* [meta-virtualization][hardknott][PATCH] kubernetes: fix CVE-2021-20206
@ 2021-07-28 17:08 sakib.sajal
2021-07-29 14:58 ` Bruce Ashfield
0 siblings, 1 reply; 5+ messages in thread
From: sakib.sajal @ 2021-07-28 17:08 UTC (permalink / raw)
To: meta-virtualization
Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
---
.../kubernetes/CVE-2021-20206.patch | 92 +++++++++++++++++++
.../kubernetes/kubernetes_git.bb | 1 +
2 files changed, 93 insertions(+)
create mode 100644 recipes-containers/kubernetes/kubernetes/CVE-2021-20206.patch
diff --git a/recipes-containers/kubernetes/kubernetes/CVE-2021-20206.patch b/recipes-containers/kubernetes/kubernetes/CVE-2021-20206.patch
new file mode 100644
index 0000000..dc4e902
--- /dev/null
+++ b/recipes-containers/kubernetes/kubernetes/CVE-2021-20206.patch
@@ -0,0 +1,92 @@
+From 5e8f9a8a72351e2fb5bcea3e3c58c935314557b6 Mon Sep 17 00:00:00 2001
+From: Navid Shaikh <navids@vmware.com>
+Date: Thu, 6 May 2021 15:41:08 +0530
+Subject: [PATCH] Bump containernetworking/cni to v0.8.1
+
+ Fix CVE-2021-20206
+CVE: CVE-2021-20206
+Upstream-Status: Backport [185f65fbddb5239666c0c67fb335589b7570f60c]
+Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
+---
+ go.mod | 4 ++--
+ go.sum | 4 ++--
+ vendor/github.com/containernetworking/cni/pkg/invoke/find.go | 5 +++++
+ vendor/modules.txt | 2 +-
+ 4 files changed, 10 insertions(+), 5 deletions(-)
+
+diff --git a/src/import/go.mod b/src/import/go.mod
+index e0ba549ab40..d4cc9ce01a9 100644
+--- a/src/import/go.mod
++++ b/src/import/go.mod
+@@ -28,7 +28,7 @@ require (
+ github.com/clusterhq/flocker-go v0.0.0-20160920122132-2b8b7259d313
+ github.com/codegangsta/negroni v1.0.0 // indirect
+ github.com/container-storage-interface/spec v1.2.0
+- github.com/containernetworking/cni v0.8.0
++ github.com/containernetworking/cni v0.8.1
+ github.com/coredns/corefile-migration v1.0.10
+ github.com/coreos/go-oidc v2.1.0+incompatible
+ github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e
+@@ -214,7 +214,7 @@ replace (
+ github.com/containerd/go-runc => github.com/containerd/go-runc v0.0.0-20180907222934-5a6d9f37cfa3
+ github.com/containerd/ttrpc => github.com/containerd/ttrpc v1.0.2
+ github.com/containerd/typeurl => github.com/containerd/typeurl v1.0.1
+- github.com/containernetworking/cni => github.com/containernetworking/cni v0.8.0
++ github.com/containernetworking/cni => github.com/containernetworking/cni v0.8.1
+ github.com/coredns/corefile-migration => github.com/coredns/corefile-migration v1.0.10
+ github.com/coreos/bbolt => github.com/coreos/bbolt v1.3.2
+ github.com/coreos/etcd => github.com/coreos/etcd v3.3.13+incompatible
+diff --git a/src/import/go.sum b/src/import/go.sum
+index 288f4554b1f..9168f49c859 100644
+--- a/src/import/go.sum
++++ b/src/import/go.sum
+@@ -113,8 +113,8 @@ github.com/containerd/ttrpc v1.0.2 h1:2/O3oTZN36q2xRolk0a2WWGgh7/Vf/liElg5hFYLX9
+ github.com/containerd/ttrpc v1.0.2/go.mod h1:UAxOpgT9ziI0gJrmKvgcZivgxOp8iFPSk8httJEt98Y=
+ github.com/containerd/typeurl v1.0.1 h1:PvuK4E3D5S5q6IqsPDCy928FhP0LUIGcmZ/Yhgp5Djw=
+ github.com/containerd/typeurl v1.0.1/go.mod h1:TB1hUtrpaiO88KEK56ijojHS1+NeF0izUACaJW2mdXg=
+-github.com/containernetworking/cni v0.8.0 h1:BT9lpgGoH4jw3lFC7Odz2prU5ruiYKcgAjMCbgybcKI=
+-github.com/containernetworking/cni v0.8.0/go.mod h1:LGwApLUm2FpoOfxTDEeq8T9ipbpZ61X79hmU3w8FmsY=
++github.com/containernetworking/cni v0.8.1 h1:7zpDnQ3T3s4ucOuJ/ZCLrYBxzkg0AELFfII3Epo9TmI=
++github.com/containernetworking/cni v0.8.1/go.mod h1:LGwApLUm2FpoOfxTDEeq8T9ipbpZ61X79hmU3w8FmsY=
+ github.com/coredns/corefile-migration v1.0.10 h1:7HI4r5S5Fne749a+JDxUZppqBpYoZK8Q53ZVK9cn3aM=
+ github.com/coredns/corefile-migration v1.0.10/go.mod h1:RMy/mXdeDlYwzt0vdMEJvT2hGJ2I86/eO0UdXmH9XNI=
+ github.com/coreos/bbolt v1.3.2 h1:wZwiHHUieZCquLkDL0B8UhzreNWsPHooDAG3q34zk0s=
+diff --git a/src/import/vendor/github.com/containernetworking/cni/pkg/invoke/find.go b/src/import/vendor/github.com/containernetworking/cni/pkg/invoke/find.go
+index e815404c859..e62029eb788 100644
+--- a/src/import/vendor/github.com/containernetworking/cni/pkg/invoke/find.go
++++ b/src/import/vendor/github.com/containernetworking/cni/pkg/invoke/find.go
+@@ -18,6 +18,7 @@ import (
+ "fmt"
+ "os"
+ "path/filepath"
++ "strings"
+ )
+
+ // FindInPath returns the full path of the plugin by searching in the provided path
+@@ -26,6 +27,10 @@ func FindInPath(plugin string, paths []string) (string, error) {
+ return "", fmt.Errorf("no plugin name provided")
+ }
+
