Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bombastictranz/CBL-Mariner #6

Merged
merged 252 commits into from
Jun 22, 2024
Merged

bombastictranz/CBL-Mariner #6

merged 252 commits into from
Jun 22, 2024

Conversation

bombastictranz
Copy link
Owner

@bombastictranz bombastictranz commented Jun 22, 2024
edited
Loading

Merge Checklist

All boxes should be checked before merging the PR (just tick any boxes which don't apply to this PR)

  • The toolchain has been rebuilt successfully (or no changes were made to it)
  • The toolchain/worker package manifests are up-to-date
  • Any updated packages successfully build (or no packages were changed)
  • Packages depending on static components modified in this PR (Golang, *-static subpackages, etc.) have had their Release tag incremented.
  • Package tests (%check section) have been verified with RUN_CHECK=y for existing SPEC files, or added to new SPEC files
  • All package sources are available
  • cgmanifest files are up-to-date and sorted (./cgmanifest.json, ./toolkit/scripts/toolchain/cgmanifest.json, .github/workflows/cgmanifest.json)
  • LICENSE-MAP files are up-to-date (./SPECS/LICENSES-AND-NOTICES/data/licenses.json, ./SPECS/LICENSES-AND-NOTICES/LICENSES-MAP.md, ./SPECS/LICENSES-AND-NOTICES/LICENSE-EXCEPTIONS.PHOTON)
  • All source files have up-to-date hashes in the *.signatures.json files
  • sudo make go-tidy-all and sudo make go-test-coverage pass
  • Documentation has been updated to match any changes to the build system
  • Ready to merge
Summary

What does the PR accomplish, why was it needed?

Change Log
  • Change
  • Change
  • Change
Does this affect the toolchain?

YES/NO

Associated issues
  • #xxxx
Links to CVEs
Test Methodology
  • Pipeline build id: xxxx

rlmenge and others added 30 commits March 4, 2024 13:58
@rlmenge
Nopatch CVE-2024-0775 for kernel (#8234)
2df61a8
@cwize1
Cherry-pick: Write fstab file in correct order. (#8217) (#8235)
36d5ee7
@sameluch
Add patch to limit pytest-mypy-plugins version for python-attrs test (#…
51b6b44 
…8244)
@CBL-Mariner-Bot
[AUTOPATCHER-kernel] Kernel CVE - branch main - CVE-2024-1086, CVE-20…
fe24622 
…23-52429  (#8239)
@rlmenge
Address kernel CVE-2014-3185, CVE-2022-2602, CVE-2023-46838, CVE-2023…
b95485b 
…-5090, CVE-2023-5633, CVE-2023-6040, CVE-2024-0340, CVE-2024-0562, CVE-2024-0646, CVE-2024-23849, CVE-2024-23850, CVE-2024-23851 (#8250)
@Redent0r
clamav: Patch CVE-2024-20328 (#8230)
4bf186b
@Redent0r
xorg-x11-server: patch CVE-2024-21885 (#8233)
cc774ad
@romoh
revert cleaning up log directories for base image (#8274)
9cbadd2
@anphel31
[main] update toolchain container bootstrap to 2.0.20240123 (#8297)
2ba6d72
@CBL-Mariner-Bot
[AUTOPATCHER-CORE] Upgrade ansible to 2.14.4 fix CVE-2024-0690 (#8299)
72a69c9
@mfrw
msft-golang: include go.env in GOROOT (#8282)
e1c7a0d 
Signed-off-by: Muhammad Falak R Wani <[email protected]>
@CBL-Mariner-Bot @arc9693
[AUTOPATCHER-CORE] Upgrade nmi to 1.8.17 CVE-2022-41717, CVE-2022-23551
5b3eec2 
… (#8285)

Co-authored-by: Archana Choudhary <[email protected]>
@romoh
Switch qemu-guest base image to kernel instead of kernel-hci (#8303)
1dd0d8b
@Redent0r
expat: patch CVE-2023-52426 (#8290)
09b8c59
@jslobodzian @dallasd1
@CBL-Mariner-Bot @vinceaperri @rlmenge @cwize1 @sameluch
Fix python-remoto ptest (#8247)
cc79ae3 
Co-authored-by: Dallas Delaney <[email protected]>
Co-authored-by: CBL-Mariner Servicing Account <[email protected]>
Co-authored-by: CBL-Mariner-Bot <[email protected]>
Co-authored-by: Vince Perri <[email protected]>
Co-authored-by: Rachel Menge <[email protected]>
Co-authored-by: Chris Gunn <[email protected]>
Co-authored-by: Sam Meluch <[email protected]>
@jslobodzian @dallasd1
@CBL-Mariner-Bot @vinceaperri @rlmenge @cwize1 @sameluch
Fix python-prettytables ptest. (#8246)
f49c22a 
Co-authored-by: Dallas Delaney <[email protected]>
Co-authored-by: CBL-Mariner Servicing Account <[email protected]>
Co-authored-by: CBL-Mariner-Bot <[email protected]>
Co-authored-by: Vince Perri <[email protected]>
Co-authored-by: Rachel Menge <[email protected]>
Co-authored-by: Chris Gunn <[email protected]>
Co-authored-by: Sam Meluch <[email protected]>
@Redent0r
python-gevent: disable c-ares module and fix CVE-2021-22931 (#8324)
d8b5778
@Redent0r
pam: patch CVE-2024-22365 (#8320)
88d859e
@rlmenge
Address kernel CVE-2015-5157, CVE-2022-2585, CVE-2022-2586, CVE-2023-…
6a07685 
…50431, CVE-2023-6200, CVE-2023-6560 (#8253)
@rlmenge
Address kernel CVE-2022-2588 (#8338)
807bfdc
@cjp256
[2.0] dhcp/dhclient.conf: add option rfc3442-classless-static-routes …
ead84f4 
…in dhclient.conf (#8318)

