Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DFBUGS-1159: Misuse of ServerConfig.PublicKeyCallback (CVE-2024-45337) #464

Merged
merged 1 commit into from
Feb 10, 2025
Merged

DFBUGS-1159: Misuse of ServerConfig.PublicKeyCallback (CVE-2024-45337) #464

merged 1 commit into from
Feb 10, 2025

Conversation

black-dragon74
Copy link
Member

may cause authorization bypass in golang.org/x/crypto

Update golang.org.crypto from 0.29.0 to 0.32.0

@openshift-ci-robot openshift-ci-robot added jira/valid-reference Indicates that this PR references a valid jira ticket of any type jira/invalid-bug Indicates that the referenced jira bug is invalid for the branch this PR is targeting labels Feb 4, 2025
@openshift-ci-robot
Copy link

openshift-ci-robot commented Feb 4, 2025
edited by openshift-ci bot
Loading

@black-dragon74: This pull request references [Jira Issue DFBUGS-1159](https://issues.redhat.com//browse/DFBUGS-1159), which is invalid:

  • expected the bug to target the "odf-4.18" version, but no target version was set

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

In response to this:

may cause authorization bypass in golang.org/x/crypto

Update golang.org.crypto from 0.29.0 to 0.32.0

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@black-dragon74
Copy link
Member Author

/cherry-pick release-4.17
/cherry-pick release-4.16
/cherry-pick release-4.15
/cherry-pick release-4.14

@openshift-cherrypick-robot
Copy link

@black-dragon74: once the present PR merges, I will cherry-pick it on top of release-4.14, release-4.15, release-4.16, release-4.17 in new PRs and assign them to you.

In response to this:

/cherry-pick release-4.17
/cherry-pick release-4.16
/cherry-pick release-4.15
/cherry-pick release-4.14

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@black-dragon74
rebase: CVE-2024-45337 Misuse of ServerConfig.PublicKeyCallback
d9e9d74 
may cause authorization bypass in golang.org/x/crypto

Update golang.org.crypto from 0.29.0 to 0.32.0

Signed-off-by: Niraj Yadav <niryadav@redhat.com>
@black-dragon74 black-dragon74 changed the title DFBUGS-1159: CVE-2024-45337 Misuse of ServerConfig.PublicKeyCallback CVE-2024-45337 Misuse of ServerConfig.PublicKeyCallback Feb 4, 2025
@openshift-ci-robot openshift-ci-robot removed the jira/valid-reference Indicates that this PR references a valid jira ticket of any type label Feb 4, 2025
@openshift-ci-robot
Copy link

@black-dragon74: No Jira issue is referenced in the title of this pull request.
To reference a jira issue, add 'XYZ-NNN:' to the title of this pull request and request another refresh with /jira refresh.

In response to this:

may cause authorization bypass in golang.org/x/crypto

Update golang.org.crypto from 0.29.0 to 0.32.0

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@openshift-ci-robot openshift-ci-robot removed the jira/invalid-bug Indicates that the referenced jira bug is invalid for the branch this PR is targeting label Feb 4, 2025
@nixpanic
Copy link
Member

nixpanic commented Feb 5, 2025
edited by openshift-ci bot
Loading

/retitle DFBUGS-1159: Misuse of ServerConfig.PublicKeyCallback (CVE-2024-45337)

@openshift-ci openshift-ci bot changed the title CVE-2024-45337 Misuse of ServerConfig.PublicKeyCallback DFBUGS-1159: Misuse of ServerConfig.PublicKeyCallback (CVE-2024-45337) Feb 5, 2025
@openshift-ci-robot openshift-ci-robot added jira/valid-reference Indicates that this PR references a valid jira ticket of any type jira/invalid-bug Indicates that the referenced jira bug is invalid for the branch this PR is targeting labels Feb 5, 2025
@openshift-ci-robot
Copy link

openshift-ci-robot commented Feb 5, 2025
edited by openshift-ci bot
Loading

@black-dragon74: This pull request references [Jira Issue DFBUGS-1159](https://issues.redhat.com//browse/DFBUGS-1159), which is invalid:

  • expected the bug to target the "odf-4.18" version, but no target version was set

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

In response to this:

may cause authorization bypass in golang.org/x/crypto

Update golang.org.crypto from 0.29.0 to 0.32.0

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@black-dragon74
Copy link
Member Author

Hi @nixpanic, we do not have a bug for 4.18 for this CVE (wondering why...)

