vendor: gogo/protobuf v1.3.2, containerd, and swarmkit #42254
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
thaJeztah
force-pushed
the
bump_containerd_protobuf
branch
from
be83275 to
7bfb181
Compare
thaJeztah
force-pushed
the
bump_containerd_protobuf
branch
from
7bfb181 to
82b2b16
Compare
thaJeztah
commented
Apr 17, 2021
Member
Author
There was a problem hiding this comment.
I'll update this one separately; containerd/continuity@efbc448...1805252
Member
Author
There was a problem hiding this comment.
this one has a replace-rule so shouldn't updated; https://github.com/containerd/containerd/blob/19ee068f93c91f7b9b2a858457f1af2cabc7bc06/go.mod#L72
Comment on lines
+34
to
+35
Member
Author
There was a problem hiding this comment.
I'll update these separately
Comment on lines
+55
to
+56
Member
Author
There was a problem hiding this comment.
I'll update these separately;
Member
Author
|
SwarmKit changes were merged, so moved this out of draft @cpuguy83 @dperny @tonistiigi PTAL |
thaJeztah
force-pushed
the
bump_containerd_protobuf
branch
2 times, most recently
from
e58c5ef to
1be0074
Compare
full diff: gogo/protobuf@v1.3.1...v1.3.2 bump version 1.3.2 for gogo/protobuf due to CVE-2021-3121 reported on gogo/protobuf version 1.3.1, CVE has been fixed for version 1.3.2 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3121 Signed-off-by: Sebastiaan van Stijn <[email protected]>
…af2cabc7bc06 full diff: containerd/containerd@55eda46...19ee068 brings in updated protobufs, generated with gogo/protobuf v1.3.2 Signed-off-by: Sebastiaan van Stijn <[email protected]>
full diff: etcd-io/etcd@v3.3.12...v3.3.25 Signed-off-by: Sebastiaan van Stijn <[email protected]>
full diff: moby/swarmkit@17d8d4e...5a5494a Updated version of SwarmKit with protos generated with gogo/protobuf v1.3.2 due to CVE-2021-3121 reported on gogo/protobuf version 1.3.1, CVE has been fixed for version 1.3.2 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3121 Signed-off-by: Sebastiaan van Stijn <[email protected]>
thaJeztah
force-pushed
the
bump_containerd_protobuf
branch
from
1be0074 to
1c7585a
Compare
tonistiigi
approved these changes
Apr 20, 2021
tianon
reviewed
Apr 22, 2021
|
|
||
| # containerd | ||
| github.com/containerd/containerd 55eda46b22f985cde99b599e469ff9c13994bf68 # master (v1.5.0-dev) | ||
| github.com/containerd/containerd 19ee068f93c91f7b9b2a858457f1af2cabc7bc06 # master (v1.5.0-dev) |
Member
There was a problem hiding this comment.
I imagine this could probably go as far as something like v1.5.0-rc.2 now, right? 😇
(some conceptual overlap with #42308, even if not the same files)
Member
Author
There was a problem hiding this comment.
Yes, I'm planning on updating to latest version; I picked this commit to keep this PR specific to the protobuf v1.3.2 update (although, after discussing, it doesn't directly affect us / not reasonably exploitable)
thaJeztah
added a commit
to thaJeztah/docker
that referenced
this pull request
Nov 9, 2021
Possibly more dependencies need to be updated, and instead of this we should cherry-pick. This is just a quick check "what would it look like if we bumped the version in this branch"; Updating to containerd 1.5 Last containerd update in 20.10 is moby@1f88736 (moby#41688) - moby@ab1dd80 moby#42274 - moby@5761fca moby#42274 - moby@42ef2c5 moby#42276 - moby@6202322 moby#42254 - moby@7c1c123 moby#42249 - moby@84df737 moby#42636 - moby@4fc2d4d moby#42656 - moby@3d58d13 moby#42697 - moby@582ef29 moby#42994 Signed-off-by: Sebastiaan van Stijn <[email protected]>
thaJeztah
added a commit
to thaJeztah/docker
that referenced
this pull request
Nov 9, 2021
Possibly more dependencies need to be updated, and instead of this we should cherry-pick. This is just a quick check "what would it look like if we bumped the version in this branch"; Updating to containerd 1.5 Last containerd update in 20.10 is moby@1f88736 (moby#41688) - moby@ab1dd80 moby#42274 - moby@5761fca moby#42274 - moby@42ef2c5 moby#42276 - moby@6202322 moby#42254 - moby@7c1c123 moby#42249 - moby@84df737 moby#42636 - moby@4fc2d4d moby#42656 - moby@3d58d13 moby#42697 - moby@582ef29 moby#42994 Signed-off-by: Sebastiaan van Stijn <[email protected]>
thaJeztah
added a commit
to thaJeztah/docker
that referenced
this pull request
Mar 18, 2022
Possibly more dependencies need to be updated, and instead of this we should cherry-pick. This is just a quick check "what would it look like if we bumped the version in this branch"; Updating to containerd 1.5 Last containerd update in 20.10 is moby@1f88736 (moby#41688) - moby@ab1dd80 moby#42274 - moby@5761fca moby#42274 - moby@42ef2c5 moby#42276 - moby@6202322 moby#42254 - moby@7c1c123 moby#42249 - moby@84df737 moby#42636 - moby@4fc2d4d moby#42656 - moby@3d58d13 moby#42697 - moby@582ef29 moby#42994 - moby@458b4aa moby#43025 Signed-off-by: Sebastiaan van Stijn <[email protected]>
thaJeztah
added a commit
to thaJeztah/docker
that referenced
this pull request
Mar 18, 2022
Possibly more dependencies need to be updated, and instead of this we should cherry-pick. This is just a quick check "what would it look like if we bumped the version in this branch"; Updating to containerd 1.5 Last containerd update in 20.10 is moby@1f88736 (moby#41688) - moby@ab1dd80 moby#42274 - moby@5761fca moby#42274 - moby@42ef2c5 moby#42276 - moby@6202322 moby#42254 - moby@7c1c123 moby#42249 - moby@84df737 moby#42636 - moby@4fc2d4d moby#42656 - moby@3d58d13 moby#42697 - moby@582ef29 moby#42994 - moby@458b4aa moby#43025 Signed-off-by: Sebastiaan van Stijn <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
opening as draft, because this vendors swarmkit from moby/swarmkit#3002 / moby/swarmkit#2985, which isn't merged yet
vendor: github.com/gogo/protobuf v1.3.2
full diff: gogo/protobuf@v1.3.1...v1.3.2
bump version 1.3.2 for gogo/protobuf due to CVE-2021-3121 reported on
gogo/protobuf version 1.3.1, CVE has been fixed for version 1.3.2
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3121
vendor github.com/containerd/containerd 19ee068f93c91f7b9b2a858457f1af2cabc7bc06
full diff: containerd/containerd@0edc412...19ee068
brings in updated protobufs, generated with gogo/protobuf v1.3.2
vendor: github.com/coreos/etcd v3.3.25
full diff: etcd-io/etcd@v3.3.12...v3.3.25
vendor: github.com/docker/swarmkit 5a5494a
full diff: moby/swarmkit@17d8d4e...5a5494a
Updated version of SwarmKit with protos generated with gogo/protobuf v1.3.2
due to CVE-2021-3121 reported on gogo/protobuf version 1.3.1, CVE has been
fixed for version 1.3.2
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3121