Bug 1889954: bump(*) to mitigate CVE-2020-8564 #195

coreydaley · 2020-12-03T18:05:55Z

No description provided.

openshift-ci-robot · 2020-12-03T18:05:57Z

@coreydaley: No Bugzilla bug is referenced in the title of this pull request.
To reference a bug, add 'Bug XXX:' to the title of this pull request and request another bug refresh with /bugzilla refresh.

Details

In response to this:

bump(*)

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

coreydaley · 2020-12-03T18:06:05Z

/assign @adambkaplan

openshift-ci-robot · 2020-12-03T18:07:15Z

@coreydaley: This pull request references Bugzilla bug 1889954, which is invalid:

expected dependent Bugzilla bug 1889956 to be in one of the following states: VERIFIED, RELEASE_PENDING, CLOSED (ERRATA), but it is NEW instead

Comment /bugzilla refresh to re-evaluate validity if changes to the Bugzilla bug are made, or edit the title of this pull request to link to a different bug.

Details

In response to this:

Bug 1889954: CVE-2020-8564

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

coreydaley · 2020-12-03T19:44:30Z

/retest

coreydaley · 2020-12-03T21:01:41Z

/retest

coreydaley · 2020-12-04T01:15:21Z

/retest

coreydaley · 2020-12-08T13:36:33Z

/bugzilla refresh

openshift-ci-robot · 2020-12-08T13:36:42Z

@coreydaley: This pull request references Bugzilla bug 1889954, which is valid. The bug has been moved to the POST state. The bug has been updated to refer to the pull request using the external bug tracker.

6 validation(s) were run on this bug

bug is open, matching expected state (open)
bug target release (4.4.z) matches configured target release for branch (4.4.z)
bug is in the state NEW, which is one of the valid states (NEW, ASSIGNED, ON_DEV, POST, POST)
dependent bug Bugzilla bug 1889956 is in the state VERIFIED, which is one of the valid states (VERIFIED, RELEASE_PENDING, CLOSED (ERRATA))
dependent Bugzilla bug 1889956 targets the "4.5.z" release, which is one of the valid target releases: 4.5.0, 4.5.z
bug has dependents

Details

In response to this:

/bugzilla refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

adambkaplan · 2020-12-08T18:02:15Z

go.mod

 	github.com/opencontainers/runc v1.0.0-rc9
 	github.com/opencontainers/runtime-spec v1.0.0
-	github.com/openshift/api v3.9.1-0.20191024142031-e89ff1fddcbe+incompatible
+	github.com/openshift/api v0.0.0-20200618202633-7192180f496a


Where did this api bump come from? This appears to be from a later OpenShift release.

That is the latest commit in the release-4.4 branch of the openshift/api repository: openshift/api@7192180

Please indicate in the commit message that you are bumping openshift/api, and the reason for doing so. I assume you did this to get around an "invalid pseudo-version" error? I found something similar in a separate item I was iterating on.

adambkaplan

Please update the git commit message and PR description to provide more details.

adambkaplan · 2020-12-16T14:21:45Z

go.mod

 	github.com/opencontainers/runc v1.0.0-rc9
 	github.com/opencontainers/runtime-spec v1.0.0
-	github.com/openshift/api v3.9.1-0.20191024142031-e89ff1fddcbe+incompatible
+	github.com/openshift/api v0.0.0-20200618202633-7192180f496a


Please indicate in the commit message that you are bumping openshift/api, and the reason for doing so. I assume you did this to get around an "invalid pseudo-version" error? I found something similar in a separate item I was iterating on.

go.mod

adambkaplan · 2020-12-16T14:24:01Z

/approve

bumping openshift/api to work around invalid pseudo-version issue

coreydaley · 2020-12-16T14:52:07Z

Commit messages updated

adambkaplan

/lgtm

wewang58 · 2020-12-24T01:44:20Z

/bugzilla cc-qa

openshift-ci-robot · 2020-12-24T01:44:24Z

@wewang58: This pull request references Bugzilla bug 1889954, which is valid.

6 validation(s) were run on this bug

bug is open, matching expected state (open)
bug target release (4.4.z) matches configured target release for branch (4.4.z)
bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, ON_DEV, POST, POST)
dependent bug Bugzilla bug 1889956 is in the state CLOSED (ERRATA), which is one of the valid states (VERIFIED, RELEASE_PENDING, CLOSED (ERRATA))
dependent Bugzilla bug 1889956 targets the "4.5.z" release, which is one of the valid target releases: 4.5.0, 4.5.z
bug has dependents

Requesting review from QA contact:
/cc @wewang58

Details

In response to this:

/bugzilla cc-qa

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

wewang58 · 2020-12-25T01:55:43Z

/lgtm

openshift-ci-robot · 2021-01-07T08:00:51Z

@wewang58: The label(s) qe-approved cannot be applied, because the repository doesn't have them

Details

In response to this:

/label qe-approved

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

wewang58 · 2021-01-07T08:24:45Z

I see, The repo does not support qe-approve label

russellb · 2021-01-08T20:26:58Z

(patch manager) If this is CVE related, the severity should probably be bumped? We typically only merge high/urgent in 4.4 right now

openshift-bot · 2021-01-21T01:52:46Z

/retest

Please review the full test history for this PR and help us cut down flakes.

openshift-bot · 2021-01-21T02:44:50Z

/retest

Please review the full test history for this PR and help us cut down flakes.

openshift-bot · 2021-01-21T02:57:46Z

/retest

Please review the full test history for this PR and help us cut down flakes.

openshift-bot · 2021-01-21T04:02:52Z

/retest

Please review the full test history for this PR and help us cut down flakes.

openshift-bot · 2021-01-21T05:07:26Z

/retest

Please review the full test history for this PR and help us cut down flakes.

openshift-bot · 2021-01-21T05:59:26Z

/retest

Please review the full test history for this PR and help us cut down flakes.

openshift-bot · 2021-01-21T07:17:26Z

/retest

Please review the full test history for this PR and help us cut down flakes.

openshift-bot · 2021-01-21T08:35:30Z

/retest

Please review the full test history for this PR and help us cut down flakes.

openshift-bot · 2021-01-21T10:45:33Z

/retest

Please review the full test history for this PR and help us cut down flakes.

openshift-bot · 2021-01-21T12:55:28Z

/retest

Please review the full test history for this PR and help us cut down flakes.

openshift-bot · 2021-01-21T13:21:41Z

/retest

Please review the full test history for this PR and help us cut down flakes.

openshift-bot · 2021-01-21T14:26:27Z

/retest

Please review the full test history for this PR and help us cut down flakes.

crawford · 2021-01-21T16:51:20Z

These failures seem to be pretty common. @coreydaley can you look into this?

[image_ecosystem][Slow] openshift images should be SCL enabled  returning s2i usage when running the image [Top Level] [image_ecosystem][Slow] openshift images should be SCL enabled  returning s2i usage when running the image "registry.redhat.io/rhscl/php-73-rhel7" should print the usage [Suite:openshift]
[image_ecosystem][Slow] openshift images should be SCL enabled  returning s2i usage when running the image [Top Level] [image_ecosystem][Slow] openshift images should be SCL enabled  returning s2i usage when running the image "registry.redhat.io/rhscl/python-27-rhel7" should print the usage [Suite:openshift]

/hold

gabemontero · 2021-01-21T16:57:28Z

These failures seem to be pretty common. @coreydaley can you look into this?

[image_ecosystem][Slow] openshift images should be SCL enabled  returning s2i usage when running the image [Top Level] [image_ecosystem][Slow] openshift images should be SCL enabled  returning s2i usage when running the image "registry.redhat.io/rhscl/php-73-rhel7" should print the usage [Suite:openshift]
[image_ecosystem][Slow] openshift images should be SCL enabled  returning s2i usage when running the image [Top Level] [image_ecosystem][Slow] openshift images should be SCL enabled  returning s2i usage when running the image "registry.redhat.io/rhscl/python-27-rhel7" should print the usage [Suite:openshift]

/hold

ah ... if this PR is hitting that @coreydaley @crawford this was address in master/4.7 via an fix to the test in openshift/origin via openshift/origin#25799

to date it has only been backported to 4.6 via openshift/origin#25804

if we want to hold this on that test, vs. overriding it, we can add a 4.5 cherrypick to the 4.6 PR, get it merged, then do the 4.4 from the merged 4.5 PR

which way do you want to proceed @crawford ?

crawford · 2021-01-21T17:05:30Z

@gabemontero let's backport the test. Can you trigger those for me?

gabemontero · 2021-01-21T17:20:51Z

@gabemontero let's backport the test. Can you trigger those for me?

openshift/origin#25816 up for 4.5 @crawford ... added assignments for requisite approve/lgtm and cherrypick for 4.4 in that PR

crawford · 2021-01-22T03:06:40Z

openshift/origin#25817 has merged.

/hold cancel

openshift-bot · 2021-01-22T04:34:05Z

/retest

Please review the full test history for this PR and help us cut down flakes.

openshift-bot · 2021-01-22T20:49:10Z

/retest

Please review the full test history for this PR and help us cut down flakes.

openshift-ci-robot · 2021-01-22T22:04:26Z

@coreydaley: All pull requests linked via external trackers have merged:

openshift/builder#195

Bugzilla bug 1889954 has been moved to the MODIFIED state.