@black-dragon74
Copy link
Member Author

/jira refresh

@openshift-ci-robot openshift-ci-robot added jira/valid-bug Indicates that the referenced jira bug is valid for the branch this PR is targeting and removed jira/invalid-bug Indicates that the referenced jira bug is invalid for the branch this PR is targeting labels Feb 10, 2025
@openshift-ci-robot
Copy link

openshift-ci-robot commented Feb 10, 2025
edited by openshift-ci bot
Loading

@black-dragon74: This pull request references [Jira Issue DFBUGS-1159](https://issues.redhat.com//browse/DFBUGS-1159), which is valid.

3 validation(s) were run on this bug
  • bug is open, matching expected state (open)
  • bug target version (odf-4.18) matches configured target version for branch (odf-4.18)
  • bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, POST)

Requesting review from QA contact:
/cc @nehaberry

In response to this:

/jira refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@openshift-ci OpenShift CI
Copy link

openshift-ci bot commented Feb 10, 2025
edited
Loading

@openshift-ci-robot: GitHub didn't allow me to request PR reviews from the following users: nehaberry.

Note that only red-hat-storage members and repo collaborators can review this PR, and authors cannot review their own PRs.

In response to this:

@black-dragon74: This pull request references [Jira Issue DFBUGS-1159](https://issues.redhat.com//browse/DFBUGS-1159), which is valid.

3 validation(s) were run on this bug
  • bug is open, matching expected state (open)
  • bug target version (odf-4.18) matches configured target version for branch (odf-4.18)
  • bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, POST)

Requesting review from QA contact:
/cc @nehaberry

In response to this:

/jira refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

Rakshith-R
Rakshith-R approved these changes Feb 10, 2025
View reviewed changes
Copy link
Member

@Rakshith-R Rakshith-R left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm
/approve

@openshift-ci openshift-ci bot added the lgtm Code looks good label Feb 10, 2025
@openshift-ci OpenShift CI
Copy link

openshift-ci bot commented Feb 10, 2025

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: black-dragon74, Rakshith-R

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci bot added the approved Its a good idea label Feb 10, 2025
@black-dragon74 black-dragon74 mentioned this pull request Feb 10, 2025
Merged
@openshift-merge-bot openshift-merge-bot bot merged commit 6529155 into red-hat-storage:release-4.18 Feb 10, 2025
10 of 12 checks passed
@openshift-ci-robot
Copy link

openshift-ci-robot commented Feb 10, 2025
edited by openshift-ci bot
Loading

@black-dragon74: [Jira Issue DFBUGS-1159](https://issues.redhat.com//browse/DFBUGS-1159): All pull requests linked via external trackers have merged:

[Jira Issue DFBUGS-1159](https://issues.redhat.com//browse/DFBUGS-1159) has been moved to the MODIFIED state.

In response to this:

may cause authorization bypass in golang.org/x/crypto

Update golang.org.crypto from 0.29.0 to 0.32.0

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@openshift-cherrypick-robot
Copy link

@black-dragon74: #464 failed to apply on top of branch "release-4.17":

