Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merge for Mariner 2.0 June 2024 #9361

Merged
merged 32 commits into from
Jun 8, 2024
Merged

Merge for Mariner 2.0 June 2024 #9361

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
32 commits
Select commit Hold shift + click to select a range
222de00
add patch for rubygem-rexml CVE-2024-35176 (#9242)
rmhsawyer May 29, 2024
f0b8294
[AUTOPATCHER-kernel] Kernel upgrade to version 5.15.159.1 - branch ma…
CBL-Mariner-Bot May 29, 2024
07800af
Address hyperv-daemons CVE-2024-26951, CVE-2024-26961, CVE-2024-26965…
rlmenge May 29, 2024
3304dc2
Patch nodejs18 to address CVE-2023-21100 (#9250)
miz060 May 29, 2024
84f1470
Enable KNI module in DPDK build (#9246)
dramasamy May 30, 2024
47df674
add patch for ruby CVE-2024-35176 (#9267)
rmhsawyer May 31, 2024
ebc7703
Patch CVE-2024-26147 for cert-manager (#9268)
mbykhovtsev-ms May 31, 2024
db8f013
Address kernel CVE-2022-38096, CVE-2023-47233, CVE-2023-52827, CVE-20…
rlmenge May 31, 2024
6e4ebc6
update and correct ruby CVE-2024035176.patch (#9280)
rmhsawyer May 31, 2024
513297d
upgrade rubygem-rexml to 3.2.7 to resolve CVE-2024-35176 (#9282)
rmhsawyer Jun 1, 2024
a653950
python-requests: patch CVE-2024-35195. (#9238)
liulanze Jun 3, 2024
a264db1
Patch moby-engine to address CVE-2023-44487 (#9276)
miz060 Jun 3, 2024
3a41e97
Add stable release maintainers to CODEOWNERS (#7564)
christopherco Jun 4, 2024
ed62ba9
Revert "Enable KNI module in DPDK build (#9246)"
jslobodzian Jun 4, 2024
4246a18
Revert "Fixed Perl automatic requires and provides. (#9226)"
jslobodzian Jun 4, 2024
3eef9c8
openssl: only free buffers when done (#9309)
tobiasb-ms Jun 4, 2024
d03e5fd
[AUTO-CHERRYPICK] Fix fluent-bit CVE-2024-34250 with a patch - branch…
CBL-Mariner-Bot Jun 5, 2024
5f33b48
[AUTO-CHERRYPICK] reaper: address CVE-2024-4068 - branch main (#9298)
CBL-Mariner-Bot Jun 5, 2024
ff0a669
[AUTO-CHERRYPICK] hvloader: address openssl related CVEs (CVE-2023-02…
CBL-Mariner-Bot Jun 5, 2024
ec2c66e
[AUTO-CHERRYPICK] Patch apparmor for CVE-2024-31755 - branch main (#9…
CBL-Mariner-Bot Jun 5, 2024
7763977
[AUTO-CHERRYPICK] Patch dhcp for CVE-2023-2828 - branch main (#9306)
CBL-Mariner-Bot Jun 5, 2024
4e90dd6
kata(-cc): upgrade to LSG release v2405.9.2 (#9261)
Redent0r Jun 5, 2024
0d51af7
[AUTO-CHERRYPICK] CVE-2022-34169: docbook-style-xsl - upgrade embedde…
CBL-Mariner-Bot Jun 6, 2024
6b57d92
Fix Fluent-bit issues #8198 and #8025 (#9121)
sindhu-karri Jun 6, 2024
7b83725
Upgrade kernel to 5.15.158.2 (#9358)
rlmenge Jun 7, 2024
3a89a88
[AUTO-CHERRYPICK] Upgrade openvswitch to 2.17.9 to fix CVE-2023-5366 …
CBL-Mariner-Bot Jun 7, 2024
e2c8d9e
[FASTTRACK-CHERRYPICK] openssl: Fix CVE-2023-50782 affecting python-c…
CBL-Mariner-Bot Jun 7, 2024
44f82e4
python-cryptography: Update OpenSSL version to fix CVE-2023-50782 (#…
jcamposeco Jun 7, 2024
4876532
Update kernel-mos to 5.15.158.2 (#9356)
gjswalling Jun 7, 2024
8ff27fc
Upgrade azl-compliance to version 1.0.2 (#9348)
tobiasb-ms Jun 7, 2024
9322acd
Fix CVE-2024-3154 in package cri-o (#9284)
0xba1a Jun 7, 2024
bc8648f
Merge branch 'main' into 2.0
PawelWMS Jun 8, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
100 changes: 2 additions & 98 deletions .github/CODEOWNERS
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,98 +1,2 @@
# By default all files require a review by at lest one member of the CBL-Mariner developers team.
* @microsoft/cbl-mariner-devs

