From 71886b1ce7b7fde550aadfeeef4a8c84cca563a3 Mon Sep 17 00:00:00 2001
From: cpanato <ctadeu@gmail.com>
Date: Wed, 20 Dec 2023 16:59:11 +0100
Subject: [PATCH 1/3] mitigate CVE-2023-48795 for k3s

Signed-off-by: cpanato <ctadeu@gmail.com>
---
 k3s.yaml | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/k3s.yaml b/k3s.yaml
index c5ef6d7b680..313ccdccff5 100644
--- a/k3s.yaml
+++ b/k3s.yaml
@@ -1,7 +1,7 @@
 package:
   name: k3s
   version: 1.28.3
-  epoch: 3
+  epoch: 4
   description:
   copyright:
     - license: Apache-2.0
@@ -85,6 +85,9 @@ pipeline:
       go get go.opentelemetry.io/otel/trace@v1.21.0
       go get go.opentelemetry.io/proto/otlp@v1.0.0
 
+      # CVE-2023-48795
+      go get golang.org/x/crypto@v0.17.0
+
       # GHSA-jq35-85cj-fj4
       go mod edit -dropreplace=github.com/docker/docker
 

From 53cb88806cf0d78a86035b2793713257b9054ffa Mon Sep 17 00:00:00 2001
From: cpanato <ctadeu@gmail.com>
Date: Wed, 20 Dec 2023 17:04:35 +0100
Subject: [PATCH 2/3] package bump to 1.28.4

Signed-off-by: cpanato <ctadeu@gmail.com>
---
 k3s.yaml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/k3s.yaml b/k3s.yaml
index 313ccdccff5..60339795042 100644
--- a/k3s.yaml
+++ b/k3s.yaml
@@ -1,7 +1,7 @@
 package:
   name: k3s
-  version: 1.28.3
-  epoch: 4
+  version: 1.28.4
+  epoch: 0
   description:
   copyright:
     - license: Apache-2.0
@@ -47,7 +47,7 @@ pipeline:
     with:
       repository: https://github.com/k3s-io/k3s
       tag: v${{vars.full-package-version}}
-      expected-commit: bbafb86e91ae3682a1811119d136203957df9061
+      expected-commit: 6ba6c1b65f9483a5eb3657206ca58c9a7464ad9d
   # Build things (almost) identical to upstream, with the k3s components
   # embedded in the "outer" multicall binary.
   - runs: |

From 8cb36b38792dca15ccc3af5ab8041cc2493457b5 Mon Sep 17 00:00:00 2001
From: cpanato <ctadeu@gmail.com>
Date: Wed, 20 Dec 2023 17:23:11 +0100
Subject: [PATCH 3/3] update go get

Signed-off-by: cpanato <ctadeu@gmail.com>
---
 k3s.yaml | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/k3s.yaml b/k3s.yaml
index 60339795042..6b464b7a36a 100644
--- a/k3s.yaml
+++ b/k3s.yaml
@@ -85,9 +85,6 @@ pipeline:
       go get go.opentelemetry.io/otel/trace@v1.21.0
       go get go.opentelemetry.io/proto/otlp@v1.0.0
 
-      # CVE-2023-48795
-      go get golang.org/x/crypto@v0.17.0
-
       # GHSA-jq35-85cj-fj4
       go mod edit -dropreplace=github.com/docker/docker
 
@@ -99,6 +96,10 @@ pipeline:
       # GHSA-6xv5-86q9-7xr8
       go get github.com/cyphar/filepath-securejoin@v0.2.4
 
+      # CVE-2023-48795
+      go mod edit -dropreplace=golang.org/x/crypto
+      go get golang.org/x/crypto@v0.17.0
+
       go mod tidy
 
       ./scripts/build