Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump debian-base to v1.0.1 and debian-iptables to v11.0.3 #88790

Merged
merged 1 commit into from
Mar 6, 2020
Merged

Bump debian-base to v1.0.1 and debian-iptables to v11.0.3 #88790

merged 1 commit into from
Mar 6, 2020

Conversation

tallclair
Copy link
Member

What type of PR is this?
/kind bug

What this PR does / why we need it:
Bump debian-base to v1.0.1 and debian-iptables to v11.0.3, to pick up the fix for CVE-2017-14062

Which issue(s) this PR fixes:
Fixes CVE-2017-14062

Special notes for your reviewer:
This is blocked on #88789 and the corresponding image promotion.

Does this PR introduce a user-facing change?:

NONE

/area security
/priority important-soon
/sig release

@k8s-ci-robot k8s-ci-robot added do-not-merge/cherry-pick-not-approved Indicates that a PR is not yet approved to merge into a release branch. release-note-none Denotes a PR that doesn't merit a release note. kind/bug Categorizes issue or PR as related to a bug. labels Mar 4, 2020
@k8s-ci-robot k8s-ci-robot added this to the v1.16 milestone Mar 4, 2020
@k8s-ci-robot k8s-ci-robot added size/M Denotes a PR that changes 30-99 lines, ignoring generated files. area/security priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. sig/release Categorizes an issue or PR as relevant to SIG Release. labels Mar 4, 2020
@k8s-ci-robot k8s-ci-robot requested review from BenTheElder and ixdy March 4, 2020 01:21
@k8s-ci-robot k8s-ci-robot added area/test sig/api-machinery Categorizes an issue or PR as relevant to SIG API Machinery. sig/cluster-lifecycle Categorizes an issue or PR as relevant to SIG Cluster Lifecycle. sig/testing Categorizes an issue or PR as relevant to SIG Testing. labels Mar 4, 2020
@tallclair
Copy link
Member Author

/retest

@tallclair
Copy link
Member Author

/assign @BenTheElder

@tallclair
Copy link
Member Author

/retest

BenTheElder
BenTheElder reviewed Mar 4, 2020
View reviewed changes
cluster/images/etcd/Makefile
BASEIMAGE?=k8s.gcr.io/debian-base-s390x:v1.0.0
endif

BASEIMAGE?=k8s.gcr.io/debian-base-$(ARCH):v1.0.1
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

does the etcd cross build behave properly if you do this?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I did a manual build (make all-build) that succeeded, and the pull-kubernetes-cross job succeeded. I don't know how to do actual verification of the artifacts on other architectures though...

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

for lack of a resolve button:
resolved

this is fine, my tired brain is not registering that these are 100% equivalent.

@BenTheElder
Copy link
Member

/retest

1 similar comment
@tallclair
Copy link
Member Author

/retest

@BenTheElder BenTheElder mentioned this pull request Mar 4, 2020
Closed
@BenTheElder
Copy link
Member

/lgtm
/approve

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Mar 5, 2020
@mikedanese
Copy link
Member

/lgtm
/approve

@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: BenTheElder, mikedanese, tallclair

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Mar 5, 2020
@tallclair
Copy link
Member Author

@kubernetes/patch-release-team for cherry-pick approval

@justaugustus justaugustus added the cherry-pick-approved Indicates a cherry-pick PR into a release branch has been approved by the release branch manager. label Mar 5, 2020
@k8s-ci-robot k8s-ci-robot removed the do-not-merge/cherry-pick-not-approved Indicates that a PR is not yet approved to merge into a release branch. label Mar 5, 2020
@tallclair
Copy link
Member Author

/retest

@tallclair tallclair mentioned this pull request Mar 6, 2020
Merged
@k8s-ci-robot k8s-ci-robot merged commit a05ed3d into kubernetes:release-1.16 Mar 6, 2020
k8s-ci-robot added a commit that referenced this pull request Mar 6, 2020
@k8s-ci-robot
Merge pull request #88882 from tallclair/automated-cherry-pick-of-#88…
88f8e43 
…790-upstream-release-1.15

Automated cherry pick of #88790: Bump debian-base to v1.0.1 and debian-iptables to v11.0.3
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@BenTheElder BenTheElder BenTheElder left review comments

@ixdy ixdy Awaiting requested review from ixdy

Assignees

@BenTheElder BenTheElder

@mikedanese mikedanese

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. area/security area/test cherry-pick-approved Indicates a cherry-pick PR into a release branch has been approved by the release branch manager. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/bug Categorizes issue or PR as related to a bug. lgtm "Looks good to me", indicates that a PR is ready to be merged. priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. release-note-none Denotes a PR that doesn't merit a release note. sig/api-machinery Categorizes an issue or PR as relevant to SIG API Machinery. sig/cluster-lifecycle Categorizes an issue or PR as relevant to SIG Cluster Lifecycle. sig/release Categorizes an issue or PR as relevant to SIG Release. sig/testing Categorizes an issue or PR as relevant to SIG Testing. size/M Denotes a PR that changes 30-99 lines, ignoring generated files.
Projects
None yet
Milestone
v1.16
Development

Successfully merging this pull request may close these issues.
5 participants
@tallclair @BenTheElder @mikedanese @k8s-ci-robot @justaugustus