folkslinux
/
CBL-Mariner
mirror of https://github.com/microsoft/CBL-Mariner.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
4,796 Commits 852 Branches 449 Tags 879 MiB
Commit Graph

4796 Commits

Author SHA1 Message Date
Archana Choudhary de5c3312fa
kernel-uvm-cvm: remove spec and references (#7716) 2024-02-07 14:30:57 +05:30
AZaugg d3439c76df
Fix missing nobody user/group for nfs squash (#6652) 2024-02-07 10:29:20 +05:30
Sudhanshu Mishra 07bfaa1198
sriov-network-device-plugin: upgrade from 3.5.1 -> 3.6.2 (#7463) 
Co-authored-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
Signed-off-by: Sudhanshu Mishra <sudhanshu.1987se@live.com>
 2024-02-07 10:24:43 +05:30
Pawel Winogrodzki 75a70a5b84
Removed extra double quote in the toolkit. (#7736) 2024-02-06 16:00:30 -08:00
Mykhailo Bykhovtsev 87dd34c361
patch vendored go module quic-go for package coredns to address CVE-2023-49295 (#7502) 2024-02-06 10:31:39 -08:00
Alexander Dobrzhansky b600bbc4f6
Add package nss-mdns v0.15.1 (#7407) 2024-02-06 10:43:25 +05:30
Muhammad Falak R Wani 498a01c0d6
msft-golang: upgrade version 1.20.11 -> 1.21.6 (#7569) 
Changelog: Changelog: https://go.dev/doc/devel/release#go1.21.0
Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
 2024-02-06 10:34:09 +05:30
CBL-Mariner-Bot bb769f7c44
[AUTO-CHERRYPICK] lz4: Upgrade to 1.9.4-1 to fix CVE-2021-3520 - branch main (#7676) 
Co-authored-by: Rohit Rawat <rohitrawat@microsoft.com>
 2024-02-06 08:32:17 +05:30
aadhar-agarwal 9a4ea2e34b
Update sos to 4.6.1 (#7553) 2024-02-05 14:48:54 -08:00
CBL-Mariner-Bot 4e4223205f
[AUTOPATCHER-CORE] Upgrade tzdata to 2024a upgrade to version 2024a (#7639) 2024-02-02 14:08:22 -08:00
Neha Agarwal 07ec048b78
Sort, reorder and color build summary output (#6649) 
Add new make option LOG_COLOR with options auto (default), always, never. 'always' colors both terminal output and logs; 'auto' colors only terminal output; 'never' disables color in both.
 2024-02-02 09:52:50 -08:00
CBL-Mariner-Bot 79fe0a7963
[AUTO-CHERRYPICK] Fix coredns CVE-2023-44487 by patching vendor tar - branch main (#7628) 
Co-authored-by: Daniel McIlvaney <damcilva@microsoft.com>
 2024-02-01 19:51:15 -05:00
CBL-Mariner-Bot fc0b1c0039
Prepare February 2024 Release (#7599) 2024-02-01 19:47:43 -05:00
CBL-Mariner-Bot e9fea0b72c
[AUTO-CHERRYPICK] fix cve-2022-21698 in local-path-provisioner - branch main (#7626) 
Fixes CVE-2022-21698 for local-path-provisioner. The vulnerability is in the client_golang go module, which is vendored in this package. Fix is to apply a (modified) patch to the vendored code.
Co-authored-by: Tobias Brick <39196763+tobiasb-ms@users.noreply.github.com>
 2024-02-01 15:39:42 -08:00
CBL-Mariner-Bot f5bae07d3f
[AUTO-CHERRYPICK] fix cve-2022-21698 in moby-buildx - branch main (#7625) 
Co-authored-by: Tobias Brick <39196763+tobiasb-ms@users.noreply.github.com>
 2024-02-01 18:38:27 -05:00
CBL-Mariner-Bot e3b5d51131
[AUTO-CHERRYPICK] Patch moby-runc to address CVE-2024-21626 - branch main (#7586) 
Co-authored-by: jslobodzian <joslobo@microsoft.com>
 2024-02-01 13:12:43 -08:00
dependabot[bot] ceb3c7eada
Bump golang.org/x/crypto from 0.15.0 to 0.17.0 in /toolkit/tools (#7045) 
Signed-off-by: Pawel Winogrodzki <pawel.winogrodzki@microsoft.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-02-01 11:40:05 -08:00
Lanze Liu 880718f0f4
Add dracut sub-package overlayfs. (#7432) (#7587) 
Co-authored-by: lanzeliu <lanzeliu@microsoft.com>
 2024-01-31 17:22:37 -08:00
Gary Swalling 66555b6e24
Update kernel-mos to 5.15.148.1 (#7574) 2024-01-31 15:40:19 -08:00
Elaheh Dehghani b5f92064f6
Shift user/group creation earlier in image build for rootfs image types (#6957) 2024-01-31 14:06:22 -08:00
Roaa Sakr acd481aa09
Use main kernel for baremetal base image (#7583) 2024-01-31 13:21:16 -08:00
CBL-Mariner-Bot 391f7f5d3a
[AUTO-CHERRYPICK] fix cve-2022-21698 in kube-vip-cloud-provider - branch main (#7577) 
Fixes CVE-2022-21698 for kube-vip-cloud-provider. The vulnerability is in the client_golang go module, which is vendored in this package. Fix is to apply a (modified) patch to the vendored code.

