Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update packages for 1.11.0 #2583

Merged
merged 5 commits into from
Nov 15, 2022
Merged

Update packages for 1.11.0 #2583

merged 5 commits into from
Nov 15, 2022

Conversation

etungsten
Copy link
Contributor

@etungsten etungsten commented Nov 14, 2022
edited
Loading

Issue number:
N/A

Description of changes:
This PR only updates packages that have had CVE fixes since v1.10.0.

  • zlib 1.2.12 -> 1.2.13 fixes CVE-2022-37434
  • libexpact 2.4.9 -> 2.5.0 fixes CVE-2022-43680
  • libdbus 1.15.0 -> 1.15.2 fixes CVE-2022-42010, 42011, 42012
  • docker-cli 20.10.18 -> 20.10.20 fixes a git CVE-2022-39253 in the docker client. Although 20.10.21 is out, we don't want to move to that just yet since it's using containerd v1.6.9 library and we're still on containerd v1.6.8.

For other non-critical third-party package updates we've decided to do those after the 1.11.0 release.

Testing done:

  • aws-k8s-1.21 sonobuoy conformance-lite testing
Plugin: e2e
Status: passed
Total: 5773
Passed: 277
Failed: 0
Skipped: 5496
  • aws-k8s-1.22 sonobuoy conformance-lite testing:
         PLUGIN     STATUS   RESULT   COUNT                 PROGRESS                                                                   
            e2e   complete   passed       1   Passed:144, Failed:  0
  • aws-k8s-1.23 sonobuoy conformance-lite testing:
         PLUGIN     STATUS   RESULT   COUNT                 PROGRESS
            e2e   complete   passed       1   Passed:145, Failed:  0
  • aws-k8s-1.23-nvidia workload test on g5g instances:
$ kubectl logs nvidia-smoke-test-9mj8w                          
Running sample vectorAdd                                        
[Vector addition of 50000 elements]                             
Copy input data from the host memory to the CUDA device         
CUDA kernel launch with 196 blocks of 256 threads                                                                               
Copy output data from the CUDA device to the host memory        
Test PASSED                                                                                                                     
Done                                                            
Running sample bandwidthTest                                                                                                    
[CUDA Bandwidth Test] - Starting...                             
...
Result = PASS 
...
Result = PASS
  • aws-k8s-1.24 sonobuoy conformance-lite testing
         PLUGIN     STATUS   RESULT   COUNT                 PROGRESS
            e2e   complete   passed       1   Passed:131, Failed:  0
  • aws-ecs-1 testing with nginx task
[ec2-user@admin]$ apiclient get /os
{
  "arch": "aarch64",
  "build_id": "39e62df3",
  "pretty_name": "Bottlerocket OS 1.10.1 (aws-ecs-1)",
  "variant_id": "aws-ecs-1",
  "version_id": "1.10.1"
}
[ec2-user@admin]$ curl localhost:80
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
html { color-scheme: light dark; }
body { width: 35em; margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif; }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>
  • vmware-k8s testing with eksctl anywhere, can create a cluster with the vmware-k8s-1.23 ova just fine:
$ eksctl anywhere create cluster --kubeconfig ./mgmt-cluster/mgmt-cluster-eks-a-cluster.kubeconfig -f br-eksa-123.yaml -v 6
...
2022-11-14T15:59:39.379-0800    V0      Creating new workload cluster
...
2022-11-14T16:05:29.723-0800    V0      🎉 Cluster created! 
...

Then ran sonobuoy conformance-lite

         PLUGIN     STATUS   RESULT   COUNT                 PROGRESS
            e2e   complete   passed       1   Passed:145, Failed:  0
  • metal-k8s testing: successfully created cluster with eksctl anywhere and metal-k8s-1.23 image built with these commits. Ran conformance-lite and all tests passed.

Terms of contribution:

By submitting this pull request, I agree that this contribution is dual-licensed under the terms of both the Apache License, version 2.0, and the MIT license.

@etungsten etungsten changed the title Update packages for 1.11.0 Update packages for 1.11.0 Nov 14, 2022
@etungsten etungsten removed the request for review from arnaldo2792 November 14, 2022 21:44
stmcginnis
stmcginnis approved these changes Nov 14, 2022
View reviewed changes
Copy link
Contributor

@stmcginnis stmcginnis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changes look fine to me.

This was referenced Nov 14, 2022
Merged
Merged
@etungsten
Copy link
Contributor Author

Push above fixes the gitrev value in docker-engine.spec

@etungsten etungsten mentioned this pull request Nov 15, 2022
Merged
@etungsten etungsten marked this pull request as ready for review November 15, 2022 01:01
@etungsten etungsten merged commit 62851d4 into bottlerocket-os:develop Nov 15, 2022
@etungsten etungsten deleted the 3pu branch November 15, 2022 01:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@webern webern webern approved these changes

@stmcginnis stmcginnis stmcginnis approved these changes

@bcressey bcressey bcressey approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@etungsten @bcressey @stmcginnis @webern