Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

k3s: 1.19.2+k3s1 -> 1.19.4+k3s2 #106423

Merged
merged 1 commit into from Dec 9, 2020
Merged

k3s: 1.19.2+k3s1 -> 1.19.4+k3s2 #106423

merged 1 commit into from Dec 9, 2020

Conversation

euank
Copy link
Member

@euank euank commented Dec 9, 2020
edited

Motivation for this change

This includes a fix for CVE-2020-15257, as described in the upstream
release notes: https://github.com/k3s-io/k3s/releases/tag/v1.19.4%2Bk3s2

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS linux)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) (nix-build nixos/tests/k3s.nix)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Ensured that relevant documentation is up to date
  • Fits CONTRIBUTING.md.

@euank
k3s: 1.19.2+k3s1 -> 1.19.4+k3s2
5ca87dc 
This includes a fix for CVE-2020-15257, as described in the upstream
release notes: https://github.com/k3s-io/k3s/releases/tag/v1.19.4%2Bk3s2
@euank
Copy link
Member Author

euank commented Dec 9, 2020

Running nixos/tests/k3s.nix fails on this pr, but it also fails in the same way on master. It passes again on this PR if I merge in #101739 too

@flokli
Copy link
Contributor

flokli commented Dec 9, 2020

Thanks!

@flokli flokli merged commit 02e058e into NixOS:master Dec 9, 2020
@flokli
Copy link
Contributor

flokli commented Dec 9, 2020

@euank any ideas on how to best proceed with release-20.09? This still seems to be on v1.18.2+k3s-698e444a-dirty.

Upstreams release notes suggest we could move this to v1.18.12+k3s2

@euank
Copy link
Member Author

euank commented Dec 9, 2020

@flokli the right thing to do for a release branch is to bump to the patched v1.18.x, I agree.

Want me to open a PR against that branch for that bump?

@flokli
Copy link
Contributor

flokli commented Dec 9, 2020 via email

@euank
Copy link
Member Author

euank commented Dec 10, 2020

I updated the release branch over here: #106508

Thanks for the pointers to do that!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
1.severity: security 10.rebuild-darwin: 0 10.rebuild-linux: 1-10 10.rebuild-linux: 1 11.by: package-maintainer
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@euank @flokli