Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OCPBUGS-46536: Bump openvswitch #647

Open
wants to merge 1 commit into
base: release-4.14
Choose a base branch
from
Open

OCPBUGS-46536: Bump openvswitch #647

wants to merge 1 commit into from

Conversation

k37y
Copy link

@k37y k37y commented Dec 19, 2024

@k37y
OCPBUGS-46536: Bump openvswitch
e034ac1 
- Bump openvswitch from 2.13 to 2.17 to mitigate CVE-2019-25076

Signed-off-by: Vinu K <[email protected]>
@openshift-ci-robot openshift-ci-robot added jira/severity-important Referenced Jira bug's severity is important for the branch this PR is targeting. jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. jira/invalid-bug Indicates that a referenced Jira bug is invalid for the branch this PR is targeting. labels Dec 19, 2024
@openshift-ci-robot
Copy link
Contributor

@k37y: This pull request references Jira Issue OCPBUGS-46536, which is invalid:

  • expected the bug to target the "4.14.z" version, but no target version was set
  • release note text must be set and not match the template OR release note type must be set to "Release Note Not Required". For more information you can reference the OpenShift Bug Process.
  • expected Jira Issue OCPBUGS-46536 to depend on a bug targeting a version in 4.15.0, 4.15.z and in one of the following states: VERIFIED, RELEASE PENDING, CLOSED (ERRATA), CLOSED (CURRENT RELEASE), CLOSED (DONE), CLOSED (DONE-ERRATA), but no dependents were found

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

The bug has been updated to refer to the pull request using the external bug tracker.

In response to this:

  • Bump openvswitch from 2.13 to 2.17 to mitigate CVE-2019-25076

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@openshift-ci openshift-ci bot requested review from abhat and trozet December 19, 2024 13:53
@openshift-ci OpenShift CI
Copy link
Contributor

openshift-ci bot commented Dec 19, 2024
edited
Loading

@k37y: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/security e034ac1 link false /test security

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

@k37y
Copy link
Author

k37y commented Dec 21, 2024

/test e2e-aws-sdn-upgrade

@k37y
Copy link
Author

k37y commented Jan 7, 2025

/jira refresh

@openshift-ci-robot
Copy link
Contributor

@k37y: This pull request references Jira Issue OCPBUGS-46536, which is invalid:

  • release note text must be set and not match the template OR release note type must be set to "Release Note Not Required". For more information you can reference the OpenShift Bug Process.
  • expected Jira Issue OCPBUGS-46536 to depend on a bug targeting a version in 4.15.0, 4.15.z and in one of the following states: VERIFIED, RELEASE PENDING, CLOSED (ERRATA), CLOSED (CURRENT RELEASE), CLOSED (DONE), CLOSED (DONE-ERRATA), but no dependents were found

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

In response to this:

/jira refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@k37y
Copy link
Author

k37y commented Jan 7, 2025

/assign @danwinship

@danwinship
Copy link
Contributor

Bump openvswitch from 2.13 to 2.17 to mitigate CVE-2019-25076

Just to be clear: this is not actually about mitigating the CVE; the CVE was mitigated years ago by updating the openvswitch RPM in the RHCOS image (and it would only have been exploitable under ovn-kubernetes anyway). This change is just about preventing the sdn image from being flagged by automated CVE checkers.

@danwinship
Copy link
Contributor

/lgtm
/approve
/label backport-risk-assessed

@openshift-ci openshift-ci bot added the backport-risk-assessed Indicates a PR to a release branch has been evaluated and considered safe to accept. label Jan 7, 2025
@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Jan 7, 2025
@openshift-ci OpenShift CI
Copy link
Contributor

openshift-ci bot commented Jan 7, 2025

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: danwinship, k37y

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jan 7, 2025
@danwinship
Copy link
Contributor

To fix the jira/invalid-bug label, you need to do what it says in this comment.

For the release note, pick "Rebase" for the type, and for the release note text, just note that we updated the image from ovs 2.13 to 2.17 for maintenance reasons but we do not expect any behavioral changes as a result.

For the "dependent bug", you can use OCPBUGS-28580, which is the bug that changed the OVS RPM version in 4.15. (So on 46536, scroll to "Issue Links", click the "+" icon on the right, then choose "depends on" and enter OCPBUGS-28580.)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@abhat abhat Awaiting requested review from abhat

@trozet trozet Awaiting requested review from trozet

Assignees

@danwinship danwinship

@mffiedler mffiedler

@rbbratta rbbratta

@weliang1 weliang1

@anuragthehatter anuragthehatter

@huiran0826 huiran0826

@asood-rh asood-rh

@jechen0648 jechen0648

@yingwang-0320 yingwang-0320

@qiowang721 qiowang721

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. backport-risk-assessed Indicates a PR to a release branch has been evaluated and considered safe to accept. jira/invalid-bug Indicates that a referenced Jira bug is invalid for the branch this PR is targeting. jira/severity-important Referenced Jira bug's severity is important for the branch this PR is targeting. jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. lgtm Indicates that a PR is ready to be merged.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.