++ if strings.ContainsRune(plugin, os.PathSeparator) {
++ return "", fmt.Errorf("invalid plugin name: %s", plugin)
++ }
++
+ if len(paths) == 0 {
+ return "", fmt.Errorf("no paths provided")
+ }
+diff --git a/src/import/vendor/modules.txt b/src/import/vendor/modules.txt
+index 6a263b51686..c3b68a5f547 100644
+--- a/src/import/vendor/modules.txt
++++ b/src/import/vendor/modules.txt
+@@ -257,7 +257,7 @@ github.com/containerd/containerd/pkg/dialer
+ github.com/containerd/ttrpc
+ # github.com/containerd/ttrpc => github.com/containerd/ttrpc v1.0.2
+ # github.com/containerd/typeurl => github.com/containerd/typeurl v1.0.1
+-# github.com/containernetworking/cni v0.8.0 => github.com/containernetworking/cni v0.8.0
++# github.com/containernetworking/cni v0.8.1 => github.com/containernetworking/cni v0.8.1
+ ## explicit
+ # github.com/containernetworking/cni => github.com/containernetworking/cni v0.8.0
+ github.com/containernetworking/cni/libcni
+--
+2.25.1
+
diff --git a/recipes-containers/kubernetes/kubernetes_git.bb b/recipes-containers/kubernetes/kubernetes_git.bb
index bc694a2..7b9aab8 100644
--- a/recipes-containers/kubernetes/kubernetes_git.bb
+++ b/recipes-containers/kubernetes/kubernetes_git.bb
@@ -16,6 +16,7 @@ SRC_URI = "git://github.com/kubernetes/kubernetes.git;branch=release-1.20;name=k
file://0001-generate-bindata-unset-GOBIN.patch \
file://0001-build-golang.sh-convert-remaining-go-calls-to-use.patch \
file://0001-Makefile.generated_files-Fix-race-issue-for-installi.patch \
+ file://CVE-2021-20206.patch \
"
DEPENDS += "rsync-native \
--
2.32.0
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [meta-virtualization][hardknott][PATCH] kubernetes: fix CVE-2021-20206
2021-07-28 17:08 [meta-virtualization][hardknott][PATCH] kubernetes: fix CVE-2021-20206 sakib.sajal
@ 2021-07-29 14:58 ` Bruce Ashfield
2021-07-30 18:13 ` Ruslan Babayev (fib)
0 siblings, 1 reply; 5+ messages in thread
From: Bruce Ashfield @ 2021-07-29 14:58 UTC (permalink / raw)
To: sakib.sajal; +Cc: meta-virtualization
merged.
Bruce
In message: [meta-virtualization][hardknott][PATCH] kubernetes: fix CVE-2021-20206
on 28/07/2021 sakib.sajal@windriver.com wrote:
> Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
> ---
> .../kubernetes/CVE-2021-20206.patch | 92 +++++++++++++++++++
> .../kubernetes/kubernetes_git.bb | 1 +
> 2 files changed, 93 insertions(+)
> create mode 100644 recipes-containers/kubernetes/kubernetes/CVE-2021-20206.patch
>
> diff --git a/recipes-containers/kubernetes/kubernetes/CVE-2021-20206.patch b/recipes-containers/kubernetes/kubernetes/CVE-2021-20206.patch
> new file mode 100644
> index 0000000..dc4e902
> --- /dev/null
> +++ b/recipes-containers/kubernetes/kubernetes/CVE-2021-20206.patch
> @@ -0,0 +1,92 @@
> +From 5e8f9a8a72351e2fb5bcea3e3c58c935314557b6 Mon Sep 17 00:00:00 2001
> +From: Navid Shaikh <navids@vmware.com>
> +Date: Thu, 6 May 2021 15:41:08 +0530
> +Subject: [PATCH] Bump containernetworking/cni to v0.8.1
> +
> + Fix CVE-2021-20206
> +CVE: CVE-2021-20206
> +Upstream-Status: Backport [185f65fbddb5239666c0c67fb335589b7570f60c]
> +Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
> +---
> + go.mod | 4 ++--
> + go.sum | 4 ++--
> + vendor/github.com/containernetworking/cni/pkg/invoke/find.go | 5 +++++
> + vendor/modules.txt | 2 +-
> + 4 files changed, 10 insertions(+), 5 deletions(-)
> +
> +diff --git a/src/import/go.mod b/src/import/go.mod
> +index e0ba549ab40..d4cc9ce01a9 100644
> +--- a/src/import/go.mod
> ++++ b/src/import/go.mod
> +@@ -28,7 +28,7 @@ require (
> + github.com/clusterhq/flocker-go v0.0.0-20160920122132-2b8b7259d313
> + github.com/codegangsta/negroni v1.0.0 // indirect
> + github.com/container-storage-interface/spec v1.2.0
> +- github.com/containernetworking/cni v0.8.0
> ++ github.com/containernetworking/cni v0.8.1
> + github.com/coredns/corefile-migration v1.0.10
> + github.com/coreos/go-oidc v2.1.0+incompatible
> + github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e
> +@@ -214,7 +214,7 @@ replace (
> + github.com/containerd/go-runc => github.com/containerd/go-runc v0.0.0-20180907222934-5a6d9f37cfa3
> + github.com/containerd/ttrpc => github.com/containerd/ttrpc v1.0.2
> + github.com/containerd/typeurl => github.com/containerd/typeurl v1.0.1
> +- github.com/containernetworking/cni => github.com/containernetworking/cni v0.8.0
> ++ github.com/containernetworking/cni => github.com/containernetworking/cni v0.8.1
> + github.com/coredns/corefile-migration => github.com/coredns/corefile-migration v1.0.10
