gh/2.83.1-r2: cve remediation#75109
Merged
OddBloke merged 2 commits intoDec 12, 2025
Merged
Chainguard Internal / elastic-build (eco-2-28)
succeeded
Dec 11, 2025 in 4m 27s
APKs built successfully
Build ID: 8713e0be-fd83-47fe-b857-c3dd7a766c78
Details
builds
x86_64 Logs
Click to expand
alling wolfi-base (1-r7)
populating workspace /tmp/melange-workspace-1613727821 from gh
qemu: generating ssh key pairs for ephemeral VM
qemu: generating SSH host key for VM
qemu: generating base initramfs
image configuration:
contents:
build repositories: [https://apk.cgr.dev/chainguard]
runtime repositories: []
repositories: []
keyring: []
packages: [microvm-init]
installing wolfi-baselayout (20230201-r24)
installing ca-certificates-bundle (20251003-r0)
installing libgcc (15.2.0-r6)
installing glibc-locale-posix (2.42-r4)
installing glibc (2.42-r4)
installing ld-linux (2.42-r4)
installing gnutar-rmt (1.35-r6)
installing gnutar (1.35-r6)
installing libattr1 (2.5.2-r54)
installing attr (2.5.2-r54)
installing zlib (1.3.1-r51)
installing libzstd1 (1.5.7-r5)
installing xz (5.8.1-r6)
installing libcrypto3 (3.6.0-r6)
installing kmod (34.2-r42)
installing libmnl (1.0.5-r6)
installing libbz2-1 (1.0.8-r21)
installing libelf (0.194-r0)
installing libbpf (1.6.2-r0)
installing libverto (0.3.2-r6)
installing krb5-conf (1.0-r7)
installing libcom_err (1.47.3-r1)
installing keyutils-libs (1.6.3-r37)
installing libssl3 (3.6.0-r6)
installing krb5-libs (1.22.1-r1)
installing libtirpc (1.3.7-r1)
installing libpcre2-8-0 (10.47-r0)
installing libsepol (3.9-r1)
installing libselinux (3.9-r1)
installing libnftnl (1.3.1-r0)
installing xtables (1.8.11-r29)
installing libcap (2.77-r0)
installing iproute2 (6.17.0-r2)
installing libstdc++ (15.2.0-r6)
installing inih (62-r1)
installing liburcu (0.15.5-r0)
installing libblkid (2.41.2-r2)
installing libuuid (2.41.2-r2)
installing xfsprogs-core (6.17.0-r2)
installing xfsprogs (6.17.0-r2)
installing libmount (2.41.2-r2)
installing mount (2.41.2-r2)
installing ncurses-terminfo-base (6.5_p20251025-r1)
installing ncurses (6.5_p20251025-r1)
installing setarch (2.41.2-r2)
installing libfdisk (2.41.2-r2)
installing sqlite-libs (3.51.1-r0)
installing util-linux (2.41.2-r2)
installing libsmartcols (2.41.2-r2)
installing util-linux-misc (2.41.2-r2)
installing libxcrypt (4.5.2-r0)
installing libcrypt1 (2.42-r4)
installing linux-pam (1.7.1-r3)
installing openssh-keygen (10.2_p1-r2)
installing openssh-server-config (10.2_p1-r2)
installing openssh-server (10.2_p1-r2)
installing busybox (1.37.0-r50)
installing microvm-init (0.0.1-r15)
qemu: starting VM
qemu: waiting for SSH
conn read: read tcp 127.0.0.1:55880->127.0.0.1:38523: i/o timeout
qemu: meta-data=/dev/vda isize=512 agcount=8, agsize=1638400 blks
qemu: = sectsz=4096 attr=2, projid32bit=1
qemu: = crc=1 finobt=1, sparse=1, rmapbt=1
qemu: = reflink=1 bigtime=1 inobtcount=1 nrext64=1
qemu: = exchange=0 metadir=0
qemu: data = bsize=4096 blocks=13107200, imaxpct=25
qemu: = sunit=0 swidth=0 blks
qemu: naming =version 2 bsize=4096 ascii-ci=0, ftype=1, parent=0
qemu: log =internal log bsize=4096 blocks=16384, version=2
qemu: = sectsz=4096 sunit=1 blks, lazy-count=1
qemu: realtime =none extsz=4096 blocks=0, rtextents=0
qemu: = rgcount=0 rgsize=0 extents
qemu: = zoned=0 start=0 reserved=0
qemu: Discarding blocks...Done.
