Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[v4.9-rhel] CVE-2024-6104 & CVE-2024-37298 fixes #23312

Merged
merged 1 commit into from
Jul 19, 2024
Merged

[v4.9-rhel] CVE-2024-6104 & CVE-2024-37298 fixes #23312

merged 1 commit into from
Jul 19, 2024

Conversation

TomSweeneyRedHat
Copy link
Member

@TomSweeneyRedHat TomSweeneyRedHat commented Jul 18, 2024
edited
Loading

This addresses: CVE-2204-6104 requires go-retryablehttp 0.7.7 and CVE-2024-37298 requires github.com/gorilla/schema v1.4.1

and fixes:

https://issues.redhat.com/browse/OCPBUGS-36119
https://issues.redhat.com/browse/RHEL-44859
https://issues.redhat.com/browse/RHEL-44881

https://issues.redhat.com/browse/RHEL-45916
https://issues.redhat.com/browse/RHEL-47169
https://issues.redhat.com/browse/OCPBUGS-36443

[NO NEW TESTS NEEDED]

Does this PR introduce a user-facing change?

None

@openshift-ci OpenShift CI
Copy link
Contributor

openshift-ci bot commented Jul 18, 2024

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: TomSweeneyRedHat

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jul 18, 2024
@TomSweeneyRedHat TomSweeneyRedHat force-pushed the dev/tsweeney/gorrilla_retry_v4.9-rhel branch from e5f7e96 to 267867c Compare July 18, 2024 00:13
@TomSweeneyRedHat TomSweeneyRedHat mentioned this pull request Jul 18, 2024
Closed
@mheon
Copy link
Member

mheon commented Jul 18, 2024

LGTM

@TomSweeneyRedHat TomSweeneyRedHat changed the title [v4.9-rhel] CVE-2024-6104 & CVE-202437298 fixes [v4.9-rhel] CVE-2024-6104 & CVE-2024-37298 fixes Jul 18, 2024
@TomSweeneyRedHat
Copy link
Member Author

The boltdb test is failing, and I think can be ignored. @edsantiago and @mheon thoughts? Error below:

+0528s] not ok 148 [050] podman stop print IDs or raw input
[+0528s] # (from function `die' in file test/system/helpers.bash, line 757,
[+0528s] #  from function `run_podman' in file test/system/helpers.bash, line 403,
[+0528s] #  in test file test/system/050-stop.bats, line 80)
[+0528s] #   `run_podman stop --all' failed
[+0528s] #
[+0528s] # [12:47:12.634611764] # /var/tmp/go/src/github.com/containers/podman/bin/podman rm -t 0 --all --force --ignore
[+0528s] #
[+0528s] # [12:47:12.695762344] # /var/tmp/go/src/github.com/containers/podman/bin/podman ps --all --external --format {{.ID}} {{.Names}}
[+0528s] #
[+0528s] # [12:47:12.755429951] # /var/tmp/go/src/github.com/containers/podman/bin/podman images --all --format {{.Repository}}:{{.Tag}} {{.ID}}
[+0528s] # [12:47:12.808425200] quay.io/libpod/systemd-image:20230531 9984d4cfd1eb
[+0528s] # quay.io/libpod/testimage:20221018 f5a99120db64
[+0528s] #
[+0528s] # [12:47:13.005477717] # /var/tmp/go/src/github.com/containers/podman/bin/podman run -d quay.io/libpod/testimage:20221018 top
[+0528s] # [12:47:13.417059777] e8d732b93680fd0cc2ead8e5d617387b10770bb062cb65f2b3fb8449f3bc3e8e
[+0528s] #
[+0528s] # [12:47:13.429833629] # /var/tmp/go/src/github.com/containers/podman/bin/podman stop --all
[+0528s] # [12:47:23.718493765] time="2024-07-18T12:47:23-05:00" level=warning msg="StopSignal SIGTERM failed to stop container compassionate_mcclintock in 10 seconds, resorting to SIGKILL"
[+0528s] # e8d732b93680fd0cc2ead8e5d617387b10770bb062cb65f2b3fb8449f3bc3e8e
[+0528s] # #/vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv
[+0528s] # #| FAIL: Command succeeded, but issued unexpected warnings
[+0528s] # #\^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[+0528s] # # [teardown]
[+0528s] #

@mheon
Copy link
Member

mheon commented Jul 18, 2024

I don't see how SIGTERM is failing to stop a podman top, but the test could be fixed by adding -t 0 to the podman stop -a without affecting anything.

@edsantiago
Copy link
Member

Looks like it passed on rerun, so I'm inclined to stick my head in the sand...

@TomSweeneyRedHat
Copy link
Member Author

Third test rerun was the charm. Can I get a merge for this please? Thanks for the eyeballs folks.

@mheon
Copy link
Member

mheon commented Jul 19, 2024

/lgtm

@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Jul 19, 2024
@openshift-merge-bot openshift-merge-bot bot merged commit affa589 into containers:v4.9-rhel Jul 19, 2024
54 checks passed
@Luap99
Copy link
Member

Luap99 commented Jul 19, 2024

I don't see how SIGTERM is failing to stop a podman top, but the test could be fixed by adding -t 0 to the podman stop -a without affecting anything.

top is flakey #20196

@stale-locking-app stale-locking-app bot added the locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. label Oct 18, 2024
@stale-locking-app stale-locking-app bot locked as resolved and limited conversation to collaborators Oct 18, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees

@mheon mheon

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. lgtm Indicates that a PR is ready to be merged. locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. release-note-none
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@TomSweeneyRedHat @mheon @edsantiago @Luap99