> + github.com/coreos/bbolt => github.com/coreos/bbolt v1.3.2
> + github.com/coreos/etcd => github.com/coreos/etcd v3.3.13+incompatible
> +diff --git a/src/import/go.sum b/src/import/go.sum
> +index 288f4554b1f..9168f49c859 100644
> +--- a/src/import/go.sum
> ++++ b/src/import/go.sum
> +@@ -113,8 +113,8 @@ github.com/containerd/ttrpc v1.0.2 h1:2/O3oTZN36q2xRolk0a2WWGgh7/Vf/liElg5hFYLX9
> + github.com/containerd/ttrpc v1.0.2/go.mod h1:UAxOpgT9ziI0gJrmKvgcZivgxOp8iFPSk8httJEt98Y=
> + github.com/containerd/typeurl v1.0.1 h1:PvuK4E3D5S5q6IqsPDCy928FhP0LUIGcmZ/Yhgp5Djw=
> + github.com/containerd/typeurl v1.0.1/go.mod h1:TB1hUtrpaiO88KEK56ijojHS1+NeF0izUACaJW2mdXg=
> +-github.com/containernetworking/cni v0.8.0 h1:BT9lpgGoH4jw3lFC7Odz2prU5ruiYKcgAjMCbgybcKI=
> +-github.com/containernetworking/cni v0.8.0/go.mod h1:LGwApLUm2FpoOfxTDEeq8T9ipbpZ61X79hmU3w8FmsY=
> ++github.com/containernetworking/cni v0.8.1 h1:7zpDnQ3T3s4ucOuJ/ZCLrYBxzkg0AELFfII3Epo9TmI=
> ++github.com/containernetworking/cni v0.8.1/go.mod h1:LGwApLUm2FpoOfxTDEeq8T9ipbpZ61X79hmU3w8FmsY=
> + github.com/coredns/corefile-migration v1.0.10 h1:7HI4r5S5Fne749a+JDxUZppqBpYoZK8Q53ZVK9cn3aM=
> + github.com/coredns/corefile-migration v1.0.10/go.mod h1:RMy/mXdeDlYwzt0vdMEJvT2hGJ2I86/eO0UdXmH9XNI=
> + github.com/coreos/bbolt v1.3.2 h1:wZwiHHUieZCquLkDL0B8UhzreNWsPHooDAG3q34zk0s=
> +diff --git a/src/import/vendor/github.com/containernetworking/cni/pkg/invoke/find.go b/src/import/vendor/github.com/containernetworking/cni/pkg/invoke/find.go
> +index e815404c859..e62029eb788 100644
> +--- a/src/import/vendor/github.com/containernetworking/cni/pkg/invoke/find.go
> ++++ b/src/import/vendor/github.com/containernetworking/cni/pkg/invoke/find.go
> +@@ -18,6 +18,7 @@ import (
> + "fmt"
> + "os"
> + "path/filepath"
> ++ "strings"
> + )
> +
> + // FindInPath returns the full path of the plugin by searching in the provided path
> +@@ -26,6 +27,10 @@ func FindInPath(plugin string, paths []string) (string, error) {
> + return "", fmt.Errorf("no plugin name provided")
> + }
> +
> ++ if strings.ContainsRune(plugin, os.PathSeparator) {
> ++ return "", fmt.Errorf("invalid plugin name: %s", plugin)
> ++ }
> ++
> + if len(paths) == 0 {
> + return "", fmt.Errorf("no paths provided")
> + }
> +diff --git a/src/import/vendor/modules.txt b/src/import/vendor/modules.txt
> +index 6a263b51686..c3b68a5f547 100644
> +--- a/src/import/vendor/modules.txt
> ++++ b/src/import/vendor/modules.txt
> +@@ -257,7 +257,7 @@ github.com/containerd/containerd/pkg/dialer
> + github.com/containerd/ttrpc
> + # github.com/containerd/ttrpc => github.com/containerd/ttrpc v1.0.2
> + # github.com/containerd/typeurl => github.com/containerd/typeurl v1.0.1
> +-# github.com/containernetworking/cni v0.8.0 => github.com/containernetworking/cni v0.8.0
> ++# github.com/containernetworking/cni v0.8.1 => github.com/containernetworking/cni v0.8.1
> + ## explicit
> + # github.com/containernetworking/cni => github.com/containernetworking/cni v0.8.0
> + github.com/containernetworking/cni/libcni
> +--
> +2.25.1
> +
> diff --git a/recipes-containers/kubernetes/kubernetes_git.bb b/recipes-containers/kubernetes/kubernetes_git.bb
> index bc694a2..7b9aab8 100644
> --- a/recipes-containers/kubernetes/kubernetes_git.bb
> +++ b/recipes-containers/kubernetes/kubernetes_git.bb
> @@ -16,6 +16,7 @@ SRC_URI = "git://github.com/kubernetes/kubernetes.git;branch=release-1.20;name=k
> file://0001-generate-bindata-unset-GOBIN.patch \
> file://0001-build-golang.sh-convert-remaining-go-calls-to-use.patch \
> file://0001-Makefile.generated_files-Fix-race-issue-for-installi.patch \
> + file://CVE-2021-20206.patch \
> "
>
> DEPENDS += "rsync-native \
> --
> 2.32.0
>
>
>
>
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [meta-virtualization][hardknott][PATCH] kubernetes: fix CVE-2021-20206
2021-07-29 14:58 ` Bruce Ashfield
@ 2021-07-30 18:13 ` Ruslan Babayev (fib)
2021-08-02 3:47 ` Bruce Ashfield
0 siblings, 1 reply; 5+ messages in thread
From: Ruslan Babayev (fib) @ 2021-07-30 18:13 UTC (permalink / raw)
To: Bruce Ashfield, sakib.sajal; +Cc: meta-virtualization
Thanks Bruce!
Can this be cherry-picked into Dunfell and other branches as well?
-----Original Message-----
From: meta-virtualization@lists.yoctoproject.org <meta-virtualization@lists.yoctoproject.org> On Behalf Of Bruce Ashfield
Sent: Thursday, July 29, 2021 7:58 AM
To: sakib.sajal@windriver.com
Cc: meta-virtualization@lists.yoctoproject.org
Subject: Re: [meta-virtualization][hardknott][PATCH] kubernetes: fix CVE-2021-20206
merged.