# Modification to this file require admin approval.
/.github/CODEOWNERS @microsoft/cbl-mariner-admins

# Modifications to the build pipelines require admin approval.
/.pipelines/* @microsoft/cbl-mariner-admins

# Modifications to the CredScan exceptions require admin approval.
/.config/CredScanSuppressions.json @microsoft/cbl-mariner-admins

# Modification to what is considered "core packages" require admin approval.
/SPECS/core-packages/* @microsoft/cbl-mariner-admins

# Modification to specific packages go to specific teams
/SPECS/installkernel/* @microsoft/cbl-mariner-kernel
/SPECS/kernel/* @microsoft/cbl-mariner-kernel
/SPECS/kernel-azure/* @microsoft/cbl-mariner-kernel
/SPECS/kernel-hci/* @microsoft/cbl-mariner-kernel
/SPECS/kernel-headers/* @microsoft/cbl-mariner-kernel
/SPECS/kernel-mshv/* @microsoft/cbl-mariner-kata-containers
/SPECS/kernel-uvm/* @microsoft/cbl-mariner-kata-containers
/SPECS-SIGNED/kernel-signed/* @microsoft/cbl-mariner-kernel
/SPECS-SIGNED/kernel-hci-signed/* @microsoft/cbl-mariner-kernel
/SPECS-SIGNED/kernel-azure-signed/* @microsoft/cbl-mariner-kernel
/SPECS-SIGNED/kernel-mstflint-signed/* @microsoft/cbl-mariner-kernel
/SPECS-SIGNED/kernel-mshv-signed/* @microsoft/cbl-mariner-kata-containers

/SPECS/grub2/* @microsoft/cbl-mariner-bootloader
/SPECS/grubby/* @microsoft/cbl-mariner-bootloader
/SPECS/shim/* @microsoft/cbl-mariner-bootloader
/SPECS/shim-unsigned/* @microsoft/cbl-mariner-bootloader
/SPECS/shim-unsigned-x64/* @microsoft/cbl-mariner-bootloader
/SPECS/shim-unsigned-aarch64/* @microsoft/cbl-mariner-bootloader
/SPECS-SIGNED/grub2-efi-binary-signed/* @microsoft/cbl-mariner-bootloader

/SPECS/dracut/* @microsoft/cbl-mariner-dracut
/SPECS/initramfs/* @microsoft/cbl-mariner-dracut
/SPECS/verity-read-only-root/* @microsoft/cbl-mariner-dracut

/SPECS/systemd/* @microsoft/cbl-mariner-systemd

/SPECS/bcc/* @microsoft/cbl-mariner-debug-tools
/SPECS/bpftrace/* @microsoft/cbl-mariner-debug-tools
/SPECS/crash/* @microsoft/cbl-mariner-debug-tools
/SPECS/gdb/* @microsoft/cbl-mariner-debug-tools
/SPECS/kexec-tools/* @microsoft/cbl-mariner-debug-tools

/SPECS/openssl/* @microsoft/cbl-mariner-openssl
/SPECS/SymCrypt-OpenSSL/* @microsoft/cbl-mariner-openssl
/SPECS/SymCrypt/* @microsoft/cbl-mariner-openssl
/SPECS/KeysInUse-OpenSSL/* @microsoft/cbl-mariner-openssl

/SPECS/dnf/* @microsoft/cbl-mariner-package-managers
/SPECS/dnf-plugins-core/* @microsoft/cbl-mariner-package-managers
/SPECS/rpm/* @microsoft/cbl-mariner-package-managers
/SPECS/tdnf/* @microsoft/cbl-mariner-package-managers