Applying: rebase: CVE-2024-45337 Misuse of ServerConfig.PublicKeyCallback
Using index info to reconstruct a base tree...
M	go.mod
M	go.sum
M	vendor/golang.org/x/crypto/ssh/server.go
M	vendor/golang.org/x/sys/unix/zerrors_linux.go
M	vendor/golang.org/x/sys/unix/zerrors_linux_386.go
M	vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go
M	vendor/golang.org/x/sys/unix/zerrors_linux_arm.go
M	vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go
M	vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go
M	vendor/golang.org/x/sys/unix/zerrors_linux_mips.go
M	vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go
M	vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go
M	vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go
M	vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go
M	vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go
M	vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go
M	vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go
M	vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go
M	vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go
M	vendor/golang.org/x/sys/unix/ztypes_darwin_amd64.go
M	vendor/golang.org/x/sys/unix/ztypes_darwin_arm64.go
M	vendor/golang.org/x/sys/unix/ztypes_linux.go
M	vendor/golang.org/x/sys/windows/dll_windows.go
M	vendor/golang.org/x/sys/windows/syscall_windows.go
M	vendor/golang.org/x/sys/windows/types_windows.go
M	vendor/golang.org/x/sys/windows/zsyscall_windows.go
M	vendor/modules.txt
Falling back to patching base and 3-way merge...
Auto-merging vendor/modules.txt
CONFLICT (content): Merge conflict in vendor/modules.txt
Auto-merging vendor/golang.org/x/sys/windows/zsyscall_windows.go
CONFLICT (content): Merge conflict in vendor/golang.org/x/sys/windows/zsyscall_windows.go
Auto-merging vendor/golang.org/x/sys/windows/types_windows.go
Auto-merging vendor/golang.org/x/sys/windows/syscall_windows.go
Auto-merging vendor/golang.org/x/sys/windows/dll_windows.go
Auto-merging vendor/golang.org/x/sys/unix/ztypes_linux.go
CONFLICT (content): Merge conflict in vendor/golang.org/x/sys/unix/ztypes_linux.go
Auto-merging vendor/golang.org/x/sys/unix/ztypes_darwin_arm64.go
Auto-merging vendor/golang.org/x/sys/unix/ztypes_darwin_amd64.go
Auto-merging vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go
Auto-merging vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go
Auto-merging vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go
Auto-merging vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go
Auto-merging vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go
Auto-merging vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go
Auto-merging vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go
Auto-merging vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go
Auto-merging vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go
Auto-merging vendor/golang.org/x/sys/unix/zerrors_linux_mips.go
Auto-merging vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go
Auto-merging vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go
Auto-merging vendor/golang.org/x/sys/unix/zerrors_linux_arm.go
Auto-merging vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go
Auto-merging vendor/golang.org/x/sys/unix/zerrors_linux_386.go
Auto-merging vendor/golang.org/x/sys/unix/zerrors_linux.go
CONFLICT (content): Merge conflict in vendor/golang.org/x/sys/unix/zerrors_linux.go
Auto-merging vendor/golang.org/x/crypto/ssh/server.go
Auto-merging go.sum
CONFLICT (content): Merge conflict in go.sum
Auto-merging go.mod
CONFLICT (content): Merge conflict in go.mod
error: Failed to merge in the changes.
hint: Use 'git am --show-current-patch=diff' to see the failed patch
hint: When you have resolved this problem, run "git am --continue".
hint: If you prefer to skip this patch, run "git am --skip" instead.
hint: To restore the original branch and stop patching, run "git am --abort".
hint: Disable this message with "git config advice.mergeConflict false"
Patch failed at 0001 rebase: CVE-2024-45337 Misuse of ServerConfig.PublicKeyCallback

In response to this:

/cherry-pick release-4.17
/cherry-pick release-4.16
/cherry-pick release-4.15
/cherry-pick release-4.14

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@openshift-cherrypick-robot
Copy link

@black-dragon74: #464 failed to apply on top of branch "release-4.16":