Bruce
In message: [meta-virtualization][hardknott][PATCH] kubernetes: fix CVE-2021-20206 on 28/07/2021 sakib.sajal@windriver.com wrote:
> Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
> ---
> .../kubernetes/CVE-2021-20206.patch | 92 +++++++++++++++++++
> .../kubernetes/kubernetes_git.bb | 1 +
> 2 files changed, 93 insertions(+)
> create mode 100644
> recipes-containers/kubernetes/kubernetes/CVE-2021-20206.patch
>
> diff --git
> a/recipes-containers/kubernetes/kubernetes/CVE-2021-20206.patch
> b/recipes-containers/kubernetes/kubernetes/CVE-2021-20206.patch
> new file mode 100644
> index 0000000..dc4e902
> --- /dev/null
> +++ b/recipes-containers/kubernetes/kubernetes/CVE-2021-20206.patch
> @@ -0,0 +1,92 @@
> +From 5e8f9a8a72351e2fb5bcea3e3c58c935314557b6 Mon Sep 17 00:00:00
> +2001
> +From: Navid Shaikh <navids@vmware.com>
> +Date: Thu, 6 May 2021 15:41:08 +0530
> +Subject: [PATCH] Bump containernetworking/cni to v0.8.1
> +
> + Fix CVE-2021-20206
> +CVE: CVE-2021-20206
> +Upstream-Status: Backport [185f65fbddb5239666c0c67fb335589b7570f60c]
> +Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
> +---
> + go.mod | 4 ++--
> + go.sum | 4 ++--
> + vendor/github.com/containernetworking/cni/pkg/invoke/find.go | 5 +++++
> + vendor/modules.txt | 2 +-
> + 4 files changed, 10 insertions(+), 5 deletions(-)
> +
> +diff --git a/src/import/go.mod b/src/import/go.mod index
> +e0ba549ab40..d4cc9ce01a9 100644
> +--- a/src/import/go.mod
> ++++ b/src/import/go.mod
> +@@ -28,7 +28,7 @@ require (
> + github.com/clusterhq/flocker-go v0.0.0-20160920122132-2b8b7259d313
> + github.com/codegangsta/negroni v1.0.0 // indirect
> + github.com/container-storage-interface/spec v1.2.0
> +- github.com/containernetworking/cni v0.8.0
> ++ github.com/containernetworking/cni v0.8.1
> + github.com/coredns/corefile-migration v1.0.10
> + github.com/coreos/go-oidc v2.1.0+incompatible
> + github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e
> +@@ -214,7 +214,7 @@ replace (
> + github.com/containerd/go-runc => github.com/containerd/go-runc v0.0.0-20180907222934-5a6d9f37cfa3
> + github.com/containerd/ttrpc => github.com/containerd/ttrpc v1.0.2
> + github.com/containerd/typeurl => github.com/containerd/typeurl v1.0.1
> +- github.com/containernetworking/cni => github.com/containernetworking/cni v0.8.0
> ++ github.com/containernetworking/cni =>
> ++github.com/containernetworking/cni v0.8.1
> + github.com/coredns/corefile-migration => github.com/coredns/corefile-migration v1.0.10
> + github.com/coreos/bbolt => github.com/coreos/bbolt v1.3.2
> + github.com/coreos/etcd => github.com/coreos/etcd
> +v3.3.13+incompatible diff --git a/src/import/go.sum
> +b/src/import/go.sum index 288f4554b1f..9168f49c859 100644
> +--- a/src/import/go.sum
> ++++ b/src/import/go.sum
> +@@ -113,8 +113,8 @@ github.com/containerd/ttrpc v1.0.2
> +h1:2/O3oTZN36q2xRolk0a2WWGgh7/Vf/liElg5hFYLX9
> + github.com/containerd/ttrpc v1.0.2/go.mod
> +h1:UAxOpgT9ziI0gJrmKvgcZivgxOp8iFPSk8httJEt98Y=
> + github.com/containerd/typeurl v1.0.1
> +h1:PvuK4E3D5S5q6IqsPDCy928FhP0LUIGcmZ/Yhgp5Djw=
> + github.com/containerd/typeurl v1.0.1/go.mod
> +h1:TB1hUtrpaiO88KEK56ijojHS1+NeF0izUACaJW2mdXg=
> +-github.com/containernetworking/cni v0.8.0
> +h1:BT9lpgGoH4jw3lFC7Odz2prU5ruiYKcgAjMCbgybcKI=
> +-github.com/containernetworking/cni v0.8.0/go.mod
> +h1:LGwApLUm2FpoOfxTDEeq8T9ipbpZ61X79hmU3w8FmsY=
> ++github.com/containernetworking/cni v0.8.1
> ++h1:7zpDnQ3T3s4ucOuJ/ZCLrYBxzkg0AELFfII3Epo9TmI=
> ++github.com/containernetworking/cni v0.8.1/go.mod
> ++h1:LGwApLUm2FpoOfxTDEeq8T9ipbpZ61X79hmU3w8FmsY=
> + github.com/coredns/corefile-migration v1.0.10
> +h1:7HI4r5S5Fne749a+JDxUZppqBpYoZK8Q53ZVK9cn3aM=
> + github.com/coredns/corefile-migration v1.0.10/go.mod
> +h1:RMy/mXdeDlYwzt0vdMEJvT2hGJ2I86/eO0UdXmH9XNI=
> + github.com/coreos/bbolt v1.3.2
> +h1:wZwiHHUieZCquLkDL0B8UhzreNWsPHooDAG3q34zk0s=
> +diff --git
> +a/src/import/vendor/github.com/containernetworking/cni/pkg/invoke/fin
> +d.go
> +b/src/import/vendor/github.com/containernetworking/cni/pkg/invoke/fin
> +d.go index e815404c859..e62029eb788 100644
> +---
> +a/src/import/vendor/github.com/containernetworking/cni/pkg/invoke/fin
> +d.go
> ++++ b/src/import/vendor/github.com/containernetworking/cni/pkg/invoke
> ++++ /find.go
> +@@ -18,6 +18,7 @@ import (
> + "fmt"
> + "os"
> + "path/filepath"
> ++ "strings"
> + )
> +
> + // FindInPath returns the full path of the plugin by searching in
> +the provided path @@ -26,6 +27,10 @@ func FindInPath(plugin string, paths []string) (string, error) {
> + return "", fmt.Errorf("no plugin name provided")
> + }
> +
> ++ if strings.ContainsRune(plugin, os.PathSeparator) {
> ++ return "", fmt.Errorf("invalid plugin name: %s", plugin)
> ++ }
> ++
> + if len(paths) == 0 {
> + return "", fmt.Errorf("no paths provided")
> + }
