The patch was failed due to the path. In the yocto build source file location is different.
V2: +--- a/src/import/staging/src/k8s.io/apimachinery/pkg/util/proxy/upgradeaware.go ++++ b/src/import/staging/src/k8s.io/apimachinery/pkg/util/proxy/upgradeaware.go V1: --- a/staging/src/k8s.io/apimachinery/pkg/util/proxy/upgradeaware.go ++++ b/staging/src/k8s.io/apimachinery/pkg/util/proxy/upgradeaware.go On Tue, Oct 1, 2019 at 1:58 PM Bruce Ashfield <[email protected]> wrote: > > What's the delta from v1 ? > > Also, given that this isn't the final 1.16 kubernetes release, I'd > rather version bump than apply patches. > > Bruce > > > On Mon, Sep 30, 2019 at 6:16 PM Muminul Islam <[email protected]> wrote: > > > > Signed-off-by: Muminul Islam <[email protected]> > > --- > > .../kubernetes/CVE-2018-1002105.patch | 87 +++++++++++++++++++ > > .../kubernetes/kubernetes_git.bb | 1 + > > 2 files changed, 88 insertions(+) > > create mode 100644 > > recipes-containers/kubernetes/kubernetes/CVE-2018-1002105.patch > > > > diff --git > > a/recipes-containers/kubernetes/kubernetes/CVE-2018-1002105.patch > > b/recipes-containers/kubernetes/kubernetes/CVE-2018-1002105.patch > > new file mode 100644 > > index 0000000..505450c > > --- /dev/null > > +++ b/recipes-containers/kubernetes/kubernetes/CVE-2018-1002105.patch > > @@ -0,0 +1,87 @@ > > +From b2c05ca842b97090df424e0401968ba8d7ee3ecb Mon Sep 17 00:00:00 2001 > > +From: Jordan Liggitt <[email protected]> > > +Date: Mon, 5 Nov 2018 23:50:35 -0500 > > +Subject: [PATCH] Verify backend upgraded connection > > +Reply-To: [email protected] > > + > > +Signed-off-by: Muminul Islam <[email protected]> > > + > > +CVE: CVE-2018-1002105 > > + > > +Upstream-Status: Backport > > +--- > > + .../pkg/util/proxy/upgradeaware.go | 37 +++++++++++++++++++ > > + 1 file changed, 37 insertions(+) > > + > > +diff --git > > a/staging/src/k8s.io/apimachinery/pkg/util/proxy/upgradeaware.go > > b/staging/src/k8s.io/apimachinery/pkg/util/proxy/upgradeaware.go > > +index 4d5cd34d48..b14819079c 100644 > > +--- > > a/src/import/staging/src/k8s.io/apimachinery/pkg/util/proxy/upgradeaware.go > > ++++ > > b/src/import/staging/src/k8s.io/apimachinery/pkg/util/proxy/upgradeaware.go > > +@@ -17,6 +17,7 @@ limitations under the License. > > + package proxy > > + > > + import ( > > ++ "bufio" > > + "bytes" > > + "context" > > + "fmt" > > +@@ -269,6 +270,18 @@ func (h *UpgradeAwareHandler) tryUpgrade(w > > http.ResponseWriter, req *http.Reques > > + } > > + defer backendConn.Close() > > + > > ++ // determine the http response code from the backend by reading > > from rawResponse+backendConn > > ++ rawResponseCode, headerBytes, err := > > getResponseCode(io.MultiReader(bytes.NewReader(rawResponse), backendConn)) > > ++ if err != nil { > > ++ glog.V(6).Infof("Proxy connection error: %v", err) > > ++ h.Responder.Error(w, req, err) > > ++ return true > > ++ } > > ++ if len(headerBytes) > len(rawResponse) { > > ++ // we read beyond the bytes stored in rawResponse, update > > rawResponse to the full set of bytes read from the backend > > ++ rawResponse = headerBytes > > ++ } > > ++ > > + // Once the connection is hijacked, the ErrorResponder will no > > longer work, so > > + // hijacking should be the last step in the upgrade. > > + requestHijacker, ok := w.