/SPECS/moby-buildx/* @microsoft/cbl-mariner-container-runtime
/SPECS/moby-cli/* @microsoft/cbl-mariner-container-runtime
/SPECS/moby-containerd/* @microsoft/cbl-mariner-container-runtime
/SPECS/moby-containerd-cc/* @microsoft/cbl-mariner-kata-containers
/SPECS/moby-engine/* @microsoft/cbl-mariner-container-runtime
/SPECS/moby-runc/* @microsoft/cbl-mariner-container-runtime
/SPECS/kata-containers/* @microsoft/cbl-mariner-kata-containers
/SPECS/kata-containers-cc/* @microsoft/cbl-mariner-kata-containers
/SPECS/virtiofsd/* @microsoft/cbl-mariner-kata-containers

/SPECS/cloud-hypervisor/* @microsoft/cbl-mariner-virtualization
/SPECS/hvloader/* @microsoft/cbl-mariner-kata-containers
/SPECS-SIGNED/hvloader-signed/* @microsoft/cbl-mariner-kata-containers

/SPECS/cloud-init/* @microsoft/cbl-mariner-provisioning
/SPECS/walinuxagent/* @microsoft/cbl-mariner-provisioning

# Modifications to the toolkit requires reviews from the toolkit team
/toolkit/ @microsoft/cbl-mariner-tooling

# Docs to be reviewed by general CBL-Mariner devs
/toolkit/docs/ @microsoft/cbl-mariner-devs

# Default image configurations to be reviewed by general CBL-Mariner devs
/toolkit/imageconfigs/ @microsoft/cbl-mariner-devs

# Package and toolchain manifests to be reviewed by general CBL-Mariner devs
/toolkit/resources/manifests/package/pkggen_core_aarch64.txt @microsoft/cbl-mariner-devs
/toolkit/resources/manifests/package/pkggen_core_x86_64.txt @microsoft/cbl-mariner-devs
/toolkit/resources/manifests/package/toolchain_aarch64.txt @microsoft/cbl-mariner-devs
/toolkit/resources/manifests/package/toolchain_x86_64.txt @microsoft/cbl-mariner-devs

# Modifications to the raw toolchain require admin approval.
/toolkit/scripts/toolchain/container/* @microsoft/cbl-mariner-admins
/toolkit/scripts/toolchain/cgmanifest.json @microsoft/cbl-mariner-admins
/toolkit/scripts/toolchain/create_toolchain_in_container.sh @microsoft/cbl-mariner-admins

# Modifications to the trusted CA certificates require admin approval.
/SPECS/*ca-certificates*/* @microsoft/cbl-mariner-admins
# For stable release branches, ensure stable release maintainers are added as code reviewers
* @microsoft/cbl-mariner-stable-maintainers
5 changes: 4 additions & 1 deletion SPECS-SIGNED/hvloader-signed/hvloader-signed.spec
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
Summary: Signed HvLoader.efi for %{buildarch} systems
Name: hvloader-signed-%{buildarch}
Version: 1.0.1
Release: 2%{?dist}
Release: 3%{?dist}
License: MIT
Vendor: Microsoft Corporation
Distribution: Mariner
Expand Down Expand Up @@ -69,6 +69,9 @@ popd
/boot/efi/HvLoader.efi

%changelog
* Fri May 31 2024 Archana Choudhary <[email protected]> - 1.0.1-3.cm2
- Update version for consistency with hvloader spec

* Fri May 10 2024 Archana Choudhary <[email protected]> - 1.0.1-2
- Update version for consistency with hvloader spec

Expand Down
8 changes: 7 additions & 1 deletion SPECS-SIGNED/kernel-azure-signed/kernel-azure-signed.spec
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@
%define uname_r %{version}-%{release}
Summary: Signed Linux Kernel for Azure
Name: kernel-azure-signed-%{buildarch}
Version: 5.15.158.1
Version: 5.15.158.2
Release: 1%{?dist}
License: GPLv2
Vendor: Microsoft Corporation
Expand Down Expand Up @@ -153,6 +153,12 @@ ln -sf linux-%{uname_r}.cfg /boot/mariner.cfg
%exclude /module_info.ld

%changelog
* Fri Jun 07 2024 Rachel Menge <[email protected]> - 5.15.158.2-1
- Revert to 5.15.158.2

* Wed May 22 2024 CBL-Mariner Servicing Account <[email protected]> - 5.15.159.1-1
- Auto-upgrade to 5.15.159.1