Signed-off-by: Chris Patterson <[email protected]>
@CBL-Mariner-Bot
[AUTO-CHERRYPICK] [AUTOPATCHER-CORE] Upgrade zstd to 1.5.4 CVE-2022-4899
7263172 
 - branch main (#8315)
@CBL-Mariner-Bot
[AUTO-CHERRYPICK] [AUTOPATCHER-CORE] Upgrade helm to 3.14.2 CVE-2024-…
a1dac32 
…26147 - branch main (#8287)
@CBL-Mariner-Bot @PawelWMS
[AUTO-CHERRYPICK] Removed the runOnHost flag to fix the fast-track …
e2c3c42 
…PR check pipelines. - branch main (#8390)

Co-authored-by: Pawel Winogrodzki <[email protected]>
@CBL-Mariner-Bot @Xiaohong-Deng
[AUTO-CHERRYPICK] Patch CVE-2023-52356 - branch main (#8316)
773700b 
Co-authored-by: xiaohong <[email protected]>
@CBL-Mariner-Bot @joejoew
[AUTO-CHERRYPICK] Add patch for CVE-2024-0567 - branch main (#8374)
ae4d7fe 
Co-authored-by: joejoew <[email protected]>
@CBL-Mariner-Bot @vinceaperri
[AUTO-CHERRYPICK] Patch CVE-2023-52160 for wpa_supplicant - branch ma…
c8c6abc 
…in (#8314)

Co-authored-by: Vince Perri <[email protected]>
@CBL-Mariner-Bot @aadhar-agarwal
[AUTO-CHERRYPICK] Add patch in xorg-x11-server to address CVE-2023-6816
cfb068b 
… - branch main (#8402)

Co-authored-by: aadhar-agarwal <[email protected]>
@CBL-Mariner-Bot @aadhar-agarwal
[AUTO-CHERRYPICK] Add patches in azure-iot-sdk-c to address CVE-2024-…
8edec81 
…25110 and CVE-2024-27099 - branch main (#8403)

Co-authored-by: aadhar-agarwal <[email protected]>
@sprt
kata-containers: use system-wide OpenSSL (#8352)
c60ca8f
rlmenge and others added 26 commits May 31, 2024 10:21
@rlmenge
Address kernel CVE-2022-38096, CVE-2023-47233, CVE-2023-52827, CVE-20…
db8f013 
…24-25739, CVE-2024-26900, CVE-2024-26902, CVE-2024-26929, CVE-2024-26934, CVE-2024-26949, CVE-2024-26952, CVE-2024-26979, CVE-2024-27013, CVE-2024-27015, CVE-2024-27016, CVE-2024-27018, CVE-2024-27019, CVE-2024-27020, CVE-2024-35978, CVE-2024-35982, CVE-2024-35984, CVE-2024-35990, CVE-2024-35997, CVE-2024-36008 (#9270)

Address CVE-2022-38096, CVE-2023-47233, CVE-2023-52827, CVE-2024-25739, CVE-2024-26900, CVE-2024-26902, CVE-2024-26929, CVE-2024-26934, CVE-2024-26949, CVE-2024-26952, CVE-2024-26979, CVE-2024-27013, CVE-2024-27015, CVE-2024-27016, CVE-2024-27018, CVE-2024-27019, CVE-2024-27020, CVE-2024-35978, CVE-2024-35982, CVE-2024-35984, CVE-2024-35990, CVE-2024-35997, CVE-2024-36008
@rmhsawyer
update and correct ruby CVE-2024035176.patch (#9280)
6e4ebc6 
Co-authored-by: minghe <rmhsawyer>
@rmhsawyer
upgrade rubygem-rexml to 3.2.7 to resolve CVE-2024-35176 (#9282)
513297d 
Co-authored-by: minghe <rmhsawyer>
@liulanze
python-requests: patch CVE-2024-35195. (#9238)
a653950 
Co-authored-by: lanzeliu <[email protected]>
@miz060
Patch moby-engine to address CVE-2023-44487 (#9276)
a264db1
@christopherco
Add stable release maintainers to CODEOWNERS (#7564)
3a41e97 
Update main branch CODEOWNERS file to require CBL-Mariner-Stable-Maintainers team review for all files in this branch since PRs targeting main are going to our next 2.0 stable release.
@jslobodzian
Revert "Enable KNI module in DPDK build (#9246)"
ed62ba9 
This reverts commit 84f1470.
@jslobodzian
Revert "Fixed Perl automatic requires and provides. (#9226)"
4246a18 
This reverts commit 6b8eb01.
@tobiasb-ms
openssl: only free buffers when done (#9309)
3eef9c8
@CBL-Mariner-Bot @sindhu-karri
[AUTO-CHERRYPICK] Fix fluent-bit CVE-2024-34250 with a patch - branch…
d03e5fd 
… main (#9293)

