Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: bump golang.org/x/crypto from v0.26.0 to v0.31.0 #673

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

chore: bump golang.org/x/crypto from v0.26.0 to v0.31.0 #673

wants to merge 1 commit into from

Conversation

cmontemuino
Copy link

This changeset solves the CVE reported in #672.

What has been done:

$ make tidy
$ go get -u golang.org/x/crypto
go: downloading golang.org/x/crypto v0.31.0
go: downloading golang.org/x/sys v0.28.0
go: downloading golang.org/x/sync v0.10.0
go: downloading golang.org/x/text v0.21.0
go: downloading golang.org/x/term v0.27.0
go: upgraded golang.org/x/crypto v0.26.0 => v0.31.0
go: upgraded golang.org/x/sync v0.8.0 => v0.10.0
go: upgraded golang.org/x/sys v0.23.0 => v0.28.0
go: upgraded golang.org/x/term v0.23.0 => v0.27.0
go: upgraded golang.org/x/text v0.17.0 => v0.21.0

$ make test
# ...
PASS
I1217 09:34:39.513744   75213 mpi_job_controller.go:481] Shutting down workers
coverage: [no statements]
ok      github.com/kubeflow/mpi-operator/test/integration       14.686s coverage: [no statements]

closes #672

@google-oss-prow google-oss-prow bot requested review from carmark and zw0610 December 17, 2024 08:35
@cmontemuino cmontemuino mentioned this pull request Dec 17, 2024
Open
@alculquicondor
Copy link
Collaborator

/lgtm
/approve
cc @tenzen-y

@google-oss-prow google-oss-prow bot added the lgtm label Dec 17, 2024
@google-oss-prow Google OSS Prow
Copy link

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: alculquicondor

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@cmontemuino
Copy link
Author

It seems like E2E is failing due to some rate limiter? I couldn't relate it to the proposed change.

@alculquicondor
Copy link
Collaborator

It's failing with a timeout for the jobs to terminate.
The workers' logs show trouble trying to communicate with the launcher:

== BEGIN pi-worker-0 pod logs ==
 
:: initializing oneAPI environment ...
   entrypoint.sh: BASH_VERSION = 5.2.15(1)-release
   args: Using "$@" for setvars.sh arguments: /usr/sbin/sshd -De
:: mpi -- latest
:: oneAPI environment initialized ::
 
Server listening on 0.0.0.0 port 2222.
Server listening on :: port 2222.
kex_exchange_identification: Connection closed by remote host
Connection closed by 10.244.0.1 port 51338
kex_exchange_identification: Connection closed by remote host
Connection closed by 10.244.0.1 port 36646
kex_exchange_identification: Connection closed by remote host
Connection closed by 10.244.0.1 port 37250
kex_exchange_identification: Connection closed by remote host
Connection closed by 10.244.0.1 port 51430
kex_exchange_identification: Connection closed by remote host
Connection closed by 10.244.0.1 port 46090
kex_exchange_identification: Connection closed by remote host
Connection closed by 10.244.0.1 port 35822
kex_exchange_identification: Connection closed by remote host
Connection closed by 10.244.0.1 port 53766
kex_exchange_identification: Connection closed by remote host
Connection closed by 10.244.0.1 port 54288
kex_exchange_identification: Connection closed by remote host
Connection closed by 10.244.0.1 port 42888
kex_exchange_identification: Connection closed by remote host
Connection closed by 10.244.0.1 port 36346
Accepted publickey for root from 10.244.0.22 port 40974 ssh2: ECDSA SHA256:eE5qdOKAdOaLbB75FPpvyXLd6L2hua6OmOO3dHT+PGU
kex_exchange_identification: Connection closed by remote host
Connection closed by 10.244.0.1 port 58430
kex_exchange_identification: Connection closed by remote host
Connection closed by 10.244.0.1 port 54394
kex_exchange_identification: Connection closed by remote host
Connection closed by 10.244.0.1 port 38722
kex_exchange_identification: Connection closed by remote host
Connection closed by 10.244.0.1 port 56240
kex_exchange_identification: Connection closed by remote host
Connection closed by 10.244.0.1 port 45458
kex_exchange_identification: Connection closed by remote host
Connection closed by 10.244.0.1 port 39600
kex_exchange_identification: Connection closed by remote host
Connection closed by 10.244.0.1 port 40024
kex_exchange_identification: Connection closed by remote host
Connection closed by 10.244.0.1 port 35220
kex_exchange_identification: Connection closed by remote host
Connection closed by 10.244.0.1 port 33818

== END pi-worker-0 pod logs ==

So it looks related.

@alculquicondor
Copy link
Collaborator

It's happening specifically for Intel MPI. The tests are passing for OpenMPI and MPICH.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@carmark carmark Awaiting requested review from carmark

@zw0610 zw0610 Awaiting requested review from zw0610

Assignees

@alculquicondor alculquicondor

Labels
approved lgtm size/M
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

CVE-2024-45337 in golang.org/x/crypto package
2 participants
@cmontemuino @alculquicondor