Co-authored-by: Tobias Brick <39196763+tobiasb-ms@users.noreply.github.com>
 2024-01-31 12:45:08 -08:00
CBL-Mariner-Bot 964f2fabfa
[AUTOPATCHER-kernel] Kernel upgrade to version 5.15.148.1 - branch main (#7535) 
Note that arm64 had MMC_SDHCI_OMAP turned off due to a change upstream [106136f] which specified it depends on architecture which CBL-Mariner 2.0 does not support.
 2024-01-31 12:03:34 -08:00
CBL-Mariner-Bot 4edde9f7da
[AUTOPATCHER-kernel] Kernel CVE - branch main - CVE-2024-0607 CVE-2023-51043 CVE-2024-22705 CVE-2023-51042 CVE-2023-46343 (#7513) 2024-01-31 11:59:35 -08:00
CBL-Mariner-Bot 016d121d18
[AUTO-CHERRYPICK] patch CVE-2022-21698 in keda - branch main (#7571) 
Fixes CVE-2022-21698 for keda. The vulnerability is in the client_golang go module v1.11.1, and keda has a direct dependency on v1.11.0. Fixed by applying a patch to the keda code to update that module, then built the vendored tarball.

Co-authored-by: Tobias Brick <39196763+tobiasb-ms@users.noreply.github.com>
 2024-01-31 09:01:40 -08:00
sindhu-karri 6f46ecb6b9
align cloud hypervisor spec with fasttrack branch (#7515) 2024-01-31 18:31:12 +05:30
Archana Choudhary 0349723ec8
kata-containers-cc: remove kernel-uvm-cvm references (#7455) 2024-01-31 12:26:18 +05:30
CBL-Mariner-Bot 790ebdc946
[AUTO-CHERRYPICK] patch CVE-2022-21698 in application-gateway-kubernetes-ingress - branch main (#7548) 
This is an auto-generated pull request to cherry-pick commit f0d5827 to main. Original PR: #7542
Co-authored-by: Tobias Brick <39196763+tobiasb-ms@users.noreply.github.com>
 2024-01-30 16:05:56 -08:00
George Mileka 46a4d292cd
Update dracut to allow supressing user confirmation prompt when the liveos overlay is backed by memory. (#7483) 2024-01-29 10:17:18 -08:00
sindhu-karri 143b7488d9
Move hiera from Extended to Core (#7109) 2024-01-29 14:02:51 +05:30
AZaugg 482b00e6ab
Add shadow-utils as a hard dependency for mysql package (#7496) 2024-01-29 13:07:41 +05:30
Christopher Co 4d35b64e41
fix: upgrade cloud-init to v23.4.1 and add patch to retain exit code for recoverable errors (#7211) 
Reverts the revert of cloud-init v23.4.1 and adds a patch backport to gracefully handle the new status exit code behavior which caused a regression in our extended testing apparatus, prompting the initial revert.

From https://bugs.launchpad.net/ubuntu/+source/cloud-init/+bug/2048522

cloud-init status introduced a new exit code of 2 with the meaning of recoverable errors / warnings.
Without this fix, status exited with 2 in cases where previously did it with 0, potentially breaking consumers (scripts or other programs) of cloud-init status.