(http.Hijacker) > > +@@ -293,6 +306,17 @@ func (h *UpgradeAwareHandler) tryUpgrade(w > > http.ResponseWriter, req *http.Reques > > + } > > + } > > + > > ++ if rawResponseCode != http.StatusSwitchingProtocols { > > ++ // If the backend did not upgrade the request, finish > > echoing the response from the backend to the client and return, closing the > > connection. > > ++ glog.V(6).Infof("Proxy upgrade error, status code %d", > > rawResponseCode) > > ++ _, err := io.Copy(requestHijackedConn, backendConn) > > ++ if err != nil && !strings.Contains(err.Error(), "use of > > closed network connection") { > > ++ glog.Errorf("Error proxying data from backend to > > client: %v", err) > > ++ } > > ++ // Indicate we handled the request > > ++ return true > > ++ } > > ++ > > + // Proxy the connection. This is bidirectional, so we need a > > goroutine > > + // to copy in each direction. Once one side of the connection > > exits, we > > + // exit the function which performs cleanup and in the process > > closes > > +@@ -354,6 +378,19 @@ func (h *UpgradeAwareHandler) DialForUpgrade(req > > *http.Request) (net.Conn, error > > + return dial(updatedReq, h.UpgradeTransport) > > + } > > + > > ++// getResponseCode reads a http response from the given reader, returns > > the status code, > > ++// the bytes read from the reader, and any error encountered > > ++func getResponseCode(r io.Reader) (int, []byte, error) { > > ++ rawResponse := bytes.NewBuffer(make([]byte, 0, 256)) > > ++ // Save the bytes read while reading the response headers into the > > rawResponse buffer > > ++ resp, err := http.ReadResponse(bufio.NewReader(io.TeeReader(r, > > rawResponse)), nil) > > ++ if err != nil { > > ++ return 0, nil, err > > ++ } > > ++ // return the http status code and the raw bytes consumed from the > > reader in the process > > ++ return resp.StatusCode, rawResponse.Bytes(), nil > > ++} > > ++ > > + // dial dials the backend at req.URL and writes req to it. > > + func dial(req *http.Request, transport http.RoundTripper) (net.Conn, > > error) { > > + conn, err := DialURL(req.Context(), req.URL, transport) > > +-- > > +2.23.0 > > + > > diff --git a/recipes-containers/kubernetes/kubernetes_git.bb > > b/recipes-containers/kubernetes/kubernetes_git.bb > > index a0e0e47..b587e16 100644 > > --- a/recipes-containers/kubernetes/kubernetes_git.bb > > +++ b/recipes-containers/kubernetes/kubernetes_git.bb > > @@ -12,6 +12,7 @@ SRC_URI = > > "git://github.com/kubernetes/kubernetes.git;branch=master;name=kuberne > > file://0001-hack-lib-golang.sh-use-CC-from-environment.patch \ > > file://0001-cross-don-t-build-tests-by-default.patch \ > > > > file://0001-fix-compiling-failure-execvp-bin-bash-Argument-list-.patch \ > > + file://CVE-2018-1002105.patch \ > > " > > > > DEPENDS += "rsync-native \ > > -- > > 2.23.0 > > > > -- > > _______________________________________________ > > meta-virtualization mailing list > > [email protected] > > https://lists.yoctoproject.org/listinfo/meta-virtualization > > > > -- > - Thou shalt not follow the NULL pointer, for chaos and madness await > thee at its end > - "Use the force Harry" - Gandalf, Star Trek II > -- > _______________________________________________ > meta-virtualization mailing list > [email protected] > https://lists.yoctoproject.org/listinfo/meta-virtualization -- _______________________________________________ meta-virtualization mailing list [email protected] https://lists.yoctoproject.org/listinfo/meta-virtualization