conn read: read tcp 127.0.0.1:55890->127.0.0.1:38523: i/o timeout
qemu: [INIT] Checking for init.d scripts...
qemu: [INIT] No /opt/melange/init.d directory (optional, skipping)
qemu: ssh-keygen: generating new host keys: RSA ECDSA
qemu: Server listening on 0.0.0.0 port 2223.
qemu: Server listening on 0.0.0.0 port 22.
qemu: VM started successfully, SSH server is up
qemu: Connection closed by 10.0.2.2 port 55904
qemu: verifying VM host key against pre-provisioned key
qemu: Accepted publickey for root from 10.0.2.2 port 55918 ssh2: ECDSA SHA256:04hpdVEI8FTRkqvyWWJ5vETbndt3aeZxl5AZW3upcZQ
qemu: VM host key successfully verified against pre-provisioned key
qemu: Connection closed by 10.0.2.2 port 55918
qemu: Accepted publickey for root from 10.0.2.2 port 55928 ssh2: ECDSA SHA256:04hpdVEI8FTRkqvyWWJ5vETbndt3aeZxl5AZW3upcZQ
qemu: Accepted publickey for root from 10.0.2.2 port 39588 ssh2: ECDSA SHA256:04hpdVEI8FTRkqvyWWJ5vETbndt3aeZxl5AZW3upcZQ
qemu: Accepted publickey for root from 10.0.2.2 port 55934 ssh2: ECDSA SHA256:04hpdVEI8FTRkqvyWWJ5vETbndt3aeZxl5AZW3upcZQ
qemu: running kernel version: 6.16.10-r2-qemu-generic #Chainguard SMP PREEMPT_DYNAMIC Fri Oct 3 22:31:32 UTC 2025
qemu: setting up local workspace
qemu: unmounting host workspace from guest
running the main test pipeline
gh version 2.83.1 (2025-12-11)
https://github.com/cli/cli/releases/tag/v2.83.1
Work seamlessly with GitHub from the command line.
USAGE
gh <command> <subcommand> [flags]
CORE COMMANDS
auth: Authenticate gh and git with GitHub
browse: Open repositories, issues, pull requests, and more in the browser
codespace: Connect to and manage codespaces
gist: Manage gists
issue: Manage issues
org: Manage organizations
pr: Manage pull requests
project: Work with GitHub Projects.
release: Manage releases
repo: Manage repositories
GITHUB ACTIONS COMMANDS
cache: Manage GitHub Actions caches
run: View details about workflow runs
workflow: View details about GitHub Actions workflows
ALIAS COMMANDS
co: Alias for "pr checkout"
ADDITIONAL COMMANDS
agent-task: Work with agent tasks (preview)
alias: Create command shortcuts
api: Make an authenticated GitHub API request
attestation: Work with artifact attestations
completion: Generate shell completion scripts
config: Manage configuration for gh
extension: Manage gh extensions
gpg-key: Manage GPG keys
label: Manage labels
preview: Execute previews for gh features
ruleset: View info about repo rulesets
search: Search for repositories, issues, and pull requests
secret: Manage GitHub secrets
ssh-key: Manage SSH keys
status: Print information about relevant issues, pull requests, and notifications across repositories
variable: Manage GitHub Actions variables
HELP TOPICS
accessibility: Learn about GitHub CLI's accessibility experiences
actions: Learn about working with GitHub Actions
environment: Environment variables that can be used with gh
exit-codes: Exit codes used by gh
formatting: Formatting options for JSON data exported from gh
mintty: Information about using gh with MinTTY
reference: A comprehensive reference of all gh commands
FLAGS
--help Show help for command
--version Show gh version
EXAMPLES
$ gh issue create
$ gh repo clone cli/cli
$ gh pr checkout 321
LEARN MORE
Use `gh <command> <subcommand> --help` for more information about a command.