The fix is to include a quilt patch retaining the exit code of 0 for recoverable errors / warnings for stable releases.

Fixes: 1a57d91 ("Revert "fix: upgrade cloud-init to v23.4.1"")

Signed-off-by: Chris Co chrco@microsoft.com
 2024-01-26 23:59:55 -08:00
CBL-Mariner-Bot 971e0e8a4d
[AUTOUPGRADE-CORE] Upgrade ca-certificates Msft cert change (#7499) 2024-01-26 16:02:47 -08:00
Pawel Winogrodzki 547a5faf99
Added initial doc about reading error logs. (#7475) 2024-01-26 10:03:13 -08:00
Aurélien e955313d09
Set ownership of virtiofsd package to Kata team (#7474) 2024-01-26 06:34:49 -08:00
CBL-Mariner-Bot a33397cf50
[AUTOPATCHER-kernel] Kernel CVE - branch main - CVE-2024-0639 CVE-2024-0641 (#7480) 2024-01-25 16:14:31 -08:00
corvus-callidus 5e92abcc5c
Fix runtime dependency for python3-virtualenv (#7477) 2024-01-25 15:50:58 -08:00
CBL-Mariner-Bot 0d4d499a62
[AUTOPATCHER-kernel] Kernel upgrade to version 5.15.147.1 - branch main (#7469) 2024-01-25 13:04:54 -08:00
CBL-Mariner-Bot 3b103c8faa
[AUTO-CHERRYPICK] Specialcased 5XX errors during package downloads. - branch main (#7467) 
Co-authored-by: Pawel Winogrodzki <pawelwi@microsoft.com>
 2024-01-25 11:20:41 -08:00
Vince Perri 9b6fe865c0
kernel-hci: Backport Nvidia net/mlx5 patches to support 100G BOM (#7166) 2024-01-25 13:53:31 -05:00
CBL-Mariner-Bot 29b467577a
[AUTO-CHERRYPICK] Adding support for multiple cache inputs - branch main (#7464) 
Co-authored-by: Pawel Winogrodzki <pawelwi@microsoft.com>
 2024-01-25 09:45:37 -08:00
Pawel Winogrodzki 6e7be29036
Added a cross-compilation subpackage for aarch64 into `gcc`. (#6996) 
Co-authored-by: dallasd1 <dadelan@microsoft.com>
 2024-01-25 09:16:51 -08:00
AZaugg c929f086ae
Add mysql user with package install (#7220) 
Add mysql user & group at the time of installation if there is none.
Also, cleanup post un-installation.
 2024-01-25 08:07:34 +05:30
ms-mahuber c6945413a4
Kata-CC: Enforce a restrictive pod security policy (#7030) 2024-01-24 15:33:30 -08:00
elainezhao96 7b3cfb80a3
OS modifier: fix a bug if condition to not skip processing sshkeys when sshkeypaths is empty (#7428) 2024-01-24 14:23:18 -08:00
Tobias Brick f9093913b2
python-jinja2: add patch for CVE-2024-22195 (#7426) 2024-01-24 12:10:51 -08:00
CBL-Mariner-Bot bdd30f7fbf
helm: update version 3.13.2 -> 3.14.0 to address CVE-2023-44487 (#7419) 
AUTO-CHERRYPICK of PR: #7359 

Changelog: https://github.com/helm/helm/releases/tag/v3.14.0
Co-authored-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
 2024-01-24 12:11:42 +05:30
Vince Perri 680c185448
kernel-hci: Add missing commit subject to patch 27 (#7165) 2024-01-23 22:38:47 -05:00
CBL-Mariner-Bot a89979e689
[AUTOPATCHER-kernel] Kernel CVE - branch main - CVE-2023-46862 CVE-2023-6622 CVE-2023-6546 CVE-2023-7192 CVE-2023-51780 CVE-2023-51782 CVE-2023-51781 CVE-2022-48619 (#7424) 2024-01-23 14:58:58 -08:00
Rachel Menge b8442f80a6
Address CVE-2023-6932, CVE-2023-6817 and CVE-2023-6931 (#7417) 2024-01-23 11:07:56 -08:00