Details

In response to this:

Bug 1889954: bump(*) to mitigate CVE-2020-8564

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

openshift-ci-robot assigned adambkaplan Dec 3, 2020

openshift-ci-robot requested review from adambkaplan and gabemontero December 3, 2020 18:06

coreydaley changed the title ~~bump(*)~~ Bug 1889954: CVE-2020-8564 Dec 3, 2020

openshift-ci-robot added bugzilla/severity-medium Referenced Bugzilla bug's severity is medium for the branch this PR is targeting. bugzilla/invalid-bug Indicates that a referenced Bugzilla bug is invalid for the branch this PR is targeting. labels Dec 3, 2020

openshift-ci-robot added bugzilla/valid-bug Indicates that a referenced Bugzilla bug is valid for the branch this PR is targeting. and removed bugzilla/invalid-bug Indicates that a referenced Bugzilla bug is invalid for the branch this PR is targeting. labels Dec 8, 2020

adambkaplan requested changes Dec 8, 2020

View reviewed changes

adambkaplan requested changes Dec 16, 2020

View reviewed changes

openshift-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Dec 16, 2020

bump(*) to mitigate CVE-2020-8564

a0985cd

bumping openshift/api to work around invalid pseudo-version issue

adambkaplan changed the title ~~Bug 1889954: CVE-2020-8564~~ Bug 1889954: bump(*) to mitigate CVE-2020-8564 Dec 16, 2020

adambkaplan approved these changes Dec 16, 2020

View reviewed changes

openshift-ci-robot added the lgtm Indicates that a PR is ready to be merged. label Dec 16, 2020

adambkaplan mentioned this pull request Dec 23, 2020

Bug 1907573: Update buildah to v1.14.11 #198

Merged

openshift-ci-robot requested a review from wewang58 December 24, 2020 01:44

crawford added the cherry-pick-approved Indicates a cherry-pick PR into a release branch has been approved by the release branch manager. label Jan 21, 2021

openshift-ci-robot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Jan 21, 2021

crawford removed the cherry-pick-approved Indicates a cherry-pick PR into a release branch has been approved by the release branch manager. label Jan 21, 2021

gabemontero mentioned this pull request Jan 21, 2021

Bug 1918919: broaden acceptance of scl sample s2i image usage messages openshift/origin#25816

Merged

openshift-ci-robot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Jan 22, 2021

crawford added the cherry-pick-approved Indicates a cherry-pick PR into a release branch has been approved by the release branch manager. label Jan 22, 2021

openshift-merge-robot merged commit cf54259 into openshift:release-4.4 Jan 22, 2021

Bug 1889954: bump(*) to mitigate CVE-2020-8564 #195

Bug 1889954: bump(*) to mitigate CVE-2020-8564 #195

Uh oh!

Conversation

coreydaley commented Dec 3, 2020

Uh oh!

openshift-ci-robot commented Dec 3, 2020

Uh oh!

coreydaley commented Dec 3, 2020

Uh oh!

openshift-ci-robot commented Dec 3, 2020

Uh oh!

coreydaley commented Dec 3, 2020

Uh oh!

coreydaley commented Dec 3, 2020

Uh oh!

coreydaley commented Dec 4, 2020

Uh oh!

coreydaley commented Dec 8, 2020

Uh oh!

openshift-ci-robot commented Dec 8, 2020

Uh oh!

adambkaplan Dec 8, 2020

Choose a reason for hiding this comment

Uh oh!

coreydaley Dec 15, 2020

Choose a reason for hiding this comment

Uh oh!

adambkaplan Dec 16, 2020

Choose a reason for hiding this comment

Uh oh!

adambkaplan left a comment

Choose a reason for hiding this comment

Uh oh!

adambkaplan Dec 16, 2020

Choose a reason for hiding this comment

Uh oh!

Uh oh!

adambkaplan commented Dec 16, 2020

Uh oh!

coreydaley commented Dec 16, 2020

Uh oh!

adambkaplan left a comment

Choose a reason for hiding this comment

Uh oh!

wewang58 commented Dec 24, 2020

Uh oh!

openshift-ci-robot commented Dec 24, 2020

Uh oh!

wewang58 commented Dec 25, 2020

Uh oh!

openshift-ci-robot commented Jan 7, 2021

Uh oh!

wewang58 commented Jan 7, 2021

Uh oh!

russellb commented Jan 8, 2021

Uh oh!

openshift-bot commented Jan 21, 2021

Uh oh!

openshift-bot commented Jan 21, 2021

Uh oh!

openshift-bot commented Jan 21, 2021

Uh oh!

openshift-bot commented Jan 21, 2021

Uh oh!

openshift-bot commented Jan 21, 2021

Uh oh!

openshift-bot commented Jan 21, 2021

Uh oh!

openshift-bot commented Jan 21, 2021

Uh oh!

openshift-bot commented Jan 21, 2021

Uh oh!

openshift-bot commented Jan 21, 2021

Uh oh!

openshift-bot commented Jan 21, 2021

Uh oh!

openshift-bot commented Jan 21, 2021

Uh oh!

openshift-bot commented Jan 21, 2021

crawford commented Jan 21, 2021 •

edited

Loading