Read the manual at https://cli.github.com/manual
Learn about exit codes using `gh help exit-codes`
Learn about accessibility experiences using `gh help accessibility`
qemu: sending shutdown signal
running test pipeline for subpackage gh-doc
melange v0.36.0 with runner qemu is testing:
image configuration:
contents:
build repositories: []
runtime repositories: []
repositories: []
keyring: []
packages: [apk-tools gh-doc grep man-db texinfo]
accounts:
runas:
users:
- uid=1000(build) gid=1000
groups:
- gid=1000(build) members=[build]
installing wolfi-baselayout (20230201-r24)
installing ca-certificates-bundle (20251003-r0)
installing ld-linux (2.42-r4)
installing libgcc (15.2.0-r6)
installing glibc-locale-posix (2.42-r4)
installing glibc (2.42-r4)
installing zlib (1.3.1-r51)
installing libcrypto3 (3.6.0-r6)
installing libssl3 (3.6.0-r6)
installing apk-tools (2.14.10-r9)
installing oldlibstdcxx-2.28 (8.5.0-r1)
installing libstdc++ (15.2.0-r6)
installing ct-manylinux-2.28-gcc-14 (1.28.0-r87)
installing ct-manylinux-2.28 (1.28.0-r87)
installing gmp (6.3.0-r8)
installing mpfr (4.2.2-r2)
installing mpc (1.3.1-r7)
installing posix-cc-wrappers (2-r7)
installing isl (0.27-r4)
installing libzstd1 (1.5.7-r5)
installing libstdc++-14 (14.3.0-r9)
installing libstdc++-14-dev (14.3.0-r9)
installing libquadmath (15.2.0-r6)
installing openssf-compiler-options (20250904-r2)
installing binutils (2.45.1-r2)
installing libxcrypt (4.5.2-r0)
installing libxcrypt-dev (4.5.2-r0)
installing nss-db (2.42-r4)
installing nss-hesiod (2.42-r4)
installing linux-headers (6.18-r0)
installing glibc-dev (2.42-r4)
installing gcc-14 (14.3.0-r9)
installing libgfortran-14 (14.3.0-r9)
installing gfortran-14 (14.3.0-r9)
installing libgfortran (15.2.0-r6)
installing gcc-14-default (14.3.0-r9)
installing libseccomp (2.6.0-r1)
installing libpipeline (1.5.8-r2)
installing groff-base (1.23.0-r7)
installing libbz2-1 (1.0.8-r21)
installing libcrypt1 (2.42-r4)
installing perl (5.42.0-r1)
installing groff (1.23.0-r7)
installing gdbm (1.26-r1)
installing man-db (2.13.1-r51)
installing gh-doc (2.83.1-r3)
installing libpcre2-8-0 (10.47-r0)
installing grep (3.12-r3)
installing ncurses-terminfo-base (6.5_p20251025-r1)
installing ncurses (6.5_p20251025-r1)
installing texinfo (7.2-r4)
installing wolfi-keys (1-r12)
installing busybox (1.37.0-r50)
installing wolfi-base (1-r7)
qemu: generating ssh key pairs for ephemeral VM
qemu: generating SSH host key for VM
qemu: starting VM
qemu: waiting for SSH
qemu: = sectsz=4096 sunit=1 blks, lazy-count=1
qemu: = rgcount=0 rgsize=0 extents
qemu: Discarding blocks...Done.
qemu: VM started successfully, SSH server is up
qemu: Accepted publickey for root from 10.0.2.2 port 37224 ssh2: ECDSA SHA256:aVMYIKIEhaDvCi+3YFRDA3NvgahauPTUC2MS/n5G+io
qemu: Connection closed by 10.0.2.2 port 37224
qemu: unmounting host workspace from guest
running step "docs readability check"
troff:<standard input>:18: warning [p 1, 3.2i]: cannot adjust line
troff:<standard input>:24: warning [p 1, 4.5i]: cannot adjust line
aarch64 Logs
Click to expand
in $(seq 60); do
if docker info >/dev/null 2>&1; then
worked=true
break
fi
echo "docker healthcheck failed, docker is not ready, retrying... ($i/60 seconds so far)..."