> +diff --git a/src/import/vendor/modules.txt
> +b/src/import/vendor/modules.txt index 6a263b51686..c3b68a5f547 100644
> +--- a/src/import/vendor/modules.txt
> ++++ b/src/import/vendor/modules.txt
> +@@ -257,7 +257,7 @@ github.com/containerd/containerd/pkg/dialer
> + github.com/containerd/ttrpc
> + # github.com/containerd/ttrpc => github.com/containerd/ttrpc v1.0.2
> +# github.com/containerd/typeurl => github.com/containerd/typeurl
> +v1.0.1 -# github.com/containernetworking/cni v0.8.0 =>
> +github.com/containernetworking/cni v0.8.0
> ++# github.com/containernetworking/cni v0.8.1 =>
> ++github.com/containernetworking/cni v0.8.1
> + ## explicit
> + # github.com/containernetworking/cni =>
> +github.com/containernetworking/cni v0.8.0
> +github.com/containernetworking/cni/libcni
> +--
> +2.25.1
> +
> diff --git a/recipes-containers/kubernetes/kubernetes_git.bb
> b/recipes-containers/kubernetes/kubernetes_git.bb
> index bc694a2..7b9aab8 100644
> --- a/recipes-containers/kubernetes/kubernetes_git.bb
> +++ b/recipes-containers/kubernetes/kubernetes_git.bb
> @@ -16,6 +16,7 @@ SRC_URI = "git://github.com/kubernetes/kubernetes.git;branch=release-1.20;name=k
> file://0001-generate-bindata-unset-GOBIN.patch \
> file://0001-build-golang.sh-convert-remaining-go-calls-to-use.patch \
>
> file://0001-Makefile.generated_files-Fix-race-issue-for-installi.patch
> \
> + file://CVE-2021-20206.patch \
> "
>
> DEPENDS += "rsync-native \
> --
> 2.32.0
>
>
>
>
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [meta-virtualization][hardknott][PATCH] kubernetes: fix CVE-2021-20206
2021-07-30 18:13 ` Ruslan Babayev (fib)
@ 2021-08-02 3:47 ` Bruce Ashfield
2021-08-02 4:35 ` Ruslan Babayev (fib)
0 siblings, 1 reply; 5+ messages in thread
From: Bruce Ashfield @ 2021-08-02 3:47 UTC (permalink / raw)
To: Ruslan Babayev (fib); +Cc: sakib.sajal, meta-virtualization
In message: RE: [meta-virtualization][hardknott][PATCH] kubernetes: fix CVE-2021-20206
on 30/07/2021 Ruslan Babayev (fib) wrote:
> Thanks Bruce!
>
> Can this be cherry-picked into Dunfell and other branches as well?
Was this meant to be in reply to the python bbappend patch you
had sent ? I assume so, since this one obviously cannot be
cherry picked.
Bruce
>
> -----Original Message-----
> From: meta-virtualization@lists.yoctoproject.org <meta-virtualization@lists.yoctoproject.org> On Behalf Of Bruce Ashfield
> Sent: Thursday, July 29, 2021 7:58 AM
> To: sakib.sajal@windriver.com
> Cc: meta-virtualization@lists.yoctoproject.org
> Subject: Re: [meta-virtualization][hardknott][PATCH] kubernetes: fix CVE-2021-20206
>
> merged.
>
> Bruce
>
> In message: [meta-virtualization][hardknott][PATCH] kubernetes: fix CVE-2021-20206 on 28/07/2021 sakib.sajal@windriver.com wrote:
>
> > Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
> > ---
> > .../kubernetes/CVE-2021-20206.patch | 92 +++++++++++++++++++
> > .../kubernetes/kubernetes_git.bb | 1 +
> > 2 files changed, 93 insertions(+)
> > create mode 100644
> > recipes-containers/kubernetes/kubernetes/CVE-2021-20206.patch
> >
> > diff --git
> > a/recipes-containers/kubernetes/kubernetes/CVE-2021-20206.patch
> > b/recipes-containers/kubernetes/kubernetes/CVE-2021-20206.patch
> > new file mode 100644
> > index 0000000..dc4e902
> > --- /dev/null
> > +++ b/recipes-containers/kubernetes/kubernetes/CVE-2021-20206.patch
> > @@ -0,0 +1,92 @@
> > +From 5e8f9a8a72351e2fb5bcea3e3c58c935314557b6 Mon Sep 17 00:00:00
> > +2001
> > +From: Navid Shaikh <navids@vmware.com>
> > +Date: Thu, 6 May 2021 15:41:08 +0530
> > +Subject: [PATCH] Bump containernetworking/cni to v0.8.1
> > +
> > + Fix CVE-2021-20206
> > +CVE: CVE-2021-20206
> > +Upstream-Status: Backport [185f65fbddb5239666c0c67fb335589b7570f60c]
> > +Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
> > +---
> > + go.mod | 4 ++--
> > + go.sum | 4 ++--
> > + vendor/github.com/containernetworking/cni/pkg/invoke/find.go | 5 +++++
> > + vendor/modules.txt | 2 +-
> > + 4 files changed, 10 insertions(+), 5 deletions(-)
> > +
> > +diff --git a/src/import/go.mod b/src/import/go.mod index
> > +e0ba549ab40..d4cc9ce01a9 100644
> > +--- a/src/import/go.mod
> > ++++ b/src/import/go.mod
> > +@@ -28,7 +28,7 @@ require (
> > + github.com/clusterhq/flocker-go v0.0.0-20160920122132-2b8b7259d313
> > + github.com/codegangsta/negroni v1.0.0 // indirect
> > + github.com/container-storage-interface/spec v1.2.0
> > +- github.com/containernetworking/cni v0.8.0
> > ++ github.com/containernetworking/cni v0.8.1
> > + github.com/coredns/corefile-migration v1.0.10
> > + github.com/coreos/go-oidc v2.1.0+incompatible
> > + github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e
> > +@@ -214,7 +214,7 @@ replace (
> > + github.com/containerd/go-runc => github.com/containerd/go-runc v0.0.0-20180907222934-5a6d9f37cfa3
