folkslinux
/
CBL-Mariner
mirror of https://github.com/microsoft/CBL-Mariner.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
5,345 Commits 970 Branches 457 Tags 853 MiB
Commit Graph

5345 Commits

Author SHA1 Message Date
Christopher Co 58612dbbef
Patch waagent.conf to add firewall rules (#8335) 
Add EnableFirewall flag to waagent.conf to protect access to Azure host node services
 2024-07-30 09:52:42 -07:00
jslobodzian 2a0b6a584f Merge branch 'main' into 2.0 2024-07-30 08:59:48 -04:00
Rohit Rawat 788cd8f52d
Python3 patch CVE-2024-0397 (#9970) 2024-07-30 07:39:55 -04:00
jslobodzian 3ea6c9556d Merge branch 'main' into 2.0 2024-07-30 00:45:53 -04:00
CBL-Mariner-Bot 2cfea6b9b0
[AUTO-CHERRYPICK] Add Patch in terraform for CVE-2024-6257. - branch main (#9954) 
Co-authored-by: Sumynwa <sumsharma@microsoft.com>
Co-authored-by: jslobodzian <joslobo@microsoft.com>
 2024-07-29 23:49:01 -04:00
CBL-Mariner-Bot ca07e1bb16
[AUTO-CHERRYPICK] libcontainers-common: introduce patch to address CVE-2024-37298 - branch main (#9948) 
Co-authored-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
 2024-07-29 23:46:55 -04:00
CBL-Mariner-Bot d27fb3931a
[AUTO-CHERRYPICK] Upgrade default golang to 1.22.5 and backport the fix for 1.18 - branch main (#9968) 
Co-authored-by: bhagyapathak <bhagyapathak@users.noreply.github.com>
 2024-07-29 23:36:30 -04:00
CBL-Mariner-Bot 21b41f2cce
[AUTO-CHERRYPICK] gh: patch CVE-2021-43565 - branch main (#9969) 
Co-authored-by: Archana Choudhary <36061892+arc9693@users.noreply.github.com>
 2024-07-29 23:35:55 -04:00
CBL-Mariner-Bot a7c7a36624
[AUTO-CHERRYPICK] [AUTOPATCHER-CORE] Upgrade python-idna to 3.7 CVE-2024-3651 - branch main (#9930) 2024-07-29 23:10:48 -04:00
CBL-Mariner-Bot cf3bd41771
[AUTO-CHERRYPICK] Upgrade httpd to 2.4.62 to address CVE-2024-40725 - branch main (#9928) 
Co-authored-by: Sumynwa <sumsharma@microsoft.com>
Co-authored-by: jslobodzian <joslobo@microsoft.com>
 2024-07-29 23:09:48 -04:00
Sumynwa 8db67c1a19
terraform: Patch CVE-2024-6104 for bundled hashicorp/go-retryablehttp. (#9959) 2024-07-29 22:25:09 -04:00
CBL-Mariner-Bot a80826bba9
[AUTO-CHERRYPICK] Bug fix in patch CVE-2024-5535 in openssl - branch main (#9961) 
Co-authored-by: suresh-thelkar <suresh.thelkar@yahoo.com>
Co-authored-by: Suresh Thelkar <sthelkar@microsoft.com>
 2024-07-29 22:24:08 -04:00
CBL-Mariner-Bot 37ec872227
[AUTO-CHERRYPICK] fix CVE-2024-41110 in moby-engine - branch main (#9966) 
Co-authored-by: Rohit Rawat <rohitrawat@microsoft.com>
 2024-07-29 22:23:04 -04:00
CBL-Mariner-Bot 3328395785
[AUTO-CHERRYPICK] Patch for gtk2 and gtk3 CVE-2024-6655 - branch main (#9967) 
Co-authored-by: joejoew <111843948+joejoew@users.noreply.github.com>
 2024-07-29 22:21:56 -04:00
CBL-Mariner-Bot 84853ebbda
Prepare August 2024 Update (#9940) 2024-07-28 08:34:16 -04:00
Rachel Menge b9c5a1a214
Address kernel CVE-2024-36288, CVE-2024-38662, CVE-2024-38780, CVE-2024-39277, CVE-2024-39292 (#9612) 2024-07-26 16:14:37 -07:00
sindhu-karri d5117e2764
Fix CVE-2024-6104 in skopeo (#9859) 2024-07-26 10:53:48 +05:30
sindhu-karri dd995b7be9
Fix CVE-2024-6345 in python3 (#9904) 2024-07-26 10:53:15 +05:30
Muhammad Falak R Wani a76c83ad92
curl: upgrade 8.5.0 -> 8.8.0 to address CVE-2024-2398 (#9832) 
Changelog: https://curl.se/changes.html#8_8_0
Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
 2024-07-26 10:14:11 +05:30
CBL-Mariner-Bot e5afaac73c