Applying: rebase: CVE-2024-45337 Misuse of ServerConfig.PublicKeyCallback
Using index info to reconstruct a base tree...
M	go.mod
M	go.sum
M	vendor/golang.org/x/crypto/ssh/server.go
M	vendor/golang.org/x/sys/unix/zerrors_linux.go
M	vendor/golang.org/x/sys/unix/zerrors_linux_386.go
M	vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go
M	vendor/golang.org/x/sys/unix/zerrors_linux_arm.go
M	vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go
M	vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go
M	vendor/golang.org/x/sys/unix/zerrors_linux_mips.go
M	vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go
M	vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go
M	vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go
M	vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go
M	vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go
M	vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go
M	vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go
M	vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go
M	vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go
M	vendor/golang.org/x/sys/unix/ztypes_darwin_amd64.go
M	vendor/golang.org/x/sys/unix/ztypes_darwin_arm64.go
M	vendor/golang.org/x/sys/unix/ztypes_linux.go
M	vendor/golang.org/x/sys/windows/dll_windows.go
M	vendor/golang.org/x/sys/windows/syscall_windows.go
M	vendor/golang.org/x/sys/windows/types_windows.go
M	vendor/golang.org/x/sys/windows/zsyscall_windows.go
M	vendor/modules.txt
Falling back to patching base and 3-way merge...
Auto-merging vendor/modules.txt
CONFLICT (content): Merge conflict in vendor/modules.txt
Auto-merging vendor/golang.org/x/sys/windows/zsyscall_windows.go
CONFLICT (content): Merge conflict in vendor/golang.org/x/sys/windows/zsyscall_windows.go
Auto-merging vendor/golang.org/x/sys/windows/types_windows.go
Auto-merging vendor/golang.org/x/sys/windows/syscall_windows.go
Auto-merging vendor/golang.org/x/sys/windows/dll_windows.go
Auto-merging vendor/golang.org/x/sys/unix/ztypes_linux.go
CONFLICT (content): Merge conflict in vendor/golang.org/x/sys/unix/ztypes_linux.go
Auto-merging vendor/golang.org/x/sys/unix/ztypes_darwin_arm64.go
Auto-merging vendor/golang.org/x/sys/unix/ztypes_darwin_amd64.go
Auto-merging vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go
Auto-merging vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go
Auto-merging vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go
Auto-merging vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go
Auto-merging vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go
Auto-merging vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go
Auto-merging vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go
Auto-merging vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go
Auto-merging vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go
Auto-merging vendor/golang.org/x/sys/unix/zerrors_linux_mips.go
Auto-merging vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go
Auto-merging vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go
Auto-merging vendor/golang.org/x/sys/unix/zerrors_linux_arm.go
Auto-merging vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go
Auto-merging vendor/golang.org/x/sys/unix/zerrors_linux_386.go
Auto-merging vendor/golang.org/x/sys/unix/zerrors_linux.go
CONFLICT (content): Merge conflict in vendor/golang.org/x/sys/unix/zerrors_linux.go
Auto-merging vendor/golang.org/x/crypto/ssh/server.go
Auto-merging go.sum
CONFLICT (content): Merge conflict in go.sum
Auto-merging go.mod
CONFLICT (content): Merge conflict in go.mod
error: Failed to merge in the changes.
hint: Use 'git am --show-current-patch=diff' to see the failed patch
hint: When you have resolved this problem, run "git am --continue".
hint: If you prefer to skip this patch, run "git am --skip" instead.
hint: To restore the original branch and stop patching, run "git am --abort".
hint: Disable this message with "git config advice.mergeConflict false"
Patch failed at 0001 rebase: CVE-2024-45337 Misuse of ServerConfig.PublicKeyCallback

In response to this:

/cherry-pick release-4.17
/cherry-pick release-4.16
/cherry-pick release-4.15
/cherry-pick release-4.14

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@openshift-cherrypick-robot
Copy link

@black-dragon74: #464 failed to apply on top of branch "release-4.15":