sleep 1
done
if [ "$worked" = "false" ]; then
echo "Failed to start docker after 60 seconds"
exit 1
fi
]
command "bash" completed successfully
running command melange [test gh.yaml --gcplog --source-dir gh --test-package-append wolfi-base --arch=aarch64 --env-file=build-aarch64.env --pipeline-dirs=./pipelines --runner=docker --repository-append=https://apk.cgr.dev/chainguard --repository-append=https://apk.cgr.dev/chainguard-private --repository-append=https://apk.cgr.dev/chainguard-2.28 --repository-append=https://apk.cgr.dev/chainguard-2.28-presubmit/97c060e33155d5d222059eb4dddd86eaecd18c83 --test-package-append=ct-manylinux-2.28 --test-package-append=gcc-14-default --repository-append=https://apk.cgr.dev/chainguard-2.28-presubmit/97c060e33155d5d222059eb4dddd86eaecd18c83]
melange v0.36.0 with runner docker is testing:
image configuration:
contents:
build repositories: []
runtime repositories: []
repositories: []
keyring: []
packages: [gh]
accounts:
runas:
users:
- uid=1000(build) gid=1000
groups:
- gid=1000(build) members=[build]
installing wolfi-baselayout (20230201-r24)
installing ca-certificates-bundle (20251003-r0)
installing glibc-locale-posix (2.42-r4)
installing ld-linux (2.42-r4)
installing glibc (2.42-r4)
installing libgcc (15.2.0-r6)
installing oldlibstdcxx-2.28 (8.5.0-r1)
installing libstdc++ (15.2.0-r6)
installing ct-manylinux-2.28-gcc-14 (1.28.0-r87)
installing ct-manylinux-2.28 (1.28.0-r87)
installing gmp (6.3.0-r8)
installing mpfr (4.2.2-r2)
installing mpc (1.3.1-r7)
installing posix-cc-wrappers (2-r7)
installing isl (0.27-r4)
installing zlib (1.3.1-r51)
installing libzstd1 (1.5.7-r5)
installing libstdc++-14 (14.3.0-r9)
installing libstdc++-14-dev (14.3.0-r9)
installing libquadmath (15.2.0-r6)
installing openssf-compiler-options (20250904-r2)
installing binutils (2.45.1-r2)
installing libxcrypt (4.5.2-r0)
installing libxcrypt-dev (4.5.2-r0)
installing nss-db (2.42-r4)
installing nss-hesiod (2.42-r4)
installing linux-headers (6.18-r0)
installing glibc-dev (2.42-r4)
installing gcc-14 (14.3.0-r9)
installing libgfortran-14 (14.3.0-r9)
installing gfortran-14 (14.3.0-r9)
installing libgfortran (15.2.0-r6)
installing gcc-14-default (14.3.0-r9)
installing gh (2.83.1-r3)
installing wolfi-keys (1-r12)
installing libcrypto3 (3.6.0-r6)
installing libssl3 (3.6.0-r6)
installing apk-tools (2.14.10-r9)
installing libcrypt1 (2.42-r4)
installing busybox (1.37.0-r50)
installing wolfi-base (1-r7)
layer digest: sha256:1f7330c81bb2665f54cc8d6a7af2c24936fc0c3c1e80e9ea1a202d30bfc177f7
layer diffID: sha256:96d1d6405f38e00015c4253ed8492f8b1ebc60a84fbf8fa868dca155a4d85d6d
saving OCI image locally: apko.local/cache:233b4b100253563c8b095fe817b4823bc8ac2047ac9e67e3f1f31b931e571f58
tagging local image apko.local/cache:233b4b100253563c8b095fe817b4823bc8ac2047ac9e67e3f1f31b931e571f58 as index.docker.io/library/melange:latest
populating workspace /tmp/melange-workspace-632334277 from gh
running the main test pipeline
gh version 2.83.1 (2025-12-11)
https://github.com/cli/cli/releases/tag/v2.83.1
Work seamlessly with GitHub from the command line.
