Skip to content
This repository was archived by the owner on Sep 30, 2024. It is now read-only.

wolfi: update base-images (CVE-2023-38545)#57533

Merged
willdollman merged 2 commits intomainfrom
vincent+will/update-base-images
Oct 11, 2023
Merged

wolfi: update base-images (CVE-2023-38545)#57533
willdollman merged 2 commits intomainfrom
vincent+will/update-base-images

Conversation

@evict
Copy link
Contributor

@evict evict commented Oct 11, 2023
edited
Loading

We ran sg wolfi update-hashes. This makes sure we are using the latest version of curl and other dependencies that have been updated.

Related to: https://github.com/sourcegraph/sourcegraph/pull/57529.

Test plan

CI tests will verify the builds. Verified versions locally, see comment below.

@evict
wolfi: update base-images
4dcdeeb 
We ran `sg wolfi update-hashes`.
@evict evict added the SSDLC label Oct 11, 2023
@evict evict requested a review from willdollman October 11, 2023 10:52
@cla-bot cla-bot bot added the cla-signed label Oct 11, 2023
@evict evict changed the title wolfi: update base-images wolfi: update base-images (CVE-2023-38545) Oct 11, 2023
@evict evict force-pushed the vincent+will/update-base-images branch from b149cc9 to 9d8f8db Compare October 11, 2023 11:00
@evict
Copy link
Contributor Author

evict commented Oct 11, 2023
edited
Loading

Verified that we are indeed shipping the latest curl (and libcurl), by running the image with the digest from dev/oci_deps.bzl:

$ docker run -it --entrypoint /bin/sh index.docker.io/sourcegraph/wolfi-gitserver-base@sha256:5fa1bf66f3f90791ecbd28ca51dac748d72c37abdc49ba63b728258414128c61           
/ # curl -V
curl 8.4.0 (x86_64-pc-linux-gnu) libcurl/8.4.0 OpenSSL/3.1.3 zlib/1.3 brotli/1.1.0 nghttp2/1.56.0
Release-Date: 2023-10-11
Protocols: dict file ftp ftps gopher gophers http https imap imaps mqtt pop3 pop3s rtsp smb smbs smtp smtps telnet tftp
Features: alt-svc AsynchDNS brotli HSTS HTTP2 HTTPS-proxy IPv6 Largefile libz NTLM SSL threadsafe TLS-SRP UnixSockets

@willdollman willdollman enabled auto-merge (squash) October 11, 2023 11:08
@willdollman willdollman merged commit 1873138 into main Oct 11, 2023
@willdollman willdollman deleted the vincent+will/update-base-images branch October 11, 2023 11:10
@sourcegraph-release-bot sourcegraph-release-bot mentioned this pull request Oct 11, 2023
Closed
sourcegraph-release-bot pushed a commit that referenced this pull request Oct 11, 2023
@evict @github-actions
wolfi: update base-images (CVE-2023-38545) (#57533)
2d28f1e 
* wolfi: update base-images

We ran `sg wolfi update-hashes`.

* sec: update CHANGELOG

(cherry picked from commit 1873138)
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

1 more reviewer

@willdollman willdollman willdollman approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@willdollman willdollman

@evict evict

Labels

backport 5.2 cla-signed SSDLC

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@evict @willdollman