Applying: rebase: CVE-2024-45337 Misuse of ServerConfig.PublicKeyCallback
Using index info to reconstruct a base tree...
M	go.mod
M	go.sum
A	vendor/golang.org/x/crypto/pkcs12/crypto.go
M	vendor/golang.org/x/crypto/ssh/server.go
M	vendor/golang.org/x/sys/unix/zerrors_linux.go
M	vendor/golang.org/x/sys/unix/zerrors_linux_386.go
M	vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go
M	vendor/golang.org/x/sys/unix/zerrors_linux_arm.go
M	vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go
M	vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go
M	vendor/golang.org/x/sys/unix/zerrors_linux_mips.go
M	vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go
M	vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go
M	vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go
M	vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go
M	vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go
M	vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go
M	vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go
M	vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go
M	vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go
M	vendor/golang.org/x/sys/unix/ztypes_darwin_amd64.go
M	vendor/golang.org/x/sys/unix/ztypes_darwin_arm64.go
M	vendor/golang.org/x/sys/unix/ztypes_linux.go
M	vendor/golang.org/x/sys/windows/dll_windows.go
M	vendor/golang.org/x/sys/windows/syscall_windows.go
M	vendor/golang.org/x/sys/windows/types_windows.go
M	vendor/golang.org/x/sys/windows/zsyscall_windows.go
M	vendor/modules.txt
Falling back to patching base and 3-way merge...
Auto-merging vendor/modules.txt
CONFLICT (content): Merge conflict in vendor/modules.txt
Auto-merging vendor/golang.org/x/sys/windows/zsyscall_windows.go
CONFLICT (content): Merge conflict in vendor/golang.org/x/sys/windows/zsyscall_windows.go
Auto-merging vendor/golang.org/x/sys/windows/types_windows.go
Auto-merging vendor/golang.org/x/sys/windows/syscall_windows.go
Auto-merging vendor/golang.org/x/sys/windows/dll_windows.go
Auto-merging vendor/golang.org/x/sys/unix/ztypes_linux.go
CONFLICT (content): Merge conflict in vendor/golang.org/x/sys/unix/ztypes_linux.go
Auto-merging vendor/golang.org/x/sys/unix/ztypes_darwin_arm64.go
Auto-merging vendor/golang.org/x/sys/unix/ztypes_darwin_amd64.go
Auto-merging vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go
Auto-merging vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go
Auto-merging vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go
Auto-merging vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go
Auto-merging vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go
Auto-merging vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go
Auto-merging vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go
Auto-merging vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go
Auto-merging vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go
Auto-merging vendor/golang.org/x/sys/unix/zerrors_linux_mips.go
Auto-merging vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go
Auto-merging vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go
Auto-merging vendor/golang.org/x/sys/unix/zerrors_linux_arm.go
Auto-merging vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go
Auto-merging vendor/golang.org/x/sys/unix/zerrors_linux_386.go
Auto-merging vendor/golang.org/x/sys/unix/zerrors_linux.go
CONFLICT (content): Merge conflict in vendor/golang.org/x/sys/unix/zerrors_linux.go
Auto-merging vendor/golang.org/x/crypto/ssh/server.go
CONFLICT (modify/delete): vendor/golang.org/x/crypto/pkcs12/crypto.go deleted in HEAD and modified in rebase: CVE-2024-45337 Misuse of ServerConfig.PublicKeyCallback. Version rebase: CVE-2024-45337 Misuse of ServerConfig.PublicKeyCallback of vendor/golang.org/x/crypto/pkcs12/crypto.go left in tree.
Auto-merging go.sum
CONFLICT (content): Merge conflict in go.sum
Auto-merging go.mod
CONFLICT (content): Merge conflict in go.mod
error: Failed to merge in the changes.
hint: Use 'git am --show-current-patch=diff' to see the failed patch
hint: When you have resolved this problem, run "git am --continue".
hint: If you prefer to skip this patch, run "git am --skip" instead.
hint: To restore the original branch and stop patching, run "git am --abort".
hint: Disable this message with "git config advice.mergeConflict false"
Patch failed at 0001 rebase: CVE-2024-45337 Misuse of ServerConfig.PublicKeyCallback

In response to this:

/cherry-pick release-4.17
/cherry-pick release-4.16
/cherry-pick release-4.15
/cherry-pick release-4.14

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@openshift-cherrypick-robot
Copy link

@black-dragon74: #464 failed to apply on top of branch "release-4.14":

