Skip to content

[release/1.6] Update x/net to 0.13 #9130

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
fuweid merged 1 commit into from
Oct 14, 2023
Merged

[release/1.6] Update x/net to 0.13 #9130

fuweid merged 1 commit into from
Oct 14, 2023

Conversation

@Kern--
Copy link
Contributor

@Kern-- Kern-- commented Sep 22, 2023

This silences govulncheck detecting
https://pkg.go.dev/vuln/GO-2023-1988.

containerd only uses x/net for context and httpcontext which do not render html.

Before this change:

$ govulncheck --mode binary bin/containerd
Scanning your binary for known vulnerabilities...

Vulnerability #1: GO-2023-1988
    Improper rendering of text nodes in golang.org/x/net/html
  More info: https://pkg.go.dev/vuln/GO-2023-1988
  Module: golang.org/x/net
    Found in: golang.org/x/net@v0.8.0
    Fixed in: golang.org/x/net@v0.13.0
    Example traces found:
      #1: html.Render

Vulnerability #2: GO-2022-0619
    Authorization bypass in github.com/emicklei/go-restful, go-restful/v2 and
    go-restful/v3
  More info: https://pkg.go.dev/vuln/GO-2022-0619
  Module: github.com/emicklei/go-restful
    Found in: github.com/emicklei/go-restful@v2.9.5+incompatible
    Fixed in: github.com/emicklei/go-restful@v2.16.0+incompatible
    Example traces found:
      #1: restful.CrossOriginResourceSharing.Filter

Your code is affected by 2 vulnerabilities from 2 modules.

After this change:

$ govulncheck --mode binary bin/containerd
Scanning your binary for known vulnerabilities...

Vulnerability #1: GO-2022-0619
    Authorization bypass in github.com/emicklei/go-restful, go-restful/v2 and
    go-restful/v3
  More info: https://pkg.go.dev/vuln/GO-2022-0619
  Module: github.com/emicklei/go-restful
    Found in: github.com/emicklei/go-restful@v2.9.5+incompatible
    Fixed in: github.com/emicklei/go-restful@v2.16.0+incompatible
    Example traces found:
      #1: restful.CrossOriginResourceSharing.Filter

Your code is affected by 1 vulnerability from 1 module.

The remaining vulnerability is also a false positive: #8168 (comment)

@k8s-ci-robot
Copy link

k8s-ci-robot commented Sep 22, 2023

Hi @Kern--. Thanks for your PR.

I'm waiting for a containerd member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@AkihiroSuda
Copy link
Member

AkihiroSuda commented Sep 22, 2023

CI is failing, not sure if relevant to this commit though

+ build
# github.com/containerd/containerd/cmd/containerd
C:\hostedtoolcache\windows\go\1.1[9](https://github.com/containerd/containerd/actions/runs/6277437483/job/17049319856?pr=9130#step:6:10).12\x64\pkg\tool\windows_amd64\link.exe: running gcc failed: exit status 1
C:/ProgramData/Chocolatey/lib/mingw/tools/install/mingw64/bin/../lib/gcc/x86_64-w64-mingw32/12.2.0/../../../../x86_64-w64-mingw32/bin/ld.exe: C:\Users\RUNNER~1\AppData\Local\Temp\go-link-1207348495\000007.o: in function `_cgo_preinit_init':
\\_\_\runtime\cgo/gcc_libinit_windows.c:40: undefined reference to `__imp___iob_func'
C:/ProgramData/Chocolatey/lib/mingw/tools/install/mingw64/bin/../lib/gcc/x86_64-w64-mingw32/12.2.0/../../../../x86_64-w64-mingw32/bin/ld.exe: C:\Users\RUNNER~1\AppData\Local\Temp\go-link-1207348495\000007.o: in function `x_cgo_notify_runtime_init_done':
\\_\_\runtime\cgo/gcc_libinit_windows.c:105: undefined reference to `__imp___iob_func'
C:/ProgramData/Chocolatey/lib/mingw/tools/install/mingw64/bin/../lib/gcc/x86_64-w64-mingw32/12.2.0/../../../../x86_64-w64-mingw32/bin/ld.exe: C:\Users\RUNNER~1\AppData\Local\Temp\go-link-1207348495\000007.o: in function `_cgo_beginthread':
\\_\_\runtime\cgo/gcc_libinit_windows.c:149: undefined reference to `__imp___iob_func'
C:/ProgramData/Chocolatey/lib/mingw/tools/install/mingw64/bin/../lib/gcc/x86_64-w64-mingw32/12.2.0/../../../../x86_64-w64-mingw32/bin/ld.exe: C:\Users\RUNNER~1\AppData\Local\Temp\go-link-1207348495\000008.o: in function `x_cgo_thread_start':
\\_\_\runtime\cgo/gcc_util.c:18: undefined reference to `__imp___iob_func'
collect2.exe: error: ld returned 1 exit status

