search

openshift / jenkins

Apache License 2.0
260 stars 447 forks source link

OCPTOOLS-249: Mitigate CVE-2023-39325 CVE-2023-44487 #1713

Closed divyansh42 closed 10 months ago

divyansh42 commented 10 months ago

/test e2e-aws-jenkins-sync-plugin

openshift-ci-robot commented 10 months ago

@divyansh42: This pull request references OCPTOOLS-249 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the bug to target the "4.15.0" version, but no target version was set.

In response to [this](https://github.com/openshift/jenkins/pull/1713): > Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.
jkhelil commented 10 months ago

@divyansh42 please provide a descriptive commit which indicates this fixes a CVE

jkhelil commented 10 months ago

/lgtm

openshift-ci[bot] commented 10 months ago

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: divyansh42, jkhelil

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files: - ~~[OWNERS](https://github.com/openshift/jenkins/blob/master/OWNERS)~~ [divyansh42,jkhelil] Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment
openshift-ci[bot] commented 10 months ago

@divyansh42: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/security 8f73366230e741af084bf5c597d3be25f20345a3 link false /test security

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository. I understand the commands that are listed [here](https://go.k8s.io/bot-commands).
divyansh42 commented 10 months ago

/cherrypick release-4.14

openshift-cherrypick-robot commented 10 months ago

@divyansh42: #1713 failed to apply on top of branch "release-4.14":

Applying: OCPTOOLS-249: Mitigate CVE-2023-39325 CVE-2023-44487
.git/rebase-apply/patch:2490: trailing whitespace.
You should receive a response within 24 hours. If for some reason you do not, please follow up via email to ensure we received your original message. Additional information can be found at [microsoft.com/msrc](https://aka.ms/opensource/security/msrc). 
.git/rebase-apply/patch:55132: trailing whitespace.
[![Financial Contributors on Open Collective](https://opencollective.com/mattn-go-sqlite3/all/badge.svg?label=financial+contributors)](https://opencollective.com/mattn-go-sqlite3) 
.git/rebase-apply/patch:55295: trailing whitespace.
| Foreign Keys | sqlite_foreign_keys | This macro determines whether enforcement of foreign key constraints is enabled or disabled by default for new database connections.<br><br>Each database connection can always turn enforcement of foreign key constraints on and off and run-time using the foreign_keys pragma.<br><br>Enforcement of foreign key constraints is normally off by default, but if this compile-time parameter is set to 1, enforcement of foreign key constraints will be on by default | 
.git/rebase-apply/patch:55335: trailing whitespace.
    go build -v 
.git/rebase-apply/patch:55432: trailing whitespace.
# x86 
error: patch failed: vendor/github.com/klauspost/compress/README.md:16
error: vendor/github.com/klauspost/compress/README.md: patch does not apply
error: Did you hand edit your patch?
It does not apply to blobs recorded in its index.
hint: Use 'git am --show-current-patch=diff' to see the failed patch
Using index info to reconstruct a base tree...
M   go.mod
Patch failed at 0001 OCPTOOLS-249: Mitigate CVE-2023-39325 CVE-2023-44487
When you have resolved this problem, run "git am --continue".
If you prefer to skip this patch, run "git am --skip" instead.
To restore the original branch and stop patching, run "git am --abort".
In response to [this](https://github.com/openshift/jenkins/pull/1713#issuecomment-1772920702): >/cherrypick release-4.14 Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.
coreydaley commented 10 months ago

That is really weird that the cherry-pick did not work ... I am pretty sure all of these branches should be in sync.