Yes, I replied to the wrong message. Sorry for the confusion. -----Original Message----- From: Bruce Ashfield <[email protected]> Sent: Sunday, August 1, 2021 8:48 PM To: Ruslan Babayev (fib) <[email protected]> Cc: [email protected]; [email protected] Subject: Re: [meta-virtualization][hardknott][PATCH] kubernetes: fix CVE-2021-20206
In message: RE: [meta-virtualization][hardknott][PATCH] kubernetes: fix CVE-2021-20206 on 30/07/2021 Ruslan Babayev (fib) wrote: > Thanks Bruce! > > Can this be cherry-picked into Dunfell and other branches as well? Was this meant to be in reply to the python bbappend patch you had sent ? I assume so, since this one obviously cannot be cherry picked. Bruce > > -----Original Message----- > From: [email protected] > <[email protected]> On Behalf Of Bruce > Ashfield > Sent: Thursday, July 29, 2021 7:58 AM > To: [email protected] > Cc: [email protected] > Subject: Re: [meta-virtualization][hardknott][PATCH] kubernetes: fix > CVE-2021-20206 > > merged. > > Bruce > > In message: [meta-virtualization][hardknott][PATCH] kubernetes: fix > CVE-2021-20206 on 28/07/2021 [email protected] wrote: > > > Signed-off-by: Sakib Sajal <[email protected]> > > --- > > .../kubernetes/CVE-2021-20206.patch | 92 +++++++++++++++++++ > > .../kubernetes/kubernetes_git.bb | 1 + > > 2 files changed, 93 insertions(+) > > create mode 100644 > > recipes-containers/kubernetes/kubernetes/CVE-2021-20206.patch > > > > diff --git > > a/recipes-containers/kubernetes/kubernetes/CVE-2021-20206.patch > > b/recipes-containers/kubernetes/kubernetes/CVE-2021-20206.patch > > new file mode 100644 > > index 0000000..dc4e902 > > --- /dev/null > > +++ b/recipes-containers/kubernetes/kubernetes/CVE-2021-20206.patch > > @@ -0,0 +1,92 @@ > > +From 5e8f9a8a72351e2fb5bcea3e3c58c935314557b6 Mon Sep 17 00:00:00 > > +2001 > > +From: Navid Shaikh <[email protected]> > > +Date: Thu, 6 May 2021 15:41:08 +0530 > > +Subject: [PATCH] Bump containernetworking/cni to v0.8.1 > > + > > + Fix CVE-2021-20206 > > +CVE: CVE-2021-20206 > > +Upstream-Status: Backport > > +[185f65fbddb5239666c0c67fb335589b7570f60c] > > +Signed-off-by: Sakib Sajal <[email protected]> > > +--- > > + go.mod | 4 ++-- > > + go.sum | 4 ++-- > > + vendor/github.com/containernetworking/cni/pkg/invoke/find.go | 5 +++++ > > + vendor/modules.txt | 2 +- > > + 4 files changed, 10 insertions(+), 5 deletions(-) > > + > > +diff --git a/src/import/go.mod b/src/import/go.mod index > > +e0ba549ab40..d4cc9ce01a9 100644 > > +--- a/src/import/go.mod > > ++++ b/src/import/go.mod > > +@@ -28,7 +28,7 @@ require ( > > + github.com/clusterhq/flocker-go v0.0.0-20160920122132-2b8b7259d313 > > + github.com/codegangsta/negroni v1.0.0 // indirect > > + github.com/container-storage-interface/spec v1.2.0 > > +- github.com/containernetworking/cni v0.8.0 > > ++ github.com/containernetworking/cni v0.8.1 > > + github.com/coredns/corefile-migration v1.0.10 > > + github.com/coreos/go-oidc v2.1.0+incompatible > > + github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e > > +@@ -214,7 +214,7 @@ replace ( > > + github.com/containerd/go-runc => github.com/containerd/go-runc > > v0.0.0-20180907222934-5a6d9f37cfa3 > > + github.com/containerd/ttrpc => github.com/containerd/ttrpc v1.0.2 > > + github.com/containerd/typeurl => github.com/containerd/typeurl v1.0.1 > > +- github.com/containernetworking/cni => > > github.com/containernetworking/cni v0.8.0 > > ++ github.com/containernetworking/cni => > > ++github.com/containernetworking/cni v0.8.1 > > + github.com/coredns/corefile-migration => > > github.com/coredns/corefile-migration v1.0.10 > > + github.com/coreos/bbolt => github.com/coreos/bbolt v1.3.2 > > + github.com/coreos/etcd => github.com/coreos/etcd > > +v3.3.13+incompatible diff --git a/src/import/go.sum > > +b/src/import/go.sum index 288f4554b1f..9168f49c859 100644 > > +--- a/src/import/go.sum > > ++++ b/src/import/go.sum > > +@@ -113,8 +113,8 @@ github.com/containerd/ttrpc v1.0.2 > > +h1:2/O3oTZN36q2xRolk0a2WWGgh7/Vf/liElg5hFYLX9 > > + github.com/containerd/ttrpc v1.0.2/go.mod > > +h1:UAxOpgT9ziI0gJrmKvgcZivgxOp8iFPSk8httJEt98Y= > > + github.com/containerd/typeurl v1.0.1 > > +h1:PvuK4E3D5S5q6IqsPDCy928FhP0LUIGcmZ/Yhgp5Djw= > > + github.com/containerd/typeurl v1.0.1/go.mod > > +h1:TB1hUtrpaiO88KEK56ijojHS1+NeF0izUACaJW2mdXg= > > +-github.com/containernetworking/cni v0.8.0 > > +h1:BT9lpgGoH4jw3lFC7Odz2prU5ruiYKcgAjMCbgybcKI= > > +-github.com/containernetworking/cni v0.8.0/go.mod > > +h1:LGwApLUm2FpoOfxTDEeq8T9ipbpZ61X79hmU3w8FmsY= > > ++github.com/containernetworking/cni v0.8.1 > > ++h1:7zpDnQ3T3s4ucOuJ/ZCLrYBxzkg0AELFfII3Epo9TmI= > > ++github.com/containernetworking/cni v0.8.1/go.mod > > ++h1:LGwApLUm2FpoOfxTDEeq8T9ipbpZ61X79hmU3w8FmsY= > > + github.com/coredns/corefile-migration v1.0.10 > > +h1:7HI4r5S5Fne749a+JDxUZppqBpYoZK8Q53ZVK9cn3aM= > > + github.com/coredns/corefile-migration v1.0.10/go.mod > > +h1:RMy/mXdeDlYwzt0vdMEJvT2hGJ2I86/eO0UdXmH9XNI= > > + github.com/coreos/bbolt v1.3.2 > > +h1:wZwiHHUieZCquLkDL0B8UhzreNWsPHooDAG3q34zk0s= > > +diff --git > > +a/src/import/vendor/github.com/containernetworking/cni/pkg/invoke/f > > +in > > +d.go > > +b/src/import/vendor/github.com/containernetworking/cni/pkg/invoke/f > > +in d.go index e815404c859..e62029eb788 100644 > > +--- > > +a/src/import/vendor/github.com/containernetworking/cni/pkg/invoke/f > > +in > > +d.go > > ++++ b/src/import/vendor/github.com/containernetworking/cni/pkg/invo > > ++++ ke > > ++++ /find.go > > +@@ -18,6 +18,7 @@ import ( > > + "fmt" > > + "os" > > + "path/filepath" > > ++ "strings" > > + ) > > + > > + // FindInPath returns the full path of the plugin by searching in > > +the provided path @@ -26,6 +27,10 @@ func FindInPath(plugin string, paths > > []string) (string, error) { > > + return "", fmt.Errorf("no plugin name provided") > > + } > > + > > ++ if strings.ContainsRune(plugin, os.PathSeparator) { > > ++ return "", fmt.Errorf("invalid plugin name: %s", plugin) > > ++ } > > ++ > > + if len(paths) == 0 { > > + return "", fmt.Errorf("no paths provided") > > + } > > +diff --git a/src/import/vendor/modules.txt > > +b/src/import/vendor/modules.txt index 6a263b51686..c3b68a5f547 > > +100644 > > +--- a/src/import/vendor/modules.txt > > ++++ b/src/import/vendor/modules.txt > > +@@ -257,7 +257,7 @@ github.com/containerd/containerd/pkg/dialer > > + github.com/containerd/ttrpc > > + # github.com/containerd/ttrpc => github.com/containerd/ttrpc > > +v1.0.2 # github.com/containerd/typeurl => > > +github.com/containerd/typeurl > > +v1.0.1 -# github.com/containernetworking/cni v0.8.0 => > > +github.com/containernetworking/cni v0.8.0 > > ++# github.com/containernetworking/cni v0.8.1 => > > ++github.com/containernetworking/cni v0.8.1 > > + ## explicit > > + # github.com/containernetworking/cni => > > +github.com/containernetworking/cni v0.8.0 > > +github.com/containernetworking/cni/libcni > > +-- > > +2.25.1 > > + > > diff --git a/recipes-containers/kubernetes/kubernetes_git.bb > > b/recipes-containers/kubernetes/kubernetes_git.bb > > index bc694a2..7b9aab8 100644 > > --- a/recipes-containers/kubernetes/kubernetes_git.bb > > +++ b/recipes-containers/kubernetes/kubernetes_git.bb > > @@ -16,6 +16,7 @@ SRC_URI = > > "git://github.com/kubernetes/kubernetes.git;branch=release-1.20;name=k > > file://0001-generate-bindata-unset-GOBIN.patch \ > > > > file://0001-build-golang.sh-convert-remaining-go-calls-to-use.patch > > \ > > > > file://0001-Makefile.generated_files-Fix-race-issue-for-installi.pat > > ch > > \ > > + file://CVE-2021-20206.patch \ > > " > > > > DEPENDS += "rsync-native \ > > -- > > 2.32.0 > > > > > > > > > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#6708): https://lists.yoctoproject.org/g/meta-virtualization/message/6708 Mute This Topic: https://lists.yoctoproject.org/mt/84510127/21656 Group Owner: [email protected] Unsubscribe: https://lists.yoctoproject.org/g/meta-virtualization/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