> > + github.com/containerd/ttrpc => github.com/containerd/ttrpc v1.0.2
> > + github.com/containerd/typeurl => github.com/containerd/typeurl v1.0.1
> > +- github.com/containernetworking/cni => github.com/containernetworking/cni v0.8.0
> > ++ github.com/containernetworking/cni =>
> > ++github.com/containernetworking/cni v0.8.1
> > + github.com/coredns/corefile-migration => github.com/coredns/corefile-migration v1.0.10
> > + github.com/coreos/bbolt => github.com/coreos/bbolt v1.3.2
> > + github.com/coreos/etcd => github.com/coreos/etcd
> > +v3.3.13+incompatible diff --git a/src/import/go.sum
> > +b/src/import/go.sum index 288f4554b1f..9168f49c859 100644
> > +--- a/src/import/go.sum
> > ++++ b/src/import/go.sum
> > +@@ -113,8 +113,8 @@ github.com/containerd/ttrpc v1.0.2
> > +h1:2/O3oTZN36q2xRolk0a2WWGgh7/Vf/liElg5hFYLX9
> > + github.com/containerd/ttrpc v1.0.2/go.mod
> > +h1:UAxOpgT9ziI0gJrmKvgcZivgxOp8iFPSk8httJEt98Y=
> > + github.com/containerd/typeurl v1.0.1
> > +h1:PvuK4E3D5S5q6IqsPDCy928FhP0LUIGcmZ/Yhgp5Djw=
> > + github.com/containerd/typeurl v1.0.1/go.mod
> > +h1:TB1hUtrpaiO88KEK56ijojHS1+NeF0izUACaJW2mdXg=
> > +-github.com/containernetworking/cni v0.8.0
> > +h1:BT9lpgGoH4jw3lFC7Odz2prU5ruiYKcgAjMCbgybcKI=
> > +-github.com/containernetworking/cni v0.8.0/go.mod
> > +h1:LGwApLUm2FpoOfxTDEeq8T9ipbpZ61X79hmU3w8FmsY=
> > ++github.com/containernetworking/cni v0.8.1
> > ++h1:7zpDnQ3T3s4ucOuJ/ZCLrYBxzkg0AELFfII3Epo9TmI=
> > ++github.com/containernetworking/cni v0.8.1/go.mod
> > ++h1:LGwApLUm2FpoOfxTDEeq8T9ipbpZ61X79hmU3w8FmsY=
> > + github.com/coredns/corefile-migration v1.0.10
> > +h1:7HI4r5S5Fne749a+JDxUZppqBpYoZK8Q53ZVK9cn3aM=
> > + github.com/coredns/corefile-migration v1.0.10/go.mod
> > +h1:RMy/mXdeDlYwzt0vdMEJvT2hGJ2I86/eO0UdXmH9XNI=
> > + github.com/coreos/bbolt v1.3.2
> > +h1:wZwiHHUieZCquLkDL0B8UhzreNWsPHooDAG3q34zk0s=
> > +diff --git
> > +a/src/import/vendor/github.com/containernetworking/cni/pkg/invoke/fin
> > +d.go
> > +b/src/import/vendor/github.com/containernetworking/cni/pkg/invoke/fin
> > +d.go index e815404c859..e62029eb788 100644
> > +---
> > +a/src/import/vendor/github.com/containernetworking/cni/pkg/invoke/fin
> > +d.go
> > ++++ b/src/import/vendor/github.com/containernetworking/cni/pkg/invoke
> > ++++ /find.go
> > +@@ -18,6 +18,7 @@ import (
> > + "fmt"
> > + "os"
> > + "path/filepath"
> > ++ "strings"
> > + )
> > +
> > + // FindInPath returns the full path of the plugin by searching in
> > +the provided path @@ -26,6 +27,10 @@ func FindInPath(plugin string, paths []string) (string, error) {
> > + return "", fmt.Errorf("no plugin name provided")
> > + }
> > +
> > ++ if strings.ContainsRune(plugin, os.PathSeparator) {
> > ++ return "", fmt.Errorf("invalid plugin name: %s", plugin)
> > ++ }
> > ++
> > + if len(paths) == 0 {
> > + return "", fmt.Errorf("no paths provided")
> > + }
> > +diff --git a/src/import/vendor/modules.txt
> > +b/src/import/vendor/modules.txt index 6a263b51686..c3b68a5f547 100644
> > +--- a/src/import/vendor/modules.txt
> > ++++ b/src/import/vendor/modules.txt
> > +@@ -257,7 +257,7 @@ github.com/containerd/containerd/pkg/dialer
> > + github.com/containerd/ttrpc
> > + # github.com/containerd/ttrpc => github.com/containerd/ttrpc v1.0.2
> > +# github.com/containerd/typeurl => github.com/containerd/typeurl
> > +v1.0.1 -# github.com/containernetworking/cni v0.8.0 =>
> > +github.com/containernetworking/cni v0.8.0
> > ++# github.com/containernetworking/cni v0.8.1 =>
> > ++github.com/containernetworking/cni v0.8.1
> > + ## explicit
> > + # github.com/containernetworking/cni =>
> > +github.com/containernetworking/cni v0.8.0
> > +github.com/containernetworking/cni/libcni
> > +--
> > +2.25.1
> > +
> > diff --git a/recipes-containers/kubernetes/kubernetes_git.bb
> > b/recipes-containers/kubernetes/kubernetes_git.bb
> > index bc694a2..7b9aab8 100644
> > --- a/recipes-containers/kubernetes/kubernetes_git.bb
> > +++ b/recipes-containers/kubernetes/kubernetes_git.bb
> > @@ -16,6 +16,7 @@ SRC_URI = "git://github.com/kubernetes/kubernetes.git;branch=release-1.20;name=k
> > file://0001-generate-bindata-unset-GOBIN.patch \
> > file://0001-build-golang.sh-convert-remaining-go-calls-to-use.patch \
> >
> > file://0001-Makefile.generated_files-Fix-race-issue-for-installi.patch
> > \
> > + file://CVE-2021-20206.patch \
> > "
> >
> > DEPENDS += "rsync-native \
> > --
> > 2.32.0
> >
>
> >
> >
> >
>
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [meta-virtualization][hardknott][PATCH] kubernetes: fix CVE-2021-20206
2021-08-02 3:47 ` Bruce Ashfield
@ 2021-08-02 4:35 ` Ruslan Babayev (fib)
0 siblings, 0 replies; 5+ messages in thread
From: Ruslan Babayev (fib) @ 2021-08-02 4:35 UTC (permalink / raw)
To: Bruce Ashfield; +Cc: sakib.sajal, meta-virtualization
Yes, I replied to the wrong message. Sorry for the confusion.