Co-authored-by: sindhu-karri <[email protected]>
@CBL-Mariner-Bot @arc9693
[AUTO-CHERRYPICK] reaper: address CVE-2024-4068 - branch main (#9298)
5f33b48 
Co-authored-by: Archana Choudhary <[email protected]>
@CBL-Mariner-Bot @arc9693
[AUTO-CHERRYPICK] hvloader: address openssl related CVEs (CVE-2023-0286
ff0a669 
…, CVE-2023-0215, CVE-2022-4450, CVE-2022-4304) - branch main (#9303)

Co-authored-by: Archana Choudhary <[email protected]>
@CBL-Mariner-Bot @Sumynwa
[AUTO-CHERRYPICK] Patch apparmor for CVE-2024-31755 - branch main (#9302
ec2c66e 
)

Co-authored-by: Sumynwa <[email protected]>
@CBL-Mariner-Bot @Sumynwa
[AUTO-CHERRYPICK] Patch dhcp for CVE-2023-2828 - branch main (#9306)
7763977 
Co-authored-by: Sumynwa <[email protected]>
@Redent0r @dallasd1 @CBL-Mariner-Bot
kata(-cc): upgrade to LSG release v2405.9.2 (#9261)
4e90dd6 
Co-authored-by: Dallas Delaney <[email protected]>
Co-authored-by: CBL-Mariner Servicing Account <[email protected]>
@CBL-Mariner-Bot @bfjelds
[AUTO-CHERRYPICK] CVE-2022-34169: docbook-style-xsl - upgrade embedde…
0d51af7 
…d xalan jar from 2.7.2 to 2.7.3 (fasttrrack/2.0) - branch main (#9308)

Co-authored-by: bfjelds <[email protected]>
@sindhu-karri
Fix Fluent-bit issues #8198 and #8025 (#9121)
6b57d92 
Fixes https://microsoft.visualstudio.com/OS/_workitems/edit/50531424
@rlmenge
Upgrade kernel to 5.15.158.2 (#9358)
7b83725 
5.15.157.1 introduced a failure with network hairpinning on AKS. Upgrade to 5.15.158.2 which has the commit [dceb683] reverted.
@CBL-Mariner-Bot @0xba1a
[AUTO-CHERRYPICK] Upgrade openvswitch to 2.17.9 to fix CVE-2023-5366
3a89a88 
…and CVE-2023-3966 - branch main (#9301)

Co-authored-by: Bala <[email protected]>
@CBL-Mariner-Bot @jcamposeco
[FASTTRACK-CHERRYPICK] openssl: Fix CVE-2023-50782 affecting python-c…
e2c8d9e 
…ryptography - branch main (#9318)

Co-authored-by: J Camposeco <[email protected]>
Co-authored-by: Juan Camposeco <[email protected]>
@jcamposeco @PawelWMS
python-cryptography: Update OpenSSL version to fix CVE-2023-50782 (#9359
44f82e4 
)

Co-authored-by: Pawel Winogrodzki <[email protected]>
@gjswalling
Update kernel-mos to 5.15.158.2 (#9356)
4876532
@tobiasb-ms
Upgrade azl-compliance to version 1.0.2 (#9348)
8ff27fc 
Upgrade azl-compliance to latest version, to move us closer to FedRAMP compliance for AZL on AKS.
@0xba1a
Fix CVE-2024-3154 in package cri-o (#9284)
9322acd
@PawelWMS
Merge branch 'main' into 2.0
bc8648f
@PawelWMS
Merge for Mariner 2.0 June 2024 (#9361)
a952e5f
@bombastictranz bombastictranz added the dependencies Pull requests that update a dependency file label Jun 22, 2024
@bombastictranz bombastictranz self-assigned this Jun 22, 2024
@codeautopilot CodeAutopilot
Copy link

codeautopilot bot commented Jun 22, 2024

Your organization has reached the subscribed usage limit. You can upgrade your account by purchasing a subscription at Stripe payment link

Disclaimer: This comment was entirely generated using AI. Be aware that the information provided may be incorrect.

Current plan usage: 101.32%

Have feedback or need help?
Discord
Documentation
[email protected]

@bombastictranz bombastictranz merged commit 62956df into bombastictranz:2.0 Jun 22, 2024
7 of 11 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@bombastictranz bombastictranz

Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.