mingw32-make: *** [Makefile:202: build] Error 1
+ bin/ctr.exe
+ bin/containerd.exe
# github.com/containerd/containerd/cmd/containerd
C:\hostedtoolcache\windows\go\1.19.12\x64\pkg\tool\windows_amd64\link.exe: running gcc failed: exit status 1
C:/ProgramData/Chocolatey/lib/mingw/tools/install/mingw64/bin/../lib/gcc/x86_64-w64-mingw32/12.2.0/../../../../x86_64-w64-mingw32/bin/ld.exe: C:\Users\RUNNER~1\AppData\Local\Temp\go-link-3358207133\000007.o: in function `_cgo_preinit_init':
\\_\_\runtime\cgo/gcc_libinit_windows.c:40: undefined reference to `__imp___iob_func'
C:/ProgramData/Chocolatey/lib/mingw/tools/install/mingw64/bin/../lib/gcc/x86_64-w64-mingw32/12.2.0/../../../../x86_64-w64-mingw32/bin/ld.exe: C:\Users\RUNNER~1\AppData\Local\Temp\go-link-3358207133\000007.o: in function `x_cgo_notify_runtime_init_done':
\\_\_\runtime\cgo/gcc_libinit_windows.c:[10](https://github.com/containerd/containerd/actions/runs/6277437483/job/17049319856?pr=9130#step:6:11)5: undefined reference to `__imp___iob_func'
C:/ProgramData/Chocolatey/lib/mingw/tools/install/mingw64/bin/../lib/gcc/x86_64-w64-mingw32/[12](https://github.com/containerd/containerd/actions/runs/6277437483/job/17049319856?pr=9130#step:6:13).2.0/../../../../x86_64-w64-mingw32/bin/ld.exe: C:\Users\RUNNER~1\AppData\Local\Temp\go-link-3358207[13](https://github.com/containerd/containerd/actions/runs/6277437483/job/17049319856?pr=9130#step:6:14)3\000007.o: in function `_cgo_beginthread':
\\_\_\runtime\cgo/gcc_libinit_windows.c:[14](https://github.com/containerd/containerd/actions/runs/6277437483/job/17049319856?pr=9130#step:6:15)9: undefined reference to `__imp___iob_func'
C:/ProgramData/Chocolatey/lib/mingw/tools/install/mingw64/bin/../lib/gcc/x86_64-w64-mingw32/12.2.0/../../../../x86_64-w64-mingw32/bin/ld.exe: C:\Users\RUNNER~1\AppData\Local\Temp\go-link-3358207133\000008.o: in function `x_cgo_thread_start':
\\_\_\runtime\cgo/gcc_util.c:[18](https://github.com/containerd/containerd/actions/runs/6277437483/job/17049319856?pr=9130#step:6:19): undefined reference to `__imp___iob_func'
collect2.exe: error: ld returned 1 exit status

mingw[32](https://github.com/containerd/containerd/actions/runs/6277437483/job/17049319856?pr=9130#step:6:33)-make: *** [Makefile.windows:32: bin/containerd.exe] Error 1

https://github.com/containerd/containerd/actions/runs/6277437483/job/17049319856?pr=9130

@Kern--
Copy link
Contributor Author

Kern-- commented Sep 22, 2023

#9132 is failing with the same error:

https://github.com/containerd/containerd/actions/runs/6278970989/job/17053934880?pr=9132

dmcgowan
dmcgowan reviewed Sep 22, 2023
View reviewed changes
@Kern-- Kern-- mentioned this pull request Sep 23, 2023
Merged
@Kern-- Kern-- mentioned this pull request Oct 3, 2023
Merged
@fuweid
Copy link
Member

fuweid commented Oct 13, 2023

@Kern-- would you please rebase it? After it's green, I will merge this one. THanks

@fuweid fuweid added the easy-to-review Easy to review label Oct 13, 2023
@mxpv mxpv added the status/needs-update Awaiting contributor update label Oct 13, 2023
@Kern--
Bump x/net to 0.13
275fc59 
This silences govulncheck detecting
https://pkg.go.dev/vuln/GO-2023-1988.

containerd only uses x/net for context and httpcontext which do not
render html.

Signed-off-by: Kern Walster <walster@amazon.com>
fuweid
fuweid approved these changes Oct 14, 2023
View reviewed changes
Copy link
Member

@fuweid fuweid left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@fuweid fuweid merged commit 29b96d9 into containerd:release/1.6 Oct 14, 2023
@akhilerm akhilerm mentioned this pull request Nov 19, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dmcgowan dmcgowan dmcgowan left review comments

@kzys kzys kzys approved these changes

@henry118 henry118 henry118 approved these changes

@fuweid fuweid fuweid approved these changes

Assignees

No one assigned

Labels

easy-to-review Easy to review needs-ok-to-test status/needs-update Awaiting contributor update

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

8 participants

@Kern-- @k8s-ci-robot @AkihiroSuda @fuweid @kzys @dmcgowan @henry118 @mxpv