
+Transitive Dependencies: 231 
+Total Dependencies: 2[8](https://prow.k8s.io/view/gs/kubernetes-jenkins/pr-logs/pull/117242/check-dependency-stats/1646143991122497536#1:build-log.txt%3A8)0 
 Max Depth Of Dependencies: 23 
 All dependencies:
 
@@ -1[9](https://prow.k8s.io/view/gs/kubernetes-jenkins/pr-logs/pull/117242/check-dependency-stats/1646143991122497536#1:build-log.txt%3A9)9,6 +199,7 @@
 github.com/russross/blackfriday/v2
 github.com/seccomp/libseccomp-golang
 github.com/sergi/go-diff
+github.com/shurcooL/sanitized_anchor_name
 github.com/sirupsen/logrus
 github.com/soheilhy/cmux
 github.com/spf[13](https://prow.k8s.io/view/gs/kubernetes-jenkins/pr-logs/pull/117242/check-dependency-stats/1646143991122497536#1:build-log.txt%3A13)/cobra

@haircommander
Copy link
Contributor Author

I am honestly not sure. Is it possible it's coming from hack/tools?

hack/tools/go.sum:github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=

this looks to be the same on master

hack/tools/go.sum:github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=

If I were to guess it's similarly happened in #117095 though I'm struggling to find the job to prove that

@openshift-ci-robot openshift-ci-robot mentioned this pull request Apr 12, 2023
Merged
@soltysh
Copy link
Contributor

soltysh commented Apr 12, 2023
edited
Loading

The same dep that @dims pointed out appears in #117241 so it's clearly coming from that 1.1.6 bump, see https://prow.k8s.io/view/gs/kubernetes-jenkins/pr-logs/pull/117241/check-dependency-stats/1646141874617978880

@dims
Copy link
Member

dims commented Apr 12, 2023

@haircommander - if we bump runc like so, it will drop the shurcooL stuff, see why here:
urfave/cli@v1.22.9...v1.22.12

[davanum@c889f3bd53ed 10:27] ~/go/src/github.com/opencontainers/runc ⟩ git diff
diff --git a/go.mod b/go.mod
index 4b3dd3913081..28c51eb1bc5c 100644
--- a/go.mod
+++ b/go.mod
@@ -17,7 +17,7 @@ require (
        github.com/seccomp/libseccomp-golang v0.10.0
        github.com/sirupsen/logrus v1.9.0
        github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635
-       github.com/urfave/cli v1.22.9
+       github.com/urfave/cli v1.22.12
        github.com/vishvananda/netlink v1.1.0
        golang.org/x/net v0.9.0
        golang.org/x/sys v0.7.0
@@ -27,5 +27,5 @@ require (
 require (
        github.com/cpuguy83/go-md2man/v2 v2.0.2 // indirect
        github.com/russross/blackfriday/v2 v2.1.0 // indirect
-       github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df // indirect
+       github.com/vishvananda/netns v0.0.4 // indirect
 )

@dims
Copy link
Member

dims commented Apr 12, 2023

You can use go mod graph to identify this code path. i have some helper scripts to visualize this - https://gist.github.com/dims/7eb66bbed03f349f092b31dabd1bdd47#file-map-of-dependencies-readme-md

Here's what the diagram looks like when run against runc repo:
image

@haircommander
Copy link
Contributor Author

@haircommander - if we bump runc like so, it will drop the shurcooL stuff, see why here:

sorry, it's not clear to me what the ask is here. Are you suggesting we propose those changes to runc upstream and wait for a 1.1.7?

@dims
Copy link
Member

dims commented Apr 12, 2023

So now that we know. Please open a PR to bump urfave/cli to v1.22.12 and vishvananda/netns to v0.0.4 in opencontainers/runc repo.

we don't need for them to tag that to land this. i am happy to go with this PR as-is as long as we update quickly when next runc is tagged.