[AUTOPATCHER-CORE] Upgrade krb5 to 1.21.3 CVE-2024-37371, CVE-2024-37370 (#9921) 
Co-authored-by: Adit Jha <aditjha@microsoft.com>
 2024-07-25 17:16:18 -07:00
CBL-Mariner-Bot acf2b37976
[AUTO-CHERRYPICK] cf-cli: patch CVE-2021-43565 - branch main (#9902) 
Co-authored-by: Archana Choudhary <36061892+arc9693@users.noreply.github.com>
Co-authored-by: Riken Maharjan <106988478+rikenm1@users.noreply.github.com>
 2024-07-25 16:43:37 -07:00
CBL-Mariner-Bot f684f328c3
[AUTO-CHERRYPICK] Reverted `packer` to version 1.9.5 and patched its CVEs. - branch main (#9854) 
Co-authored-by: Pawel Winogrodzki <pawelwi@microsoft.com>
Co-authored-by: Riken Maharjan <106988478+rikenm1@users.noreply.github.com>
 2024-07-25 16:41:35 -07:00
CBL-Mariner-Bot 42df5d19ef
[AUTO-CHERRYPICK] Patch moby-buildx CVES CVE-2021-43565 CVE-2022-28948 CVE-2022-41723 - branch main (#9891) 
Co-authored-by: Cameron E Baird <cameronbaird@microsoft.com>
Co-authored-by: Riken Maharjan <106988478+rikenm1@users.noreply.github.com>
 2024-07-25 16:37:35 -07:00
CBL-Mariner-Bot f9abe2539f
[AUTO-CHERRYPICK] cri-o: patch CVE-2021-43565 - branch main (#9901) 
Co-authored-by: Archana Choudhary <36061892+arc9693@users.noreply.github.com>
 2024-07-25 19:01:19 -04:00
CBL-Mariner-Bot f5e5df1bcf
[AUTO-CHERRYPICK] rapidjson: fix CVE-2024-38517 and CVE-2024-39684 - branch main (#9897) 
Co-authored-by: xiaohong <Xiaohong-Deng@users.noreply.github.com>
 2024-07-25 19:00:36 -04:00
CBL-Mariner-Bot 2dd276939a
[AUTO-CHERRYPICK] ceph: Fix high CVE-2024-38517 and CVE-2024-39684 - branch main (#9858) 
Co-authored-by: Vince Perri <5596945+vinceaperri@users.noreply.github.com>
 2024-07-25 18:57:09 -04:00
CBL-Mariner-Bot d86b17bc05
[AUTO-CHERRYPICK] Patch tpm2-tools for CVE-2024-29038 & CVE-2024-29039. - branch main (#9825) 
Co-authored-by: Sumynwa <sumsharma@microsoft.com>
 2024-07-25 18:53:55 -04:00
CBL-Mariner-Bot 57506f34f3
[AUTO-CHERRYPICK] telegraf: Add patch for CVE-2024-37298 - branch main (#9823) 
Co-authored-by: Sumynwa <sumsharma@microsoft.com>
 2024-07-25 18:53:12 -04:00
CBL-Mariner-Bot 970da2d51e
[AUTO-CHERRYPICK] Upgrade httpd to 2.4.61 to fix CVE-2024-38473 - branch main (#9819) 
Co-authored-by: Tobias Brick <39196763+tobiasb-ms@users.noreply.github.com>
 2024-07-25 15:52:46 -07:00
CBL-Mariner-Bot 35e1eed14f
[AUTO-CHERRYPICK] Patched CVE-2024-37890, CVE-2023-42282, and CVE-2017-18214 in `reaper`. - branch main (#9807) 
Co-authored-by: Pawel Winogrodzki <pawelwi@microsoft.com>
 2024-07-25 18:51:17 -04:00
CBL-Mariner-Bot 055ff1c664
[AUTO-CHERRYPICK] libmemcached-awesome: Upgrading version to 1.1.4 to address CVE-2023-27478 - branch main (#9805) 
Co-authored-by: sharath-srikanth-chellappa <115591284+sharath-srikanth-chellappa@users.noreply.github.com>
 2024-07-25 18:50:31 -04:00
Sam Meluch 8ecb1756f5
Filter out debuginfo packages when running sodiff (#6698) 
Co-authored-by: Sam Meluch <sam.meluch@microsoft.com>
 2024-07-25 12:35:06 -05:00
CBL-Mariner-Bot 5e921ee588
[AUTO-CHERRYPICK] Patch CVE-2024-5535 in openssl - branch main (#9905) 2024-07-25 20:34:06 +05:30
chalamalasetty 8fbdbff440
Upgrade kernel-mos version to 5.15.161.1 (#9923) 2024-07-24 23:16:03 -07:00
Tobias Brick 297b90e3d0
fix intermittent openssl FIPS selftest failures in jitterentropy (#9890) 2024-07-23 12:58:32 -07:00
Muhammad Falak R Wani e44fb2e860
golang: drop golang-1.17 (#9877) 
None of the packages have a dependency on golang-1.17.

Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
 2024-07-23 21:55:21 +05:30
CBL-Mariner-Bot 8539e10c93
[AUTOPATCHER-kernel] Kernel upgrade to version 5.15.162.2 - branch main (#9867) 2024-07-19 11:56:19 -07:00
CBL-Mariner-Bot 85ffff0104
[AUTO-CHERRYPICK] cloud-hypervisor-cvm: update to 38.0.72.2 - branch main (#9806) 
Co-authored-by: Archana Choudhary <36061892+arc9693@users.noreply.github.com>
 2024-07-17 12:13:04 -07:00
Henry Beberman af186a1119
moby-engine: remove daemon.json with backported fix (#9551) 2024-07-16 10:10:53 -07:00
ms-mahuber a455a7e6b3
kata-cc: Fix make clean call in UVM build (#9837) 
During UVM build, the default OS' clean target is executed - which is Ubuntu.
Change make clean call to clean up the artifacts for the cbl-mariner distro: rm -rf /opt/kata-containers/uvm/tools/osbuilder/.ubuntu_rootfs.done /opt/kata-containers/uvm/tools/osbuilder/ubuntu_rootfs
 2024-07-15 17:43:39 -07:00
ms-mahuber a9004163a1
kata-containers-cc: Adapt tarfs make install trgt (#9829) 
Signed-off-by: Manuel Huber <mahuber@microsoft.com>
Co-authored-by: Christopher Co <35273088+christopherco@users.noreply.github.com>
 2024-07-15 13:01:40 -07:00
CBL-Mariner-Bot 77d1924e4c
[AUTO-CHERRYPICK] [AUTOPATCHER-kernel] Kernel upgrade to version 5.15.162.1 - branch fasttrack/2.0 - branch main (#9834) 2024-07-15 10:46:55 -07:00
Archana Choudhary 3e14b7eeed
hvloader: add patch for CVE-2023-0464 (#9443) 2024-07-12 15:22:15 +05:30
CBL-Mariner-Bot 450c3cc9a4 [AUTO-CHERRYPICK] openssh: fix "regresshion" CVE, CVE-2024-6387, with patch from debian. - branch main (#9565) 
Co-authored-by: SeanDougherty <sdougherty@microsoft.com>
 2024-07-11 05:20:53 -07:00
Pawel Winogrodzki cd7cf078f1
Patched CVE-2023-26253 in `glusterfs`. (CP: #9717) (#9719) 2024-07-10 10:55:16 -07:00
Muhammad Falak R Wani 4fa1760cc4
msft-golang: upgrade 1.22.4 -> 1.22.5 to address CVE-2024-24790 & CVE-2024-24791 (#9579) 
Changelog: https://go.dev/doc/devel/release#go1.22.0
Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
 2024-07-09 00:38:46 +05:30
sharath-srikanth-chellappa 5669eeb9ba
emacs: Upgrading emacs version to 29.4 to address CVE-2024-39331 (#9709) 
Co-authored-by: Sharath Srikanth Chellappa <sharathsr@microsoft.com>
 2024-07-08 10:40:12 -07:00
Dan Streetman 350616f115
Update shim-unsigned-x64 to 15.8 and updates signed shim (#7893) 
Updates the unsigned shim for x64 to 15.8 and includes new signing certificate
Also updates the signed version of this shim

Co-authored-by: Chris Co <chrco@microsoft.com>
 2024-07-04 17:17:35 -07:00
Rachel Menge 3595f2a878
Address Kernel CVE-2021-3847, CVE-2024-26913, CVE-2024-26933, CVE-2024-26978, CVE-2024-36477, CVE-2024-36481, CVE-2024-38664, CVE-2024-39291 (#9571) 2024-07-04 17:15:48 -07:00
CBL-Mariner-Bot 0ac28edc5d
[AUTO-CHERRYPICK] openssh: fix "regresshion" CVE, CVE-2024-6387, with patch from debian. - branch main (#9565) 
Co-authored-by: SeanDougherty <sdougherty@microsoft.com>
 2024-07-03 10:41:01 -07:00