-----Original Message-----
From: Bruce Ashfield <bruce.ashfield@gmail.com>
Sent: Sunday, August 1, 2021 8:48 PM
To: Ruslan Babayev (fib) <fib@cisco.com>
Cc: sakib.sajal@windriver.com; meta-virtualization@lists.yoctoproject.org
Subject: Re: [meta-virtualization][hardknott][PATCH] kubernetes: fix CVE-2021-20206
In message: RE: [meta-virtualization][hardknott][PATCH] kubernetes: fix CVE-2021-20206 on 30/07/2021 Ruslan Babayev (fib) wrote:
> Thanks Bruce!
>
> Can this be cherry-picked into Dunfell and other branches as well?
Was this meant to be in reply to the python bbappend patch you had sent ? I assume so, since this one obviously cannot be cherry picked.
Bruce
>
> -----Original Message-----
> From: meta-virtualization@lists.yoctoproject.org
> <meta-virtualization@lists.yoctoproject.org> On Behalf Of Bruce
> Ashfield
> Sent: Thursday, July 29, 2021 7:58 AM
> To: sakib.sajal@windriver.com
> Cc: meta-virtualization@lists.yoctoproject.org
> Subject: Re: [meta-virtualization][hardknott][PATCH] kubernetes: fix
> CVE-2021-20206
>
> merged.
>
> Bruce
>
> In message: [meta-virtualization][hardknott][PATCH] kubernetes: fix CVE-2021-20206 on 28/07/2021 sakib.sajal@windriver.com wrote:
>
> > Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
> > ---
> > .../kubernetes/CVE-2021-20206.patch | 92 +++++++++++++++++++
> > .../kubernetes/kubernetes_git.bb | 1 +
> > 2 files changed, 93 insertions(+)
> > create mode 100644
> > recipes-containers/kubernetes/kubernetes/CVE-2021-20206.patch
> >
> > diff --git
> > a/recipes-containers/kubernetes/kubernetes/CVE-2021-20206.patch
> > b/recipes-containers/kubernetes/kubernetes/CVE-2021-20206.patch
> > new file mode 100644
> > index 0000000..dc4e902
> > --- /dev/null
> > +++ b/recipes-containers/kubernetes/kubernetes/CVE-2021-20206.patch
> > @@ -0,0 +1,92 @@
> > +From 5e8f9a8a72351e2fb5bcea3e3c58c935314557b6 Mon Sep 17 00:00:00
> > +2001
> > +From: Navid Shaikh <navids@vmware.com>
> > +Date: Thu, 6 May 2021 15:41:08 +0530
> > +Subject: [PATCH] Bump containernetworking/cni to v0.8.1
> > +
> > + Fix CVE-2021-20206
> > +CVE: CVE-2021-20206
> > +Upstream-Status: Backport
> > +[185f65fbddb5239666c0c67fb335589b7570f60c]
> > +Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
> > +---
> > + go.mod | 4 ++--
> > + go.sum | 4 ++--
> > + vendor/github.com/containernetworking/cni/pkg/invoke/find.go | 5 +++++
> > + vendor/modules.txt | 2 +-
> > + 4 files changed, 10 insertions(+), 5 deletions(-)
> > +
> > +diff --git a/src/import/go.mod b/src/import/go.mod index
> > +e0ba549ab40..d4cc9ce01a9 100644
> > +--- a/src/import/go.mod
> > ++++ b/src/import/go.mod
> > +@@ -28,7 +28,7 @@ require (
> > + github.com/clusterhq/flocker-go v0.0.0-20160920122132-2b8b7259d313
> > + github.com/codegangsta/negroni v1.0.0 // indirect
> > + github.com/container-storage-interface/spec v1.2.0
> > +- github.com/containernetworking/cni v0.8.0
> > ++ github.com/containernetworking/cni v0.8.1
> > + github.com/coredns/corefile-migration v1.0.10
> > + github.com/coreos/go-oidc v2.1.0+incompatible
> > + github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e
> > +@@ -214,7 +214,7 @@ replace (
> > + github.com/containerd/go-runc => github.com/containerd/go-runc v0.0.0-20180907222934-5a6d9f37cfa3
> > + github.com/containerd/ttrpc => github.com/containerd/ttrpc v1.0.2
> > + github.com/containerd/typeurl => github.com/containerd/typeurl v1.0.1
> > +- github.com/containernetworking/cni => github.com/containernetworking/cni v0.8.0
> > ++ github.com/containernetworking/cni =>
> > ++github.com/containernetworking/cni v0.8.1
> > + github.com/coredns/corefile-migration => github.com/coredns/corefile-migration v1.0.10
> > + github.com/coreos/bbolt => github.com/coreos/bbolt v1.3.2
> > + github.com/coreos/etcd => github.com/coreos/etcd
> > +v3.3.13+incompatible diff --git a/src/import/go.sum
> > +b/src/import/go.sum index 288f4554b1f..9168f49c859 100644
> > +--- a/src/import/go.sum
> > ++++ b/src/import/go.sum
> > +@@ -113,8 +113,8 @@ github.com/containerd/ttrpc v1.0.2
> > +h1:2/O3oTZN36q2xRolk0a2WWGgh7/Vf/liElg5hFYLX9