Applying: rebase: CVE-2024-45337 Misuse of ServerConfig.PublicKeyCallback
Using index info to reconstruct a base tree...
M	go.mod
M	go.sum
A	vendor/golang.org/x/crypto/pkcs12/crypto.go
M	vendor/golang.org/x/crypto/ssh/server.go
M	vendor/golang.org/x/sys/unix/zerrors_linux.go
M	vendor/golang.org/x/sys/unix/zerrors_linux_386.go
M	vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go
M	vendor/golang.org/x/sys/unix/zerrors_linux_arm.go
M	vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go
M	vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go
M	vendor/golang.org/x/sys/unix/zerrors_linux_mips.go
M	vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go
M	vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go
M	vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go
M	vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go
M	vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go
M	vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go
M	vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go
M	vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go
M	vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go
M	vendor/golang.org/x/sys/unix/ztypes_darwin_amd64.go
M	vendor/golang.org/x/sys/unix/ztypes_darwin_arm64.go
M	vendor/golang.org/x/sys/unix/ztypes_linux.go
M	vendor/golang.org/x/sys/windows/dll_windows.go
M	vendor/golang.org/x/sys/windows/syscall_windows.go
M	vendor/golang.org/x/sys/windows/types_windows.go
M	vendor/golang.org/x/sys/windows/zsyscall_windows.go
M	vendor/modules.txt
Falling back to patching base and 3-way merge...
Auto-merging vendor/modules.txt
CONFLICT (content): Merge conflict in vendor/modules.txt
Auto-merging vendor/golang.org/x/sys/windows/zsyscall_windows.go
CONFLICT (content): Merge conflict in vendor/golang.org/x/sys/windows/zsyscall_windows.go
Auto-merging vendor/golang.org/x/sys/windows/types_windows.go
Auto-merging vendor/golang.org/x/sys/windows/syscall_windows.go
Auto-merging vendor/golang.org/x/sys/windows/dll_windows.go
Auto-merging vendor/golang.org/x/sys/unix/ztypes_linux.go
CONFLICT (content): Merge conflict in vendor/golang.org/x/sys/unix/ztypes_linux.go
Auto-merging vendor/golang.org/x/sys/unix/ztypes_darwin_arm64.go
Auto-merging vendor/golang.org/x/sys/unix/ztypes_darwin_amd64.go
Auto-merging vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go
Auto-merging vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go
Auto-merging vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go
Auto-merging vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go
Auto-merging vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go
Auto-merging vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go
Auto-merging vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go
Auto-merging vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go
Auto-merging vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go
Auto-merging vendor/golang.org/x/sys/unix/zerrors_linux_mips.go
Auto-merging vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go
Auto-merging vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go
Auto-merging vendor/golang.org/x/sys/unix/zerrors_linux_arm.go
Auto-merging vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go
Auto-merging vendor/golang.org/x/sys/unix/zerrors_linux_386.go
Auto-merging vendor/golang.org/x/sys/unix/zerrors_linux.go
CONFLICT (content): Merge conflict in vendor/golang.org/x/sys/unix/zerrors_linux.go
Auto-merging vendor/golang.org/x/crypto/ssh/server.go
CONFLICT (modify/delete): vendor/golang.org/x/crypto/pkcs12/crypto.go deleted in HEAD and modified in rebase: CVE-2024-45337 Misuse of ServerConfig.PublicKeyCallback. Version rebase: CVE-2024-45337 Misuse of ServerConfig.PublicKeyCallback of vendor/golang.org/x/crypto/pkcs12/crypto.go left in tree.
Auto-merging go.sum
CONFLICT (content): Merge conflict in go.sum
Auto-merging go.mod
CONFLICT (content): Merge conflict in go.mod
error: Failed to merge in the changes.
hint: Use 'git am --show-current-patch=diff' to see the failed patch
hint: When you have resolved this problem, run "git am --continue".
hint: If you prefer to skip this patch, run "git am --skip" instead.
hint: To restore the original branch and stop patching, run "git am --abort".
hint: Disable this message with "git config advice.mergeConflict false"
Patch failed at 0001 rebase: CVE-2024-45337 Misuse of ServerConfig.PublicKeyCallback

In response to this:

/cherry-pick release-4.17
/cherry-pick release-4.16
/cherry-pick release-4.15
/cherry-pick release-4.14

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Rakshith-R Rakshith-R Rakshith-R approved these changes

Assignees

@Rakshith-R Rakshith-R

Labels
approved Its a good idea jira/valid-bug Indicates that the referenced jira bug is valid for the branch this PR is targeting jira/valid-reference Indicates that this PR references a valid jira ticket of any type lgtm Code looks good
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@black-dragon74 @openshift-ci-robot @openshift-cherrypick-robot @nixpanic @Rakshith-R