Update gogo/protobuf to v1.3.2 by adisky · Pull Request #4974 · containerd/containerd

adisky · 2021-01-27T13:28:53Z

bump version 1.3.2 for gogo/protobuf due to CVE-2021-3121 reported on gogo/protobuf version 1.3.1, CVE has been fixed for version 1.3.2

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3121

Signed-off-by: Aditi Sharma [email protected]

k8s-ci-robot · 2021-01-27T13:29:02Z

Hi @adisky. Thanks for your PR.

I'm waiting for a containerd member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

theopenlab-ci · 2021-01-27T14:05:04Z

Build succeeded.

containerd-build-arm64 : FAILURE in 31m 22s (non-voting)

theopenlab-ci · 2021-01-28T05:57:23Z

Build succeeded.

containerd-build-arm64 : SUCCESS in 7m 26s (non-voting)

k8s-ci-robot · 2021-01-28T11:48:44Z

@adisky: Cannot trigger testing until a trusted user reviews the PR and leaves an /ok-to-test message.

Details

In response to this:

/retest

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

dims · 2021-01-28T12:20:40Z

/ok-to-test

theopenlab-ci · 2021-01-28T12:40:56Z

Build succeeded.

containerd-build-arm64 : SUCCESS in 6m 11s (non-voting)

bump version 1.3.2 for gogo/protobuf due to CVE-2021-3121 discovered in gogo/protobuf version 1.3.1, CVE has been fixed in 1.3.2 Signed-off-by: Aditi Sharma <[email protected]>

theopenlab-ci · 2021-01-28T13:01:56Z

Build succeeded.

containerd-build-arm64 : SUCCESS in 5m 55s (non-voting)

theopenlab-ci · 2021-01-28T13:17:10Z

Build succeeded.

containerd-build-arm64 : SUCCESS in 8m 11s (non-voting)

dims · 2021-01-28T13:57:52Z

LGTM

@dmcgowan @mikebrow can you please retrigger the flaky CI job?

thanks @adisky !

estesp

LGTM

mikebrow

LGTM

estesp · 2021-01-28T15:32:30Z

This PR wins the prize for hitting both logged flaky test issues; we know neither is being impacted by this PR, and after 3 restarts we have run the full integration and test suites successfully across all the combinations. Going to merge.

dims · 2021-01-28T15:52:15Z

w00t thanks @estesp

Nice work @adisky

thaJeztah · 2021-02-10T08:55:36Z

Cherry-picked in containerd/cri#1620 and #5018 (needs a vendor update of containerd/cri)

k8s-ci-robot added the needs-ok-to-test label Jan 27, 2021

adisky force-pushed the update-protobuf branch 2 times, most recently from 6999f80 to 5541d15 Compare January 28, 2021 05:48

dims requested a review from thaJeztah January 28, 2021 12:20

dims assigned thaJeztah and mikebrow Jan 28, 2021

k8s-ci-robot added ok-to-test and removed needs-ok-to-test labels Jan 28, 2021

adisky force-pushed the update-protobuf branch from 5541d15 to eb23ea1 Compare January 28, 2021 12:33

Update gogo/protobuf to v1.3.2

1423e91

bump version 1.3.2 for gogo/protobuf due to CVE-2021-3121 discovered in gogo/protobuf version 1.3.1, CVE has been fixed in 1.3.2 Signed-off-by: Aditi Sharma <[email protected]>

adisky force-pushed the update-protobuf branch from 6e4ce85 to 1423e91 Compare January 28, 2021 13:07

adisky changed the title ~~[WIP] Update gogo/protobuf to v1.3.2~~ Update gogo/protobuf to v1.3.2 Jan 28, 2021

estesp approved these changes Jan 28, 2021

View reviewed changes

mikebrow approved these changes Jan 28, 2021

View reviewed changes

estesp merged commit 19ee068 into containerd:master Jan 28, 2021

estesp added the cherry-pick/1.4.x label Jan 28, 2021

This was referenced Feb 8, 2021

[release/1.4] Update gogo/protobuf to v1.3.2 containerd/cri#1620

Merged

[release/1.4] Update gogo/protobuf to v1.3.2 #5018

Merged

AkihiroSuda added cherry-picked/1.4.x PR commits are cherry picked into the release/1.4 branch and removed cherry-pick/1.4.x labels Mar 1, 2021

zhsj mentioned this pull request Mar 2, 2021

[release/v1.4] vendor: update cri #5107

Merged

This was referenced Apr 13, 2021

Update kubernetes to v1.21.0 #5332

Closed

go.mod: update kubernetes to v1.20.6 #5385

Merged

[release/1.4] vendor: update kubernetes and dependencies to v1.19.10 #5387

Merged

go.mod: remove replace, and update github.com/gogo/googleapis v1.4.1 #5390

Merged

Conversation

adisky commented Jan 27, 2021 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

k8s-ci-robot commented Jan 27, 2021

Uh oh!

theopenlab-ci Bot commented Jan 27, 2021

Uh oh!

theopenlab-ci Bot commented Jan 28, 2021

Uh oh!

k8s-ci-robot commented Jan 28, 2021

Uh oh!

dims commented Jan 28, 2021

Uh oh!

theopenlab-ci Bot commented Jan 28, 2021

Uh oh!

theopenlab-ci Bot commented Jan 28, 2021

Uh oh!

theopenlab-ci Bot commented Jan 28, 2021

Uh oh!

dims commented Jan 28, 2021

Uh oh!

estesp left a comment

Choose a reason for hiding this comment

Uh oh!

mikebrow left a comment

Choose a reason for hiding this comment

Uh oh!

estesp commented Jan 28, 2021

Uh oh!

dims commented Jan 28, 2021

Uh oh!

thaJeztah commented Feb 10, 2021

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

7 participants

adisky commented Jan 27, 2021 •

edited

Loading