USAGE
gh <command> <subcommand> [flags]
CORE COMMANDS
auth: Authenticate gh and git with GitHub
browse: Open repositories, issues, pull requests, and more in the browser
codespace: Connect to and manage codespaces
gist: Manage gists
issue: Manage issues
org: Manage organizations
pr: Manage pull requests
project: Work with GitHub Projects.
release: Manage releases
repo: Manage repositories
GITHUB ACTIONS COMMANDS
cache: Manage GitHub Actions caches
run: View details about workflow runs
workflow: View details about GitHub Actions workflows
ALIAS COMMANDS
co: Alias for "pr checkout"
ADDITIONAL COMMANDS
agent-task: Work with agent tasks (preview)
alias: Create command shortcuts
api: Make an authenticated GitHub API request
attestation: Work with artifact attestations
completion: Generate shell completion scripts
config: Manage configuration for gh
extension: Manage gh extensions
gpg-key: Manage GPG keys
label: Manage labels
preview: Execute previews for gh features
ruleset: View info about repo rulesets
search: Search for repositories, issues, and pull requests
secret: Manage GitHub secrets
ssh-key: Manage SSH keys
status: Print information about relevant issues, pull requests, and notifications across repositories
variable: Manage GitHub Actions variables
HELP TOPICS
accessibility: Learn about GitHub CLI's accessibility experiences
actions: Learn about working with GitHub Actions
environment: Environment variables that can be used with gh
exit-codes: Exit codes used by gh
formatting: Formatting options for JSON data exported from gh
mintty: Information about using gh with MinTTY
reference: A comprehensive reference of all gh commands
FLAGS
--help Show help for command
--version Show gh version
EXAMPLES
$ gh issue create
$ gh repo clone cli/cli
$ gh pr checkout 321
LEARN MORE
Use `gh <command> <subcommand> --help` for more information about a command.
Read the manual at https://cli.github.com/manual
Learn about exit codes using `gh help exit-codes`
Learn about accessibility experiences using `gh help accessibility`
pod 6c1203147ebfc5f16043a46fc6dff6493a4d23c76b683daa700e8923fbcf4d77 terminated
running test pipeline for subpackage gh-doc
melange v0.36.0 with runner docker is testing:
image configuration:
contents:
build repositories: []
runtime repositories: []
repositories: []
keyring: []
packages: [apk-tools gh-doc grep man-db texinfo]
accounts:
runas:
users:
- uid=1000(build) gid=1000
groups:
- gid=1000(build) members=[build]
installing wolfi-baselayout (20230201-r24)
installing ca-certificates-bundle (20251003-r0)
installing libgcc (15.2.0-r6)
installing glibc-locale-posix (2.42-r4)
installing glibc (2.42-r4)
installing ld-linux (2.42-r4)
installing zlib (1.3.1-r51)
installing libcrypto3 (3.6.0-r6)
installing libssl3 (3.6.0-r6)
installing apk-tools (2.14.10-r9)
installing oldlibstdcxx-2.28 (8.5.0-r1)
installing libstdc++ (15.2.0-r6)
installing ct-manylinux-2.28-gcc-14 (1.28.0-r87)
installing ct-manylinux-2.28 (1.28.0-r87)
installing gmp (6.3.0-r8)
installing mpfr (4.2.2-r2)
installing mpc (1.3.1-r7)
installing posix-cc-wrappers (2-r7)
installing isl (0.27-r4)
installing libzstd1 (1.5.7-r5)
installing libstdc++-14 (14.3.0-r9)
installing libstdc++-14-dev (14.3.0-r9)
installing libquadmath (15.2.0-r6)
installing openssf-compiler-options (20250904-r2)
installing binutils (2.45.1-r2)
installing libxcrypt (4.5.2-r0)
installing libxcrypt-dev (4.5.2-r0)
installing nss-db (2.42-r4)
installing nss-hesiod (2.42-r4)