> > + github.com/containerd/ttrpc v1.0.2/go.mod
> > +h1:UAxOpgT9ziI0gJrmKvgcZivgxOp8iFPSk8httJEt98Y=
> > + github.com/containerd/typeurl v1.0.1
> > +h1:PvuK4E3D5S5q6IqsPDCy928FhP0LUIGcmZ/Yhgp5Djw=
> > + github.com/containerd/typeurl v1.0.1/go.mod
> > +h1:TB1hUtrpaiO88KEK56ijojHS1+NeF0izUACaJW2mdXg=
> > +-github.com/containernetworking/cni v0.8.0
> > +h1:BT9lpgGoH4jw3lFC7Odz2prU5ruiYKcgAjMCbgybcKI=
> > +-github.com/containernetworking/cni v0.8.0/go.mod
> > +h1:LGwApLUm2FpoOfxTDEeq8T9ipbpZ61X79hmU3w8FmsY=
> > ++github.com/containernetworking/cni v0.8.1
> > ++h1:7zpDnQ3T3s4ucOuJ/ZCLrYBxzkg0AELFfII3Epo9TmI=
> > ++github.com/containernetworking/cni v0.8.1/go.mod
> > ++h1:LGwApLUm2FpoOfxTDEeq8T9ipbpZ61X79hmU3w8FmsY=
> > + github.com/coredns/corefile-migration v1.0.10
> > +h1:7HI4r5S5Fne749a+JDxUZppqBpYoZK8Q53ZVK9cn3aM=
> > + github.com/coredns/corefile-migration v1.0.10/go.mod
> > +h1:RMy/mXdeDlYwzt0vdMEJvT2hGJ2I86/eO0UdXmH9XNI=
> > + github.com/coreos/bbolt v1.3.2
> > +h1:wZwiHHUieZCquLkDL0B8UhzreNWsPHooDAG3q34zk0s=
> > +diff --git
> > +a/src/import/vendor/github.com/containernetworking/cni/pkg/invoke/f
> > +in
> > +d.go
> > +b/src/import/vendor/github.com/containernetworking/cni/pkg/invoke/f
> > +in d.go index e815404c859..e62029eb788 100644
> > +---
> > +a/src/import/vendor/github.com/containernetworking/cni/pkg/invoke/f
> > +in
> > +d.go
> > ++++ b/src/import/vendor/github.com/containernetworking/cni/pkg/invo
> > ++++ ke
> > ++++ /find.go
> > +@@ -18,6 +18,7 @@ import (
> > + "fmt"
> > + "os"
> > + "path/filepath"
> > ++ "strings"
> > + )
> > +
> > + // FindInPath returns the full path of the plugin by searching in
> > +the provided path @@ -26,6 +27,10 @@ func FindInPath(plugin string, paths []string) (string, error) {
> > + return "", fmt.Errorf("no plugin name provided")
> > + }
> > +
> > ++ if strings.ContainsRune(plugin, os.PathSeparator) {
> > ++ return "", fmt.Errorf("invalid plugin name: %s", plugin)
> > ++ }
> > ++
> > + if len(paths) == 0 {
> > + return "", fmt.Errorf("no paths provided")
> > + }
> > +diff --git a/src/import/vendor/modules.txt
> > +b/src/import/vendor/modules.txt index 6a263b51686..c3b68a5f547
> > +100644
> > +--- a/src/import/vendor/modules.txt
> > ++++ b/src/import/vendor/modules.txt
> > +@@ -257,7 +257,7 @@ github.com/containerd/containerd/pkg/dialer
> > + github.com/containerd/ttrpc
> > + # github.com/containerd/ttrpc => github.com/containerd/ttrpc
> > +v1.0.2 # github.com/containerd/typeurl =>
> > +github.com/containerd/typeurl
> > +v1.0.1 -# github.com/containernetworking/cni v0.8.0 =>
> > +github.com/containernetworking/cni v0.8.0
> > ++# github.com/containernetworking/cni v0.8.1 =>
> > ++github.com/containernetworking/cni v0.8.1
> > + ## explicit
> > + # github.com/containernetworking/cni =>
> > +github.com/containernetworking/cni v0.8.0
> > +github.com/containernetworking/cni/libcni
> > +--
> > +2.25.1
> > +
> > diff --git a/recipes-containers/kubernetes/kubernetes_git.bb
> > b/recipes-containers/kubernetes/kubernetes_git.bb
> > index bc694a2..7b9aab8 100644
> > --- a/recipes-containers/kubernetes/kubernetes_git.bb
> > +++ b/recipes-containers/kubernetes/kubernetes_git.bb
> > @@ -16,6 +16,7 @@ SRC_URI = "git://github.com/kubernetes/kubernetes.git;branch=release-1.20;name=k
> > file://0001-generate-bindata-unset-GOBIN.patch \
> >
> > file://0001-build-golang.sh-convert-remaining-go-calls-to-use.patch
> > \
> >
> > file://0001-Makefile.generated_files-Fix-race-issue-for-installi.pat
> > ch
> > \
> > + file://CVE-2021-20206.patch \
> > "
> >
> > DEPENDS += "rsync-native \
> > --
> > 2.32.0
> >
>
> >
> >
> >
>
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2021-08-02 4:36 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-07-28 17:08 [meta-virtualization][hardknott][PATCH] kubernetes: fix CVE-2021-20206 sakib.sajal
2021-07-29 14:58 ` Bruce Ashfield
2021-07-30 18:13 ` Ruslan Babayev (fib)
2021-08-02 3:47 ` Bruce Ashfield
2021-08-02 4:35 ` Ruslan Babayev (fib)
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.