@liggitt
Copy link
Member

liggitt commented Apr 12, 2023

So now that we know. Please open a PR to bump urfave/cli to v1.22.12 and vishvananda/netns to v0.0.4 in opencontainers/runc repo.

we don't need for them to tag that to land this. i am happy to go with this PR as-is as long as we update quickly when next runc is tagged.

I agree with this, though the master PR should be reviewed by sig-node and merge before merging this to release-1.27

@openshift-ci-robot openshift-ci-robot mentioned this pull request Apr 12, 2023
Merged
@dims
Copy link
Member

dims commented Apr 12, 2023

I agree with this, though the master PR should be reviewed by sig-node and merge before merging this to release-1.27

💯

This was referenced Apr 12, 2023
Closed
Closed
Closed
This was referenced Apr 18, 2023
Closed
Closed
@rphillips rphillips mentioned this pull request Apr 24, 2023
Closed
@rphillips
Copy link
Member

/sig node
/triage accepted
/lgtm
/priority important-soon

@k8s-ci-robot k8s-ci-robot added sig/node Categorizes an issue or PR as relevant to SIG Node. triage/accepted Indicates an issue or PR is ready to be actively worked on. priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. and removed do-not-merge/needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. labels Apr 24, 2023
@k8s-ci-robot k8s-ci-robot added lgtm "Looks good to me", indicates that a PR is ready to be merged. and removed needs-priority Indicates a PR lacks a `priority/foo` label and requires one. labels Apr 24, 2023
@k8s-ci-robot
Copy link
Contributor

LGTM label has been added.

Git tree hash: b5ce83c497733d72d20c8cd6bcaaef388514f70f

@rphillips
Copy link
Member

/assign @liggitt @mrunalp

@liggitt
Copy link
Member

liggitt commented Apr 24, 2023

/approve
for deps

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Apr 24, 2023
@pacoxu
Copy link
Member

pacoxu commented Apr 25, 2023

/assign @kubernetes/release-managers

@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: haircommander, liggitt, saschagrunert

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@saschagrunert saschagrunert added cherry-pick-approved Indicates a cherry-pick PR into a release branch has been approved by the release branch manager. and removed do-not-merge/cherry-pick-not-approved Indicates that a PR is not yet approved to merge into a release branch. labels Apr 25, 2023
@k8s-ci-robot k8s-ci-robot merged commit 667e164 into kubernetes:release-1.27 Apr 25, 2023
@openshift-ci-robot openshift-ci-robot mentioned this pull request Apr 27, 2023
Merged
This was referenced Apr 28, 2023
Closed
Closed
Closed
@dims
Copy link
Member

dims commented Apr 29, 2023

xref: #117647

@dims dims mentioned this pull request Apr 30, 2023
Merged
@kolyshkin kolyshkin mentioned this pull request May 11, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@saschagrunert saschagrunert saschagrunert approved these changes

@dims dims Awaiting requested review from dims

@logicalhan logicalhan Awaiting requested review from logicalhan

Assignees

@rphillips rphillips

@mrunalp mrunalp

@liggitt liggitt

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. area/dependency Issues or PRs related to dependency changes cherry-pick-approved Indicates a cherry-pick PR into a release branch has been approved by the release branch manager. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/bug Categorizes issue or PR as related to a bug. lgtm "Looks good to me", indicates that a PR is ready to be merged. priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. release-note Denotes a PR that will be considered when it comes time to generate release notes. sig/node Categorizes an issue or PR as relevant to SIG Node. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. triage/accepted Indicates an issue or PR is ready to be actively worked on.
Projects
SIG Node: code and documentation PRs
Archived in project
[sig-release] Bug Triage
Archived in project
Milestone
v1.27
Development

Successfully merging this pull request may close these issues.
10 participants
@haircommander @dims @soltysh @liggitt @rphillips @k8s-ci-robot @pacoxu @saschagrunert @mrunalp @PushkarJ