Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

src/5.5.0-r0: cve remediation #28738

Merged
merged 4 commits into from
Oct 21, 2024
Merged

src/5.5.0-r0: cve remediation #28738

merged 4 commits into from
Oct 21, 2024

Conversation

octo-sts[bot]
Copy link
Contributor

@octo-sts octo-sts bot commented Sep 18, 2024

@octo-sts Octo STS
Copy link
Contributor Author

octo-sts bot commented Sep 18, 2024

Open AI suggestions to solve the build error:

The error message is: "ERROR: failed to build package. the build environment has been preserved:
INFO   workspace dir: /temp/melange-workspace-311273463
INFO   guest dir: /temp/melange-guest-1491453392
ERRO failed to build package: unable to run package src pipeline: unable to run pipeline: unable to run pipeline: exit status 1
make[1]: *** [Makefile:111: packages/aarch64/src-5.5.0-r1.apk] Error 1
make: *** [Makefile:101: package/src] Error 2
make[1]: Leaving directory '/github/home'
##[error]Process completed with exit code 2."

1. Check logs in /temp/melange-workspace-311273463 and /temp/melange-guest-1491453392.
2. Ensure all dependencies are installed.
3. Verify Makefile targets and paths.
4. Run `make clean` to clear previous build artifacts.
5. Retry the build process.

@octo-sts Octo STS
Copy link
Contributor Author

octo-sts bot commented Sep 18, 2024

Open AI suggestions to solve the build error:

The error message is: "ERROR: failed to build package. the build environment has been preserved:
INFO   workspace dir: /temp/melange-workspace-354581851
INFO   guest dir: /temp/melange-guest-1444073826
ERRO failed to build package: unable to run package src pipeline: unable to run pipeline: unable to run pipeline: exit status 1
make[1]: *** [Makefile:111: packages/aarch64/src-5.5.0-r1.apk] Error 1
make: *** [Makefile:101: package/src] Error 2
make[1]: Leaving directory '/github/home'
##[error]Process completed with exit code 2."

1. Check logs in /temp/melange-workspace-354581851.
2. Verify dependencies and environment variables in the Makefile.
3. Ensure all required tools and libraries are installed.
4. Run `make clean` to clear previous build artifacts.
5. Retry the build process.

@octo-sts Octo STS
Copy link
Contributor Author

octo-sts bot commented Sep 18, 2024

Open AI suggestions to solve the build error:

The error message is: "ERROR: failed to build package. the build environment has been preserved:
INFO   workspace dir: /temp/melange-workspace-3665907790
INFO   guest dir: /temp/melange-guest-170545487
ERRO failed to build package: unable to run package src pipeline: unable to run pipeline: unable to run pipeline: exit status 1
make[1]: *** [Makefile:111: packages/aarch64/src-5.5.0-r1.apk] Error 1
make: *** [Makefile:101: package/src] Error 2
make[1]: Leaving directory '/github/home'
##[error]Process completed with exit code 2."

1. Check logs in `/temp/melange-workspace-3665907790` and `/temp/melange-guest-170545487`.
2. Ensure dependencies are installed and up-to-date.
3. Verify Makefile targets and paths.
4. Run `make clean`.
5. Re-run build with increased verbosity.
6. Review recent changes in `packages/aarch64/src-5.5.0-r1.apk` target.

@octo-sts Octo STS
Copy link
Contributor Author

octo-sts bot commented Sep 18, 2024

Open AI suggestions to solve the build error:

The error message is: "ERROR: failed to build package. the build environment has been preserved:
INFO   workspace dir: /temp/melange-workspace-4160815162
INFO   guest dir: /temp/melange-guest-840242903
ERRO failed to build package: unable to run package src pipeline: unable to run pipeline: unable to run pipeline: exit status 1
make[1]: *** [Makefile:111: packages/aarch64/src-5.5.0-r1.apk] Error 1
make: *** [Makefile:101: package/src] Error 2
make[1]: Leaving directory '/github/home'
##[error]Process completed with exit code 2."

1. Check logs in /temp/melange-workspace-4160815162.
2. Verify dependencies and environment variables in the Makefile.
3. Ensure all required tools and libraries are installed.
4. Run `make clean` to clear previous build artifacts.
5. Retry the build process.