* Fri May 10 2024 CBL-Mariner Servicing Account <[email protected]> - 5.15.158.1-1
- Auto-upgrade to 5.15.158.1

Expand Down
8 changes: 7 additions & 1 deletion SPECS-SIGNED/kernel-hci-signed/kernel-hci-signed.spec
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
%define uname_r %{version}-%{release}
Summary: Signed Linux Kernel for HCI
Name: kernel-hci-signed-%{buildarch}
Version: 5.15.158.1
Version: 5.15.158.2
Release: 1%{?dist}
License: GPLv2
Vendor: Microsoft Corporation
Expand Down Expand Up @@ -149,6 +149,12 @@ ln -sf linux-%{uname_r}.cfg /boot/mariner.cfg
%exclude /module_info.ld

%changelog
* Fri Jun 07 2024 Rachel Menge <[email protected]> - 5.15.158.2-1
- Revert to 5.15.158.2

* Wed May 22 2024 CBL-Mariner Servicing Account <[email protected]> - 5.15.159.1-1
- Auto-upgrade to 5.15.159.1

* Fri May 10 2024 CBL-Mariner Servicing Account <[email protected]> - 5.15.158.1-1
- Auto-upgrade to 5.15.158.1

Expand Down
5 changes: 4 additions & 1 deletion SPECS-SIGNED/kernel-mos-signed/kernel-mos-signed.spec
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
%define uname_r %{version}-%{release}
Summary: Signed Linux Kernel for MOS systems
Name: kernel-mos-signed-%{buildarch}
Version: 5.15.158.1
Version: 5.15.158.2
Release: 1%{?dist}
License: GPLv2
Vendor: Microsoft Corporation
Expand Down Expand Up @@ -150,6 +150,9 @@ ln -sf linux-%{uname_r}.cfg /boot/mariner.cfg
%exclude /module_info.ld

%changelog
* Fri Jun 07 2024 Gary Swalling <[email protected]> - 5.15.158.2-1
- Update to 5.15.158.2

* Wed May 08 2024 Gary Swalling <[email protected]> - 5.15.158.1-1
- Update to 5.15.158.1

Expand Down
7 changes: 5 additions & 2 deletions SPECS-SIGNED/kernel-mshv-signed/kernel-mshv-signed.spec
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,8 +6,8 @@
%define uname_r %{version}-%{release}
Summary: Signed MSHV-enabled Linux Kernel for %{buildarch} systems
Name: kernel-mshv-signed-%{buildarch}
Version: 5.15.126.mshv9
Release: 3%{?dist}
Version: 5.15.157.mshv1
Release: 1%{?dist}
License: GPLv2
Vendor: Microsoft Corporation
Distribution: Mariner
Expand Down Expand Up @@ -149,6 +149,9 @@ ln -sf linux-%{uname_r}.cfg /boot/mariner-mshv.cfg
%exclude /lib/modules/%{uname_r}/build

%changelog
* Tue May 14 2024 CBL-Mariner Servicing Account <[email protected]> - 5.15.157.mshv1-1
- Auto-upgrade to 5.15.157.mshv1

* Mon Apr 01 2024 Cameron Baird <[email protected]> - 5.15.126.mshv9-3
- BuildRequires: grub2-rpm-macros to expand mkconfig configuration requirement

Expand Down
8 changes: 7 additions & 1 deletion SPECS-SIGNED/kernel-signed/kernel-signed.spec
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@
%define uname_r %{version}-%{release}
Summary: Signed Linux Kernel for %{buildarch} systems
Name: kernel-signed-%{buildarch}
Version: 5.15.158.1
Version: 5.15.158.2
Release: 1%{?dist}
License: GPLv2
Vendor: Microsoft Corporation
Expand Down Expand Up @@ -153,6 +153,12 @@ ln -sf linux-%{uname_r}.cfg /boot/mariner.cfg
%exclude /module_info.ld

%changelog
* Fri Jun 07 2024 Rachel Menge <[email protected]> - 5.15.158.2-1
- Revert to 5.15.158.2

* Wed May 22 2024 CBL-Mariner Servicing Account <[email protected]> - 5.15.159.1-1
- Auto-upgrade to 5.15.159.1

* Fri May 10 2024 CBL-Mariner Servicing Account <[email protected]> - 5.15.158.1-1
- Auto-upgrade to 5.15.158.1

Expand Down
Loading
Loading