installing linux-headers (6.18-r0)
installing glibc-dev (2.42-r4)
installing gcc-14 (14.3.0-r9)
installing libgfortran-14 (14.3.0-r9)
installing gfortran-14 (14.3.0-r9)
installing libgfortran (15.2.0-r6)
installing gcc-14-default (14.3.0-r9)
installing libseccomp (2.6.0-r1)
installing libpipeline (1.5.8-r2)
installing groff-base (1.23.0-r7)
installing libbz2-1 (1.0.8-r21)
installing libcrypt1 (2.42-r4)
installing perl (5.42.0-r1)
installing groff (1.23.0-r7)
installing gdbm (1.26-r1)
installing man-db (2.13.1-r51)
installing gh-doc (2.83.1-r3)
installing libpcre2-8-0 (10.47-r0)
installing grep (3.12-r3)
installing ncurses-terminfo-base (6.5_p20251025-r1)
installing ncurses (6.5_p20251025-r1)
installing texinfo (7.2-r4)
installing wolfi-keys (1-r12)
installing busybox (1.37.0-r50)
installing wolfi-base (1-r7)
layer digest: sha256:ab3bc8791d3fe072ca48a759cea45a641bfaa604ad1dc8e936d2025180591a9b
layer diffID: sha256:f5a195d26b7c38cfeaf0c41cf5b42a7f2a2dc012f50bd5bf57f87cb7ebae1b50
saving OCI image locally: apko.local/cache:cda7a678af65ff18e8ab2351f6184b899b42b61556d0322107439e939d654093
tagging local image apko.local/cache:cda7a678af65ff18e8ab2351f6184b899b42b61556d0322107439e939d654093 as index.docker.io/library/melange:latest
running step "test/docs"
running step "docs readability check"
troff:<standard input>:54: warning [p 1, 9.5i]: cannot adjust line
troff:<standard input>:42: warning [p 1, 6.7i]: cannot adjust line
troff:<standard input>:37: warning [p 1, 6.5i]: cannot adjust line
troff:<standard input>:22: warning: special character 'OK' not defined
troff:<standard input>:18: warning [p 1, 3.2i]: cannot adjust line
troff:<standard input>:24: warning [p 1, 4.5i]: cannot adjust line
troff:<standard input>:18: warning [p 1, 3.2i]: cannot adjust line
troff:<standard input>:24: warning [p 1, 4.5i]: cannot adjust line
troff:<standard input>:20: warning [p 1, 3.5i]: cannot adjust line
troff:<standard input>:43: warning [p 1, 7.8i]: cannot adjust line
troff:<standard input>:43: warning [p 1, 8.0i]: cannot adjust line
troff:<standard input>:61: warning [p 1, 10.8i]: cannot adjust line
troff:<standard input>:18: warning [p 1, 3.0i]: cannot adjust line
troff:<standard input>:22: warning [p 1, 3.8i]: cannot adjust line
troff:<standard input>:28: warning [p 1, 5.2i]: cannot adjust line
troff:<standard input>:153: warning [p 3, 3.8i]: cannot adjust line
troff:<standard input>:28: warning [p 1, 5.2i]: cannot adjust line
troff:<standard input>:185: warning [p 3, 9.3i]: cannot adjust line
troff:<standard input>:22: warning [p 1, 3.8i]: cannot adjust line
troff:<standard input>:44: warning [p 1, 7.7i]: cannot adjust line
troff:<standard input>:44: warning [p 1, 7.8i]: cannot adjust line
troff:<standard input>:46: warning [p 1, 8.2i]: cannot adjust line
troff:<standard input>:46: warning [p 1, 8.3i]: cannot adjust line
pod c880cb92079c3d95ce06a7eeb4c95cce9af682725d96479c1db76884612b2918 terminated
command "melange" completed successfully
tests completed successfully
all tests passed
Indexes
https://apk.cgr.dev/chainguard-2.28-presubmit/97c060e33155d5d222059eb4dddd86eaecd18c83
Packages
- ✅ gh (success | 1m42s | x86_64 logs | aarch64 logs)
Tests
- ✅ gh (success | 32s | x86_64 logs | aarch64 logs)
More Observability
Command
cg build log \
--build-id 8713e0be-fd83-47fe-b857-c3dd7a766c78 \
--project prod-eco-8de7 \
--cluster elastic-pre \
--namespace pre-eco-2-28 \
--start 2025-12-11T21:03:36Z \
--end 2025-12-11T21:18:04Z
Loading