@hectorj2f
Copy link
Member

This package looks broken for the moment.

@xnox xnox force-pushed the cve-src-4f8e4a639b9975c0db8b82f27dc07904 branch from f5a898e to 883b358 Compare September 20, 2024 16:52
@octo-sts Octo STS
Copy link
Contributor Author

octo-sts bot commented Sep 20, 2024

Open AI suggestions to solve the build error:

The error message is: "ERROR: failed to build package. the build environment has been preserved:
INFO   workspace dir: /temp/melange-workspace-1826167843
INFO   guest dir: /temp/melange-guest-1584913197
ERRO failed to build package: unable to run package src pipeline: unable to run pipeline: unable to run pipeline: exit status 1
make[1]: *** [Makefile:111: packages/aarch64/src-5.5.0-r1.apk] Error 1
make: *** [Makefile:101: package/src] Error 2
make[1]: Leaving directory '/github/home'
##[error]Process completed with exit code 2."

1. Check logs in `/temp/melange-workspace-1826167843` and `/temp/melange-guest-1584913197`.
2. Ensure all dependencies are installed and up-to-date.
3. Verify Makefile targets and paths.
4. Run `make clean` to clear previous build artifacts.
5. Retry the build process.
6. Review recent changes in the repository.

@mamccorm mamccorm force-pushed the cve-src-4f8e4a639b9975c0db8b82f27dc07904 branch from 883b358 to 2cf3167 Compare October 3, 2024 22:19
@octo-sts Octo STS
Copy link
Contributor Author

octo-sts bot commented Oct 3, 2024

Open AI suggestions to solve the build error:

The error message indicates a failure to build the package, with the build environment preserved in the specified workspace and guest directories. Here are some suggestions to fix the error:

1. Check the logs in `/temp/melange-workspace-786891543` for more detailed information.
2. Verify that all dependencies and environment variables are correctly set up.
3. Ensure that the pipeline scripts are executable.
4. Re-run the build process with increased verbosity to gather more information.
5. Review any recent changes in the build scripts or dependencies that might have caused the issue.

@mamccorm mamccorm marked this pull request as draft October 6, 2024 01:10
@mamccorm
Copy link
Member

mamccorm commented Oct 6, 2024

Filed upstream issue for broken build:

@hbh7 hbh7 self-assigned this Oct 18, 2024
@hbh7 hbh7 marked this pull request as ready for review October 21, 2024 14:30
@octo-sts octo-sts bot added bincapz/pass bincapz/pass Bincapz (aka. malcontent) scan didn't detect any CRITICALs on the scanned packages. manual/review-needed labels Oct 21, 2024
@hbh7
Copy link
Member

hbh7 commented Oct 21, 2024
edited
Loading

As per our discussion during standup, we're going to ignore the update check and merge, and hope a proper PR is opened for the version update, but we'll follow up on that.

@TaylorBloom129 TaylorBloom129 added the help wanted Extra attention is needed label Oct 21, 2024
@debasishbsws debasishbsws merged commit 729c41e into main Oct 21, 2024
14 of 15 checks passed
@debasishbsws debasishbsws deleted the cve-src-4f8e4a639b9975c0db8b82f27dc07904 branch October 21, 2024 15:58
@cpanato
Copy link
Member

cpanato commented Oct 21, 2024

lgtm

powersj pushed a commit that referenced this pull request Oct 21, 2024
@octo-sts @hbh7 @powersj
src/5.5.0-r0: cve remediation (#28738)
d635dd5 
src/5.5.0-r0: fix CVE-2024-34158

Advisory data:
https://github.com/wolfi-dev/advisories/blob/main/src.advisories.yaml

---------

Co-authored-by: octo-sts[bot] <[email protected]>
Co-authored-by: Hunter Harris <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@debasishbsws debasishbsws debasishbsws approved these changes

Assignees

@hbh7 hbh7

Labels
automated pr bincapz/pass bincapz/pass Bincapz (aka. malcontent) scan didn't detect any CRITICALs on the scanned packages. CVE-2024-34158 go/bump help wanted Extra attention is needed interrupt manual/review-needed request-cve-remediation squad:lifecycle src/5.5.0-r0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@hectorj2f @mamccorm @hbh7 @cpanato @debasishbsws @TaylorBloom129